Skip to content
FlauschBert edited this page Dec 4, 2018 · 22 revisions

Server commands

Client authentication

User and password

Initial authentication and token generation

Before any commands can be sent to the server the client has to authenticate with user and password.
The user has to be unique and can exist only once.
This has to be done with the AUTH10 command followed by username and hashed password:
AUTH10|u8:<512 bit hash of password>|u8<length in bytes>|u8:<username>.

The answer is a unique token generated out of user, password and random information:
TOKN10|u8:<512 bit hash of token>.
The token can be generated only once for a given user. If the same user tries to generate a token again with another password hash the command is rejected. If the user sends the same username and password hash combination as before the token once generated is returned.

For all later operations the token is used. The token should be saved by the client and used for all operations.

A token can be created all 15 minutes (initially or by removal and recreation) from the client to avoid flooding the database. The client is identified by the ip address. If the timeout is is underrun the error is returend:
Error timeout underrun: STAT10|002.

The server allows only a certain command queue depth at once to avoid flooding the memory. If the command queue depth is too deep the stream is simply dropped instantly. It would be the same as if the connection gets broken.

Changing the password

If the client wants to change the password of a user the command RETH10 has to be used:
RETH10|u8:<512 bit hash of token>|u8:<512 bit hash of new password>.

The answer is a new unique token generated and returned as above in case of success.

In case of an error the status is returned:
Error not found: STAT10|001.

Removal of user and all connected information

If the client wants to remove a user it has to send the REMV10 command:
REMV10|u8:<512 bit hash of token>.
In this case all information connected to the user is dropped too.

The answer is a status command STAT10:
Success: STAT10|000.
Error not found: STAT10|001.

Data handling on the server

The server saves both username and hash in a user table along with the generated token as primary key.

Clone this wiki locally