v2.3.1: CDN redirect gateway, fix token username bug

- Migrate patch downloads to auth server redirect gateway (302 -> CDN) Allows instant CDN switching via admin panel without launcher update - Fix identity token "Player" username mismatch on fresh install Add token username verification with retry in fetchAuthTokens - Refactor versionManager to use mirror manifest via auth.sanasol.ws/patches - Add optimal patch routing (BFS) for differential updates - Add PATCH_CDN_INFRASTRUCTURE.md documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 06:41:47 -03:00 · 2026-02-20 14:36:09 +01:00
parent 66112f15b2
commit 0dafb17c7b
6 changed files with 685 additions and 367 deletions
--- a/backend/managers/gameLauncher.js
+++ b/backend/managers/gameLauncher.js
@@ -61,12 +61,39 @@ async function fetchAuthTokens(uuid, name) {
    }

    const data = await response.json();
-    console.log('Auth tokens received from server');
+    const identityToken = data.IdentityToken || data.identityToken;
+    const sessionToken = data.SessionToken || data.sessionToken;

-    return {
-      identityToken: data.IdentityToken || data.identityToken,
-      sessionToken: data.SessionToken || data.sessionToken
-    };
+    // Verify the identity token has the correct username
+    // This catches cases where the auth server defaults to "Player"
+    try {
+      const parts = identityToken.split('.');
+      if (parts.length >= 2) {
+        const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
+        if (payload.username && payload.username !== name && name !== 'Player') {
+          console.warn(`[Auth] Token username mismatch: token has "${payload.username}", expected "${name}". Retrying...`);
+          // Retry once with explicit name
+          const retryResponse = await fetch(`${authServerUrl}/game-session/child`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ uuid: uuid, name: name, scopes: ['hytale:server', 'hytale:client'] })
+          });
+          if (retryResponse.ok) {
+            const retryData = await retryResponse.json();
+            console.log('[Auth] Retry successful');
+            return {
+              identityToken: retryData.IdentityToken || retryData.identityToken,
+              sessionToken: retryData.SessionToken || retryData.sessionToken
+            };
+          }
+        }
+      }
+    } catch (verifyErr) {
+      console.warn('[Auth] Token verification skipped:', verifyErr.message);
+    }
+
+    console.log('Auth tokens received from server');
+    return { identityToken, sessionToken };
  } catch (error) {
    console.error('Failed to fetch auth tokens:', error.message);
    // Fallback to local generation if server unavailable