Control Game-state from an internet browser.

Discussion in 'Mod Discussions' started by napperjabber, February 6, 2014.

  1. cptconundrum

    cptconundrum Post Master General

    Messages:
    4,186
    Likes Received:
    4,900
    Right, but what we don't have is a way to open a URI directly in PA.exe

    Have you ever seen the mailto://someaddress@somesite.com links before? They are set to open the link in whatever program has registered with that "mailto" label. We really need PA.exe to be able to open links like that.
    emraldis likes this.
  2. emraldis

    emraldis Post Master General

    Messages:
    2,641
    Likes Received:
    1,843
    you could also make the system sharing have an external program as well, and let that communicate with the links. That would be quite roundabout though, and I don't know how effective it would be.
  3. cptconundrum

    cptconundrum Post Master General

    Messages:
    4,186
    Likes Received:
    4,900
    Still no easy way to send the data to PA.exe. Like DeathByDenim said, it could be done if that external program modified a file in the mod directly, but that gets messy.
  4. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    Yes I can access the user password (I don't in reality and never will), but that does not help me at all.
    I need a way to verify that the data I get is from user X, but the data is send from a javascript written mod, with no encryption and it can be easily modified.
    Without support from PA I do not see a way to get that right. Ofc I could create my own account system, but what would be really awesome would be to use the PA login instead for obvious usability reasons.
  5. cptconundrum

    cptconundrum Post Master General

    Messages:
    4,186
    Likes Received:
    4,900
    If that works, we could make an auth_manager mod that other mods can require. I would be interested in using it in my system sharing mod too.
  6. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    Maybe I don't understand how that link actually works, can anybody explain?
  7. DeathByDenim

    DeathByDenim Post Master General

    Messages:
    4,328
    Likes Received:
    2,125
    It seems "https://uberent.com/User/Login" takes three parameters. I don't know what titleId does, but redirectUrl in decoded format is http://pa.lennardf1989.com/Tracker/...0cDovL3BhLmxlbm5hcmRmMTk4OS5jb20vVHJhY2tlci8=
    (not sure if I translated that correctly, but something like that)
    And the returnUrl is base64 encoded, which translates to http://pa.lennardf1989.com/Tracker/

    My guess it that the uberent.com/User/Login script will make a call to http://pa.lennardf1989.com/Tracker/index.php with some fancy field in either GET or POST to tell you if the authentication was successful, but that will require some more testing.
    cptconundrum and cola_colin like this.
  8. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    Reversing that would be pretty fancy.
  9. napperjabber

    napperjabber New Member

    Messages:
    20
    Likes Received:
    1
    I see where you're going here and I don't think this is the right approach. As reversing it is possible, we should consider this a BigData problem.

    Reading up on the following blogpost, http://forrestthewoods.com/the-tech-of-planetary-annihilation-chronocam/. We can assume that the PA-Client is stupid. They've adopted a Server/Client Architecture. This is good for a few things. It means a lot of what we are asking for is very possible. We can make that assumption because of the way they've implemented the ChronoCam. Specifically, the curve and how the 'curve' communicates data from the server to the client.

    We can also make two additional assumptions, the client is the View. The server is the Model, and anything we make is the controller. Classic MVC.

    We now have to step back and figure out how much control Uberent will allow 3rd party applications.

    Lets build a database.
    User: username, password, email
    Game: game-uuid, game-name, users, teams, teamn-assingnments

    We now want to access this from our 3rd party system, uberent would have to implement OAuth2[1]. This would give us a token to all user data made available to us. We can now make calls to a web-service that will inturn return a game-token that would make a game-session playable by some matched users.

    Since we're using a webservice to create the matchmaking and we're using OAuth2, we can assume that everything will be accessible over the internet via HTTP/DNS[2].

    We'll now make HTTPRequests like so:
    GET /stats/:userid
    GET /stats/:gameid
    POST /game/create/
    {'gamesession-id'} # which then we load into an anchor[3] and it controls the PA.exe client.

    From there, we can create a matchmaking algorithm, query the Game-Server-Cluster to create a new gamesession, and then direct the user to initiate the game.

    Think Facebook apps, Twitter apps, whatever apps. A SDK that will allow you to get to the User-Data-Graph. Those 3rd party apps are really just mini-controllers.

    [1] OAuth2
    http://tools.ietf.org/html/rfc6749

    [2] DNS
    http://en.wikipedia.org/wiki/Domain_Name_System
    [3] Anchor
    http://www.w3.org/TR/html401/struct/links.html#edef-A

    -napperjabber
  10. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    I am all for oauth or similar. However if we can reverse the login link of ubernet right now that would be cool as well. I could add a simple verification to PA Stats, securing it from all kind of attacks.
    napperjabber likes this.
  11. DeathByDenim

    DeathByDenim Post Master General

    Messages:
    4,328
    Likes Received:
    2,125
    So, I've been playing with this today, but I got a bit stuck. What I have so far:
    You can get the login form to send a session ticket to you website like so:
    https://uberent.com/User/Login?titleId=42&redirectUrl=http://jarno.ca/test/test.php
    When I do that, I get presented with the log on screen for my Ubernet account. (titleId=42 means Planetary Annihilation as far as I can tell). Upon a successful login the login form redirects me to the redirectUrl I supplied. An extra parameter is added to redirectUrl, namely "sessionTicket" using GET. In my case, it's:
    http://jarno.ca/test/test.php?sessionTicket=12345123451234512345
    The sessionTicket is a 20-digit number that presumably can be verified by an API call to the forum software (and get you the username). That's where I got stuck, since I don't know which URL to call for that. I tried:
    https://uberent.com/User/Validate
    https://uberent.com/User/ServiceValidate
    https://uberent.com/User/Check
    https://uberent.com/User/Authenticate

    Any guesses?
  12. cptconundrum

    cptconundrum Post Master General

    Messages:
    4,186
    Likes Received:
    4,900
    Might want to ask @LennardF1989. Didn't he set up the bugtracker originally?
  13. DeathByDenim

    DeathByDenim Post Master General

    Messages:
    4,328
    Likes Received:
    2,125
    But where is the fun in that? :)

    You're right of course, he did. If someone want to set up the authentication thingy, they would need to contact him for the missing details.
  14. SXX

    SXX Post Master General

    Messages:
    6,896
    Likes Received:
    1,812
    I'm getting my map preview service to work, can anybody say if "--uiurl" still working in any way?
    I just want make game client open system editor on startup without modification of UI.
  15. cptconundrum

    cptconundrum Post Master General

    Messages:
    4,186
    Likes Received:
    4,900
    Crashed PA when I tried it a couple weeks ago. Unless they brought it back, I think it's gone.
  16. SXX

    SXX Post Master General

    Messages:
    6,896
    Likes Received:
    1,812
    It's crash with particular error:
    Code:
    terminate called after throwing an instance of 'std::runtime_error'
      what():  pathname must be absolute
    So actually it's need valid path in filesystem and it's looks like SupCom-like directory mount.
    E.g on Linux if you copy "/media/ui" directory to "/tmp" for example, and then remove or rename original "media/ui" you can make game mount UI from different directory with "./PA --uiurl=/tmp/ui".

    It's not actually something I need, but it's work. I'll try to create lightweight UI boot that will start with system editor, let's see how this will work. :rolleyes:
    cptconundrum likes this.
  17. Raevn

    Raevn Moderator Alumni

    Messages:
    4,226
    Likes Received:
    4,324
    there's now a --paurl commandline option:

    upload_2014-3-17_19-50-4.png

    Not sure if that's any help.
    cptconundrum likes this.
  18. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    I found a way to pass in an arbitrary string.

    pa.exe --username "science works"

    The value of username appears to be unused by PA. However it can be retrived in the UI layer like this in start.js:handlers.setup_info

    console.log(payload.username);
    LavaSnake and cptconundrum like this.
  19. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    Has there been any progress on this? I need it now because @clopse and @neptunio have gone insane and are actually manipulating data send to PA Stats. I'd REALLY like to use the ubernet login system to authenticate users and be able to ban them simply by ubername.
    neptunio, Clopse and cptconundrum like this.
  20. LennardF1989

    LennardF1989 Uber Contractor

    Messages:
    798
    Likes Received:
    323
    You guys got close, but I'm not making it easy for you :p Even if you would guess the right URL, it wouldn't work unless you send specific headers along with your request (an API key). This all happens on the server (be it PA Tracker or the forum), hence you can't intercept it.

    I'll see what I can arrange for you guys, in worst case I can provide an API myself as a temporary solution, as the current one provides information for the forum which is irrelevant for other use, the PA tracker just "abuses" it as an endorsed official platform, information never leaves my servers.

Share This Page