Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Figura Server side (or FSB) #239

Draft
wants to merge 7 commits into
base: 1.20
Choose a base branch
from
Draft

Figura Server side (or FSB) #239

wants to merge 7 commits into from

Conversation

lexize
Copy link
Contributor

@lexize lexize commented Jul 16, 2024

Main goal of this PR is make Figura even more extendable, make it so main backend is not dying from a flood of a new Figura users, and also make it easier for server to communicate with avatars.

What exactly this PR is going to add:

  1. Server side of Figura. Useful for server owners, and safe enough for players. All the avatars' hashes will be checked both on server and then on client side, in order to be sure that server is sending exactly the avatar that has been requested. Host's avatars will be checked with ehashes (will explain what it is later), in order to check that host won't get unknown avatars equipped.
  2. EHashes and secret key. E-Hash stands for "encrypted hash" (yes i know im very original and i mean this is a concept that will be used only inside project and players won't even need to care about it). It is used in order to check avatar ownership on host side. EHash is a hash-sum of avatar's hash, and hash of a secret key set in Figura's settings. In addition to basic hash checking client will check if incoming avatar ehash sent by a server equals to expected ehash. If it does, avatar will be allowed to be equipped, otherwise avatar won't be equipped and client will be notified about possible attempt of avatar replacement. P.S. In order to make uploaded avatar be allowed on multiple clients (for example, multiple instances or devices) client will have to set the same secret key in Figura's settings.
  3. Server events. Like Bukkit events, used to extend server side of Figura yet still keep it safe enough. It can be used to provide a different source of avatars (for example, DB), allow or disallow client connection, and sending/receiving figura packets to/from client.
  4. Figura packets A way for a Figura server and client sides to communicate. This can be used if your server implements something that could be listened and used within your Figura avatar, for example a global server event, or something like that. (This is advanced feature that uses FiguraBuffer as input or output).

Changes so far:

  • Modified root gradle project and gradle.properties in order to apply mappings and include minecraft only in projects that are modded.
  • Started writing server side of Figura, added bunch of packet classes.
  • Added interface for platform independent FriendlyByteBuf, so all the needed functions can be also used in Bukkit plugin
  • Added platform independent Identifier record, which is basically ResourceLocation, but both for Bukkit and Fabric/Forge.
  • Started writing AvatarManager for server side.
  • Added a little Events system to make figura server side extendable but also secure enough. There are several types of events: Regular ones, cancellable, and returnable. Returnable events can be used
    for custom avatar/metadata/usedata loading implementation, for example from DB (by default everything including avatars, avatar metadata, and userdata, will be stored in a folder)

For now I'm gonna take a break from working on this project, so i am just making it a pull request to make it possible for maintainers to also make changes if they wish.

@lexize
The nyaboom
727b20d 
* Modified root gradle project and `gradle.properties` in order to apply mappings and include minecraft only in projects that are modded.
* Started writing server side of Figura, added bunch of packet classes.
* Added interface for platform independent FriendlyByteBuf, so all the needed functions can be also used in Bukkit plugin
* Added platform independent Identifier record, which is basically ResourceLocation, but both for Bukkit and Fabric/Forge.
* Started writing AvatarManager for server side, gonna rewrite a lot tho.
* Added a little Events system to make figura server side extendable but also secure enough. There are several types of events: Regular ones, cancellable, and returnable. Returnable events can be used
for custom avatar/metadata/usedata loading implementation, for example from DB (by default everything including avatars, avatar metadata, and userdata, will be stored in a folder)

From now i am going to take a big break from working on this, don't want to tell why but if short then i've got through something not good and just need some time.
I will get back to working on this project as soon as i can.
@lexize
FiguraServerAvatarManager Rewrite :meowoozy:
31d0799 
Rewritten most of avatar manager to make it look better and use less memory.
Added `copyBytes` method to Utils, using this to copy hash arrays in order to prevent them from being changed externally from events and such (i forgor how java works so i've almost let that happen 💀)
@lexize
Max outcoming chunk size
9ad3e28
@PoolloverNathan
Copy link
Contributor

Would it be possible to use Minecraft's existing chat signing key to sign avatars? This could be used to avoid needing to share the key manually, while also preventing other players (or the server, if it has the key) replacing avatars.

@lexize
Copy link
Contributor Author

lexize commented Jul 17, 2024

Key won't be shared at all. It will be only used to check ownership of host avatars, and will be accessible only from host client. Sharing it means allowing a server to just replace your avatar without your permission. Also I suggest to just go to thread on discord cuz we are basically discussing everything FSB related in there.

About using this chat signature thing - I don't even know how it works internally.

@Leialoha Leialoha mentioned this pull request Jul 25, 2024
Merged
@lexize
Little project restructure + tiny additions
e0e795a 
I have been really burned out lately so i couldnt really add a lot, sorry :catplush:
@lexize
Little updates
f2e8f29 
Have been in code mood so decided to use this to work on FSB a bit.
@lexize
Small changes to FiguraUserManager
22f5a48 
Made it at first return offline user, and only auth them when needed in handshake handler
@lexize
More changes
3258007 
I am really sorry but i dont remember what exactly i changed here, i am very tired.
@TheBunnyMan123
Copy link
Contributor

Would it be possible to use Minecraft's existing chat signing key to sign avatars? This could be used to avoid needing to share the key manually, while also preventing other players (or the server, if it has the key) replacing avatars.

what if someone (like me) doesn't sign chat messages using something like no chat reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lexize @PoolloverNathan @TheBunnyMan123