joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move nintendo and steam auth config to options file

Browse Source
This commit is contained in:
Joe Bain
2025-11-17 17:07:13 +00:00
parent 51c33a89e0
commit ccd90508dd
2 changed files with 22 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/Adapters/Auth/nintendo.js
View File

@@ -1,30 +1,22 @@
var Parse = require('parse/node').Parse; var Parse = require('parse/node').Parse;
const https = require('https');
const { URL } = require('url'); const { URL } = require('url');
var jwt = require('jsonwebtoken'); var jwt = require('jsonwebtoken');
var jwksClient = require('jwks-rsa'); var jwksClient = require('jwks-rsa');
// todo move these to a config file.
const decryptionKey = '3e3e2a3cbd54dc6c7cb5e51520dfa819dd7f9c12d062d54a1f8c14ddd231377f';
const appId = '3414340';
const steam_auth_url = "https://partner.steam-api.com/ISteamUserAuth/AuthenticateUserTicket/v1/"
const steam_web_api_key = "DDFA57075562113469DC8057F2C7462D";
const server_id = "0100118024dae000";
// Returns a promise that fulfills iff this nsa id token is valid // Returns a promise that fulfills iff this nsa id token is valid
function validateAuthData(authData) { function validateAuthData(authData, authOptions) {
console.log("going to validate for nintendo"); //console.log("going to validate for nintendo");
console.log(authData); //console.log(authData);
if ("token" in authData) { if ("token" in authData) {
try { try {
var token = authData["token"]; var token = authData["token"];
var decoded = jwt.decode(token, {complete: true}); var decoded = jwt.decode(token, {complete: true});
var header = decoded.header; var header = decoded.header;
console.log("got nsa id token, header is:"); // console.log("got nsa id token, header is:");
console.log(header); // console.log(header);
console.log("full decoded token is:"); // console.log("full decoded token is:");
console.log(decoded); // console.log(decoded);
if (!('alg' in header) || header['alg'] != "RS256") { if (!('alg' in header) || header['alg'] != "RS256") {
error("No algorithm specified or it didn't match expected value 'RS256'"); error("No algorithm specified or it didn't match expected value 'RS256'");
@@ -40,10 +32,6 @@ function validateAuthData(authData) {
error("JKU url in token isn't valid"); error("JKU url in token isn't valid");
} }
// client.getSigningKey(header.kid, function(err, key) {
// var signingKey = key.publicKey || key.rsaPublicKey;
// callback(null, signingKey);
// });
return new Promise(function(resolve, reject) { return new Promise(function(resolve, reject) {
var client = jwksClient({ var client = jwksClient({
jwksUri: jku jwksUri: jku
@@ -56,8 +44,12 @@ function validateAuthData(authData) {
} }
var options = {}; var options = {};
jwt.verify(token, getKey, options, function(err, decoded) { jwt.verify(token, getKey, options, function(err, decoded) {
console.log("verfied jwt, decoded value is:"); // console.log("verfied jwt, decoded value is:");
console.log(decoded); // console.log(decoded);
if (err != null) {
reject("Error verifying jwt: " + err.message);
return;
}
if (!new URL(decoded.iss).hostname.endsWith("nintendo.com")) { if (!new URL(decoded.iss).hostname.endsWith("nintendo.com")) {
reject("iss claim in token is not a nintendo server"); reject("iss claim in token is not a nintendo server");
return; return;
@@ -71,7 +63,7 @@ function validateAuthData(authData) {
reject("exp value is not in the future"); reject("exp value is not in the future");
return; return;
} }
if (decoded.nintendo.ai != server_id) { if (decoded.nintendo.ai != authOptions.serverId) {
reject("application id does not match our id"); reject("application id does not match our id");
return; return;
} }
@@ -79,8 +71,6 @@ function validateAuthData(authData) {
}); });
}); });
//return getJWK(jku, jwk_name);
} catch (e) { } catch (e) {
error('Error authenticating NSA id token: ' + e); error('Error authenticating NSA id token: ' + e);
} }
@@ -103,30 +93,6 @@ function isValidJKU(jku) {
function error(message) { function error(message) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, message); throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, message);
} }
// function getJWK(jku, jwk_name) {
// return new Promise(function(resolve, reject) {
// var request = https.get(jku, (response) => {
// console.log("Got jwk");
// response.on('data', (d) => {
// console.log("got jku response from nintendo");
// console.log(data);
// jwt.verify(token, )
// resolve();
// });
// });
// request.on('error', (error) => {
// console.log(error.message);
// reject("Couldn't fetch a jwk from the nintendo cache");
// });
// request.end();
// });
// }
module.exports = { module.exports = {
validateAppId, validateAppId,
validateAuthData validateAuthData

27
src/Adapters/Auth/steam.js
View File

@@ -3,20 +3,14 @@ const AppTicket = require('steam-appticket');
const https = require('https'); const https = require('https');
const querystring = require('querystring'); const querystring = require('querystring');
// todo move these to a config file.
const decryptionKey = '3e3e2a3cbd54dc6c7cb5e51520dfa819dd7f9c12d062d54a1f8c14ddd231377f';
const appId = '3414340';
const steam_auth_url = "https://partner.steam-api.com/ISteamUserAuth/AuthenticateUserTicket/v1/"
const steam_web_api_key = "DDFA57075562113469DC8057F2C7462D";
const server_id = "kami2server";
// Returns a promise that fulfills iff this application ticket is valid // Returns a promise that fulfills iff this application ticket is valid
function validateAuthData(authData) { function validateAuthData(authData, authOptions) {
// using an encrypted app ticket to authenticate // using an encrypted app ticket to authenticate
if ("app_ticket" in authData) { if ("app_ticket" in authData) {
console.log("Authenticate steam user using encrypted app ticket"); console.log("Authenticate steam user using encrypted app ticket");
var encrypted_ticket = Buffer.from(authData.app_ticket, 'hex'); var encrypted_ticket = Buffer.from(authData.app_ticket, 'hex');
var ticket = AppTicket.parseEncryptedAppTicket(encrypted_ticket, decryptionKey) var ticket = AppTicket.parseEncryptedAppTicket(encrypted_ticket, authOptions.decryptionKey)
if (ticket === null) { if (ticket === null) {
throw new Parse.Error( throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND, Parse.Error.OBJECT_NOT_FOUND,
@@ -29,7 +23,7 @@ function validateAuthData(authData) {
'The provided application ticket does not match the given user id' 'The provided application ticket does not match the given user id'
); );
} }
if (appId !== ticket.appID && demoAppId != ticket.appID) { if (authOptions.appId !== ticket.appID && authOptions.demoAppId != ticket.appID) {
throw new Parse.Error( throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND, Parse.Error.OBJECT_NOT_FOUND,
'The provided application ticket does not match the Kami 2 or Kami 2 Demo application ids' 'The provided application ticket does not match the Kami 2 or Kami 2 Demo application ids'
@@ -40,8 +34,7 @@ function validateAuthData(authData) {
// using the web api to authenticate // using the web api to authenticate
else if ("auth_ticket" in authData) { else if ("auth_ticket" in authData) {
console.log("Authenticate steam user using web api and auth ticket"); console.log("Authenticate steam user using web api and auth ticket");
//var web_api_ticket = Buffer.from(authData.auth_ticket, 'hex'); return callSteamWebApi(authData.auth_ticket, authOptions);
return callSteamWebApi(authData.auth_ticket);
} }
} }
@@ -51,15 +44,15 @@ function validateAppId() {
return Promise.resolve(); return Promise.resolve();
} }
function callSteamWebApi(auth_ticket) { function callSteamWebApi(auth_ticket, authOptions) {
return new Promise(function(resolve, reject) { return new Promise(function(resolve, reject) {
// GET parameters // GET parameters
const parameters = { const parameters = {
key: steam_web_api_key, key: authOptions.webApiKey,
appid: appId, appid: authOptions.appId, // could try the demo id too, but we know that doesn't allow online play so don't worry for now
ticket: auth_ticket, ticket: auth_ticket,
identity: server_id identity: authOptions.serverId
} }
const get_request_args = querystring.stringify(parameters); const get_request_args = querystring.stringify(parameters);
@@ -79,10 +72,6 @@ function callSteamWebApi(auth_ticket) {
request.on('error', (error) => { request.on('error', (error) => {
console.log(error.message); console.log(error.message);
// throw new Parse.Error(
// Parse.Error.OBJECT_NOT_FOUND,
// 'The Steam web api could not authenticate the user with the given auth ticket'
// );
reject('The Steam web api could not authenticate the user with the given auth ticket'); reject('The Steam web api could not authenticate the user with the given auth ticket');
}); });