chore: a lot of readmes

BlueMap/Chat/README.md

@@ -1,3 +1,44 @@
 # Auth/BlueMap/Chat
 
-Web chat integration for BlueMap
+Web chat integration for BlueMap. Requires the BlueMap-Auth integration plugin.
+
+## Images
+
+![Chat in BlueMap](../../.github/readmeImages/chat-in-web.png)
+![Chat in game](../../.github/readmeImages/chat-in-mc.png)
+
+## Configuration
+
+The only configuration is `ip` and `port`, which are the same as with the main projects in this repository.
+The default port is `8800`.
+
+## Endpoints
+
+*This section is only relevant for advanced usage.*
+
+- `GET /stream` returns an event stream of chat messages as JSON objects that look like the following
+```typescript
+type Message = {
+    uuid: string;
+    username: string;
+} & ({
+    type: "chat" | "webchat" | "death";
+    message: string;
+} | {
+    type: "join" | "leave";
+})
+```
+- `POST /send` is used to send a web chat message. The body should be a JSON object with a `message` field.
+Message should be less than 256 characters long.
+
+## Nginx configuration
+
+See [the BlueMap Integration example Nginx configuration](https://github.com/Chicken/Auth/tree/master/BlueMap/Integration#example-nginx).
+And add the following in your application layer next to the Integration configuration:
+
+```nginx
+  location /addons/chat/ {
+    proxy_pass http://127.0.0.1:8800/;
+    proxy_buffering off;
+  }
+```

BlueMap/Integration/README.md

@@ -1,6 +1,138 @@
 # Auth/BlueMap/Integration
 
 Authentication integration for BlueMap.
+Adds logout buttons to the menu and profile view with username and a player head to see the logged-in user.
+Serves as a requirement for other BlueMap addons by providing logged-in user's information.
+Optional authentication is recommended, but not required.
 
-Adds logout buttons to the menu and profile view with username
-and playerhead to see the logged in user.
+## Configuration
+
+The `ip` and `port` are the same as with the main projects in this repository. The default port is `8400`.
+
+`auth-path` is an optional configuration value which should point to where the Authentication portal is hosted at.
+
+## Endpoints
+
+*This section is only relevant for advanced usage.*
+
+`/whoami` is the only endpoint provided by the addon. It returns an empty JSON object for unauthenticated users and
+an object with uuid and username for authenticated users.
+
+## Addon API
+
+*This section is only relevant for addon developers.*
+
+The addon adds an object to the global `window` called `window.bluemapAuth` which contains a `loggedIn` boolean and
+uuid and username strings. You may acquire this information by creating and calling function such as the following:
+
+```js
+function getAuthStatus() {
+    return new Promise((res, err) => {
+        let timeout;
+
+        const acquireInterval = setInterval(() => {
+            if (window.bluemapAuth) {
+                clearInterval(acquireInterval);
+                if (timeout) clearTimeout(timeout);
+                res(window.bluemapAuth);
+            }
+        }, 10);
+
+        timeout = setTimeout(() => {
+            clearInterval(acquireInterval);
+            err()
+        }, 2000);
+    });
+}
+```
+
+## Example Nginx
+
+This an example Nginx config to use when using Authentication and BlueMap-Auth with optional authentication.
+This Nginx config will be expanded by other addons in this repository.
+
+```nginx
+# Basic http to https redirect
+server {
+  listen 80;
+  listen [::]:80;
+  # Your domain name
+  server_name map.example.com; # REPLACE ME
+  return 301 https://$host$request_uri;
+}
+
+# Https server, authentication layer
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+
+  # Your domain name
+  server_name map.example.com; # REPLACE ME
+  
+  # Your ssl certificates
+  ssl_certificate /etc/nginx/certs/cert.pem; # REPLACE ME
+  ssl_certificate_key /etc/nginx/certs/key.pem; # REPLACE ME
+
+  location / {
+    # Arbitary port which has to be same as the one in the server block below
+    proxy_pass http://127.0.0.1:8000; # REPLACE ME
+    proxy_buffering off;
+
+    # Checking the authentication
+    auth_request /authentication-outpost/auth;
+    error_page 401 = @minecraft_login;
+
+    # Set the request to backend to contain user's information
+    auth_request_set $minecraft_loggedin $upstream_http_x_minecraft_loggedin;
+    auth_request_set $minecraft_uuid $upstream_http_x_minecraft_uuid;
+    auth_request_set $minecraft_username $upstream_http_x_minecraft_username;
+
+    proxy_set_header x-minecraft-loggedin $minecraft_loggedin;
+    proxy_set_header x-minecraft-uuid $minecraft_uuid;
+    proxy_set_header x-minecraft-username $minecraft_username;
+
+    proxy_set_header Host $host;
+  }
+
+  # Arbitary unused path
+  location /authentication-outpost/ {
+    # Proxy to your authentication plugin instance
+    proxy_pass http://127.0.0.1:8200/; # REPLACE ME
+    # Send users ip to authentication for security reasons
+    proxy_set_header X-Forwarded-For $remote_addr;
+    # Nginx requirements
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+  }
+
+  # Internal location for redirecting to login page
+  location @minecraft_login {
+    internal;
+    return 302 /authentication-outpost/login;
+  }
+}
+
+# Application layer, all requests are authenticated, proxy requests to BlueMap or an addon
+server {
+  # Arbitary unused port on localhost
+  listen 127.0.0.1:8000; # REPLACE ME
+
+  # The authentication layer already logs, we don't need internal logging
+  access_log off;
+
+  # Everything by default to BlueMap
+  location / {
+    proxy_pass http://127.0.0.1:8100;
+    proxy_buffering off;
+  }
+
+　# Addon integration requests to it
+  location /addons/integration/ {
+     proxy_pass http://127.0.0.1:8400/;
+     proxy_buffering off;
+  }
+  
+  # Other addons go here
+}
+
+```

BlueMap/PrivateLocation/README.md

@@ -2,3 +2,34 @@
 
 Only shows the currently logged in player on the map.
 Prevents seeing other players.
+You need to set `live-player-markers` to `false` in BlueMap's `plugin.conf` as this addon overwrites the system.
+
+## Configuration
+
+The only configuration is `ip` and `port`, which are the same as with the main projects in this repository.
+The default port is `8500`.
+
+## Permissions
+
+Permissions checks use a cache so permissions changes require about a minute to take effect.
+
+- `privatelocation.seeall` exists to bypass the private location system.
+
+## Endpoints
+
+*This section is only relevant for advanced usage.*
+
+- `/players/$map` returns BlueMap compatible players JSON for the map with only the current player
+(or all with the bypass permission).
+
+## Nginx configuration
+
+See [the BlueMap Integration example Nginx configuration](https://github.com/Chicken/Auth/tree/master/BlueMap/Integration#example-nginx).
+And add the following in your application layer next to the Integration configuration:
+
+```nginx
+  location /addons/privatelocation/ {
+    proxy_pass http://127.0.0.1:8500/;
+    proxy_buffering off;
+  }
+```

BlueMap/PrivateMaps/README.md

@@ -2,3 +2,92 @@
 
 Add permissions nodes for maps.
 Prevents users without a maps permission node from viewing them.
+Supports optional authentication.
+
+## Configuration
+
+The `ip` and `port` are the same as with the main projects in this repository. The default port is `8600`.
+
+`bluemap-url` should be a http url where the backend can reach BlueMap to retrieve configuration. By default `"http://localhost:8100"`.
+
+# Permissions
+
+When user is not logged in, permissions are checked against the default group.
+Permissions checks use a cache so permissions changes require about a minute to take effect.
+
+- `auth.maps.$map` permissions to view `$map`
+
+## Endpoints
+
+- `/settings.json` returns modified BlueMap configuration with the `maps` field containing a list of maps the user has permission to view.
+- `/auth` requires headers `x-minecraft-uuid` and `x-original-uri` to be set. `x-minecraft-loggedin` must be set
+when using optional authentication. `x-original-uri` should contain the path user is trying to access.
+Map id is parsed from the path and permissions are compared against the player uuid. Returns 200 if user has permission, 403 otherwise.
+
+## Nginx configuration
+
+See [the BlueMap Integration example Nginx configuration](https://github.com/Chicken/Auth/tree/master/BlueMap/Integration#example-nginx).
+
+Add the following in your application layer next to the Integration configuration:
+```nginx
+  # Get modified settings from PrivateMaps
+  location = /settings.json {
+    proxy_pass http://127.0.0.1:8600;
+  }
+```
+
+Change
+```nginx
+  # Everything by default to BlueMap
+  location / {
+    proxy_pass http://127.0.0.1:8100;
+    proxy_buffering off;
+  }
+```
+to
+```nginx
+  # Go through PrivateMaps
+  location / {
+    # Arbitary port which has to be same as the one in the server block below
+    proxy_pass http://127.0.0.1:7999; # REPLACE ME
+    proxy_buffering off;
+  }
+```
+
+And add
+```nginx
+# PrivateMaps layer
+server {
+  # Arbitary unused port on localhost
+  listen 127.0.0.1:7999; # REPLACE ME
+
+  # The authentication layer already logs, we don't need internal logging
+  access_log off;
+
+  # Everything by default to BlueMap
+  location / {
+    proxy_pass http://127.0.0.1:31516;
+
+    # Check permissions
+    auth_request /privatemaps-outpost/auth;
+    error_page 403 = @minecraft_unauthorized;
+  }
+
+  # Arbitary unused path
+  location /privatemaps-outpost/ {
+    # Proxy to your PrivateMaps instance
+    proxy_pass http://127.0.0.1:8600/; # REPLACE ME
+    # PrivateMaps headers
+    proxy_set_header X-Original-URI $request_uri;
+    # Nginx requirements
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+  }
+
+  # Internal location to just respond with 403 Forbidden
+  location @minecraft_unauthorized {
+    internal;
+    return 403;
+  }
+}
+```

README.md

@@ -113,6 +113,7 @@ The permission node is for using the `/auth` command and is enabled by default.
 The Authorization plugin is an example application that can use the benefits of Authentication to lock down websites.
 It simply checks a given uuid and host pair for a configured permission node.
 Authorization doesn't support optional authentication.
+Permissions checks use a cache so permissions changes require about a minute to take effect.
 
 ### Endpoints
 
@@ -167,8 +168,8 @@ server {
     return 301 https://$host$request_uri;
 }
 
+# Https server, authentication layer
 server {
-  # Https server
   listen 443 ssl;
   listen [::]:443 ssl;
  
@@ -181,7 +182,8 @@ server {
 
   location / {
     # Arbitary port which has to be same as the one in the server block below
-    proxy_pass http://127.0.0.1:8400; # REPLACE ME
+    proxy_pass http://127.0.0.1:8000; # REPLACE ME
+    proxy_buffering off;
 
     # Checking the authentication
     auth_request /authentication-outpost/auth;
@@ -212,13 +214,18 @@ server {
   }
 }
 
+# Authorization layer, all requests are authenticated, proxy valid requests to the final web application
 server {
   # Arbitary unused port on localhost
-  listen 127.0.0.1:8400; # REPLACE ME
+  listen 127.0.0.1:8000; # REPLACE ME
+  
+  # The authentication layer already logs, we don't need internal logging
+  access_log off;
 
   location / {
     # Proxy to your final web application, for example a map
     proxy_pass http://127.0.0.1:8100; # REPLACE ME
+    proxy_buffering off;
     
     # Checking the authorization
     auth_request /authorization-outpost/auth;