ViaVersion as a Service - standalone ViaVersion proxy
Go to file
2021-02-21 10:09:37 -03:00
.github/workflows Update gradle.yml 2020-10-31 07:35:45 -03:00
.well-known Create microsoft-identity-association.json 2021-01-31 13:19:47 -03:00
gradle/wrapper use Aspirin prefix instead of Cloud, use subcommand, add force online mode 2021-02-12 17:47:15 -03:00
src/main change css head size 2021-02-21 10:09:37 -03:00
.gitignore fix gitignore 2021-02-10 10:43:41 -03:00
build.gradle.kts maven publish 2021-02-19 08:34:18 -03:00
gradlew update gradle, use fetch 2021-01-19 14:36:45 -03:00
gradlew.bat update gradle, use fetch 2021-01-19 14:36:45 -03:00
index.html redirect page 2020-11-15 11:48:09 -03:00
jitpack.yml jitpack openjdk 11 2021-02-19 08:40:30 -03:00
LICENSE.md draft 2020-08-15 18:02:35 -03:00
README.md README x Geyser (#74) 2021-02-21 05:03:12 -03:00

VIAaaS

VIAaaS - ViaVersion acetylsalicylic acid as a Service - Standalone ViaVersion proxy

How does it work?

  • VIAaaS auth page stores account credentials in the player's browser local storage.
  • Due to technical/security reasons, it requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as suspicious and reset/block your account password if the IP address seems suspect.
  • Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy.
  • VIAaaS receives a session hash from instance and then authenticates the session hash with Mojang.

Setting up server instance

Download: GitHub Actions (needs to be logged into GitHub) or JitPack

How to start VIAaaS server:

  • Requires Java 11
  • java -jar VIAaaS-all.jar
  • Default Minecraft: viaaas.localhost with port 25565
  • Default WS URL: wss://localhost:25543/ws

CORS Proxy

  • For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine.
  • Note the ending slash in cors-anywhere address

Setting up cors-anywhere on local machine:

  • git clone https://github.com/Rob--W/cors-anywhere && cd cors-anywhere && npm install && node server.js
  • It will be available at http://localhost:8080/

My cors-anywhere instance:

Usage for players

Usage for offline mode:

  • Connect to mc.example.com.viaaas.localhost

Usage for online mode:

  • You can use two accounts (avoids Bad Login error), the same account for front-end and back-end connections, or use _of (offline mode in frontend, unencrypted and no username verification).
  • Go to VIAaaS auth webpage (https://localhost:25543/)
  • Configure CORS proxy, see above in "CORS Proxy" section
  • Listen to the username A you'll use to connect to the proxy.
  • Add the account B to VIAaaS page which you'll use in _u(account B) parameter below.
  • Connect to mc.example.com._u(account B).viaaas.localhost (_u parameter can be removed if you are using the same username)
  • Approve the login in auth webpage
  • If you use the same online mode account, your client will show Bad Login. You can use a mod like Auth Me or ReAuth for reauthenticating the client.

Example address: server.example.com._p25565._v1_12_2._ofalse._uBACKUSERNAME.viaaas.example.com (similar to Tor2web proxies)

Address parts:

  • server.example.com: backend server address
  • _p: backend port
  • _v: backend version (protocol id or name with underline instead of dots). AUTO is default and 1.8 is fallback if it fails.
  • _o: t to force online mode in frontend, f to disable online mode in frontend. If not set, it will be based on backend online mode.
  • _u: username to use in backend connection
  • viaaas.example.com: hostname suffix (defined in config)

WARNING

  • VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK
  • VIAaaS server instance may have security vulnerabilities, make sure to block the ports in firewall
  • Take care of browser local storage.
  • Check the security of CORS proxy, it will intermediate Mojang API calls.
  • Mojang may lock your account when API is called from a suspect IP address

FAQ

VIAaaS is stuck when connecting with online mode:

My Microsoft account <18 years old is not able to log in, it's giving XSTS error:

Why a online webpage for online mode?:

  • It's easier to maintain in that way, because providing a chat with login requires encoding and decoding more packets which change through versions.
  • It allows your account password and token to be kept with you

How to use IPv6?:

  • When listening to 0.0.0.0, it should listen on IPv6 too.
  • To use IPv6 in backend address, you need to use a instance with IPv6 connectivity. The hostname parser currently doesn't support direct IPv6, but you can use a DNS name.

How to use with Geyser?

  • Currently you need to set the parameters (at least the hostname) in Geyser's address field:
    remote:
      # The IP address of the remote (Java Edition) server
      address: 2b2t.org._v1_12_2.viaaas.localhost
    
  • If you are using a public GeyserConnect instance: connect to a publicly available VIAaaS instance mc.example.com.viaaas.example.net, replace viaaas.example.net with the VIAaaS address. Set as a Java Edition server.