Struct lu_packets::auth::server::LoginRequest
source · [−]pub struct LoginRequest {
pub username: LuWString33,
pub password: LuWString41,
pub locale_id: u16,
pub client_os: ClientOs,
pub computer_stats: ComputerStats,
}
Expand description
Provides username and password to authenticate the client.
Also provides system stats for analytics.
Trigger
Receipt of Handshake
with a service_id
of ServiceId::Auth
.
Handling
Look up the username and a hashed form of the password in the database. If there is a match, generate a session key to be used as an auth token when the client connects to world servers, and save it to DB. Generate session keys in a way that makes it impossible for an attacker to guess a session key with non-neglible probability. Specifically, this means that using an incrementing number or a non-cryptographically-secure pseudo-random number generator for session keys is not secure.
In addition, determine the address of a char server to redirect the client to.
Response
Respond with LoginResponse
, using an appropriate variant to indicate the lookup status, passing the session key and redirect address if successful.
Notes
The password is provided in plain text. Don’t save this password to the database unprocessed, as this constitutes a security hazard. Hash and salt it using a strong cryptographic hash function before saving it.
Fields
username: LuWString33
The client’s user name.
password: LuWString41
The client’s password.
locale_id: u16
The client’s locale.
client_os: ClientOs
The client’s operating system.
computer_stats: ComputerStats
Stats about the computer the client is running on.