[Kronos] How to integrate Xenforo Web Auth + World List
PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.
This guide is only for my Kronos release located here: https://www.rune-server.ee/runescape...ort-184-a.html
This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020
Authentication
For this to function correctly, you will need to have purchased a XenForo license.
If you prefer IPB, "Brandito" has provided a script to do so here:
Setup a new page and pageblock via the ACP and use the following script:
Code:
if (isset(\IPS\Request::i()->token)) {
$FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
$providedToken = \IPS\Request::i()->token;
if ($FIND_TOKEN === $providedToken) {
if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
$login = new \IPS\Login();
$loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
$loginname = \IPS\Request::i()->login;
if (!ctype_alnum($loginname))
die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
try {
$member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));
echo json_encode(
array(
"user_id" => $member->member_id,
"username" => $member->name,
"user_group_id" => $member->member_group_id,
"secondary_group_ids" => array(2) //REGISTERED GROUP
)
);
} catch (\IPS\Login\Exception $ex) {
if ($ex->getMessage() == 'login_err_bad_password') {
echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
} else {
echo json_encode(array("errorMessage" => "Unregistered account."));
}
}
} else {
echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
}
} else {
echo json_encode(array("errorMessage" => "Invalid token."));
}
} else {
echo json_encode(array("errorMessage" => "A query parameter was missing."));
}
Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key https://i.imgur.com/oryg3GK.png
Set the title to whatever you'd like but be descriptive, just as best practices.
You also need to select the Super User perm in order to use the auth scope.
Now - in general, never give more permission than what is needed for API keys.
For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense. https://i.imgur.com/kSnyYOm.png
Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing. https://i.imgur.com/KsW4vCx.png
That's it. Auth done.
World List
Now in order to setup the world list, you will need to download a small php script --> HERE <--
Simply place this on your web service somewhere.
Open `world_updater.php`and modify this API key.
I recomend using something like LastPass in order to generate a secure 32 character api key. https://i.imgur.com/0YdXMUA.png
Now go back to your IDE and open `WorldList` within the Central Server module.
And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.
A note about security best practices.
I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!
12-29-2020, 11:25 PM
Badouscape
Do you think it's possible for you to share the integration for CC and FC to work :) !
12-29-2020, 11:57 PM
Pretty_Stinky
Let the runite leeeches begin!
12-31-2020, 02:18 AM
Patrity
Quote:
Originally Posted by King Cobraa
Let the runite leeeches begin!
Better a runite leech than a ruse leech.
If you prefer IPB, "Brandito" has provided a script to do so.
I have not personally tested this and much prefer XenForo's API so YMMV!
I have added a spoiler on the main post.
12-31-2020, 04:02 PM
Patrity
Quote:
Originally Posted by Badouscape
Do you think it's possible for you to share the integration for CC and FC to work :) !
Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
Let me know if that helps out!
01-03-2021, 11:24 PM
BoomScape
Quote:
Originally Posted by Patrity
PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.
This guide is only for my Kronos release located here: https://www.rune-server.ee/runescape...ort-184-a.html
This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020
Authentication
For this to function correctly, you will need to have purchased a XenForo license.
If you prefer IPB, "Brandito" has provided a script to do so here:
Setup a new page and pageblock via the ACP and use the following script:
Code:
if (isset(\IPS\Request::i()->token)) {
$FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
$providedToken = \IPS\Request::i()->token;
if ($FIND_TOKEN === $providedToken) {
if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
$login = new \IPS\Login();
$loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
$loginname = \IPS\Request::i()->login;
if (!ctype_alnum($loginname))
die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
try {
$member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));
echo json_encode(
array(
"user_id" => $member->member_id,
"username" => $member->name,
"user_group_id" => $member->member_group_id,
"secondary_group_ids" => array(2) //REGISTERED GROUP
)
);
} catch (\IPS\Login\Exception $ex) {
if ($ex->getMessage() == 'login_err_bad_password') {
echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
} else {
echo json_encode(array("errorMessage" => "Unregistered account."));
}
}
} else {
echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
}
} else {
echo json_encode(array("errorMessage" => "Invalid token."));
}
} else {
echo json_encode(array("errorMessage" => "A query parameter was missing."));
}
Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key https://i.imgur.com/oryg3GK.png
Set the title to whatever you'd like but be descriptive, just as best practices.
You also need to select the Super User perm in order to use the auth scope.
Now - in general, never give more permission than what is needed for API keys.
For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense. https://i.imgur.com/kSnyYOm.png
Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing. https://i.imgur.com/KsW4vCx.png
That's it. Auth done.
World List
Now in order to setup the world list, you will need to download a small php script --> HERE <--
Simply place this on your web service somewhere.
Open `world_updater.php`and modify this API key.
I recomend using something like LastPass in order to generate a secure 32 character api key. https://i.imgur.com/0YdXMUA.png
Now go back to your IDE and open `WorldList` within the Central Server module.
And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.
A note about security best practices.
I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!
With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error
Code:
james attempting to login.
org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
at org.json.JSONObject.<init>(JSONObject.java:222)
at org.json.JSONObject.<init>(JSONObject.java:406)
at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)
Any clue on this one?
01-03-2021, 11:36 PM
Patrity
Quote:
Originally Posted by BoomScape
With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error
Code:
james attempting to login.
org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
at org.json.JSONObject.<init>(JSONObject.java:222)
at org.json.JSONObject.<init>(JSONObject.java:406)
at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)
Any clue on this one?
Looks like the response is not as expected. As I said, I have not tested the IPB integration, however you could run some test requests using Postman: https://www.postman.com/
01-04-2021, 01:40 PM
BoomScape
Quote:
Originally Posted by Patrity
Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
Let me know if that helps out!
Also got the same error as that guy with friends/cc not working with this configured
It looks like it's related to the file 'XenPost' but unsure on the auth for that system?
Users would need to bypass any use of that post method. I will not release that integration script that was originally released with Runite because it is a massive security concern.
Nothing is secure about the way it is created.
02-13-2021, 03:08 PM
Smidge
Quote:
Originally Posted by Patrity
Looks like the response is not as expected. As I said, I have not tested the IPB integration, however you could run some test requests using Postman: https://www.postman.com/
I get that same error with the Xenforo Intergration don't wana use the runite one xD