mirror of
https://github.com/exogen/t2-mapper.git
synced 2026-03-13 17:30:56 +00:00
322 lines
9.2 KiB
TypeScript
322 lines
9.2 KiB
TypeScript
/**
|
|
* Downloads TribesNext account credentials (certificate + encrypted private key)
|
|
* from the auth server using username and password.
|
|
*
|
|
* Usage:
|
|
* tsx scripts/t2-login.ts [--env=<path>]
|
|
*
|
|
* Reads T2_ACCOUNT_NAME and T2_ACCOUNT_PASSWORD from .env / environment (or prompts).
|
|
* Writes/updates T2_ACCOUNT_CERTIFICATE and T2_ACCOUNT_ENCRYPTED_KEY in the
|
|
* target env file (default: .env.local).
|
|
*
|
|
* This only needs to be run once — the credentials persist until you change
|
|
* your password or the auth server rotates keys.
|
|
*/
|
|
|
|
import crypto from "node:crypto";
|
|
import net from "node:net";
|
|
import http from "node:http";
|
|
import fs from "node:fs/promises";
|
|
import path from "node:path";
|
|
import readline from "node:readline/promises";
|
|
|
|
const ROOT = path.resolve(import.meta.dirname, "..");
|
|
|
|
function sha1(data: string): string {
|
|
return crypto.createHash("sha1").update(data).digest("hex");
|
|
}
|
|
|
|
/** Parse --env=<path> from argv, resolve relative to project root. */
|
|
function getEnvFilePath(): string {
|
|
for (const arg of process.argv.slice(2)) {
|
|
const match = arg.match(/^--env=(.+)$/);
|
|
if (match) {
|
|
return path.resolve(ROOT, match[1]);
|
|
}
|
|
}
|
|
return path.resolve(ROOT, ".env.local");
|
|
}
|
|
|
|
/**
|
|
* Read an env file and return its lines. Returns an empty array if the
|
|
* file doesn't exist.
|
|
*/
|
|
async function readEnvLines(filePath: string): Promise<string[]> {
|
|
try {
|
|
const content = await fs.readFile(filePath, "utf-8");
|
|
return content.split("\n");
|
|
} catch {
|
|
return [];
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Update env file content: replace existing keys in-place, append new ones.
|
|
* Preserves comments, blank lines, and ordering of untouched keys.
|
|
*/
|
|
function updateEnvLines(
|
|
existingLines: string[],
|
|
updates: Record<string, string>,
|
|
): string[] {
|
|
const remaining = new Set(Object.keys(updates));
|
|
const result: string[] = [];
|
|
|
|
for (const line of existingLines) {
|
|
const match = line.match(/^([A-Z_][A-Z0-9_]*)=/);
|
|
if (match && remaining.has(match[1])) {
|
|
result.push(`${match[1]}=${updates[match[1]]}`);
|
|
remaining.delete(match[1]);
|
|
} else {
|
|
result.push(line);
|
|
}
|
|
}
|
|
|
|
// Append any keys that weren't already in the file
|
|
if (remaining.size > 0) {
|
|
// Ensure there's a blank line before new entries (unless file is empty
|
|
// or already ends with one)
|
|
const last = result[result.length - 1];
|
|
if (result.length > 0 && last !== "" && last !== undefined) {
|
|
result.push("");
|
|
}
|
|
for (const key of remaining) {
|
|
result.push(`${key}=${updates[key]}`);
|
|
}
|
|
}
|
|
|
|
// Ensure file ends with a newline
|
|
if (result[result.length - 1] !== "") {
|
|
result.push("");
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
/** Look up the auth server address from tribesnext.com */
|
|
async function findAuthServer(): Promise<string> {
|
|
return new Promise((resolve, reject) => {
|
|
const req = http.get("http://www.tribesnext.com/auth", (res) => {
|
|
let body = "";
|
|
res.on("data", (chunk: Buffer) => {
|
|
body += chunk.toString();
|
|
});
|
|
res.on("end", () => {
|
|
const lines = body.trim().split("\n");
|
|
for (const line of lines) {
|
|
const fields = line.split("\t");
|
|
if (fields.length >= 1 && fields[0].includes(":")) {
|
|
resolve(fields[0]);
|
|
return;
|
|
}
|
|
}
|
|
reject(new Error("Could not parse auth server address from response"));
|
|
});
|
|
});
|
|
req.on("error", reject);
|
|
req.setTimeout(10000, () => {
|
|
req.destroy();
|
|
reject(new Error("Auth server lookup timed out"));
|
|
});
|
|
});
|
|
}
|
|
|
|
/** Download account credentials from the auth server via TCP. */
|
|
async function downloadAccount(
|
|
authAddress: string,
|
|
username: string,
|
|
password: string,
|
|
): Promise<{ certificate: string; encryptedKey: string }> {
|
|
const [host, portStr] = authAddress.split(":");
|
|
const port = parseInt(portStr, 10);
|
|
|
|
// Build the request hash (same as t2csri_downloadAccount)
|
|
const authStored = sha1("3.14159265" + username.toLowerCase() + password);
|
|
const utc = Math.floor(Date.now() / 1000).toString();
|
|
const timeNonce = sha1(utc + username.toLowerCase());
|
|
const requestHash = sha1(authStored + timeNonce);
|
|
const payload = `RECOVER\t${username}\t${utc}\t${requestHash}\n`;
|
|
|
|
return new Promise((resolve, reject) => {
|
|
const socket = new net.Socket();
|
|
let buffer = "";
|
|
let idleTimer: ReturnType<typeof setTimeout> | null = null;
|
|
|
|
// Overall timeout if we never get any data at all.
|
|
socket.setTimeout(15000);
|
|
|
|
socket.connect(port, host, () => {
|
|
socket.write(payload);
|
|
});
|
|
|
|
socket.on("data", (data: Buffer) => {
|
|
buffer += data.toString();
|
|
// The auth server doesn't close the connection after responding.
|
|
// Mimic Torque's 700ms idle timeout to detect response completion.
|
|
if (idleTimer) clearTimeout(idleTimer);
|
|
idleTimer = setTimeout(() => {
|
|
socket.destroy();
|
|
processResponse();
|
|
}, 700);
|
|
});
|
|
|
|
socket.on("end", () => {
|
|
processResponse();
|
|
});
|
|
|
|
socket.on("timeout", () => {
|
|
socket.destroy();
|
|
reject(new Error("Auth server connection timed out"));
|
|
});
|
|
|
|
socket.on("error", (err: Error) => {
|
|
reject(err);
|
|
});
|
|
|
|
socket.on("close", () => {
|
|
processResponse();
|
|
});
|
|
|
|
let processed = false;
|
|
function processResponse() {
|
|
if (processed) return;
|
|
processed = true;
|
|
if (idleTimer) clearTimeout(idleTimer);
|
|
|
|
const trimmed = buffer.trim();
|
|
|
|
if (trimmed === "RECOVERERROR") {
|
|
reject(new Error("Auth server returned RECOVERERROR (malformed request)"));
|
|
return;
|
|
}
|
|
if (trimmed === "NOTFOUND") {
|
|
reject(new Error("Account not found. Check your username."));
|
|
return;
|
|
}
|
|
if (trimmed === "INVALIDPASSWORD") {
|
|
reject(new Error("Invalid password."));
|
|
return;
|
|
}
|
|
|
|
// Success response format:
|
|
// Line 1: CERT: <certificate_fields_tab_separated>
|
|
// Line 2: EXP: <encrypted_private_exponent>
|
|
const lines = trimmed.split("\n");
|
|
if (lines.length < 2) {
|
|
reject(new Error(`Unexpected response from auth server: ${trimmed.slice(0, 200)}`));
|
|
return;
|
|
}
|
|
|
|
let certLine = lines[0];
|
|
let expLine = lines[1];
|
|
|
|
// Strip the "CERT: " prefix
|
|
if (certLine.startsWith("CERT:")) {
|
|
certLine = certLine.substring(6).trim();
|
|
}
|
|
|
|
// Strip the "EXP: " prefix if present
|
|
if (expLine.startsWith("EXP:")) {
|
|
expLine = expLine.substring(5).trim();
|
|
}
|
|
|
|
resolve({
|
|
certificate: certLine,
|
|
encryptedKey: expLine,
|
|
});
|
|
}
|
|
});
|
|
}
|
|
|
|
async function main() {
|
|
const envFilePath = getEnvFilePath();
|
|
|
|
const rl = readline.createInterface({
|
|
input: process.stdin,
|
|
output: process.stdout,
|
|
});
|
|
|
|
// Credentials come from process.env (loaded via --env-file-if-exists in
|
|
// the npm script, or set manually in the shell environment).
|
|
let username = process.env.T2_ACCOUNT_NAME || "";
|
|
let password = process.env.T2_ACCOUNT_PASSWORD || "";
|
|
|
|
if (!username) {
|
|
username = await rl.question("TribesNext username: ");
|
|
} else {
|
|
console.log(`Using username: ${username}`);
|
|
}
|
|
|
|
if (!password) {
|
|
password = await rl.question("TribesNext password: ");
|
|
} else {
|
|
console.log("Using password from environment");
|
|
}
|
|
|
|
rl.close();
|
|
|
|
if (!username || !password) {
|
|
console.error("Username and password are required.");
|
|
process.exit(1);
|
|
}
|
|
|
|
// Step 1: Find auth server
|
|
let authAddress = process.env.T2_AUTH_SERVER || "";
|
|
if (authAddress) {
|
|
console.log(`Using auth server from environment: ${authAddress}`);
|
|
} else {
|
|
console.log("Looking up auth server...");
|
|
try {
|
|
authAddress = await findAuthServer();
|
|
console.log(`Auth server: ${authAddress}`);
|
|
} catch (e) {
|
|
console.error("Failed to find auth server:", e);
|
|
process.exit(1);
|
|
}
|
|
}
|
|
|
|
// Step 2: Download credentials
|
|
console.log("Downloading account credentials...");
|
|
let credentials: { certificate: string; encryptedKey: string };
|
|
try {
|
|
credentials = await downloadAccount(authAddress, username, password);
|
|
} catch (e) {
|
|
console.error("Failed to download credentials:", e);
|
|
process.exit(1);
|
|
}
|
|
|
|
console.log("Successfully downloaded credentials!");
|
|
|
|
// Verify the certificate looks valid
|
|
const certFields = credentials.certificate.split("\t");
|
|
if (certFields.length >= 4) {
|
|
console.log(` Account: ${certFields[0]}`);
|
|
console.log(` GUID: ${certFields[1]}`);
|
|
console.log(` Public key length: ${certFields[3].length} hex chars`);
|
|
}
|
|
|
|
// Step 3: Update the env file
|
|
const certB64 = Buffer.from(credentials.certificate).toString("base64");
|
|
const keyB64 = Buffer.from(credentials.encryptedKey).toString("base64");
|
|
|
|
const existingLines = await readEnvLines(envFilePath);
|
|
const updatedLines = updateEnvLines(
|
|
existingLines.length > 0 ? existingLines : ["# Generated by scripts/t2-login.ts"],
|
|
{
|
|
T2_ACCOUNT_NAME: username,
|
|
T2_ACCOUNT_PASSWORD: password,
|
|
T2_ACCOUNT_CERTIFICATE: certB64,
|
|
T2_ACCOUNT_ENCRYPTED_KEY: keyB64,
|
|
},
|
|
);
|
|
|
|
await fs.writeFile(envFilePath, updatedLines.join("\n"), "utf-8");
|
|
console.log(`\nCredentials written to ${envFilePath}`);
|
|
console.log(
|
|
"The relay server will read these automatically. Run: npm run relay:dev",
|
|
);
|
|
}
|
|
|
|
main().catch((e) => {
|
|
console.error(e);
|
|
process.exit(1);
|
|
});
|