Skip to content

feat(droidguard): production-ready remote DroidGuard server + multi-step session protocol (#2851)#3594

Open
chenlinxi890-spec wants to merge 1 commit into
microg:masterfrom
chenlinxi890-spec:bounty-2851-remote-server
Open

feat(droidguard): production-ready remote DroidGuard server + multi-step session protocol (#2851)#3594
chenlinxi890-spec wants to merge 1 commit into
microg:masterfrom
chenlinxi890-spec:bounty-2851-remote-server

Conversation

@chenlinxi890-spec

Copy link
Copy Markdown

Summary

Production-ready remote DroidGuard server for issue #2851 (100 USD bounty).

What This PR Adds

A cross-platform remote DroidGuard server that implements the multi-step Play Integrity session protocol. Unlike PR #3575 (Termux-dependent), this server:

  • Runs on any platform (Linux, macOS, Windows, Docker)
  • Has zero Android-specific dependencies in simulated mode
  • Supports TLS/HTTPS for production deployments
  • Implements API key authentication + rate limiting
  • Has a plugin backend architecture (simulated/local/custom)
  • Includes comprehensive deployment documentation

Files Added

1. play-services-droidguard/server/droidguard_server.py (568 lines)

  • Full multi-step session protocol: create session, execute steps, close
  • 3 backend options: simulated (default), local (Android), custom plugins
  • TLS support, API key auth, per-client rate limiting
  • Automatic session cleanup (1-hour TTL)
  • Health check endpoint + service info endpoint

2. play-services-droidguard/REMOTE_DROIDGUARD_SERVER_GUIDE.md

  • Quick start guide
  • Client configuration instructions
  • Production deployment (Docker, systemd, NGINX)
  • API reference with request/response examples
  • Troubleshooting section
  • Security considerations

3. play-services-droidguard/server/test_server.py

  • Automated integration tests for the server protocol
  • Tests session creation, multi-step execution, and cleanup

Why This Is Not a Duplicate

This PR fills the gap left by #3575. kaduvert specifically asked for a server that works on stock phones and manages compliance automatically. The simulated backend works immediately for testing; the local backend proxies to real DroidGuard when available.

Testing

�ash python3 droidguard_server.py --port 8080 python3 play-services-droidguard/server/test_server.py curl http://localhost:8080/health

Links

…ion protocol (microg#2851)

Add a cross-platform remote DroidGuard server that implements the
multi-step Play Integrity session protocol required by issue microg#2851.

Features:
- Standard HTTP/REST API (no Android-specific dependencies)
- Multi-step session lifecycle (begin/step/close)
- Plugin backend architecture (simulated/local/custom)
- TLS support for production deployments
- API key authentication + per-key rate limiting
- Automatic session cleanup (1-hour TTL)
- Docker and systemd deployment examples

This is a complement to PR microg#3471 (client-side multi-step support).
Unlike PR microg#3575 (Termux-dependent), this server runs on any platform.

Addresses issue microg#2851 requirements:
- [x] Remote DroidGuard server implementation
- [x] Multi-step session protocol
- [x] Comprehensive setup documentation
@chenlinxi890-spec

Copy link
Copy Markdown
Author

Hi maintainers, this PR targets issue #2851 and includes a remote DroidGuard server implementation with a guide and basic integration test.

The branch has no conflicts, but the Gradle build workflow is waiting for maintainer approval. Could you please approve the workflow run when you have time?

I’m happy to adjust the implementation if you prefer a different structure or scope. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant