major feat: auth v2

[mattsumi]

Description

adds a full authentication system to minecraftconsoles. msft oauth device code flow, ely.by auth, and offline mode. includes server-side enforced auth handshake, a profile manager with persistent storage, UUID identity system, XUID-to-UUID migration, and configurable [auth-mode] for dedicated servers. also adds libcurl as a dependency for HTTPS and moves nlohmann/json into {include/Common/vendor]. (for now we are gonna keep the old xuid data, but push it out with a future patch.)

Changes

see new behavior

Previous Behavior

the original codebase was built for consoles where platform-level auth (xbl, psn, etc) handled identity. as we port it to windows, none of this exists, so we are faking this idenitity. as such,there is no HTTP client to talk to auth servers, no handshake protocol to negotiate authentication schemes, and no UUID system to give players a stable cross-platform identity. the [PreLoginPacket] name field could also overwrite an already-authenticated username which was a pretty obvious security hole once real auth was in place. big no no!!! (also msft store button was going unused.)

Root Cause

the original codebase was built for consoles where platform-level auth (Xbox Live, PSN) handled identity. when the project got ported to Windows none of that infrastructure existed, so identity was basically faked. there was no HTTP client to talk to auth servers, no handshake protocol to negotiate authentication schemes, and no UUID system to give players a stable cross-platform identity. the [PreLoginPacket] name field could also overwrite an already-authenticated username which was a pretty obvious security hole once real auth was in place.

New Behavior

players now authenticate through one of three methods. msft (oauth device code flow that opens a browser and polls for completion), Ely.by (uses user and pass to get token), or Offline (trusts user are who they say they are). the server declares which auth scheme it requires via a new [auth-mode] property ([session] or [offline]), and a full 11-stage handshake protocol negotiates and verifies identity before the player ever gets past the login screen.

(funnily enough, msft sees us as minecraft for nintendo switch when autodetected. not bedrock, the original.)

continuing:

profiles now exist in a binary "auth_profiles.dat" file with token refresh support for both Microsoft and Ely.by. the in-game UI lets you add, remove, cycle through, and apply profiles. players get a [GameUUID] (v5 UUID derived from their identity) that gets serialized in [LoginPacket] and [AddPlayerPacket]. existing ban/whitelist entries with XUIDs automatically get backfilled with UUIDs on load, and player save files get migrated from XUID-named ".dat" files to UUID-named ones.

if auth fails the client gets a proper [eDisconnect_AuthFailed] disconnect reason with a localized error message instead of just getting silently dropped.

Fix Implementation

the core of this is a new [HttpClient], [AuthModule] hierarchy (session/offline/keypair-offline), [AuthPackets] (11-stage enum with key-value fields), and a [HandshakeManager] state machine that drives the whole protocol from both sides.

[AuthScreen] handles the threaded OAuth/ely.by auth flows and profile persistence in a binary auth_profiles.dat. [UUID.h/cpp] implements GameUUID with a custom SHA-1 for v5 generation and deterministic XUID conversion. on the server side,

[PendingConnection] now runs [initAuth()] based on [auth-mode] from [ServerProperties], guards [PreLoginPacket] name overwrites, and disconnects with [eDisconnect_AuthFailed] on failure.

[ClientConnection] mirrors this on the client side and syncs the authenticated name back into the platform globals. [DirectoryLevelStorage] handles XUID-to-UUID save file migration, and [BanManager]/[WhitelistManager] backfill UUIDs on load. [UIScene_MainMenu] got the full profile management UI with next/use/add/remove,

AI Use Disclosure

no ai was used to make this

Related Issues

• Related to Player Experience Improvement TODO! #613
• Related to [Suggestion] Whitelist for servers (and potential increase in the amount of hex bytes for the uid) #900
• Related to [Bug] Player joining server with the same UID causes bugs #1012 (?)

[codeHusky]

Please refactor AuthModule, the auth implementations should not be in one large monolithic file. Separate them out.

[Firebladedoge229]

i dont think we should do this genuinely
the whole point of lce, like what Cyber-Sec-DUBLIN, was to not have any form of microsoft affiliation / authentication in a way
this pr completely ruins that, destroying what we once had
and the fact that codehusky keeps calling anyone who has an opinion countering him a "child" doesnt necessarily make this any better

[Firebladedoge229]

this also just gives microslop the opportunity to suspend anyone who uses the fork in the first place
in what world does this make sense?? we're quite literally just telling microslop atp: "HEY IM DOING SOMETHING ILLEGAL!!! PLEASE TAKE ACTION AGAINST MY ACCOUNT ACCORDINGLY!!!!"

update: crazy

[funnyfella42]

yo u lowk just made a big ass arguement on the discord server how u feel?