Welcome to Keen Software House Forums! Log in or Sign up to interact with the KSH community.
  1. You are currently browsing our forum as a guest. Create your own forum account to access all forum functionality.

Remote API 403 (Solved)

Discussion in 'Groups & Dedicated Servers' started by Shibiko, Mar 20, 2019.

Thread Status:
This last post in this thread was made more than 31 days old.
  1. Shibiko Trainee Engineer

    Messages:
    5
    Using the VRageRemote, my key works.
    Using the provided C# Code with fixes from https://www.spaceengineersgame.com/dedicated-servers.html
    Provides a 403.

    Creating the same hash that the C# code creates in node.js
    Provides a 403.

    Code:
    const crypto = require('crypto');
    const request = require('request-promise');
    
    const secret = '<put-secret-key-here>';
    const url = 'http://localhost:8080/vrageremote/v1/server/ping';
    
    // const getNonce = () => crypto.randomBytes(20).toString('base64');
    const getNonce = () => Math.floor(Math.random() * 10000000, 0);
    const getUtcDate = () => new Date().toUTCString();
    
    const opts = (url) => {
    	const nonce = getNonce();
    	const date = getUtcDate();
    	console.log("nonce:", nonce);
    	console.log("date:", date);
    
    	const key = Buffer.from(secret, 'base64');
    	const message = `${url}\r\n${nonce}\r\n${date}\r\n`;
    	const hash = crypto.createHmac('sha1', key).update(Buffer.from(message)).digest('base64');
    
    	return {
    		url,
    		headers: {
    			Authorization: `${nonce}:${hash}`,
    			Date: date
    		},
    		method: 'GET'
    	};
    };
    
    console.log(opts(url));
    
    request(opts(url))
    	.then(body => {
    		console.log('body:', body)
    	})
    	.catch(({message, error}) => {
    		console.error(`${message} error:`, error);
    	});
    
    example of this code output

    Code:
    // request options
    { 
    	"url": "http://localhost:8080/vrageremote/v1/server/ping",
    	"headers": { 
    		"Authorization": "452187:hsv5JDOWUfxvycXvajgPM8j5k88=",
    		"Date": "Wed, 20 Mar 2019 04:35:24 GMT"
    	},
    	"method": "GET" 
    }
    
    I honestly can't tell what I'm doing wrong. I been diving in C# code and Node.js code all day. Keep getting 403, application is running in admin mode as well.
     
  2. ThisIsADogHello Apprentice Engineer

    Messages:
    118
    I went ahead and attached a debugger to the official VRageRemote client to see what it's doing differently, and loosk like you shouldn't be providing the full URL in the HMAC, just the path. For reference, here's the bytes that're fed to the HMAC in the official client for a random request:

    00000000 2f 76 72 61 67 65 72 65 6d 6f 74 65 2f 76 31 2f |/vrageremote/v1/|
    00000010 73 65 73 73 69 6f 6e 2f 67 72 69 64 73 0d 0a 31 |session/grids..1|
    00000020 37 32 31 31 37 37 35 33 32 0d 0a 57 65 64 2c 20 |721177532..Wed, |
    00000030 32 30 20 4d 61 72 20 32 30 31 39 20 31 34 3a 35 |20 Mar 2019 14:5|
    00000040 32 3a 34 34 20 47 4d 54 0d 0a |2:44 GMT..|
    0000004a


    Note the lack of http://asdf before the /vrageremote
     
  3. Shibiko Trainee Engineer

    Messages:
    5
    :pbjt:YES! Thank you so much! Man I was banging my head on this all yesterday evening! To think it was because of the entire url. oof! I guess I misunderstood the example you guys put on the website. The rest of the url was intentionally left out. Thanks so much again! I can now ping my server with glee and get back to making rockets :rocket:
     
Thread Status:
This last post in this thread was made more than 31 days old.