design overview: sauerworld auth/stats system

design.md

sauerworld auth/stats system

lobby sauer server at auth.sauerworld.org:28785

• always locked
• no time limit
• lets clients try auth key is working (speaks to auth.sauerworld.org:28787 like any other game server would)
• lets SW admins prepare accounts (/servcmd makeacc pix)
• lets gauth holders without an admin present using their gauth name
• lets players register in three easy steps (SVN client supports all of this today):
  • /addauthkey pix (genauthkey (rndstr 32)) sauerworld
  • /saveauthkeys
  • /servcmd register pix (getpubkey "sauerworld")
• lets SW admins add clans, users, and users to clans
• lets clan members add users to their clan (both have to be on the server and confirm the action)
• logs EVERYTHING except privkeys and pubkeys for transparency (publicly available)

auth/stats server at auth.sauerworld.org:28787

• uses general auth domain, e.g. "sauerworld"
• uses variation of master server protocol (more info see below):
  • regserv, failreg, succreg
  • reqauth, chalauth
  • confauth, succauth, failauth
  • stats
• successful auth with "sauerworld" key does not have to give privileges (up to server)
• integration into servers:
  • hardest part: support for two (or any amount of?) auth servers (good: can re-use master server code, bad: one more socket to check in serverslice())
  • needs hook for N_TRYAUTH to handle the "sauerworld" domain (spaghetti already has this, remod and zeromod don't)
  • if auth-on-connect wanted, needs hook for a player joining a game to send N_REQAUTH (or send "sauerworld" as server auth domain in N_SERVINFO, if unused)
  • for stats system: needs hook for intermission, to:
    • N_REQAUTH the "sauerworld" key of all players
    • send batched reqauth to auth server
    • receive batched chalauth
    • forward to players
    • send batched confauth to auth server
    • receive batched succauth & failauth
    • build batched stats message of all successfuly authed players and send to auth server (more info see below)
  • patch targets:
    • implement in waiter first (proof of concept)
    • implement in vanilla
    • let mods copy/merge code
    • help mods
    • hopefully get support for secondary auth server upstream
• could be extensible to be a full masterserver and provide a list of only the servers that use "sauerworld" auth
• list of pubkeys remains secret for 2 reasons:
  1. avoid servers copying functionality without talking to SW auth server
  2. avoid targeting of specific user using N_REQAUTH and banning them from a server
  3. data is the new oil ;)

protocol for speaking to auth.sauerworld.org:28787

• compatible with default master server protocol:

  • regserv at beginning of connection is required for stats to work later (prevents server spoofing)
  • reqauth, chalauth, confauth, succauth, failauth same as with vanilla master (plus batching)
  • server will never send addgban or cleargban messages
  • additional succstats and failstats messages (master -> server only) to let players know if stats were stored or not

• auth commands can be batched, e.g. reqauth 1934 pix 45304 miu 395948 obstriegel will result in chalauth 1934 +83029d902f930e9a\nchalauth 45304 -39303a9cb0e0f0a0d\nchalauth 395948 -bc830a0d9e0f8f835058

• additional stats command expects game mode ID, map name and serialized server::savedscores, indexed by authname and auth request ID:

  stats <mode> <map> [<authreq> <authname> <frags> <deaths> <damage> <shotdamage> <flags>]...
  

• example: stats 17 reissen 1934 pix 12 11 3920 6700 5 45304 miu 34 23 2840 5000 2