Setup EarlyAuth
Early Auth is a function to protect the alt:V server against possible DDOS Attacks, this function only works with announce set to true. It's working as followed: A client connects to the server over the server list, the early auth functions opens a external login page where the player can authenticate. If the authentication was successfull the login page is sending a post request with a token to the client. Then the website whitelists the IP of the client in the firewall of the server. Now the client can connect and can be identified by the gameserver over the given auth token. The auth token needs to be generated by the login page.
Tip
To test Early Auth in rc or dev branch, make sure your clients altv.toml file contains the following setting:
earlyAuthTestURL = 'http://url_or_ip_to_your_early_auth:3000/earlyauth.html'
Step-by-Step Tutorial
Example values
In this tutorial following example values are used:
| Key | Value | Description |
|---|---|---|
| token | 0123456789 | The token for the masterlist (how to get it) |
| earlyAuthUrl | https://login.example.com/index.html | The url to the external login page. |
| authToken | authToken0123456789 | The token generated by the site. |
Step-by-Step Example
- Add
announce = truetoserver.toml. - Add your token to
token = 0123456789inserver.toml. - Add
useEarlyAuth = truetoserver.toml. - Add
earlyAuthUrl = 'https://login.example.com/index.html'toserver.toml. - Add Function 1 to your login page, trigger this function and a firewall whitelist function after successfull login.
- Add a check for the authToken to the playerConnect event eg Function 2
- Now the earlyAuth login is ready.
Function 1
<script>
function setToken(token) {
alt.emit('pushToken', token);
}
</script>
Function 2
alt.on("playerConnect", (player) => {
if(player.authToken != "authToken0123456789")
{
player.kick();
}
});
Request alt:V Name
To request the name from a player, you can use the snipped below in your early auth.
<script>
alt.emit("requestPlayerName")
alt.on("playerName", (name) => {
//Do what ever you want with the same in earlyauth
})
</script>
Store and retrieve data
Since the CEF cache is flushed between restarts, there is an alternative to store data persistently using alt:V LocalStorage. The following snippet explains how to use it:
<script>
// Subscribe to the localStorage event to get the requested data
alt.on("localStorage", (key, value) => {
if (key === "lastLogin") {
// Do something with the retrieved data, stored in the variable "value"
}
});
// Request the data for a key of the LocalStorage
// alt.emit("requestLocalStorage", key);
alt.emit("requestLocalStorage", "lastLogin");
// Store data in the LocalStorage
// alt.emit("setLocalStorage", key, value);
alt.emit("setLocalStorage", "lastLogin", Date.now());
</script>
This data is now persistently stored until the alt:V client's cache folder is deleted.
Discord OAuth2
Early auth supports utilizing the Discord gamesdk to request an oauth2 token. The following sample shows how to use it:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Discord OAuth2 Sample</title>
</head>
<body>
<button id="oauthButton">Request OAuth2 Token</button>
<p id="tokenLabel">Token: Not received yet</p>
<script>
// The client id MUST be a string. Numbers won't work!
const clientId = "123456789";
document.getElementById("oauthButton").addEventListener("click", () => {
// Requests the token
alt.emit("discordRequestOAuth2Token", clientId);
});
// Event listener for receiving the token
alt.on("discordOAuth2", (token) => {
const maskedToken = token.slice(0, 4) + "x".repeat(token.length - 4);
document.getElementById("tokenLabel").innerText = "Token: " + maskedToken;
});
</script>
</body>
</html>
Extra informations
If you want to close your early auth window, you have to use alt.emit('closeMe')