diff --git a/dist/MicrosoftAuth.js b/dist/MicrosoftAuth.js index 10275f5..25ae825 100644 --- a/dist/MicrosoftAuth.js +++ b/dist/MicrosoftAuth.js @@ -54,188 +54,218 @@ class MicrosoftAuth { `login_hint=${loginHint}`; } async loginWithXboxCode(code) { - MicrosoftAuth.logger.debug("loginWithXboxCode"); - const form = { - "client_id": process.env.MSA_CLIENT_ID, - "client_secret": process.env.MSA_CLIENT_SECRET, - "code": code, - "grant_type": "authorization_code", - "redirect_uri": this.redirectUri - }; - return await this.authenticateXboxLiveWithFormData(form); + return await Sentry.startSpan({ + op: 'auth', + name: 'loginWithXboxCode' + }, async () => { + MicrosoftAuth.logger.debug("loginWithXboxCode"); + const form = { + "client_id": process.env.MSA_CLIENT_ID, + "client_secret": process.env.MSA_CLIENT_SECRET, + "code": code, + "grant_type": "authorization_code", + "redirect_uri": this.redirectUri + }; + return await this.authenticateXboxLiveWithFormData(form); + }); } async exchangeRpsTicketForIdentities(rpsTicket) { - MicrosoftAuth.logger.debug("exchangeRpsTicketForIdentities"); - if (!rpsTicket.startsWith("d=")) { - // username+password login doesn't seem to need this prefix, code auth does - rpsTicket = `d=${rpsTicket}`; - } - // https://user.auth.xboxlive.com/user/authenticate - let userTokenResponse; - try { - userTokenResponse = await XboxLiveAuth.xbl.exchangeRpsTicketForUserToken(rpsTicket); - } - catch (e) { - Sentry.captureException(e, { - tags: { - stage: 'exchangeRpsTicketForIdentities' - } - }); - throw new MSAError_1.MSAError('exchangeRpsTicketForIdentities', e); - } - // console.log("exchangeRpsTicket") - // console.log(JSON.stringify(userTokenResponse)) - return { - token: userTokenResponse, - mc: await this.getIdentityForRelyingParty(userTokenResponse, MC_XSTSRelyingParty), - xbox: await this.getIdentityForRelyingParty(userTokenResponse, XBOX_XSTSRelyingParty) - }; + return await Sentry.startSpan({ + op: 'auth', + name: 'exchangeRpsTicketForIdentities' + }, async () => { + MicrosoftAuth.logger.debug("exchangeRpsTicketForIdentities"); + if (!rpsTicket.startsWith("d=")) { + // username+password login doesn't seem to need this prefix, code auth does + rpsTicket = `d=${rpsTicket}`; + } + // https://user.auth.xboxlive.com/user/authenticate + let userTokenResponse; + try { + userTokenResponse = await XboxLiveAuth.xbl.exchangeRpsTicketForUserToken(rpsTicket); + } + catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'exchangeRpsTicketForIdentities' + } + }); + throw new MSAError_1.MSAError('exchangeRpsTicketForIdentities', e); + } + // console.log("exchangeRpsTicket") + // console.log(JSON.stringify(userTokenResponse)) + return { + token: userTokenResponse, + mc: await this.getIdentityForRelyingParty(userTokenResponse, MC_XSTSRelyingParty), + xbox: await this.getIdentityForRelyingParty(userTokenResponse, XBOX_XSTSRelyingParty) + }; + }); } async getIdentityForRelyingParty(userTokenResponse, relyingParty) { - MicrosoftAuth.logger.debug("getIdentityForRelyingParty"); - // https://xsts.auth.xboxlive.com/xsts/authorize - const body = { - RelyingParty: relyingParty, - TokenType: "JWT", - Properties: { - SandboxId: "RETAIL", - UserTokens: [userTokenResponse.Token] - } - }; - let authResponse; - try { - authResponse = await this.requestHandlers.generic({ - method: "POST", - url: "https://xsts.auth.xboxlive.com/xsts/authorize", - headers: { - "Content-Type": "application/json", - "Accept": "application/json", - /*"x-xbl-contract-version": 1*/ - }, - data: body - }); - } - catch (e) { - Sentry.captureException(e, { - tags: { - stage: 'getIdentityForRelyingParty' + return await Sentry.startSpan({ + op: 'auth', + name: 'getIdentityForRelyingParty' + }, async () => { + MicrosoftAuth.logger.debug("getIdentityForRelyingParty"); + // https://xsts.auth.xboxlive.com/xsts/authorize + const body = { + RelyingParty: relyingParty, + TokenType: "JWT", + Properties: { + SandboxId: "RETAIL", + UserTokens: [userTokenResponse.Token] } - }); - throw new MSAError_1.MSAError('getIdentityForRelyingParty', e); - } - return authResponse.data; + }; + let authResponse; + try { + authResponse = await this.requestHandlers.generic({ + method: "POST", + url: "https://xsts.auth.xboxlive.com/xsts/authorize", + headers: { + "Content-Type": "application/json", + "Accept": "application/json", + /*"x-xbl-contract-version": 1*/ + }, + data: body + }); + } + catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'getIdentityForRelyingParty' + } + }); + throw new MSAError_1.MSAError('getIdentityForRelyingParty', e); + } + return authResponse.data; + }); } async authenticateXboxLiveWithFormData(form) { - MicrosoftAuth.logger.debug("authenticateXboxLiveWithFormData"); - let refreshResponse; - try { - refreshResponse = await this.requestHandlers.liveLogin({ - method: "POST", - url: "https://login.live.com/oauth20_token.srf", - headers: { - "Content-Type": "application/x-www-form-urlencoded", - "Accept": "application/json" - }, - data: qs.stringify(form) - }); - } - catch (e) { - Sentry.captureException(e, { - tags: { - stage: 'authenticateXboxLiveWithFormData' - } - }); - throw new MSAError_1.MSAError('authenticateXboxWithFormData', e); - } - const refreshBody = refreshResponse.data; - // console.log("refreshBody"); - // console.log(JSON.stringify(refreshBody)) - // Microsoft/Xbox accessToken - const xboxAccessToken = refreshBody["access_token"]; - const xboxRefreshToken = refreshBody["refresh_token"]; - const identityResponses = await this.exchangeRpsTicketForIdentities(xboxAccessToken); - // console.log("identities"); - // console.log(identityResponses) - const mcIdentity = identityResponses.mc; - const xboxIdentity = identityResponses.xbox; - const userHash = mcIdentity.DisplayClaims.xui[0].uhs; - const XSTSToken = mcIdentity.Token; - const xboxLoginResponse = await this.loginToMinecraftWithXbox(userHash, XSTSToken); - const minecraftXboxUsername = xboxLoginResponse.username; - return { - // Minecraft accessToken - does not return a refresh token, so need the MS one above - mcAccessToken: xboxLoginResponse.access_token, - msa: { - auth: { - accessToken: xboxAccessToken, - refreshToken: xboxRefreshToken, - expires: (0, util_1.epochSeconds)() + parseInt(refreshBody["expires_in"]), - issued: (0, util_1.epochSeconds)(), - userId: refreshBody["user_id"] - }, - userToken: { - token: identityResponses.token.Token, - expires: (0, util_1.toEpochSeconds)(Date.parse(identityResponses.token.NotAfter)), - issued: (0, util_1.toEpochSeconds)(Date.parse(identityResponses.token.IssueInstant)), - userHash: identityResponses.token.DisplayClaims.xui[0].uhs - }, - identities: { - mc: { - token: mcIdentity.Token, - expires: (0, util_1.toEpochSeconds)(Date.parse(mcIdentity.NotAfter)), - issued: (0, util_1.toEpochSeconds)(Date.parse(mcIdentity.IssueInstant)), - claims: mcIdentity.DisplayClaims.xui[0] + return await Sentry.startSpan({ + op: 'auth', + name: 'authenticateXboxLiveWithFormData' + }, async () => { + MicrosoftAuth.logger.debug("authenticateXboxLiveWithFormData"); + let refreshResponse; + try { + refreshResponse = await this.requestHandlers.liveLogin({ + method: "POST", + url: "https://login.live.com/oauth20_token.srf", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + "Accept": "application/json" }, - xbox: { - token: xboxIdentity.Token, - expires: (0, util_1.toEpochSeconds)(Date.parse(xboxIdentity.NotAfter)), - issued: (0, util_1.toEpochSeconds)(Date.parse(xboxIdentity.IssueInstant)), - claims: xboxIdentity.DisplayClaims.xui[0] + data: qs.stringify(form) + }); + } + catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'authenticateXboxLiveWithFormData' } - } + }); + throw new MSAError_1.MSAError('authenticateXboxWithFormData', e); } - }; + const refreshBody = refreshResponse.data; + // console.log("refreshBody"); + // console.log(JSON.stringify(refreshBody)) + // Microsoft/Xbox accessToken + const xboxAccessToken = refreshBody["access_token"]; + const xboxRefreshToken = refreshBody["refresh_token"]; + const identityResponses = await this.exchangeRpsTicketForIdentities(xboxAccessToken); + // console.log("identities"); + // console.log(identityResponses) + const mcIdentity = identityResponses.mc; + const xboxIdentity = identityResponses.xbox; + const userHash = mcIdentity.DisplayClaims.xui[0].uhs; + const XSTSToken = mcIdentity.Token; + const xboxLoginResponse = await this.loginToMinecraftWithXbox(userHash, XSTSToken); + const minecraftXboxUsername = xboxLoginResponse.username; + return { + // Minecraft accessToken - does not return a refresh token, so need the MS one above + mcAccessToken: xboxLoginResponse.access_token, + msa: { + auth: { + accessToken: xboxAccessToken, + refreshToken: xboxRefreshToken, + expires: (0, util_1.epochSeconds)() + parseInt(refreshBody["expires_in"]), + issued: (0, util_1.epochSeconds)(), + userId: refreshBody["user_id"] + }, + userToken: { + token: identityResponses.token.Token, + expires: (0, util_1.toEpochSeconds)(Date.parse(identityResponses.token.NotAfter)), + issued: (0, util_1.toEpochSeconds)(Date.parse(identityResponses.token.IssueInstant)), + userHash: identityResponses.token.DisplayClaims.xui[0].uhs + }, + identities: { + mc: { + token: mcIdentity.Token, + expires: (0, util_1.toEpochSeconds)(Date.parse(mcIdentity.NotAfter)), + issued: (0, util_1.toEpochSeconds)(Date.parse(mcIdentity.IssueInstant)), + claims: mcIdentity.DisplayClaims.xui[0] + }, + xbox: { + token: xboxIdentity.Token, + expires: (0, util_1.toEpochSeconds)(Date.parse(xboxIdentity.NotAfter)), + issued: (0, util_1.toEpochSeconds)(Date.parse(xboxIdentity.IssueInstant)), + claims: xboxIdentity.DisplayClaims.xui[0] + } + } + } + }; + }); } async loginToMinecraftWithXbox(userHash, xstsToken) { - MicrosoftAuth.logger.debug("loginToMinecraftWithXbox"); - const body = { - identityToken: `XBL3.0 x=${userHash};${xstsToken}` - }; - let xboxLoginResponse; - try { - xboxLoginResponse = await this.requestHandlers.minecraftServices({ - method: "POST", - url: "https://api.minecraftservices.com/authentication/login_with_xbox", - headers: { - "Content-Type": "application/json", - "Accept": "application/json" - }, - data: body - }); - } - catch (e) { - Sentry.captureException(e, { - tags: { - stage: 'loginToMinecraftWithXbox' - } - }); - throw new MSAError_1.MSAError('loginToMinecraftWithXbox', e); - } - const xboxLoginBody = xboxLoginResponse.data; - // console.log("xboxLogin") - // console.log(JSON.stringify(xboxLoginBody)); - return xboxLoginBody; + return await Sentry.startSpan({ + op: 'auth', + name: 'loginToMinecraftWithXbox' + }, async () => { + MicrosoftAuth.logger.debug("loginToMinecraftWithXbox"); + const body = { + identityToken: `XBL3.0 x=${userHash};${xstsToken}` + }; + let xboxLoginResponse; + try { + xboxLoginResponse = await this.requestHandlers.minecraftServices({ + method: "POST", + url: "https://api.minecraftservices.com/authentication/login_with_xbox", + headers: { + "Content-Type": "application/json", + "Accept": "application/json" + }, + data: body + }); + } + catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'loginToMinecraftWithXbox' + } + }); + throw new MSAError_1.MSAError('loginToMinecraftWithXbox', e); + } + const xboxLoginBody = xboxLoginResponse.data; + // console.log("xboxLogin") + // console.log(JSON.stringify(xboxLoginBody)); + return xboxLoginBody; + }); } async refreshXboxAccessToken(xboxRefreshToken) { - MicrosoftAuth.logger.debug("refreshXboxAccessToken"); - const form = { - "client_id": process.env.MSA_CLIENT_ID, - "client_secret": process.env.MSA_CLIENT_SECRET, - "refresh_token": xboxRefreshToken, - "grant_type": "refresh_token", - "redirect_uri": this.redirectUri - }; - return await this.authenticateXboxLiveWithFormData(form); + return await Sentry.startSpan({ + op: 'auth', + name: 'refreshXboxAccessToken' + }, async () => { + MicrosoftAuth.logger.debug("refreshXboxAccessToken"); + const form = { + "client_id": process.env.MSA_CLIENT_ID, + "client_secret": process.env.MSA_CLIENT_SECRET, + "refresh_token": xboxRefreshToken, + "grant_type": "refresh_token", + "redirect_uri": this.redirectUri + }; + return await this.authenticateXboxLiveWithFormData(form); + }); } } exports.MicrosoftAuth = MicrosoftAuth; diff --git a/dist/MicrosoftAuth.js.map b/dist/MicrosoftAuth.js.map index 378805f..8a0ac75 100644 --- a/dist/MicrosoftAuth.js.map +++ b/dist/MicrosoftAuth.js.map @@ -1 +1 @@ -{"version":3,"file":"MicrosoftAuth.js","sourceRoot":"/","sources":["MicrosoftAuth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,sDAAwC;AAExC,uCAAyB;AACzB,wEAAyD;AAUzD,yCAAsC;AACtC,iCAAsD;AACtD,sDAA8B;AAC9B,qDAAuC;AAEvC,MAAM,mBAAmB,GAAG,iCAAiC,CAAA;AAC7D,MAAM,qBAAqB,GAAG,qBAAqB,CAAA;AAEnD,iCAAiC;AACjC,MAAa,aAAa;IAItB,YACqB,eAA+E,EAC/E,cAAsB,OAAO,CAAC,GAAG,CAAC,gBAAgB;QADlD,oBAAe,GAAf,eAAe,CAAgE;QAC/E,gBAAW,GAAX,WAAW,CAAuC;IAEvE,CAAC;IAEM,KAAK,CAAC,gBAAgB,CACzB,MAAgB,EAChB,KAAa,EACb,SAAiB;QAEjB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,OAAO,+CAA+C;YAClD,aAAc,OAAO,CAAC,GAAG,CAAC,aAAc,EAAE;YAC1C,qBAAqB;YACrB,iBAAkB,IAAI,CAAC,WAAY,EAAE;YACrC,UAAW,KAAM,EAAE;YACnB,UAAW,KAAM,EAAE;YACnB,gBAAgB;YAChB,cAAe,SAAU,EAAE,CAAC;IACpC,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,IAAY;QACvC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAC/C,MAAM,IAAI,GAAG;YACT,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;YACtC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;YAC9C,MAAM,EAAE,IAAI;YACZ,YAAY,EAAE,oBAAoB;YAClC,cAAc,EAAE,IAAI,CAAC,WAAW;SACnC,CAAA;QACD,OAAO,MAAM,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,8BAA8B,CAAC,SAAiB;QAGlD,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;QAC5D,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,2EAA2E;YAC3E,SAAS,GAAG,KAAM,SAAU,EAAE,CAAC;QACnC,CAAC;QACD,mDAAmD;QACnD,IAAI,iBAA4C,CAAC;QACjD,IAAI,CAAC;YACD,iBAAiB,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;QACxF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAC;gBACtB,IAAI,EAAE;oBACF,KAAK,EAAE,gCAAgC;iBAC1C;aACJ,CAAC,CAAC;YACH,MAAM,IAAI,mBAAQ,CAAC,gCAAgC,EAAE,CAAC,CAAC,CAAC;QAC5D,CAAC;QACD,mCAAmC;QACnC,iDAAiD;QACjD,OAAO;YACH,KAAK,EAAE,iBAAiB;YACxB,EAAE,EAAE,MAAM,IAAI,CAAC,0BAA0B,CAAC,iBAAiB,EAAE,mBAAmB,CAAC;YACjF,IAAI,EAAE,MAAM,IAAI,CAAC,0BAA0B,CAAC,iBAAiB,EAAE,qBAAqB,CAAC;SACxF,CAAC;IACN,CAAC;IAED,KAAK,CAAC,0BAA0B,CAAC,iBAA4C,EAAE,YAAoB;QAC/F,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAA;QACxD,gDAAgD;QAChD,MAAM,IAAI,GAAG;YACT,YAAY,EAAE,YAAY;YAC1B,SAAS,EAAE,KAAK;YAChB,UAAU,EAAE;gBACR,SAAS,EAAE,QAAQ;gBACnB,UAAU,EAAE,CAAC,iBAAiB,CAAC,KAAK,CAAC;aACxC;SACJ,CAAC;QACF,IAAI,YAAgC,CAAC;QACrC,IAAI,CAAC;YACD,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;gBAC9C,MAAM,EAAE,MAAM;gBACd,GAAG,EAAE,+CAA+C;gBACpD,OAAO,EAAE;oBACL,cAAc,EAAE,kBAAkB;oBAClC,QAAQ,EAAE,kBAAkB;oBAC5B,+BAA+B;iBAClC;gBACD,IAAI,EAAE,IAAI;aACb,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAC;gBACtB,IAAI,EAAE;oBACF,KAAK,EAAE,4BAA4B;iBACtC;aACJ,CAAC,CAAC;YACH,MAAM,IAAI,mBAAQ,CAAC,4BAA4B,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,YAAY,CAAC,IAAoB,CAAA;IAC5C,CAAC;IAEO,KAAK,CAAC,gCAAgC,CAAC,IAAS;QACpD,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAA;QAC9D,IAAI,eAA8B,CAAC;QACnC,IAAI,CAAC;YACD,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC;gBACnD,MAAM,EAAE,MAAM;gBACd,GAAG,EAAE,0CAA0C;gBAC/C,OAAO,EAAE;oBACL,cAAc,EAAE,mCAAmC;oBACnD,QAAQ,EAAE,kBAAkB;iBAC/B;gBACD,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAC;gBACtB,IAAI,EAAE;oBACF,KAAK,EAAE,kCAAkC;iBAC5C;aACJ,CAAC,CAAC;YACH,MAAM,IAAI,mBAAQ,CAAC,8BAA8B,EAAE,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC;QACzC,8BAA8B;QAC9B,2CAA2C;QAE3C,6BAA6B;QAC7B,MAAM,eAAe,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;QACpD,MAAM,gBAAgB,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;QAEtD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAAC,eAAe,CAAC,CAAC;QACrF,6BAA6B;QAC7B,iCAAiC;QACjC,MAAM,UAAU,GAAG,iBAAiB,CAAC,EAAE,CAAC;QACxC,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC;QAE5C,MAAM,QAAQ,GAAG,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACrD,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC;QAEnC,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACnF,MAAM,qBAAqB,GAAG,iBAAiB,CAAC,QAAQ,CAAC;QAEzD,OAAO;YACH,oFAAoF;YACpF,aAAa,EAAE,iBAAiB,CAAC,YAAY;YAC7C,GAAG,EAAE;gBACD,IAAI,EAAE;oBACF,WAAW,EAAE,eAAe;oBAC5B,YAAY,EAAE,gBAAgB;oBAC9B,OAAO,EAAE,IAAA,mBAAY,GAAE,GAAG,QAAQ,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;oBAC7D,MAAM,EAAE,IAAA,mBAAY,GAAE;oBACtB,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC;iBACjC;gBACD,SAAS,EAAE;oBACP,KAAK,EAAE,iBAAiB,CAAC,KAAK,CAAC,KAAK;oBACpC,OAAO,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACrE,MAAM,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;oBACxE,QAAQ,EAAE,iBAAiB,CAAC,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG;iBAC7D;gBACD,UAAU,EAAE;oBACR,EAAE,EAAE;wBACA,KAAK,EAAE,UAAU,CAAC,KAAK;wBACvB,OAAO,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;wBACxD,MAAM,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;wBAC3D,MAAM,EAAE,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;qBAC1C;oBACD,IAAI,EAAE;wBACF,KAAK,EAAE,YAAY,CAAC,KAAK;wBACzB,OAAO,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;wBAC1D,MAAM,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;wBAC7D,MAAM,EAAE,YAAY,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;qBAC5C;iBACJ;aACJ;SACJ,CAAA;IACL,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,QAAgB,EAAE,SAAiB;QACtE,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACtD,MAAM,IAAI,GAAG;YACT,aAAa,EAAE,YAAa,QAAS,IAAK,SAAU,EAAE;SACzD,CAAC;QACF,IAAI,iBAAgC,CAAC;QACrC,IAAI,CAAC;YACD,iBAAiB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC;gBAC7D,MAAM,EAAE,MAAM;gBACd,GAAG,EAAE,kEAAkE;gBACvE,OAAO,EAAE;oBACL,cAAc,EAAE,kBAAkB;oBAClC,QAAQ,EAAE,kBAAkB;iBAC/B;gBACD,IAAI,EAAE,IAAI;aACb,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAC;gBACtB,IAAI,EAAE;oBACF,KAAK,EAAE,0BAA0B;iBACpC;aACJ,CAAC,CAAC;YACH,MAAM,IAAI,mBAAQ,CAAC,0BAA0B,EAAE,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CAAC;QAC7C,2BAA2B;QAC3B,8CAA8C;QAC9C,OAAO,aAAkC,CAAC;IAC9C,CAAC;IAGD,KAAK,CAAC,sBAAsB,CAAC,gBAAwB;QACjD,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG;YACT,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;YACtC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;YAC9C,eAAe,EAAE,gBAAgB;YACjC,YAAY,EAAE,eAAe;YAC7B,cAAc,EAAE,IAAI,CAAC,WAAW;SACnC,CAAA;QACD,OAAO,MAAM,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC;;AA1NL,sCA4NC;AA1NU,oBAAM,GAAmB,iBAAO,CAAC,YAAY,EAAE,CAAC","sourcesContent":["import * as process from \"node:process\";\r\nimport axios, { AxiosRequestConfig, AxiosResponse } from \"axios\";\r\nimport * as qs from \"qs\";\r\nimport * as XboxLiveAuth from \"@xboxreplay/xboxlive-auth\"\r\nimport { XBLExchangeTokensResponse } from \"@xboxreplay/xboxlive-auth\"\r\nimport {\r\n MicrosoftAuthInfo,\r\n MicrosoftIdentities, MicrosoftOauthResult,\r\n XboxInfo,\r\n XboxLoginResponse,\r\n XSTSResponse\r\n} from \"@mineskin/types\";\r\nimport { RequestHandlers } from \"./types/RequestHandler\";\r\nimport { MSAError } from \"./MSAError\";\r\nimport { epochSeconds, toEpochSeconds } from \"./util\";\r\nimport winston from \"winston\";\r\nimport * as Sentry from \"@sentry/node\";\r\n\r\nconst MC_XSTSRelyingParty = 'rp://api.minecraftservices.com/'\r\nconst XBOX_XSTSRelyingParty = 'http://xboxlive.com'\r\n\r\n// manage app on portal.azure.com\r\nexport class MicrosoftAuth {\r\n\r\n static logger: winston.Logger = winston.createLogger();\r\n\r\n constructor(\r\n private readonly requestHandlers: RequestHandlers<'generic' | 'liveLogin' | 'minecraftServices'>,\r\n private readonly redirectUri: string = process.env.MSA_REDIRECT_URI,\r\n ) {\r\n }\r\n\r\n public async newOAuthRedirect(\r\n scopes: string[],\r\n state: string,\r\n loginHint: string\r\n ) {\r\n const scope = scopes.join(\"%20\");\r\n return 'https://login.live.com/oauth20_authorize.srf?' +\r\n `client_id=${ process.env.MSA_CLIENT_ID }` +\r\n '&response_type=code' +\r\n `&redirect_uri=${ this.redirectUri }` +\r\n `&scope=${ scope }` +\r\n `&state=${ state }` +\r\n '&prompt=login&' +\r\n `login_hint=${ loginHint }`;\r\n }\r\n\r\n public async loginWithXboxCode(code: string): Promise {\r\n MicrosoftAuth.logger.debug(\"loginWithXboxCode\")\r\n const form = {\r\n \"client_id\": process.env.MSA_CLIENT_ID,\r\n \"client_secret\": process.env.MSA_CLIENT_SECRET,\r\n \"code\": code,\r\n \"grant_type\": \"authorization_code\",\r\n \"redirect_uri\": this.redirectUri\r\n }\r\n return await this.authenticateXboxLiveWithFormData(form);\r\n }\r\n\r\n async exchangeRpsTicketForIdentities(rpsTicket: string): Promise {\r\n MicrosoftAuth.logger.debug(\"exchangeRpsTicketForIdentities\")\r\n if (!rpsTicket.startsWith(\"d=\")) {\r\n // username+password login doesn't seem to need this prefix, code auth does\r\n rpsTicket = `d=${ rpsTicket }`;\r\n }\r\n // https://user.auth.xboxlive.com/user/authenticate\r\n let userTokenResponse: XBLExchangeTokensResponse;\r\n try {\r\n userTokenResponse = await XboxLiveAuth.xbl.exchangeRpsTicketForUserToken(rpsTicket);\r\n } catch (e) {\r\n Sentry.captureException(e,{\r\n tags: {\r\n stage: 'exchangeRpsTicketForIdentities'\r\n }\r\n });\r\n throw new MSAError('exchangeRpsTicketForIdentities', e);\r\n }\r\n // console.log(\"exchangeRpsTicket\")\r\n // console.log(JSON.stringify(userTokenResponse))\r\n return {\r\n token: userTokenResponse,\r\n mc: await this.getIdentityForRelyingParty(userTokenResponse, MC_XSTSRelyingParty),\r\n xbox: await this.getIdentityForRelyingParty(userTokenResponse, XBOX_XSTSRelyingParty)\r\n };\r\n }\r\n\r\n async getIdentityForRelyingParty(userTokenResponse: XBLExchangeTokensResponse, relyingParty: string): Promise {\r\n MicrosoftAuth.logger.debug(\"getIdentityForRelyingParty\")\r\n // https://xsts.auth.xboxlive.com/xsts/authorize\r\n const body = {\r\n RelyingParty: relyingParty,\r\n TokenType: \"JWT\",\r\n Properties: {\r\n SandboxId: \"RETAIL\",\r\n UserTokens: [userTokenResponse.Token]\r\n }\r\n };\r\n let authResponse: AxiosRequestConfig;\r\n try {\r\n authResponse = await this.requestHandlers.generic({\r\n method: \"POST\",\r\n url: \"https://xsts.auth.xboxlive.com/xsts/authorize\",\r\n headers: {\r\n \"Content-Type\": \"application/json\",\r\n \"Accept\": \"application/json\",\r\n /*\"x-xbl-contract-version\": 1*/\r\n },\r\n data: body\r\n });\r\n } catch (e) {\r\n Sentry.captureException(e,{\r\n tags: {\r\n stage: 'getIdentityForRelyingParty'\r\n }\r\n });\r\n throw new MSAError('getIdentityForRelyingParty', e);\r\n }\r\n return authResponse.data as XSTSResponse\r\n }\r\n\r\n private async authenticateXboxLiveWithFormData(form: any): Promise {\r\n MicrosoftAuth.logger.debug(\"authenticateXboxLiveWithFormData\")\r\n let refreshResponse: AxiosResponse;\r\n try {\r\n refreshResponse = await this.requestHandlers.liveLogin({\r\n method: \"POST\",\r\n url: \"https://login.live.com/oauth20_token.srf\",\r\n headers: {\r\n \"Content-Type\": \"application/x-www-form-urlencoded\",\r\n \"Accept\": \"application/json\"\r\n },\r\n data: qs.stringify(form)\r\n });\r\n } catch (e) {\r\n Sentry.captureException(e,{\r\n tags: {\r\n stage: 'authenticateXboxLiveWithFormData'\r\n }\r\n });\r\n throw new MSAError('authenticateXboxWithFormData', e);\r\n }\r\n const refreshBody = refreshResponse.data;\r\n // console.log(\"refreshBody\");\r\n // console.log(JSON.stringify(refreshBody))\r\n\r\n // Microsoft/Xbox accessToken\r\n const xboxAccessToken = refreshBody[\"access_token\"];\r\n const xboxRefreshToken = refreshBody[\"refresh_token\"];\r\n\r\n const identityResponses = await this.exchangeRpsTicketForIdentities(xboxAccessToken);\r\n // console.log(\"identities\");\r\n // console.log(identityResponses)\r\n const mcIdentity = identityResponses.mc;\r\n const xboxIdentity = identityResponses.xbox;\r\n\r\n const userHash = mcIdentity.DisplayClaims.xui[0].uhs;\r\n const XSTSToken = mcIdentity.Token;\r\n\r\n const xboxLoginResponse = await this.loginToMinecraftWithXbox(userHash, XSTSToken);\r\n const minecraftXboxUsername = xboxLoginResponse.username;\r\n\r\n return {\r\n // Minecraft accessToken - does not return a refresh token, so need the MS one above\r\n mcAccessToken: xboxLoginResponse.access_token,\r\n msa: {\r\n auth: {\r\n accessToken: xboxAccessToken,\r\n refreshToken: xboxRefreshToken,\r\n expires: epochSeconds() + parseInt(refreshBody[\"expires_in\"]),\r\n issued: epochSeconds(),\r\n userId: refreshBody[\"user_id\"]\r\n },\r\n userToken: {\r\n token: identityResponses.token.Token,\r\n expires: toEpochSeconds(Date.parse(identityResponses.token.NotAfter)),\r\n issued: toEpochSeconds(Date.parse(identityResponses.token.IssueInstant)),\r\n userHash: identityResponses.token.DisplayClaims.xui[0].uhs\r\n },\r\n identities: {\r\n mc: {\r\n token: mcIdentity.Token,\r\n expires: toEpochSeconds(Date.parse(mcIdentity.NotAfter)),\r\n issued: toEpochSeconds(Date.parse(mcIdentity.IssueInstant)),\r\n claims: mcIdentity.DisplayClaims.xui[0]\r\n },\r\n xbox: {\r\n token: xboxIdentity.Token,\r\n expires: toEpochSeconds(Date.parse(xboxIdentity.NotAfter)),\r\n issued: toEpochSeconds(Date.parse(xboxIdentity.IssueInstant)),\r\n claims: xboxIdentity.DisplayClaims.xui[0]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n\r\n private async loginToMinecraftWithXbox(userHash: string, xstsToken: string): Promise {\r\n MicrosoftAuth.logger.debug(\"loginToMinecraftWithXbox\")\r\n const body = {\r\n identityToken: `XBL3.0 x=${ userHash };${ xstsToken }`\r\n };\r\n let xboxLoginResponse: AxiosResponse;\r\n try {\r\n xboxLoginResponse = await this.requestHandlers.minecraftServices({\r\n method: \"POST\",\r\n url: \"https://api.minecraftservices.com/authentication/login_with_xbox\",\r\n headers: {\r\n \"Content-Type\": \"application/json\",\r\n \"Accept\": \"application/json\"\r\n },\r\n data: body\r\n });\r\n } catch (e) {\r\n Sentry.captureException(e,{\r\n tags: {\r\n stage: 'loginToMinecraftWithXbox'\r\n }\r\n });\r\n throw new MSAError('loginToMinecraftWithXbox', e);\r\n }\r\n const xboxLoginBody = xboxLoginResponse.data;\r\n // console.log(\"xboxLogin\")\r\n // console.log(JSON.stringify(xboxLoginBody));\r\n return xboxLoginBody as XboxLoginResponse;\r\n }\r\n\r\n\r\n async refreshXboxAccessToken(xboxRefreshToken: string): Promise {\r\n MicrosoftAuth.logger.debug(\"refreshXboxAccessToken\");\r\n const form = {\r\n \"client_id\": process.env.MSA_CLIENT_ID,\r\n \"client_secret\": process.env.MSA_CLIENT_SECRET,\r\n \"refresh_token\": xboxRefreshToken,\r\n \"grant_type\": \"refresh_token\",\r\n \"redirect_uri\": this.redirectUri\r\n }\r\n return await this.authenticateXboxLiveWithFormData(form);\r\n }\r\n\r\n}\r\n"]} \ No newline at end of file +{"version":3,"file":"MicrosoftAuth.js","sourceRoot":"/","sources":["MicrosoftAuth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,sDAAwC;AAExC,uCAAyB;AACzB,wEAAyD;AAUzD,yCAAsC;AACtC,iCAAsD;AACtD,sDAA8B;AAC9B,qDAAuC;AAEvC,MAAM,mBAAmB,GAAG,iCAAiC,CAAA;AAC7D,MAAM,qBAAqB,GAAG,qBAAqB,CAAA;AAEnD,iCAAiC;AACjC,MAAa,aAAa;IAItB,YACqB,eAA+E,EAC/E,cAAsB,OAAO,CAAC,GAAG,CAAC,gBAAgB;QADlD,oBAAe,GAAf,eAAe,CAAgE;QAC/E,gBAAW,GAAX,WAAW,CAAuC;IAEvE,CAAC;IAEM,KAAK,CAAC,gBAAgB,CACzB,MAAgB,EAChB,KAAa,EACb,SAAiB;QAEjB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,OAAO,+CAA+C;YAClD,aAAc,OAAO,CAAC,GAAG,CAAC,aAAc,EAAE;YAC1C,qBAAqB;YACrB,iBAAkB,IAAI,CAAC,WAAY,EAAE;YACrC,UAAW,KAAM,EAAE;YACnB,UAAW,KAAM,EAAE;YACnB,gBAAgB;YAChB,cAAe,SAAU,EAAE,CAAC;IACpC,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,IAAY;QACvC,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,mBAAmB;SAC5B,EAAE,KAAK,IAAI,EAAE;YACV,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;YAC/C,MAAM,IAAI,GAAG;gBACT,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;gBACtC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;gBAC9C,MAAM,EAAE,IAAI;gBACZ,YAAY,EAAE,oBAAoB;gBAClC,cAAc,EAAE,IAAI,CAAC,WAAW;aACnC,CAAA;YACD,OAAO,MAAM,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,8BAA8B,CAAC,SAAiB;QAGlD,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,gCAAgC;SACzC,EAAE,KAAK,IAAI,EAAE;YACV,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;YAC5D,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,2EAA2E;gBAC3E,SAAS,GAAG,KAAM,SAAU,EAAE,CAAC;YACnC,CAAC;YACD,mDAAmD;YACnD,IAAI,iBAA4C,CAAC;YACjD,IAAI,CAAC;gBACD,iBAAiB,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;YACxF,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAE;oBACvB,IAAI,EAAE;wBACF,KAAK,EAAE,gCAAgC;qBAC1C;iBACJ,CAAC,CAAC;gBACH,MAAM,IAAI,mBAAQ,CAAC,gCAAgC,EAAE,CAAC,CAAC,CAAC;YAC5D,CAAC;YACD,mCAAmC;YACnC,iDAAiD;YACjD,OAAO;gBACH,KAAK,EAAE,iBAAiB;gBACxB,EAAE,EAAE,MAAM,IAAI,CAAC,0BAA0B,CAAC,iBAAiB,EAAE,mBAAmB,CAAC;gBACjF,IAAI,EAAE,MAAM,IAAI,CAAC,0BAA0B,CAAC,iBAAiB,EAAE,qBAAqB,CAAC;aACxF,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,0BAA0B,CAAC,iBAA4C,EAAE,YAAoB;QAC/F,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,4BAA4B;SACrC,EAAE,KAAK,IAAI,EAAE;YACV,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAA;YACxD,gDAAgD;YAChD,MAAM,IAAI,GAAG;gBACT,YAAY,EAAE,YAAY;gBAC1B,SAAS,EAAE,KAAK;gBAChB,UAAU,EAAE;oBACR,SAAS,EAAE,QAAQ;oBACnB,UAAU,EAAE,CAAC,iBAAiB,CAAC,KAAK,CAAC;iBACxC;aACJ,CAAC;YACF,IAAI,YAAgC,CAAC;YACrC,IAAI,CAAC;gBACD,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;oBAC9C,MAAM,EAAE,MAAM;oBACd,GAAG,EAAE,+CAA+C;oBACpD,OAAO,EAAE;wBACL,cAAc,EAAE,kBAAkB;wBAClC,QAAQ,EAAE,kBAAkB;wBAC5B,+BAA+B;qBAClC;oBACD,IAAI,EAAE,IAAI;iBACb,CAAC,CAAC;YACP,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAE;oBACvB,IAAI,EAAE;wBACF,KAAK,EAAE,4BAA4B;qBACtC;iBACJ,CAAC,CAAC;gBACH,MAAM,IAAI,mBAAQ,CAAC,4BAA4B,EAAE,CAAC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,YAAY,CAAC,IAAoB,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,KAAK,CAAC,gCAAgC,CAAC,IAAS;QACpD,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,kCAAkC;SAC3C,EAAE,KAAK,IAAI,EAAE;YACV,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAA;YAC9D,IAAI,eAA8B,CAAC;YACnC,IAAI,CAAC;gBACD,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC;oBACnD,MAAM,EAAE,MAAM;oBACd,GAAG,EAAE,0CAA0C;oBAC/C,OAAO,EAAE;wBACL,cAAc,EAAE,mCAAmC;wBACnD,QAAQ,EAAE,kBAAkB;qBAC/B;oBACD,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;iBAC3B,CAAC,CAAC;YACP,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAE;oBACvB,IAAI,EAAE;wBACF,KAAK,EAAE,kCAAkC;qBAC5C;iBACJ,CAAC,CAAC;gBACH,MAAM,IAAI,mBAAQ,CAAC,8BAA8B,EAAE,CAAC,CAAC,CAAC;YAC1D,CAAC;YACD,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC;YACzC,8BAA8B;YAC9B,2CAA2C;YAE3C,6BAA6B;YAC7B,MAAM,eAAe,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;YACpD,MAAM,gBAAgB,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;YAEtD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAAC,eAAe,CAAC,CAAC;YACrF,6BAA6B;YAC7B,iCAAiC;YACjC,MAAM,UAAU,GAAG,iBAAiB,CAAC,EAAE,CAAC;YACxC,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC;YAE5C,MAAM,QAAQ,GAAG,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACrD,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC;YAEnC,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACnF,MAAM,qBAAqB,GAAG,iBAAiB,CAAC,QAAQ,CAAC;YAEzD,OAAO;gBACH,oFAAoF;gBACpF,aAAa,EAAE,iBAAiB,CAAC,YAAY;gBAC7C,GAAG,EAAE;oBACD,IAAI,EAAE;wBACF,WAAW,EAAE,eAAe;wBAC5B,YAAY,EAAE,gBAAgB;wBAC9B,OAAO,EAAE,IAAA,mBAAY,GAAE,GAAG,QAAQ,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;wBAC7D,MAAM,EAAE,IAAA,mBAAY,GAAE;wBACtB,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC;qBACjC;oBACD,SAAS,EAAE;wBACP,KAAK,EAAE,iBAAiB,CAAC,KAAK,CAAC,KAAK;wBACpC,OAAO,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;wBACrE,MAAM,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;wBACxE,QAAQ,EAAE,iBAAiB,CAAC,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG;qBAC7D;oBACD,UAAU,EAAE;wBACR,EAAE,EAAE;4BACA,KAAK,EAAE,UAAU,CAAC,KAAK;4BACvB,OAAO,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;4BACxD,MAAM,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;4BAC3D,MAAM,EAAE,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;yBAC1C;wBACD,IAAI,EAAE;4BACF,KAAK,EAAE,YAAY,CAAC,KAAK;4BACzB,OAAO,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;4BAC1D,MAAM,EAAE,IAAA,qBAAc,EAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;4BAC7D,MAAM,EAAE,YAAY,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;yBAC5C;qBACJ;iBACJ;aACJ,CAAA;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,QAAgB,EAAE,SAAiB;QACtE,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,0BAA0B;SACnC,EAAE,KAAK,IAAI,EAAE;YACV,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;YACtD,MAAM,IAAI,GAAG;gBACT,aAAa,EAAE,YAAa,QAAS,IAAK,SAAU,EAAE;aACzD,CAAC;YACF,IAAI,iBAAgC,CAAC;YACrC,IAAI,CAAC;gBACD,iBAAiB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC;oBAC7D,MAAM,EAAE,MAAM;oBACd,GAAG,EAAE,kEAAkE;oBACvE,OAAO,EAAE;wBACL,cAAc,EAAE,kBAAkB;wBAClC,QAAQ,EAAE,kBAAkB;qBAC/B;oBACD,IAAI,EAAE,IAAI;iBACb,CAAC,CAAC;YACP,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,MAAM,CAAC,gBAAgB,CAAC,CAAC,EAAE;oBACvB,IAAI,EAAE;wBACF,KAAK,EAAE,0BAA0B;qBACpC;iBACJ,CAAC,CAAC;gBACH,MAAM,IAAI,mBAAQ,CAAC,0BAA0B,EAAE,CAAC,CAAC,CAAC;YACtD,CAAC;YACD,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CAAC;YAC7C,2BAA2B;YAC3B,8CAA8C;YAC9C,OAAO,aAAkC,CAAC;QAC9C,CAAC,CAAC,CAAC;IACP,CAAC;IAGD,KAAK,CAAC,sBAAsB,CAAC,gBAAwB;QACjD,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,wBAAwB;SACjC,EAAE,KAAK,IAAI,EAAE;YACV,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACrD,MAAM,IAAI,GAAG;gBACT,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;gBACtC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;gBAC9C,eAAe,EAAE,gBAAgB;gBACjC,YAAY,EAAE,eAAe;gBAC7B,cAAc,EAAE,IAAI,CAAC,WAAW;aACnC,CAAA;YACD,OAAO,MAAM,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACP,CAAC;;AAxPL,sCA0PC;AAxPU,oBAAM,GAAmB,iBAAO,CAAC,YAAY,EAAE,CAAC","sourcesContent":["import * as process from \"node:process\";\r\nimport axios, { AxiosRequestConfig, AxiosResponse } from \"axios\";\r\nimport * as qs from \"qs\";\r\nimport * as XboxLiveAuth from \"@xboxreplay/xboxlive-auth\"\r\nimport { XBLExchangeTokensResponse } from \"@xboxreplay/xboxlive-auth\"\r\nimport {\r\n MicrosoftAuthInfo,\r\n MicrosoftIdentities, MicrosoftOauthResult,\r\n XboxInfo,\r\n XboxLoginResponse,\r\n XSTSResponse\r\n} from \"@mineskin/types\";\r\nimport { RequestHandlers } from \"./types/RequestHandler\";\r\nimport { MSAError } from \"./MSAError\";\r\nimport { epochSeconds, toEpochSeconds } from \"./util\";\r\nimport winston from \"winston\";\r\nimport * as Sentry from \"@sentry/node\";\r\n\r\nconst MC_XSTSRelyingParty = 'rp://api.minecraftservices.com/'\r\nconst XBOX_XSTSRelyingParty = 'http://xboxlive.com'\r\n\r\n// manage app on portal.azure.com\r\nexport class MicrosoftAuth {\r\n\r\n static logger: winston.Logger = winston.createLogger();\r\n\r\n constructor(\r\n private readonly requestHandlers: RequestHandlers<'generic' | 'liveLogin' | 'minecraftServices'>,\r\n private readonly redirectUri: string = process.env.MSA_REDIRECT_URI,\r\n ) {\r\n }\r\n\r\n public async newOAuthRedirect(\r\n scopes: string[],\r\n state: string,\r\n loginHint: string\r\n ) {\r\n const scope = scopes.join(\"%20\");\r\n return 'https://login.live.com/oauth20_authorize.srf?' +\r\n `client_id=${ process.env.MSA_CLIENT_ID }` +\r\n '&response_type=code' +\r\n `&redirect_uri=${ this.redirectUri }` +\r\n `&scope=${ scope }` +\r\n `&state=${ state }` +\r\n '&prompt=login&' +\r\n `login_hint=${ loginHint }`;\r\n }\r\n\r\n public async loginWithXboxCode(code: string): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'loginWithXboxCode'\r\n }, async () => {\r\n MicrosoftAuth.logger.debug(\"loginWithXboxCode\")\r\n const form = {\r\n \"client_id\": process.env.MSA_CLIENT_ID,\r\n \"client_secret\": process.env.MSA_CLIENT_SECRET,\r\n \"code\": code,\r\n \"grant_type\": \"authorization_code\",\r\n \"redirect_uri\": this.redirectUri\r\n }\r\n return await this.authenticateXboxLiveWithFormData(form);\r\n });\r\n }\r\n\r\n async exchangeRpsTicketForIdentities(rpsTicket: string): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'exchangeRpsTicketForIdentities'\r\n }, async () => {\r\n MicrosoftAuth.logger.debug(\"exchangeRpsTicketForIdentities\")\r\n if (!rpsTicket.startsWith(\"d=\")) {\r\n // username+password login doesn't seem to need this prefix, code auth does\r\n rpsTicket = `d=${ rpsTicket }`;\r\n }\r\n // https://user.auth.xboxlive.com/user/authenticate\r\n let userTokenResponse: XBLExchangeTokensResponse;\r\n try {\r\n userTokenResponse = await XboxLiveAuth.xbl.exchangeRpsTicketForUserToken(rpsTicket);\r\n } catch (e) {\r\n Sentry.captureException(e, {\r\n tags: {\r\n stage: 'exchangeRpsTicketForIdentities'\r\n }\r\n });\r\n throw new MSAError('exchangeRpsTicketForIdentities', e);\r\n }\r\n // console.log(\"exchangeRpsTicket\")\r\n // console.log(JSON.stringify(userTokenResponse))\r\n return {\r\n token: userTokenResponse,\r\n mc: await this.getIdentityForRelyingParty(userTokenResponse, MC_XSTSRelyingParty),\r\n xbox: await this.getIdentityForRelyingParty(userTokenResponse, XBOX_XSTSRelyingParty)\r\n };\r\n });\r\n }\r\n\r\n async getIdentityForRelyingParty(userTokenResponse: XBLExchangeTokensResponse, relyingParty: string): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'getIdentityForRelyingParty'\r\n }, async () => {\r\n MicrosoftAuth.logger.debug(\"getIdentityForRelyingParty\")\r\n // https://xsts.auth.xboxlive.com/xsts/authorize\r\n const body = {\r\n RelyingParty: relyingParty,\r\n TokenType: \"JWT\",\r\n Properties: {\r\n SandboxId: \"RETAIL\",\r\n UserTokens: [userTokenResponse.Token]\r\n }\r\n };\r\n let authResponse: AxiosRequestConfig;\r\n try {\r\n authResponse = await this.requestHandlers.generic({\r\n method: \"POST\",\r\n url: \"https://xsts.auth.xboxlive.com/xsts/authorize\",\r\n headers: {\r\n \"Content-Type\": \"application/json\",\r\n \"Accept\": \"application/json\",\r\n /*\"x-xbl-contract-version\": 1*/\r\n },\r\n data: body\r\n });\r\n } catch (e) {\r\n Sentry.captureException(e, {\r\n tags: {\r\n stage: 'getIdentityForRelyingParty'\r\n }\r\n });\r\n throw new MSAError('getIdentityForRelyingParty', e);\r\n }\r\n return authResponse.data as XSTSResponse;\r\n });\r\n }\r\n\r\n private async authenticateXboxLiveWithFormData(form: any): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'authenticateXboxLiveWithFormData'\r\n }, async () => {\r\n MicrosoftAuth.logger.debug(\"authenticateXboxLiveWithFormData\")\r\n let refreshResponse: AxiosResponse;\r\n try {\r\n refreshResponse = await this.requestHandlers.liveLogin({\r\n method: \"POST\",\r\n url: \"https://login.live.com/oauth20_token.srf\",\r\n headers: {\r\n \"Content-Type\": \"application/x-www-form-urlencoded\",\r\n \"Accept\": \"application/json\"\r\n },\r\n data: qs.stringify(form)\r\n });\r\n } catch (e) {\r\n Sentry.captureException(e, {\r\n tags: {\r\n stage: 'authenticateXboxLiveWithFormData'\r\n }\r\n });\r\n throw new MSAError('authenticateXboxWithFormData', e);\r\n }\r\n const refreshBody = refreshResponse.data;\r\n // console.log(\"refreshBody\");\r\n // console.log(JSON.stringify(refreshBody))\r\n\r\n // Microsoft/Xbox accessToken\r\n const xboxAccessToken = refreshBody[\"access_token\"];\r\n const xboxRefreshToken = refreshBody[\"refresh_token\"];\r\n\r\n const identityResponses = await this.exchangeRpsTicketForIdentities(xboxAccessToken);\r\n // console.log(\"identities\");\r\n // console.log(identityResponses)\r\n const mcIdentity = identityResponses.mc;\r\n const xboxIdentity = identityResponses.xbox;\r\n\r\n const userHash = mcIdentity.DisplayClaims.xui[0].uhs;\r\n const XSTSToken = mcIdentity.Token;\r\n\r\n const xboxLoginResponse = await this.loginToMinecraftWithXbox(userHash, XSTSToken);\r\n const minecraftXboxUsername = xboxLoginResponse.username;\r\n\r\n return {\r\n // Minecraft accessToken - does not return a refresh token, so need the MS one above\r\n mcAccessToken: xboxLoginResponse.access_token,\r\n msa: {\r\n auth: {\r\n accessToken: xboxAccessToken,\r\n refreshToken: xboxRefreshToken,\r\n expires: epochSeconds() + parseInt(refreshBody[\"expires_in\"]),\r\n issued: epochSeconds(),\r\n userId: refreshBody[\"user_id\"]\r\n },\r\n userToken: {\r\n token: identityResponses.token.Token,\r\n expires: toEpochSeconds(Date.parse(identityResponses.token.NotAfter)),\r\n issued: toEpochSeconds(Date.parse(identityResponses.token.IssueInstant)),\r\n userHash: identityResponses.token.DisplayClaims.xui[0].uhs\r\n },\r\n identities: {\r\n mc: {\r\n token: mcIdentity.Token,\r\n expires: toEpochSeconds(Date.parse(mcIdentity.NotAfter)),\r\n issued: toEpochSeconds(Date.parse(mcIdentity.IssueInstant)),\r\n claims: mcIdentity.DisplayClaims.xui[0]\r\n },\r\n xbox: {\r\n token: xboxIdentity.Token,\r\n expires: toEpochSeconds(Date.parse(xboxIdentity.NotAfter)),\r\n issued: toEpochSeconds(Date.parse(xboxIdentity.IssueInstant)),\r\n claims: xboxIdentity.DisplayClaims.xui[0]\r\n }\r\n }\r\n }\r\n }\r\n });\r\n }\r\n\r\n private async loginToMinecraftWithXbox(userHash: string, xstsToken: string): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'loginToMinecraftWithXbox'\r\n }, async () => {\r\n MicrosoftAuth.logger.debug(\"loginToMinecraftWithXbox\")\r\n const body = {\r\n identityToken: `XBL3.0 x=${ userHash };${ xstsToken }`\r\n };\r\n let xboxLoginResponse: AxiosResponse;\r\n try {\r\n xboxLoginResponse = await this.requestHandlers.minecraftServices({\r\n method: \"POST\",\r\n url: \"https://api.minecraftservices.com/authentication/login_with_xbox\",\r\n headers: {\r\n \"Content-Type\": \"application/json\",\r\n \"Accept\": \"application/json\"\r\n },\r\n data: body\r\n });\r\n } catch (e) {\r\n Sentry.captureException(e, {\r\n tags: {\r\n stage: 'loginToMinecraftWithXbox'\r\n }\r\n });\r\n throw new MSAError('loginToMinecraftWithXbox', e);\r\n }\r\n const xboxLoginBody = xboxLoginResponse.data;\r\n // console.log(\"xboxLogin\")\r\n // console.log(JSON.stringify(xboxLoginBody));\r\n return xboxLoginBody as XboxLoginResponse;\r\n });\r\n }\r\n\r\n\r\n async refreshXboxAccessToken(xboxRefreshToken: string): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'refreshXboxAccessToken'\r\n }, async () => {\r\n MicrosoftAuth.logger.debug(\"refreshXboxAccessToken\");\r\n const form = {\r\n \"client_id\": process.env.MSA_CLIENT_ID,\r\n \"client_secret\": process.env.MSA_CLIENT_SECRET,\r\n \"refresh_token\": xboxRefreshToken,\r\n \"grant_type\": \"refresh_token\",\r\n \"redirect_uri\": this.redirectUri\r\n }\r\n return await this.authenticateXboxLiveWithFormData(form);\r\n });\r\n }\r\n\r\n}\r\n"]} \ No newline at end of file diff --git a/dist/MinecraftAuth.js b/dist/MinecraftAuth.js index c26aed4..194da5c 100644 --- a/dist/MinecraftAuth.js +++ b/dist/MinecraftAuth.js @@ -1,37 +1,71 @@ "use strict"; +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.MinecraftAuth = void 0; const winston_1 = __importDefault(require("winston")); +const Sentry = __importStar(require("@sentry/node")); class MinecraftAuth { constructor(requestHandlers) { this.requestHandlers = requestHandlers; } async checkGameOwnership(accessToken) { - MinecraftAuth.logger.debug("checkGameOwnership"); - const entitlementsResponse = await this.requestHandlers.minecraftServices({ - method: "GET", - url: "https://api.minecraftservices.com/entitlements/mcstore", - headers: { - Authorization: `Bearer ${accessToken}` - } + return await Sentry.startSpan({ + op: 'auth', + name: 'checkGameOwnership' + }, async () => { + MinecraftAuth.logger.debug("checkGameOwnership"); + const entitlementsResponse = await this.requestHandlers.minecraftServices({ + method: "GET", + url: "https://api.minecraftservices.com/entitlements/mcstore", + headers: { + Authorization: `Bearer ${accessToken}` + } + }); + const entitlementsBody = entitlementsResponse.data; + // console.log("entitlements"); + // console.log(entitlementsBody) + return entitlementsBody.hasOwnProperty("items") && entitlementsBody["items"].length > 0; }); - const entitlementsBody = entitlementsResponse.data; - // console.log("entitlements"); - // console.log(entitlementsBody) - return entitlementsBody.hasOwnProperty("items") && entitlementsBody["items"].length > 0; } async getProfile(accessToken) { - const response = await this.requestHandlers.minecraftServicesProfile({ - method: "GET", - url: "/minecraft/profile", - headers: { - "Authorization": `Bearer ${accessToken}` - } + return await Sentry.startSpan({ + op: 'auth', + name: 'getProfile' + }, async () => { + const response = await this.requestHandlers.minecraftServicesProfile({ + method: "GET", + url: "/minecraft/profile", + headers: { + "Authorization": `Bearer ${accessToken}` + } + }); + return response.data; }); - return response.data; } } exports.MinecraftAuth = MinecraftAuth; diff --git a/dist/MinecraftAuth.js.map b/dist/MinecraftAuth.js.map index 8a595b9..dd6023e 100644 --- a/dist/MinecraftAuth.js.map +++ b/dist/MinecraftAuth.js.map @@ -1 +1 @@ -{"version":3,"file":"MinecraftAuth.js","sourceRoot":"/","sources":["MinecraftAuth.ts"],"names":[],"mappings":";;;;;;AAEA,sDAA8B;AAE9B,MAAa,aAAa;IAItB,YACqB,eAAgF;QAAhF,oBAAe,GAAf,eAAe,CAAiE;IAErG,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,WAAmB;QACxC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;QAChD,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC;YACtE,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,wDAAwD;YAC7D,OAAO,EAAE;gBACL,aAAa,EAAE,UAAW,WAAY,EAAE;aAC3C;SACJ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC;QACnD,+BAA+B;QAC/B,gCAAgC;QAChC,OAAO,gBAAgB,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,WAAmB;QACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,wBAAwB,CAAC;YACjE,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,oBAAoB;YACzB,OAAO,EAAE;gBACL,eAAe,EAAE,UAAU,WAAW,EAAE;aAC3C;SACJ,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAI,CAAC;IACzB,CAAC;;AAjCL,sCAmCC;AAjCU,oBAAM,GAAmB,iBAAO,CAAC,YAAY,EAAE,CAAC","sourcesContent":["import { RequestHandlers } from \"./types/RequestHandler\";\r\nimport { BasicMojangProfile } from \"@mineskin/types\";\r\nimport winston from \"winston\";\r\n\r\nexport class MinecraftAuth {\r\n\r\n static logger: winston.Logger = winston.createLogger();\r\n\r\n constructor(\r\n private readonly requestHandlers: RequestHandlers<'minecraftServices'|'minecraftServicesProfile'>\r\n ) {\r\n }\r\n\r\n async checkGameOwnership(accessToken: string): Promise {\r\n MinecraftAuth.logger.debug(\"checkGameOwnership\")\r\n const entitlementsResponse = await this.requestHandlers.minecraftServices({\r\n method: \"GET\",\r\n url: \"https://api.minecraftservices.com/entitlements/mcstore\",\r\n headers: {\r\n Authorization: `Bearer ${ accessToken }`\r\n }\r\n });\r\n const entitlementsBody = entitlementsResponse.data;\r\n // console.log(\"entitlements\");\r\n // console.log(entitlementsBody)\r\n return entitlementsBody.hasOwnProperty(\"items\") && entitlementsBody[\"items\"].length > 0;\r\n }\r\n\r\n public async getProfile(accessToken: string): Promise {\r\n const response = await this.requestHandlers.minecraftServicesProfile({\r\n method: \"GET\",\r\n url: \"/minecraft/profile\",\r\n headers: {\r\n \"Authorization\": `Bearer ${accessToken}`\r\n }\r\n });\r\n return response.data;\r\n }\r\n\r\n}\r\n"]} \ No newline at end of file +{"version":3,"file":"MinecraftAuth.js","sourceRoot":"/","sources":["MinecraftAuth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,sDAA8B;AAC9B,qDAAuC;AAEvC,MAAa,aAAa;IAItB,YACqB,eAAgF;QAAhF,oBAAe,GAAf,eAAe,CAAiE;IAErG,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,WAAmB;QACxC,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,oBAAoB;SAC7B,EAAE,KAAK,IAAI,EAAE;YACV,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;YAChD,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC;gBACtE,MAAM,EAAE,KAAK;gBACb,GAAG,EAAE,wDAAwD;gBAC7D,OAAO,EAAE;oBACL,aAAa,EAAE,UAAW,WAAY,EAAE;iBAC3C;aACJ,CAAC,CAAC;YACH,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC;YACnD,+BAA+B;YAC/B,gCAAgC;YAChC,OAAO,gBAAgB,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,gBAAgB,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;IACP,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,WAAmB;QACvC,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,YAAY;SACrB,EAAE,KAAK,IAAI,EAAE;YACV,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,wBAAwB,CAAC;gBACjE,MAAM,EAAE,KAAK;gBACb,GAAG,EAAE,oBAAoB;gBACzB,OAAO,EAAE;oBACL,eAAe,EAAE,UAAW,WAAY,EAAE;iBAC7C;aACJ,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC,IAAI,CAAC;QACzB,CAAC,CAAC,CAAC;IACP,CAAC;;AA3CL,sCA6CC;AA3CU,oBAAM,GAAmB,iBAAO,CAAC,YAAY,EAAE,CAAC","sourcesContent":["import { RequestHandlers } from \"./types/RequestHandler\";\r\nimport { BasicMojangProfile } from \"@mineskin/types\";\r\nimport winston from \"winston\";\r\nimport * as Sentry from \"@sentry/node\";\r\n\r\nexport class MinecraftAuth {\r\n\r\n static logger: winston.Logger = winston.createLogger();\r\n\r\n constructor(\r\n private readonly requestHandlers: RequestHandlers<'minecraftServices'|'minecraftServicesProfile'>\r\n ) {\r\n }\r\n\r\n async checkGameOwnership(accessToken: string): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'checkGameOwnership'\r\n }, async () => {\r\n MinecraftAuth.logger.debug(\"checkGameOwnership\")\r\n const entitlementsResponse = await this.requestHandlers.minecraftServices({\r\n method: \"GET\",\r\n url: \"https://api.minecraftservices.com/entitlements/mcstore\",\r\n headers: {\r\n Authorization: `Bearer ${ accessToken }`\r\n }\r\n });\r\n const entitlementsBody = entitlementsResponse.data;\r\n // console.log(\"entitlements\");\r\n // console.log(entitlementsBody)\r\n return entitlementsBody.hasOwnProperty(\"items\") && entitlementsBody[\"items\"].length > 0;\r\n });\r\n }\r\n\r\n public async getProfile(accessToken: string): Promise {\r\n return await Sentry.startSpan({\r\n op: 'auth',\r\n name: 'getProfile'\r\n }, async () => {\r\n const response = await this.requestHandlers.minecraftServicesProfile({\r\n method: \"GET\",\r\n url: \"/minecraft/profile\",\r\n headers: {\r\n \"Authorization\": `Bearer ${ accessToken }`\r\n }\r\n });\r\n return response.data;\r\n });\r\n }\r\n\r\n}\r\n"]} \ No newline at end of file diff --git a/src/MicrosoftAuth.ts b/src/MicrosoftAuth.ts index aace97f..450f983 100644 --- a/src/MicrosoftAuth.ts +++ b/src/MicrosoftAuth.ts @@ -47,197 +47,227 @@ export class MicrosoftAuth { } public async loginWithXboxCode(code: string): Promise { - MicrosoftAuth.logger.debug("loginWithXboxCode") - const form = { - "client_id": process.env.MSA_CLIENT_ID, - "client_secret": process.env.MSA_CLIENT_SECRET, - "code": code, - "grant_type": "authorization_code", - "redirect_uri": this.redirectUri - } - return await this.authenticateXboxLiveWithFormData(form); + return await Sentry.startSpan({ + op: 'auth', + name: 'loginWithXboxCode' + }, async () => { + MicrosoftAuth.logger.debug("loginWithXboxCode") + const form = { + "client_id": process.env.MSA_CLIENT_ID, + "client_secret": process.env.MSA_CLIENT_SECRET, + "code": code, + "grant_type": "authorization_code", + "redirect_uri": this.redirectUri + } + return await this.authenticateXboxLiveWithFormData(form); + }); } async exchangeRpsTicketForIdentities(rpsTicket: string): Promise { - MicrosoftAuth.logger.debug("exchangeRpsTicketForIdentities") - if (!rpsTicket.startsWith("d=")) { - // username+password login doesn't seem to need this prefix, code auth does - rpsTicket = `d=${ rpsTicket }`; - } - // https://user.auth.xboxlive.com/user/authenticate - let userTokenResponse: XBLExchangeTokensResponse; - try { - userTokenResponse = await XboxLiveAuth.xbl.exchangeRpsTicketForUserToken(rpsTicket); - } catch (e) { - Sentry.captureException(e,{ - tags: { - stage: 'exchangeRpsTicketForIdentities' - } - }); - throw new MSAError('exchangeRpsTicketForIdentities', e); - } - // console.log("exchangeRpsTicket") - // console.log(JSON.stringify(userTokenResponse)) - return { - token: userTokenResponse, - mc: await this.getIdentityForRelyingParty(userTokenResponse, MC_XSTSRelyingParty), - xbox: await this.getIdentityForRelyingParty(userTokenResponse, XBOX_XSTSRelyingParty) - }; + return await Sentry.startSpan({ + op: 'auth', + name: 'exchangeRpsTicketForIdentities' + }, async () => { + MicrosoftAuth.logger.debug("exchangeRpsTicketForIdentities") + if (!rpsTicket.startsWith("d=")) { + // username+password login doesn't seem to need this prefix, code auth does + rpsTicket = `d=${ rpsTicket }`; + } + // https://user.auth.xboxlive.com/user/authenticate + let userTokenResponse: XBLExchangeTokensResponse; + try { + userTokenResponse = await XboxLiveAuth.xbl.exchangeRpsTicketForUserToken(rpsTicket); + } catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'exchangeRpsTicketForIdentities' + } + }); + throw new MSAError('exchangeRpsTicketForIdentities', e); + } + // console.log("exchangeRpsTicket") + // console.log(JSON.stringify(userTokenResponse)) + return { + token: userTokenResponse, + mc: await this.getIdentityForRelyingParty(userTokenResponse, MC_XSTSRelyingParty), + xbox: await this.getIdentityForRelyingParty(userTokenResponse, XBOX_XSTSRelyingParty) + }; + }); } async getIdentityForRelyingParty(userTokenResponse: XBLExchangeTokensResponse, relyingParty: string): Promise { - MicrosoftAuth.logger.debug("getIdentityForRelyingParty") - // https://xsts.auth.xboxlive.com/xsts/authorize - const body = { - RelyingParty: relyingParty, - TokenType: "JWT", - Properties: { - SandboxId: "RETAIL", - UserTokens: [userTokenResponse.Token] - } - }; - let authResponse: AxiosRequestConfig; - try { - authResponse = await this.requestHandlers.generic({ - method: "POST", - url: "https://xsts.auth.xboxlive.com/xsts/authorize", - headers: { - "Content-Type": "application/json", - "Accept": "application/json", - /*"x-xbl-contract-version": 1*/ - }, - data: body - }); - } catch (e) { - Sentry.captureException(e,{ - tags: { - stage: 'getIdentityForRelyingParty' + return await Sentry.startSpan({ + op: 'auth', + name: 'getIdentityForRelyingParty' + }, async () => { + MicrosoftAuth.logger.debug("getIdentityForRelyingParty") + // https://xsts.auth.xboxlive.com/xsts/authorize + const body = { + RelyingParty: relyingParty, + TokenType: "JWT", + Properties: { + SandboxId: "RETAIL", + UserTokens: [userTokenResponse.Token] } - }); - throw new MSAError('getIdentityForRelyingParty', e); - } - return authResponse.data as XSTSResponse + }; + let authResponse: AxiosRequestConfig; + try { + authResponse = await this.requestHandlers.generic({ + method: "POST", + url: "https://xsts.auth.xboxlive.com/xsts/authorize", + headers: { + "Content-Type": "application/json", + "Accept": "application/json", + /*"x-xbl-contract-version": 1*/ + }, + data: body + }); + } catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'getIdentityForRelyingParty' + } + }); + throw new MSAError('getIdentityForRelyingParty', e); + } + return authResponse.data as XSTSResponse; + }); } private async authenticateXboxLiveWithFormData(form: any): Promise { - MicrosoftAuth.logger.debug("authenticateXboxLiveWithFormData") - let refreshResponse: AxiosResponse; - try { - refreshResponse = await this.requestHandlers.liveLogin({ - method: "POST", - url: "https://login.live.com/oauth20_token.srf", - headers: { - "Content-Type": "application/x-www-form-urlencoded", - "Accept": "application/json" - }, - data: qs.stringify(form) - }); - } catch (e) { - Sentry.captureException(e,{ - tags: { - stage: 'authenticateXboxLiveWithFormData' - } - }); - throw new MSAError('authenticateXboxWithFormData', e); - } - const refreshBody = refreshResponse.data; - // console.log("refreshBody"); - // console.log(JSON.stringify(refreshBody)) - - // Microsoft/Xbox accessToken - const xboxAccessToken = refreshBody["access_token"]; - const xboxRefreshToken = refreshBody["refresh_token"]; - - const identityResponses = await this.exchangeRpsTicketForIdentities(xboxAccessToken); - // console.log("identities"); - // console.log(identityResponses) - const mcIdentity = identityResponses.mc; - const xboxIdentity = identityResponses.xbox; - - const userHash = mcIdentity.DisplayClaims.xui[0].uhs; - const XSTSToken = mcIdentity.Token; - - const xboxLoginResponse = await this.loginToMinecraftWithXbox(userHash, XSTSToken); - const minecraftXboxUsername = xboxLoginResponse.username; - - return { - // Minecraft accessToken - does not return a refresh token, so need the MS one above - mcAccessToken: xboxLoginResponse.access_token, - msa: { - auth: { - accessToken: xboxAccessToken, - refreshToken: xboxRefreshToken, - expires: epochSeconds() + parseInt(refreshBody["expires_in"]), - issued: epochSeconds(), - userId: refreshBody["user_id"] - }, - userToken: { - token: identityResponses.token.Token, - expires: toEpochSeconds(Date.parse(identityResponses.token.NotAfter)), - issued: toEpochSeconds(Date.parse(identityResponses.token.IssueInstant)), - userHash: identityResponses.token.DisplayClaims.xui[0].uhs - }, - identities: { - mc: { - token: mcIdentity.Token, - expires: toEpochSeconds(Date.parse(mcIdentity.NotAfter)), - issued: toEpochSeconds(Date.parse(mcIdentity.IssueInstant)), - claims: mcIdentity.DisplayClaims.xui[0] + return await Sentry.startSpan({ + op: 'auth', + name: 'authenticateXboxLiveWithFormData' + }, async () => { + MicrosoftAuth.logger.debug("authenticateXboxLiveWithFormData") + let refreshResponse: AxiosResponse; + try { + refreshResponse = await this.requestHandlers.liveLogin({ + method: "POST", + url: "https://login.live.com/oauth20_token.srf", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + "Accept": "application/json" + }, + data: qs.stringify(form) + }); + } catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'authenticateXboxLiveWithFormData' + } + }); + throw new MSAError('authenticateXboxWithFormData', e); + } + const refreshBody = refreshResponse.data; + // console.log("refreshBody"); + // console.log(JSON.stringify(refreshBody)) + + // Microsoft/Xbox accessToken + const xboxAccessToken = refreshBody["access_token"]; + const xboxRefreshToken = refreshBody["refresh_token"]; + + const identityResponses = await this.exchangeRpsTicketForIdentities(xboxAccessToken); + // console.log("identities"); + // console.log(identityResponses) + const mcIdentity = identityResponses.mc; + const xboxIdentity = identityResponses.xbox; + + const userHash = mcIdentity.DisplayClaims.xui[0].uhs; + const XSTSToken = mcIdentity.Token; + + const xboxLoginResponse = await this.loginToMinecraftWithXbox(userHash, XSTSToken); + const minecraftXboxUsername = xboxLoginResponse.username; + + return { + // Minecraft accessToken - does not return a refresh token, so need the MS one above + mcAccessToken: xboxLoginResponse.access_token, + msa: { + auth: { + accessToken: xboxAccessToken, + refreshToken: xboxRefreshToken, + expires: epochSeconds() + parseInt(refreshBody["expires_in"]), + issued: epochSeconds(), + userId: refreshBody["user_id"] }, - xbox: { - token: xboxIdentity.Token, - expires: toEpochSeconds(Date.parse(xboxIdentity.NotAfter)), - issued: toEpochSeconds(Date.parse(xboxIdentity.IssueInstant)), - claims: xboxIdentity.DisplayClaims.xui[0] + userToken: { + token: identityResponses.token.Token, + expires: toEpochSeconds(Date.parse(identityResponses.token.NotAfter)), + issued: toEpochSeconds(Date.parse(identityResponses.token.IssueInstant)), + userHash: identityResponses.token.DisplayClaims.xui[0].uhs + }, + identities: { + mc: { + token: mcIdentity.Token, + expires: toEpochSeconds(Date.parse(mcIdentity.NotAfter)), + issued: toEpochSeconds(Date.parse(mcIdentity.IssueInstant)), + claims: mcIdentity.DisplayClaims.xui[0] + }, + xbox: { + token: xboxIdentity.Token, + expires: toEpochSeconds(Date.parse(xboxIdentity.NotAfter)), + issued: toEpochSeconds(Date.parse(xboxIdentity.IssueInstant)), + claims: xboxIdentity.DisplayClaims.xui[0] + } } } } - } + }); } private async loginToMinecraftWithXbox(userHash: string, xstsToken: string): Promise { - MicrosoftAuth.logger.debug("loginToMinecraftWithXbox") - const body = { - identityToken: `XBL3.0 x=${ userHash };${ xstsToken }` - }; - let xboxLoginResponse: AxiosResponse; - try { - xboxLoginResponse = await this.requestHandlers.minecraftServices({ - method: "POST", - url: "https://api.minecraftservices.com/authentication/login_with_xbox", - headers: { - "Content-Type": "application/json", - "Accept": "application/json" - }, - data: body - }); - } catch (e) { - Sentry.captureException(e,{ - tags: { - stage: 'loginToMinecraftWithXbox' - } - }); - throw new MSAError('loginToMinecraftWithXbox', e); - } - const xboxLoginBody = xboxLoginResponse.data; - // console.log("xboxLogin") - // console.log(JSON.stringify(xboxLoginBody)); - return xboxLoginBody as XboxLoginResponse; + return await Sentry.startSpan({ + op: 'auth', + name: 'loginToMinecraftWithXbox' + }, async () => { + MicrosoftAuth.logger.debug("loginToMinecraftWithXbox") + const body = { + identityToken: `XBL3.0 x=${ userHash };${ xstsToken }` + }; + let xboxLoginResponse: AxiosResponse; + try { + xboxLoginResponse = await this.requestHandlers.minecraftServices({ + method: "POST", + url: "https://api.minecraftservices.com/authentication/login_with_xbox", + headers: { + "Content-Type": "application/json", + "Accept": "application/json" + }, + data: body + }); + } catch (e) { + Sentry.captureException(e, { + tags: { + stage: 'loginToMinecraftWithXbox' + } + }); + throw new MSAError('loginToMinecraftWithXbox', e); + } + const xboxLoginBody = xboxLoginResponse.data; + // console.log("xboxLogin") + // console.log(JSON.stringify(xboxLoginBody)); + return xboxLoginBody as XboxLoginResponse; + }); } async refreshXboxAccessToken(xboxRefreshToken: string): Promise { - MicrosoftAuth.logger.debug("refreshXboxAccessToken"); - const form = { - "client_id": process.env.MSA_CLIENT_ID, - "client_secret": process.env.MSA_CLIENT_SECRET, - "refresh_token": xboxRefreshToken, - "grant_type": "refresh_token", - "redirect_uri": this.redirectUri - } - return await this.authenticateXboxLiveWithFormData(form); + return await Sentry.startSpan({ + op: 'auth', + name: 'refreshXboxAccessToken' + }, async () => { + MicrosoftAuth.logger.debug("refreshXboxAccessToken"); + const form = { + "client_id": process.env.MSA_CLIENT_ID, + "client_secret": process.env.MSA_CLIENT_SECRET, + "refresh_token": xboxRefreshToken, + "grant_type": "refresh_token", + "redirect_uri": this.redirectUri + } + return await this.authenticateXboxLiveWithFormData(form); + }); } } diff --git a/src/MinecraftAuth.ts b/src/MinecraftAuth.ts index bbf5a85..6e99adb 100644 --- a/src/MinecraftAuth.ts +++ b/src/MinecraftAuth.ts @@ -1,6 +1,7 @@ import { RequestHandlers } from "./types/RequestHandler"; import { BasicMojangProfile } from "@mineskin/types"; import winston from "winston"; +import * as Sentry from "@sentry/node"; export class MinecraftAuth { @@ -12,29 +13,39 @@ export class MinecraftAuth { } async checkGameOwnership(accessToken: string): Promise { - MinecraftAuth.logger.debug("checkGameOwnership") - const entitlementsResponse = await this.requestHandlers.minecraftServices({ - method: "GET", - url: "https://api.minecraftservices.com/entitlements/mcstore", - headers: { - Authorization: `Bearer ${ accessToken }` - } + return await Sentry.startSpan({ + op: 'auth', + name: 'checkGameOwnership' + }, async () => { + MinecraftAuth.logger.debug("checkGameOwnership") + const entitlementsResponse = await this.requestHandlers.minecraftServices({ + method: "GET", + url: "https://api.minecraftservices.com/entitlements/mcstore", + headers: { + Authorization: `Bearer ${ accessToken }` + } + }); + const entitlementsBody = entitlementsResponse.data; + // console.log("entitlements"); + // console.log(entitlementsBody) + return entitlementsBody.hasOwnProperty("items") && entitlementsBody["items"].length > 0; }); - const entitlementsBody = entitlementsResponse.data; - // console.log("entitlements"); - // console.log(entitlementsBody) - return entitlementsBody.hasOwnProperty("items") && entitlementsBody["items"].length > 0; } public async getProfile(accessToken: string): Promise { - const response = await this.requestHandlers.minecraftServicesProfile({ - method: "GET", - url: "/minecraft/profile", - headers: { - "Authorization": `Bearer ${accessToken}` - } + return await Sentry.startSpan({ + op: 'auth', + name: 'getProfile' + }, async () => { + const response = await this.requestHandlers.minecraftServicesProfile({ + method: "GET", + url: "/minecraft/profile", + headers: { + "Authorization": `Bearer ${ accessToken }` + } + }); + return response.data; }); - return response.data; } }