New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement account system #68
Comments
just validate the encrypted password like almost any other account system does |
We need the private key to decrypt the password and then check it against the password in the db |
on first login, the password can be anything, -> save the rsa encrypted password sent by client and save it as the account password -> profit |
RSA encryption contains things like salt, the encryption results are different after entering the same password |
Three consecutive login requests, the password I entered is |
Yes, it is GCM mechanism, like aes256-gcm |
Some useful props registry: username length limit: 50 |
I think we can start with a third-party login |
For example, BiliGame third party login |
No such option on mobile client |
Bilibili Channel service |
Biligame provides a set of tools to test whether the protocol works properly. Maybe we can use this tool |
No use, login will be redirected to Hoyoverse |
It seems possible to log in using biligame by modifying the configuration |
impossible, only Hoyoverse username & password login option on CNRELiOS |
I just studied biligame. It seems that it is only applicable to Android and windows |
Why don't you give it a try? No bilibiligame after passing the proxy |
We may hijack Twitter's web login and replace Twitter's login page and authentication JS with our own page, which should be feasible |
There is no third party login option |
We need to verify when we log in. It seems that this will make the game pop up captcha. Can we replace captcha's web page with a password input box |
I just went to confirm that captcha is indeed a web page. Maybe we can use this to change the original captcha check to password check |
I think implementing in-game login is a nice and possible idea. |
can we connect both web register and in-game login to the same db? Just wondering cuz I've seen a game used that method |
I think that's already the case. BTW, my minecraft also uses this method. |
account username with random hash as password? |
How about this one? add login/register endpoint to grasscutter, use launcher or web or anything to get jwt, payload of jwt is token, username, and uid. Use that token to login ( username column ). Other platform is supported if we use web to generate that jwt |
Already fixed by multiple solutions |
In the current Dispatch server implementation, no password is required to log in to the game, which is undoubtedly very insecure.
@Asnxthaony found that passwords were encrypted in transit using RSA, decryption was nearly impossible.
For this, I came up with the following solution for reference:
/
), users need at least 4 steps to bring up the chat box with playerServer
.Any other better?
The text was updated successfully, but these errors were encountered: