diff --git a/proxy.py b/proxy.py index db11d74..9198e12 100755 --- a/proxy.py +++ b/proxy.py @@ -1,6 +1,18 @@ #!/usr/bin/env python3 # SPDX-License-Identifier: MIT +# Set this to True if behind an ip masking proxy (with X-Forwarded-For support) while using prevent-proxy-connections +behind_proxy = True +# Address and port to listen to +bind_to = ('127.0.0.1', 8080) +# Should mojang accounts be allowed to join with this AltAuth proxy +allow_mojang_accounts = True +# Should banned microsoft accounts ("UserBannedException") be allowed to join? +# Should accounts with disabled multiplayer ("InsufficientPrivilegesException") be allowed to join? +allowed_microsoft_accounts = () +# allowed_microsoft_accounts = ("InsufficientPrivilegesException", "UserBannedException") + + from traceback import format_exc from collections import namedtuple from typing import Dict @@ -14,18 +26,6 @@ from http import HTTPStatus from http.server import ThreadingHTTPServer, BaseHTTPRequestHandler -# Set this to True if behind an ip masking proxy (with X-Forwarded-For support) while using prevent-proxy-connections -behind_proxy = True -# Address and port to listen to -bind_to = ('127.0.0.1', 8080) -# Should mojang accounts be allowed to join with this AltAuth proxy -allow_mojang_accounts = True -# Should banned microsoft accounts ("UserBannedException") be allowed to join? -# Should accounts with disabled multiplayer ("InsufficientPrivilegesException") be allowed to join? -allowed_microsoft_accounts = () -#allowed_microsoft_accounts = ("InsufficientPrivilegesException", "UserBannedException") - - def moj_request(url, data=None): try: response = urlopen(Request( @@ -58,6 +58,10 @@ def timeout_cleaner(): sleep(1) +class SilentException(Exception): + pass + + class AltAuthRequestHandler(BaseHTTPRequestHandler): def do_POST(self): @@ -83,7 +87,7 @@ class AltAuthRequestHandler(BaseHTTPRequestHandler): use_altauth = False if token["exp"] <= now: # check token expiration date - raise Exception("Expired token") + raise SilentException("Expired token") if token["iss"] == "Yggdrasil-Auth" and allow_mojang_accounts: # Mojang account if token["spr"] != selected_profile: @@ -127,7 +131,11 @@ class AltAuthRequestHandler(BaseHTTPRequestHandler): self.end_headers() if code != 204 and data: self.wfile.write(data) - except BaseException as e: + except SilentException: + self.send_response(HTTPStatus.FORBIDDEN) + self.end_headers() + self.wfile.write(b'{"error":"ForbiddenOperationException","path":"/session/minecraft/join"}') + except BaseException: self.log_message("Exception handling request: %s", format_exc()) # The client continues the login process with a 500 response, therefore 403 instead @@ -184,6 +192,10 @@ class AltAuthRequestHandler(BaseHTTPRequestHandler): self.send_response(HTTPStatus.FORBIDDEN) self.end_headers() + def log_request(self, code='-', size='-'): + # Don't log every request (may become spammy & may contain IPs from prevent-proxy-connections (GDPR) + pass + if __name__ == '__main__': Thread(target=timeout_cleaner, name="TimeoutCleanup", daemon=True).start()