-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Account system information #1
Comments
I just saw this. This would be absolutely amazing. I was gauging to see if I would need to work on another account system that already exists elsewhere, maybe like Teerace if you know, but it seems that this kind of more 'official' approach would be far better. I put a simple static frontend together like a PoC at twelo.pages.dev There has been huge demand for it since the beginning, I'm sure this will see big success, though I imagine technicalities will probably the biggest obstacle. @ChillerDragon future scope for integration right here :) |
This is the very first version of the ddnet account system.
I want to quickly go through some points, so common questions are avoided.
How does the system work?
If you technically want to understand what happens, I suggest to read
src/tests/full.rs
which emulates a full process of setting up the account server, clients creating accounts, clients talking to the game server.Generally there are 3 main instances:
The account client requests a login via email or steam. The account server will send a code per email, or verify the steam session ticket. Afterwards the client performs the actual login, it creates a key-pair and sends the pub key to the account server. The account server will automatically either login to an existing account or create a new one and gives the user a session for that key-pair.
When the user connects to a game server (or refreshes browser or whatever) the account client will request a certificate from the account server for its session, This cert is valid for insert any time here-time (e.g. 4 hours). Which allows the client to connect to game servers using that cert. The cert contains an extension where the account id (and theoretically other info) is stored, which allows the game server to verify that the account corresponds to that user by using the account server's public key, from whos private key was used to sign the cert that the account client just sent to the game server.
In simpler words: Account client gets a cert from account server. This cert can be trusted because all instances trust the account server. The cert cannot be faked, since it's signed by the account server.
The client uses TLS client handshake for a connection to the game server and includes the cert we just talked about here.
This allows to use the same cert on all game servers, since only the client has the private key for the public key information in the cert and the TLS handshake validates that.
The game server uses the account_id from the cert extension to either create a "local" game server account for the user,
or as fallback it can also use the fingerprint of the public key info of the cert to link secret information to a finish.
From this a neat small benefit arrises. Users that don't have an account can later claim their ranks using their non-account key-pair (basically upgrade that key-pair).
An account on the game server is actually implementation detail and we don't make any assumption about that, but this repo still contains some helper functions for what can possibly be ddnet's game server's accounts:
Very quick summirization of ddnet game server accounts:
_
]). If the db or account server is down a user can still just play, no name checks requiredTechnical overview
Open problems/questions
Some open things, they wouldn't prevent the current system from working, but at least everybody is aware of them now:
Email
@TsFreddie made an awesome email template
We'd need to host the images in
templates/email
on ddnet.org/emailTesting
If someone wants to seriously test this, dd-pg has most impl finished. To prevent multiple ppl asking over it over again, we could make one date where everyone that wants to test can test.
But honestly it's also not that impressive, you click "Login by steam" and it logs you in xdd
The game server allows to rename, all other stuff is hidden away for the user.
FAQ
The text was updated successfully, but these errors were encountered: