-
Notifications
You must be signed in to change notification settings - Fork 1
Plans
A lot of technologies are involved in this but it's not as complicated as it seems. Take it one step at a time to understand each part. Go over this page carefully. It explains everything.
A platform, not a product. Its very common, and has been very common for years now, to separate the server from the client. Google did this as well as Discord and dozens of other stuff. Even Minecraft did this years ago which made both custom clients and servers easier.
Think of Discord Bots, is Discord Bot something Discord created for you to use... no. The bot is a platform, it does nothing on it's own, however anyone in the world can create a "bot" using the bot platform. College kids can create a bot to take their first steps into programming and other people have created bots to make it into a business. Discord doesn't care as long as you play by the rules and they take precautions for security.
That's what this is.
It means this
- We need to make a custom port that random people on the internet can connect to so they can create bots
- We need to provide a way of communication back and forth on that custom port
- We need to separate out stuff that's ok to access without permission and stuff that requires permission
- We need to create a system to log people in so they can access the stuff that requires proper permissions
It may sound complicated but some pretty smart people, way smarter than me or probably you, have come up with ingeniously simple methods to make this happen. Simple is good, I like simple.
The port will be websocket.
Now what's a websocket? It's a port that uses Javascript's JSON or Binary (Although binary is very rare and not recommended at all) to allow Javascript to communicate with a server in a 2-way communication. Meaning if the server has anything to say, it can say it and same goes for the client.
This is not only simple but perfect for what we need. Furthermore a lot of time and money has gone into this technology, it's readily available for a number of languages, has a lot of support and capability, is very simple, and works very well / natively with Javascript.
We want our platform to be in Javascript because Javascript is by far the easiest and most flexible language not to mention incredibly fast and capable.
The communication will be JSON. JSON is simply data (Same as YML or XML), the difference is JSON is very flexible like YML and very good at being moved around between computer and modified, changed, and read (Unlike YML which is tailored more to people than computers and not so good at being moved around easily between computer talk)
JSON is obviously native to Javascript and its such a common data storage and communication that software readily exists for a number of languages to use it very easily.
Our solution for separating out stuff that requires permissions will be to use technology already available. We don't need to make this complicated. Keep it simple.
To use privleged stuff means you need to log into your Minecraft character, that just means to use a login system (Covered next) and login. Once logged in it uses the attached players permissions.
Essentially it does a simple permission check. All this stuff already exists in Minecraft, we're just leveraging existing technology.
Some stuff doesn't need any permissions (Like reading chat or seeing play count [all live because it's 2-way on a websocket]) but many stuff will such as chunk loading or sending chat.
Our solution for login is dirt simple and is actually going to use a cleverly simple system I made myself to add extra security.
JWT means JSON Web Token and it's an ingenious little thing. Imagine handing someone a letter with information you don't want them to change on it and simply relying and trusting them not to change it. That seems kind of stupid right? Never trust the client, ever.
But.... with JWT it adds a little line at the bottom of the letter, the line means nothing to the client but if the client does change anything, we'll know right away thanks to that line. That line sort of sums up the letter contents. The only way the client can change the letter and that line is to know the super secret key which would take them at least 50-100 years to guess which by then the letter would have been worthless.
The "Letter Contents" is public, its not private or secret at all. JWT doesn't hide information, it just prevents the client from changing anything.
It gets even better with my system, because that "super secret key" is generated for each and every session meaning nobody knows it, not the admin, not the user, nobody knows it. Also the session lasts for about 15 minutes and then is thrown away and with it goes the secret key. Also no 2 keys are alike meaning even if a high-powered super computer from the year 3000 were to figure out the key, it would only compromise a single short-lived session.
The user attempts to login, if successful is generated a session, the user is handed a JWT that represents their session. If the user wants to do anything that requires permissions over the web socket they must hand their JWT token along with the request (Think of it like an access card). We know the user won't alter the "Access Card" for reasons stated above.
The way to login is also simple, the player must have permission to allow logins and must have a connected/linked Discord account. The login is rejected otherwise.
- The Player Provides a minecraft username
- The plugin DM's the linked account asking for login permission
- If the person types accept on Discord, or click a react button or something it's then accepted
- A login session is created, a token created, and the user is handed a token or "Access Card"
What we'll focus on is adding stuff the player can do and separating what needs login and what doesn't. It's up to the client to do with that as they will.
- Sending/Receiving Chat
- Chunk Loading
- Block Reading
- Inventory Access
- Money Access to receive and get money
- Notification system through Discord
- Public storage access and transferring items back and forth to your inventory
- The list goes on...