diff options
Diffstat (limited to 'src/auth.rs')
| -rw-r--r-- | src/auth.rs | 336 |
1 files changed, 0 insertions, 336 deletions
diff --git a/src/auth.rs b/src/auth.rs deleted file mode 100644 index 057cceb..0000000 --- a/src/auth.rs +++ /dev/null @@ -1,336 +0,0 @@ -mod types; -mod msa; -mod mcservices; - -use std::error::Error; -use std::fmt::{Display, Formatter}; -use std::future::Future; -use std::time::{Duration, SystemTime}; -use chrono::{DateTime, TimeDelta, Utc}; -use log::debug; -use oauth2::{AccessToken, DeviceAuthorizationUrl, DeviceCodeErrorResponse, EndpointNotSet, EndpointSet, HttpClientError, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, TokenResponse, TokenUrl}; -use oauth2::basic::{BasicErrorResponse, BasicErrorResponseType, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse}; -use reqwest::{IntoUrl, Method, RequestBuilder}; -pub use types::*; -use crate::auth::msa::{XSTS_RP_MINECRAFT_SERVICES, XSTS_RP_XBOX_LIVE}; -use crate::util::USER_AGENT; - -#[derive(Debug)] -pub enum AuthError { - // An unexpected error happened while performing a request - Request { what: &'static str, error: reqwest::Error }, - OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> }, - OAuthRequestDeviceCode { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse> }, - - // Some internal auth error (unrecoverable) - Internal(String), - - // Device code auth was cancelled - Cancel(Option<Box<dyn Error>>), - - // Device code auth timed out - Timeout, - - // Requires interactive authentication - RequireInteractive(&'static str), - - // XSTS error - AuthXError { what: &'static str, x_error: u64, message: Option<String> }, - - // You don't own the game! - EntitlementError -} - -impl Display for AuthError { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - match self { - AuthError::Request { what, error } => write!(f, "auth request error ({}): {}", what, error), - AuthError::OAuthRequestToken { what, error } => write!(f, "oauth error requesting token ({what}): {error}"), - AuthError::OAuthRequestDeviceCode { what, error } => write!(f, "oauth error with device code ({what}): {error}"), - AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg), - AuthError::Cancel(Some(error)) => write!(f, "operation cancelled: {error}"), - AuthError::Cancel(None) => f.write_str("operation cancelled"), - AuthError::Timeout => f.write_str("interactive authentication timed out"), - AuthError::RequireInteractive(why) => write!(f, "user must log in interactively: {why}"), - AuthError::AuthXError { what, x_error, message } => write!(f, "XSTS error: {what} ({x_error} -> {})", message.as_ref().map_or("<no message>", |s| s.as_str())), - AuthError::EntitlementError => f.write_str("no minecraft entitlement (do you own the game?)") - } - } -} - -impl Error for AuthError { - fn source(&self) -> Option<&(dyn Error + 'static)> { - match self { - AuthError::Request { error, .. } => Some(error), - AuthError::OAuthRequestToken { error, .. } => Some(error), - AuthError::OAuthRequestDeviceCode { error, .. } => Some(error), - AuthError::Cancel(Some(error)) => Some(error.as_ref()), - _ => None - } - } -} - -impl Token { - fn is_expired(&self, now: DateTime<Utc>) -> bool { - self.expire.is_some_and(|exp| now >= exp) - } -} - -macro_rules! create_oauth_client { - ($is_azure_client_id:expr, $client_id:expr) => { - oauth2::Client::new($client_id) - .set_token_uri(TokenUrl::new(if $is_azure_client_id { AZURE_TOKEN_URL.into() } else { NON_AZURE_TOKEN_URL.into() }).expect("hardcoded url")) - .set_device_authorization_url(DeviceAuthorizationUrl::new(if $is_azure_client_id { AZURE_DEVICE_CODE_URL.into() } else { NON_AZURE_DEVICE_CODE_URL.into() }).expect("hardcoded url")) - as oauth2::Client<BasicErrorResponse, BasicTokenResponse, BasicTokenIntrospectionResponse, StandardRevocableToken, BasicRevocationErrorResponse, - EndpointNotSet, EndpointSet, EndpointNotSet, EndpointNotSet, EndpointSet> - } -} - -const AZURE_TOKEN_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token"; -const AZURE_DEVICE_CODE_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode"; -const NON_AZURE_TOKEN_URL: &str = "https://login.live.com/oauth20_token.srf"; -const NON_AZURE_DEVICE_CODE_URL: &str = "https://login.live.com/oauth20_connect.srf"; - -const AZURE_LOGIN_SCOPES: &[&str] = ["XboxLive.signin", "offline_access"].as_slice(); -const NON_AZURE_LOGIN_SCOPES: &[&str] = ["service::user.auth.xboxlive.com::MBI_SSL"].as_slice(); - -fn build_json_request(client: &reqwest::Client, url: impl IntoUrl, method: Method) -> RequestBuilder { - client.request(method, url) - .header(reqwest::header::USER_AGENT, USER_AGENT) - .header(reqwest::header::ACCEPT, "application/json") -} - -impl MsaUser { - pub fn create_client() -> reqwest::Client { - reqwest::ClientBuilder::new() - .redirect(reqwest::redirect::Policy::none()) - .build().expect("building client should succeed") - } - - fn scopes_iter(&self) -> impl Iterator<Item = Scope> { - let to_scope = |f: &&str| Scope::new(String::from(*f)); - - if self.is_azure_client_id { - AZURE_LOGIN_SCOPES.iter().map(to_scope) - } else { - NON_AZURE_LOGIN_SCOPES.iter().map(to_scope) - } - } - - // uses an access token from, for example, a device code grant logs into xbox live - async fn xbl_login(&mut self, client: &reqwest::Client, token: &AccessToken) -> Result<(), AuthError> { - debug!("Logging into xbox live using access token"); - self.xbl_token = Some(msa::xbox_live_login(client, token, self.is_azure_client_id).await?); - - Ok(()) - } - - // logs into xbox live using a refresh token - // (panics if no refresh token present) - async fn xbl_login_refresh(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { - debug!("Using refresh token for XBL login"); - let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone()); - let refresh_token = self.refresh_token.as_ref().expect("refresh_access_token called with no refresh token"); - - let tokenres: BasicTokenResponse = oauth_client - .exchange_refresh_token(refresh_token) - .add_scopes(self.scopes_iter()) - .add_extra_param("response_type", "device_code") - .request_async(client) - .await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?; - - self.refresh_token = tokenres.refresh_token().cloned(); - - self.xbl_login(client, tokenres.access_token()).await - } - - pub async fn xbl_login_device<D, DF>(&mut self, client: &reqwest::Client, handle_device: D) -> Result<(), AuthError> - where - D: FnOnce(StandardDeviceAuthorizationResponse) -> DF, - DF: Future<Output = ()> - { - debug!("Using device authorization for XBL login"); - let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone()); - let device_auth: StandardDeviceAuthorizationResponse = oauth_client.exchange_device_code() - .add_scopes(self.scopes_iter()) - .add_extra_param("response_type", "device_code") - .request_async(client) - .await.map_err(|e| AuthError::OAuthRequestToken { what: "device code", error: e })?; - - handle_device(device_auth.clone()).await; - - let tokenres = oauth_client.exchange_device_access_token(&device_auth) - .set_max_backoff_interval(Duration::from_secs(20u64)) - .request_async(client, tokio::time::sleep, None) - .await.map_err(|e| AuthError::OAuthRequestDeviceCode { what: "device access code", error: e })?; - - self.refresh_token = tokenres.refresh_token().cloned(); - - self.xbl_login(client, tokenres.access_token()).await - } - - // ensure we have an xbox live token for this person - // tasks for this function: - // - check if the XBL token is valid/not expired - // - if it is expired, try to use refresh token to get a new one - // - get rid of auth token if yeah - async fn ensure_xbl(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> { - if self.xbl_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) { - debug!("XBL token valid. Using it."); - return Ok(()) - } - - if self.refresh_token.is_none() { - return Err(AuthError::RequireInteractive("no refresh token")); - } - - debug!("XBL token expired. Trying to refresh it."); - self.xbl_login_refresh(client).await - .map_err(|e| match &e { - AuthError::OAuthRequestToken { error: RequestTokenError::ServerResponse(res), .. } => match res.error() { - BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => { - AuthError::RequireInteractive("msa requested interactive logon") - }, - _ => e - }, - _ => e - })?; - - self.mc_token = None; - - Ok(()) - } - - // function's tasks: - // - if the minecraft services token invalid/expired/missing, do the following - // - get minecraftservices xsts token - // - use minecraftservices to get mojang token with that xsts token - async fn ensure_mc_token(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> { - if self.mc_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) { - debug!("Mojang token valid. Using it."); - return Ok(()) - } - - debug!("Mojang token has expired. Must log in again."); - let xbl_token = self.xbl_token.as_ref().expect("ensure_mc_token requires xbl token").value.as_str(); - let (user_hash, mc_xsts_tok) = match msa::xsts_request(client, xbl_token, XSTS_RP_MINECRAFT_SERVICES).await? { - msa::XSTSAuthResponse::Success(res) => { - let user_hash = res.get_user_hash() - .map_or(Err(AuthError::Internal("malformed response: no user hash".into())), |h| Ok(h.to_owned()))?; - (user_hash, res.into_token()) - }, - msa::XSTSAuthResponse::Error(e) => return Err(e.into()) - }; - - debug!("Got MinecraftServices XSTS, logging in."); - self.mc_token = Some(mcservices::login_with_xbox(client, mc_xsts_tok.as_str(), user_hash.as_str()).await?); - - Ok(()) - } - - async fn load_xbox_info(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { - debug!("Loading Xbox info..."); - let xbl_token = self.xbl_token.as_ref().expect("xbl token missing").value.as_str(); - - let res = match msa::xsts_request(client, xbl_token, XSTS_RP_XBOX_LIVE).await? { - msa::XSTSAuthResponse::Success(res) => res, - msa::XSTSAuthResponse::Error(e) => return Err(e.into()) - }; - - let Some(xuid) = res.get_xuid() else { - return Err(AuthError::Internal("missing xuid for user".into())); - }; - - self.xuid = Some(xuid.to_owned()); - self.gamertag = res.get_gamertag().map(|s| s.to_owned()); - - debug!("Xbox info loaded: (xuid {xuid}, gamertag {})", res.get_gamertag().unwrap_or("<none>")); - - Ok(()) - } - - async fn load_profile(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { - self.load_xbox_info(client).await?; - - let mc_token = self.mc_token.as_ref().expect("minecraft token missing").value.as_str(); - - debug!("Checking if you own the game..."); - if !mcservices::owns_the_game(client, mc_token).await? { - return Err(AuthError::EntitlementError); - } - - debug!("Getting your profile info..."); - let player_info = mcservices::get_player_info(client, mc_token).await?; - let player_profile = mcservices::get_player_profile(client, player_info.id).await - .map_err(|e| AuthError::Request { what: "looking up profile", error: e })?; - - self.player_info = Some(player_info); - self.player_profile = Some(player_profile); - - Ok(()) - } - - pub async fn log_in_silent(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { - let now: DateTime<Utc> = DateTime::from(SystemTime::now()) + TimeDelta::hours(12); - - self.ensure_xbl(client, now).await?; - self.ensure_mc_token(client, now).await?; - self.load_profile(client).await?; - - Ok(()) - } -} - -#[cfg(test)] -mod test { - use oauth2::ClientId; - use super::*; - - #[tokio::test] - async fn abc() { - simple_logger::SimpleLogger::new().with_colors(true).with_level(log::LevelFilter::Trace).init().unwrap(); - - let mut user = match tokio::fs::read_to_string("test_stuff/test.json").await { - Ok(s) => serde_json::from_str::<MsaUser>(&s).unwrap(), - Err(e) if e.kind() == tokio::io::ErrorKind::NotFound => { - MsaUser { - player_profile: None, - xuid: None, - gamertag: None, - player_info: None, - //client_id: ClientId::new("00000000402b5328".into()), - client_id: ClientId::new("60b6cc54-fc07-4bab-bca9-cbe9aa713c80".into()), - is_azure_client_id: true, - mc_token: None, - xbl_token: None, - refresh_token: None - } - }, - Err(e) => panic!("i/o error: {}", e) - }; - - let client = MsaUser::create_client(); - - loop { - match user.log_in_silent(&client).await { - Ok(_) => break, - Err(AuthError::RequireInteractive(s)) => { - debug!("Requires interactive auth: {s}") - }, - Err(e) => { - panic!("{}", e); - } - } - - user.xbl_login_device(&client, |d| async move { - let d = dbg!(d); - debug!("User code: {}", d.user_code().secret()); - }).await.unwrap() - } - - debug!("User: {user:?}"); - - let user_str = serde_json::to_string_pretty(&user).unwrap(); - tokio::fs::write("test_stuff/test.json", user_str.as_str()).await.unwrap(); - } -} |