78 lines
2.8 KiB
Markdown
78 lines
2.8 KiB
Markdown
# factoriauth - an unofficial [Factorio](https://factorio.com) authentication server
|
|
|
|
Let's say you and your friends are
|
|
|
|
- on an oil rig,
|
|
- in space, or
|
|
- in the far future,
|
|
|
|
and you want to host a Factorio server. Because you don't have an internet connection (or the
|
|
official authentication servers don't exist anymore), your only option is to disable
|
|
`require_user_verification` in the server config - but this allows anyone to connect as any user,
|
|
which is no good, especially for PvP scenarios! Wouldn't it be great if you could set up your own
|
|
authentication server?
|
|
|
|
factoriauth is exactly that. It allows clients to log in as custom users provided by one of several
|
|
authentication backends (e.g. LDAP or a passwd-style file), and allows servers to validate that
|
|
these custom users are properly authenticated.
|
|
|
|
## Roadmap
|
|
|
|
### Complete
|
|
|
|
- server padlock generation (`POST /generate-server-padlock-2`)
|
|
- `user_server_key` generation (`POST /generate-user-server-key-2`)
|
|
- [user token generation](https://wiki.factorio.com/Web_authentication_API) and storage (`POST
|
|
/api-login`)
|
|
- LDAP authentication backend
|
|
|
|
### Planned
|
|
|
|
- more authentication backends: user file, PAM(?)
|
|
- server padlock proxying (to allow e.g. factorio.com users to join servers using a custom auth
|
|
server)
|
|
|
|
### Unplanned
|
|
|
|
- [updater server functionality](https://wiki.factorio.com/Download_API)
|
|
- [mods server functionality](https://wiki.factorio.com/Mod_portal_API)
|
|
- [multiplayer lobby server functionality](https://wiki.factorio.com/Matchmaking_API)
|
|
|
|
## Setup
|
|
|
|
### Configuring factoriauth
|
|
|
|
Copy `config.toml.example` to `config.toml` and adjust as necessary. `padlock-secret` needs to be a
|
|
hex-encoded binary string of at least 32 bytes - either generate your own, or attempt to start
|
|
factoriauth once and copy the freshly generated secret from the error message.
|
|
|
|
#### LDAP authentication backend notes
|
|
|
|
Factoriauth first binds anonymously to the specified LDAP server in order to look up the login
|
|
user's DN under `search-base`, thus permitting e.g. login via email. The LDAP server
|
|
must be configured to allow this in order for Factoriauth to work correctly.
|
|
|
|
### Configuring clients/servers
|
|
|
|
To use the auth server, the following snippet needs to be added to the clients' and servers'
|
|
`config.ini`, replacing the URL of the server as appropriate:
|
|
|
|
```ini
|
|
[servers]
|
|
auth-server=https://my-auth-server.example/
|
|
```
|
|
|
|
NOTE: If a client isn't entirely offline, you also need to override the updater server to an
|
|
invalid/unreachable address, otherwise the client will contact it with an invalid token on startup
|
|
and prompt for a re-login:
|
|
|
|
```ini
|
|
[servers]
|
|
updater-server=http://invalid.example
|
|
```
|
|
|
|
### Running factoriauth
|
|
|
|
Either use `cargo install --path .` and follow its instructions for how to update `$PATH`, then run
|
|
`factoriauth`, or run the program straight from the repository: `cargo run`.
|