Protocol v1.1 - acreloaded/ms GitHub Wiki

Warning: Obsolescence

This specification has been superseded by v1.2.

Specification

Thank you for your interest in the AssaultCube Reloaded Master-Server. Because of some sensitive data (such as admin passwords), the master-server source code was unavailable.
Instead, some old samples (in the repo), and specifications (here) are available.

You must use URL rewrites, like .htaccess/apache ones.

Mandatory

It just isn't a master-server without these.

  • /cube/:method/:client_definitions/:guid | :method = (update|list)
  • /cube/:method | :method = (list|version)
  • /cube - implied :method as (update), requested by the clients, must comply with:
    • Provide the below, but for :method
      • If update, do not send current_version
      • If list, send as is
      • If version, do not send server IPs
    • masterserver_flags <flags>
      • OR each flag together
      • 1 - IP Whitelisted (only 1 of these 3, group A)
      • 2 - IP Banned (only 1 of these 3, group A)
      • 4 - Muted (only 1 of these 3, group A)
    • current_version <AC_VERSION> <PROTOCOL_VERSION>
      • if unsure, use "current_version 1 1"
    • Servers, each line is:
      • addserver <ip> <port>
      • <port> can be omitted if it is the default port (28770)
  • /reg(ister)/:proto/:port/:guid
    • perform an optional socket check
    • a human-readable response that does not start with the control character "*" should be returned

Auth

This is partially optional, yet desirable.

  • Auth responses no longer have to return ids

Auth 1.2.2 - Connection checks

  • Always return *a to ignore this feature!
  • /connect/:ip/:guid
    • :ip is the unsigned decimal form of the client's IP
    • :guid is the reported decimal GUID of the client (untrustable)
    • your response must be as follows:
      • *bw - whitelisted IP
      • *bi - blacklisted IP, but also not whitelisted
      • *bm - muted and not allowed to speak
      • ** a - no matches, usual response*

Auth 2.0 - Authority Authentication

  • To ignore this feature, simply always return *f!
  • /a2r/:port/:id/:user
    • request an auth for a specific user key
    • *f if auth request is disallowed, or no user match
    • *c<nonce> to use a random [or psuedorandom number] for improved security
  • /a2v/:port/:id/:answer
    • verify the answer to an auth request
    • :answer should match { sha1( <user> + ":" + (pre-sharedkey/PSK) + "!" + <nonce> as a string) }
    • *f if an error occurs
    • *d if authentication does not match (will disconnect client)
    • *s<priv><name> - auth succeeded where <priv> is only one "char"

Optional (recommendations)

  • /json
    • a json response, which PHP can easily send with json_encode
    • example: [{"server":"localhost","port":"28770","ip":"0.0.0.0","ipd":"0"},{"server":"localhost2","port":"28770","ip":"0.0.0.2","ipd":"2"}]
  • /bans
    • page listing bans, or something to do with bans
  • /admin or /panel
    • an admin panel is highly recommended, for both admins and deban users!

Deprecated (probably don't want to use)

Auth 1.2 - Connection checks

  • Always return *a to ignore this feature!
  • /connect/<ip>/<guid>/<nick>
    • ip is the unsigned decimal form of the client's IP
    • guid is the reported GUID of the client (untrustable)
    • nick is the base64 encoded nickname of the connecting client
    • your response must be as follows:
      • *bi - blacklisted IP, also not whitelisted
      • *bc - registered clan tag, not whitelisted
      • *bI - IP does not match nickname whitelist
      • *bp - the nickname requires auth
      • *bn - the nickname is not permitted
      • *a - no matches, usual response
      • *bw - the nickname is whitelisted

Auth 1.2.1 - Connection check extension

  • Your master-server may also respond with *bm to indicate that the client is muted and shall not be allowed to use the text chat)
  • *bm is an extension of *a, which means that everything else should overrule *bm, except for *a, assuming that *bw bypasses the muting

Auth 1.1

  • If wanted, you can make /auth/([0-9]+) return *f$1 to support old servers
  • /auth/<id>
    • *f<id> if the auth request cannot be allowed
    • *c<id>|<nonce> the nonce to send back to the client
  • /auth/<id>/<answer>
    • the <answer> should match { sha1( (<nonce> as a string) + ":" + (the pre-shared key)) } as a 40-char hexadecimal string
    • *f<id> if processing somehow failed
    • *d<id> if the authentication does not match
    • *s<id>|<priv><name> - auth succeeded where <priv> is only one "char", and name is a string of at least one "char"
⚠️ **GitHub.com Fallback** ⚠️