Initial 1.19.1/2 signed chat support (#1050)

* Initial 1.19.1/2 signed chat impl

* lint

* remove node 15 nullish operators

* fix undefined uuid error

* handle player left

* fix

* add some feature flags

* fix

* Fix test to use new client.chat() wrapper method

* refactoring

* corrections, working client example

* refactoring

* message expiry checking

* Fix UUID write serialization

* Remove padding from client login to match vanilla client

* Fix server verification

* update packet field terminology

* Add some tech docs
Rename `map` field in Pending to not conflict with Array.map method

* update tech doc

* lint

* Bump mcdata and pauth

* add doc on playerChat event, .chat function

* update doc

* use supportFeature, update doc

Co-authored-by: Romain Beaumont <[email protected]>

Author: extremeheat

docs/API.md

@@ -45,6 +45,10 @@ Write a packet to all `clients` but encode it only once.
 
 Verifies if player's chat message packet was signed with their Mojang provided key
 
+### client.logSentMessageFromPeer(packet)
+(1.19.1+) You must call this function when the server receives a message from a player and that message gets
+broadcast to other players in player_chat packets. This function stores these packets so the server can then verify a player's lastSeenMessages field in inbound chat packets to ensure chain integrity. For more information, see [chat.md](chat.md).
+
 ### server.onlineModeExceptions
 
 This is a plain old JavaScript object. Add a key with the username you want to
@@ -253,6 +257,18 @@ parameters.
 
 Called when an error occurs within the client. Takes an Error as parameter.
 
+### `playerChat` event
+
+Called when a chat message from another player arrives. The emitted object contains:
+* formattedMessage -- the chat message preformatted, if done on server side
+* message -- the chat message without formatting (for example no `<username> message` ; instead `message`), on version 1.19+
+* type -- the message type - on 1.19, which format string to use to render message ; below, the place where the message is displayed (for example chat or action bar)
+* sender -- the UUID of the player sending the message
+* senderTeam -- scoreboard team of the player (pre 1.19)
+* verified -- true if message is signed, false if not signed, undefined on versions prior to 1.19
+
+See the [chat example](https://github.com/PrismarineJS/node-minecraft-protocol/blob/master/examples/client_chat/client_chat.js#L1) for usage.
+
 ### per-packet events
 
 Check out the [minecraft-data docs](https://prismarinejs.github.io/minecraft-data/?v=1.8&d=protocol) to know the event names and data field names.
@@ -273,13 +289,16 @@ Start emitting channel events of the given name on the client object.
 
 Unregister a channel `name` and send the unregister packet if `custom` is true.
 
+### client.chat(message)
+Send a chat message to the server, with signing on 1.19+.
+
 ### client.signMessage(message: string, timestamp: BigInt, salt?: number) : Buffer
 
-Generate a signature for a chat message to be sent to server
+(1.19) Generate a signature for a chat message to be sent to server
 
 ### client.verifyMessage(publicKey: Buffer | KeyObject, packet) : boolean
 
-Verifies a player chat packet sent by another player against their public key
+(1.19) Verifies a player chat packet sent by another player against their public key
 
 ## Not Immediately Obvious Data Type Formats
 

docs/chat.md

@@ -0,0 +1,54 @@
+## About chat signing
+
+Starting in Minecraft 1.19, client messages sent to the server are signed and then broadcasted to other players.
+Other clients receiving a signed message can verify that a message was written by a particular player as opposed
+to being modified by the server. The way this is achieved is by the client asking Mojang's servers for signing keys,
+and the server responding with a private key that can be used to sign messages, and a public key that can be used to
+verify the messages.
+
+When a client connects to the server, it sends its public key to the server, which then sends that to other players
+that are on the server. The server also does some checks during the login procedure to authenticate the validity of
+the public key, to ensure it came from Mojang. This is achieved by the client sending along a signature from Mojang's
+servers in the login step which is the output of concatenating and signing the public key, player UUID and timestamp 
+with a special Mojang private key specifically for signature validation. The public key used to verify this 
+signature is public and is stored statically inside  node-minecraft-protocol (src/server/constants.js). 
+
+Back to the client, when other players join the server they also get a copy of the players' public key for chat verification.
+The clients can then verify that a message came from a client as well as do secondary checks like verifying timestamps.
+This feature is designed to allow players to report chat messages from other players to Mojang. When the client reports a
+message the contents, the sender UUID, timestamp, and signature are all sent so the Mojang server can verify the message 
+and send it for moderator review.
+
+Note: Since the server sends the public key, it's possible that the server can spoof the key and return a fake one, so
+only Mojang can truly know if a message came from a client (as it stores its own copy of the clients' chat key pair).
+
+## 1.19.1
+
+Starting with 1.19.1, instead of signing the message itself, a SHA256 hash of the message and last seen messages are
+signed instead. In addition, the payload of the hash is prepended with the signature of the previous message sent by the same client,
+creating a signed chain of chat messages. See publicly available documentation for more detailed information on this.
+
+Since chat verification happens on the client-side (as well as server side), all clients need to be kept up to date
+on messages from other users. Since not all messages are public (for example, a player may send a signed private message),
+the server can send a `chat_header` packet containing the aforementioned SHA256 hash of the message which the client
+can generate a signature from, and store as the last signature for that player (maintaining chain integrity).
+
+In the client, inbound player chat history is now stored in chat logs (in a 1000 length array). This allows players
+to search through last seen messages when reporting messages.
+
+When reporting chat messages, the chained chat functionality and chat history also securely lets Mojang get 
+authentic message context before and after a reported message.
+
+## Extra details
+
+### 1.19.1
+
+When a server sends a player a message from another player, the server saves the outbound message and expects
+that the client will acknowledge that message, either in a outbound `chat_message` packet's lastSeen field,
+or in a `message_acknowledgement` packet. (If the client doesn't seen any chat_message's to the server and
+lots of messages pending ACK queue up, a serverbound `message_acknowledgement` packet will be sent to flush the queue.)
+
+In the server, upon reviewal of the ACK, those messages removed from the servers' pending array. If too many
+pending messages pile up, the client will get kicked.
+
+In nmp server, you must call `client.logSentMessageFromPeer(packet)` when the server receives a message from a player and that message gets broadcast to other players in player_chat packets. This function stores these packets so the server can then verify a player's lastSeenMessages field in inbound chat packets to ensure chain integrity (as described above).

examples/client_chat/client_chat.js

@@ -3,7 +3,8 @@ const readline = require('readline')
 const rl = readline.createInterface({
   input: process.stdin,
   output: process.stdout,
-  terminal: false
+  terminal: false,
+  prompt: 'Enter a message> '
 })
 
 const [,, host, port, username] = process.argv
@@ -37,47 +38,14 @@ client.on('error', function (err) {
 })
 
 client.on('connect', () => {
-  const mcData = require('minecraft-data')(client.version)
   const ChatMessage = require('prismarine-chat')(client.version)
-  const players = {} // 1.19+
 
   console.log('Connected to server')
+  rl.prompt()
 
-  client.chat = (message) => {
-    if (mcData.supportFeature('signedChat')) {
-      const timestamp = BigInt(Date.now())
-      client.write('chat_message', {
-        message,
-        timestamp,
-        salt: 0,
-        signature: client.signMessage(message, timestamp)
-      })
-    } else {
-      client.write('chat', { message })
-    }
-  }
-
-  function onChat (packet) {
-    const message = packet.message || packet.unsignedChatContent || packet.signedChatContent
-    const j = JSON.parse(message)
-    const chat = new ChatMessage(j)
-
-    if (packet.signature) {
-      const verified = client.verifyMessage(players[packet.senderUuid].publicKey, packet)
-      console.info(verified ? 'Verified: ' : 'UNVERIFIED: ', chat.toAnsi())
-    } else {
-      console.info(chat.toAnsi())
-    }
-  }
-
-  client.on('chat', onChat)
-  client.on('player_chat', onChat)
-  client.on('player_info', (packet) => {
-    if (packet.action === 0) { // add player
-      for (const player of packet.data) {
-        players[player.UUID] = player.crypto
-      }
-    }
+  client.on('playerChat', function ({ senderName, message, formattedMessage, verified }) {
+    const chat = new ChatMessage(formattedMessage ? JSON.parse(formattedMessage) : message)
+    console.log(senderName, { true: 'Verified:', false: 'UNVERIFIED:' }[verified] || '', chat.toAnsi())
   })
 })
 

package.json

@@ -51,11 +51,11 @@
     "endian-toggle": "^0.0.0",
     "lodash.get": "^4.1.2",
     "lodash.merge": "^4.3.0",
-    "minecraft-data": "^3.8.0",
+    "minecraft-data": "^3.21.0",
     "minecraft-folder-path": "^1.2.0",
     "node-fetch": "^2.6.1",
     "node-rsa": "^0.4.2",
-    "prismarine-auth": "^2.0.0",
+    "prismarine-auth": "^2.2.0",
     "prismarine-nbt": "^2.0.0",
     "protodef": "^1.8.0",
     "readable-stream": "^4.1.0",