Skip to content

Sunnickel/LoginAPI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Project: Login API

Sunnickel | 01.10.2024

Stargazers MIT License

Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. Roadmap

About The Project

This is a small api, which can be used for as an example a little game with multiplayer or maybe something else. It's there to be an authentication bridge between a client and a server without exposing passwords or other sensitive data to each other and without anyone being able to just log into your account or read out packets. I'm no cybersecurity expert, so it will probably have some flaws.

(back to top)

Built With

  • MariaDB
  • Spring Boot
  • BCrypt

Getting Started

Prerequisites

  • install a mariadb server on the device of your API or a device you can reach from your API device
  • if you install it on another device, allow other devices to access the database
  • create a user in mariadb to access the database 
    CREATE USER 'username'@'host' IDENTIFIED BY 'password';
    • 'host' is the ip from which you're going to access it
      • if you installed it on the same device, put 'localhost'
      • if you install it on another device, put its ip address
      • if you want to access it from everywhere, put '%'
  • Create a database 
    CREATE DATABASE name
  • Grant Permissions for your User to the database 
    GRANT ALL PRIVILEGES ON *.* TO 'username'@'host';

Important

You're granting this user all permissions on every database in mariadb. If you don't want this read yourself into mariadb.

Installation

  1. Download the Zip of the project here
  2. Unzip it and open the application.properties in /src/main/resources
  3. Change these lines to the information we made before I know my infos are still there ignore them, you won't get far with them 
    spring.datasource.url=jdbc:mariadb://host:3306/databasename
spring.datasource.username=username
spring.datasource.password=password
  4. Congrats you now have a login API in Java

(back to top)

Usage

The Api works that way that both all Users and the Server

/register

Registers the Client in the API and returns a hashed password, which will be used to log in

  • Post by Client 
    {
  "id": 0,
  "name": "name",
  "password": "password"
}
  • returns 
    {
  "id": 0,
  "token": "Hashed Password"
}

/login

logs the user in and returns a onetime token which can be sent to the e.g. game server to authenticate yourself there

  • Post by Client 
    {
  "id": 0,
  "password": "Hashed Password"
}
  • returns 
    {
  "id": 0,
  "ottoken": "One Time Token"
}

/server/register

registers the server (only one possible, that's hardcoded) and returns a token which will be used to verify a client

  • Post by Server 
    {
  "password": "password"
}
  • returns 
    {
  "token": "Verify Token"
}

/verify

Ask the API with a verify token what the onetime token of the client is to compare it if the user wants to log in (the onetime token will be removed as soon as you verify it once, and the client will need to log in again to get a new onetime token.

  • Post by Server 
    {
  "id": 0,
  "token": "Verify Token"
}
  • returns 
    {
  "id": 0,
  "ottoken": "Client One Time Token"
}

(back to top)

Roadmap

  • reformat code
  • make code faster
  • fix security (?)

(back to top)

About

A Java API for Users

Topics

java security login api-rest

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages