Go to file
2022-06-01 10:40:05 +07:00
gradle/wrapper Fix ChangePassword Error 2022-05-02 22:39:03 +08:00
src/main add ratelimit 2022-06-01 10:40:05 +07:00
.gitignore Fix ChangePassword Error 2022-05-02 22:39:03 +08:00
build.gradle add ratelimit 2022-06-01 10:40:05 +07:00
gradlew change readme 2022-05-02 19:40:46 +07:00
gradlew.bat Convert auth-system to plugin 2022-04-29 05:28:46 +07:00
README.md add ratelimit 2022-06-01 10:40:05 +07:00
settings.gradle Convert auth-system to plugin 2022-04-29 05:28:46 +07:00

GCAuth

Grasscutter Authentication System

Version Compatibility

GCAuth Grasscutter Development Grasscutter Stable
2.3.1+ 1.1.2-dev ( 141b191 and after ) -
2.2.1 - 2.3.0 1.1.2-dev ( before 141b191 ) -
2.1.4 - 2.1.6 1.1.1-dev -
2.0.0 - 2.1.3 1.0.3-dev 1.1.0
1.0.0 1.0.2-dev -

Usage :

  • Place jar inside plugins folder of Grasscutter.
  • To change hash algorithm change Hash in config.json inside plugins/GCAuth (Only Bcrypt and Scrypt is supported)
  • To use access control, you need set the ACCESS_KEY in config.json inside plugins/GCAuth. (Optional)
  • All payload must be send with application/json and Compact JSON format ( without unnecessary spaces )
  • Auth endpoint is:
    • Authentication Checking : /authentication/type (GET) , it'll return GCAuthAuthenticationHandler if GCAuth is loaded and enabled.
    • Register: /authentication/register (POST)
    {"username":"username","password":"password","password_confirmation":"password_confirmation"}
    
    • Login: /authentication/login (POST)
    {"username":"username","password":"password"}
    
    • Change password: /authentication/change_password (POST)
    {"username":"username","new_password":"new_password","new_password_confirmation":"new_password_confirmation","old_password":"old_password"}
    
  • If you set ACCESS_KEY you must add access_key: ACCESS_KEY in your payload.
  • Response is JSON with following keys:
    • status : success or error
    • message :
      • AUTH_ENABLED : Plugin is enabled
      • AUTH_DISABLED : Plugin is disabled
      • EMPTY_BODY : No data was sent with the request
      • USERNAME_TAKEN : Username is already taken
      • PASSWORD_MISMATCH : Password does not match
      • UNKNOWN : Unknown error
      • INVALID_ACCOUNT : Username or password is invalid
      • NO_PASSWORD : Password is not set, please set password first by resetting it (change password)
      • ERROR_ACCESS_KEY : Access key is invalid (if access control is enabled)
    • jwt : JWT token if success with body :
      • token : Token used for authentication, paste it in username field of client.
      • username : Username of the user.
      • uid : UID of the user.

Config :

  • hash : Hash algorithm used for password hashing. (Only Bcrypt and Scrypt is supported)
  • jwtSecret : Secret used for JWT token.
  • jwtExpiration : Expiration time of JWT token.
  • otpExpiration : Expiration time of OTP.
  • defaultPermission : Default permission of user.
  • accessKey : Access key used for access control. (Optional)
  • rateLimit :
    • maxRequests : Maximum requests per timeUnit.
    • timeUnit : Time unit of rateLimit. (seconds, minutes, hours, days)
    • endPoints[] : Endpoint to rate limit. (login, register, change_password)