Note: This might be a feature, not a bug. If you consider it a bug, it will probably require a decent amount of work to be fixed.
Thanks a lot to https://github.com/IamFlea for help with this.
By sending a POST request to the server list endpoint you can fetch all servers in a region, if you do this 4 times for the regions eu, us, sing and china you can get the entire server list. The server list contains all servers, even the ones which should be hidden such as local only ones and to top of it off it also contains the host's IP address.
Showing all servers is fine but it still shows the host's IP address meaning that people can find servers of content creators or of any player and can abuse it in various ways. (DDoSing, getting their geolocation, etc.)
Also the lobby listings on https://d26ly0au0tyuy.cloudfront.net show server IPs as well, but it requires no authentication.
I don't see the point to this because you need a client token to connect to servers so this could also be a bug.
One final thing, are you able to tell me how to refresh client tokens (so they never expire if my code is running) or just grant me a permanent one?
I'm working on a Discord bot which will be able to show server information and will need to use the /lobby/read endpoint often to keep the server information up to date.
To fetch the entire list you have to make POST requests to
https://lobby-$region.kleientertainment.com/lobby/read
$region is either eu, china, us or sing
your POST body should be
{
"__gameId": "DontStarveTogether",
"__token": "your client token",
"query": {}
}
Your response from the server will be in JSON format and will contain all the information about the server (IP address, rowID, name, players, mods, world, slaves/secondary servers, owner, etc.)
-
1
-
1
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now