GCAuth/README.md

# GCAuth

Grasscutter Authentication System

### Version Compatibility
| GCAuth        | Grasscutter Development                                                                                                        | Grasscutter Stable |
|---------------|--------------------------------------------------------------------------------------------------------------------------------|--------------------|
| 2.5.0+        | 1.2.3-dev                                                                                                                      | 1.1.0              |
| 2.4.0         | 1.2.0-dev - 1.2.2-dev                                                                                                          | 1.2.0              |
| 2.3.1         | 1.1.2-dev ( [141b191](https://github.com/Grasscutters/Grasscutter/commit/ce07f56f9d10cc79c9b7104b66c2e4ff19cd4f53) and after ) | -                  |
| 2.2.1 - 2.3.0 | 1.1.2-dev ( before [141b191](https://github.com/Grasscutters/Grasscutter/commit/ce07f56f9d10cc79c9b7104b66c2e4ff19cd4f53) )    | -                  |
| 2.1.4 - 2.1.6 | 1.1.1-dev                                                                                                                      | -                  |
| 2.0.0 - 2.1.3 | 1.0.3-dev                                                                                                                      | 1.1.0              |
| 1.0.0         | 1.0.2-dev                                                                                                                      | -                  |

### Usage : 
- Place jar inside plugins folder of Grasscutter.
- To change hash algorithm change `Hash` in config.json inside plugins/GCAuth (Only Bcrypt and Scrypt is supported)
- To use access control, you need set the `ACCESS_KEY` in config.json inside plugins/GCAuth. (Optional)
- All payload must be send with `application/json` and Compact JSON format ( without unnecessary spaces )
- Auth endpoint is:
  - Authentication Checking : `/authentication/type` (GET) , it'll return `GCAuthAuthenticationHandler` if GCAuth is loaded and enabled.
  - Register: `/authentication/register` (POST)
  ```
  {"username":"username","password":"password","password_confirmation":"password_confirmation"}
  ```
  - Login: `/authentication/login` (POST) 
  ```
  {"username":"username","password":"password"}
  ```
  - Change password: `/authentication/change_password` (POST)  
  ```
  {"username":"username","new_password":"new_password","new_password_confirmation":"new_password_confirmation","old_password":"old_password"}
  ```
- If you set ACCESS_KEY you must add `access_key: ACCESS_KEY` in your payload.
- Response is `JSON` with following keys:
  - `status` : `success` or `error`
  - `message` : 
    - AUTH_ENABLED : Plugin is enabled
    - AUTH_DISABLED : Plugin is disabled
    - EMPTY_BODY : No data was sent with the request
    - USERNAME_TAKEN : Username is already taken
    - PASSWORD_MISMATCH : Password does not match
    - UNKNOWN : Unknown error
    - INVALID_ACCOUNT : Username or password is invalid
    - NO_PASSWORD : Password is not set, please set password first by resetting it (change password)
    - ERROR_ACCESS_KEY : Access key is invalid (if access control is enabled)
  - `jwt` : JWT token if success with body :
    - `token` : Token used for authentication, paste it in username field of client.
    - `username` : Username of the user.
    - `uid` : UID of the user.

## Config :
- hash : Hash algorithm used for password hashing. (Only Bcrypt and Scrypt is supported)
- jwtSecret : Secret used for JWT token.
- jwtExpiration : Expiration time of JWT token.
- otpExpiration : Expiration time of OTP.
- defaultPermission : Default permission of user.
- accessKey : Access key used for access control. (Optional)
- rateLimit :
  - maxRequests : Maximum requests per timeUnit.
  - timeUnit : Time unit of rateLimit. (seconds, minutes, hours, days)
  - endPoints[] : Endpoint to rate limit. (login, register, change_password)
update readme 2022-04-29 00:20:13 +00:00			`# GCAuth`
Implement access control 2022-05-13 08:49:46 +00:00
update readme 2022-04-29 00:19:26 +00:00			`Grasscutter Authentication System`
Implement access control 2022-05-13 08:49:46 +00:00
add compatibility table 2022-05-14 09:52:44 +00:00			`### Version Compatibility`
change getPlayerUid and use plugin logger 2022-05-29 11:10:05 +00:00			`\| GCAuth \| Grasscutter Development \| Grasscutter Stable \|`
			`\|---------------\|--------------------------------------------------------------------------------------------------------------------------------\|--------------------\|`
Update README.md 2022-07-27 18:06:02 +00:00			`\| 2.5.0+ \| 1.2.3-dev \| 1.1.0 \|`
			`\| 2.4.0 \| 1.2.0-dev - 1.2.2-dev \| 1.2.0 \|`
			`\| 2.3.1 \| 1.1.2-dev ( [141b191](https://github.com/Grasscutters/Grasscutter/commit/ce07f56f9d10cc79c9b7104b66c2e4ff19cd4f53) and after ) \| - \|`
change getPlayerUid and use plugin logger 2022-05-29 11:10:05 +00:00			`\| 2.2.1 - 2.3.0 \| 1.1.2-dev ( before [141b191](https://github.com/Grasscutters/Grasscutter/commit/ce07f56f9d10cc79c9b7104b66c2e4ff19cd4f53) ) \| - \|`
			`\| 2.1.4 - 2.1.6 \| 1.1.1-dev \| - \|`
			`\| 2.0.0 - 2.1.3 \| 1.0.3-dev \| 1.1.0 \|`
			`\| 1.0.0 \| 1.0.2-dev \| - \|`
add compatibility table 2022-05-14 09:52:44 +00:00
update readme 2022-04-29 00:20:13 +00:00			`### Usage :`
update readme 2022-04-29 00:19:26 +00:00			`- Place jar inside plugins folder of Grasscutter.`
			- To change hash algorithm change `Hash` in config.json inside plugins/GCAuth (Only Bcrypt and Scrypt is supported)
Implement access control 2022-05-13 08:49:46 +00:00			- To use access control, you need set the `ACCESS_KEY` in config.json inside plugins/GCAuth. (Optional)
update readme 2022-04-29 00:38:54 +00:00			- All payload must be send with `application/json` and Compact JSON format ( without unnecessary spaces )
			`- Auth endpoint is:`
fix typo 2022-05-15 02:45:54 +00:00			- Authentication Checking : `/authentication/type` (GET) , it'll return `GCAuthAuthenticationHandler` if GCAuth is loaded and enabled.
change readme 2022-05-02 12:40:46 +00:00			- Register: `/authentication/register` (POST)
update readme 2022-04-29 00:50:15 +00:00			```
add compatibility table 2022-05-14 09:52:44 +00:00			`{"username":"username","password":"password","password_confirmation":"password_confirmation"}`
update readme 2022-04-29 00:50:15 +00:00			```
change readme 2022-05-02 12:40:46 +00:00			- Login: `/authentication/login` (POST)
update readme 2022-04-29 00:50:15 +00:00			```
add compatibility table 2022-05-14 09:52:44 +00:00			`{"username":"username","password":"password"}`
update readme 2022-04-29 00:50:15 +00:00			```
change readme 2022-05-02 12:40:46 +00:00			- Change password: `/authentication/change_password` (POST)
update readme 2022-04-29 00:50:15 +00:00			```
add compatibility table 2022-05-14 09:52:44 +00:00			`{"username":"username","new_password":"new_password","new_password_confirmation":"new_password_confirmation","old_password":"old_password"}`
update readme 2022-04-29 00:50:15 +00:00			```
add compatibility table 2022-05-14 09:52:44 +00:00			- If you set ACCESS_KEY you must add `access_key: ACCESS_KEY` in your payload.
update readme 2022-04-29 00:38:54 +00:00			- Response is `JSON` with following keys:
			- `status` : `success` or `error`
update readme 2022-04-29 00:51:26 +00:00			- `message` :
update readme 2022-04-29 00:38:54 +00:00			`- AUTH_ENABLED : Plugin is enabled`
			`- AUTH_DISABLED : Plugin is disabled`
			`- EMPTY_BODY : No data was sent with the request`
			`- USERNAME_TAKEN : Username is already taken`
			`- PASSWORD_MISMATCH : Password does not match`
			`- UNKNOWN : Unknown error`
			`- INVALID_ACCOUNT : Username or password is invalid`
			`- NO_PASSWORD : Password is not set, please set password first by resetting it (change password)`
Implement access control 2022-05-13 08:49:46 +00:00			`- ERROR_ACCESS_KEY : Access key is invalid (if access control is enabled)`
update readme 2022-04-29 00:38:54 +00:00			- `jwt` : JWT token if success with body :
			- `token` : Token used for authentication, paste it in username field of client.
			- `username` : Username of the user.
add ratelimit 2022-06-01 03:40:05 +00:00			- `uid` : UID of the user.

			`## Config :`
			`- hash : Hash algorithm used for password hashing. (Only Bcrypt and Scrypt is supported)`
			`- jwtSecret : Secret used for JWT token.`
			`- jwtExpiration : Expiration time of JWT token.`
			`- otpExpiration : Expiration time of OTP.`
			`- defaultPermission : Default permission of user.`
			`- accessKey : Access key used for access control. (Optional)`
			`- rateLimit :`
			`- maxRequests : Maximum requests per timeUnit.`
			`- timeUnit : Time unit of rateLimit. (seconds, minutes, hours, days)`
Update README.md 2022-07-27 18:06:02 +00:00			`- endPoints[] : Endpoint to rate limit. (login, register, change_password)`