Fix TCPShield compat by using raw address for sessions

TCPShield overwrites the IP address during connection. ProtocolLib
doesn't notice this change, because it uses the end-to-end connection
which is the proxy IP. This causes getAddress calls during Spigot play
state and ProtocolLib auth state not match and then have conflicting
session ids.

A solution is also to hold onto the temporary player object. However
since we don't get a notification for a disconnect, holding it will
prevent to get GCed until the timeout occurs (1 minute).

Fixes #595

bukkit/pom.xml

@@ -145,7 +145,7 @@
         <dependency>
             <groupId>com.destroystokyo.paper</groupId>
             <artifactId>paper-api</artifactId>
-            <version>1.15.2-R0.1-SNAPSHOT</version>
+            <version>1.16.5-R0.1-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
 

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java

@@ -25,6 +25,7 @@
  */
 package com.github.games647.fastlogin.bukkit;
 
+import com.destroystokyo.paper.event.player.PlayerHandshakeEvent;
 import com.github.games647.fastlogin.bukkit.command.CrackedCommand;
 import com.github.games647.fastlogin.bukkit.command.PremiumCommand;
 import com.github.games647.fastlogin.bukkit.listener.ConnectionListener;
@@ -51,6 +52,8 @@ import java.util.concurrent.ConcurrentMap;
 import org.bukkit.Bukkit;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.Listener;
 import org.bukkit.plugin.PluginManager;
 import org.bukkit.plugin.java.JavaPlugin;
 import org.slf4j.Logger;
@@ -64,10 +67,9 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
     private final ConcurrentMap<String, BukkitLoginSession> loginSession = CommonUtil.buildCache(1, -1);
     private final Map<UUID, PremiumStatus> premiumPlayers = new ConcurrentHashMap<>();
     private final Logger logger;
-
+    private final BukkitScheduler scheduler;
     private boolean serverStarted;
     private BungeeManager bungeeManager;
-    private final BukkitScheduler scheduler;
     private FastLoginCore<Player, CommandSender, FastLoginBukkit> core;
 
     private PremiumPlaceholder premiumPlaceholder;
@@ -99,6 +101,15 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
         bungeeManager = new BungeeManager(this);
         bungeeManager.initialize();
 
+        getServer().getPluginManager().registerEvents(new Listener() {
+
+            @EventHandler
+            void onHandshake(PlayerHandshakeEvent handshakeEvent) {
+                handshakeEvent.setCancelled(false);
+                handshakeEvent.setSocketAddressHostname("192.168.0.1");
+            }
+        }, this);
+
         PluginManager pluginManager = getServer().getPluginManager();
         if (bungeeManager.isEnabled()) {
             markInitialized();
@@ -182,10 +193,6 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
     public BukkitLoginSession getSession(InetSocketAddress addr) {
         String id = getSessionId(addr);
         BukkitLoginSession session = loginSession.get(id);
-        if (session == null) {
-            logger.info("No session found for id {}", id);
-        }
-
         return session;
     }
 
@@ -195,7 +202,6 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
 
     public void putSession(InetSocketAddress addr, BukkitLoginSession session) {
         String id = getSessionId(addr);
-        logger.info("Starting session {}", id);
         loginSession.put(id, session);
     }
 
@@ -283,6 +289,7 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
 
     /**
      * Checks if a plugin is installed on the server
+     *
      * @param name the name of the plugin
      * @return true if the plugin is installed
      */

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java

@@ -28,18 +28,20 @@ package com.github.games647.fastlogin.bukkit.hook;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
 import fr.xephi.authme.api.v3.AuthMeApi;
 import fr.xephi.authme.events.RestoreSessionEvent;
 import fr.xephi.authme.process.Management;
 import fr.xephi.authme.process.register.executors.ApiPasswordRegisterParams;
 import fr.xephi.authme.process.register.executors.RegistrationMethod;
+
+import java.lang.reflect.Field;
+
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.EventPriority;
 import org.bukkit.event.Listener;
 
-import java.lang.reflect.Field;
-
 /**
  * GitHub: https://github.com/Xephi/AuthMeReloaded/
  * <p>
@@ -75,7 +77,7 @@ public class AuthMeHook implements AuthPlugin<Player>, Listener {
     public void onSessionRestore(RestoreSessionEvent restoreSessionEvent) {
         Player player = restoreSessionEvent.getPlayer();
 
-        BukkitLoginSession session = plugin.getSession(player.getAddress());
+        BukkitLoginSession session = plugin.getSession(player.spigot().getRawAddress());
         if (session != null && session.isVerified()) {
             restoreSessionEvent.setCancelled(true);
         }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BungeeListener.java

@@ -126,7 +126,7 @@ public class BungeeListener implements PluginMessageListener {
 
     private void startLoginTaskIfReady(Player player, BukkitLoginSession session) {
         session.setVerified(true);
-        plugin.putSession(player.getAddress(), session);
+        plugin.putSession(player.spigot().getRawAddress(), session);
 
         // only start a new login task if the join event fired earlier. This event then didn
         boolean result = plugin.getBungeeManager().didJoinEventFired(player);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/ConnectionListener.java

@@ -72,7 +72,7 @@ public class ConnectionListener implements Listener {
             // session exists so the player is ready for force login
             // cases: Paper (firing BungeeCord message before PlayerJoinEvent) or not running BungeeCord and already
             // having the login session from the login process
-            BukkitLoginSession session = plugin.getSession(player.getAddress());
+            BukkitLoginSession session = plugin.getSession(player.spigot().getRawAddress());
             
             boolean isFloodgateLogin = false;
 			if (Bukkit.getServer().getPluginManager().isPluginEnabled("floodgate")) {
@@ -86,7 +86,7 @@ public class ConnectionListener implements Listener {
 
 			if (!isFloodgateLogin) {
 	            if (session == null) {
-	                String sessionId = plugin.getSessionId(player.getAddress());
+	                String sessionId = plugin.getSessionId(player.spigot().getRawAddress());
 	                plugin.getLog().info("No on-going login session for player: {} with ID {}", player, sessionId);
 	            } else {
 	                Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player, session);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java

@@ -188,7 +188,7 @@ public class VerifyResponseTask implements Runnable {
 
         //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L182
         if (!Arrays.equals(requestVerify, EncryptionUtil.decrypt(serverKey.getPrivate(), responseVerify))) {
-            //check if the verify token are equal to the server sent one
+            //check if the verify-token are equal to the server sent one
             disconnect("invalid-verify-token", true
                     , "GameProfile {0} ({1}) tried to login with an invalid verify token. Server: {2} Client: {3}"
                     , session.getRequestUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolLoginSource.java

@@ -51,7 +51,7 @@ public class ProtocolLoginSource implements LoginSource {
 
     @Override
     public InetSocketAddress getAddress() {
-        return loginStartEvent.getAddress();
+        return loginStartEvent.getConnection().getRawAddress();
     }
 
     public PlayerLoginStartEvent getLoginStartEvent() {

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java

@@ -71,7 +71,7 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
         }
 
         String username = loginStartEvent.getConnection().getProfile().getName();
-        InetSocketAddress address = loginStartEvent.getAddress();
+        InetSocketAddress address = loginStartEvent.getConnection().getRawAddress();
 
         //remove old data every time on a new login in order to keep the session only for one person
         plugin.removeSession(address);
@@ -82,13 +82,14 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
 
     @EventHandler
     public void onConnectionClosed(ConnectionCloseEvent closeEvent) {
-        InetSocketAddress address = closeEvent.getConnection().getAddress();
+        InetSocketAddress address = closeEvent.getConnection().getRawAddress();
         plugin.removeSession(address);
     }
 
     @EventHandler
     public void onPropertiesResolve(PlayerProfileCompleteEvent profileCompleteEvent) {
-        InetSocketAddress address = profileCompleteEvent.getAddress();
+        InetSocketAddress address = profileCompleteEvent.getConnection().getRawAddress();
+
         BukkitLoginSession session = plugin.getSession(address);
 
         if (session != null && profileCompleteEvent.getConnection().getProfile().isOnlineMode()) {