Giter Club home page Giter Club logo

Comments (3)

evan-goode avatar evan-goode commented on July 29, 2024

Serving Mojang skin urls to get skins working in Vanilla is an excellent idea, I love this.

Having the user enter their own URL is one option, I am not totally against that. There is a slight security issue, imagine:

  1. Mallory wants to dox Alice. Mallory sets her skin url to a webpage she controls
  2. Alice logs on to the server with a modded client that accepts skins from any domain (there are probably skin mods that do this?)
  3. Alice loads Mallory's skin and Mallory learns her IP address

It's not a huge deal, but in online games there is a passive assumption that your IP address is private to the other players.

To mitigate that problem, you could validate the skin URL against the configured list of skin domains.

Or, here's what I prefer: since there is already skin forwarding to fallback API servers, what if the user could enter a "skin fallback username", and when Drasl looks for a fallback skin, it looks for that username's skin instead of the skin for the UUID of the Drasl account. So instead of the UX being "find the link to the texture on textures.minecraft.net", it becomes "type the name of the Mojang user's skin you want to use". I think the code would be simpler too.

from drasl.

evan-goode avatar evan-goode commented on July 29, 2024

Another issue with letting the user specify their own URL: before 1.20, the Notchian client hardcoded the Mojang public key used for verifying the signature of the textures property returned from https://sessionserver.mojang.com/session/minecraft/profile/<uuid> and https://sessionserver.mojang.com/session/minecraft/hasJoined. So we can't pass the game our own URL, it has to come signed from Mojang.

Drasl's "skin forwarding" works around this by forwarding the whole textures property, not just grabbing the skin URL and re-signing it. So skin forwarding should work in all versions, but setting a custom URL can only work in 1.20+, or with a modded client, which defeats the purpose of hosting skins on textures.minecraft.net.

from drasl.

evan-goode avatar evan-goode commented on July 29, 2024

I changed the name of the SkinForwarding option to ForwardSkins and added a "Fallback Player" setting to the web UI so you can set the name or UUID of the player whose skin you want to use.

from drasl.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.