Scope constants (#127)

* Scope constants

* cleanup

Author: extremeheat

index.d.ts

@@ -29,9 +29,9 @@ declare module 'prismarine-auth' {
     // Returns a Minecraft Java Edition auth token
     getMinecraftJavaToken(options?: {
       fetchCertificates?: boolean,
-      fetchEntitlements?: boolean
+      fetchEntitlements?: boolean,
       fetchProfile?: boolean
-    }): Promise<{ token: string, entitlements: MinecraftJavaLicenses, profile: MinecraftJavaProfile, certificates: MinecraftJavaCertificates }>
+    }): Promise<{ token: string, entitlements: MinecraftJavaEntitlements, profile: MinecraftJavaProfile, certificates: MinecraftJavaCertificates }>
     // Returns a Minecraft Bedrock Edition auth token. Public key parameter must be a KeyLike object.
     getMinecraftBedrockToken(publicKey: KeyObject): Promise<string>
 

src/MicrosoftAuthFlow.js

@@ -119,35 +119,26 @@ class MicrosoftAuthFlow {
 
   async getPlayfabLogin () {
     const cache = this.pfb.getCachedAccessToken()
-
     if (cache.valid) {
       return cache.data
     }
-
     const xsts = await this.getXboxToken(Endpoints.PlayfabRelyingParty)
-
     const playfab = await this.pfb.getAccessToken(xsts)
-
     return playfab
   }
 
   async getMinecraftBedrockServicesToken ({ verison }) {
     const cache = await this.mcs.getCachedAccessToken()
-
     if (cache.valid) {
       return cache.data
     }
-
     const playfab = await this.getPlayfabLogin()
-
     const mcs = await this.mcs.getAccessToken(playfab.SessionTicket, { verison })
-
     return mcs
   }
 
-  async getXboxToken (relyingParty = this.options.relyingParty || Endpoints.XboxRelyingParty, forceRefresh = false) {
+  async getXboxToken (relyingParty = this.options.relyingParty || Endpoints.xbox.relyingParty, forceRefresh = false) {
     const options = { ...this.options, relyingParty }
-
     const { xstsToken, userToken, deviceToken, titleToken } = await this.xbl.getCachedTokens(relyingParty)
 
     if (xstsToken.valid && !forceRefresh) {
@@ -192,7 +183,7 @@ class MicrosoftAuthFlow {
     } else {
       debug('[mc] Need to obtain tokens')
       await retry(async () => {
-        const xsts = await this.getXboxToken(Endpoints.PCXSTSRelyingParty)
+        const xsts = await this.getXboxToken(Endpoints.minecraftJava.XSTSRelyingParty)
         debug('[xbl] xsts data', xsts)
         response.token = await this.mca.getAccessToken(xsts)
       }, () => { this.xbl.forceRefresh = true }, 2)
@@ -207,6 +198,9 @@ class MicrosoftAuthFlow {
     if (options.fetchCertificates) {
       response.certificates = await this.mca.fetchCertificates(response.token).catch(e => debug('Failed to obtain keypair data', e))
     }
+    if (options.fetchAttributes) {
+      response.attributes = await this.mca.fetchAttributes(response.token).catch(e => debug('Failed to obtain attributes data', e))
+    }
 
     return response
   }
@@ -222,7 +216,7 @@ class MicrosoftAuthFlow {
       if (!publicKey) throw new Error('Need to specifiy a ECDH x509 URL encoded public key')
       debug('[mc] Need to obtain tokens')
       return await retry(async () => {
-        const xsts = await this.getXboxToken(Endpoints.BedrockXSTSRelyingParty)
+        const xsts = await this.getXboxToken(Endpoints.minecraftBedrock.XSTSRelyingParty)
         debug('[xbl] xsts data', xsts)
         const token = await this.mba.getAccessToken(publicKey, xsts)
         // If we want to auth with a title ID, make sure there's a TitleID in the response

src/TokenManagers/LiveTokenManager.js

@@ -46,7 +46,7 @@ class LiveTokenManager {
       credentials: 'include' // This cookie handler does not work on node-fetch ...
     }
 
-    const token = await fetch(Endpoints.LiveTokenRequest, codeRequest).then(checkStatus)
+    const token = await fetch(Endpoints.live.tokenRequest, codeRequest).then(checkStatus)
     this.updateCache(token)
     return token
   }
@@ -91,7 +91,7 @@ class LiveTokenManager {
 
     const cookies = []
 
-    const res = await fetch(Endpoints.LiveDeviceCodeRequest, codeRequest)
+    const res = await fetch(Endpoints.live.deviceCodeRequest, codeRequest)
       .then(res => {
         if (res.status !== 200) {
           res.text().then(console.warn)
@@ -128,7 +128,7 @@ class LiveTokenManager {
           }).toString()
         }
 
-        const token = await fetch(Endpoints.LiveTokenRequest + '?client_id=' + this.clientId, verifi)
+        const token = await fetch(Endpoints.live.tokenRequest + '?client_id=' + this.clientId, verifi)
           .then(res => res.json()).then(res => {
             if (res.error) {
               if (res.error === 'authorization_pending') {

src/TokenManagers/MinecraftBedrockServicesManager.js

@@ -25,7 +25,7 @@ class MinecraftBedrockServicesTokenManager {
   }
 
   async getAccessToken (sessionTicket, options = {}) {
-    const response = await fetch(Endpoints.MinecraftServicesSessionStart, {
+    const response = await fetch(Endpoints.minecraftBedrock.servicesSessionStart, {
       method: 'post',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({

src/TokenManagers/MinecraftBedrockTokenManager.js

@@ -1,7 +1,7 @@
 const debug = require('debug')('prismarine-auth')
 
 const { Endpoints } = require('../common/Constants')
-const { checkStatus } = require('../common/Util')
+const { checkStatusWithHelp } = require('../common/Util')
 
 class BedrockTokenManager {
   constructor (cache) {
@@ -51,11 +51,11 @@ class BedrockTokenManager {
       'User-Agent': 'MCPE/UWP',
       Authorization: `XBL3.0 x=${xsts.userHash};${xsts.XSTSToken}`
     }
-    const MineServicesResponse = await fetch(Endpoints.BedrockAuth, {
+    const MineServicesResponse = await fetch(Endpoints.minecraftBedrock.authenticate, {
       method: 'post',
       headers,
       body: JSON.stringify({ identityPublicKey: clientPublicKey })
-    }).then(checkStatus)
+    }).then(checkStatusWithHelp({ 401: 'Ensure that you are able to sign-in to Minecraft with this account' }))
 
     debug('[mc] mc auth response', MineServicesResponse)
     await this.setCachedAccessToken(MineServicesResponse)

src/TokenManagers/MinecraftJavaTokenManager.js

@@ -65,7 +65,7 @@ class MinecraftJavaTokenManager {
 
   async getAccessToken (xsts) {
     debug('[mc] authing to minecraft', xsts)
-    const MineServicesResponse = await fetch(Endpoints.MinecraftServicesLogWithXbox, {
+    const MineServicesResponse = await fetch(Endpoints.minecraftJava.loginWithXbox, {
       method: 'post',
       ...fetchOptions,
       body: JSON.stringify({ identityToken: `XBL3.0 x=${xsts.userHash};${xsts.XSTSToken}` })
@@ -79,7 +79,7 @@ class MinecraftJavaTokenManager {
   async fetchProfile (accessToken) {
     debug(`[mc] fetching minecraft profile with ${accessToken.slice(0, 16)}`)
     const headers = { ...fetchOptions.headers, Authorization: `Bearer ${accessToken}` }
-    const profile = await fetch(Endpoints.MinecraftServicesProfile, { headers })
+    const profile = await fetch(Endpoints.minecraftJava.profile, { headers })
       .then(checkStatus)
     debug(`[mc] got profile response: ${profile}`)
     return profile
@@ -93,15 +93,15 @@ class MinecraftJavaTokenManager {
   async fetchEntitlements (accessToken) {
     debug(`[mc] fetching entitlements with ${accessToken.slice(0, 16)}`)
     const headers = { ...fetchOptions.headers, Authorization: `Bearer ${accessToken}` }
-    const entitlements = await fetch(Endpoints.MinecraftServicesLicense + `?requestId=${crypto.randomUUID()}`, { headers }).then(checkStatus)
+    const entitlements = await fetch(Endpoints.minecraftJava.entitlements + `?requestId=${crypto.randomUUID()}`, { headers }).then(checkStatus)
     debug(`[mc] got entitlement response: ${entitlements}`)
     return entitlements
   }
 
   async fetchCertificates (accessToken) {
     debug(`[mc] fetching key-pair with ${accessToken.slice(0, 16)}`)
     const headers = { ...fetchOptions.headers, Authorization: `Bearer ${accessToken}` }
-    const cert = await fetch(Endpoints.MinecraftServicesCertificate, { method: 'post', headers }).then(checkStatus)
+    const cert = await fetch(Endpoints.minecraftJava.certificates, { method: 'post', headers }).then(checkStatus)
     debug('[mc] got key-pair')
     const profileKeys = {
       publicPEM: cert.keyPair.publicKey,
@@ -176,7 +176,7 @@ class MinecraftJavaTokenManager {
     }
 
     debug('[mc] reporting player with payload', body)
-    const reportResponse = await fetch(Endpoints.MinecraftServicesReport, { method: 'post', headers, body }).then(checkStatus)
+    const reportResponse = await fetch(Endpoints.minecraftJava.reportPlayer, { method: 'post', headers, body }).then(checkStatus)
     debug('[mc] server response for report', reportResponse)
     return true
   }

src/TokenManagers/PlayfabTokenManager.js

@@ -1,5 +1,4 @@
 const debug = require('debug')('prismarine-auth')
-
 const { Endpoints } = require('../common/Constants')
 
 class PlayfabTokenManager {
@@ -13,17 +12,11 @@ class PlayfabTokenManager {
 
   async getCachedAccessToken () {
     const { pfb: cache } = await this.cache.getCached()
-
     debug('[pf] token cache', cache)
-
     if (!cache) return
-
     const expires = new Date(cache.EntityToken.TokenExpiration)
-
     const remaining = expires - Date.now()
-
     const valid = remaining > 1000
-
     return { valid, until: expires, data: cache }
   }
 
@@ -58,9 +51,7 @@ class PlayfabTokenManager {
     })
 
     const data = await response.json()
-
     await this.setCachedAccessToken({ pfb: data.data })
-
     return data.data
   }
 }

src/TokenManagers/XboxTokenManager.js

@@ -75,10 +75,10 @@ class XboxTokenManager {
     }
 
     const body = JSON.stringify(payload)
-    const signature = this.sign(Endpoints.XboxUserAuth, '', body).toString('base64')
+    const signature = this.sign(Endpoints.xbox.userAuth, '', body).toString('base64')
     const headers = { ...this.headers, signature, 'Content-Type': 'application/json', accept: 'application/json', 'x-xbl-contract-version': '2' }
 
-    const ret = await fetch(Endpoints.XboxUserAuth, { method: 'post', headers, body }).then(checkStatus)
+    const ret = await fetch(Endpoints.xbox.userAuth, { method: 'post', headers, body }).then(checkStatus)
 
     await this.setCachedToken({ userToken: ret })
 
@@ -147,11 +147,11 @@ class XboxTokenManager {
 
     const body = JSON.stringify(payload)
 
-    const signature = this.sign(Endpoints.SisuAuthorize, '', body).toString('base64')
+    const signature = this.sign(Endpoints.xbox.sisuAuthorize, '', body).toString('base64')
 
     const headers = { Signature: signature }
 
-    const req = await fetch(Endpoints.SisuAuthorize, { method: 'post', headers, body })
+    const req = await fetch(Endpoints.xbox.sisuAuthorize, { method: 'post', headers, body })
     const ret = await req.json()
     if (!req.ok) this.checkTokenError(parseInt(req.headers.get('x-err')), ret)
 
@@ -186,11 +186,11 @@ class XboxTokenManager {
     }
 
     const body = JSON.stringify(payload)
-    const signature = this.sign(Endpoints.XstsAuthorize, '', body).toString('base64')
+    const signature = this.sign(Endpoints.xbox.xstsAuthorize, '', body).toString('base64')
 
     const headers = { ...this.headers, Signature: signature }
 
-    const req = await fetch(Endpoints.XstsAuthorize, { method: 'post', headers, body })
+    const req = await fetch(Endpoints.xbox.xstsAuthorize, { method: 'post', headers, body })
     const ret = await req.json()
     if (!req.ok) this.checkTokenError(ret.XErr, ret)
 
@@ -226,10 +226,10 @@ class XboxTokenManager {
     }
 
     const body = JSON.stringify(payload)
-    const signature = this.sign(Endpoints.XboxDeviceAuth, '', body).toString('base64')
+    const signature = this.sign(Endpoints.xbox.deviceAuth, '', body).toString('base64')
     const headers = { ...this.headers, Signature: signature }
 
-    const ret = await fetch(Endpoints.XboxDeviceAuth, { method: 'post', headers, body }).then(checkStatus)
+    const ret = await fetch(Endpoints.xbox.deviceAuth, { method: 'post', headers, body }).then(checkStatus)
 
     await this.setCachedToken({ deviceToken: ret })
 
@@ -251,11 +251,11 @@ class XboxTokenManager {
       TokenType: 'JWT'
     }
     const body = JSON.stringify(payload)
-    const signature = this.sign(Endpoints.XboxTitleAuth, '', body).toString('base64')
+    const signature = this.sign(Endpoints.xbox.titleAuth, '', body).toString('base64')
 
     const headers = { ...this.headers, Signature: signature }
 
-    const ret = await fetch(Endpoints.XboxTitleAuth, { method: 'post', headers, body }).then(checkStatus)
+    const ret = await fetch(Endpoints.xbox.titleAuth, { method: 'post', headers, body }).then(checkStatus)
 
     await this.setCachedToken({ titleToken: ret })
 

src/common/Constants.js

@@ -1,25 +1,34 @@
 module.exports = {
   Endpoints: {
-    PCXSTSRelyingParty: 'rp://api.minecraftservices.com/',
-    BedrockXSTSRelyingParty: 'https://multiplayer.minecraft.net/',
+    minecraftJava: {
+      XSTSRelyingParty: 'rp://api.minecraftservices.com/',
+      loginWithXbox: 'https://api.minecraftservices.com/authentication/login_with_xbox',
+      profile: 'https://api.minecraftservices.com/minecraft/profile',
+      license: 'https://api.minecraftservices.com/entitlements/license',
+      entitlements: 'https://api.minecraftservices.com/entitlements/mcstore',
+      attributes: 'https://api.minecraftservices.com/player/attributes',
+      certificates: 'https://api.minecraftservices.com/player/certificates',
+      reportPlayer: 'https://api.minecraftservices.com/player/report'
+    },
+    minecraftBedrock: {
+      XSTSRelyingParty: 'https://multiplayer.minecraft.net/',
+      authenticate: 'https://multiplayer.minecraft.net/authentication',
+      servicesSessionStart: 'https://authorization.franchise.minecraft-services.net/api/v1.0/session/start'
+    },
+    xbox: {
+      authRelyingParty: 'http://auth.xboxlive.com',
+      relyingParty: 'http://xboxlive.com',
+      deviceAuth: 'https://device.auth.xboxlive.com/device/authenticate',
+      titleAuth: 'https://title.auth.xboxlive.com/title/authenticate',
+      userAuth: 'https://user.auth.xboxlive.com/user/authenticate',
+      sisuAuthorize: 'https://sisu.xboxlive.com/authorize',
+      xstsAuthorize: 'https://xsts.auth.xboxlive.com/xsts/authorize'
+    },
+    live: {
+      deviceCodeRequest: 'https://login.live.com/oauth20_connect.srf',
+      tokenRequest: 'https://login.live.com/oauth20_token.srf'
+    },
     PlayfabRelyingParty: 'https://b980a380.minecraft.playfabapi.com/',
-    XboxAuthRelyingParty: 'http://auth.xboxlive.com/',
-    XboxRelyingParty: 'http://xboxlive.com',
-    BedrockAuth: 'https://multiplayer.minecraft.net/authentication',
-    XboxDeviceAuth: 'https://device.auth.xboxlive.com/device/authenticate',
-    XboxTitleAuth: 'https://title.auth.xboxlive.com/title/authenticate',
-    XboxUserAuth: 'https://user.auth.xboxlive.com/user/authenticate',
-    SisuAuthorize: 'https://sisu.xboxlive.com/authorize',
-    XstsAuthorize: 'https://xsts.auth.xboxlive.com/xsts/authorize',
-    MinecraftServicesLogWithXbox: 'https://api.minecraftservices.com/authentication/login_with_xbox',
-    MinecraftServicesCertificate: 'https://api.minecraftservices.com/player/certificates',
-    MinecraftServicesEntitlement: 'https://api.minecraftservices.com/entitlements/mcstore',
-    MinecraftServicesLicense: 'https://api.minecraftservices.com/entitlements/license',
-    MinecraftServicesProfile: 'https://api.minecraftservices.com/minecraft/profile',
-    MinecraftServicesReport: 'https://api.minecraftservices.com/player/report',
-    LiveDeviceCodeRequest: 'https://login.live.com/oauth20_connect.srf',
-    LiveTokenRequest: 'https://login.live.com/oauth20_token.srf',
-    MinecraftServicesSessionStart: 'https://authorization.franchise.minecraft-services.net/api/v1.0/session/start',
     PlayfabLoginWithXbox: 'https://20ca2.playfabapi.com/Client/LoginWithXbox'
   },
   msalConfig: {
@@ -47,5 +56,6 @@ module.exports = {
     2148916236: 'Your account requires proof of age. Please login to https://login.live.com/login.srf and provide proof of age.',
     2148916237: 'Your account has reached the its limit for playtime. Your account has been blocked from logging in.',
     2148916238: 'The account date of birth is under 18 years and cannot proceed unless the account is added to a family by an adult.'
-  }
+  },
+  oneDayMs: 86400000
 }

src/common/Util.js

@@ -11,8 +11,23 @@ async function checkStatus (res) {
   }
 }
 
+function checkStatusWithHelp (errorDict) {
+  return async function (res) {
+    if (res.ok) return res.json() // res.status >= 200 && res.status < 300
+    const resp = await res.text()
+    debug('Request fail', resp)
+    throw new Error(`${res.status} ${res.statusText} ${resp} ${errorDict[res.status] ?? ''}`)
+  }
+}
+
 function createHash (input) {
-  return crypto.createHash('sha1').update(input ?? '', 'binary').digest('hex').substr(0, 6)
+  return crypto.createHash('sha1')
+    .update(input ?? '', 'binary')
+    .digest('hex').substr(0, 6)
+}
+
+function nextUUID () {
+  return globalThis.crypto.randomUUID()
 }
 
-module.exports = { checkStatus, createHash }
+module.exports = { checkStatus, checkStatusWithHelp, createHash, nextUUID }