summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar bigfoot547 <[email protected]>2025-01-30 23:21:10 -0600
committerLibravatar bigfoot547 <[email protected]>2025-01-30 23:21:10 -0600
commiteb75f8512cddac27fb1e0a8aa678ba058862568d (patch)
tree9fcfee3089495f6eccf80bf288a14d4586eb6540
parentnon-working: auth (diff)
user auth
Diffstat
-rw-r--r--src/auth.rs215
-rw-r--r--src/auth/mcservices.rs92
-rw-r--r--src/auth/msa.rs149
-rw-r--r--src/auth/types.rs91
-rw-r--r--src/auth/types/property_map.rs50
5 files changed, 555 insertions, 42 deletions
diff --git a/src/auth.rs b/src/auth.rs
index 0bae4e1..e1134d6 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,6 +1,7 @@
mod types;
mod oauth;
mod msa;
+mod mcservices;
use std::error::Error;
use std::fmt::{Display, Formatter};
@@ -8,18 +9,38 @@ use std::future::Future;
use std::ops::Add;
use std::time::{Duration, Instant, SystemTime};
use chrono::{DateTime, NaiveDateTime, TimeDelta, Utc};
+use log::debug;
use oauth2::{AccessToken, AuthType, AuthUrl, ClientId, DeviceAuthorizationResponse, DeviceAuthorizationUrl, DeviceCodeErrorResponse, EmptyExtraDeviceAuthorizationFields, EndpointNotSet, EndpointSet, HttpClientError, RefreshToken, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, StandardTokenResponse, TokenResponse, TokenUrl};
-use oauth2::basic::{BasicErrorResponse, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse};
+use oauth2::basic::{BasicErrorResponse, BasicErrorResponseType, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse};
+use reqwest::{IntoUrl, Method, RequestBuilder};
pub use types::*;
+use crate::auth::msa::{XSTS_RP_MINECRAFT_SERVICES, XSTS_RP_XBOX_LIVE};
+use crate::util::USER_AGENT;
#[derive(Debug)]
pub enum AuthError {
+ // An unexpected error happened while performing a request
Request { what: &'static str, error: reqwest::Error },
OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> },
OAuthRequestDeviceCode { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse> },
+
+ // Some internal auth error (unrecoverable)
Internal(String),
+
+ // Device code auth was cancelled
Cancel(Option<Box<dyn Error>>),
- Timeout
+
+ // Device code auth timed out
+ Timeout,
+
+ // Requires interactive authentication
+ RequireInteractive(&'static str),
+
+ // XSTS error
+ AuthXError { what: &'static str, x_error: u64, message: Option<String> },
+
+ // You don't own the game!
+ EntitlementError
}
impl Display for AuthError {
@@ -31,7 +52,10 @@ impl Display for AuthError {
AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg),
AuthError::Cancel(Some(error)) => write!(f, "operation cancelled: {error}"),
AuthError::Cancel(None) => f.write_str("operation cancelled"),
- AuthError::Timeout => f.write_str("interactive authentication timed out")
+ AuthError::Timeout => f.write_str("interactive authentication timed out"),
+ AuthError::RequireInteractive(why) => write!(f, "user must log in interactively: {why}"),
+ AuthError::AuthXError { what, x_error, message } => write!(f, "XSTS error: {what} ({x_error} -> {})", message.as_ref().map_or("<no message>", |s| s.as_str())),
+ AuthError::EntitlementError => f.write_str("no minecraft entitlement (do you own the game?)")
}
}
}
@@ -50,7 +74,7 @@ impl Error for AuthError {
impl Token {
fn is_expired(&self, now: DateTime<Utc>) -> bool {
- self.expire.is_some_and(|exp| now < exp)
+ self.expire.is_some_and(|exp| now >= exp)
}
}
@@ -58,7 +82,7 @@ macro_rules! create_oauth_client {
($is_azure_client_id:expr, $client_id:expr) => {
oauth2::Client::new($client_id)
.set_token_uri(TokenUrl::new(if $is_azure_client_id { AZURE_TOKEN_URL.into() } else { NON_AZURE_TOKEN_URL.into() }).expect("hardcoded url"))
- .set_device_authorization_url(DeviceAuthorizationUrl::new(if $is_azure_client_id { AZURE_TOKEN_URL.into() } else { NON_AZURE_TOKEN_URL.into() }).expect("hardcoded url"))
+ .set_device_authorization_url(DeviceAuthorizationUrl::new(if $is_azure_client_id { AZURE_DEVICE_CODE_URL.into() } else { NON_AZURE_DEVICE_CODE_URL.into() }).expect("hardcoded url"))
as oauth2::Client<BasicErrorResponse, BasicTokenResponse, BasicTokenIntrospectionResponse, StandardRevocableToken, BasicRevocationErrorResponse,
EndpointNotSet, EndpointSet, EndpointNotSet, EndpointNotSet, EndpointSet>
}
@@ -72,6 +96,12 @@ const NON_AZURE_DEVICE_CODE_URL: &str = "https://login.live.com/oauth20_connect.
const AZURE_LOGIN_SCOPES: &[&str] = ["XboxLive.signin", "offline_access"].as_slice();
const NON_AZURE_LOGIN_SCOPES: &[&str] = ["service::user.auth.xboxlive.com::MBI_SSL"].as_slice();
+fn build_json_request(client: &reqwest::Client, url: impl IntoUrl, method: Method) -> RequestBuilder {
+ client.request(method, url)
+ .header(reqwest::header::USER_AGENT, USER_AGENT)
+ .header(reqwest::header::ACCEPT, "application/json")
+}
+
impl MsaUser {
pub fn create_client() -> reqwest::Client {
reqwest::ClientBuilder::new()
@@ -90,38 +120,46 @@ impl MsaUser {
}
// uses an access token from, for example, a device code grant logs into xbox live
- async fn xbl_login(&mut self, token: &AccessToken) -> Result<(), AuthError> {
+ async fn xbl_login(&mut self, client: &reqwest::Client, token: &AccessToken) -> Result<(), AuthError> {
+ debug!("Logging into xbox live using access token");
+ self.xbl_token = Some(msa::xbox_live_login(client, token, self.is_azure_client_id).await?);
+ Ok(())
}
// logs into xbox live using a refresh token
// (panics if no refresh token present)
async fn xbl_login_refresh(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+ debug!("Using refresh token for XBL login");
let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
let refresh_token = self.refresh_token.as_ref().expect("refresh_access_token called with no refresh token");
let tokenres: BasicTokenResponse = oauth_client
.exchange_refresh_token(refresh_token)
.add_scopes(self.scopes_iter())
+ .add_extra_param("response_type", "device_code")
.request_async(client)
.await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?;
self.refresh_token = tokenres.refresh_token().cloned();
- self.xbl_login(tokenres.access_token()).await
+ self.xbl_login(client, tokenres.access_token()).await
}
async fn xbl_login_device<D, DF>(&mut self, client: &reqwest::Client, handle_device: D) -> Result<(), AuthError>
where
- D: FnOnce(&StandardDeviceAuthorizationResponse) -> DF,
+ D: FnOnce(StandardDeviceAuthorizationResponse) -> DF,
DF: Future<Output = ()>
{
+ debug!("Using device authorization for XBL login");
let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
- let device_auth: StandardDeviceAuthorizationResponse = oauth_client.exchange_device_code().add_scopes(self.scopes_iter())
+ let device_auth: StandardDeviceAuthorizationResponse = oauth_client.exchange_device_code()
+ .add_scopes(self.scopes_iter())
+ .add_extra_param("response_type", "device_code")
.request_async(client)
.await.map_err(|e| AuthError::OAuthRequestToken { what: "device code", error: e })?;
- handle_device(&device_auth).await;
+ handle_device(device_auth.clone()).await;
let tokenres = oauth_client.exchange_device_access_token(&device_auth)
.set_max_backoff_interval(Duration::from_secs(20u64))
@@ -130,7 +168,7 @@ impl MsaUser {
self.refresh_token = tokenres.refresh_token().cloned();
- self.xbl_login(tokenres.access_token()).await
+ self.xbl_login(client, tokenres.access_token()).await
}
// ensure we have an xbox live token for this person
@@ -138,18 +176,111 @@ impl MsaUser {
// - check if the XBL token is valid/not expired
// - if it is expired, try to use refresh token to get a new one
// - get rid of auth token if yeah
- async fn ensure_xbl(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
- todo!()
+ async fn ensure_xbl(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
+ if self.xbl_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
+ debug!("XBL token valid. Using it.");
+ return Ok(())
+ }
+
+ if self.refresh_token.is_none() {
+ return Err(AuthError::RequireInteractive("no refresh token"));
+ }
+
+ debug!("XBL token expired. Trying to refresh it.");
+ self.xbl_login_refresh(client).await
+ .map_err(|e| match &e {
+ AuthError::OAuthRequestToken { error, .. } => match error {
+ RequestTokenError::ServerResponse(res) => match res.error() {
+ BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => {
+ AuthError::RequireInteractive("msa requested interactive logon")
+ },
+ _ => e
+ },
+ _ => e
+ },
+ _ => e
+ })?;
+
+ self.mc_token = None;
+
+ Ok(())
}
- async fn log_in_silent(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
- let now: DateTime<Utc> = SystemTime::now().into();
+ // function's tasks:
+ // - if the minecraft services token invalid/expired/missing, do the following
+ // - get minecraftservices xsts token
+ // - use minecraftservices to get mojang token with that xsts token
+ async fn ensure_mc_token(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
+ if self.mc_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
+ debug!("Mojang token valid. Using it.");
+ return Ok(())
+ }
+
+ debug!("Mojang token has expired. Must log in again.");
+ let xbl_token = self.xbl_token.as_ref().expect("ensure_mc_token requires xbl token").value.as_str();
+ let (user_hash, mc_xsts_tok) = match msa::xsts_request(client, xbl_token, XSTS_RP_MINECRAFT_SERVICES).await? {
+ msa::XSTSAuthResponse::Success(res) => {
+ let user_hash = res.get_user_hash()
+ .map_or(Err(AuthError::Internal("malformed response: no user hash".into())), |h| Ok(h.to_owned()))?;
+ (user_hash, res.into_token())
+ },
+ msa::XSTSAuthResponse::Error(e) => return Err(e.into())
+ };
+
+ debug!("Got MinecraftServices XSTS, logging in.");
+ self.mc_token = Some(mcservices::login_with_xbox(client, mc_xsts_tok.as_str(), user_hash.as_str()).await?);
+
+ Ok(())
+ }
- if self.auth_token.as_ref().is_some_and(|tok| !tok.is_expired(now.add(TimeDelta::hours(12)))) {
+ async fn load_xbox_info(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+ debug!("Loading Xbox info...");
+ let xbl_token = self.xbl_token.as_ref().expect("xbl token missing").value.as_str();
+ let res = match msa::xsts_request(client, xbl_token, XSTS_RP_XBOX_LIVE).await? {
+ msa::XSTSAuthResponse::Success(res) => res,
+ msa::XSTSAuthResponse::Error(e) => return Err(e.into())
+ };
+
+ let Some(xuid) = res.get_xuid() else {
+ return Err(AuthError::Internal("missing xuid for user".into()));
+ };
+
+ self.xuid = Some(xuid);
+ self.gamertag = res.get_gamertag().map(|s| s.to_owned());
+
+ debug!("Xbox info loaded: (xuid {xuid}, gamertag {})", res.get_gamertag().unwrap_or("<none>"));
+
+ Ok(())
+ }
+
+ async fn load_profile(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+ self.load_xbox_info(client).await?;
+
+ let mc_token = self.mc_token.as_ref().expect("minecraft token missing").value.as_str();
+
+ if !mcservices::owns_the_game(client, mc_token).await? {
+ return Err(AuthError::EntitlementError);
}
- todo!()
+ let player_info = mcservices::get_player_info(client, mc_token).await?;
+ let player_profile = mcservices::get_player_profile(client, player_info.id).await
+ .map_err(|e| AuthError::Request { what: "looking up profile", error: e })?;
+
+ self.player_info = Some(player_info);
+ self.player_profile = Some(player_profile);
+
+ Ok(())
+ }
+
+ async fn log_in_silent(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
+ let now: DateTime<Utc> = DateTime::from(SystemTime::now()) + TimeDelta::hours(12);
+
+ self.ensure_xbl(client, now).await?;
+ self.ensure_mc_token(client, now).await?;
+ self.load_profile(client).await?;
+
+ Ok(())
}
}
@@ -163,21 +294,47 @@ mod test {
async fn abc() {
simple_logger::SimpleLogger::new().with_colors(true).with_level(log::LevelFilter::Trace).init().unwrap();
- let mut user: MsaUser = MsaUser {
- profile: None,
- xuid: None,
- client_id: ClientId::new("00000000402b5328".into()),
- is_azure_client_id: false,
- auth_token: None,
- xbl_token: None,
- refresh_token: None
+ let mut user = match tokio::fs::read_to_string("test_stuff/test.json").await {
+ Ok(s) => serde_json::from_str::<MsaUser>(&s).unwrap(),
+ Err(e) if e.kind() == tokio::io::ErrorKind::NotFound => {
+ MsaUser {
+ player_profile: None,
+ xuid: None,
+ gamertag: None,
+ player_info: None,
+ client_id: ClientId::new("00000000402b5328".into()),
+ is_azure_client_id: false,
+ mc_token: None,
+ xbl_token: None,
+ refresh_token: None
+ }
+ },
+ Err(e) => panic!("i/o error: {}", e)
};
let client = MsaUser::create_client();
- user.xbl_login_device(&client, |d| {
- dbg!(d);
- futures::future::ready(())
- }).await.unwrap();
+ loop {
+ match user.log_in_silent(&client).await {
+ Ok(_) => break,
+ Err(AuthError::RequireInteractive(s)) => {
+ debug!("Requires interactive auth: {s}")
+ },
+ Err(e) => {
+ panic!("{}", e);
+ }
+ }
+
+ user.xbl_login_device(&client, |d| async move {
+ let d = dbg!(d);
+ debug!("User code: {}", d.user_code().secret());
+ ()
+ }).await.unwrap()
+ }
+
+ debug!("User: {user:?}");
+
+ let user_str = serde_json::to_string_pretty(&user).unwrap();
+ tokio::fs::write("test_stuff/test.json", user_str.as_str()).await.unwrap();
}
}
diff --git a/src/auth/mcservices.rs b/src/auth/mcservices.rs
new file mode 100644
index 0000000..4305363
--- /dev/null
+++ b/src/auth/mcservices.rs
@@ -0,0 +1,92 @@
+use std::time::{Duration, SystemTime};
+use chrono::{DateTime, Utc};
+use reqwest::{IntoUrl, Method, RequestBuilder};
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+use super::{AuthError, MinecraftPlayerInfo, PlayerProfile};
+use super::types::Token;
+
+const MINECRAFT_LOGIN: &str = "https://api.minecraftservices.com/authentication/login_with_xbox";
+const MINECRAFT_ENTITLEMENTS: &str = "https://api.minecraftservices.com/entitlements";
+const MINECRAFT_PROFILE: &str = "https://api.minecraftservices.com/minecraft/profile";
+
+const MINECRAFT_SESSION_PROFILE: &str = "https://sessionserver.mojang.com/session/minecraft/profile/";
+
+fn build_authenticated(client: &reqwest::Client, url: impl IntoUrl, method: Method, mc_token: &str) -> RequestBuilder {
+ super::build_json_request(client, url, method)
+ .bearer_auth(mc_token)
+}
+
+#[derive(Serialize, Debug)]
+#[serde(rename_all = "camelCase")]
+struct MinecraftXboxLoginRequest<'a> {
+ identity_token: &'a str,
+ ensure_legacy_enabled: bool
+}
+
+#[derive(Deserialize, Debug)]
+struct MinecraftXboxLoginResponse {
+ access_token: String,
+ expires_in: u64
+}
+
+pub async fn login_with_xbox(client: &reqwest::Client, xsts_token: &str, user_hash: &str) -> Result<Token, AuthError> {
+ let tok = format!("XBL3.0 x={user_hash};{xsts_token}");
+ let req = MinecraftXboxLoginRequest {
+ identity_token: tok.as_str(),
+ ensure_legacy_enabled: true
+ };
+
+ let res: MinecraftXboxLoginResponse = super::build_json_request(client, MINECRAFT_LOGIN, Method::POST)
+ .json(&req).send().await
+ .and_then(|r| r.error_for_status())
+ .map_err(|e| AuthError::Request { what: "minecraft xbox login", error: e })?
+ .json().await
+ .map_err(|e| AuthError::Request { what: "minecraft xbox login (decode)", error: e })?;
+
+ let now: DateTime<Utc> = SystemTime::now().into();
+
+ Ok(Token {
+ value: res.access_token,
+ expire: Some(now + Duration::from_secs(res.expires_in))
+ })
+}
+
+#[derive(Deserialize, Debug)]
+struct EntitlementItem {
+ name: String
+ // we don't care about the signature
+}
+
+#[derive(Deserialize, Debug)]
+struct EntitlementResponse {
+ #[serde(default)]
+ items: Vec<EntitlementItem>
+}
+
+pub async fn owns_the_game(client: &reqwest::Client, token: &str) -> Result<bool, AuthError> {
+ let res: EntitlementResponse = build_authenticated(client, MINECRAFT_ENTITLEMENTS, Method::GET, token)
+ .send().await
+ .and_then(|r| r.error_for_status())
+ .map_err(|e| AuthError::Request { what: "entitlements", error: e })?
+ .json().await
+ .map_err(|e| AuthError::Request { what: "entitlements (receive)", error: e})?;
+
+ Ok(res.items.iter().filter(|i| i.name == "game_minecraft" || i.name == "product_minecraft").next().is_some())
+}
+
+pub async fn get_player_info(client: &reqwest::Client, token: &str) -> Result<MinecraftPlayerInfo, AuthError> {
+ build_authenticated(client, MINECRAFT_PROFILE, Method::GET, token)
+ .send().await
+ .and_then(|r| r.error_for_status())
+ .map_err(|e| AuthError::Request { what: "player info", error: e })?
+ .json().await
+ .map_err(|e| AuthError::Request { what: "player info (receive)", error: e })
+}
+
+pub async fn get_player_profile(client: &reqwest::Client, uuid: Uuid) -> Result<PlayerProfile, reqwest::Error> {
+ super::build_json_request(client, format!("{}{}?unsigned=false", MINECRAFT_SESSION_PROFILE, uuid.as_simple()), Method::GET)
+ .send().await
+ .and_then(|r| r.error_for_status())?
+ .json().await
+}
diff --git a/src/auth/msa.rs b/src/auth/msa.rs
index da9a376..6c90790 100644
--- a/src/auth/msa.rs
+++ b/src/auth/msa.rs
@@ -1,9 +1,19 @@
-use chrono::{DateTime, Utc};
+use std::borrow::Cow;
+use std::collections::HashMap;
+use std::ops::Add;
+use std::time::{Duration, SystemTime};
+use chrono::{DateTime, TimeDelta, Utc};
+use log::debug;
use oauth2::AccessToken;
+use reqwest::{IntoUrl, Method, RequestBuilder};
use serde::{Deserialize, Serialize};
+use uuid::Uuid;
use crate::auth::AuthError;
+use crate::auth::types::Token;
+use crate::util::USER_AGENT;
const XBOX_LIVE_AUTH: &str = "https://user.auth.xboxlive.com/user/authenticate";
+const XBOX_LIVE_XSTS: &str = "https://xsts.auth.xboxlive.com/xsts/authorize";
#[derive(Debug, Serialize)]
#[serde(rename_all = "PascalCase")]
@@ -28,6 +38,137 @@ struct XboxLiveAuthResponse {
not_after: DateTime<Utc>
}
-pub fn xbox_live_login(client: &reqwest::Client, access_token: &AccessToken) -> Result<(), AuthError> {
-
-} \ No newline at end of file
+pub async fn xbox_live_login(client: &reqwest::Client, access_token: &AccessToken, azure: bool) -> Result<Token, AuthError> {
+ debug!("MSA performing xbox live login ({azure})");
+
+ let ticket = match azure {
+ true => Cow::Owned(format!("d={}", access_token.secret())),
+ _ => Cow::Borrowed(access_token.secret().as_str())
+ };
+
+ let request = XboxLiveAuthRequest {
+ properties: XboxLiveAuthRequestProperties {
+ auth_method: "RPS",
+ site_name: "user.auth.xboxlive.com",
+ rps_ticket: ticket.as_ref()
+ },
+ relying_party: "http://auth.xboxlive.com",
+ token_type: "JWT"
+ };
+
+ let res: XboxLiveAuthResponse = super::build_json_request(client, XBOX_LIVE_AUTH, Method::POST).json(&request).send().await
+ .and_then(|r| r.error_for_status())
+ .map_err(|e| AuthError::Request { what: "xbox live auth", error: e })?
+ .json().await.map_err(|e| AuthError::Request { what: "xbox live auth (decode)", error: e })?;
+
+ Ok(Token {
+ value: res.token,
+ expire: Some(res.not_after)
+ })
+}
+
+#[derive(Serialize, Debug)]
+#[serde(rename_all = "PascalCase")]
+struct XSTSAuthRequest<'a> {
+ properties: XSTSAuthRequestProperties<'a>,
+ relying_party: &'a str,
+ token_type: &'a str
+}
+
+#[derive(Serialize, Debug)]
+#[serde(rename_all = "PascalCase")]
+struct XSTSAuthRequestProperties<'a> {
+ sandbox_id: &'a str,
+ user_tokens: &'a[&'a str]
+}
+
+#[derive(Deserialize, Debug)]
+#[serde(rename_all = "PascalCase")]
+pub(super) struct XSTSAuthSuccessResponse {
+ token: String,
+ #[serde(default)]
+ display_claims: XSTSAuthResponseDisplayClaims
+}
+
+#[derive(Deserialize, Debug)]
+#[serde(rename_all = "PascalCase")]
+pub(super) struct XSTSAuthErrorResponse {
+ x_err: u64,
+ message: Option<String>
+}
+
+#[derive(Deserialize, Debug)]
+#[serde(rename_all = "PascalCase", untagged)]
+pub(super) enum XSTSAuthResponse {
+ Success(XSTSAuthSuccessResponse),
+ Error(XSTSAuthErrorResponse)
+}
+
+#[derive(Deserialize, Debug, Default)]
+pub(super) struct XSTSAuthResponseDisplayClaims {
+ xui: Vec<HashMap<String, String>>
+}
+
+impl XSTSAuthSuccessResponse {
+ pub(super) fn into_token(self) -> String {
+ self.token
+ }
+
+ fn get_display_claim(&self, name: &str) -> Option<&str> {
+ self.display_claims.xui.iter().filter(|m| m.contains_key(name))
+ .next().map_or(None, |f| f.get(name).map(|s| s.as_str()))
+ }
+
+ pub(super) fn get_user_hash(&self) -> Option<&str> {
+ self.get_display_claim("uhs")
+ }
+
+ pub(super) fn get_xuid(&self) -> Option<Uuid> {
+ self.get_display_claim("xid")
+ .map_or(None, |s| Some(Uuid::from_u64_pair(0, s.parse().ok()?)))
+ }
+
+ pub(super) fn get_gamertag(&self) -> Option<&str> {
+ self.get_display_claim("gtg")
+ }
+}
+
+impl Into<AuthError> for XSTSAuthErrorResponse {
+ fn into(self) -> AuthError {
+ AuthError::AuthXError {
+ // some well-known error values
+ what: match self.x_err {
+ 2148916238u64 => "Microsoft account held by a minor outside of a family.",
+ 2148916233u64 => "Account is not on Xbox.",
+ _ => "Unknown error."
+ },
+ x_error: self.x_err,
+ message: self.message
+ }
+ }
+}
+
+pub(super) const XSTS_RP_MINECRAFT_SERVICES: &str = "rp://api.minecraftservices.com/";
+pub(super) const XSTS_RP_XBOX_LIVE: &str = "http://xboxlive.com";
+
+pub async fn xsts_request(client: &reqwest::Client, xbl_token: &str, relying_party: &str) -> Result<XSTSAuthResponse, AuthError> {
+ debug!("Performing XSTS auth {relying_party}");
+
+ let token_array = [xbl_token];
+ let req = XSTSAuthRequest {
+ properties: XSTSAuthRequestProperties {
+ sandbox_id: "RETAIL",
+ user_tokens: token_array.as_slice()
+ },
+ relying_party,
+ token_type: "JWT"
+ };
+
+ let res: XSTSAuthResponse = super::build_json_request(client, XBOX_LIVE_XSTS, Method::POST).json(&req).send().await
+ .and_then(|r| r.error_for_status())
+ .map_err(|e| AuthError::Request { what: "xsts", error: e })?
+ .json().await
+ .map_err(|e| AuthError::Request { what: "xsts (decode)", error: e })?;
+
+ Ok(res)
+}
diff --git a/src/auth/types.rs b/src/auth/types.rs
index f455657..c7a9ac9 100644
--- a/src/auth/types.rs
+++ b/src/auth/types.rs
@@ -1,25 +1,32 @@
+pub mod property_map;
+pub use property_map::PropertyMap;
+
+use std::fmt::{Debug, Formatter, Write};
use chrono::{DateTime, Utc};
use multimap::MultiMap;
use oauth2::RefreshToken;
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Deserializer, Serialize};
+use serde::de::{Error, SeqAccess, Visitor};
use uuid::Uuid;
#[derive(Debug, Serialize, Deserialize)]
pub struct Property {
+ pub name: String,
pub value: String,
pub signature: Option<String>
}
#[derive(Debug, Serialize, Deserialize)]
-pub struct UserProfile {
- pub uuid: Option<Uuid>,
- pub name: Option<String>,
+pub struct PlayerProfile {
+ #[serde(with = "uuid::serde::simple")]
+ pub id: Uuid,
+ pub name: String,
- #[serde(default, skip_serializing_if = "MultiMap::is_empty")]
+ #[serde(default, skip_serializing_if = "MultiMap::is_empty", with = "property_map")]
pub properties: MultiMap<String, Property>
}
-#[derive(Debug, Serialize, Deserialize)]
+#[derive(Serialize, Deserialize)]
pub(super) struct Token {
pub value: String,
@@ -27,18 +34,84 @@ pub(super) struct Token {
pub expire: Option<DateTime<Utc>>
}
+struct RedactedValue;
+impl Debug for RedactedValue {
+ fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+ f.write_str("[redacted]")
+ }
+}
+
+impl Debug for Token {
+ fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+ f.debug_struct("Token")
+ .field("value", &RedactedValue)
+ .field("expire", &self.expire)
+ .finish()
+ }
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "UPPERCASE")]
+pub enum SkinState {
+ Active,
+ Inactive
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "UPPERCASE")]
+pub enum SkinVariant {
+ Classic,
+ Slim
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SkinInfo {
+ pub id: Uuid,
+ pub state: SkinState,
+ pub url: String,
+ pub texture_key: Option<String>,
+ pub variant: Option<SkinVariant>,
+ pub alias: Option<String>
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct MinecraftPlayerInfo {
+ #[serde(with = "uuid::serde::simple")]
+ pub id: Uuid,
+ pub name: String,
+
+ #[serde(default)]
+ pub skins: Vec<SkinInfo>,
+ #[serde(default)]
+ pub capes: Vec<SkinInfo>,
+
+ #[serde(default)]
+ pub demo: bool,
+
+ #[serde(default)]
+ pub legacy: bool,
+
+ // todo: profile actions (idk the format)
+}
+
#[derive(Debug, Serialize, Deserialize)]
pub struct MsaUser {
#[serde(skip_serializing_if = "Option::is_none")]
- pub profile: Option<UserProfile>,
+ pub player_profile: Option<PlayerProfile>,
pub xuid: Option<Uuid>,
+ pub gamertag: Option<String>,
+
+ #[serde(skip)] // this information is transient
+ pub player_info: Option<MinecraftPlayerInfo>,
pub(super) client_id: oauth2::ClientId,
#[serde(default, skip_serializing_if = "std::ops::Not::not")]
pub(super) is_azure_client_id: bool,
- pub(super) auth_token: Option<Token>,
+ pub(super) mc_token: Option<Token>,
pub(super) xbl_token: Option<Token>,
pub(super) refresh_token: Option<RefreshToken>
}
@@ -46,7 +119,7 @@ pub struct MsaUser {
#[derive(Debug, Serialize, Deserialize)]
#[serde(tag = "type")]
pub enum User {
- Dummy(UserProfile),
+ Dummy(PlayerProfile),
MSA(MsaUser)
}
diff --git a/src/auth/types/property_map.rs b/src/auth/types/property_map.rs
new file mode 100644
index 0000000..ff67416
--- /dev/null
+++ b/src/auth/types/property_map.rs
@@ -0,0 +1,50 @@
+use std::fmt::Formatter;
+use multimap::MultiMap;
+use serde::de::{SeqAccess, Visitor};
+use serde::{Deserializer, Serializer};
+use serde::ser::SerializeSeq;
+use crate::auth::Property;
+
+pub type PropertyMap = MultiMap<String, Property>;
+
+pub fn serialize<S>(value: &PropertyMap, serializer: S) -> Result<S::Ok, S::Error>
+where
+ S: Serializer
+{
+ let mut seq = serializer.serialize_seq(Some(value.keys().len()))?;
+
+ for (_, prop) in value.flat_iter() {
+ seq.serialize_element(prop)?;
+ }
+
+ seq.end()
+}
+
+pub fn deserialize<'de, D>(deserializer: D) -> Result<PropertyMap, D::Error>
+where
+ D: Deserializer<'de>
+{
+ struct PropertyMapVisitor;
+
+ impl<'de> Visitor<'de> for PropertyMapVisitor {
+ type Value = PropertyMap;
+
+ fn expecting(&self, formatter: &mut Formatter) -> std::fmt::Result {
+ formatter.write_str("a property map")
+ }
+
+ fn visit_seq<A>(self, mut seq: A) -> Result<Self::Value, A::Error>
+ where
+ A: SeqAccess<'de>,
+ {
+ let mut map = MultiMap::new() as PropertyMap;
+ while let Some(prop) = seq.next_element::<Property>()? {
+ map.insert(prop.name.clone(), prop);
+ }
+
+ Ok(map)
+ }
+ }
+
+ deserializer.deserialize_seq(PropertyMapVisitor)
+}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-12-06 04:13:31 +0000