From 121fc693c03761ae88195103bb8d78980b74691f Mon Sep 17 00:00:00 2001
From: Rinary <rinary.super@gmail.com>
Date: Thu, 11 Jun 2026 09:04:01 +0300
Subject: [PATCH 1/2] Rework on external enum

---
 Robust.Shared/CVars.cs                        |  8 ++++++
 Robust.Shared/Network/AuthMode.cs             | 25 +++++++++++--------
 .../Network/NetManager.ServerAuth.cs          | 21 +++++++++++++---
 Robust.Shared/Network/NetManager.cs           |  6 +++++
 4 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/Robust.Shared/CVars.cs b/Robust.Shared/CVars.cs
index 904e0782bba..241156de4a5 100644
--- a/Robust.Shared/CVars.cs
+++ b/Robust.Shared/CVars.cs
@@ -982,6 +982,14 @@ protected CVars()
         public static readonly CVarDef<int> AuthMode =
             CVarDef.Create("auth.mode", (int) Network.AuthMode.Required, CVar.SERVERONLY);
 
+        #region Starlight
+        /// <summary>
+        /// Mode with which to handle ADDITIONAL authentication on the server.
+        /// </summary>
+        public static readonly CVarDef<int> AdditionalAuthMode =
+            CVarDef.Create("auth.additionalmode", (int)Network.AuthMode.Disabled, CVar.SERVERONLY);
+        #endregion
+
         /// <summary>
         /// Allow unauthenticated localhost connections, even if the auth mode is set to required.
         /// These connections have a "localhost@" prefix as username.
diff --git a/Robust.Shared/Network/AuthMode.cs b/Robust.Shared/Network/AuthMode.cs
index 18d68d2bf22..eca8ca7009d 100644
--- a/Robust.Shared/Network/AuthMode.cs
+++ b/Robust.Shared/Network/AuthMode.cs
@@ -15,13 +15,12 @@ public enum AuthMode : byte
 
         /// <summary>
         /// Authenticated is required to join the server.
-        /// Starlight: Required only default, discord auth will be rejected
         /// </summary>
         /// <remarks>
         /// Unauthenticated clients are still allowed for localhost connections,
         /// but only if CVar <c>auth.allowlocal</c> is true.
         /// </remarks>
-        RequiredDefault = 1,
+        Required = 1,
 
         /// <summary>
         /// Authentication is fully disabled, and even clients capable of authenticating will not authenticate.
@@ -31,19 +30,25 @@ public enum AuthMode : byte
         /// This may result in confusing mingling of database entries, if actively switched between on the same server.
         /// </remarks>
         Disabled = 2,
+    }
 
-        #region Starlight
+    #region Starlight
 
+    public enum AdditionalAuthModes : byte
+    {
         /// <summary>
-        /// Starlight: Required both, i.e. if discord auth valid - can join, if default auth valid - can join
+        /// Any additional auth mode disabled
         /// </summary>
-        Required = 3,
-
+        Disabled = 0,
         /// <summary>
-        /// Starlight: Required only discord, default auth will be rejected
+        /// Only discord auth allowed
         /// </summary>
-        RequiredDiscord = 4,
-
-        #endregion
+        DiscordOnly = 1,
+        /// <summary>
+        /// Discord auth is optional
+        /// </summary>
+        DiscordOptional = 2,
     }
+
+    #endregion
 }
diff --git a/Robust.Shared/Network/NetManager.ServerAuth.cs b/Robust.Shared/Network/NetManager.ServerAuth.cs
index f84264514b5..8c2216e3735 100644
--- a/Robust.Shared/Network/NetManager.ServerAuth.cs
+++ b/Robust.Shared/Network/NetManager.ServerAuth.cs
@@ -23,6 +23,7 @@ partial class NetManager
 
         public byte[] CryptoPublicKey { get; } = new byte[CryptoBox.PublicKeyBytes];
         public AuthMode Auth { get; private set; }
+        public AdditionalAuthModes AdditionalAuth { get; private set; } // Starlight-edit
 
         public Func<string, Task<NetUserId?>>? AssignUserIdCallback { get; set; }
         public IServerNetManager.NetApprovalDelegate? HandleApprovalCallback { get; set; }
@@ -60,13 +61,25 @@ private async void HandleHandshake(NetPeerData peer, NetConnection connection)
                 _logger.Verbose(
                     $"{connection.RemoteEndPoint}: Connection is specialized local? {isLocal} ");
 
-                if (Auth is AuthMode.Required or AuthMode.RequiredDefault or AuthMode.RequiredDiscord && !isLocal) // Starlight-edit
+                if (Auth == AuthMode.Required && !isLocal)
                 {
-                    if ((!canAuth && Auth == AuthMode.RequiredDefault) || (!discord && Auth == AuthMode.RequiredDiscord) || (!canAuth && !discord)) // Starlight-edit
+                    // Starlight-start
+                    if ((!canAuth && AdditionalAuth == AdditionalAuthModes.Disabled))
+                    {
+                        connection.Disconnect("Connecting to this server requires normal authentication!");
+                        return;
+                    }
+                    if (!discord && AdditionalAuth == AdditionalAuthModes.DiscordOnly)
                     {
-                        connection.Disconnect("Connecting to this server requires authentication");
+                        connection.Disconnect("Connecting to this server requires discord authentication!");
                         return;
                     }
+                    if (!canAuth && !discord && AdditionalAuth == AdditionalAuthModes.DiscordOptional)
+                    {
+                        connection.Disconnect("Connecting to this server requires authentication of any types!");
+                        return;
+                    }
+                    // Starlight-end
                 }
 
                 NetEncryption? encryption = null;
@@ -87,7 +100,7 @@ private async void HandleHandshake(NetPeerData peer, NetConnection connection)
                         PublicKey = needPk ? CryptoPublicKey : Array.Empty<byte>(),
                         VerifyToken = verifyToken,
                         WantHwid = wantHwid,
-                        WantDiscord = Auth is AuthMode.Required or AuthMode.RequiredDiscord // Starlight-edit
+                        WantDiscord = Auth == AuthMode.Required && AdditionalAuth is AdditionalAuthModes.DiscordOnly or AdditionalAuthModes.DiscordOptional // Starlight-edit
                     };
 
                     var outMsgEncReq = peer.Peer.CreateMessage();
diff --git a/Robust.Shared/Network/NetManager.cs b/Robust.Shared/Network/NetManager.cs
index 371f97327f5..85928091300 100644
--- a/Robust.Shared/Network/NetManager.cs
+++ b/Robust.Shared/Network/NetManager.cs
@@ -275,6 +275,7 @@ public void Initialize(bool isServer)
             if (isServer)
             {
                 _config.OnValueChanged(CVars.AuthMode, OnAuthModeChanged, invokeImmediately: true);
+                _config.OnValueChanged(CVars.AdditionalAuthMode, OnAdditionalAuthModeChanged, invokeImmediately: true); // Starlight-edit
             }
 
             _config.OnValueChanged(CVars.NetFakeLoss, _fakeLossChanged);
@@ -321,6 +322,10 @@ private void OnAuthModeChanged(int mode)
             Auth = (AuthMode)mode;
         }
 
+        // Starlight-start
+        private void OnAdditionalAuthModeChanged(int mode) => AdditionalAuth = (AdditionalAuthModes)mode;
+        // Starlight-end
+
         private void OnSerializerOnClientHandshakeComplete()
         {
             _logger.Info("Client completed serializer handshake.");
@@ -481,6 +486,7 @@ public void Shutdown(string reason)
             if (IsServer)
             {
                 _config.UnsubValueChanged(CVars.AuthMode, OnAuthModeChanged);
+                _config.UnsubValueChanged(CVars.AdditionalAuthMode, OnAdditionalAuthModeChanged); // Starlight-edit
             }
 
             _config.UnsubValueChanged(CVars.NetFakeLoss, _fakeLossChanged);

From 8fcbf2d3a99f26f000796890961f9059fb54d77a Mon Sep 17 00:00:00 2001
From: Rinary <rinary.super@gmail.com>
Date: Thu, 11 Jun 2026 10:31:15 +0300
Subject: [PATCH 2/2] remove discord only option

---
 Robust.Shared/Network/AuthMode.cs              | 8 ++------
 Robust.Shared/Network/NetManager.ServerAuth.cs | 9 ++-------
 2 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/Robust.Shared/Network/AuthMode.cs b/Robust.Shared/Network/AuthMode.cs
index eca8ca7009d..b4ce0a50be4 100644
--- a/Robust.Shared/Network/AuthMode.cs
+++ b/Robust.Shared/Network/AuthMode.cs
@@ -41,13 +41,9 @@ public enum AdditionalAuthModes : byte
         /// </summary>
         Disabled = 0,
         /// <summary>
-        /// Only discord auth allowed
+        /// Discord auth enabled
         /// </summary>
-        DiscordOnly = 1,
-        /// <summary>
-        /// Discord auth is optional
-        /// </summary>
-        DiscordOptional = 2,
+        DiscordEnabled = 1,
     }
 
     #endregion
diff --git a/Robust.Shared/Network/NetManager.ServerAuth.cs b/Robust.Shared/Network/NetManager.ServerAuth.cs
index 8c2216e3735..1af9a4501d9 100644
--- a/Robust.Shared/Network/NetManager.ServerAuth.cs
+++ b/Robust.Shared/Network/NetManager.ServerAuth.cs
@@ -69,12 +69,7 @@ private async void HandleHandshake(NetPeerData peer, NetConnection connection)
                         connection.Disconnect("Connecting to this server requires normal authentication!");
                         return;
                     }
-                    if (!discord && AdditionalAuth == AdditionalAuthModes.DiscordOnly)
-                    {
-                        connection.Disconnect("Connecting to this server requires discord authentication!");
-                        return;
-                    }
-                    if (!canAuth && !discord && AdditionalAuth == AdditionalAuthModes.DiscordOptional)
+                    if (!canAuth && !discord && AdditionalAuth == AdditionalAuthModes.DiscordEnabled)
                     {
                         connection.Disconnect("Connecting to this server requires authentication of any types!");
                         return;
@@ -100,7 +95,7 @@ private async void HandleHandshake(NetPeerData peer, NetConnection connection)
                         PublicKey = needPk ? CryptoPublicKey : Array.Empty<byte>(),
                         VerifyToken = verifyToken,
                         WantHwid = wantHwid,
-                        WantDiscord = Auth == AuthMode.Required && AdditionalAuth is AdditionalAuthModes.DiscordOnly or AdditionalAuthModes.DiscordOptional // Starlight-edit
+                        WantDiscord = Auth == AuthMode.Required && AdditionalAuth == AdditionalAuthModes.DiscordEnabled // Starlight-edit
                     };
 
                     var outMsgEncReq = peer.Peer.CreateMessage();