feat: Config option to enable ProxyAgnosticMojangResolver

A config option was added to allow users to use the ProxyAgnosticMojangResolver if they feel the need to do so. This setting won't affect existing users since it's disabled by default.
2025-07-29 18:27:36 +02:00 · 2022-06-09 19:24:53 +02:00
parent 5d4483224d
commit 5f494e5a04
2 changed files with 15 additions and 2 deletions
--- a/core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java
@ -84,8 +84,7 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
    private final Collection<UUID> pendingConfirms = new HashSet<>();
    private final T plugin;

-    //private final MojangResolver resolver = new MojangResolver();
-    private final MojangResolver resolver = new ProxyAgnosticMojangResolver();
+    private MojangResolver resolver;

    private Configuration config;
    private SQLStorage storage;
@ -120,6 +119,9 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
            return;
        }

+        // Initialize the resolver based on the config parameter
+        this.resolver = this.config.getBoolean("useProxyAgnosticResolver", false) ? new ProxyAgnosticMojangResolver() : new MojangResolver();
+
        rateLimiter = createRateLimiter(config.getSection("anti-bot"));
        Set<Proxy> proxies = config.getStringList("proxies")
                .stream()
--- a/core/src/main/resources/config.yml
+++ b/core/src/main/resources/config.yml
@ -152,6 +152,17 @@ forwardSkin: true
 # If they still want to invoke the command, they have to invoke /premium again
 premium-warning: true

+# When set to true, enables the use of alternative session resolver which does not send the server IP
+# to mojang session servers. This setting might be useful when you are trying to run the server via a
+# transparent reverse proxy or some other form of DNAT. As far as security goes, this setting has
+# negligible to no security impact.
+#
+# !!! [WARNING] !!!
+# This option is considered highly experimental. While it is highly unlikely this will break your server,
+# more tests need to be conducted in order to verify it's effectiveness. Brief tests seemed promising, but
+# every environment is different, and so it might not work for you as it did for me.
+useProxyAgnosticResolver: false
+
 # If you have autoRegister or nameChangeCheck enabled, you could be rate-limited by Mojang.
 # The requests of the both options will be only made by FastLogin if the username is unknown to the server
 # You are allowed to make 600 requests per 10-minutes (60 per minute)