Antonio32A

  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

3 Neutral

About Antonio32A

  • Rank
    Junior Member
...
  1. Interesting, thank you for the response. I might ask Nome for the permanent token but for now I wanna try out the manual authentication, is there any open source code which does that or is there any public documentation? Manually extracting the token from game memory and keeping the game open is annoying. It would be nice if they fixed this but it would probably require a redesign of the lobby API. Maybe they could at least make it so the public lobbyListings endpoint doesn't show as much information so there is no room for abuse.
  2. Note: This might be a feature, not a bug. If you consider it a bug, it will probably require a decent amount of work to be fixed. Thanks a lot to https://github.com/IamFlea for help with this. By sending a POST request to the server list endpoint you can fetch all servers in a region, if you do this 4 times for the regions eu, us, sing and china you can get the entire server list. The server list contains all servers, even the ones which should be hidden such as local only ones and to top of it off it also contains the host's IP address. Showing all servers is fine but it still shows the host's IP address meaning that people can find servers of content creators or of any player and can abuse it in various ways. (DDoSing, getting their geolocation, etc.) Also the lobby listings on https://d26ly0au0tyuy.cloudfront.net show server IPs as well, but it requires no authentication. I don't see the point to this because you need a client token to connect to servers so this could also be a bug. One final thing, are you able to tell me how to refresh client tokens (so they never expire if my code is running) or just grant me a permanent one? I'm working on a Discord bot which will be able to show server information and will need to use the /lobby/read endpoint often to keep the server information up to date.