xiretza/factoriauth
1
0
Fork 0
Code Issues 2 Pull requests Releases Activity
An unofficial authentication server for Factorio
91 commits 1 branch 3 tags 774 KiB
Rust 96.6%
Shell 3.4%
Find a file
Xiretza a50660ddc3 Sort dependencies properly
2024-02-20 19:59:26 +00:00
src Enforce minimum length for padlock generation secret 2024-02-15 20:58:41 +00:00
.editorconfig remove invalid quotes from editorconfig 2024-02-11 17:26:33 +01:00
.env use query! and query_as! 2024-02-10 14:31:22 +01:00
.gitignore Add config 2024-02-10 13:11:36 +00:00
Cargo.lock use trait object for database 2024-02-11 16:48:03 +01:00
Cargo.toml Sort dependencies properly 2024-02-20 19:59:26 +00:00
clippy.toml Add clippy configuration 2024-02-10 09:20:44 +00:00
config.toml.example Allow specifying IP address to listen on 2024-02-15 19:58:33 +00:00
deny.toml Add cargo-deny config 2024-02-10 22:05:11 +00:00
LICENSE.txt Add license 2024-02-09 20:22:03 +00:00
README.md Mention padlock-secret in README 2024-02-15 21:05:32 +00:00

README.md

factoriauth - an unofficial Factorio authentication server

Let's say you and your friends are

  • on an oil rig,
  • in space, or
  • in the far future,

and you want to host a Factorio server. Because you don't have an internet connection (or the official authentication servers don't exist anymore), your only option is to disable require_user_verification in the server config - but this allows anyone to connect as any user, which is no good, especially for PvP scenarios! Wouldn't it be great if you could set up your own authentication server?

factoriauth is exactly that. It allows clients to log in as custom users provided by one of several authentication backends (e.g. LDAP or a passwd-style file), and allows servers to validate that these custom users are properly authenticated.

Roadmap

Complete

  • server padlock generation (POST /generate-server-padlock-2)
  • user_server_key generation (POST /generate-user-server-key-2)
  • user token generation and storage (POST /api-login)
  • LDAP authentication backend

Planned

  • more authentication backends: user file, PAM(?)
  • server padlock proxying (to allow e.g. factorio.com users to join servers using a custom auth server)

Unplanned

Setup

Configuring factoriauth

Copy config.toml.example to config.toml and adjust as necessary. padlock-secret needs to be a hex-encoded binary string of at least 32 bytes - either generate your own, or attempt to start factoriauth once and copy the freshly generated secret from the error message.

LDAP authentication backend notes

Factoriauth first binds anonymously to the specified LDAP server in order to look up the login user's DN under search-base, thus permitting e.g. login via email. The LDAP server must be configured to allow this in order for Factoriauth to work correctly.

Configuring clients/servers

To use the auth server, the following snippet needs to be added to the clients' and servers' config.ini, replacing the URL of the server as appropriate:

[servers]
auth-server=https://my-auth-server.example/

NOTE: If a client isn't entirely offline, you also need to override the updater server to an invalid/unreachable address, otherwise the client will contact it with an invalid token on startup and prompt for a re-login:

[servers]
updater-server=http://invalid.example

Running factoriauth

Either use cargo install --path . and follow its instructions for how to update $PATH, then run factoriauth, or run the program straight from the repository: cargo run.