58fa827e39
Now, this requires some explanation. Initially, we had the extract workflow, which did work. The problem is that it can't commit to general-devel due to branch protection. If we added a bypass that let it, though, it would enable anyone with write access to this repository to write to general-devel (you can privilege escalate easily). Since we don't want that, this machine is setup: 1. TShock now triggers a workflow execution on a separate repo, hakusaro/tshock_i18n. 2. On hakusaro/tshock_i18n, a modified extraction script exists. 3. The modified extraction script, targeting tshock, downloads and runs itself. 4. @cardinal-system, a github user I control, creates and signs a commit and pushes it back to tshock, bypassing branch protection (because is allowed to). Now, nobody except me can modify the code that controls the system that enables @cardinal-system to commit to tshock, preserving that security element. But how is the workflow in hakusaro/tshock_i18n triggered? Through another workflow of course. The issue is that triggering requires using...a PAT. Who's PAT? My PAT. Github just launched fine-grained PATs, so I created a fine-grained PAT scoped to only the hakusaro/tshock_i18n repo, and only workflow dispatches. There are other methods that could be used to technically perform this triggering using a classic PAT, but they require the `repo` scope, which would give anyone with write-access the ability to write to hakusaro/tshock_i18n, which is clearly not-desired. I was originally kinda stuck, thinking I'd have to make a fine-grained PAT on @cardinal-system but that isn't supported yet (you can't scope a fine-grained PAT to another user's repo yet -- only all of your repos or the org's repos, not a collaborator's repo). But the new fine-grained PAT system enables creating a PAT that just has a small, isolated set of things tied to one user. This is the safest option, I think. The only catch is that the trigger PAT will expire on October 20, 2023, so it has to be rotated yearly, like the nuget token (https://github.com/Pryaxis/TShock/issues/2669). Fun stuff. |
||
|---|---|---|
| .github | ||
| .vscode | ||
| docs | ||
| i18n | ||
| prebuilts | ||
| scripts | ||
| TerrariaServerAPI@bc8e7fc7bc | ||
| TShockAPI | ||
| TShockLauncher | ||
| TShockLauncher.Tests | ||
| .all-contributorsrc | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| appveyor.yml | ||
| COPYING | ||
| README.md | ||
| README_cn.md | ||
| renovate.json | ||
| SECURITY.md | ||
| TShock.sln | ||
TShock is a toolbox for Terraria servers and communities. That toolbox is jam packed with anti-cheat tools, server-side characters, groups, permissions, item bans, tons of commands, and limitless potential. It's one of a kind.
This is the readme for TShock developers and hackers. We're building out new TShock documentation for server operators and plugin developers, but this is a work-in-progress right now.
Developing TShock
If you want to contribute to TShock by sending a pull request or customize it to suit your own sparkly desires, this is the best starting point. By the end of this, you'll be able to build TShock from source, start to finish. More than that, though, you'll know how to start on the path of becoming an expert TShock developer.
This guide works assuming that you have the .NET 6 SDK installed and that you're familiar with the command line. If that doesn't describe you, you should be able to accomplish the same thing using Visual Studio 2022 or Visual Studio Code.
- Clone the repository:
git clone https://github.com/Pryaxis/TShock.git --recurse-submodules cd TShockto enter the repo.dotnet build. No really, that will build things!
If you want to run the TShockLauncher (which runs a server), run:
dotnet run --project TShockLauncher
To produce a packaged release (suitable for distribution), run:
cd TShockLauncherdotnet publish -r win-x64 -f net6.0 -c Release -p:PublishSingleFile=true --self-contained false
Note that in this example, you'd be building for win-x64. You can build for win-x64, osx-x64, linux-x64, linux-arm64, linux-arm. Your release will be in the TShockLauncher/bin/Release/net6.0/ folder under the architecture you specified.
Working with Terraria
Working with Terraria in TShock and in other Terraria Server API plugins is different from most other APIs. Due to the nature of how OTAPI works, you have direct access to all public fields in the Terraria namespace. This means that you can access Terraria member methods directly. TShock and other plugins do this quite often, mostly to modify the game world, send data, and receive data. Calls to Main are one such example of direct access to Terraria. This is the equivalent to net.minecraft.server (NMS) calls in CraftBukkit.
You might find yourself wondering where these fields are. Pryaxis provides the decompiled Sources to Terraria's server, updated with each release. These sources are made available to developers of TShock. If you have submitted a pull request to TShock, reach out on Discord to get access. In lieu of this, you can download ILSpy and decompile Terraria or the server itself.
Finally, you may be interested in developing other Terraria Server API plugins. The TShockResources organization has several plugins you can look at and build on. TShock is itself a plugin, and most plugins are open source. This gives you ample room to figure out where to go next.
Need help? Join us on Discord.
Code of Conduct
By participating in the TShock for Terraria community, all members will adhere to maintaining decorum with respect to all humans, in and out of the community. Members will not engage in discussion that inappropriately disparages or marginalizes any group of people or any individual. Members will not attempt to further or advance an agenda to the point of being overbearing or close minded (such as through spreading FUD). Members will not abuse services provided to them and will follow the guidance of community leaders on a situational basis about what abuse consists of. Members will adhere to United States and international law. If members notice a violation of this code of conduct, they will not engage but will instead contact the leadership team on either the forums or Discord.
Do not attempt to circumvent or bypass the code of conduct by using clever logic or reasoning (e.g., insulting Facepunch members, because they weren't directly mentioned here).