unmojang / drasl Goto Github PK
View Code? Open in Web Editor NEWYggdrasil-compatible API server for Minecraft
License: GNU General Public License v3.0
Yggdrasil-compatible API server for Minecraft
License: GNU General Public License v3.0
Allow setting a default skin and/or cape for players who have not set one. If ForwardSkins
is enabled, forwarded skins should still override the default skin.
In addition to configuration.md, recipes.md should contain example configurations for common setups.
FallbackAPIServer
s and RegistrationExistingPlayer
configsDepends on #16
installation.md "Manual Installation" section has an error, the unit file in the repo will not work since the Makefile installs the drasl binary to /usr/local/bin, not /usr/bin. Probably the unit file should be changed.
Getting this when running the server:
drasl-drasl-1 | 2023/11/26 10:17:49 Get "https://sessionserver.mojang.com/session/minecraft/hasJoined?serverId=...": x509: certificate signed by unknown authority
Is this compatible with the Velocity proxy?
Mostly to avoid rate-limiting, we should cache responses from Mojang/Ely.by/whoever's API for a (configurable) short amount of time instead of hitting them over and over.
Use gocache with an in-memory cache? Would rather not bring in redis or memcached.
When adding "https://sessionserver.mojang.com" to FallbackSessionServers
, the Minecraft server can authenticate both custom Drasl users, and premium Microsoft accounts. The Minecraft server cannot, however, op premium accounts.
This is because when /op (player name)
executed, the Minecraft server uses the /profiles/minecraft
endpoint of the ServicesServer
to determine the UUID of who to make an operator. Adding an option for FallbackServiceServers
could enable this to work.
https://account.server.org/users/profiles/minecraft/name returns http code 500
For some reason, the game ignores my skin model setting and assumes every skin is classic.
According to this site, /session/minecraft/profile/<uuid>
should return something like this:
{
"id": "<profile identifier>",
"name": "<player name>",
"properties": [
{
"name": "textures",
"value": "<base64 string>",
"signature": "<base64 string; signed data using Yggdrasil's private key>" // Only provided if ?unsigned=false is appended to url
}
],
"profileActions": []
}
And value should decode to something like this:
{
"timestamp": <java time in ms>,
"profileId": "<profile uuid>",
"profileName": "<player name>",
"signatureRequired": true, // Only present if ?unsigned=false is appended to url
"textures": {
"SKIN": {
"url": "<player skin URL>",
"metadata": {
"model": "slim"
}
},
"CAPE": {
"url": "<player cape URL>"
}
}
}
However, my test account returns this:
{
"timestamp":1701318253009455404,
"profileId":"418bb580c44045a5bf3996f200b91c57",
"profileName":"tester",
"textures":
{
"SKIN":
{
"url":"https://drasl.localhost.lnet/drasl/texture/skin/676d6f7657076d3ee60f6e2b33e59cbbbb33dc6dbcf5242ccbceebf10773f71d.png",
"model":
{
"string":"slim"
}
}
}
}
There is no "metadata"
block.
Please note that I don't know what I'm doing and that this is just a guess.
OS: Artix Linux
Drasl: 1.0.0 (from the AUR)
Launcher: PollyMC
There should be an option to disable uploading skins and capes, for instance to force only using ForwardSkins
to support vanilla clients.
For example to use skins from textures.minecraft.net so you dont need mods
I have a version here that has this but i can't program so the code is probably bad
Server console throwing an error when trying to login:
[00:12:24 INFO]: UUID of player _daemon_process is 42385598-4714-42f0-bc3f-b8f7800fde10
[00:12:24 INFO]: _daemon_process joined the game
[00:12:24 INFO]: _daemon_process[/127.0.0.1:51636] logged in with entity id 380 at ([world]-1.5, 69.0, -7.5)
[00:12:24 ERROR]: Failed to verify Services signature
java.security.SignatureException: Signature length not correct: got 1 but was expecting 512
at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:213) ~[?:?]
at java.security.Signature$Delegate.engineVerify(Signature.java:1435) ~[?:?]
at java.security.Signature.verify(Signature.java:789) ~[?:?]
at net.minecraft.util.SignatureValidator.verifySignature(SignatureValidator.java:30) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.util.SignatureValidator.lambda$from$3(SignatureValidator.java:54) ~[paper-1.20.2.jar:git-Paper-318]
at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) ~[?:?]
at java.util.AbstractList$RandomAccessSpliterator.tryAdvance(AbstractList.java:706) ~[?:?]
at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) ~[?:?]
at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230) ~[?:?]
at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.anyMatch(ReferencePipeline.java:632) ~[?:?]
at net.minecraft.util.SignatureValidator.from(SignatureValidator.java:50) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.util.SignatureValidator.validate(SignatureValidator.java:23) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.world.entity.player.ProfilePublicKey$Data.validateSignature(ProfilePublicKey.java:54) ~[?:?]
at net.minecraft.world.entity.player.ProfilePublicKey.createValidated(ProfilePublicKey.java:26) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.network.chat.RemoteChatSession$Data.validate(RemoteChatSession.java:40) ~[?:?]
at net.minecraft.server.network.ServerGamePacketListenerImpl.handleChatSessionUpdate(ServerGamePacketListenerImpl.java:3458) ~[?:?]
at net.minecraft.network.protocol.game.ServerboundChatSessionUpdatePacket.handle(ServerboundChatSessionUpdatePacket.java:19) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.network.protocol.game.ServerboundChatSessionUpdatePacket.a(ServerboundChatSessionUpdatePacket.java:9) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.network.protocol.PacketUtils.lambda$ensureRunningOnSameThread$0(PacketUtils.java:53) ~[?:?]
at net.minecraft.server.TickTask.run(TickTask.java:18) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.util.thread.BlockableEventLoop.doRunTask(BlockableEventLoop.java:153) ~[?:?]
at net.minecraft.util.thread.ReentrantBlockableEventLoop.doRunTask(ReentrantBlockableEventLoop.java:24) ~[?:?]
at net.minecraft.server.MinecraftServer.doRunTask(MinecraftServer.java:1324) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:193) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.util.thread.BlockableEventLoop.pollTask(BlockableEventLoop.java:126) ~[?:?]
at net.minecraft.server.MinecraftServer.pollTaskInternal(MinecraftServer.java:1301) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.server.MinecraftServer.pollTask(MinecraftServer.java:1294) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.util.thread.BlockableEventLoop.managedBlock(BlockableEventLoop.java:136) ~[?:?]
at net.minecraft.server.MinecraftServer.waitUntilNextTick(MinecraftServer.java:1272) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.server.MinecraftServer.runServer(MinecraftServer.java:1160) ~[paper-1.20.2.jar:git-Paper-318]
at net.minecraft.server.MinecraftServer.lambda$spin$0(MinecraftServer.java:315) ~[paper-1.20.2.jar:git-Paper-318]
at java.lang.Thread.run(Thread.java:833) ~[?:?]
[00:12:24 INFO]: _daemon_process lost connection: Invalid signature for profile public key.
Try restarting your game.
[00:12:24 INFO]: _daemon_process left the game
For security purposes, there should be a default limit on the size of a request body. Especially for skin/cape upload.
Admin users should still be able to set capes/skins and change player names of other users and themselves regardless of the values of AllowChangingPlayerName
, AllowSkins
, and AllowCapes
.
What would it be on authlib injector
Player specific commands break if there is for example a "notch" and "Notch" player, aswell as possibly many plugins or mods. Name system should be altered to be case-insensitive (e.g. API query for player "notch" returns the user "Notch" and the name change API reports that "NOTCH" is taken)
authlib-injector has an API for skin/cape upload that's different from Mojang's.
Other options for databases other than sqlite
for perfomace reasons, such as postgres or mariadb/mysql,
gorm support that natively and would be easy to implement
Drasl should have an API other than the Web UI.
Hello! I have tried to set up Drasl on my server using Docker, but when I try to access the web UI or even ping the HTTP server it's running on the port is closed. And the thing is that I am not even connecting from the internet, but from my local network. I made sure that the port is accessible from the computer I'm trying to reach the HTTP server from, so I think that it must by an issue with Drasl. According to the logs which I have supplied below the webserver starts normally.
What I have tried to do (but it didn't help)
Here is my config file:
# Drasl default config file
# Example: drasl.example.com
Domain = "mcauth.frnsrv.ru"
# Example: My Drasl Instance
InstanceName = "REDACTED"
# Example: My Organization
ApplicationOwner = "REDACTED"
# Example: 127.0.0.1:25585
ListenAddress = "127.0.0.1:15585"
# Example: https://drasl.example.com
BaseURL = "https://mcauth.frnsrv.ru"
# List of usernames who automatically become admins of the Drasl instance
DefaultAdmins = ["GoodGameInfinity"]
# Amount of time until token expires in seconds, example: 604800 (1 week)
TokenExpireSec = 604800
[RegistrationNewPlayer]
Allow = true
AllowChoosingUUID = false
RequireInvite = true
Here are the logs copied from docker:
2023/12/23 20:24:42 Loading config from /etc/drasl/config.toml
2023/12/23 20:24:42 No users found! Here's an invite URL: https://mcauth.frnsrv.ru/drasl/registration?invite=REDACTED
⇨ http server started on 127.0.0.1:15585
Also some info:
I used Portainer to set up the docker container, it publishes the port 15585/TCP and mounts two binds. The Docker image I used is unmojang/drasl:latest from the Docker Hub.
Thank you!!!!!!!!!!
I want to say more but english is not my main lang,
i really appreciate your work!!!!!!!!!!
root@9box:/home/cat/drasl# go test
{"time":"2023-06-17T23:47:23.575917554-04:00","level":"ERROR","prefix":"echo","file":"main.go","line":"53","message":"code=429, message=Too many requests. Try again later."}
{"time":"2023-06-17T23:47:23.576138652-04:00","level":"ERROR","prefix":"echo","file":"main.go","line":"53","message":"code=429, message=Too many requests. Try again later."}
2023/06/17 23:47:30 Get "publickeys": unsupported protocol scheme ""
{"time":"2023-06-17T23:47:30.064322696-04:00","level":"ERROR","prefix":"echo","file":"main.go","line":"53","message":"code=429, message=Too many requests. Try again later."}
{"time":"2023-06-17T23:47:30.06450828-04:00","level":"ERROR","prefix":"echo","file":"main.go","line":"53","message":"code=429, message=Too many requests. Try again later."}
{"time":"2023-06-17T23:47:30.064564569-04:00","level":"ERROR","prefix":"echo","file":"main.go","line":"53","message":"code=429, message=Too many requests. Try again later."}
--- FAIL: TestAccount (6.99s)
--- FAIL: TestAccount/Test_/users/profiles/minecraft/:playerName (0.00s)
account_test.go:62:
Error Trace: /home/cat/drasl/account_test.go:62
Error: Not equal:
expected: 200
actual : 500
Test: TestAccount/Test_/users/profiles/minecraft/:playerName
account_test.go:64:
Error Trace: /home/cat/drasl/account_test.go:64
Error: Expected nil, but got: &json.SyntaxError{msg:"invalid character 'I' looking for beginning of value", Offset:1}
Test: TestAccount/Test_/users/profiles/minecraft/:playerName
account_test.go:67:
Error Trace: /home/cat/drasl/account_test.go:67
Error: Not equal:
expected: ""
actual : "username"
Diff:
--- Expected
+++ Actual
@@ -1 +1 @@
-
+username
Test: TestAccount/Test_/users/profiles/minecraft/:playerName
account_test.go:72:
Error Trace: /home/cat/drasl/account_test.go:72
Error: Expected nil, but got: &errors.errorString{s:"record not found"}
Test: TestAccount/Test_/users/profiles/minecraft/:playerName
account_test.go:76:
Error Trace: /home/cat/drasl/account_test.go:76
Error: Expected nil, but got: &errors.errorString{s:"Invalid ID"}
Test: TestAccount/Test_/users/profiles/minecraft/:playerName
--- FAIL: TestAccount/Test_/profiles/minecraft (0.00s)
account_test.go:89:
Error Trace: /home/cat/drasl/account_test.go:89
Error: Not equal:
expected: 200
actual : 500
Test: TestAccount/Test_/profiles/minecraft
account_test.go:91:
Error Trace: /home/cat/drasl/account_test.go:91
Error: Expected nil, but got: &json.SyntaxError{msg:"invalid character 'I' looking for beginning of value", Offset:1}
Test: TestAccount/Test_/profiles/minecraft
account_test.go:96:
Error Trace: /home/cat/drasl/account_test.go:96
Error: Expected nil, but got: &errors.errorString{s:"record not found"}
Something like:
What is 6 × 5?
I'm not interested in implementing any kind of complex, inaccessible captcha like reCaptcha or HCaptcha. If you want to lock down your instance, use invites or RegistrationExistingPlayer
with RequireSkinVerification
.
For now, just document setup using docker-compose and Caddy.
Inspo: https://plausible.io/docs/self-hosting. This guide was pretty easy to follow.
Later, package for AUR, nixpkgs, and have an setup guide with details for a more typical install.
Continued from #4
See this comment from the authlib-injector author: elyby/accounts#2 (comment)
unsigned
query param?)X-Authlib-Injector-API-Location
for these routesHere is the commit where ely.by added support for authlib-injector: elyby/accounts@4856695
Hi! I am currently using this behind oauth2-proxy with Keycloak, but would love the ability to integrate directly with OpenID Connect, SAML, or plain old LDAP.
Title
Title
Front end
authlib-injector
Authenticate
Account
Session
Services
On the profile page, fall back to displaying a CSS-only skin view when JS is unavailable.
Could do the render serverside, which has the advantage of the skin preview being a proper image instead of a hacked-together mess of CSS. But it is more fun and cheaper on the server to use a big ball of CSS.
Could use https://github.com/rkkoszewski/minecraft-css-3d-skin-viewer/tree/master.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.