commit 05a1ea81b426503f4e6d0fa34ad053ff183be4d8 Author: Lixfel Date: Thu Sep 22 18:09:24 2022 +0200 Initial commit - untested diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9fe76e5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +# Package Files +*.jar + +# Gradle +.gradle +**/build/ +!gradle/wrapper/gradle-wrapper.jar + +# IntelliJ IDEA +.idea +*.iml diff --git a/LICENCE.txt b/LICENCE.txt new file mode 100644 index 0000000..ca9b055 --- /dev/null +++ b/LICENCE.txt @@ -0,0 +1,619 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS diff --git a/README.md b/README.md new file mode 100644 index 0000000..7dba0a6 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# AltAuth + diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..43f7aa1 --- /dev/null +++ b/build.gradle @@ -0,0 +1,65 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +plugins { + // Adding the base plugin fixes the following gradle warnings in IntelliJ: + // + // Warning: root project 'module-work-multi': Unable to resolve all content root directories + // Details: java.lang.IllegalStateException: No value has been specified for this provider. + // + // Warning: root project 'module-work-multi': Unable to resolve additional project configuration. + // Details: java.lang.IllegalStateException: No value has been specified for this provider. + id 'base' + id 'application' + + id 'com.github.johnrengelman.shadow' version '5.0.0' +} + +group 'de.lixfel' +version '' + +ext { + buildName = 'AltAuth' + + uberJarName = "${buildName}.jar" + jarName = "${buildName}-pseudo.jar" +} + +compileJava.options.encoding = 'UTF-8' + +sourceCompatibility = 1.8 +targetCompatibility = 1.8 + +mainClassName = '' + +allprojects { + repositories { + mavenCentral() + + maven { url = uri('https://hub.spigotmc.org/nexus/content/repositories/snapshots/') } + maven { url 'https://oss.sonatype.org/content/repositories/snapshots' } + + maven { url = uri('https://steamwar.de/maven') } + } +} + +dependencies { + implementation project(":bukkit") + implementation project(":bungee") + implementation project(":common") +} diff --git a/bukkit/build.gradle b/bukkit/build.gradle new file mode 100644 index 0000000..abce461 --- /dev/null +++ b/bukkit/build.gradle @@ -0,0 +1,57 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +plugins { + id 'base' + id 'java' +} + +group 'de.lixfel' +version '' + +compileJava.options.encoding = 'UTF-8' + +sourceCompatibility = 1.8 +targetCompatibility = 1.8 + +sourceSets { + main { + java { + srcDirs = ['src/'] + } + resources { + srcDirs = ['src/'] + exclude '**/*.java' + } + } +} + +dependencies { + compileOnly project(":common") + compileOnly 'org.spigotmc:spigot-api:1.19-R0.1-SNAPSHOT' + compileOnly 'io.netty:netty-all:4.1.68.Final' + + //compileOnly swdep("Spigot-1.8") files("${rootDir}/lib/${s}.jar") + //compileOnly swdep("Spigot-1.19") files("${rootDir}/lib/${s}.jar") + + compileOnly 'org.projectlombok:lombok:1.18.22' + testCompileOnly 'org.projectlombok:lombok:1.18.22' + annotationProcessor 'org.projectlombok:lombok:1.18.22' + testAnnotationProcessor 'org.projectlombok:lombok:1.18.22' +} diff --git a/bukkit/src/de/lixfel/altauth/bukkit/AltAuthBukkit.java b/bukkit/src/de/lixfel/altauth/bukkit/AltAuthBukkit.java new file mode 100644 index 0000000..117d1b4 --- /dev/null +++ b/bukkit/src/de/lixfel/altauth/bukkit/AltAuthBukkit.java @@ -0,0 +1,58 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.lixfel.altauth.bukkit; + +import de.lixfel.tinyprotocol.TinyProtocol; +import lombok.Getter; +import lombok.Setter; +import org.bukkit.plugin.java.JavaPlugin; + + +public class AltAuthBukkit extends JavaPlugin { + + @Getter + @Setter + private static JavaPlugin instance; + + private SessionServiceInjector serviceInjector; + private EncryptionRequestInjector requestInjector; + + @Override + public void onLoad() { + setInstance(this); + } + + @Override + public void onEnable() { + saveDefaultConfig(); + String altAuthServer = getConfig().getString("altauth-proxy"); + + TinyProtocol.init(); + serviceInjector = new SessionServiceInjector(altAuthServer); + requestInjector = new EncryptionRequestInjector(altAuthServer); + } + + @Override + public void onDisable() { + requestInjector.remove(); + serviceInjector.revert(); + TinyProtocol.instance.close(); + } +} diff --git a/bukkit/src/de/lixfel/altauth/bukkit/EncryptionRequestInjector.java b/bukkit/src/de/lixfel/altauth/bukkit/EncryptionRequestInjector.java new file mode 100644 index 0000000..8d7a8f0 --- /dev/null +++ b/bukkit/src/de/lixfel/altauth/bukkit/EncryptionRequestInjector.java @@ -0,0 +1,48 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.lixfel.altauth.bukkit; + +import de.lixfel.tinyprotocol.Reflection; +import de.lixfel.tinyprotocol.TinyProtocol; +import org.bukkit.entity.Player; + +public class EncryptionRequestInjector { + + private static final Class EncryptionRequest = Reflection.getClass("{nms.network.protocol.login}.PacketLoginOutEncryptionBegin"); + private static final Reflection.FieldAccessor ServerID = Reflection.getField(EncryptionRequest, String.class, 0); + + private final String altAuthServer; + + public EncryptionRequestInjector(String altAuthServer) { + this.altAuthServer = altAuthServer; + + TinyProtocol.instance.addFilter(EncryptionRequest, this::handleEncryptionRequest); + } + + public Object handleEncryptionRequest(Player player, Object packet) { + ServerID.set(packet, altAuthServer); + TinyProtocol.instance.getInterceptor(player).ifPresent(TinyProtocol.PacketInterceptor::close); + return packet; + } + + public void remove() { + TinyProtocol.instance.removeFilter(EncryptionRequest, this::handleEncryptionRequest); + } +} diff --git a/bukkit/src/de/lixfel/altauth/bukkit/SessionServiceInjector.java b/bukkit/src/de/lixfel/altauth/bukkit/SessionServiceInjector.java new file mode 100644 index 0000000..2c182a1 --- /dev/null +++ b/bukkit/src/de/lixfel/altauth/bukkit/SessionServiceInjector.java @@ -0,0 +1,55 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.lixfel.altauth.bukkit; + +import de.lixfel.tinyprotocol.Reflection; + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.logging.Level; + +public class SessionServiceInjector { + + private static final Class SESSION_SERVICE = Reflection.getClass("com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService"); + + private static final Reflection.FieldAccessor JOIN_URL = Reflection.getField(SESSION_SERVICE, "JOIN_URL", URL.class); + private static final Reflection.FieldAccessor CHECK_URL = Reflection.getField(SESSION_SERVICE, "CHECK_URL", URL.class); + + private final URL joinUrlBackup; + private final URL checkUrlBackup; + + public SessionServiceInjector(String altAuthServer) { + joinUrlBackup = JOIN_URL.get(null); + checkUrlBackup = CHECK_URL.get(null); + + altAuthServer = "https://" + altAuthServer + "/session/minecraft/"; + try { + JOIN_URL.set(null, new URL(altAuthServer + "join")); + CHECK_URL.set(null, new URL(altAuthServer + "hasJoined")); + } catch (MalformedURLException e) { + AltAuthBukkit.getInstance().getLogger().log(Level.SEVERE, "Could not create AltAuth URLs", e); + } + } + + public void revert() { + JOIN_URL.set(null, joinUrlBackup); + CHECK_URL.set(null, checkUrlBackup); + } +} diff --git a/bukkit/src/de/lixfel/tinyprotocol/TinyProtocol.java b/bukkit/src/de/lixfel/tinyprotocol/TinyProtocol.java new file mode 100644 index 0000000..8fc6789 --- /dev/null +++ b/bukkit/src/de/lixfel/tinyprotocol/TinyProtocol.java @@ -0,0 +1,217 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.lixfel.tinyprotocol; + +import de.lixfel.tinyprotocol.Reflection.FieldAccessor; +import de.lixfel.altauth.bukkit.AltAuthBukkit; +import io.netty.channel.Channel; +import io.netty.channel.ChannelDuplexHandler; +import io.netty.channel.ChannelHandlerContext; +import io.netty.channel.ChannelPromise; +import org.bukkit.entity.Player; +import org.bukkit.event.EventHandler; +import org.bukkit.event.EventPriority; +import org.bukkit.event.HandlerList; +import org.bukkit.event.Listener; +import org.bukkit.event.player.PlayerLoginEvent; +import org.bukkit.event.player.PlayerQuitEvent; +import org.bukkit.event.server.PluginDisableEvent; +import org.bukkit.plugin.Plugin; + +import java.util.*; +import java.util.function.BiFunction; +import java.util.logging.Level; + +public class TinyProtocol implements Listener { + + private static final Class craftServer = Reflection.getClass("{obc}.CraftServer"); + private static final Class dedicatedPlayerList = Reflection.getClass("{nms.server.dedicated}.DedicatedPlayerList"); + private static final FieldAccessor getPlayerList = Reflection.getField(craftServer, dedicatedPlayerList, 0); + private static final Class playerList = Reflection.getClass("{nms.server.players}.PlayerList"); + private static final Class minecraftServer = Reflection.getClass("{nms.server}.MinecraftServer"); + private static final FieldAccessor getMinecraftServer = Reflection.getField(playerList, minecraftServer, 0); + private static final Class serverConnection = Reflection.getClass("{nms.server.network}.ServerConnection"); + private static final FieldAccessor getServerConnection = Reflection.getField(minecraftServer, serverConnection, 0); + private static final Class networkManager = Reflection.getClass("{nms.network}.NetworkManager"); + private static final FieldAccessor getConnections = Reflection.getField(serverConnection, List.class, 0, networkManager); + + public static final TinyProtocol instance = new TinyProtocol(AltAuthBukkit.getInstance()); + private static int id = 0; + + public static void init() { + //enforce init + } + + private final Plugin plugin; + private final String handlerName; + private final List connections; + private boolean closed; + + private final Map, List>> packetFilters = new HashMap<>(); + private final Map playerInterceptors = new HashMap<>(); + + private TinyProtocol(final Plugin plugin) { + this.plugin = plugin; + this.handlerName = "tiny-" + plugin.getName() + "-" + ++id; + this.connections = getConnections.get(getServerConnection.get(getMinecraftServer.get(getPlayerList.get(plugin.getServer())))); + + plugin.getServer().getPluginManager().registerEvents(this, plugin); + + for (Player player : plugin.getServer().getOnlinePlayers()) { + new PacketInterceptor(player); + } + } + + @EventHandler(priority = EventPriority.LOWEST) + public void onPlayerLogin(PlayerLoginEvent e) { + if(closed) + return; + new PacketInterceptor(e.getPlayer()); + } + + @EventHandler(priority = EventPriority.MONITOR) + public void onPlayerDisconnect(PlayerQuitEvent e) { + getInterceptor(e.getPlayer()).ifPresent(PacketInterceptor::close); + } + + @EventHandler + public void onPluginDisable(PluginDisableEvent e) { + if (e.getPlugin().equals(plugin)) { + close(); + } + } + + public void addFilter(Class packetType, BiFunction filter) { + packetFilters.computeIfAbsent(packetType, c -> new ArrayList<>(1)).add(filter); + } + + public void removeFilter(Class packetType, BiFunction filter) { + packetFilters.getOrDefault(packetType, Collections.emptyList()).remove(filter); + } + + public void sendPacket(Player player, Object packet) { + getInterceptor(player).ifPresent(i -> i.sendPacket(packet)); + } + + public void receivePacket(Player player, Object packet) { + getInterceptor(player).ifPresent(i -> i.receivePacket(packet)); + } + + public final void close() { + if(closed) + return; + closed = true; + + HandlerList.unregisterAll(this); + + for (Player player : plugin.getServer().getOnlinePlayers()) { + getInterceptor(player).ifPresent(PacketInterceptor::close); + } + } + + public Optional getInterceptor(Player player) { + synchronized (playerInterceptors) { + return Optional.ofNullable(playerInterceptors.get(player)); + } + } + + private static final FieldAccessor getChannel = Reflection.getField(networkManager, Channel.class, 0); + private static final FieldAccessor getUUID = Reflection.getField(networkManager, UUID.class, 0); + + public final class PacketInterceptor extends ChannelDuplexHandler { + private final Player player; + private final Channel channel; + + private PacketInterceptor(Player player) { + this.player = player; + + channel = getChannel.get(connections.stream().filter(connection -> player.getUniqueId().equals(getUUID.get(connection))).findAny().orElseThrow(() -> new SecurityException("Could not find channel for player " + player.getName()))); + + synchronized (playerInterceptors) { + playerInterceptors.put(player, this); + } + + channel.pipeline().addBefore("packet_handler", handlerName, this); + } + + private void sendPacket(Object packet) { + channel.pipeline().writeAndFlush(packet); + } + + private void receivePacket(Object packet) { + channel.pipeline().context("encoder").fireChannelRead(packet); + } + + public void close() { + if(channel.isActive()) { + channel.eventLoop().execute(() -> { + try { + channel.pipeline().remove(handlerName); + } catch (NoSuchElementException e) { + // ignore + } + }); + } + + synchronized (playerInterceptors) { + playerInterceptors.remove(player, this); + } + } + + @Override + public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception { + try { + msg = filterPacket(player, msg); + } catch (Exception e) { + plugin.getLogger().log(Level.SEVERE, "Error during incoming packet processing", e); + } + + if (msg != null) { + super.channelRead(ctx, msg); + } + } + + @Override + public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception { + try { + msg = filterPacket(player, msg); + } catch (Exception e) { + plugin.getLogger().log(Level.SEVERE, "Error during outgoing packet processing", e); + } + + if (msg != null) { + super.write(ctx, msg, promise); + } + } + + private Object filterPacket(Player player, Object packet) { + List> filters = packetFilters.getOrDefault(packet.getClass(), Collections.emptyList()); + + for(BiFunction filter : filters) { + packet = filter.apply(player, packet); + + if(packet == null) + break; + } + + return packet; + } + } +} diff --git a/bukkit/src/plugin.yml b/bukkit/src/plugin.yml new file mode 100644 index 0000000..28205ee --- /dev/null +++ b/bukkit/src/plugin.yml @@ -0,0 +1,9 @@ +name: AltAuth +version: "1.0" +author: Lixfel +api-version: "1.13" +load: STARTUP +softdepend: + - ViaVersion + +main: de.lixfel.altauth.bukkit.AltAuthBukkit diff --git a/bungee/build.gradle b/bungee/build.gradle new file mode 100644 index 0000000..10ea162 --- /dev/null +++ b/bungee/build.gradle @@ -0,0 +1,65 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +plugins { + id 'base' + id 'java' +} + +group 'de.lixfel' +version '' + +compileJava.options.encoding = 'UTF-8' + +sourceCompatibility = 1.8 +targetCompatibility = 1.8 + +sourceSets { + main { + java { + srcDirs = ['src/'] + } + resources { + srcDirs = ['src/'] + exclude '**/*.java' + } + } +} + +repositories { + ivy { + url 'https://ci.md-5.net/' + + patternLayout { + artifact '/job/BungeeCord/[revision]/artifact/bootstrap/target/[module].jar' + } + + metadataSources { artifact() } + } +} + +dependencies { + compileOnly project(":common") + compileOnly 'net.md-5:BungeeCord:lastSuccessfulBuild' + + compileOnly 'org.projectlombok:lombok:1.18.22' + testCompileOnly 'org.projectlombok:lombok:1.18.22' + annotationProcessor 'org.projectlombok:lombok:1.18.22' + testAnnotationProcessor 'org.projectlombok:lombok:1.18.22' +} \ No newline at end of file diff --git a/bungee/src/bungee.yml b/bungee/src/bungee.yml new file mode 100644 index 0000000..e3973fc --- /dev/null +++ b/bungee/src/bungee.yml @@ -0,0 +1,4 @@ +name: AltAuth +main: de.lixfel.altauth.bungee.AltAuthBungee +version: "1.0" +author: Lixfel \ No newline at end of file diff --git a/bungee/src/de/lixfel/altauth/bungee/AltAuthBungee.java b/bungee/src/de/lixfel/altauth/bungee/AltAuthBungee.java new file mode 100644 index 0000000..7bdce98 --- /dev/null +++ b/bungee/src/de/lixfel/altauth/bungee/AltAuthBungee.java @@ -0,0 +1,71 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.lixfel.altauth.bungee; + +import net.md_5.bungee.api.event.PreLoginEvent; +import net.md_5.bungee.api.plugin.Listener; +import net.md_5.bungee.api.plugin.Plugin; +import net.md_5.bungee.config.Configuration; +import net.md_5.bungee.config.ConfigurationProvider; +import net.md_5.bungee.config.YamlConfiguration; +import net.md_5.bungee.event.EventHandler; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; + +public class AltAuthBungee extends Plugin implements Listener { + + private String altAuthUrl; + + @Override + public void onEnable() { + File config = new File(getDataFolder(), "config.yml"); + ConfigurationProvider provider = ConfigurationProvider.getProvider(YamlConfiguration.class); + + if(!config.exists()) { + try (InputStream in = getResourceAsStream("config.yml")) { + try (FileOutputStream out = new FileOutputStream(config)) { + int read; + byte[] buffer = new byte[4096]; + while ((read = in.read(buffer)) >= 0) + out.write(buffer, 0, read); + } + } catch (IOException e) { + throw new IllegalStateException("Could not create config"); + } + } + + try { + Configuration configuration = provider.load(config); + altAuthUrl = configuration.getString("altauth-proxy"); + } catch (IOException e) { + throw new IllegalStateException("Could not load config", e); + } + + getProxy().getPluginManager().registerListener(this, this); + } + + @EventHandler + public void onPreLogin(PreLoginEvent e) { + new AltAuthHandler(getProxy(), e.getConnection(), altAuthUrl); + } +} diff --git a/bungee/src/de/lixfel/altauth/bungee/AltAuthHandler.java b/bungee/src/de/lixfel/altauth/bungee/AltAuthHandler.java new file mode 100644 index 0000000..1ce2470 --- /dev/null +++ b/bungee/src/de/lixfel/altauth/bungee/AltAuthHandler.java @@ -0,0 +1,139 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.lixfel.altauth.bungee; + +import de.lixfel.tinyprotocol.Reflection; +import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.MessageToMessageCodec; +import net.md_5.bungee.BungeeCord; +import net.md_5.bungee.EncryptionUtil; +import net.md_5.bungee.Util; +import net.md_5.bungee.api.Callback; +import net.md_5.bungee.api.ProxyServer; +import net.md_5.bungee.api.connection.PendingConnection; +import net.md_5.bungee.connection.LoginResult; +import net.md_5.bungee.http.HttpClient; +import net.md_5.bungee.jni.cipher.BungeeCipher; +import net.md_5.bungee.netty.ChannelWrapper; +import net.md_5.bungee.netty.PipelineUtils; +import net.md_5.bungee.netty.cipher.CipherDecoder; +import net.md_5.bungee.netty.cipher.CipherEncoder; +import net.md_5.bungee.protocol.DefinedPacket; +import net.md_5.bungee.protocol.PacketWrapper; +import net.md_5.bungee.protocol.packet.EncryptionRequest; +import net.md_5.bungee.protocol.packet.EncryptionResponse; + +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; +import java.math.BigInteger; +import java.net.InetSocketAddress; +import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.util.List; +import java.util.UUID; +import java.util.logging.Level; + +public class AltAuthHandler extends MessageToMessageCodec { + + private static final Class InitialHandler = Reflection.getClass("net.md_5.bungee.connection.InitialHandler"); + private static final Reflection.FieldAccessor CH = Reflection.getField(InitialHandler, ChannelWrapper.class, 0); + private static final Reflection.FieldAccessor LoginProfile = Reflection.getField(InitialHandler, "loginProfile", LoginResult.class); + private static final Reflection.FieldAccessor Name = Reflection.getField(InitialHandler, "name", String.class); + private static final Reflection.FieldAccessor UniqueId = Reflection.getField(InitialHandler, "uniqueId", UUID.class); + private static final Reflection.MethodInvoker Finish = Reflection.getMethod(InitialHandler, "finish"); + + private final ProxyServer bungee; + private final String altAuthUrl; + private final PendingConnection connection; + + public AltAuthHandler(ProxyServer bungee, PendingConnection connection, String altAuthUrl) { + this.bungee = bungee; + this.connection = connection; + this.altAuthUrl = altAuthUrl; + + ChannelWrapper ch = CH.get(connection); + ch.addBefore(PipelineUtils.BOSS_HANDLER, "altauth", this); + //ch.addBefore(PipelineUtils.PACKET_ENCODER, "altauth", this); + } + + @Override + protected void encode(ChannelHandlerContext ctx, PacketWrapper packetWrapper, List out) { + DefinedPacket packet = packetWrapper.packet; + + if(packet instanceof EncryptionRequest) + ((EncryptionRequest)packet).setServerId(altAuthUrl); + + out.add(packetWrapper); + } + + @SuppressWarnings("deprecation") + @Override + protected void decode(ChannelHandlerContext ctx, PacketWrapper packetWrapper, List out) throws Exception { + DefinedPacket packet = packetWrapper.packet; + if(!(packet instanceof EncryptionResponse)) { + out.add(packetWrapper); + return; + } + + ChannelWrapper ch = CH.get(connection); + ch.getHandle().pipeline().remove(this); + + SecretKey sharedKey = EncryptionUtil.getSecret((EncryptionResponse) packet, null); + if (sharedKey instanceof SecretKeySpec && sharedKey.getEncoded().length != 16) { + ch.close(); + return; + } + + BungeeCipher decrypt = EncryptionUtil.getCipher(false, sharedKey); + ch.addBefore("frame-decoder", "decrypt", new CipherDecoder(decrypt)); + BungeeCipher encrypt = EncryptionUtil.getCipher(true, sharedKey); + ch.addBefore("frame-prepender", "encrypt", new CipherEncoder(encrypt)); + String encName = URLEncoder.encode(connection.getName(), "UTF-8"); + MessageDigest sha = MessageDigest.getInstance("SHA-1"); + + sha.update(altAuthUrl.getBytes(StandardCharsets.ISO_8859_1)); + sha.update(sharedKey.getEncoded()); + sha.update(EncryptionUtil.keys.getPublic().getEncoded()); + + String encodedHash = URLEncoder.encode(new BigInteger(sha.digest()).toString(16), "UTF-8"); + String preventProxy = BungeeCord.getInstance().config.isPreventProxyConnections() && connection.getSocketAddress() instanceof InetSocketAddress ? "&ip=" + URLEncoder.encode(connection.getAddress().getAddress().getHostAddress(), "UTF-8") : ""; + String authURL = String.format("https://%s/session/minecraft/hasJoined?username=%s&serverId=%s%s", altAuthUrl, encName, encodedHash, preventProxy); + Callback handler = (result, error) -> { + if (error != null) { + connection.disconnect(bungee.getTranslation("mojang_fail")); + bungee.getLogger().log(Level.SEVERE, error, () -> "Error authenticating " + connection.getName() + " with minecraft.net"); + return; + } + + LoginResult loginResult = BungeeCord.getInstance().gson.fromJson(result, LoginResult.class); + if (loginResult == null || loginResult.getId() == null) { + connection.disconnect(bungee.getTranslation("offline_mode_player")); + return; + } + + LoginProfile.set(connection, loginResult); + Name.set(connection, loginResult.getName()); + UniqueId.set(connection, Util.getUUID(loginResult.getId())); + Finish.invoke(connection); + }; + HttpClient.get(authURL, ch.getHandle().eventLoop(), handler); + } +} diff --git a/common/build.gradle b/common/build.gradle new file mode 100644 index 0000000..5ea4b06 --- /dev/null +++ b/common/build.gradle @@ -0,0 +1,52 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +plugins { + id 'base' + id 'java' +} + +group 'de.lixfel' +version '' + +compileJava.options.encoding = 'UTF-8' + +sourceCompatibility = 1.8 +targetCompatibility = 1.8 + +sourceSets { + main { + java { + srcDirs = ['src/'] + } + resources { + srcDirs = ['src/'] + exclude '**/*.java' + } + } +} + +dependencies { + compileOnly 'org.spigotmc:spigot-api:1.19-R0.1-SNAPSHOT' + + compileOnly 'org.projectlombok:lombok:1.18.22' + testCompileOnly 'org.projectlombok:lombok:1.18.22' + annotationProcessor 'org.projectlombok:lombok:1.18.22' + testAnnotationProcessor 'org.projectlombok:lombok:1.18.22' +} diff --git a/common/src/config.yml b/common/src/config.yml new file mode 100644 index 0000000..6402717 --- /dev/null +++ b/common/src/config.yml @@ -0,0 +1,4 @@ +# This is the domain/ip (+ port if necessary) of the AltAuth-Proxy providing the +# https://{altauth-proxy}/session/minecraft/join and +# https://{altauth-proxy}/session/minecraft/hasJoined endpoints. +altauth-proxy: "127.0.0.1:8080" diff --git a/common/src/de/lixfel/tinyprotocol/Reflection.java b/common/src/de/lixfel/tinyprotocol/Reflection.java new file mode 100644 index 0000000..b7b5815 --- /dev/null +++ b/common/src/de/lixfel/tinyprotocol/Reflection.java @@ -0,0 +1,429 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.lixfel.tinyprotocol; + +import jdk.internal.misc.Unsafe; +import org.bukkit.Bukkit; + +import java.lang.reflect.*; +import java.util.Arrays; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** + * An utility class that simplifies reflection in Bukkit plugins. + * + * @author Kristian + */ +public final class Reflection { + + private static final int MINECRAFT_VERSION; + + static { + int mcVersion; + try { + mcVersion = Integer.parseInt(Bukkit.getServer().getClass().getPackage().getName().split("[.](?=[^.]*$)")[1].split("_")[1]); + } catch (NoClassDefFoundError e) { + mcVersion = 0; + } + MINECRAFT_VERSION = mcVersion; + } + + + /** + * An interface for invoking a specific constructor. + */ + public interface ConstructorInvoker { + /** + * Invoke a constructor for a specific class. + * + * @param arguments - the arguments to pass to the constructor. + * @return The constructed object. + */ + Object invoke(Object... arguments); + } + + /** + * An interface for invoking a specific method. + */ + public interface MethodInvoker { + /** + * Invoke a method on a specific target object. + * + * @param target - the target object, or NULL for a static method. + * @param arguments - the arguments to pass to the method. + * @return The return value, or NULL if is void. + */ + Object invoke(Object target, Object... arguments); + } + + /** + * An interface for retrieving the field content. + * + * @param - field type. + */ + public interface FieldAccessor { + /** + * Retrieve the content of a field. + * + * @param target - the target object, or NULL for a static field. + * @return The value of the field. + */ + T get(Object target); + + /** + * Set the content of a field. + * + * @param target - the target object, or NULL for a static field. + * @param value - the new value of the field. + */ + void set(Object target, Object value); + + /** + * Determine if the given object has this field. + * + * @param target - the object to test. + * @return TRUE if it does, FALSE otherwise. + */ + boolean hasField(Object target); + } + + // Deduce the net.minecraft.server.v* package + private static final String OBC_PREFIX = Bukkit.getServer().getClass().getPackage().getName(); + private static final String NMS_PREFIX = OBC_PREFIX.replace("org.bukkit.craftbukkit", "net.minecraft.server"); + private static final String VERSION = OBC_PREFIX.replace("org.bukkit.craftbukkit", "").replace(".", ""); + + // Variable replacement + private static final Pattern MATCH_VARIABLE = Pattern.compile("\\{([^\\}]+)\\}"); + + private Reflection() { + // Seal class + } + + /** + * Retrieve a field accessor for a specific field type and name. + * + * @param target - the target type. + * @param name - the name of the field, or NULL to ignore. + * @param fieldType - a compatible field type. + * @return The field accessor. + */ + public static FieldAccessor getField(Class target, String name, Class fieldType) { + return getField(target, name, fieldType, 0); + } + + /** + * Retrieve a field accessor for a specific field type and name. + * + * @param className - lookup name of the class, see {@link #getClass(String)}. + * @param name - the name of the field, or NULL to ignore. + * @param fieldType - a compatible field type. + * @return The field accessor. + */ + public static FieldAccessor getField(String className, String name, Class fieldType) { + return getField(getClass(className), name, fieldType, 0); + } + + /** + * Retrieve a field accessor for a specific field type and name. + * + * @param target - the target type. + * @param fieldType - a compatible field type. + * @param index - the number of compatible fields to skip. + * @return The field accessor. + */ + public static FieldAccessor getField(Class target, Class fieldType, int index) { + return getField(target, null, fieldType, index); + } + + /** + * Retrieve a field accessor for a specific field type and name. + * + * @param className - lookup name of the class, see {@link #getClass(String)}. + * @param fieldType - a compatible field type. + * @param index - the number of compatible fields to skip. + * @return The field accessor. + */ + public static FieldAccessor getField(String className, Class fieldType, int index) { + return getField(getClass(className), fieldType, index); + } + + public static FieldAccessor getField(Class target, Class fieldType, int index, Class... parameters) { + return getField(target, null, fieldType, index, parameters); + } + + private static FieldAccessor getField(Class target, String name, Class fieldType, int index, Class... parameters) { + for (final Field field : target.getDeclaredFields()) { + if(matching(field, name, fieldType, parameters) && index-- <= 0) { + field.setAccessible(true); + + return new FieldAccessor() { + @Override + @SuppressWarnings("unchecked") + public T get(Object target) { + try { + return (T) field.get(target); + } catch (IllegalAccessException e) { + throw new IllegalArgumentException("Cannot access reflection.", e); + } + } + + @Override + public void set(Object target, Object value) { + try { + field.set(target, value); + } catch (IllegalAccessException e) { + throw new IllegalArgumentException("Cannot access reflection.", e); + } + } + + @Override + public boolean hasField(Object target) { + // target instanceof DeclaringClass + return field.getDeclaringClass().isAssignableFrom(target.getClass()); + } + }; + } + } + + // Search in parent classes + if (target.getSuperclass() != null) + return getField(target.getSuperclass(), name, fieldType, index); + + throw new IllegalArgumentException("Cannot find field with type " + fieldType); + } + + private static boolean matching(Field field, String name, Class fieldType, Class... parameters) { + if(name != null && !field.getName().equals(name)) + return false; + + if(!fieldType.isAssignableFrom(field.getType())) + return false; + + if(parameters.length > 0) { + Type[] arguments = ((ParameterizedType)field.getGenericType()).getActualTypeArguments(); + + for(int i = 0; i < parameters.length; i++) { + if(arguments[i] != parameters[i]) + return false; + } + } + return true; + } + + /** + * Search for the first publicly and privately defined method of the given name and parameter count. + * + * @param className - lookup name of the class, see {@link #getClass(String)}. + * @param methodName - the method name, or NULL to skip. + * @param params - the expected parameters. + * @return An object that invokes this specific method. + * @throws IllegalStateException If we cannot find this method. + */ + public static MethodInvoker getMethod(String className, String methodName, Class... params) { + return getTypedMethod(getClass(className), methodName, null, params); + } + + /** + * Search for the first publicly and privately defined method of the given name and parameter count. + * + * @param clazz - a class to start with. + * @param methodName - the method name, or NULL to skip. + * @param params - the expected parameters. + * @return An object that invokes this specific method. + * @throws IllegalStateException If we cannot find this method. + */ + public static MethodInvoker getMethod(Class clazz, String methodName, Class... params) { + return getTypedMethod(clazz, methodName, null, params); + } + + /** + * Search for the first publicly and privately defined method of the given name and parameter count. + * + * @param clazz - a class to start with. + * @param methodName - the method name, or NULL to skip. + * @param returnType - the expected return type, or NULL to ignore. + * @param params - the expected parameters. + * @return An object that invokes this specific method. + * @throws IllegalStateException If we cannot find this method. + */ + public static MethodInvoker getTypedMethod(Class clazz, String methodName, Class returnType, Class... params) { + for (final Method method : clazz.getDeclaredMethods()) { + if ((methodName == null || method.getName().equals(methodName)) + && (returnType == null || method.getReturnType().equals(returnType)) + && Arrays.equals(method.getParameterTypes(), params)) { + method.setAccessible(true); + + return (target, arguments) -> { + try { + return method.invoke(target, arguments); + } catch (Exception e) { + throw new IllegalArgumentException("Cannot invoke method " + method, e); + } + }; + } + } + + // Search in every superclass + if (clazz.getSuperclass() != null) + return getMethod(clazz.getSuperclass(), methodName, params); + + throw new IllegalStateException(String.format("Unable to find method %s (%s).", methodName, Arrays.asList(params))); + } + + /** + * Search for the first publically and privately defined constructor of the given name and parameter count. + * + * @param className - lookup name of the class, see {@link #getClass(String)}. + * @param params - the expected parameters. + * @return An object that invokes this constructor. + * @throws IllegalStateException If we cannot find this method. + */ + public static ConstructorInvoker getConstructor(String className, Class... params) { + return getConstructor(getClass(className), params); + } + + /** + * Search for the first publically and privately defined constructor of the given name and parameter count. + * + * @param clazz - a class to start with. + * @param params - the expected parameters. + * @return An object that invokes this constructor. + * @throws IllegalStateException If we cannot find this method. + */ + public static ConstructorInvoker getConstructor(Class clazz, Class... params) { + for (final Constructor constructor : clazz.getDeclaredConstructors()) { + if (Arrays.equals(constructor.getParameterTypes(), params)) { + constructor.setAccessible(true); + + return arguments -> { + try { + return constructor.newInstance(arguments); + } catch (Exception e) { + throw new IllegalArgumentException("Cannot invoke constructor " + constructor, e); + } + }; + } + } + + throw new IllegalStateException(String.format("Unable to find constructor for %s (%s).", clazz, Arrays.asList(params))); + } + + /** + * Retrieve a class from its full name, without knowing its type on compile time. + *

+ * This is useful when looking up fields by a NMS or OBC type. + *

+ * + * @param lookupName - the class name with variables. + * @return The class. + */ + public static Class getUntypedClass(String lookupName) { + @SuppressWarnings({ "rawtypes", "unchecked" }) + Class clazz = (Class) getClass(lookupName); + return clazz; + } + + /** + * Retrieve a class from its full name. + *

+ * Strings enclosed with curly brackets - such as {TEXT} - will be replaced according to the following table: + *

+ * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + *
VariableContent
{nms}Actual package name of net.minecraft.server.VERSION
{obc}Actual pacakge name of org.bukkit.craftbukkit.VERSION
{version}The current Minecraft package VERSION, if any.
+ * + * @param lookupName - the class name with variables. + * @return The looked up class. + * @throws IllegalArgumentException If a variable or class could not be found. + */ + public static Class getClass(String lookupName) { + try { + return Class.forName(expandVariables(lookupName)); + } catch (ClassNotFoundException e) { + throw new IllegalArgumentException("Cannot find " + expandVariables(lookupName), e); + } + } + + /** + * Expand variables such as "{nms}" and "{obc}" to their corresponding packages. + * + * @param name - the full name of the class. + * @return The expanded string. + */ + private static String expandVariables(String name) { + StringBuffer output = new StringBuffer(); + Matcher matcher = MATCH_VARIABLE.matcher(name); + + while (matcher.find()) { + String variable = matcher.group(1); + String replacement; + + // Expand all detected variables + if (variable.startsWith("nms")) { + if(MINECRAFT_VERSION >= 17) + replacement = "net.minecraft" + variable.substring(3); + else + replacement = NMS_PREFIX; + } else if ("obc".equals(variable)) + replacement = OBC_PREFIX; + else if ("version".equals(variable)) + replacement = VERSION; + else + throw new IllegalArgumentException("Unknown variable: " + variable); + + // Assume the expanded variables are all packages, and append a dot + if (replacement.length() > 0 && matcher.end() < name.length() && name.charAt(matcher.end()) != '.') + replacement += "."; + matcher.appendReplacement(output, Matcher.quoteReplacement(replacement)); + } + + matcher.appendTail(output); + return output.toString(); + } + + @SuppressWarnings("deprecation") + public static Object newInstance(Class clazz) { + try { + if (MINECRAFT_VERSION > 15) { + return Unsafe.getUnsafe().allocateInstance(clazz); + } else { + return clazz.newInstance(); + } + } catch (InstantiationException | IllegalAccessException e) { + throw new IllegalArgumentException("Could not create object", e); + } + } +} diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..f3d88b1 Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..086800c --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Wed May 05 10:45:33 CEST 2021 +distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.1-all.zip +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +zipStorePath=wrapper/dists +zipStoreBase=GRADLE_USER_HOME diff --git a/gradlew b/gradlew new file mode 100755 index 0000000..2fe81a7 --- /dev/null +++ b/gradlew @@ -0,0 +1,183 @@ +#!/usr/bin/env sh + +# +# Copyright 2015 the original author or authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin or MSYS, switch paths to Windows format before running java +if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=`expr $i + 1` + done + case $i in + 0) set -- ;; + 1) set -- "$args0" ;; + 2) set -- "$args0" "$args1" ;; + 3) set -- "$args0" "$args1" "$args2" ;; + 4) set -- "$args0" "$args1" "$args2" "$args3" ;; + 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=`save "$@"` + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..9618d8d --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,100 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/proxy.py b/proxy.py new file mode 100644 index 0000000..f05e55b --- /dev/null +++ b/proxy.py @@ -0,0 +1,184 @@ +#!/usr/bin/env python3 +from collections import namedtuple +from typing import Dict +from json import dumps, loads +from base64 import b64decode +from time import time, sleep +from threading import Thread +from urllib.error import HTTPError +from urllib.request import Request, urlopen +from http import HTTPStatus +from http.server import ThreadingHTTPServer, BaseHTTPRequestHandler + + +# Set this to True if behind an ip masking proxy (with X-Forwarded-For support) while using prevent-proxy-connections +behind_proxy = False +# Should mojang accounts be allowed to join with this AltAuth proxy +allow_mojang_accounts = True +# Should banned microsoft accounts ("UserBannedException") be allowed to join? +# Should accounts with disabled multiplayer ("InsufficientPrivilegesException") be allowed to join? +allowed_microsoft_accounts = ("InsufficientPrivilegesException", "UserBannedException") + + +def moj_request(url, data=None): + try: + response = urlopen(Request( + url, + headers={ + "Content-Type": "application/json" + } if data else {}, + data=dumps(data).encode("utf8") if data else None + )) + return response.code, response.read() + except HTTPError as response: + return response.code, response.read() + + +CachedProfile = namedtuple('CachedProfile', ('timestamp', 'use_altauth', 'ip', 'uuid')) + + +cached_profiles: Dict[str, CachedProfile] = {} + + +def timeout_cleaner(): + global cached_profiles + while True: + timeout = time() - 60 + cached_profiles = { + serverId: profile + for serverId, profile in cached_profiles.items() + if profile.timestamp > timeout + } + sleep(1) + + +class AltAuthRequestHandler(BaseHTTPRequestHandler): + + def do_POST(self): + try: + self.close_connection = True + + if self.path != "/session/minecraft/join": + self.send_response(HTTPStatus.NOT_FOUND) + self.end_headers() + return + + content_length = int(self.headers['Content-Length']) + if content_length > 1024: + raise Exception() + + request = loads(self.rfile.read(content_length)) + access_token = request["accessToken"] + selected_profile = request["selectedProfile"] + server_id = request["serverId"] + + token = loads(b64decode(access_token.split(".")[1] + "==")) # Decode the JSON Web Token + now = time() + use_altauth = False + + if token["exp"] >= now: # check token expiration date + raise Exception() + + if token["iss"] == "Yggdrasil-Auth" and allow_mojang_accounts: # Mojang account + if token["spr"] != selected_profile: + raise Exception() + + # Valid token (even on other ip): 204 + # Invalid token: 403 {"error": "ForbiddenOperationException", "errorMessage": "Invalid token"} + code, data = moj_request("https://authserver.mojang.com/validate", data={ + "accessToken": access_token + }) + if code != 204: + raise Exception() + + use_altauth = True + + else: # Microsoft account + # Valid token: 204 + # According to wiki.vg Xbox multiplayer disabled: InsufficientPrivilegesException + # According to wiki.vg Multiplayer banned: UserBannedException + # Mojang account: 403 {"error":"ForbiddenOperationException","path":"/session/minecraft/join"} + # Invalid token: 403 {"error":"ForbiddenOperationException","path":"/session/minecraft/join"} + code, data = moj_request("https://sessionserver.mojang.com/session/minecraft/join", data={ + "accessToken": access_token, + "selectedProfile": selected_profile, + "serverId": server_id + }) + if code == 403: + if loads(data)["error"] in allowed_microsoft_accounts: + use_altauth = True + code = 204 + + if code == 204: + cached_profiles[server_id] = CachedProfile( + timestamp=now, + use_altauth=use_altauth, + ip=self.headers['X-Forwarded-For'] if behind_proxy else self.client_address[0], + uuid=selected_profile + ) + + self.send_response(code) + self.end_headers() + if code != 204 and data: + self.wfile.write(data) + except BaseException as e: + print(e) + + # The client continues the login process with a 500 response, therefore 403 instead + self.send_response(HTTPStatus.FORBIDDEN) + self.end_headers() + self.wfile.write(b'{"error":"ForbiddenOperationException","path":"/session/minecraft/join"}') + + def do_GET(self): + try: + self.close_connection = True + + if not self.path.startswith("/session/minecraft/hasJoined?"): + self.send_response(HTTPStatus.NOT_FOUND) + self.end_headers() + return + + query = { + attribute.split("=")[0]: attribute.split("=")[1] + for attribute in self.path.split("?", 1)[1].split("&") + } + server_id = query["serverId"] + username = query["username"] + altauth_client = server_id in cached_profiles + cached_profile = cached_profiles.pop(server_id) if altauth_client else None + + if altauth_client and "ip" in query: + if query.pop("ip") != cached_profile.ip: + raise Exception() + + if altauth_client and cached_profile.use_altauth: + code, data = moj_request( + f"https://sessionserver.mojang.com/session/minecraft/profile/{cached_profile.uuid}" + ) + + if data: + profile = loads(data) + if profile["name"] != username: # Disarm server_id hash collisions and prevent username spoofing + raise Exception() + elif "ip" in query: + code, data = moj_request( + f"https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_id}&ip={query['ip']}" + ) + else: + code, data = moj_request( + f"https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_id}" + ) + + self.send_response(code) + self.end_headers() + self.wfile.write(data) + except BaseException as e: + print(e) + + self.send_response(HTTPStatus.INTERNAL_SERVER_ERROR) + self.end_headers() + + +if __name__ == '__main__': + Thread(target=timeout_cleaner, name="TimeoutCleanup", daemon=True).start() + ThreadingHTTPServer(('127.0.0.1', 8080), AltAuthRequestHandler).serve_forever() diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..d60786c --- /dev/null +++ b/settings.gradle @@ -0,0 +1,24 @@ +/* + * This file is part of AltAuth. + * + * Copyright (C) 2022 Lixfel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +rootProject.name = 'AltAuth' + +include 'bukkit' +include 'bungee' +include 'common'