Before player logs in, player visits a website or tells the app to notify the database that he is going to join this server. Database logs his IP address.
When player joins the server:
- Server opens a TCP client-socket to the database server-socket.
- Server sends a string that identifies which server the data are from.
- If identified, database responds with a secret token (secret between database and that specific server) that confirms that the database is valid.
- If server finds the token correct, it sends a batch of username and other relevant information of the player (e.g. IP address) to the database, using the JSON syntax.
- Database responds with a line like this:
- If player is using the correct IP address and enables IP auth:
SUCCESS <message to send to player>
. Server should send the message as-is. - If player is disables IP auth:
NEEDPASS <message to send to player>
. Server should send the message as-is. Then, server should wait for client to send a temp token.- After player enters a temp token, server forwards the token to database:
PASS <temp token>
. Server should satinize the temp token to make sure that it does not contain\n
(security vulnerability).
- After player enters a temp token, server forwards the token to database:
- If player is not registered:
NOTFOUND
.- If server forces the player to register first, kick the player with a message:
Join server at example.com port 19132 to register your account
. - If server doesn't force the player to register first, do nothing.
- If server forces the player to register first, kick the player with a message:
- If player is using the correct IP address and enables IP auth:
Lines are delimited with the \n
byte.