Support custom authentication servers

README.md

@@ -24,7 +24,8 @@ and customizable experience. It prioritizes performance and player enjoyment whi
 
 ## What Pumpkin will not
 
-- Provide compatibility with Vanilla or Bukkit servers (including configs and plugins).
+- Be a drop-in replacement for vanilla or other servers
+- Be compatible with plugins or mods for other servers
 - Function as a framework for building a server from scratch.
 
 > [!IMPORTANT]

docs/about/introduction.md

@@ -15,7 +15,8 @@ and customizable experience. It prioritizes performance and player enjoyment whi
 
 ## What Pumpkin will not
 
-- Provide compatibility with Vanilla or Bukkit servers (including configs and plugins).
+- Be a drop-in replacement for vanilla or other servers
+- Be compatible with plugins or mods for other servers
 - Function as a framework for building a server from scratch.
 
 > [!IMPORTANT]

docs/config/advanced.md

@@ -41,6 +41,19 @@ Wether Authentication is enabled
 enabled=false
 ```
 
+#### Authentication URL
+
+The Authentication URL being used
+
+> [!IMPORTANT]
+> {username} | The Username from the requested player
+>
+> {server_hash} | The SHA1 Encrypted hash
+
+```toml
+auth_url="https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_hash}"
+```
+
 #### Prevent Proxy Connections
 
 Prevent proxy connections
@@ -49,6 +62,21 @@ Prevent proxy connections
 prevent_proxy_connections=false
 ```
 
+#### Prevent Proxy Connections URL
+
+The Authentication URL being used
+
+> [!IMPORTANT]
+> {username} | The Username from the requested player
+>
+> {server_hash} | The SHA1 Encrypted hash
+>
+> {ip} | The IP of the requested Player
+
+```toml
+prevent_proxy_connection_auth_url = "https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_hash}&ip={ip}"
+```
+
 #### Player Profile
 
 `authentication.player_profile`
@@ -341,6 +369,7 @@ swing=true
 ```
 
 ### Logging
+
 `logging`
 Whether Logging is enabled
 
@@ -349,10 +378,13 @@ enable=true
 ```
 
 #### Level
+
 At which level should be logged
+
 ```toml
 level=Info
 ```
+
 ```toml
 Off
 Error
@@ -363,26 +395,33 @@ Trace
 ```
 
 #### Env
+
 Enables the user to choose log level by setting `RUST_LOG=<level>` environment variable
+
 ```toml
 env=false
 ```
 
 #### Threads
+
 Should threads be printed in the message
+
 ```toml
 threads=true
 ```
 
 #### Color
+
 Should color be enabled for logging messages
+
 ```toml
 color=true
 ```
 
 #### Timestamp
+
 Should the timestamp be printed in the message
 
 ```toml
 timestamp=true
-```
+```

docs/developer/authentication.md

@@ -21,9 +21,71 @@ Cracked accounts are also often used for Botting and [Denial of Service](https:/
 By default the `online_mode` is enabled in the configuration, This enables Authentication disallowing [Cracked Accounts](#cracked-accounts). When you are willing to allow Cracked Accounts, you can dissable `online_mode`
 in the `configuration.toml`
 
-### How Authentication works
+### How Mojang Authentication works
+
 To ensure a player has a premium accounts:
 
 1. A client with a premium account sends a login request to the Mojang session server.
-2. Mojang's servers verify the client's credentials and add the player to the their Servers
-3. Now our server will send a Request to the Session servers and check if the Player has joined the Session Server .
+2. **Mojang's servers** verify the client's credentials and add the player to the their Servers
+3. Now our server will send a Request to the Session servers and check if the Player has joined the Session Server.
+4. If the request was successfull, It will give use more information about the Player (e.g. UUID, Name, Skin/Cape...)
+
+### Custom Authentication Server
+
+Pumpkin does support custom Authentication servers, You can replace the Authentication URL in `features.toml`.
+
+Pumpkin Authentication works like this (Mojang/Custom):
+
+1. GET Request > Authentication
+
+2. Status Code 200 > Successfull
+
+3. Successfull > Parse JSON Game Profile
+
+#### Game Profile
+
+```rust
+id: UUID
+```
+
+```rust
+name: String
+```
+
+```rust
+properties: Array<Property>
+```
+
+> [!IMPORTANT]
+> Optional, Only present when actions are taken
+
+```rust
+profile_actions: Array<ProfileAction>
+```
+
+##### Property
+
+```rust
+name: String
+```
+
+> [!IMPORTANT]
+> base 64
+
+```rust
+- value: String
+```
+
+> [!IMPORTANT]
+> Optional, base 64
+
+```rust
+- signature: String
+```
+
+##### Profile Action
+
+```rust
+FORCED_NAME_CHANGE
+USING_BANNED_SKIN
+```

docs/index.md

@@ -11,11 +11,11 @@ hero:
       text: Quick Start
       link: /about/quick-start
     - theme: alt
-      text: Documentation
-      link: /about/introduction
+      text: Configuration
+      link: /config/introduction
     - theme: alt
       text: For developers
-      link: /plugins/about
+      link: /developer/introduction
 
 features:
   - title: Written in Rust

pumpkin-config/src/auth.rs

@@ -9,10 +9,14 @@ pub struct AuthenticationConfig {
     #[serde_inline_default(true)]
     pub enabled: bool,
 
+    pub auth_url: String,
+
     /// Prevent proxy connections.
     #[serde_inline_default(false)]
     pub prevent_proxy_connections: bool,
 
+    pub prevent_proxy_connection_auth_url: String,
+
     /// Player profile handling.
     #[serde(default)]
     pub player_profile: PlayerProfileConfig,
@@ -29,6 +33,8 @@ impl Default for AuthenticationConfig {
             prevent_proxy_connections: false,
             player_profile: Default::default(),
             textures: Default::default(),
+            auth_url: "https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_hash}".to_string(),
+            prevent_proxy_connection_auth_url: "https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_hash}&ip={ip}".to_string(),
         }
     }
 }

pumpkin/src/client/authentication.rs

@@ -60,9 +60,18 @@ pub async fn authenticate(
     assert!(ADVANCED_CONFIG.authentication.enabled);
     assert!(server.auth_client.is_some());
     let address = if ADVANCED_CONFIG.authentication.prevent_proxy_connections {
-        format!("https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_hash}&ip={ip}")
+        ADVANCED_CONFIG
+            .authentication
+            .auth_url
+            .replace("{username}", username)
+            .replace("{server_hash}", server_hash)
+            .replace("{}", &ip.to_string())
     } else {
-        format!("https://sessionserver.mojang.com/session/minecraft/hasJoined?username={username}&serverId={server_hash}")
+        ADVANCED_CONFIG
+            .authentication
+            .auth_url
+            .replace("{username}", username)
+            .replace("{server_hash}", server_hash)
     };
     let auth_client = server
         .auth_client
@@ -107,7 +116,6 @@ pub fn is_texture_url_valid(url: Url, config: &TextureConfig) -> Result<(), Text
         return Err(TextureError::DisallowedUrlScheme(scheme.to_string()));
     }
     let domain = url.domain().unwrap_or("");
-    dbg!(domain);
     if !config
         .allowed_url_domains
         .iter()