Authentication-less mode #29
Comments
ghost
mentioned this issue
|
Why not having a compilation flag instead to make that decision? I think it's best if whatever we have in production always requires authentication. If we could have an optional features called "production", I think that would be good enough. No? |
|
I guess it would actually be good to have both: be sure that debug features are never present in production code with a cargo feature (probably |
|
Hmmm ... thinking a bit more about it, having both might be a bit more complicated than I originally thought: propagating all debug options to their intended place, without impacting any production code, might be quite tricky. I will think more about it, but in the meantime let's go for the compile-time option. |
Right now Lycan is always expecting proper authentication for clients, but at start-up inserts a few well-known values as valid playerId/token pairs.
This has a couple of limitations, such as not being able to connect twice with the same character without rebooting the server (which then makes it difficult to have a long-lived "toy" server)
I was thinking about adding a command-line parameter that would disable authentication checks, and accept the connection even when the token is incorrect.
An alternative could be to make clients aware of the management API (which would then need to be accessible from all clients, which may not be trivial), and make them add their own tokens before attempting to connect.
In either case, we may need to implement checks in Lycan to avoid 2 players connecting with the same UUID (although depending on how clients are implemented, the likelihood of generating randomly the same UUID twice is negligible).
The text was updated successfully, but these errors were encountered: