| 1 | # FastLogin config
|
| 2 | # Project site: https://www.spigotmc.org/resources/fastlogin.14153
|
| 3 | # Source code: https://github.com/games647/FastLogin
|
| 4 | #
|
| 5 | # You can access the newest config here:
|
| 6 | # https://github.com/games647/FastLogin/blob/main/core/src/main/resources/config.yml
|
| 7 |
|
| 8 | # This a **very** simple anti bot protection. Recommendation is to use a dedicated program to approach this
|
| 9 | # problem. Low level firewalls like uwf (or iptables direct) are more efficient than a Minecraft plugin. TCP reverse
|
| 10 | # proxies could also be used and offload some work even to different host.
|
| 11 | #
|
| 12 | # The settings wil limit how many connections this plugin will handle. After hitting this limit. FastLogin will
|
| 13 | # completely ignore incoming connections. Effectively there will be no database requests and network requests.
|
| 14 | # Therefore, auto logins won't be possible.
|
| 15 | anti-bot:
|
| 16 | enabled: true
|
| 17 | # Image the following like bucket. The following is total amount that is allowed in this bucket, while expire
|
| 18 | # means how long it takes for every entry to expire.
|
| 19 | # Total number of connections
|
| 20 | connections: 600
|
| 21 | # Amount of minutes after the first connection got inserted will expire and made available
|
| 22 | expire: 10
|
| 23 | # Action - Which action should be performed when the bucket is full (too many connections)
|
| 24 | # Allowed values are: 'ignore' (FastLogin drops handling the player) or 'block' (block this incoming connection)
|
| 25 | action: 'ignore'
|
| 26 |
|
| 27 | # Request a premium login without forcing the player to type a command
|
| 28 | #
|
| 29 | # If you activate autoRegister, this plugin will check/do these points on login:
|
| 30 | # 1. An existing cracked account shouldn't exist
|
| 31 | # -> paid accounts cannot steal the existing account of cracked players
|
| 32 | # - (Already registered players could still use the /premium command to activate premium checks)
|
| 33 | # 2. Automatically registers an account with a strong random generated password
|
| 34 | # -> cracked player cannot register an account for the premium player and so cannot the steal the account
|
| 35 | #
|
| 36 | # Furthermore the premium player check have to be made based on the player name
|
| 37 | # This means if a cracked player connects to the server, we request a paid account login from this player
|
| 38 | # the player just disconnect and sees the message: 'bad login' or 'invalid session'
|
| 39 | # There is no way to change this message
|
| 40 | # For more information: https://github.com/games647/FastLogin#why-do-players-have-to-invoke-a-command
|
| 41 | autoRegister: true
|
| 42 |
|
| 43 | # Should FastLogin respect per IP limit of registrations (e.g. in AuthMe)
|
| 44 | # Because most auth plugins do their stuff async - FastLogin will still think the player was registered
|
| 45 | # To work best - you also need to enable auto-register-unknown
|
| 46 | #
|
| 47 | # If set to true - FastLogin will always attempt to register the player, even if the limit is exceeded
|
| 48 | # It is up to the auth plugin to handle the excessive registration
|
| 49 | # https://github.com/games647/FastLogin/issues/458
|
| 50 | respectIpLimit: false
|
| 51 |
|
| 52 | # This is extra configuration option to the feature above. If we request a premium authentication from a player who
|
| 53 | # isn't actual premium but used a premium username, the player will disconnect with the reason "invalid session" or
|
| 54 | # "bad login".
|
| 55 | #
|
| 56 | # If you activate this, we are remembering this player and do not force another premium authentication if the player
|
| 57 | # tries to join again, so the player could join as cracked player.
|
| 58 | secondAttemptCracked: false
|
| 59 |
|
| 60 | # New cracked players will be kicked from server. Good if you want switch from offline-mode to online-mode without
|
| 61 | # losing players!
|
| 62 | #
|
| 63 | # Existing cracked and premium players could still join your server. Moreover, you could add player names to an
|
| 64 | # allow-list.
|
| 65 | # So that these cracked players could join too, although they are new players.
|
| 66 | switchMode: false
|
| 67 |
|
| 68 | # If this plugin detected that a player has a premium, it can also set the associated
|
| 69 | # uuid from that account. So if the player changes the username, they will still have
|
| 70 | # the same player data (inventory, permissions, ...)
|
| 71 | #
|
| 72 | # Warning: This also means that the UUID will be different if the player is connecting
|
| 73 | # through an offline mode connection. This **could** cause plugin compatibility issues.
|
| 74 | #
|
| 75 | # This is an example and doesn't apply for every plugin.
|
| 76 | # Example: If you want to ban players who aren't online at the moment, the ban plugin will look
|
| 77 | # after an offline uuid associated to the player, because the server is in offline mode. Then the premium
|
| 78 | # players could still join the server, because they have different UUID.
|
| 79 | #
|
| 80 | # Moreover, you may want to convert the offline UUID to a premium UUID. This will ensure that the player
|
| 81 | # will have the same inventory, permissions, ... if they switched to premium authentication from offline/cracked
|
| 82 | # authentication.
|
| 83 | #
|
| 84 | # This feature requires Cauldron, Spigot or a fork of Spigot (Paper)
|
| 85 | premiumUuid: true
|
| 86 |
|
| 87 | # This will make an additional check (only for player names which are not in the database) against the mojang servers
|
| 88 | # in order to get the premium UUID. If that premium UUID is in the database, we can assume on successful login that the
|
| 89 | # player changed its username and then update the name in the database.
|
| 90 | # Examples:
|
| 91 | # #### Case 1
|
| 92 | # autoRegister = false
|
| 93 | # nameChangeCheck = false
|
| 94 | #
|
| 95 | # GameProfile logins as cracked until the player invoked the command /premium. Then we could override the existing
|
| 96 | # database record.
|
| 97 | #
|
| 98 | # #### Case 2
|
| 99 | # autoRegister = false
|
| 100 | # nameChangeCheck = true
|
| 101 | #
|
| 102 | # Connect the Mojang API and check what UUID the player has (UUID exists => Paid Minecraft account). If that UUID is in
|
| 103 | # the database it's an **existing player** and FastLogin can **assume** the player is premium and changed the username.
|
| 104 | # If it's not in the database, it's a new player and **could be a cracked player**. So we just use an offline mode
|
| 105 | # authentication for this player.
|
| 106 | #
|
| 107 | # **Limitation**: Cracked players who use the new username of a paid account cannot join the server if the database
|
| 108 | # contains the old name. (Example: The owner of the paid account no longer plays on the server, but changed the username
|
| 109 | # in the meanwhile).
|
| 110 | #
|
| 111 | # #### Case 3
|
| 112 | # autoRegister = true
|
| 113 | # nameChangeCheck = false
|
| 114 | #
|
| 115 | # We will always request a premium authentication if the username is unknown to us, but is in use by a paid Minecraft
|
| 116 | # account. This means it's kind of a more aggressive check like nameChangeCheck = true and autoRegister = false, because
|
| 117 | # it requests a premium authentication which are completely new to us, that even the premium UUID is not in our database.
|
| 118 | #
|
| 119 | # **Limitation**: see below
|
| 120 | #
|
| 121 | # #### Case 4
|
| 122 | # autoRegister = true
|
| 123 | # nameChangeCheck = true
|
| 124 | #
|
| 125 | # Based on autoRegister it checks if the player name is premium and login using a premium authentication. After that
|
| 126 | # fastlogin receives the premium UUID and can update the database record.
|
| 127 | #
|
| 128 | # **Limitation from autoRegister**: New offline players who use the username of an existing Minecraft cannot join the
|
| 129 | # server.
|
| 130 | nameChangeCheck: true
|
| 131 |
|
| 132 | # If your players have a premium account and a skin associated to their account, this plugin
|
| 133 | # can download the data and set it to the online player.
|
| 134 | #
|
| 135 | # Keep in mind that this will only work if the player:
|
| 136 | # * is the owner of the premium account
|
| 137 | # * the server connection is established through a premium connection (paid account authentication)
|
| 138 | # * has a skin
|
| 139 | #
|
| 140 | # This means this plugin doesn't need to create a new connection to the Mojang servers, because
|
| 141 | # the skin data is included in the Auth-Verification-Response sent by Mojang. If you want to use for other
|
| 142 | # players like cracked player, you have to use other plugins.
|
| 143 | #
|
| 144 | # If you use PaperSpigot - FastLogin will always try to set the skin, even if forwardSkin is set to false
|
| 145 | # It is needed to allow premium name change to work correctly
|
| 146 | # https://github.com/games647/FastLogin/issues/457
|
| 147 | #
|
| 148 | # If you want to use skins for your cracked player, you need an additional plugin like
|
| 149 | # ChangeSkin, SkinRestorer, ...
|
| 150 | forwardSkin: true
|
| 151 |
|
| 152 | # Displays a warning message that this message SHOULD only be invoked by
|
| 153 | # users who actually are the owner of this account. So not by cracked players
|
| 154 | #
|
| 155 | # If they still want to invoke the command, they have to invoke /premium again
|
| 156 | premium-warning: true
|
| 157 |
|
| 158 | # ======[[ Spigot+ProtocolLib users only ]]======
|
| 159 | # When set to true, enables the use of alternative session resolver which does not send the server IP
|
| 160 | # to mojang session servers. This setting might be useful when you are trying to run the server via a
|
| 161 | # transparent reverse proxy or some other form of DNAT. As far as security goes, this setting has
|
| 162 | # negligible to no security impact.
|
| 163 | #
|
| 164 | # This setting works on a similar principle as 'prevent-proxy' setting in server.properties.
|
| 165 | # When set to false, the server behaves like prevent-proxy was set to true and vice-versa.
|
| 166 | # Normally, when you use the prevent-proxy=true, you would want this disabled.
|
| 167 | #
|
| 168 | # Please note that this setting has no effect when used outside of Spigot+ProtocolLib context.
|
| 169 | #
|
| 170 | # !!! [WARNING] !!!
|
| 171 | # This option is considered highly experimental. While it is highly unlikely this will break your server,
|
| 172 | # more tests need to be conducted in order to verify its effectiveness. Brief tests seemed promising, but
|
| 173 | # every environment is different, and so it might not work for you as it did for me.
|
| 174 | useProxyAgnosticResolver: false
|
| 175 |
|
| 176 | # If you have autoRegister or nameChangeCheck enabled, you could be rate-limited by Mojang.
|
| 177 | # The requests of the both options will be only made by FastLogin if the username is unknown to the server
|
| 178 | # You are allowed to make 600 requests per 10-minutes (60 per minute)
|
| 179 | # If you own a big server this value could be too low
|
| 180 | # Once the limit is reached, new players are always logged in as cracked until the rate-limit is expired.
|
| 181 | # (to the next ten minutes)
|
| 182 | #
|
| 183 | # The limit is IP-wide. If you have multiple IPv4-addresses you specify them here. FastLogin will then use it in
|
| 184 | # rotating order --> 5 different IP-addresses 5 * 600 per 10 minutes
|
| 185 | # If this list is empty only the default one will be used
|
| 186 | #
|
| 187 | # Lists are created like this:
|
| 188 | #ip-addresses:
|
| 189 | # - 192-168-0-2
|
| 190 | ip-addresses: []
|
| 191 |
|
| 192 | # How many requests should be established to the Mojang API for Name -> UUID requests. Some other plugins as well
|
| 193 | # as the head Minecraft block make such requests as well. Using this option you can limit the amount requests this
|
| 194 | # plugin should make.
|
| 195 | #
|
| 196 | # If you lower this value, other plugins could still make requests while FastLogin cannot.
|
| 197 | # Mojang limits the amount of request to 600 per 10 minutes per IPv4-address.
|
| 198 | mojang-request-limit: 600
|
| 199 |
|
| 200 | # This option automatically registers players which are in the FastLogin database, but not in the auth plugin database.
|
| 201 | # This can happen if you switch your auth plugin or cleared the database of the auth plugin.
|
| 202 | # https://github.com/games647/FastLogin/issues/85
|
| 203 | auto-register-unknown: false
|
| 204 |
|
| 205 | # This disables the auto login from fastlogin. So a premium (like a paid account) authentication is requested, but
|
| 206 | # the player won't be auto logged into the account.
|
| 207 | #
|
| 208 | # This can be used as 2Factor authentication for better security of your accounts. A hacker then needs both passwords.
|
| 209 | # The password of your Minecraft and the password to login in with your auth plugin
|
| 210 | autoLogin: true
|
| 211 |
|
| 212 | # Floodgate configuration
|
| 213 | # Connecting through Floodgate requires player's to sign in via their Xbox Live account
|
| 214 | # !!!!!!!! WARNING: FLOODGATE SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
|
| 215 | # Enabling any of these settings might lead to people gaining unauthorized access to other's accounts!
|
| 216 |
|
| 217 | # Automatically log in players connecting through Floodgate.
|
| 218 | # Possible values:
|
| 219 | # false: Disables auto login for every player connecting through Floodgate
|
| 220 | # true: Enables auto login for every player connecting through Floodgate
|
| 221 | # linked: Only Bedrock accounts that are linked to a Java account will be logged in automatically
|
| 222 | # no-conflict: Bedrock players will only be automatically logged in if the Mojang API reports
|
| 223 | # that there is no existing Premium Java MC account with their name.
|
| 224 | # This option can be useful if you are not using 'username-prefix' in floodgate/config.yml
|
| 225 | # Requires 'autoLogin' to be 'true'
|
| 226 | # !!!!!!!! WARNING: FLOODGATE SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
|
| 227 | # Enabling this might lead to people gaining unauthorized access to other's accounts!
|
| 228 | autoLoginFloodgate: true
|
| 229 |
|
| 230 | # This enables Floodgate or Offline Geyser players to join the server, even if they are using the name of an
|
| 231 | # existing Java **PREMIUM** account (so someone has bought Minecraft with that username)
|
| 232 | #
|
| 233 | # Java and Bedrock players will get different UUIDs, so their inventories, location, etc. will be different.
|
| 234 | # However, some plugins (such as AuthMe) rely on names instead of UUIDs to identify a player which might cause issues.
|
| 235 | # In the case of AuthMe (and other auth plugins), both the Java and the Bedrock player will have the same password.
|
| 236 | #
|
| 237 | # To prevent conflicts from two different players having the same name, it is highly recommended using a
|
| 238 | # 'username-prefix' in floodgate/config.yml
|
| 239 | #
|
| 240 | # Possible values:
|
| 241 | # false: Kick Bedrock players, if they are using an existing Premium Java account's name
|
| 242 | # Note: Linked Floodgate players have the same name as their Java profile, so the Bedrock player will always conflict
|
| 243 | # their own Java account's name. Therefore, setting this to false will prevent any linked player from joining.
|
| 244 | # true: Bypass name conflict checking.
|
| 245 | # linked: Floodgate accounts linked to a Java account will be allowed to join with conflicting names
|
| 246 | # For Offline Geyser players, 'linked' works as 'false'
|
| 247 | # !!!!!!!! WARNING: FLOODGATE/GEYSER SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
|
| 248 | # Enabling this might lead to people gaining unauthorized access to other's accounts!
|
| 249 | allowFloodgateNameConflict: true
|
| 250 |
|
| 251 | # Automatically register players connecting through Floodgate.
|
| 252 | # autoLoginFloodgate must be available for the player to use this
|
| 253 | # Possible values:
|
| 254 | # false: Disables auto registering for every player connecting through Floodgate
|
| 255 | # true: Enables auto registering for every player connecting through Floodgate
|
| 256 | # linked: Only Bedrock accounts that are linked to a Java account will be registered automatically
|
| 257 | # no-conflict: Bedrock players will only be automatically registered if the Mojang API reports
|
| 258 | # that there is no existing Premium Java MC account with their name.
|
| 259 | # This option can be useful if you are not using 'username-prefix' in floodgate/config.yml
|
| 260 | # Requires 'autoRegister' to be 'true'
|
| 261 | # !!!!!!!! WARNING: FLOODGATE SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
|
| 262 | # Enabling this might lead to people gaining unauthorized access to other's accounts!
|
| 263 | autoRegisterFloodgate: true
|
| 264 |
|
| 265 | # This option resembles the vanilla configuration option 'enforce-secure-profile' in the 'server.properties' file.
|
| 266 | # It verifies if the incoming cryptographic key in the login request from the player is signed by Mojang. This key
|
| 267 | # is necessary for servers where you or other in-game players want to verify that a chat message sent and signed by
|
| 268 | # this player is not modified by any third-party. Modifications by your server would also invalidate the message.
|
| 269 | #
|
| 270 | # This feature is only relevant if you use the plugin in ProtocolLib mode and use 1.19+.
|
| 271 | # This also the case if you don't have any proxies in use.
|
| 272 | verifyClientKeys: true
|
| 273 |
|
| 274 | # Database configuration
|
| 275 | # Recommended is the use of MariaDB (a better version of MySQL)
|
| 276 |
|
| 277 | # Single file SQLite database
|
| 278 | #driver: 'sqlite'
|
| 279 | # File location
|
| 280 | #database: '{pluginDir}/FastLogin.db'
|
| 281 |
|
| 282 | # MySQL/MariaDB
|
| 283 | # If you want to enable it, uncomment only the lines below; this not this line.
|
| 284 | # If on velocity use 'mariadb' as driver
|
| 285 | driver: 'MYSQL'
|
| 286 | host: 'db-mfl-01.sparkedhost.us'
|
| 287 | port: 3306
|
| 288 | database: 's69804_fastlogin'
|
| 289 | username: 'u69804_hwa7ilT3LE'
|
| 290 | password: 'VkO^LbGv9Dw557eNTQhbhN^U'
|
| 291 |
|
| 292 | # Advanced Connection Pool settings in seconds
|
| 293 | #timeout: 30
|
| 294 | #lifetime: 30
|
| 295 |
|
| 296 | ## It's recommended to enable SSL if the MySQL server isn't running on the same host
|
| 297 | ## This will encrypt the connection for secure transportation of the sql server password
|
| 298 | #useSSL: false
|
| 299 | ## Verification requirements for the server cert,
|
| 300 | ## Values: Required (unchecked SSL connection), VerifyCA (verify CA), VerifyFull (verify CA and matching hostname)
|
| 301 | #sslMode=Required
|
| 302 | ## TLS is preferred for this technique, then your host stored certificate store will be used to verify the server cert
|
| 303 | ## Similar to HTTPS. If that's not possible RSA can be used with the following options.
|
| 304 | ## This allows to request the public RSA key from the server to encrypt the data to it. True would allow machine-in-the-
|
| 305 | ## middle attacks.
|
| 306 | #allowPublicKeyRetrieval=false
|
| 307 | ## Path to the RSA public key if key retrieval is forbidden
|
| 308 | #ServerRSAPublicKeyFile=
|
| 309 |
|
| 310 | # HTTP proxies for connecting to the Mojang servers in order to check if the username of a player is premium.
|
| 311 | # This is a workaround to prevent rate-limiting by Mojang. These proxies will only be used once your server hit
|
| 312 | # the rate-limit or the custom value above.
|
| 313 | # Please make sure you use reliable proxies.
|
| 314 | proxies:
|
| 315 | # 'IP:Port' or 'Domain:Port'
|
| 316 | # - 'xyz.com:1337'
|
| 317 | # - 'test.com:5131'
|
