baltica 0.1.20 → 0.1.22

package/README.md

@@ -51,29 +51,56 @@ const client = new Client({
   port: 19132,
 });
 
-// Connect and get server info
 await client.connect();
+```
+
+### Email/Password Authentication
+
+You can authenticate directly with your Microsoft account using email and password:
 
-// Listen for chat messages
-client.on("TextPacket", (packet) => {
-  console.log(`Got message: ${packet.message}`);
+```typescript
+const client = new Client({
+  address: "play.server.com",
+  port: 19132,
+  email: "your-email@outlook.com",
+  password: "your-password",
 });
 
-// Send a friendly greeting when connected
-client.on("connect", () => {
-  const packet = new TextPacket();
-   packet.message = 'Hey everyone! 👋';
-   packet.needsTranslation = false;
-   packet.parameters = [];
-   packet.platformChatId = '';
-   packet.source = client.username;
-   packet.type = TextPacketType.Chat;
-   packet.xuid = client.profile.xuid.toString();
-   packet.filtered = '';
-  client.send(packet.serialize());
+await client.connect();
+```
+
+**Important Notes:**
+- This method only works with accounts that have 2FA (Two-Factor Authentication) **disabled**
+- The account must have an Xbox profile and own Minecraft Bedrock Edition or launched minecraft at least once.
+- User tokens are cached for ~14 days to minimize login requests (BETA)
+- Tokens are stored in the `tokens` folder by default
+
+### Using a Proxy
+
+Baltica supports SOCKS5 proxies for client connections:
+
+```typescript
+const client = new Client({
+  address: "play.server.com",
+  port: 19132,
+  email: "your-email@outlook.com",
+  password: "your-password",
+  proxy: {
+    host: "proxy.example.com",
+    port: 1080,
+    userId: "proxy-username",    // Optional
+    password: "proxy-password",  // Optional
+  },
 });
+
+await client.connect();
 ```
 
+This is useful for:
+- Bypassing IP restrictions
+- Testing from different geographic locations
+- Managing multiple bot connections
+
 ### Server Usage
 
 Want to create your own Minecraft server? We got you:

package/dist/client/worker/worker-client.js

@@ -6,7 +6,7 @@ const worker_1 = require("./worker");
 class WorkerClient extends raknet_1.EventEmitter {
     constructor(options) {
         super();
-        this._options = { ...raknet_1.defaultClientOptions, ...options };
+        this._options = { ...(0, raknet_1.createDefaultClientOptions)(), ...options };
         this._worker = (0, worker_1.connect)(this._options);
         this.handleEvents();
     }

package/dist/shared/auth/authentication.d.ts

@@ -1,21 +1,40 @@
-import { live, xnet } from "@xboxreplay/xboxlive-auth";
-import type { AuthenticateResponse, Email } from "@xboxreplay/xboxlive-auth";
+/**
+ * Xbox Live Authentication Module
+ *
+ * Based on the authentication flow from @xboxreplay/xboxlive-auth
+ * https://github.com/XboxReplay/xboxlive-auth
+ *
+ * Modified to support SOCKS5 proxies for all HTTP requests and Minecraft Authentication
+ */
 export interface BedrockTokens {
     chains: string[];
     xuid: string;
     gamertag: string;
     userHash: string;
 }
+export interface ProxyOptions {
+    host: string;
+    port: number;
+    userId?: string;
+    password?: string;
+}
 export interface AuthOptions {
     email: string;
     password: string;
     clientPublicKey: string;
     cacheDir?: string;
+    proxy?: ProxyOptions;
 }
 /**
  * Authenticates with Xbox Live using email/password and obtains Minecraft Bedrock tokens
- * Caches Xbox user token (~14 days valid) to minimize login requests
+ * Supports SOCKS5 proxy for all authentication requests
  */
 export declare function authenticateWithCredentials(options: AuthOptions): Promise<BedrockTokens>;
-export { live, xnet };
-export type { AuthenticateResponse, Email };
+export type Email = string;
+export interface AuthenticateResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    scope: string;
+    user_id: string;
+}

package/dist/shared/auth/authentication.js

@@ -1,4 +1,12 @@
 "use strict";
+/**
+ * Xbox Live Authentication Module
+ *
+ * Based on the authentication flow from @xboxreplay/xboxlive-auth
+ * https://github.com/XboxReplay/xboxlive-auth
+ *
+ * Modified to support SOCKS5 proxies for all HTTP requests and Minecraft Authentication
+ */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -33,15 +41,14 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.xnet = exports.live = void 0;
 exports.authenticateWithCredentials = authenticateWithCredentials;
-const xboxlive_auth_1 = require("@xboxreplay/xboxlive-auth");
-Object.defineProperty(exports, "live", { enumerable: true, get: function () { return xboxlive_auth_1.live; } });
-Object.defineProperty(exports, "xnet", { enumerable: true, get: function () { return xboxlive_auth_1.xnet; } });
 const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
 const raknet_1 = require("@sanctumterra/raknet");
+const fetch_socks_1 = require("fetch-socks");
+const undici_1 = require("undici");
 const MINECRAFT_BEDROCK_RELYING_PARTY = "https://multiplayer.minecraft.net/";
+const XBOX_AUTH_CLIENT_ID = "00000000441cc96b";
 function hashString(str) {
     let hash = 0;
     for (let i = 0; i < str.length; i++) {
@@ -63,7 +70,6 @@ function loadCache(cacheFile) {
     try {
         if (fs.existsSync(cacheFile)) {
             const cached = JSON.parse(fs.readFileSync(cacheFile, "utf-8"));
-            // Check if token is still valid (with 1 hour buffer)
             const expiresAt = new Date(cached.notAfter).getTime();
             if (Date.now() < expiresAt - 3600000) {
                 return cached;
@@ -91,16 +97,47 @@ function saveCache(cacheFile, userToken, userHash, notAfter) {
         /* ignore */
     }
 }
+function createProxiedFetch(proxy) {
+    if (!proxy) {
+        return fetch;
+    }
+    const dispatcher = (0, fetch_socks_1.socksDispatcher)({
+        type: 5,
+        host: proxy.host,
+        port: proxy.port,
+        userId: proxy.userId,
+        password: proxy.password,
+    });
+    return async (input, init) => {
+        const url = typeof input === "string" ? input : input.toString();
+        const response = await (0, undici_1.fetch)(url, {
+            ...init,
+            dispatcher,
+        });
+        return response;
+    };
+}
 /**
  * Authenticates with Xbox Live using email/password and obtains Minecraft Bedrock tokens
- * Caches Xbox user token (~14 days valid) to minimize login requests
+ * Supports SOCKS5 proxy for all authentication requests
  */
 async function authenticateWithCredentials(options) {
-    const { email, password, clientPublicKey, cacheDir } = options;
+    const { email, password, clientPublicKey, cacheDir, proxy } = options;
     const cacheFile = cacheDir ? getCacheFile(cacheDir, email) : null;
+    const proxiedFetch = createProxiedFetch(proxy);
+    // Verify proxy is working by checking our IP
+    if (proxy) {
+        try {
+            const ipResp = await proxiedFetch("https://api.ipify.org?format=json");
+            const ipData = (await ipResp.json());
+            raknet_1.Logger.info(`Proxy IP verified: ${ipData.ip}`);
+        }
+        catch (e) {
+            raknet_1.Logger.warn(`Could not verify proxy IP: ${e instanceof Error ? e.message : String(e)}`);
+        }
+    }
     let userToken;
     let userHash;
-    // Try to use cached user token first
     const cached = cacheFile ? loadCache(cacheFile) : null;
     if (cached) {
         raknet_1.Logger.info("Using cached Xbox user token...");
@@ -108,49 +145,239 @@ async function authenticateWithCredentials(options) {
         userHash = cached.userHash;
     }
     else {
-        // Fresh login required
-        raknet_1.Logger.info("Authenticating with Xbox Live...");
-        const accessToken = await freshLogin(email, password);
-        // Exchange for Xbox user token (valid ~14 days)
-        const userTokenResp = await xboxlive_auth_1.xnet.exchangeRpsTicketForUserToken(accessToken, "t");
+        raknet_1.Logger.info(`Authenticating with Xbox Live...${proxy ? ` (via proxy ${proxy.host}:${proxy.port})` : ""}`);
+        const accessToken = await getMicrosoftAccessToken(email, password, proxiedFetch);
+        const userTokenResp = await exchangeRpsTicketForUserToken(accessToken, proxiedFetch);
         userToken = userTokenResp.Token;
         userHash = userTokenResp.DisplayClaims.xui[0].uhs;
-        // Cache the user token
         if (cacheFile) {
             saveCache(cacheFile, userToken, userHash, userTokenResp.NotAfter);
         }
     }
-    // Get XSTS token for Minecraft Bedrock (short-lived, always fetch fresh)
-    const xstsResp = await xboxlive_auth_1.xnet.exchangeTokenForXSTSToken(userToken, {
-        XSTSRelyingParty: MINECRAFT_BEDROCK_RELYING_PARTY,
-        sandboxId: "RETAIL",
-    });
+    const xstsResp = await exchangeTokenForXSTSToken(userToken, MINECRAFT_BEDROCK_RELYING_PARTY, proxiedFetch);
     const xuid = xstsResp.DisplayClaims.xui[0].xid || "";
-    // Get Minecraft Bedrock chains
-    const chains = await getMinecraftBedrockChains(xstsResp.Token, userHash, clientPublicKey);
+    const chains = await getMinecraftBedrockChains(xstsResp.Token, userHash, clientPublicKey, proxiedFetch);
     const gamertag = extractGamertagFromChains(chains);
     raknet_1.Logger.info(`Authenticated as: ${gamertag} (${xuid})`);
     return { chains, xuid, gamertag, userHash };
 }
-async function freshLogin(email, password) {
-    try {
-        const liveToken = await xboxlive_auth_1.live.authenticateWithCredentials({
-            email: email,
-            password,
+/**
+ * Get Microsoft access token using email/password via OAuth flow
+ * This implements the full browser-like login flow
+ */
+async function getMicrosoftAccessToken(email, password, proxiedFetch) {
+    const authUrl = "https://login.live.com/oauth20_authorize.srf";
+    const params = new URLSearchParams({
+        client_id: XBOX_AUTH_CLIENT_ID,
+        redirect_uri: "https://login.live.com/oauth20_desktop.srf",
+        response_type: "token",
+        scope: "service::user.auth.xboxlive.com::MBI_SSL",
+        display: "touch",
+        locale: "en",
+    });
+    const preAuthResp = await proxiedFetch(`${authUrl}?${params}`, {
+        headers: {
+            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+            Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
+            "Accept-Language": "en-US,en;q=0.5",
+        },
+    });
+    if (!preAuthResp.ok) {
+        throw new Error(`Pre-auth request failed: ${preAuthResp.status}`);
+    }
+    const preAuthHtml = await preAuthResp.text();
+    const cookies = extractCookies(preAuthResp.headers);
+    const { ppft, urlPost } = extractLoginParams(preAuthHtml);
+    const loginBody = new URLSearchParams({
+        login: email,
+        loginfmt: email,
+        passwd: password,
+        PPFT: ppft,
+        PPSX: "Passpor",
+        NewUser: "1",
+        FoundMSAs: "",
+        fspost: "0",
+        i21: "0",
+        CookieDisclosure: "0",
+        IsFidoSupported: "1",
+        isSignupPost: "0",
+        isRecoveryAttemptPost: "0",
+        i13: "0",
+        i19: Math.floor(Math.random() * 100000).toString(),
+    });
+    const loginResp = await proxiedFetch(urlPost, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+            Cookie: cookies,
+            Referer: `${authUrl}?${params}`,
+            Origin: "https://login.live.com",
+        },
+        body: loginBody.toString(),
+        redirect: "manual",
+    });
+    // Check for access token in redirect
+    let location = loginResp.headers.get("location") || "";
+    // Follow redirects manually to find the access token
+    let attempts = 0;
+    while (attempts < 5 && !location.includes("access_token=")) {
+        if (!location) {
+            // Check if we got an error page
+            const responseText = await loginResp.text();
+            if (responseText.includes("sErrTxt") ||
+                responseText.includes("Your account or password is incorrect")) {
+                throw new Error("Invalid credentials");
+            }
+            if (responseText.includes("Sign in a different way") ||
+                responseText.includes("idA_PWD_SwitchToCredPicker")) {
+                throw new Error("2FA is enabled on this account. Direct login requires 2FA to be disabled.");
+            }
+            // Try to extract access token from response body (some flows embed it)
+            const tokenMatch = responseText.match(/access_token=([^&"']+)/);
+            if (tokenMatch) {
+                return decodeURIComponent(tokenMatch[1]);
+            }
+            throw new Error("Failed to get redirect URL from login response");
+        }
+        if (location.includes("access_token=")) {
+            break;
+        }
+        const redirectResp = await proxiedFetch(location, {
+            headers: {
+                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+                Cookie: cookies,
+            },
+            redirect: "manual",
         });
-        return liveToken.access_token;
+        location = redirectResp.headers.get("location") || "";
+        attempts++;
+    }
+    // Extract access token from URL fragment
+    const tokenMatch = location.match(/access_token=([^&]+)/);
+    if (tokenMatch) {
+        return decodeURIComponent(tokenMatch[1]);
+    }
+    throw new Error("Failed to obtain access token from Microsoft");
+}
+function extractCookies(headers) {
+    const setCookies = headers.get("set-cookie");
+    if (!setCookies)
+        return "";
+    // Parse and combine cookies
+    const cookies = [];
+    const cookieStrings = setCookies.split(/,(?=[^;]*=)/);
+    for (const cookieStr of cookieStrings) {
+        const match = cookieStr.match(/^([^=]+)=([^;]*)/);
+        if (match) {
+            cookies.push(`${match[1].trim()}=${match[2]}`);
+        }
+    }
+    return cookies.join("; ");
+}
+function extractLoginParams(html) {
+    let ppft = null;
+    // Pattern for sFTTag with escaped quotes (JSON format)
+    const sFTTagMatch = html.match(/sFTTag":"<input[^>]*value=\\"([^"\\]+)\\"/);
+    if (sFTTagMatch) {
+        ppft = sFTTagMatch[1];
+    }
+    // Fallback patterns
+    if (!ppft) {
+        const ppftPatterns = [
+            /sFTTag:'[^']*value="([^"]+)"/,
+            /name="PPFT"[^>]*value="([^"]+)"/,
+            /value="([^"]+)"[^>]*name="PPFT"/,
+            /<input[^>]*name="PPFT"[^>]*value="([^"]+)"/,
+            /"sFT"\s*:\s*"([^"]+)"/,
+            /sFT:'([^']+)'/,
+            /"sFT":"([^"]+)"/,
+        ];
+        for (const pattern of ppftPatterns) {
+            const match = html.match(pattern);
+            if (match) {
+                ppft = match[1];
+                break;
+            }
+        }
+    }
+    if (!ppft) {
+        throw new Error("Failed to extract PPFT token from login page");
     }
-    catch (error) {
-        const err = error;
-        if (err.attributes?.code === "INVALID_CREDENTIALS_OR_2FA_ENABLED") {
-            throw new Error("Authentication failed: Invalid credentials or 2FA is enabled.\n" +
-                "Direct email/password login only works with 2FA DISABLED.");
+    // Extract urlPost
+    const urlPostPatterns = [
+        /urlPost:\s*'([^']+)'/,
+        /urlPost:\s*"([^"]+)"/,
+        /"urlPost"\s*:\s*"([^"]+)"/,
+    ];
+    let urlPost = "https://login.live.com/ppsecure/post.srf";
+    for (const pattern of urlPostPatterns) {
+        const match = html.match(pattern);
+        if (match) {
+            urlPost = match[1];
+            break;
         }
-        throw error;
     }
+    return { ppft, urlPost };
+}
+/**
+ * Exchange Microsoft access token for Xbox User Token
+ */
+async function exchangeRpsTicketForUserToken(accessToken, proxiedFetch) {
+    const response = await proxiedFetch("https://user.auth.xboxlive.com/user/authenticate", {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            Accept: "application/json",
+            "x-xbl-contract-version": "1",
+        },
+        body: JSON.stringify({
+            RelyingParty: "http://auth.xboxlive.com",
+            TokenType: "JWT",
+            Properties: {
+                AuthMethod: "RPS",
+                SiteName: "user.auth.xboxlive.com",
+                RpsTicket: `t=${accessToken}`,
+            },
+        }),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Xbox user token exchange failed: ${response.status} - ${text}`);
+    }
+    return response.json();
+}
+/**
+ * Exchange Xbox User Token for XSTS Token
+ */
+async function exchangeTokenForXSTSToken(userToken, relyingParty, proxiedFetch) {
+    const response = await proxiedFetch("https://xsts.auth.xboxlive.com/xsts/authorize", {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            Accept: "application/json",
+            "x-xbl-contract-version": "1",
+        },
+        body: JSON.stringify({
+            RelyingParty: relyingParty,
+            TokenType: "JWT",
+            Properties: {
+                SandboxId: "RETAIL",
+                UserTokens: [userToken],
+            },
+        }),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Xbox XSTS token exchange failed: ${response.status} - ${text}`);
+    }
+    return response.json();
 }
-async function getMinecraftBedrockChains(xstsToken, userHash, clientPublicKey) {
-    const response = await fetch("https://multiplayer.minecraft.net/authentication", {
+/**
+ * Get Minecraft Bedrock authentication chains
+ */
+async function getMinecraftBedrockChains(xstsToken, userHash, clientPublicKey, proxiedFetch) {
+    const response = await proxiedFetch("https://multiplayer.minecraft.net/authentication", {
         method: "POST",
         headers: {
             "Content-Type": "application/json",
@@ -162,11 +389,8 @@ async function getMinecraftBedrockChains(xstsToken, userHash, clientPublicKey) {
     if (!response.ok) {
         const text = await response.text();
         if (response.status === 401) {
-            throw new Error("Minecraft Bedrock authentication failed (401 UNAUTHORIZED).\n" +
-                "This usually means:\n" +
-                "  1. The account does not have an Xbox profile (create one at xbox.com)\n" +
-                "  2. The account does not own Minecraft Bedrock Edition\n" +
-                "  3. The account needs to accept Xbox/Minecraft terms of service");
+            throw new Error("Minecraft Bedrock authentication failed (401).\n" +
+                "The account may not have an Xbox profile or Minecraft Bedrock Edition.");
         }
         throw new Error(`Minecraft Bedrock auth failed: ${response.status} - ${text}`);
     }

package/dist/shared/auth.js

@@ -107,6 +107,7 @@ async function authenticateWithEmailPassword(client) {
             password: client.options.password,
             clientPublicKey: client.data.loginData.clientX509,
             cacheDir: client.options.tokensFolder,
+            proxy: client.options.proxy,
         });
         const profile = {
             name: tokens.gamertag,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "baltica",
   "description": "Library for Minecraft Bedrock Edition community developers.",
-  "version": "0.1.20",
+  "version": "0.1.22",
   "minecraft": "1.21.130",
   "main": "dist/index.js",
   "license": "MIT",
@@ -21,18 +21,19 @@
     }
   ],
   "dependencies": {
-    "@sanctumterra/raknet": "^1.4.8",
+    "@sanctumterra/raknet": "^1.4.11",
     "@serenityjs/binarystream": "^3.0.10",
     "@serenityjs/protocol": "^0.8.17",
-    "@xboxreplay/xboxlive-auth": "^5.1.0",
+    "fetch-socks": "^1.3.2",
     "jose": "^5.10.0",
     "prismarine-auth": "^2.7.0",
+    "undici": "^7.18.2",
     "uuid-1345": "^1.0.2"
   },
   "devDependencies": {
     "@biomejs/biome": "1.9.4",
-    "@types/node": "^22.19.6",
+    "@types/node": "^22.19.7",
     "@types/uuid-1345": "^0.99.25",
     "typescript": "^5.9.3"
   }
-}
+}