diff options
Diffstat (limited to 'src/auth.rs')
| -rw-r--r-- | src/auth.rs | 671 |
1 files changed, 335 insertions, 336 deletions
diff --git a/src/auth.rs b/src/auth.rs index 1eb65ed..7336e64 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,336 +1,335 @@ -mod types;
-mod msa;
-mod mcservices;
-
-use std::error::Error;
-use std::fmt::{Display, Formatter};
-use std::future::Future;
-use std::time::{Duration, SystemTime};
-use chrono::{DateTime, TimeDelta, Utc};
-use log::debug;
-use oauth2::{AccessToken, DeviceAuthorizationUrl, DeviceCodeErrorResponse, EmptyExtraDeviceAuthorizationFields, EndpointNotSet, EndpointSet, HttpClientError, RefreshToken, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, StandardTokenResponse, TokenResponse, TokenUrl};
-use oauth2::basic::{BasicErrorResponse, BasicErrorResponseType, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse};
-use reqwest::{IntoUrl, Method, RequestBuilder};
-pub use types::*;
-use crate::auth::msa::{XSTS_RP_MINECRAFT_SERVICES, XSTS_RP_XBOX_LIVE};
-use crate::util::USER_AGENT;
-
-#[derive(Debug)]
-pub enum AuthError {
- // An unexpected error happened while performing a request
- Request { what: &'static str, error: reqwest::Error },
- OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> },
- OAuthRequestDeviceCode { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse> },
-
- // Some internal auth error (unrecoverable)
- Internal(String),
-
- // Device code auth was cancelled
- Cancel(Option<Box<dyn Error>>),
-
- // Device code auth timed out
- Timeout,
-
- // Requires interactive authentication
- RequireInteractive(&'static str),
-
- // XSTS error
- AuthXError { what: &'static str, x_error: u64, message: Option<String> },
-
- // You don't own the game!
- EntitlementError
-}
-
-impl Display for AuthError {
- fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
- match self {
- AuthError::Request { what, error } => write!(f, "auth request error ({}): {}", what, error),
- AuthError::OAuthRequestToken { what, error } => write!(f, "oauth error requesting token ({what}): {error}"),
- AuthError::OAuthRequestDeviceCode { what, error } => write!(f, "oauth error with device code ({what}): {error}"),
- AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg),
- AuthError::Cancel(Some(error)) => write!(f, "operation cancelled: {error}"),
- AuthError::Cancel(None) => f.write_str("operation cancelled"),
- AuthError::Timeout => f.write_str("interactive authentication timed out"),
- AuthError::RequireInteractive(why) => write!(f, "user must log in interactively: {why}"),
- AuthError::AuthXError { what, x_error, message } => write!(f, "XSTS error: {what} ({x_error} -> {})", message.as_ref().map_or("<no message>", |s| s.as_str())),
- AuthError::EntitlementError => f.write_str("no minecraft entitlement (do you own the game?)")
- }
- }
-}
-
-impl Error for AuthError {
- fn source(&self) -> Option<&(dyn Error + 'static)> {
- match self {
- AuthError::Request { error, .. } => Some(error),
- AuthError::OAuthRequestToken { error, .. } => Some(error),
- AuthError::OAuthRequestDeviceCode { error, .. } => Some(error),
- AuthError::Cancel(Some(error)) => Some(error.as_ref()),
- _ => None
- }
- }
-}
-
-impl Token {
- fn is_expired(&self, now: DateTime<Utc>) -> bool {
- self.expire.is_some_and(|exp| now >= exp)
- }
-}
-
-macro_rules! create_oauth_client {
- ($is_azure_client_id:expr, $client_id:expr) => {
- oauth2::Client::new($client_id)
- .set_token_uri(TokenUrl::new(if $is_azure_client_id { AZURE_TOKEN_URL.into() } else { NON_AZURE_TOKEN_URL.into() }).expect("hardcoded url"))
- .set_device_authorization_url(DeviceAuthorizationUrl::new(if $is_azure_client_id { AZURE_DEVICE_CODE_URL.into() } else { NON_AZURE_DEVICE_CODE_URL.into() }).expect("hardcoded url"))
- as oauth2::Client<BasicErrorResponse, BasicTokenResponse, BasicTokenIntrospectionResponse, StandardRevocableToken, BasicRevocationErrorResponse,
- EndpointNotSet, EndpointSet, EndpointNotSet, EndpointNotSet, EndpointSet>
- }
-}
-
-const AZURE_TOKEN_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
-const AZURE_DEVICE_CODE_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
-const NON_AZURE_TOKEN_URL: &str = "https://login.live.com/oauth20_token.srf";
-const NON_AZURE_DEVICE_CODE_URL: &str = "https://login.live.com/oauth20_connect.srf";
-
-const AZURE_LOGIN_SCOPES: &[&str] = ["XboxLive.signin", "offline_access"].as_slice();
-const NON_AZURE_LOGIN_SCOPES: &[&str] = ["service::user.auth.xboxlive.com::MBI_SSL"].as_slice();
-
-fn build_json_request(client: &reqwest::Client, url: impl IntoUrl, method: Method) -> RequestBuilder {
- client.request(method, url)
- .header(reqwest::header::USER_AGENT, USER_AGENT)
- .header(reqwest::header::ACCEPT, "application/json")
-}
-
-impl MsaUser {
- pub fn create_client() -> reqwest::Client {
- reqwest::ClientBuilder::new()
- .redirect(reqwest::redirect::Policy::none())
- .build().expect("building client should succeed")
- }
-
- fn scopes_iter(&self) -> impl Iterator<Item = Scope> {
- let to_scope = |f: &&str| Scope::new(String::from(*f));
-
- if self.is_azure_client_id {
- AZURE_LOGIN_SCOPES.iter().map(to_scope)
- } else {
- NON_AZURE_LOGIN_SCOPES.iter().map(to_scope)
- }
- }
-
- // uses an access token from, for example, a device code grant logs into xbox live
- async fn xbl_login(&mut self, client: &reqwest::Client, token: &AccessToken) -> Result<(), AuthError> {
- debug!("Logging into xbox live using access token");
- self.xbl_token = Some(msa::xbox_live_login(client, token, self.is_azure_client_id).await?);
-
- Ok(())
- }
-
- // logs into xbox live using a refresh token
- // (panics if no refresh token present)
- async fn xbl_login_refresh(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
- debug!("Using refresh token for XBL login");
- let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
- let refresh_token = self.refresh_token.as_ref().expect("refresh_access_token called with no refresh token");
-
- let tokenres: BasicTokenResponse = oauth_client
- .exchange_refresh_token(refresh_token)
- .add_scopes(self.scopes_iter())
- .add_extra_param("response_type", "device_code")
- .request_async(client)
- .await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?;
-
- self.refresh_token = tokenres.refresh_token().cloned();
-
- self.xbl_login(client, tokenres.access_token()).await
- }
-
- async fn xbl_login_device<D, DF>(&mut self, client: &reqwest::Client, handle_device: D) -> Result<(), AuthError>
- where
- D: FnOnce(StandardDeviceAuthorizationResponse) -> DF,
- DF: Future<Output = ()>
- {
- debug!("Using device authorization for XBL login");
- let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone());
- let device_auth: StandardDeviceAuthorizationResponse = oauth_client.exchange_device_code()
- .add_scopes(self.scopes_iter())
- .add_extra_param("response_type", "device_code")
- .request_async(client)
- .await.map_err(|e| AuthError::OAuthRequestToken { what: "device code", error: e })?;
-
- handle_device(device_auth.clone()).await;
-
- let tokenres = oauth_client.exchange_device_access_token(&device_auth)
- .set_max_backoff_interval(Duration::from_secs(20u64))
- .request_async(client, tokio::time::sleep, None)
- .await.map_err(|e| AuthError::OAuthRequestDeviceCode { what: "device access code", error: e })?;
-
- self.refresh_token = tokenres.refresh_token().cloned();
-
- self.xbl_login(client, tokenres.access_token()).await
- }
-
- // ensure we have an xbox live token for this person
- // tasks for this function:
- // - check if the XBL token is valid/not expired
- // - if it is expired, try to use refresh token to get a new one
- // - get rid of auth token if yeah
- async fn ensure_xbl(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
- if self.xbl_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
- debug!("XBL token valid. Using it.");
- return Ok(())
- }
-
- if self.refresh_token.is_none() {
- return Err(AuthError::RequireInteractive("no refresh token"));
- }
-
- debug!("XBL token expired. Trying to refresh it.");
- self.xbl_login_refresh(client).await
- .map_err(|e| match &e {
- AuthError::OAuthRequestToken { error, .. } => match error {
- RequestTokenError::ServerResponse(res) => match res.error() {
- BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => {
- AuthError::RequireInteractive("msa requested interactive logon")
- },
- _ => e
- },
- _ => e
- },
- _ => e
- })?;
-
- self.mc_token = None;
-
- Ok(())
- }
-
- // function's tasks:
- // - if the minecraft services token invalid/expired/missing, do the following
- // - get minecraftservices xsts token
- // - use minecraftservices to get mojang token with that xsts token
- async fn ensure_mc_token(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> {
- if self.mc_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) {
- debug!("Mojang token valid. Using it.");
- return Ok(())
- }
-
- debug!("Mojang token has expired. Must log in again.");
- let xbl_token = self.xbl_token.as_ref().expect("ensure_mc_token requires xbl token").value.as_str();
- let (user_hash, mc_xsts_tok) = match msa::xsts_request(client, xbl_token, XSTS_RP_MINECRAFT_SERVICES).await? {
- msa::XSTSAuthResponse::Success(res) => {
- let user_hash = res.get_user_hash()
- .map_or(Err(AuthError::Internal("malformed response: no user hash".into())), |h| Ok(h.to_owned()))?;
- (user_hash, res.into_token())
- },
- msa::XSTSAuthResponse::Error(e) => return Err(e.into())
- };
-
- debug!("Got MinecraftServices XSTS, logging in.");
- self.mc_token = Some(mcservices::login_with_xbox(client, mc_xsts_tok.as_str(), user_hash.as_str()).await?);
-
- Ok(())
- }
-
- async fn load_xbox_info(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
- debug!("Loading Xbox info...");
- let xbl_token = self.xbl_token.as_ref().expect("xbl token missing").value.as_str();
-
- let res = match msa::xsts_request(client, xbl_token, XSTS_RP_XBOX_LIVE).await? {
- msa::XSTSAuthResponse::Success(res) => res,
- msa::XSTSAuthResponse::Error(e) => return Err(e.into())
- };
-
- let Some(xuid) = res.get_xuid() else {
- return Err(AuthError::Internal("missing xuid for user".into()));
- };
-
- self.xuid = Some(xuid);
- self.gamertag = res.get_gamertag().map(|s| s.to_owned());
-
- debug!("Xbox info loaded: (xuid {xuid}, gamertag {})", res.get_gamertag().unwrap_or("<none>"));
-
- Ok(())
- }
-
- async fn load_profile(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
- self.load_xbox_info(client).await?;
-
- let mc_token = self.mc_token.as_ref().expect("minecraft token missing").value.as_str();
-
- if !mcservices::owns_the_game(client, mc_token).await? {
- return Err(AuthError::EntitlementError);
- }
-
- let player_info = mcservices::get_player_info(client, mc_token).await?;
- let player_profile = mcservices::get_player_profile(client, player_info.id).await
- .map_err(|e| AuthError::Request { what: "looking up profile", error: e })?;
-
- self.player_info = Some(player_info);
- self.player_profile = Some(player_profile);
-
- Ok(())
- }
-
- async fn log_in_silent(&mut self, client: &reqwest::Client) -> Result<(), AuthError> {
- let now: DateTime<Utc> = DateTime::from(SystemTime::now()) + TimeDelta::hours(12);
-
- self.ensure_xbl(client, now).await?;
- self.ensure_mc_token(client, now).await?;
- self.load_profile(client).await?;
-
- Ok(())
- }
-}
-
-#[cfg(test)]
-mod test {
- use super::*;
-
- #[tokio::test]
- async fn abc() {
- simple_logger::SimpleLogger::new().with_colors(true).with_level(log::LevelFilter::Trace).init().unwrap();
-
- let mut user = match tokio::fs::read_to_string("test_stuff/test.json").await {
- Ok(s) => serde_json::from_str::<MsaUser>(&s).unwrap(),
- Err(e) if e.kind() == tokio::io::ErrorKind::NotFound => {
- MsaUser {
- player_profile: None,
- xuid: None,
- gamertag: None,
- player_info: None,
- client_id: ClientId::new("00000000402b5328".into()),
- is_azure_client_id: false,
- mc_token: None,
- xbl_token: None,
- refresh_token: None
- }
- },
- Err(e) => panic!("i/o error: {}", e)
- };
-
- let client = MsaUser::create_client();
-
- loop {
- match user.log_in_silent(&client).await {
- Ok(_) => break,
- Err(AuthError::RequireInteractive(s)) => {
- debug!("Requires interactive auth: {s}")
- },
- Err(e) => {
- panic!("{}", e);
- }
- }
-
- user.xbl_login_device(&client, |d| async move {
- let d = dbg!(d);
- debug!("User code: {}", d.user_code().secret());
- ()
- }).await.unwrap()
- }
-
- debug!("User: {user:?}");
-
- let user_str = serde_json::to_string_pretty(&user).unwrap();
- tokio::fs::write("test_stuff/test.json", user_str.as_str()).await.unwrap();
- }
-}
+mod types; +mod msa; +mod mcservices; + +use std::error::Error; +use std::fmt::{Display, Formatter}; +use std::future::Future; +use std::time::{Duration, SystemTime}; +use chrono::{DateTime, TimeDelta, Utc}; +use log::debug; +use oauth2::{AccessToken, DeviceAuthorizationUrl, DeviceCodeErrorResponse, EndpointNotSet, EndpointSet, HttpClientError, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, TokenResponse, TokenUrl}; +use oauth2::basic::{BasicErrorResponse, BasicErrorResponseType, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse}; +use reqwest::{IntoUrl, Method, RequestBuilder}; +pub use types::*; +use crate::auth::msa::{XSTS_RP_MINECRAFT_SERVICES, XSTS_RP_XBOX_LIVE}; +use crate::util::USER_AGENT; + +#[derive(Debug)] +pub enum AuthError { + // An unexpected error happened while performing a request + Request { what: &'static str, error: reqwest::Error }, + OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> }, + OAuthRequestDeviceCode { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse> }, + + // Some internal auth error (unrecoverable) + Internal(String), + + // Device code auth was cancelled + Cancel(Option<Box<dyn Error>>), + + // Device code auth timed out + Timeout, + + // Requires interactive authentication + RequireInteractive(&'static str), + + // XSTS error + AuthXError { what: &'static str, x_error: u64, message: Option<String> }, + + // You don't own the game! + EntitlementError +} + +impl Display for AuthError { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + match self { + AuthError::Request { what, error } => write!(f, "auth request error ({}): {}", what, error), + AuthError::OAuthRequestToken { what, error } => write!(f, "oauth error requesting token ({what}): {error}"), + AuthError::OAuthRequestDeviceCode { what, error } => write!(f, "oauth error with device code ({what}): {error}"), + AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg), + AuthError::Cancel(Some(error)) => write!(f, "operation cancelled: {error}"), + AuthError::Cancel(None) => f.write_str("operation cancelled"), + AuthError::Timeout => f.write_str("interactive authentication timed out"), + AuthError::RequireInteractive(why) => write!(f, "user must log in interactively: {why}"), + AuthError::AuthXError { what, x_error, message } => write!(f, "XSTS error: {what} ({x_error} -> {})", message.as_ref().map_or("<no message>", |s| s.as_str())), + AuthError::EntitlementError => f.write_str("no minecraft entitlement (do you own the game?)") + } + } +} + +impl Error for AuthError { + fn source(&self) -> Option<&(dyn Error + 'static)> { + match self { + AuthError::Request { error, .. } => Some(error), + AuthError::OAuthRequestToken { error, .. } => Some(error), + AuthError::OAuthRequestDeviceCode { error, .. } => Some(error), + AuthError::Cancel(Some(error)) => Some(error.as_ref()), + _ => None + } + } +} + +impl Token { + fn is_expired(&self, now: DateTime<Utc>) -> bool { + self.expire.is_some_and(|exp| now >= exp) + } +} + +macro_rules! create_oauth_client { + ($is_azure_client_id:expr, $client_id:expr) => { + oauth2::Client::new($client_id) + .set_token_uri(TokenUrl::new(if $is_azure_client_id { AZURE_TOKEN_URL.into() } else { NON_AZURE_TOKEN_URL.into() }).expect("hardcoded url")) + .set_device_authorization_url(DeviceAuthorizationUrl::new(if $is_azure_client_id { AZURE_DEVICE_CODE_URL.into() } else { NON_AZURE_DEVICE_CODE_URL.into() }).expect("hardcoded url")) + as oauth2::Client<BasicErrorResponse, BasicTokenResponse, BasicTokenIntrospectionResponse, StandardRevocableToken, BasicRevocationErrorResponse, + EndpointNotSet, EndpointSet, EndpointNotSet, EndpointNotSet, EndpointSet> + } +} + +const AZURE_TOKEN_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token"; +const AZURE_DEVICE_CODE_URL: &str = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token"; +const NON_AZURE_TOKEN_URL: &str = "https://login.live.com/oauth20_token.srf"; +const NON_AZURE_DEVICE_CODE_URL: &str = "https://login.live.com/oauth20_connect.srf"; + +const AZURE_LOGIN_SCOPES: &[&str] = ["XboxLive.signin", "offline_access"].as_slice(); +const NON_AZURE_LOGIN_SCOPES: &[&str] = ["service::user.auth.xboxlive.com::MBI_SSL"].as_slice(); + +fn build_json_request(client: &reqwest::Client, url: impl IntoUrl, method: Method) -> RequestBuilder { + client.request(method, url) + .header(reqwest::header::USER_AGENT, USER_AGENT) + .header(reqwest::header::ACCEPT, "application/json") +} + +impl MsaUser { + pub fn create_client() -> reqwest::Client { + reqwest::ClientBuilder::new() + .redirect(reqwest::redirect::Policy::none()) + .build().expect("building client should succeed") + } + + fn scopes_iter(&self) -> impl Iterator<Item = Scope> { + let to_scope = |f: &&str| Scope::new(String::from(*f)); + + if self.is_azure_client_id { + AZURE_LOGIN_SCOPES.iter().map(to_scope) + } else { + NON_AZURE_LOGIN_SCOPES.iter().map(to_scope) + } + } + + // uses an access token from, for example, a device code grant logs into xbox live + async fn xbl_login(&mut self, client: &reqwest::Client, token: &AccessToken) -> Result<(), AuthError> { + debug!("Logging into xbox live using access token"); + self.xbl_token = Some(msa::xbox_live_login(client, token, self.is_azure_client_id).await?); + + Ok(()) + } + + // logs into xbox live using a refresh token + // (panics if no refresh token present) + async fn xbl_login_refresh(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { + debug!("Using refresh token for XBL login"); + let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone()); + let refresh_token = self.refresh_token.as_ref().expect("refresh_access_token called with no refresh token"); + + let tokenres: BasicTokenResponse = oauth_client + .exchange_refresh_token(refresh_token) + .add_scopes(self.scopes_iter()) + .add_extra_param("response_type", "device_code") + .request_async(client) + .await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?; + + self.refresh_token = tokenres.refresh_token().cloned(); + + self.xbl_login(client, tokenres.access_token()).await + } + + pub async fn xbl_login_device<D, DF>(&mut self, client: &reqwest::Client, handle_device: D) -> Result<(), AuthError> + where + D: FnOnce(StandardDeviceAuthorizationResponse) -> DF, + DF: Future<Output = ()> + { + debug!("Using device authorization for XBL login"); + let oauth_client = create_oauth_client!(self.is_azure_client_id, self.client_id.clone()); + let device_auth: StandardDeviceAuthorizationResponse = oauth_client.exchange_device_code() + .add_scopes(self.scopes_iter()) + .add_extra_param("response_type", "device_code") + .request_async(client) + .await.map_err(|e| AuthError::OAuthRequestToken { what: "device code", error: e })?; + + handle_device(device_auth.clone()).await; + + let tokenres = oauth_client.exchange_device_access_token(&device_auth) + .set_max_backoff_interval(Duration::from_secs(20u64)) + .request_async(client, tokio::time::sleep, None) + .await.map_err(|e| AuthError::OAuthRequestDeviceCode { what: "device access code", error: e })?; + + self.refresh_token = tokenres.refresh_token().cloned(); + + self.xbl_login(client, tokenres.access_token()).await + } + + // ensure we have an xbox live token for this person + // tasks for this function: + // - check if the XBL token is valid/not expired + // - if it is expired, try to use refresh token to get a new one + // - get rid of auth token if yeah + async fn ensure_xbl(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> { + if self.xbl_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) { + debug!("XBL token valid. Using it."); + return Ok(()) + } + + if self.refresh_token.is_none() { + return Err(AuthError::RequireInteractive("no refresh token")); + } + + debug!("XBL token expired. Trying to refresh it."); + self.xbl_login_refresh(client).await + .map_err(|e| match &e { + AuthError::OAuthRequestToken { error: RequestTokenError::ServerResponse(res), .. } => match res.error() { + BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => { + AuthError::RequireInteractive("msa requested interactive logon") + }, + _ => e + }, + _ => e + })?; + + self.mc_token = None; + + Ok(()) + } + + // function's tasks: + // - if the minecraft services token invalid/expired/missing, do the following + // - get minecraftservices xsts token + // - use minecraftservices to get mojang token with that xsts token + async fn ensure_mc_token(&mut self, client: &reqwest::Client, now: DateTime<Utc>) -> Result<(), AuthError> { + if self.mc_token.as_ref().is_some_and(|tok| !tok.is_expired(now)) { + debug!("Mojang token valid. Using it."); + return Ok(()) + } + + debug!("Mojang token has expired. Must log in again."); + let xbl_token = self.xbl_token.as_ref().expect("ensure_mc_token requires xbl token").value.as_str(); + let (user_hash, mc_xsts_tok) = match msa::xsts_request(client, xbl_token, XSTS_RP_MINECRAFT_SERVICES).await? { + msa::XSTSAuthResponse::Success(res) => { + let user_hash = res.get_user_hash() + .map_or(Err(AuthError::Internal("malformed response: no user hash".into())), |h| Ok(h.to_owned()))?; + (user_hash, res.into_token()) + }, + msa::XSTSAuthResponse::Error(e) => return Err(e.into()) + }; + + debug!("Got MinecraftServices XSTS, logging in."); + self.mc_token = Some(mcservices::login_with_xbox(client, mc_xsts_tok.as_str(), user_hash.as_str()).await?); + + Ok(()) + } + + async fn load_xbox_info(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { + debug!("Loading Xbox info..."); + let xbl_token = self.xbl_token.as_ref().expect("xbl token missing").value.as_str(); + + let res = match msa::xsts_request(client, xbl_token, XSTS_RP_XBOX_LIVE).await? { + msa::XSTSAuthResponse::Success(res) => res, + msa::XSTSAuthResponse::Error(e) => return Err(e.into()) + }; + + let Some(xuid) = res.get_xuid() else { + return Err(AuthError::Internal("missing xuid for user".into())); + }; + + self.xuid = Some(xuid); + self.gamertag = res.get_gamertag().map(|s| s.to_owned()); + + debug!("Xbox info loaded: (xuid {xuid}, gamertag {})", res.get_gamertag().unwrap_or("<none>")); + + Ok(()) + } + + async fn load_profile(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { + self.load_xbox_info(client).await?; + + let mc_token = self.mc_token.as_ref().expect("minecraft token missing").value.as_str(); + + debug!("Checking if you own the game..."); + if !mcservices::owns_the_game(client, mc_token).await? { + return Err(AuthError::EntitlementError); + } + + debug!("Getting your profile info..."); + let player_info = mcservices::get_player_info(client, mc_token).await?; + let player_profile = mcservices::get_player_profile(client, player_info.id).await + .map_err(|e| AuthError::Request { what: "looking up profile", error: e })?; + + self.player_info = Some(player_info); + self.player_profile = Some(player_profile); + + Ok(()) + } + + pub async fn log_in_silent(&mut self, client: &reqwest::Client) -> Result<(), AuthError> { + let now: DateTime<Utc> = DateTime::from(SystemTime::now()) + TimeDelta::hours(12); + + self.ensure_xbl(client, now).await?; + self.ensure_mc_token(client, now).await?; + self.load_profile(client).await?; + + Ok(()) + } +} + +#[cfg(test)] +mod test { + use oauth2::ClientId; + use super::*; + + #[tokio::test] + async fn abc() { + simple_logger::SimpleLogger::new().with_colors(true).with_level(log::LevelFilter::Trace).init().unwrap(); + + let mut user = match tokio::fs::read_to_string("test_stuff/test.json").await { + Ok(s) => serde_json::from_str::<MsaUser>(&s).unwrap(), + Err(e) if e.kind() == tokio::io::ErrorKind::NotFound => { + MsaUser { + player_profile: None, + xuid: None, + gamertag: None, + player_info: None, + client_id: ClientId::new("00000000402b5328".into()), + is_azure_client_id: false, + mc_token: None, + xbl_token: None, + refresh_token: None + } + }, + Err(e) => panic!("i/o error: {}", e) + }; + + let client = MsaUser::create_client(); + + loop { + match user.log_in_silent(&client).await { + Ok(_) => break, + Err(AuthError::RequireInteractive(s)) => { + debug!("Requires interactive auth: {s}") + }, + Err(e) => { + panic!("{}", e); + } + } + + user.xbl_login_device(&client, |d| async move { + let d = dbg!(d); + debug!("User code: {}", d.user_code().secret()); + }).await.unwrap() + } + + debug!("User: {user:?}"); + + let user_str = serde_json::to_string_pretty(&user).unwrap(); + tokio::fs::write("test_stuff/test.json", user_str.as_str()).await.unwrap(); + } +} |