Remove mmAuth for Database.AuthenticateUser, use LoginData instead

2025-08-05 11:28:39 +00:00 · 2021-10-13 22:30:33 -04:00 · 2021-10-13 22:30:33 -04:00 · 85da92124e
commit 85da92124e
parent 33f7e113e2
3 changed files with 59 additions and 22 deletions
--- a/ProjectLighthouse/Controllers/LoginController.cs
+++ b/ProjectLighthouse/Controllers/LoginController.cs
@ -1,4 +1,6 @@
 #nullable enable
 using System;
 using System.IO;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@ -16,21 +18,19 @@ namespace ProjectLighthouse.Controllers {
            if(!this.Request.Query.TryGetValue("titleID", out StringValues _))
                return this.BadRequest("");
-            // FIXME: this will not do, MM_AUTH is created by the client after POST /LOGIN
+            string body = await new StreamReader(Request.Body).ReadToEndAsync();
-            if(!this.Request.Cookies.TryGetValue("MM_AUTH", out string? mmAuth) || mmAuth == null)
+
-                return this.BadRequest(""); // TODO: send 403
+            LoginData loginData;
            try {
                loginData = LoginData.CreateFromString(body);
            }
            catch(Exception e) {
                return this.BadRequest();
            }
            await using Database database = new();
-            Token? token;
+            Token? token = await database.AuthenticateUser(loginData);
            // ReSharper disable once InvertIf
            if(!await database.IsUserAuthenticated(mmAuth)) {
                token = await database.AuthenticateUser(mmAuth);
            }
            else {
                token = await database.Tokens.FirstOrDefaultAsync(t => t.UserToken == mmAuth);
            }
            if(token == null) return this.BadRequest(""); // TODO: send 403
--- a/ProjectLighthouse/Database.cs
+++ b/ProjectLighthouse/Database.cs
@ -35,17 +35,11 @@ namespace ProjectLighthouse {
            return user;
        }
-
+        
-        // MM_AUTH=psn_name:?:timestamp, potentially a user creation date?:?:user id?:user's IP:?:password? SHA1
+        public async Task<Token?> AuthenticateUser(LoginData loginData) {
        // just blindly trust the token for now while we get it working
        public async Task<Token?> AuthenticateUser(string loginString) {
            if(!loginString.Contains(':')) return null;
            string[] split = loginString.Split(":");
            // TODO: don't use psn name to authenticate
-            User user = await this.Users.FirstOrDefaultAsync(u => u.Username == split[0]) 
+            User user = await this.Users.FirstOrDefaultAsync(u => u.Username == loginData.Username + u.Username[-1]) 
-                        ?? await this.CreateUser(split[0]);
+                        ?? await this.CreateUser(loginData.Username + "_");
            Token token = new() {
                UserToken = HashHelper.GenerateAuthToken(),
--- a/ProjectLighthouse/Types/LoginData.cs
+++ b/ProjectLighthouse/Types/LoginData.cs
@ -0,0 +1,43 @@
 using System.IO;
 using System.Text;
 namespace ProjectLighthouse.Types {
    // This is all the information I can understand for now. More testing is required.
    // Example data:
    //  - LBP2 digital, with the RPCN username `literally1984`
    //      POST /LITTLEBIGPLANETPS3_XML/login?applicationID=21414&languageID=1&lbp2=1&beta=0&titleID=NPUA80662&country=us
    //      !<21>0256333||x||<7C><>Y literally198bruUP9000-NPUA80662_008D
    //  - LBP2 digital, with the RPCN username `jvyden`
    //      POST /LITTLEBIGPLANETPS3_XML/login?applicationID=21414&languageID=1&lbp2=1&beta=0&titleID=NPUA80662&country=us
    //      !<21>0220333||/u||=0<> jvydebruUP9000-NPUA80662_008D
    /// <summary>
    /// The data sent from POST /LOGIN.
    /// </summary>
    public class LoginData {
        public string Username { get; set; } // Cut off by one for some strange reason
        public string GameVersion { get; set; }
        public int UnknownNumber { get; set; } // Seems to increment by 1000 every login attempt
        public static LoginData CreateFromString(string str) {
            using MemoryStream ms = new(Encoding.ASCII.GetBytes(str));
            using BinaryReader reader = new(ms);
            LoginData loginData = new();
            reader.ReadBytes(4); // Perhaps a header of sorts?
            string number = Encoding.ASCII.GetString(reader.ReadBytes(7)); // Number is stored as text for some reason...
            loginData.UnknownNumber = int.Parse(number);
            reader.ReadBytes(10); // No clue what this is.
            string end = Encoding.ASCII.GetString(reader.ReadBytes(int.MaxValue)); // ReadToEnd 2: Electric Boogaloo
            string[] split = end.Split("bru"); // No idea what it means, but it seems to split the gameversion and username apart
            loginData.Username = split[0];
            loginData.GameVersion = split[1];
            return loginData;
        }
    }
 }