Skip to content
/ ue5-laravel-bridge Public

A low level robust CSRF inspired token designed to secure Laravel against MITM attacks by authenticating HTTP requests from Unreal Engine 5 (UE5) using CSRF-inspired tokens.

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

levizoesch/ue5-laravel-bridge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
UE5Bridge.cpp
UE5Bridge.cpp
 
 
UE5Bridge.h
UE5Bridge.h
 
 
WebBridge.php
WebBridge.php
 
 

Repository files navigation

UE5-Laravel Bridge

A low level robust CSRF inspired token designed to secure Laravel against MITM attacks by authenticating HTTP requests from Unreal Engine 5 (UE5) using CSRF-inspired tokens.

Overview

The ue5-laravel-bridge utilizes a token-based authentication mechanism to secure interactions between UE5 clients and Laravel servers. This approach prevents unauthorized access and enhances security by ensuring requests are authenticated and originate from trusted sources.

Features

  • CSRF-inspired token authentication to secure HTTP requests.
  • Timestamp-based dynamic token generation to prevent replay attacks.
  • Encryption to ensure token integrity and confidentiality.
  • Seamless integration with UE5 projects and Laravel applications.

Getting Started

Prerequisites

  • A Unreal Engine 5 project.
  • A Laravel 8, 9, 10 project.

Setup Instructions

On the Unreal Engine 5 Side

  1. Add Headers to HTTP Requests: Modify your HTTP request logic in UE5 to include custom headers for user agent, current timestamp, and the CSRF token. Insert the following code snippet into your HTTP request setup:
#if WITH_EDITOR
    Request->SetHeader(TEXT("User-Agent"), TEXT("UE5-Editor"));
#else
    Request->SetHeader(TEXT("User-Agent"), TEXT("UE5-Client"));
#endif

FString const currentTime = UUE5Bridge::GetCurrentTime();
Request->SetHeader(TEXT("X-UE5-Timestamp"), *currentTime);
FString const timeToken = UUE5Bridge::GenerateDynamicTokenFromTime(currentTime);
FString const csrfToken = UUE5Bridge::HashToken(timeToken);
Request->SetHeader(TEXT("X-UE5-Token"), *csrfToken);

On the Laravel Side

To validate requests from Unreal Engine 5 in your Laravel application, follow these steps:

  1. Add WebBridge.php to your Laravel Project: Make sure your WebBridge.php is within your App\Http\Controllers\ directory.

  2. Encryption Key and Timestamp Addition: Ensure that the $ENCRYPTION_KEY and $ADDITIONAL_TIME values in your WebBridge.php match those specified in the Unreal Engine 5 implementation. These values are crucial for the encryption and decryption process to work correctly between the two platforms.

To use add to the beginning of your API Controller CRUD method.

$WebBridge = new WebBridge();

if (!$WebBridge->VerifyRequest()) {
    throw new Exception('Unauthorized Request');
}

Contributions

If you feel you can help improve this repository please feel free to submit PR Requests. Please update the readme if applicable.

Issues or Bugs

Please submit a new Issue if you need help, or have bugs.

Known Security Issues

XOR Does have some security vulnerabilities. AES Is much better, and I may refactor things around that in the future. Ideally RSA combined with AES would be the best.

About

A low level robust CSRF inspired token designed to secure Laravel against MITM attacks by authenticating HTTP requests from Unreal Engine 5 (UE5) using CSRF-inspired tokens.

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Initial Release Latest
Feb 10, 2024

Packages

No packages published

Languages