OSRS [Kronos] How to integrate Xenforo Web Auth + World List

[Patrity]

PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.

This guide is only for my Kronos release located here: https://www.rune-server.ee/runescap...er-deob-client-multi-world-support-184-a.html
This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020

Authentication
For this to function correctly, you will need to have purchased a XenForo license.
If you prefer IPB, "Brandito" has provided a script to do so here:

Spoiler for IPB Integration:

I have not personally tested this and much prefer XenForo's API so YMMV!
IPB Docs: https://invisioncommunity.com/devel...ods/creating-a-usernamepassword-handler-r174/

Setup a new page and pageblock via the ACP and use the following script:

if (isset(\IPS\Request::i()->token)) {
    $FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
    $providedToken = \IPS\Request::i()->token;

    if ($FIND_TOKEN === $providedToken) {
        if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
            $login = new \IPS\Login();
            $loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
            $loginname = \IPS\Request::i()->login;
            if (!ctype_alnum($loginname))
                die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
            try {
                $member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));

                echo json_encode(
                    array(
                        "user_id" => $member->member_id,
                        "username" => $member->name,
                        "user_group_id" => $member->member_group_id,
                        "secondary_group_ids" => array(2) //REGISTERED GROUP
                    )
                );
            } catch (\IPS\Login\Exception $ex) {
                if ($ex->getMessage() == 'login_err_bad_password') {
                    echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
                } else {
                    echo json_encode(array("errorMessage" => "Unregistered account."));
                }
            }
        } else {
              echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
    }
    } else {
        echo json_encode(array("errorMessage" => "Invalid token."));
    }
} else {
    echo json_encode(array("errorMessage" => "A query parameter was missing."));
}

Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key

Set the title to whatever you'd like but be descriptive, just as best practices.
You also need to select the Super User perm in order to use the auth scope.

Now - in general, never give more permission than what is needed for API keys.
For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense.

Copy this key, using the button, so that you're sure it's exact.

Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing.

That's it. Auth done.


World List
Now in order to setup the world list, you will need to download a small php script --> HERE <--

Simply place this on your web service somewhere.

Open `world_updater.php`and modify this API key.
I recomend using something like LastPass in order to generate a secure 32 character api key.

Now go back to your IDE and open `WorldList` within the Central Server module.

First, place the same auth key you just generated, on line 16.

Second, go to line 59 and modify your url to where your newly uploaded php script is.
Example: https://example.com/someFolder/world_updater.php?k=
LEAVE THE "?k=" This is where the auth token will be placed in the request.

And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.

A note about security best practices.
I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!

 

[Badouscape]

Do you think it's possible for you to share the integration for CC and FC to work !

 

[Pretty_Stinky]

Let the runite leeeches begin!

 

[Patrity]

Let the runite leeeches begin!

Better a runite leech than a ruse leech.

If you prefer IPB, "Brandito" has provided a script to do so.
I have not personally tested this and much prefer XenForo's API so YMMV!

I have added a spoiler on the main post.

 

[Patrity]

Do you think it's possible for you to share the integration for CC and FC to work !

Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
Let me know if that helps out!

 

[BoomScape]

PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.

This guide is only for my Kronos release located here: https://www.rune-server.ee/runescap...er-deob-client-multi-world-support-184-a.html
This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020

Authentication
For this to function correctly, you will need to have purchased a XenForo license.
If you prefer IPB, "Brandito" has provided a script to do so here:

Spoiler for IPB Integration:

I have not personally tested this and much prefer XenForo's API so YMMV!
IPB Docs: https://invisioncommunity.com/devel...ods/creating-a-usernamepassword-handler-r174/

Setup a new page and pageblock via the ACP and use the following script:

if (isset(\IPS\Request::i()->token)) {
    $FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
    $providedToken = \IPS\Request::i()->token;

    if ($FIND_TOKEN === $providedToken) {
        if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
            $login = new \IPS\Login();
            $loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
            $loginname = \IPS\Request::i()->login;
            if (!ctype_alnum($loginname))
                die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
            try {
                $member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));

                echo json_encode(
                    array(
                        "user_id" => $member->member_id,
                        "username" => $member->name,
                        "user_group_id" => $member->member_group_id,
                        "secondary_group_ids" => array(2) //REGISTERED GROUP
                    )
                );
            } catch (\IPS\Login\Exception $ex) {
                if ($ex->getMessage() == 'login_err_bad_password') {
                    echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
                } else {
                    echo json_encode(array("errorMessage" => "Unregistered account."));
                }
            }
        } else {
              echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
    }
    } else {
        echo json_encode(array("errorMessage" => "Invalid token."));
    }
} else {
    echo json_encode(array("errorMessage" => "A query parameter was missing."));
}

Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key

Set the title to whatever you'd like but be descriptive, just as best practices.
You also need to select the Super User perm in order to use the auth scope.

Now - in general, never give more permission than what is needed for API keys.
For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense.

Copy this key, using the button, so that you're sure it's exact.

Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing.

That's it. Auth done.


World List
Now in order to setup the world list, you will need to download a small php script --> HERE <--

Simply place this on your web service somewhere.

Open `world_updater.php`and modify this API key.
I recomend using something like LastPass in order to generate a secure 32 character api key.

Now go back to your IDE and open `WorldList` within the Central Server module.

First, place the same auth key you just generated, on line 16.

Second, go to line 59 and modify your url to where your newly uploaded php script is.
Example: https://example.com/someFolder/world_updater.php?k=
LEAVE THE "?k=" This is where the auth token will be placed in the request.

And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.

A note about security best practices.
I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!

With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error

james attempting to login.
org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
	at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
	at org.json.JSONObject.<init>(JSONObject.java:222)
	at org.json.JSONObject.<init>(JSONObject.java:406)
	at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
	at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
	at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
	at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
	at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
	at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)

Any clue on this one?

 

[Patrity]

With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error

james attempting to login.
org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
	at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
	at org.json.JSONObject.<init>(JSONObject.java:222)
	at org.json.JSONObject.<init>(JSONObject.java:406)
	at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
	at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
	at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
	at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
	at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
	at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)

Any clue on this one?

Looks like the response is not as expected. As I said, I have not tested the IPB integration, however you could run some test requests using Postman: https://www.postman.com/

 

[BoomScape]

Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
Let me know if that helps out!

Also got the same error as that guy with friends/cc not working with this configured

It looks like it's related to the file 'XenPost' but unsure on the auth for that system?

 

[Patrity]

Also got the same error as that guy with friends/cc not working with this configured

It looks like it's related to the file 'XenPost' but unsure on the auth for that system?

Users would need to bypass any use of that post method. I will not release that integration script that was originally released with Runite because it is a massive security concern.
Nothing is secure about the way it is created.

 

[Smidge]

Looks like the response is not as expected. As I said, I have not tested the IPB integration, however you could run some test requests using Postman: https://www.postman.com/

I get that same error with the Xenforo Intergration don't wana use the runite one xD

 

[Xyro]

The integration folder is missing a index.php file where it checks auth.

[ForkJoinPool.commonPool-worker-3] ERROR rollingErrorFileLogger - Failed to post: https://XXXXX.com/integration/index.php
java.io.FileNotFoundException: https://XXXXX.com/integration/index.php
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1896)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
	at io.ruin.api.utils.PostWorker.post(PostWorker.java:65)
	at io.ruin.api.utils.PostWorker.postArray(PostWorker.java:82)
	at io.ruin.api.utils.XenPost.post(XenPost.java:15)
	at io.ruin.central.utility.XenUser.load(XenUser.java:51)
	at io.ruin.central.utility.XenUser.lambda$forName$1(XenUser.java:44)
	at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1604)
	at java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1596)
	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
	at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
null

So, still can't get CC/friends chat to work now?

EDIT: Got the folder, if u need it feel free to msg me.

 

[ZootAllDay]

I kind of fixed all of my problems, the only issue i have left is the black client.

I edited the client file so it points to my ip (i opened it up with Xampp so i don't need a webhost)
and from there I tried using OSRS jav_config.ws as well.

For some reason the client stays black.

The ports are all open and seen for the update server, central server and server. (13302,7304,3548 etc.)

In my browser I do have access to the file and it is actually readable through the internet browser.

Yet I still have a black screen, I think this is the only fix left till the source is finally running correctly for me.

 

[Mvrcus]

Failed to update world list. not sure where im going wrong, followed everything to a T, only thought is the server isnt giving access to the world_updater.php file but have tried changing permissons/folders/user ownership you name it. Anyone got an idea on where I could be going wrong?

 

[Wintersoul]

does any recommend a web server, I've tried a few and I keep running into this issue

[world-list #1] ERROR rollingErrorFileLogger - Failed to update world list!

Failed to update world list. not sure where im going wrong, followed everything to a T, only thought is the server isnt giving access to the world_updater.php file but have tried changing permissons/folders/user ownership you name it. Anyone got an idea on where I could be going wrong?

by any chance did you find a fix for this?

 

[capocell]

does any recommend a web server, I've tried a few and I keep running into this issue

[world-list #1] ERROR rollingErrorFileLogger - Failed to update world list!

by any chance did you find a fix for this?

world_update api error

 

[BotIsLive]

nvm fixed

 

[R0cky 0wnz]

Hi,

502 Bad Gateway

the link is broken

 

[R0cky 0wnz]

Hi,

502 Bad Gateway

the link is broken

https://mega.nz/file/fd5iwKRR#LgxDVUkaGifNbJcc4gEUNARgmhE3MFBjCppj1MufoX8

 

[bigblocky]

nice stuff

 

[FreedomRSPS]

Ty for ur hard work