AliLogic
commented
3 years ago Sounds amazing to me - however, I think we can use a different server variable and put token in there instead for it.
Open Southclaws opened 3 years ago
AliLogic
commented
3 years ago Sounds amazing to me - however, I think we can use a different server variable and put token in there instead for it.
Southclaws
commented
3 years ago I realise the first one won't work because you could hijack a server running on the same IP but different port.
The request needs to come from within the server process itself.
NotUnlikeTheWaves
commented
3 years ago A token system where you can generate a token from open.mp and include it for example in your config to be sent with the announce process seems the easiest for me. This could be done without user registration even and with high enough entropy very unlikely for someone to guess.
NotUnlikeTheWaves
commented
3 years ago I'm more interested in specifically what we want to show on the listing. Dynamic data (e.g. a map showing user locations) or just static pages? Can people fetch data remotely or do they need to upload it to one of open.mp's services? Preferably no executing javascript inside a custom listing
Southclaws
commented
3 years ago A token system where you can generate a token from open.mp and include it for example in your config to be sent with the announce process seems the easiest for me. This could be done without user registration even and with high enough entropy very unlikely for someone to guess.
That's what I have in mind. The question is more about the user experience should work for this. The token could be placed inside some field like the mapname for a second then swapped back to what was there before. Or sent as a HTTP request.
I'm liking the idea of writing a simple filterscript, compiling it to an amx but leaving the token constant as a searchable pattern so at request time, a token is generated, injected into the .amx and the user simply downloads the .amx file to their server, and runs rcon loadfs etc and it will do something and verify the server.
Southclaws
commented
3 years ago HTTP is probably simpler, but the issue I see is that if someone is using shared hosting they could hijack another server:
HTTP() call inside with the tokencurl from the shared machineI think setting the mapname/gamemode/hostname to some token for a minute then swapping it back to the original is the only way to guarantee no foul play.
Southclaws
commented
3 years ago I'm more interested in specifically what we want to show on the listing. Dynamic data (e.g. a map showing user locations) or just static pages? Can people fetch data remotely or do they need to upload it to one of open.mp's services? Preferably no executing javascript inside a custom listing
I wasn't thinking anything crazy like that, just what it is right now but with a Markdown description - basically replicating what the "Server Advertisements" board was on the old forum. Just with Markdown.
In future, we could introduce more features. A live map would be a cool thing! And it would save server owners from setting up their own map.
But I think this stuff belongs in its own issue. This issue is just for server verification.
wootcake
commented
3 years ago Telling the server owner to set a token as language is probably the most convenient and fastest way to do. It can be done quickly via RCON command. I wouldn't want to load a random amx filterscript into my server that I don't know the contents of.
Southclaws
commented
3 years ago Obviously any FS would be open source.
abhaysv
commented
3 years ago The FS is the best solution as of now later we may move towards announce if needed
For users to edit their listing and augment it with additional information like a description, images, graphs, etc.
That verification process must be as simple as possible and cover as many users' skill levels.
Here are some ideas:
curl/wget/Invoke-WebRequestcommand that the user calls from their server that includes a unique token to prove they own itannounce.exebinary