EarlyAuth

From alt:V / Wiki
Jump to navigation Jump to search

Early Auth is a function to protect the alt:V server against possible DDOS Attacks, this function only works with announce set to true.
It's working as followed: A client connects to the server over the server list, the early auth functions opens a external login page where the player can authenticate. If the authentication was successfull the login page is sending a post request with a token to the client. Then the website whitelists the IP of the client in the firewall of the server. Now the client can connect and can be identified by the gameserver over the given auth token. The auth token needs to be generated by the login page.

Step-by-Step Tutorial

Example values

In this tutorial following example values are used:

Key Value Description
token 0123456789 The token for the masterlist (Needs to be requested from Masterbot via Discord)
earlyAuthUrl https://login.example.com/index.html:443 The url to the external login page.
authToken authToken0123456789 The token generated by the site.

Step-by-Step Example

  1. Add announce: true to server.cfg.
  2. Add your token to token: 0123456789 in server.cfg.
  3. Add useEarlyAuth: true to server.cfg.
  4. Add earlyAuthUrl: 'https://login.example.com/index.html:443'to server.cfg.
  5. Add Function 1 to your login page, trigger this function and a firewall whitelist function after successfull login. .
  6. Add a check for the authToken to the playerConnect event eg Function 2
  7. Now the earlyAuth login is ready.

Function 1

<script>
function setToken(token) {
     alt.emit('pushToken', token);
}
</script>

Function 2

alt.on("playerConnect", (player) => {
     if(player.authToken != "authToken0123456789")
     {
         player.kick();
     }
});