Further auth requests consistency fixes (#1149)

* Further auth requests consistency fixes - Generated device UUIDs are lowercase, whereas they're uppercase in MCL - TitleId in SISU authenticate is supposed to be a string (it is in MCL) - UseModernGamertag in SISU authorize, on the other hand, is a boolean - Clarified charset of our requests like MCL does - Specified rng gen call to generate u8 to fix compile error (???) * Enable deflate, gzip and brotli compression support
2024-04-25 20:45:32 +02:00
parent deedf4fc8b
commit 4de64d9a43
3 changed files with 34 additions and 10 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -102,6 +102,7 @@ version = "0.4.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "07dbbf24db18d609b1462965249abdf49129ccad073ec257da372adc83259c60"
 dependencies = [
+ "brotli 4.0.0",
 "bzip2",
 "deflate64",
 "flate2",
@@ -109,6 +110,7 @@ dependencies = [
 "futures-io",
 "memchr",
 "pin-project-lite",
+ "tokio",
 "xz2",
 "zstd 0.13.1",
 "zstd-safe 7.1.0",
@@ -453,7 +455,18 @@ checksum = "d640d25bc63c50fb1f0b545ffd80207d2e10a4c965530809b40ba3386825c391"
 dependencies = [
 "alloc-no-stdlib",
 "alloc-stdlib",
- "brotli-decompressor",
+ "brotli-decompressor 2.5.1",
+]
+
+[[package]]
+name = "brotli"
+version = "4.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "125740193d7fee5cc63ab9e16c2fdc4e07c74ba755cc53b327d6ea029e9fc569"
+dependencies = [
+ "alloc-no-stdlib",
+ "alloc-stdlib",
+ "brotli-decompressor 3.0.0",
 ]

 [[package]]
@@ -466,6 +479,16 @@ dependencies = [
 "alloc-stdlib",
 ]

+[[package]]
+name = "brotli-decompressor"
+version = "3.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "65622a320492e09b5e0ac436b14c54ff68199bac392d0e89a6832c4518eea525"
+dependencies = [
+ "alloc-no-stdlib",
+ "alloc-stdlib",
+]
+
 [[package]]
 name = "bstr"
 version = "1.9.1"
@@ -3869,6 +3892,7 @@ version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "566cafdd92868e0939d3fb961bd0dc25fcfaaed179291093b3d43e6b3150ea10"
 dependencies = [
+ "async-compression",
 "base64 0.22.0",
 "bytes",
 "encoding_rs",
@@ -4891,7 +4915,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1554c5857f65dbc377cefb6b97c8ac77b1cb2a90d30d3448114d5d6b48a77fc"
 dependencies = [
 "base64 0.21.7",
- "brotli",
+ "brotli 3.5.0",
 "ico",
 "json-patch",
 "plist",
@@ -5015,7 +5039,7 @@ version = "1.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75ad0bbb31fccd1f4c56275d0a5c3abdf1f59999f72cb4ef8b79b4ed42082a21"
 dependencies = [
- "brotli",
+ "brotli 3.5.0",
 "ctor",
 "dunce",
 "glob",
--- a/theseus/Cargo.toml
+++ b/theseus/Cargo.toml
@@ -46,7 +46,7 @@ indicatif = { version = "0.17.3", optional = true }

 async-tungstenite = { version = "0.25.1", features = ["tokio-runtime", "tokio-native-tls"] }
 futures = "0.3"
-reqwest = { version = "0.12.3", features = ["json", "stream"] }
+reqwest = { version = "0.12.3", features = ["json", "stream", "deflate", "gzip", "brotli"] }
 tokio = { version = "1", features = ["full"] }
 tokio-stream = { version = "0.1", features = ["fs"] }
 async-recursion = "1.0.4"
--- a/theseus/src/state/minecraft_auth.rs
+++ b/theseus/src/state/minecraft_auth.rs
@@ -434,7 +434,7 @@ async fn sisu_authenticate(
          "RedirectUri": REDIRECT_URL,
          "Sandbox": "RETAIL",
          "TokenType": "code",
-          "TitleId": 1794566092,
+          "TitleId": "1794566092",
        }),
        key,
        MinecraftAuthStep::SisuAuthenicate,
@@ -581,7 +581,7 @@ async fn sisu_authorize(
            "SessionId": session_id,
            "SiteName": "user.auth.xboxlive.com",
            "RelyingParty": "http://xboxlive.com",
-            "UseModernGamertag": "true"
+            "UseModernGamertag": true
        }),
        key,
        MinecraftAuthStep::SisuAuthorize,
@@ -781,7 +781,7 @@ pub struct DeviceTokenKey {

 #[tracing::instrument]
 fn generate_key() -> Result<DeviceTokenKey, MinecraftAuthenticationError> {
-    let id = Uuid::new_v4().to_string();
+    let id = Uuid::new_v4().to_string().to_uppercase();

    let signing_key = SigningKey::random(&mut OsRng);
    let public_key = VerifyingKey::from(&signing_key);
@@ -879,9 +879,9 @@ async fn send_signed_request<T: DeserializeOwned>(
    let res = auth_retry(|| {
        let mut request = REQWEST_CLIENT
            .post(url)
-            .header("Content-Type", "application/json")
+            .header("Content-Type", "application/json; charset=utf-8")
            .header("Accept", "application/json")
-            .header("signature", &signature);
+            .header("Signature", &signature);

        if url != "https://sisu.xboxlive.com/authorize" {
            request = request.header("x-xbl-contract-version", "1");
@@ -915,6 +915,6 @@ async fn send_signed_request<T: DeserializeOwned>(
 fn generate_oauth_challenge() -> String {
    let mut rng = rand::thread_rng();

-    let bytes: Vec<u8> = (0..64).map(|_| rng.gen()).collect();
+    let bytes: Vec<u8> = (0..64).map(|_| rng.gen::<u8>()).collect();
    bytes.iter().map(|byte| format!("{:02x}", byte)).collect()
 }