factoriauth/README.md

76 lines
2.6 KiB
Markdown
Raw Normal View History

2024-02-09 21:05:31 +01:00
# factoriauth - an unofficial [Factorio](https://factorio.com) authentication server
Let's say you and your friends are
2024-02-09 21:05:31 +01:00
- on an oil rig,
- in space, or
- in the far future,
and you want to host a Factorio server. Because you don't have an internet connection (or the
official authentication servers don't exist anymore), your only option is to disable
`require_user_verification` in the server config - but this allows anyone to connect as any user,
which is no good, especially for PvP scenarios! Wouldn't it be great if you could set up your own
authentication server?
factoriauth is exactly that. It allows clients to log in as custom users provided by one of several
authentication backends (e.g. LDAP or a passwd-style file), and allows servers to validate that
these custom users are properly authenticated.
## Roadmap
### Complete
2024-02-10 20:08:47 +01:00
- server padlock generation (`POST /generate-server-padlock-2`)
- `user_server_key` generation (`POST /generate-user-server-key-2`)
- [user token generation](https://wiki.factorio.com/Web_authentication_API) and storage (`POST
/api-login`)
- LDAP authentication backend
2024-02-09 21:05:31 +01:00
### Planned
- more authentication backends: user file, PAM(?)
2024-02-09 21:05:31 +01:00
- server padlock proxying (to allow e.g. factorio.com users to join servers using a custom auth
server)
### Unplanned
- [updater server functionality](https://wiki.factorio.com/Download_API)
- [mods server functionality](https://wiki.factorio.com/Mod_portal_API)
- [multiplayer lobby server functionality](https://wiki.factorio.com/Matchmaking_API)
## Setup
### Configuring factoriauth
2024-02-10 23:11:39 +01:00
Copy `config.toml.example` to `config.toml` and adjust as necessary.
2024-02-09 21:05:31 +01:00
#### LDAP authentication backend notes
Factoriauth first binds anonymously to the specified LDAP server in order to look up the login
user's DN under `search-base`, thus permitting e.g. login via email. The LDAP server
must be configured to allow this in order for Factoriauth to work correctly.
2024-02-09 21:05:31 +01:00
### Configuring clients/servers
To use the auth server, the following snippet needs to be added to the clients' and servers'
`config.ini`, replacing the URL of the server as appropriate:
```ini
[servers]
auth-server=https://my-auth-server.example/
```
2024-02-10 23:11:39 +01:00
NOTE: If a client isn't entirely offline, you also need to override the updater server to an
invalid/unreachable address, otherwise the client will contact it with an invalid token on startup
and prompt for a re-login:
```ini
[servers]
updater-server=http://invalid.example
```
2024-02-09 21:05:31 +01:00
### Running factoriauth
2024-02-10 23:11:39 +01:00
Either use `cargo install --path .` and follow its instructions for how to update `$PATH`, then run
`factoriauth`, or run the program straight from the repository: `cargo run`.