Comments (3)
Serving Mojang skin urls to get skins working in Vanilla is an excellent idea, I love this.
Having the user enter their own URL is one option, I am not totally against that. There is a slight security issue, imagine:
- Mallory wants to dox Alice. Mallory sets her skin url to a webpage she controls
- Alice logs on to the server with a modded client that accepts skins from any domain (there are probably skin mods that do this?)
- Alice loads Mallory's skin and Mallory learns her IP address
It's not a huge deal, but in online games there is a passive assumption that your IP address is private to the other players.
To mitigate that problem, you could validate the skin URL against the configured list of skin domains.
Or, here's what I prefer: since there is already skin forwarding to fallback API servers, what if the user could enter a "skin fallback username", and when Drasl looks for a fallback skin, it looks for that username's skin instead of the skin for the UUID of the Drasl account. So instead of the UX being "find the link to the texture on textures.minecraft.net", it becomes "type the name of the Mojang user's skin you want to use". I think the code would be simpler too.
from drasl.
Another issue with letting the user specify their own URL: before 1.20, the Notchian client hardcoded the Mojang public key used for verifying the signature of the textures property returned from https://sessionserver.mojang.com/session/minecraft/profile/<uuid>
and https://sessionserver.mojang.com/session/minecraft/hasJoined
. So we can't pass the game our own URL, it has to come signed from Mojang.
Drasl's "skin forwarding" works around this by forwarding the whole textures property, not just grabbing the skin URL and re-signing it. So skin forwarding should work in all versions, but setting a custom URL can only work in 1.20+, or with a modded client, which defeats the purpose of hosting skins on textures.minecraft.net.
from drasl.
I changed the name of the SkinForwarding
option to ForwardSkins
and added a "Fallback Player" setting to the web UI so you can set the name or UUID of the player whose skin you want to use.
from drasl.
Related Issues (20)
- Classic 0.0.17a up to 1.6.4 support HOT 12
- Cannot get new accessToken for same clientToken HOT 13
- Transcode Skins and Capes for Java 5 Support
- Add a config option for accessing API endpoints without a subdirectory HOT 2
- `connection refused` spit by caddy with the example configuration HOT 8
- Cannot whitelist players that never joined the server HOT 3
- user authentication ended with a network error HOT 1
- Document how to use with Minecraft Console Client HOT 2
- Chat signing does not work with Mineflayer
- Docker Images for ARM64
- Drasl doesn't check for special characters in username HOT 5
- Multiple Minecraft accounts in a single Drasl account
- Language selector
- MineSkin integration
- Default skins HOT 5
- Web page to change skin via URL
- Control of indexing DRASL pages by search engines
- Add troubleshooting documentation
- Can't lock multiple accounts at once
- Add postgresql support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from drasl.