| Age | Commit message (Collapse) | Author |
|---|
|
configure.sh isn't used to build this.
README_LINUX.md is inapplicable.
|
|
The subprotocol shall use binary frames, and AO protocol stays separated
within the text frames.
|
|
Introduce start_auth_flow, a function invoked by typing `/auth username`
in OOC. It sends an public-key authentication request to the server,
starting the entire flow.
The flow invoves two dialogs: to select the key, and to enter the
passphrase to unlock the key. For convenience, each successful unlock
also remembers the key for that username on the server, storing this
in `saved_auth.json` (I chose JSON because I wanted it to stay
human-editable; INI would be better, but it suffers from bad platform
quirks in Qt).
|
|
Add "Keyring" tab to the options dialog. The tab displays the keys from
the table model (notes and certificates) and lets users create and
delete keys.
Key generation dialog includes passphare confirmation and a note.
|
|
The keyring provides the system to store secret keys in an encrypted
format, create and delete keys, display public keys and notes for the
user, and use these keys to peform public-key authentication on servers.
Keyring is serialized into `keyring.cbor` in the application directory.
It's a CBOR map with keys being key IDs (fingerprints), and the values
are key entries, the schema of which looks like this:
key-entry {
0 => uint, ; Algorithm tag, 1 byte
1 => text, ; Comment/note for the key
2 => bytes, ; Public key (certificate), 32 bytes
3 => bytes ; Encrypted and authenticated secret key (AEAD payload)
}
Key fingerprint is `BLAKE2b-256(tag || public_key)`, where `||` denotes
concatenation of byte strings.
Encrypted payload is a fixed binary structure (field sizes in bytes):
Version(1)
Salt(16)
Opslimit(4)
Memlimit(4)
Alg(1)
Ciphertext(32)
MAC(16)
Upon key generation, a new secret key is created, sourced from a secure
RNG. The wrap key is derived from the passphrase using Argon2 with
the specified iterations, memory cost, variant (3 iterations, 1 GB of
memory, Argon2id), and 16 bytes of randomly generated unique salt. This
wrap key is used with ChaCha20-Poly1305 to encrypt the secret key, with
all the prior fields as additional authenticatied data and all-zero
nonce (the uniqueness is already provided by the salt).
The key pairs are X25519, used specifically for key exchange. When the
server sends the ephemeral public key as a challenge, the client uses
`unlock_and_auth` function with the key corresponding to the right
certificate. After entering the correct passphrase, the secret key is
decrypted and used to derive a shared secret with the server's ephemeral
key. The client then responds with:
BLAKE2b-256("Einsof-Auth-DHCR" || shared_secret || challenge
|| certificate || username)
Where the first string is provided for domain separation, shared secret
proves possession of the secret key, and other parameters are hashed in
to bind this authentication attempt to the current session (via random
challenge), identity (via public key and username), and transcript.
Note on canonicalization: all fields but last are fixed-length,
concatenation here is unambiguous.
The server, in turn, performs the same opeations, except the shared
secret is derived from the server's ephemeral secret and the client's
public key. Naturally, username and public key must be correct. If the
response matches, the server authenticates the client. The client never
transmits its secret.
This scheme is essentially deriving a session secret and computing MAC
over the transcript with that secret to prove authenticity. It serves as
a simple identification protocol. Unlike digital signatures, it's
interactive, valid only in the context of a single authentication
attempt, and only between two participants involved. Signatures, in
contrast, are valid everywhere, for everyone, and they require
additional nonces and context. In fact, they're interactive
identification protocols turned non-interactive, so forcing them back
into this setting is unnecessary complexity.
The primitives are fixed: X25519 for key exchange, Argon2 for
password-based key derivation, ChaCha20-Poly1305 for encryption, BLAKE2b
for hashing. Provided by libsodium.
Simplicity is key. There's no flexibility, negotiation, or
compatibility, and it'll hopefully stay this way. Unless you're worried
about quantum computers appearing tomorrow and attacking a niche AO
implementation, in which case I'll add the ML-KEM variant just for you.
|
|
Introduce the subprotocol ("Einsof"), its prototype serialization and
parsing functions, and its first set of messages.
These messages are carriers of public-key authentication mechanism which
involves client request, server challenge, and client response. An
"ident" message is used to tell a compatible server that you support a
particular version of the subprotocol.
Note: the functions that handle encoding are very specialized.
They're not representative of how the wire format should be generally
handled, and were written this way because the first set of messages is
tiny and simple enough.
|
|
Avoids "list index out of range" crashes when you press "Edit server"
afterwards.
|
|
Not a good universal change. But if you're using this client, you're
likely connecting to favorited servers either way, and you can always
add them from the MS.
That said, I don't want to keep it like that. One solution is to save
last opened tab with QSettings, and then restore it.
|
|
We haven't been able to connect to legacy servers for a very long time
now, and the entries only serve to clutter the list. It's time to filter
them out in favor of cleaning up the list and showing WSS-enabled
servers due appreciation.
|
|
Add full WSS support to public server list (using wss_port, overriding
insecure port), favorite servers list, and direct connections, and show
which servers are secure.
Revert the upstream's removal of `legacy` ServerInfo field, as I use it
to filter out legacy servers. To differentiate schemes, the `scheme`
field is used, either "ws" or "wss". I don't see the reason to add "tcp"
protocol when we don't even support it.
For the UI, add icons for secure and insecure connections. Highlight
secure servers with a green background.
In the favorite server dialog, a checkbox was added to select whether
the server is using WSS.
In the direct connection dialog, support "wss" scheme and default ports:
80 for WS, 443 for WSS, as per the WebSocket specification.
|
|
WebP was being incorrectly labeled as not static. While it does support
animation, it's a static image format by itself. As a result, WebP icons
didn't work, for example.
Only label APNG and GIF as explicitly not static, and add AVIF and WebP
to defaults.
|
|
IL packet is a relic from pre-IPID days when moderators used it to get
the "IP list" of connected users.
Its function is to display a list of strings in the OOC chat box. That's
it. Not even some obscure feature that can be revived. Everything IL can
do, CT can do (the "OOC message" packet).
|
|
Strange idea, no realization. Trying to set up a "username requirement"
is antithetical to AO's pseudonymous nature. At least, CT packet is not
the way to do this: nothing guarantees its uniqueness, it's prone to
spoofing if we can send arbitrary CT messages at some point during the
handshake, and not everyone has their OOC names preconfigured.
It was never meant to be. Delete it.
|
|
|
|
|
|
No question.
|
|
We have SP and JD to precisely handle positions and judge buttons.
|
|
- For QCheckBox: stateChanged -> checkStateChanged
- QChar(PREANIM) -> QLatin1Char(PREANIM)
- Unused result on demo_file.open()
- QPointer include was missing from lobby.h
- Missing const and override qualifiers
|
|
Instead of waiting for the incoming message and checking that you've
sent it by comparing character IDs, reset it right away after pressing
Enter.
From the network standpoint, there's no reason to wait and acknowledge
the IC message this way because TCP already ensures reliabile delivery.
Removing this avoids sending duplicate messages during lag spikes. It
also subjectively improves responsiveness.
We lose a bit of convenience. The text box will be cleared even if your
message was never broadcast (due to serverside mute, for example), but
Ctrl+Z fixes that, and that's how OOC chat has always worked.
|
|
Server already gives the response to our authentication atttempt,
there's no need for CLIENT to tell us about the "Disable Modcalls"
button (which is actually labeled "Guard").
|
|
|
|
This fixes "Reload theme" button resetting position.
|
|
The "select character" packet, CC, only needs one field: the character
ID you're selecting. It uses two more: a client ID and an HDID. To
select a character, you have to send your HDID every single time. This
is ridiculous, you alredy send it to the server when you join.
Remove it. I hoped to use empty strings in both unused fields to fully
erase them without breaking the packet structure, but some servers
*require* both to be present, so hardcode "0" instead.
CC doesn't need anything beyond CID. Client ID _might_ be used for
some spoofing protection, but even then it sounds far-fetched.
|
|
This obscure feature has been present for years, from sending passwords
to the server to showing `char_passworded` image over character icons.
Servers could already exploit clients sending `PW` with a password every
time they select a character to implement passworded characters. The
clients had no way of knowing which ones were passworded, however, and
couldn't filter them despite "Passworded" checkbox being here all along.
The approach used by this commit is a hack. During loading, server sends
SC which is a list of characters, each one having name, description, and
evidence. In practice, only names were used. Descriptions were stored in
memory but unused, and evidence was ignored altogether. By adding a
magic value "P" in this "character evidence" field, server can mark
passworded characters without breaking Vanilla compatibility.
|
|
Presenting evidence took volume as a parameter which it also set. It's
unnecessary as the evidence uses the same SFX player, the volume of
which is controlled by the player with a slider.
|
|
Additionally, fix the path construction for music tracks that are
requested via asset URI.
|
|
SFX and blip players largely remain the same.
For the music player, we now have to implement network streaming
natively, we no longer have a convenient function that did everything
for us. I introduced QNetworkRequest to download the stream in memory
and signal when it's ready to be decoded and played back. The size is
guarded to prevent the client from accidentally downloading terabytes of
audio.
Delete QFutureWatcher, we no longer need it for concurrency. miniaudio
uses a separate audio thread. Network donwloads and communication with
the track name display are handled by Qt signals.
Also, delete an odd "music.txt" feature. Its purpose was specifying
offsets for loops in a text file per track, but it remained obscure and
unused in practice.
Unsupported:
- Large streams, including unbounded ones (radio). We'll need a ring
buffer for that, and a mechanism to write to it from the network and
feed it to the audio thread.
- Effect flags: fade in, fade out, sync pos. Ignored.
- Audio device selection.
|
|
- Change CMake minimum version.
- Turn off tests and Discord RPC by default in CMake. Let these features
be explicitly enabled if desired.
- Add three build profiles: Dev, Debug, Release. Dev offers the fastest
unoptimized builds. Debug enables additional symbols, tracing, and
turns on Address Sanitizer. Release is aggressively optimized,
including LTO.
|
|
New dependencies:
- Miniaudio as our new audio engine, replacing BASS. Includes additional
codecs.
- Libsodium for cryptography. For now, CMake shall handle its inclusion,
but, ideally, we'll check it in too.
|
|
* float scaling
* float scaling factor
* aooptions float
* doublespinbox
* header file double
* double it up
* clamp to 0.1
|
|
* add ssl scheme
* use protocol
* set port
* remove last legacy entry
|
|
* bass.h moved to c folder
* opus too
* c folder
|
|
* Make it actually non-bash dependent
changed the way script_dir is found to not call on bash
* Make dynamic install not bash dependent
Removes a bash requirement for the env call
* Update APPIMAGE_INSTALL.sh
* Update DYNAMIC_INSTALL.sh
|
|
* selecting /usr/bin/env helps edgecases
There are systems (though rare) that don't have bash, but instead only have sh, or zsh, etc, which would otherwise be able to use our shell scripts, there's no reason to not allow the environment to select its shell.
* Update DYNAMIC_INSTALL.sh
This applies to both the dynamic and appimage installations
|
|
* Delete diubious MIT license
AO2 does not gain copyright by people adding code. This license was added under dubious legal ground and, at best, should've only been added once consent from all contributors whose code was incorporated was given.
* Adjust readme, add relicense.md
|
|
* Close punishment dialog when the user leaves
Prevents silly moments where the wrong person gets banned/kicked
* Fix formatting
---------
Co-authored-by: stonedDiscord <Tukz@gmx.de>
|
|
|
|
- fix RD being recorded twice
- fix demos recording themselves
|
|
|
|
* Add integration shell scripts for linux!
These shell scripts (one for appimage and one for dynamic) both should:
1: Move the program files to ~/.local/Attorney_Online
2: Create a .desktop file (which is what applications on Linux use to know to be interacted with) in the ~/.local/share/applications folder (where all other user applications tend to go), with at current a temporary logo until the logo file is parsed out from the xapplication window.
3: open the application, assuming the necessary dependencies are fulfilled
Dynamic required some further support due to the startup shell command working correctly when you click it manually, but struggling on the .desktop folder, so it has the additional step of recreating the current launch.sh command, which still functions if you go to the folder to click it, or if you open the program before integration to test things.
Both sh commands open AO2-Client at completion time. I hope this will help newer Linux users, or older Linux users who normally wouldn't bother, to bring AO into their normal day to day experience.
This has been tested on (by me):
Fedora 40 Workstation (Gnome)
Arch Linux KDE Plasma 6
Ubuntu Unity 24.10 aka Oracular Oriole
Debian 13 Trixie (Before it's freeze, marking date February 9th 2025)
Thank you for reading, have a wonderful day!
* linux CI tweaks
* remove the need for `launch.sh`
* add git hash as appimage version
* bit of reorganization
* add linux install scripts to CI
* tweak linux install scripts to add install scripts
* remove `launch.sh` (as per previous commit)
* add instructions in README_LINUX
* include icon in linux install
* fix install script
and fix typo
* add exec path to desktop files
* why would freedesktop.org do this to me
---------
Co-authored-by: OrioleNix <163466443+OrioleNix@users.noreply.github.com>
|
|
|
|
* remember category expansion state when regenerating musiclist
* don't do file i/o here actually
---------
Co-authored-by: stonedDiscord <Tukz@gmx.de>
|
|
|
|
|
|
implementation (#1080)
* Move showname switch to settings and fix it
* let the append function handle shownames
|
|
|
|
|
|
|
|
|
|
|
