Require player re-join to confirm auto-login request

Fixes #159
Fixes #242
Fixes #256
Fixes #286

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,41 @@
+---
+name: Bug report
+about: Something isn't working
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+[//]: # (Lines in this format are considered as comments and will not be displayed.)
+[//]: # (Before reporting make sure you're running the **latest build** of the plugin and checked for existing issues!)
+
+### What behaviour is observed:
+[//]: # (What happened?)
+
+### What behaviour is expected:
+[//]: # (What did you expect?)
+
+### Steps/models to reproduce:
+[//]: # (The actions that cause the issue. Please explain it in detail)
+
+### Screenshots (if applicable)
+[//]: # (You can drop the files here directly)
+
+### Plugin list:
+[//]: # (This can be found by running `/pl`)
+
+### Environment description
+[//]: # (Server software with exact version number, Minecraft version, SQLite/MySQL/MariaDB, ...)
+
+### Plugin version or build number (don't write latest):
+[//]: # (This can be found by running `/version plugin-name`.)
+
+### Server Log:
+[//]: # (No images please - only the textual representation)
+[Hastebin](https://hastebin.com/) / [Gist](https://gist.github.com/) link of the error, stacktrace or the complete log (if any)
+
+### Configuration:
+[//]: # (No images please - only the textual representation)
+[//]: # (remember to delete any sensitive data)
+[Hastebin](https://hastebin.com/) / [Gist](https://gist.github.com/) link of your config.yml file 

.github/ISSUE_TEMPLATE/enhancement_request.md

@@ -0,0 +1,22 @@
+---
+name: Enhancement request
+about: New feature or change request
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+[//]: # (Lines in this format are considered as comments and will not be displayed.)
+
+### Is your feature request related to a problem? Please describe.
+[//]: # (A clear and concise description of what the problem is. Ex. I'm always frustrated when [...])
+
+### Describe the solution you'd like
+[//]: # (A clear and concise description of what you want to happen.)
+
+### Describe alternatives you've considered
+[//]: # (A clear and concise description of any alternative solutions or features you've considered.)
+
+### Additional context
+[//]: # (Add any other context or screenshots about the feature request here.)

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,10 @@
+---
+name: Question
+about: You want to ask something
+title: ''
+labels: 'question'
+assignees: ''
+
+---
+
+

.github/pull_request_template.md

@@ -0,0 +1,8 @@
+[//]: # (Lines in this format are considered as comments and will not be displayed.)
+[//]: # (If your work is in progress, please consider making a draft pull request.)
+
+### Summary of your change
+[//]: # (Example: motiviation, enhancement)
+
+### Related issue
+[//]: # (Reference it using '#NUMBER'. Ex: Fixes/Related #...)

.github/workflows/maven.yml

@@ -0,0 +1,42 @@
+# Human readable name
+name: Java CI
+
+# Build on every push and pull request regardless of the branch
+# Wiki: https://help.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+    - push
+    - pull_request
+
+jobs:
+  # job id
+  build_and_test:
+
+    # Environment image - always newest OS
+    runs-on: ubuntu-latest
+
+    # Run steps
+    steps:
+    # Pull changes
+    - uses: actions/checkout@v2
+    # Cache artifacts - however this has the downside that we don't get notified of
+    # artifact resolution failures like invalid repository
+    # Nevertheless the repositories should be more stable and it makes no sense to pull
+    # a same version every time
+    # A dry run would make more sense
+    - uses: actions/cache@v1
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    # Setup Java
+    - name: Set up JDK
+      uses: actions/setup-java@v1.3.0
+      with:
+        # Use Java 8, because it's minimum required version
+        java-version: 8
+    # Build and test (included in package)
+    - name: Build with Maven and test
+    # Run non-interactive, package (with compile+test),
+    # ignore snapshot updates, because they are likely to have breaking changes, enforce checksums to validate posssible errors in depdendencies
+      run: mvn --batch-mode package --no-snapshot-updates --strict-checksums --file pom.xml

.gitignore

@@ -1,38 +1,22 @@
-# Eclipse stuff
-/.classpath
-/.project
-/.settings
+# Eclipse
+.classpath
+.project
+.settings/
 
-# netbeans
-/nbproject
+# NetBeans
+nbproject/
 nb-configuration.xml
-/bukkit/nbproject/
 
-# maven
-/target
-
-# vim
-.*.sw[a-p]
-
-# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
-hs_err_pid*
-
-# various other potential build files
-/build
-/bin
-/dist
-/manifest.mf
-*.log
-
-# Mac filesystem dust
-.DS_Store
-
-# intellij
+# IntelliJ
 *.iml
 *.ipr
 *.iws
 .idea/
 
+# Maven
+target/
+pom.xml.versionsBackup
+
 # Gradle
 .gradle
 
@@ -40,4 +24,21 @@ hs_err_pid*
 gradle-app.setting
 
 # Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
-!gradle-wrapper.jar
+!gradle-wrapper.jar
+
+# various other potential build files
+build/
+bin/
+dist/
+manifest.mf
+*.log
+
+# Vim
+.*.sw[a-p]
+
+# virtual machine crash logs, see https://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+# Mac filesystem dust
+.DS_Store
+

.travis.yml

@@ -1,15 +0,0 @@
-# Use https://travis-ci.org/ for automatic tests
-
-# speed up testing http://blog.travis-ci.com/2014-12-17-faster-builds-with-container-based-infrastructure/
-sudo: false
-
-# This is a java project
-language: java
-
-script: mvn compile test
-
-# We run on 7+
-jdk:
-  - openjdk7
-  - oraclejdk7
-  - oraclejdk8

CHANGELOG.md

@@ -1,11 +1,170 @@
-######1.0
+### 1.11
+
+* Use direct proxies instead of ssl factories for multiple IP-addresses
+* Remove local address check for multiple IP-addresses
+* Fix parsing of local IP-addresses
+* Fix address rotating for contacting the Mojang API
+* Optimize issue template
+* Use Instant for timestamps
+* Migrate SLF4J logging (Fixes #177)
+* Use Gson's TypeAdapter for more type safety
+* Add support for IPv6 proxies
+* Shared configuration implementation for easier maintained code
+* Use Gson for json parsing, because it's supported on all platforms and removes code duplicates
+* Clean up project code
+* Drop support for deprecated AuthMe API
+* Remove legacy database migration code
+* Drop support for RoyalAuth, because it doesn't seem to be supported anymore
+* Clean up client-server encryption -> use only one cipher per connection, simplify code
+
+### 1.10
+
+* Prevent authentication proxies
+* Drop database importer
+* More logging by default
+* Add support for HTTP proxies
+* Set the fake offline UUID on lowest priority (-> as soon as possible)
+* Remove bungee chatcolor for Bukkit to support KCauldron
+* Minor cleanup using inspections + Https
+* Increase hook delay to let ProtocolLib inject the listener
+* Drop support for old AuthMe API + Add support for new AuthMe API
+* Remove eBean util usage to make it compatible with 1.12
+* Do not try to hook into a plugin if auth plugin hook is already set using the FastLogin API
+* Automatically register accounts if they are not in the auth plugin database but in the FastLogin database
+* Update BungeeAuth dependency and use the new API. Please update your plugin if you still use the old one.
+* Remove deprecated API methods from the last version
+* Finally update the IP column on every login
+* No duplicate session login
+* Fix timestamp parsing in newer versions of SQLite
+* Fix Spigot console command invocation sends result to in game players
+
+### 1.9
+
+* Added second attempt login -> cracked login
+* Added cracked whitelist (switch-mode -> switching to online-mode from offlinemode)
+* Added configuration to disable auto logins for 2Factor authentication
+* Added missing add-premium-other message
+* Upgrade to Java 8 -> Minimize file size
+* Refactored/Cleaned up a lot of code
+* [API] Deprecated platform specific auth-plugin. Please use AuthPlugin< platform specific player type >
+* [API] Deprecated bukkit's password generator. Please use PasswordGenerator< platform specific player type >
+* Fix ProtocolSupport autoRegister
+* Fix update username in FastLogin database after nameChange
+* Fix logging exceptions on encryption enabling
+* Fix compatibility with older ProtocolLib versions (for 1.7) because of the missing getMethodAcccessorOrNull method
+* Fix correct cracked permission for bukkit
+* A try to fix SQLite timestamp parsing
+* Drop support for LoginSecurity 1.X since 2.X seems to be stable
+* Remove the nasty UltraAuth fakeplayer workaround by using a new api method. You should UltraAuth if you have it
+
+### 1.8
+
+* Added autoIn importer
+* Added BFA importer
+* Added ElDziAuth importer
+* Fix third-party not premium player detection
+* Fix ProtocolSupport BungeeCord
+* Fix duplicate logins for BungeeAuth users
+
+### 1.7.1
+
+* Fix BungeeCord autoRegister (Fixes #46)
+* Fix ProtocolSupport auto-register
+
+### 1.7
+
+* Added support for making requests to Mojang from different IPv4 addresses
+* Added us.mcapi.com as third-party APIs to workaround rate-limits
+* Fixed NPE in BungeeCord on cracked session
+* Fixed skin applies if premium uuid is deactivated
+* Fix player entry is not saved if namechangecheck is enabled
+* Fix skin applies for third-party plugins
+* Switch to mcapi.ca for uuid lookups
+* Fix BungeeCord not setting an premium uuid
+* Fix setting skin on Cauldron
+* Fix saving on name change
+
+### 1.6.2
+
+* Fixed support for new LoginSecurity version
+
+### 1.6.1
+
+* Fix message typo in BungeeCord which created a NPE if premium-warning is activated
+
+### 1.6
+
+* Add a warning message if the user tries to invoke the premium command
+* Added missing translation if the server isn't fully started
+* Removed ProtocolLib as required dependency. You can use ProtocolSupport or BungeeCord as alternative
+* Reduce the number of worker threads from 5 to 3 in ProtocolLib
+* Process packets in ProtocolLib async/non-blocking -> better performance
+* Fixed missing translation in commands
+* Fixed cracked command not working on BungeeCord
+* Fix error if forward skins is disabled
+
+### 1.5.2
+
+* Fixed BungeeCord force logins if there is a lobby server
+* Removed cache expire in BungeeCord
+* Applies skin earlier to make it visible for other plugins listening on login events
+
+### 1.5.1
+
+* Fixed BungeeCord support by correctly saving the proxy ids
+
+### 1.5
+
+* Added localization
+* Fixed NPE on premium name check if it's pure cracked player
+* Fixed NPE in BungeeCord on cracked login for existing players
+* Fixed saving of existing cracked players
+
+### 1.4
+
+* Added Bungee setAuthPlugin method
+* Added nameChangeCheck
+* Multiple BungeeCord support
+
+### 1.3.1
+
+* Prevent thread create violation in BungeeCord
+
+### 1.3
+
+* Added support for AuthMe 3.X
+* Fixed premium logins if the server is not fully started
+* Added other command argument to /premium and /cracked
+* Added support for LogIt
+* Fixed 1.7 Minecraft support by removing guava 11+ only features -> Cauldron support
+* Fixed BungeeCord support in Cauldron
+
+### 1.2.1
+
+* Fix premium status change notification message on BungeeCord
+
+### 1.2
+
+* Fix race condition in BungeeCord
+* Fix dead lock in xAuth
+* Added API methods for plugins to set their own password generator
+* Added API methods for plugins to set their own auth plugin hook
+=> Added support for AdvancedLogin
+
+### 1.1
+
+* Make the configuration options also work under BungeeCord (premiumUUID, forwardSkin)
+* Catch configuration loading exception if it's not spigot build
+* Fix config loading for older Spigot builds
+
+### 1.0
 
 * Massive refactor to handle errors on force actions safely
 * force Methods now runs async too
 * force methods now returns a boolean to reflect if the method was successful
 * isRegistered method should now throw an exception if the plugin was unable to query the requested data
 
-######0.8
+### 0.8
 
 * Fixed BungeeCord support for the Bukkit module
 * Added database storage to save the premium state
@@ -13,7 +172,7 @@
 * Fixed issues with host lookup from hosts file (Thanks to @NorbiPeti)
 * Remove handshake listener because it creates errors on some systems
 
-######0.7
+### 0.7
 
 * Added BungeeAuth support
 * Added /premium [player] command with optional player parameter
@@ -24,69 +183,69 @@
 * Removes the need of an Bukkit auth plugin if you use a bungeecord one
 * Optimize performance and thread-safety
 * Fixed BungeeCord support
-* Changed config option autologin to autoregister to clarify the usage
+* Changed config option auto-login to auto-register to clarify the usage
 
-######0.6
+### 0.6
 
 * Fixed 1.9 bugs
 * Added UltraAuth support
 
-######0.5
+### 0.5
 
-* Added unpremium command
-* Added autologin - See config
+* Added cracked command
+* Added auto-login - See config
 * Added config
 * Added isRegistered API method
 * Added forceRegister API method
 
 * Fixed CrazyLogin player data restore -> Fixes memory leaks with this plugin
-* Fixed premium name check to protocolsupport
+* Fixed premium name check to ProtocolSupport
 * Improved permissions management
 
-######0.4
+### 0.4
 
 * Added forward premium skin
-* Added plugin support for protocolsupport
+* Added plugin support for ProtocolSupport
 
-######0.3.2
+### 0.3.2
 
 * Run packet readers in a different thread (separated from the Netty I/O Thread)
 -> Improves performance
 * Fixed Plugin disable if the server is in online mode but have to be in offline mode
 
-######0.3.1
+### 0.3.1
 
 * Improved BungeeCord security
 
-#####0.3
+### 0.3
 
 * Added BungeeCord support
 * Decrease timeout checks in order to fail faster on connection problems
 * Code style improvements
 
-######0.2.4
+### 0.2.4
 
 * Fixed NPE on invalid sessions
 * Improved security by generating a randomized serverId
 * Removed /premium [player] because it's safer for premium players who join without registration
 
-######0.2.3
+### 0.2.3
 
-* Remove useless AuthMe forcelogin code
+* Remove useless AuthMe force-login code
 * Send a kick message to the client instead of just "Disconnect"
 * Reformat source code
 * Fix thread safety for fake start packets (Bukkit.getOfflinePlayer doesn't look like to be thread-safe)
 * Added more documentation
 
-######0.2.2
+### 0.2.2
 
 * Compile project with Java 7 :(
 
-######0.2.1
+### 0.2.1
 * A couple of security fixes (premium players cannot longer steal the account of a cracked account)
 * Added a /premium command to mark you as premium player
 
-#####0.2
+### 0.2
 
 * Added support for CrazyLogin and LoginSecurity
 * Now minecraft version independent
@@ -95,5 +254,5 @@
 * More state validation
 * Added better error handling
 
-#####0.1
-* First release
+### 0.1
+* First release

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 
+Copyright (c) 2015-2018
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,12 +1,9 @@
 # FastLogin
 
-[![Build Status](https://travis-ci.org/games647/FastLogin.svg?branch=master)](https://travis-ci.org/games647/FastLogin)
-[![Donate Button](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8ZBULMAPN7MZC)
-
-Checks if a minecraft player has a paid account (premium). If so, they can skip offline authentication (auth plugins).
+Checks if a Minecraft player has a paid account (premium). If so, they can skip offline authentication (auth plugins).
 So they don't need to enter passwords. This is also called auto login (auto-login).
 
-###Features:
+## Features
 
 * Detect paid accounts from others
 * Automatically login paid accounts (premium)
@@ -15,142 +12,92 @@ So they don't need to enter passwords. This is also called auto login (auto-logi
 * Forge/Sponge message support
 * Premium UUID support
 * Forwards Skins
+* Detect user name changed and will update the existing database record
 * BungeeCord support
 * Auto register new premium players
 * Plugin: ProtocolSupport is supported and can be used as an alternative to ProtocolLib
 * No client modifications needed
 * Good performance by using async non blocking operations
-* Free
-* Open source
+* Locale messages
+* Import the database from similar plugins
+
+## Development builds
+
+Development builds of this project can be acquired at the provided CI (continuous integration) server. It contains the
+latest changes from the Source-Code in preparation for the following release. This means they could contain new
+features, bug fixes and other changes since the last release.
+
+Nevertheless builds are only tested using a small set of automated and a few manual tests. Therefore they **could**
+contain new bugs and are likely to be less stable than released versions.
+
+https://ci.codemc.org/job/Games647/job/FastLogin/changes
 
 ***
 
-###Commands:
-    * /premium [player] Label the invoker as paid account
-    * /cracked [player] Label the invoker as cracked account
+## Commands
 
-###Permissions:
-    * fastlogin.bukkit.command.premium
+    /premium [player] Label the invoker or the argument as paid account
+    /cracked [player] Label the invoker or the argument as cracked account
 
-###Requirements:
-* Plugin: [ProtocolLib](http://www.spigotmc.org/resources/protocollib.1997/)
-* Tested Bukkit/[Spigot](https://www.spigotmc.org) 1.9 (could also work with other versions)
-* Java 7+
+## Permissions
+
+    fastlogin.bukkit.command.premium
+    fastlogin.bukkit.command.cracked
+    fastlogin.command.premium.other
+    fastlogin.command.cracked.other
+
+## Requirements
+
+* Plugin: 
+    * [ProtocolLib](https://www.spigotmc.org/resources/protocollib.1997/) or 
+    * [ProtocolSupport](https://www.spigotmc.org/resources/protocolsupport.7201/)
+* [Spigot](https://www.spigotmc.org) 1.8.8+
+* Java 8+
 * Run Spigot and/or BungeeCord/Waterfall in offline mode (see server.properties or config.yml)
-* An auth plugin. Supported Plugins
+* An auth plugin. Supported plugins
 
-####Bukkit/Spigot/PaperSPigot
+### Bukkit/Spigot/Paper
 
-* [AuthMe](http://dev.bukkit.org/bukkit-plugins/authme-reloaded/)
-* [xAuth](http://dev.bukkit.org/bukkit-plugins/xauth/)
-* [CrazyLogin](http://dev.bukkit.org/bukkit-plugins/crazylogin/)
-* [LoginSecurity](http://dev.bukkit.org/bukkit-plugins/loginsecurity/)
-* [RoyalAuth](http://dev.bukkit.org/bukkit-plugins/royalauth/)
-* [UltraAuth](http://dev.bukkit.org/bukkit-plugins/ultraauth-aa/)
+* [AuthMe (5.X)](https://dev.bukkit.org/bukkit-plugins/authme-reloaded/)
+* [xAuth](https://dev.bukkit.org/bukkit-plugins/xauth/)
+* [LogIt](https://github.com/games647/LogIt)
+* [AdvancedLogin (Paid)](https://www.spigotmc.org/resources/advancedlogin.10510/)
+* [CrazyLogin](https://dev.bukkit.org/bukkit-plugins/crazylogin/)
+* [LoginSecurity](https://dev.bukkit.org/bukkit-plugins/loginsecurity/)
+* [UltraAuth](https://dev.bukkit.org/bukkit-plugins/ultraauth-aa/)
 
-####BungeeCord/Waterfall
+### BungeeCord/Waterfall
 
 * [BungeeAuth](https://www.spigotmc.org/resources/bungeeauth.493/)
 
-###Downloads
+## Network requests
 
-https://www.spigotmc.org/resources/fastlogin.14153/history
+This plugin performs network requests to:
+
+* https://api.mojang.com - retrieving uuid data to decide if we should activate premium login
+* https://sessionserver.mojang.com - verify if the player is the owner of that account
 
 ***
 
-###FAQ
+## How to install
 
-####Index
-1. [How does minecraft logins work?](#how-does-minecraft-logins-work)
-2. [How does this plugin work?](#how-does-this-plugin-work)
-3. [Why does the plugin require offline mode?](#why-does-the-plugin-require-offline-mode)
-4. [Can cracked player join with premium usernames?](#can-cracked-player-join-with-premium-usernames)
-5. [Why do players have to invoke a command?](#why-do-players-have-to-invoke-a-command)
-6. [What happens if a paid account joins with a used username?](#what-happens-if-a-paid-account-joins-with-a-used-username)
-7. [Does the plugin have BungeeCord support?](#does-the-plugin-have-bungeecord-support)
-8. [Could premium players have a premium UUID and Skin?](#could-premium-players-have-a-premium-uuid-and-skin)
-9. [Is this plugin compatible with Cauldron?](#is-this-plugin-compatible-with-cauldron)
+### Bukkit/Spigot/Paper
 
-####How does minecraft logins work?
-######Online Mode
-1. Client -> Server: I want to login, here is my username
-2. Server -> Client: Okay. I'm in online mode so here is my public key for encryption and my serverid
-3. Client -> Mojang: I'm player "xyz". I want to join a server with that serverid
-4. Mojang -> Client: Session data checked. You can continue
-5. Client -> Server: I received a successful response from Mojang. Heres our shared secret key
-6. Server -> Mojang: Does the player "xyz" with this shared secret key has a valid account to join me?
-7. Mojang -> Server: Yes, the player has the following additionally properties (UUID, Skin)
-8. Client and Server: encrypt all following communication packet
-9. Server -> Client: Everything checked you can play now
+1. Download and install ProtocolLib/ProtocolSupport
+2. Download and install FastLogin (or FastLoginBukkit for newer versions)
+3. Set your server in offline mode by setting the value onlinemode in your server.properties to false
 
+### BungeeCord/Waterfall
 
-######Offline Mode
-In offline mode step 2-7 is skipped. So a login request is directly followed by 8.
-
-######More details
-http://wiki.vg/Protocol#Login
-
-####How does this plugin work?
-By using ProtocolLib, this plugin works as a proxy between the client and server. This plugin will fake that the server
-runs in online mode. It does everything an online mode server would do. This will be for example, generating keys or
-checking for valid sessions. Because everything is the same compared to an offline mode login after an encrypted
-connection, we will intercept only **login** packets of **premium** players.
-
-1. Player is connecting to the server.
-2. Plugin checks if the username we received activated the fast login method (i.e. using command)
-3. Run a check if the username is currently used by a paid account.
-(We don't know yet if the client connecting is premium)
-4. Request an Mojang Session Server authentication
-5. On response check if all data is correct
-6. Encrypt the connection
-7. On success intercept all related login packets and fake a new login packet as a normal offline login
-
-####Why does the plugin require offline mode?
-1. As you can see in the question "how does minecraft login works", offline mode is equivalent to online mode except of
-the encryption and session checks on login. So we can intercept and cancel the first packets for premium players and
-enable an encrypted connection. Then we send a new fake packet in order to pretend that this a new login request from
-a offline mode player. The server will handle the rest.
-2. Some plugins check if the server is in online mode. If so, they could process the real offline (cracked) accounts
-incorrectly. For example, a plugin tries to fetch the UUID from Mojang, but the name of the player is not associated to
-a paid account.
-3. Servers, who allow cracked players and just speed up logins for premium players, are **already** in offline mode.
-
-####Can cracked player join with premium usernames?
-Yes, indeed. Therefore the command for toggling the fast login method exists.
-
-####Why do players have to invoke a command?
-1. It's a secure way to make sure a person with a paid account cannot steal the account
-of a cracked player that has the same username. The player have to proof first that it's his own account.
-2. We only receive the username from the player on login. We could check if that username is associated
-to a paid account but if we request a online mode login from a cracked player (who uses a username from
-a paid account), the player will disconnect with the reason "bad login" or "Invalid session". There is no way to change
-that message on the server side (without client modifications), because it's a connection between the Client and the
-Sessionserver.
-3. If a premium player would skip registration too, a player of a cracked account could later still register the
-account and would claim and steal the account from the premium player. Because commands cannot be invoked unless the
-player has a account or is logged in, protects this method also premium players
-
-###What happens if a paid account joins with a used username?
-The player on the server have to activate the feature of this plugin by command. If a person buys the username
-of his own account, it's still secured. A normal offline mode login makes sure he's the owner of the server account
-and Mojang account. Then the command can be executed. So someone different cannot steal the account of cracked player
-by buying the username.
-
-####Does the plugin have BungeeCord support?
-Yes it has. Just activate ipForward in your BungeeCord config and place the plugin in the plugins folder of
-Bukkit/Spigot and BungeeCord. Then you have fill your BungeeCord Id (from the Stats-Option in the BungeeCord config)
-into the whitelist file of your Bukkit/Spigot server. For security reasons, don't post this Id on Forums.
-
-This plugin will automatically detect if BungeeCord is running and handle premium checks on BungeeCord.
-
-####Could premium players have a premium UUID and Skin?
-Since 0.7 both features are implemented. You can check the config.yml in order to activate it.
-
-####Is this plugin compatible with Cauldron?
-It's not tested yet, but all needed methods also exists in Cauldron so it could work together.
-
-***
-
-###Useful Links:
-* [Login Protocol](http://wiki.vg/Protocol#Login)
-* [Protocol Encryption](http://wiki.vg/Protocol_Encryption)
+1. Activate BungeeCord in the Spigot configuration
+2. Restart your server
+3. Now there is proxy-whitelist file in the FastLogin folder
+Put your stats id from the BungeeCord config into this file
+4. Activate ipForward in your BungeeCord config
+5. Download and Install FastLogin (or FastLoginBungee in newer versions) on BungeeCord AND Spigot
+(on the servers where your login plugin is or where player should be able to execute the commands of FastLogin)
+6. Check your database settings in the config of FastLogin on BungeeCord
+7. Set your proxy (BungeeCord) in offline mode by setting the value onlinemode in your config.yml to false
+8. You should *always* firewall your Spigot server that it's only accessible through BungeeCord 
+    * https://www.spigotmc.org/wiki/bungeecord-installation/#post-installation
+    * BungeeCord doesn't support SQLite per default, so you should change the configuration to MySQL or MariaDB

bukkit/pom.xml

@@ -1,11 +1,11 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
         <groupId>com.github.games647</groupId>
         <artifactId>fastlogin</artifactId>
-        <version>1.0</version>
+        <version>1.11-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -15,44 +15,104 @@
 
     <name>FastLoginBukkit</name>
 
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>3.2.2</version>
+                <configuration>
+                    <createDependencyReducedPom>false</createDependencyReducedPom>
+                    <shadedArtifactAttached>false</shadedArtifactAttached>
+                    <relocations>
+                        <relocation>
+                            <pattern>com.zaxxer.hikari</pattern>
+                            <shadedPattern>fastlogin.hikari</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>org.slf4j</pattern>
+                            <shadedPattern>fastlogin.slf4j</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>net.md_5.bungee.config</pattern>
+                            <shadedPattern>fastlogin.config</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>com.google.gson</pattern>
+                            <shadedPattern>fastlogin.gson</shadedPattern>
+                        </relocation>
+                    </relocations>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
     <repositories>
-        <!--Bukkit-Server-API -->
+        <!-- Bukkit-Server-API -->
         <repository>
             <id>spigot-repo</id>
             <url>https://hub.spigotmc.org/nexus/content/repositories/snapshots/</url>
+            <!-- Disable snapshot release policy to speed up, when finding a artifact -->
+            <releases>
+                <enabled>false</enabled>
+            </releases>
         </repository>
 
-        <!--ProtocolLib-->
+        <!-- ProtocolLib -->
         <repository>
             <id>dmulloy2-repo</id>
-            <url>http://repo.dmulloy2.net/content/groups/public/</url>
+            <url>https://repo.dmulloy2.net/nexus/repository/public/</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
 
-        <!--Authme Reloaded-->
+        <!-- AuthMe Reloaded, xAuth and LoginSecurity -->
         <repository>
-            <id>xephi-repo</id>
-            <url>http://ci.xephi.fr/plugin/repository/everything/</url>
+            <id>codemc-releases</id>
+            <url>https://repo.codemc.io/repository/maven-public/</url>
         </repository>
 
-        <!--xAuth-->
-        <repository>
-            <id>luricos.de-repo</id>
-            <url>http://repo.luricos.de/bukkit-plugins/</url>
-        </repository>
-
-        <!--Github automatic maven builds-->
+        <!-- GitHub automatic maven builds -->
         <repository>
             <id>jitpack.io</id>
             <url>https://jitpack.io</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+
+        <!-- PlaceholderAPI -->
+        <repository>
+            <id>placeholderapi</id>
+            <url>https://repo.extendedclip.com/content/repositories/placeholderapi</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
     </repositories>
 
     <dependencies>
+        <!--Common plugin component-->
+        <dependency>
+            <groupId>com.github.games647</groupId>
+            <artifactId>fastlogin.core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
         <!--Server API-->
         <dependency>
             <groupId>org.spigotmc</groupId>
             <artifactId>spigot-api</artifactId>
-            <version>1.9-R0.1-SNAPSHOT</version>
+            <version>1.12.2-R0.1-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
 
@@ -60,23 +120,40 @@
         <dependency>
             <groupId>com.comphenix.protocol</groupId>
             <artifactId>ProtocolLib</artifactId>
-            <version>3.6.5-SNAPSHOT</version>
-            <optional>true</optional>
+            <version>4.5.0</version>
+            <scope>provided</scope>
         </dependency>
 
+        <!--Changing onlinemode on login process-->
         <dependency>
-            <groupId>protcolsupport</groupId>
+            <groupId>com.github.ProtocolSupport</groupId>
             <artifactId>ProtocolSupport</artifactId>
-            <version>Build-337</version>
-            <scope>system</scope>
-            <systemPath>${project.basedir}/lib/ProtocolSupport b337.jar</systemPath>
+            <!--4.29.dev after commit about API improvements-->
+            <version>3a80c661fe</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!--Provide premium placeholders-->
+        <dependency>
+            <groupId>me.clip</groupId>
+            <artifactId>placeholderapi</artifactId>
+            <version>2.10.4</version>
+            <scope>provided</scope>
+            <optional>true</optional>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!--Login Plugins-->
         <dependency>
             <groupId>fr.xephi</groupId>
             <artifactId>authme</artifactId>
-            <version>5.2-SNAPSHOT</version>
+            <version>5.4.0</version>
+            <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
                 <exclusion>
@@ -87,9 +164,11 @@
         </dependency>
 
         <dependency>
-            <groupId>com.github.lenis0012</groupId>
-            <artifactId>LoginSecurity-2</artifactId>
-            <version>-9c09e73b7f-1</version>
+            <groupId>com.lenis0012.bukkit</groupId>
+            <artifactId>loginsecurity</artifactId>
+            <version>3.0.1</version>
+            <scope>provided</scope>
+            <optional>true</optional>
             <exclusions>
                 <exclusion>
                     <groupId>*</groupId>
@@ -99,9 +178,11 @@
         </dependency>
 
         <dependency>
-            <groupId>com.github.RoyalDev</groupId>
-            <artifactId>RoyalAuth</artifactId>
-            <version>-e21354a9b7-1</version>
+            <groupId>com.github.games647</groupId>
+            <artifactId>LogIt</artifactId>
+            <version>9e3581db27</version>
+            <scope>provided</scope>
+            <optional>true</optional>
             <exclusions>
                 <exclusion>
                     <groupId>*</groupId>
@@ -114,6 +195,7 @@
             <groupId>de.luricos.bukkit</groupId>
             <artifactId>xAuth</artifactId>
             <version>2.6</version>
+            <scope>provided</scope>
             <optional>true</optional>
             <!--These artifacts produce conflicts on downloading-->
             <exclusions>
@@ -149,7 +231,7 @@
             <version>2.0.2</version>
             <optional>true</optional>
             <scope>system</scope>
-            <systemPath>${project.basedir}/lib/UltraAuth v2.0.2.jar</systemPath>
+            <systemPath>${project.basedir}/lib/UltraAuth v2.1.2.jar</systemPath>
         </dependency>
     </dependencies>
 </project>

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java

@@ -0,0 +1,99 @@
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.craftapi.model.skin.SkinProperty;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+
+import java.util.Optional;
+
+/**
+ * Represents a client connecting to the server.
+ *
+ * This session is invalid if the player disconnects or the login was successful
+ */
+public class BukkitLoginSession extends LoginSession {
+
+    private static final byte[] EMPTY_ARRAY = {};
+
+    private final String serverId;
+    private final byte[] verifyToken;
+
+    private boolean verified;
+
+    private SkinProperty skinProperty;
+
+    public BukkitLoginSession(String username, String serverId, byte[] verifyToken, boolean registered
+            , StoredProfile profile) {
+        super(username, registered, profile);
+
+        this.serverId = serverId;
+        this.verifyToken = verifyToken.clone();
+    }
+
+    public BukkitLoginSession(String username, String serverId, byte[] verifyToken, StoredProfile profile) {
+        // confirmation login
+        super(username, profile);
+
+        this.serverId = serverId;
+        this.verifyToken = verifyToken.clone();
+    }
+
+    //available for BungeeCord
+    public BukkitLoginSession(String username, boolean registered) {
+        this(username, "", EMPTY_ARRAY, registered, null);
+    }
+
+    //cracked player
+    public BukkitLoginSession(String username, StoredProfile profile) {
+        this(username, "", EMPTY_ARRAY, false, profile);
+    }
+
+    //ProtocolSupport
+    public BukkitLoginSession(String username, boolean registered, StoredProfile profile) {
+        this(username, "", EMPTY_ARRAY, registered, profile);
+    }
+
+    /**
+     * Gets the verify token the server sent to the client.
+     *
+     * Empty if it's a BungeeCord connection
+     *
+     * @return the verify token from the server
+     */
+    public synchronized byte[] getVerifyToken() {
+        return verifyToken.clone();
+    }
+
+    /**
+     * @return premium skin if available
+     */
+    public synchronized Optional<SkinProperty> getSkin() {
+        return Optional.ofNullable(skinProperty);
+    }
+
+    /**
+     * Sets the premium skin property which was retrieved by the session server
+     * @param skinProperty premium skin
+     */
+    public synchronized void setSkinProperty(SkinProperty skinProperty) {
+        this.skinProperty = skinProperty;
+    }
+
+    /**
+     * Sets whether the player has a premium (paid account) account and valid session
+     *
+     * @param verified whether the player has valid session
+     */
+    public synchronized void setVerified(boolean verified) {
+        this.verified = verified;
+    }
+
+    /**
+     * Get whether the player has a premium (paid account) account and valid session
+     *
+     * @return whether the player has a valid session
+     */
+    public synchronized boolean isVerified() {
+        return verified;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitScheduler.java

@@ -0,0 +1,27 @@
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.fastlogin.core.AsyncScheduler;
+
+import java.util.concurrent.Executor;
+import java.util.concurrent.ThreadFactory;
+
+import org.bukkit.Bukkit;
+import org.bukkit.plugin.Plugin;
+import org.slf4j.Logger;
+
+public class BukkitScheduler extends AsyncScheduler {
+
+    private final Plugin plugin;
+    private final Executor syncExecutor;
+
+    public BukkitScheduler(Plugin plugin, Logger logger, ThreadFactory threadFactory) {
+        super(logger, threadFactory);
+        this.plugin = plugin;
+
+        syncExecutor = r -> Bukkit.getScheduler().runTask(plugin, r);
+    }
+
+    public Executor getSyncExecutor() {
+        return syncExecutor;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/EncryptionUtil.java

@@ -1,36 +1,43 @@
 package com.github.games647.fastlogin.bukkit;
 
-import com.google.common.base.Charsets;
-
-import java.security.InvalidKeyException;
+import java.math.BigInteger;
+import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
 import java.security.Key;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.util.Random;
 
-import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
 /**
  * Encryption and decryption minecraft util for connection between servers
- * and paid minecraft account clients.
+ * and paid Minecraft account clients.
  *
- * Source: https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/MinecraftEncryption.java
- *
- * Remapped by: https://github.com/Techcable/MinecraftMappings/tree/master/1.8
+ * @see net.minecraft.server.MinecraftEncryption
  */
 public class EncryptionUtil {
 
+    public static final int VERIFY_TOKEN_LENGTH = 4;
+    public static final String KEY_PAIR_ALGORITHM = "RSA";
+
+    private EncryptionUtil() {
+        //utility
+    }
+
+    /**
+     * Generate a RSA key pair
+     *
+     * @return The RSA key pair.
+     */
     public static KeyPair generateKeyPair() {
         try {
-            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
 
             keyPairGenerator.initialize(1_024);
             return keyPairGenerator.generateKeyPair();
@@ -40,84 +47,70 @@ public class EncryptionUtil {
         }
     }
 
-    public static byte[] getServerIdHash(String serverId, PublicKey publicKey, SecretKey secretKey) {
-        return digestOperation("SHA-1"
-                , new byte[][]{serverId.getBytes(Charsets.ISO_8859_1), secretKey.getEncoded(), publicKey.getEncoded()});
+    /**
+     * Generate a random token. This is used to verify that we are communicating with the same player
+     * in a login session.
+     *
+     * @param random random generator
+     * @return an error with 4 bytes long
+     */
+    public static byte[] generateVerifyToken(Random random) {
+        byte[] token = new byte[VERIFY_TOKEN_LENGTH];
+        random.nextBytes(token);
+        return token;
     }
 
-    private static byte[] digestOperation(String algo, byte[]... content) {
+    /**
+     * Generate the server id based on client and server data.
+     *
+     * @param sessionId    session for the current login attempt
+     * @param sharedSecret shared secret between the client and the server
+     * @param publicKey    public key of the server
+     * @return the server id formatted as a hexadecimal string.
+     */
+    public static String getServerIdHashString(String sessionId, Key sharedSecret, PublicKey publicKey) {
         try {
-            MessageDigest messagedigest = MessageDigest.getInstance(algo);
-            for (byte[] data : content) {
-                messagedigest.update(data);
-            }
-
-            return messagedigest.digest();
-        } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
-            nosuchalgorithmexception.printStackTrace();
-            return null;
-        }
-    }
-
-//    public static PublicKey decodePublicKey(byte[] encodedKey) {
-//        try {
-//            KeyFactory keyfactory = KeyFactory.getInstance("RSA");
-//
-//            X509EncodedKeySpec x509encodedkeyspec = new X509EncodedKeySpec(encodedKey);
-//            return keyfactory.generatePublic(x509encodedkeyspec);
-//        } catch (NoSuchAlgorithmException | InvalidKeySpecException nosuchalgorithmexception) {
-//            //ignore
-//        }
-//
-//        System.err.println("Public key reconstitute failed!");
-//        return null;
-//    }
-
-    public static SecretKey decryptSharedKey(PrivateKey privateKey, byte[] encryptedSharedKey) {
-        return new SecretKeySpec(decryptData(privateKey, encryptedSharedKey), "AES");
-    }
-
-    public static byte[] decryptData(Key key, byte[] data) {
-        return cipherOperation(Cipher.DECRYPT_MODE, key, data);
-    }
-
-    private static byte[] cipherOperation(int operationMode, Key key, byte[] data) {
-        try {
-            return createCipherInstance(operationMode, key.getAlgorithm(), key).doFinal(data);
-        } catch (IllegalBlockSizeException | BadPaddingException illegalblocksizeexception) {
-            illegalblocksizeexception.printStackTrace();
+            byte[] serverHash = getServerIdHash(sessionId, sharedSecret, publicKey);
+            return (new BigInteger(serverHash)).toString(16);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
         }
 
-        System.err.println("Cipher data failed!");
-        return null;
+        return "";
     }
 
-    private static Cipher createCipherInstance(int operationMode, String cipherName, Key key) {
-        try {
-            Cipher cipher = Cipher.getInstance(cipherName);
-
-            cipher.init(operationMode, key);
-            return cipher;
-        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException invalidkeyexception) {
-            invalidkeyexception.printStackTrace();
-        }
-
-        System.err.println("Cipher creation failed!");
-        return null;
+    /**
+     * Decrypts the content and extracts the key spec.
+     *
+     * @param cipher     decryption cipher initialized with the private key
+     * @param sharedKey  the encrypted shared key
+     * @return shared secret key
+     * @throws GeneralSecurityException if it fails to decrypt the data
+     */
+    public static SecretKey decryptSharedKey(Cipher cipher, byte[] sharedKey) throws GeneralSecurityException {
+        return new SecretKeySpec(decrypt(cipher, sharedKey), "AES");
     }
-//
-//    public static Cipher createBufferedBlockCipher(int operationMode, Key key) {
-//        try {
-//            Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding");
-//
-//            cipher.init(operationMode, key, new IvParameterSpec(key.getEncoded()));
-//            return cipher;
-//        } catch (GeneralSecurityException generalsecurityexception) {
-//            throw new RuntimeException(generalsecurityexception);
-//        }
-//    }
 
-    private EncryptionUtil() {
-        //utility
+    /**
+     * Decrypted the given data using the cipher.
+     *
+     * @param cipher decryption cypher initialized with the private key
+     * @param data   the encrypted data
+     * @return clear text data
+     * @throws GeneralSecurityException if it fails to decrypt the data
+     */
+    public static byte[] decrypt(Cipher cipher, byte[] data) throws GeneralSecurityException {
+        return cipher.doFinal(data);
+    }
+
+    private static byte[] getServerIdHash(String sessionId, Key sharedSecret, PublicKey publicKey)
+            throws NoSuchAlgorithmException {
+        MessageDigest digest = MessageDigest.getInstance("SHA-1");
+
+        digest.update(sessionId.getBytes(StandardCharsets.ISO_8859_1));
+        digest.update(sharedSecret.getEncoded());
+        digest.update(publicKey.getEncoded());
+
+        return digest.digest();
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java

@@ -1,235 +1,214 @@
 package com.github.games647.fastlogin.bukkit;
 
-import com.comphenix.protocol.AsynchronousManager;
-import com.comphenix.protocol.ProtocolLibrary;
-import com.comphenix.protocol.ProtocolManager;
-import com.comphenix.protocol.utility.SafeCacheBuilder;
-import com.github.games647.fastlogin.bukkit.commands.CrackedCommand;
-import com.github.games647.fastlogin.bukkit.commands.PremiumCommand;
-import com.github.games647.fastlogin.bukkit.hooks.BukkitAuthPlugin;
-import com.github.games647.fastlogin.bukkit.listener.BukkitJoinListener;
-import com.github.games647.fastlogin.bukkit.listener.BungeeCordListener;
-import com.github.games647.fastlogin.bukkit.listener.EncryptionPacketListener;
-import com.github.games647.fastlogin.bukkit.listener.ProtocolSupportListener;
-import com.github.games647.fastlogin.bukkit.listener.StartPacketListener;
-import com.google.common.cache.CacheLoader;
-import com.google.common.reflect.ClassPath;
+import com.github.games647.fastlogin.bukkit.command.CrackedCommand;
+import com.github.games647.fastlogin.bukkit.command.PremiumCommand;
+import com.github.games647.fastlogin.bukkit.listener.BungeeListener;
+import com.github.games647.fastlogin.bukkit.listener.ConnectionListener;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.ProtocolLibListener;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.SkinApplyListener;
+import com.github.games647.fastlogin.bukkit.listener.protocolsupport.ProtocolSupportListener;
+import com.github.games647.fastlogin.bukkit.task.DelayedAuthHook;
+import com.github.games647.fastlogin.core.CommonUtil;
+import com.github.games647.fastlogin.core.PremiumStatus;
+import com.github.games647.fastlogin.core.message.ChannelMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.PlatformPlugin;
+import com.google.common.io.ByteArrayDataOutput;
+import com.google.common.io.ByteStreams;
 
-import java.io.IOException;
-import java.security.KeyPair;
-import java.sql.SQLException;
+import java.nio.file.Path;
+import java.util.Map;
 import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.TimeUnit;
-import java.util.logging.Level;
 
-import org.apache.commons.lang.RandomStringUtils;
-import org.bukkit.Bukkit;
+import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
+import org.bukkit.plugin.PluginManager;
 import org.bukkit.plugin.java.JavaPlugin;
+import org.bukkit.plugin.messaging.PluginMessageRecipient;
+import org.slf4j.Logger;
+
+import static com.github.games647.fastlogin.core.message.ChangePremiumMessage.CHANGE_CHANNEL;
+import static com.github.games647.fastlogin.core.message.SuccessMessage.SUCCESS_CHANNEL;
 
 /**
  * This plugin checks if a player has a paid account and if so tries to skip offline mode authentication.
  */
-public class FastLoginBukkit extends JavaPlugin {
-    
-    private static final int WORKER_THREADS = 5;
-
-    public static UUID parseId(String withoutDashes) {
-        return UUID.fromString(withoutDashes.substring(0, 8)
-                + "-" + withoutDashes.substring(8, 12)
-                + "-" + withoutDashes.substring(12, 16)
-                + "-" + withoutDashes.substring(16, 20)
-                + "-" + withoutDashes.substring(20, 32));
-    }
-
-    //provide a immutable key pair to be thread safe | used for encrypting and decrypting traffic
-    private final KeyPair keyPair = EncryptionUtil.generateKeyPair();
+public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<CommandSender> {
 
+    //1 minutes should be enough as a timeout for bad internet connection (Server, Client and Mojang)
+    private final ConcurrentMap<String, BukkitLoginSession> loginSession = CommonUtil.buildCache(1, -1);
+    private final Map<UUID, PremiumStatus> premiumPlayers = new ConcurrentHashMap<>();
+    private final Logger logger;
 
+    private boolean serverStarted;
     private boolean bungeeCord;
-    private Storage storage;
+    private final BukkitScheduler scheduler;
+    private FastLoginCore<Player, CommandSender, FastLoginBukkit> core;
 
-    //this map is thread-safe for async access (Packet Listener)
-    //SafeCacheBuilder is used in order to be version independent
-    private final ConcurrentMap<String, PlayerSession> session = SafeCacheBuilder.<String, PlayerSession>newBuilder()
-            //2 minutes should be enough as a timeout for bad internet connection (Server, Client and Mojang)
-            .expireAfterWrite(1, TimeUnit.MINUTES)
-            //mapped by ip:port -> PlayerSession
-            .build(new CacheLoader<String, PlayerSession>() {
-
-                @Override
-                public PlayerSession load(String key) throws Exception {
-                    //A key should be inserted manually on start packet
-                    throw new UnsupportedOperationException("Not supported");
-                }
-            });
-
-    private BukkitAuthPlugin authPlugin;
-    private final MojangApiConnector mojangApiConnector = new MojangApiConnector(this);
+    public FastLoginBukkit() {
+        this.logger = CommonUtil.createLoggerFromJDK(getLogger());
+        this.scheduler = new BukkitScheduler(this, logger, getThreadFactory());
+    }
 
     @Override
     public void onEnable() {
-        saveDefaultConfig();
+        core = new FastLoginCore<>(this);
+        core.load();
+
+        try {
+            bungeeCord = Class.forName("org.spigotmc.SpigotConfig").getDeclaredField("bungee").getBoolean(null);
+        } catch (ClassNotFoundException notFoundEx) {
+            //ignore server has no bungee support
+        } catch (Exception ex) {
+            logger.warn("Cannot check bungeecord support. You use a non-Spigot build", ex);
+        }
 
         if (getServer().getOnlineMode()) {
-            //we need to require offline to prevent a session request for a offline player
-            getLogger().severe("Server have to be in offline mode");
+            //we need to require offline to prevent a loginSession request for a offline player
+            logger.error("Server have to be in offline mode");
             setEnabled(false);
             return;
         }
 
-        bungeeCord = Bukkit.spigot().getConfig().getBoolean("settings.bungeecord");
-        boolean hookFound = registerHooks();
+        PluginManager pluginManager = getServer().getPluginManager();
         if (bungeeCord) {
-            getLogger().info("BungeeCord setting detected. No auth plugin is required");
-        } else if (!hookFound) {
-            getLogger().info("No auth plugin were found and bungeecord is deactivated. "
-                    + "Either one or both of the checks have to pass in order to use this plugin");
-            setEnabled(false);
-            return;
-        }
+            setServerStarted();
 
-        if (bungeeCord) {
-            //check for incoming messages from the bungeecord version of this plugin
-            getServer().getMessenger().registerIncomingPluginChannel(this, getName(), new BungeeCordListener(this));
-            getServer().getMessenger().registerOutgoingPluginChannel(this, getName());
-            //register listeners on success
+            // check for incoming messages from the bungeecord version of this plugin
+            String forceChannel = NamespaceKey.getCombined(getName(), LoginActionMessage.FORCE_CHANNEL);
+            getServer().getMessenger().registerIncomingPluginChannel(this, forceChannel, new BungeeListener(this));
+
+            // outgoing
+            String successChannel = new NamespaceKey(getName(), SUCCESS_CHANNEL).getCombinedName();
+            String changeChannel = new NamespaceKey(getName(), CHANGE_CHANNEL).getCombinedName();
+            getServer().getMessenger().registerOutgoingPluginChannel(this, successChannel);
+            getServer().getMessenger().registerOutgoingPluginChannel(this, changeChannel);
         } else {
-            String driver = getConfig().getString("driver");
-            String host =  getConfig().getString("host", "");
-            int port = getConfig().getInt("port", 3306);
-            String database = getConfig().getString("database");
-
-            String username = getConfig().getString("username", "");
-            String password = getConfig().getString("password", "");
-
-            this.storage = new Storage(this, driver, host, port, database, username, password);
-            try {
-                storage.createTables();
-            } catch (SQLException sqlEx) {
-                getLogger().log(Level.SEVERE, "Failed to create database tables. Disabling plugin...", sqlEx);
+            if (!core.setupDatabase()) {
                 setEnabled(false);
                 return;
             }
 
-            if (getServer().getPluginManager().isPluginEnabled("ProtocolSupport")) {
-                getServer().getPluginManager().registerEvents(new ProtocolSupportListener(this), this);
+            if (pluginManager.isPluginEnabled("ProtocolSupport")) {
+                pluginManager.registerEvents(new ProtocolSupportListener(this), this);
+            } else if (pluginManager.isPluginEnabled("ProtocolLib")) {
+                ProtocolLibListener.register(this);
+                pluginManager.registerEvents(new SkinApplyListener(this), this);
             } else {
-                ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
-
-                //we are performing HTTP request on these so run it async (seperate from the Netty IO threads)
-                AsynchronousManager asynchronousManager = protocolManager.getAsynchronousManager();
-
-                StartPacketListener startPacketListener = new StartPacketListener(this, protocolManager);
-                EncryptionPacketListener encryptionPacketListener = new EncryptionPacketListener(this, protocolManager);
-
-                asynchronousManager.registerAsyncHandler(startPacketListener).start(WORKER_THREADS);
-                asynchronousManager.registerAsyncHandler(encryptionPacketListener).start(WORKER_THREADS);
+                logger.warn("Either ProtocolLib or ProtocolSupport have to be installed if you don't use BungeeCord");
             }
         }
 
-        getServer().getPluginManager().registerEvents(new BukkitJoinListener(this), this);
+        //delay dependency setup because we load the plugin very early where plugins are initialized yet
+        getServer().getScheduler().runTaskLater(this, new DelayedAuthHook(this), 5L);
+
+        pluginManager.registerEvents(new ConnectionListener(this), this);
 
         //register commands using a unique name
         getCommand("premium").setExecutor(new PremiumCommand(this));
         getCommand("cracked").setExecutor(new CrackedCommand(this));
+
+        if (pluginManager.isPluginEnabled("PlaceholderAPI")) {
+            //prevents NoClassDef errors if it's not available
+            PremiumPlaceholder.register(this);
+        }
     }
 
     @Override
     public void onDisable() {
-        //clean up
-        session.clear();
+        loginSession.clear();
+        premiumPlayers.clear();
+
+        if (core != null) {
+            core.close();
+        }
 
         //remove old blacklists
-        for (Player player : getServer().getOnlinePlayers()) {
-            player.removeMetadata(getName(), this);
-        }
-
-        if (storage != null) {
-            storage.close();
-        }
+        getServer().getOnlinePlayers().forEach(player -> player.removeMetadata(getName(), this));
     }
 
-    public String generateStringPassword() {
-        return RandomStringUtils.random(8, true, true);
+    public FastLoginCore<Player, CommandSender, FastLoginBukkit> getCore() {
+        return core;
     }
 
     /**
      * Gets a thread-safe map about players which are connecting to the server are being checked to be premium (paid
      * account)
      *
-     * @return a thread-safe session map
+     * @return a thread-safe loginSession map
      */
-    public ConcurrentMap<String, PlayerSession> getSessions() {
-        return session;
+    public ConcurrentMap<String, BukkitLoginSession> getLoginSessions() {
+        return loginSession;
     }
 
-    /**
-     * Gets the server KeyPair. This is used to encrypt or decrypt traffic between the client and server
-     *
-     * @return the server KeyPair
-     */
-    public KeyPair getServerKey() {
-        return keyPair;
+    public Map<UUID, PremiumStatus> getPremiumPlayers() {
+        return premiumPlayers;
     }
 
-    public Storage getStorage() {
-        return storage;
-    }
-
-    /**
-     * Gets the auth plugin hook in order to interact with the plugins. This can be null if no supporting auth plugin
-     * was found.
-     *
-     * @return interface to any supported auth plugin
-     */
-    public BukkitAuthPlugin getAuthPlugin() {
-        return authPlugin;
-    }
-
-    /**
-     * Gets the a connection in order to access important features from the Mojang API.
-     *
-     * @return the connector instance
-     */
-    public MojangApiConnector getApiConnector() {
-        return mojangApiConnector;
-    }
-
-    private boolean registerHooks() {
-        BukkitAuthPlugin authPluginHook = null;
-        try {
-            String hooksPackage = this.getClass().getPackage().getName() + ".hooks";
-            //Look through all classes in the hooks package and look for supporting plugins on the server
-            for (ClassPath.ClassInfo clazzInfo : ClassPath.from(getClassLoader()).getTopLevelClasses(hooksPackage)) {
-                //remove the hook suffix
-                String pluginName = clazzInfo.getSimpleName().replace("Hook", "");
-                Class<?> clazz = clazzInfo.load();
-                //uses only member classes which uses AuthPlugin interface (skip interfaces)
-                if (BukkitAuthPlugin.class.isAssignableFrom(clazz)
-                        //check only for enabled plugins. A single plugin could be disabled by plugin managers
-                        && getServer().getPluginManager().isPluginEnabled(pluginName)) {
-                    authPluginHook = (BukkitAuthPlugin) clazz.newInstance();
-                    getLogger().log(Level.INFO, "Hooking into auth plugin: {0}", pluginName);
-                    break;
-                }
-            }
-        } catch (InstantiationException | IllegalAccessException | IOException ex) {
-            getLogger().log(Level.SEVERE, "Couldn't load the integration class", ex);
-        }
-
-        if (authPluginHook == null) {
-            //run this check for exceptions (errors) and not found plugins
-            getLogger().warning("No support offline Auth plugin found. ");
-            return false;
-        }
-
-        authPlugin = authPluginHook;
-        return true;
-    }
-
-    public boolean isBungeeCord() {
+    public boolean isBungeeEnabled() {
         return bungeeCord;
     }
+
+    /**
+     * Fetches the premium status of an online player.
+     *
+     * @param onlinePlayer
+     * @return the online status or unknown if an error happened, the player isn't online or BungeeCord doesn't send
+     * us the status message yet (This means you cannot check the login status on the PlayerJoinEvent).
+     * @deprecated this method could be removed in future versions and exists only as a temporarily solution
+     */
+    @Deprecated
+    public PremiumStatus getStatus(UUID onlinePlayer) {
+        return premiumPlayers.getOrDefault(onlinePlayer, PremiumStatus.UNKNOWN);
+    }
+
+    /**
+     * Wait before the server is fully started. This is workaround, because connections right on startup are not
+     * injected by ProtocolLib
+     *
+     * @return true if ProtocolLib can now intercept packets
+     */
+    public boolean isServerFullyStarted() {
+        return serverStarted;
+    }
+
+    public void setServerStarted() {
+        if (!this.serverStarted) {
+            this.serverStarted = true;
+        }
+    }
+
+    public void sendPluginMessage(PluginMessageRecipient player, ChannelMessage message) {
+        if (player != null) {
+            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
+            message.writeTo(dataOutput);
+
+            NamespaceKey channel = new NamespaceKey(getName(), message.getChannelName());
+            player.sendPluginMessage(this, channel.getCombinedName(), dataOutput.toByteArray());
+        }
+    }
+
+    @Override
+    public Path getPluginFolder() {
+        return getDataFolder().toPath();
+    }
+
+    @Override
+    public Logger getLog() {
+        return logger;
+    }
+
+    @Override
+    public BukkitScheduler getScheduler() {
+        return scheduler;
+    }
+
+    @Override
+    public void sendMessage(CommandSender receiver, String message) {
+        receiver.sendMessage(message);
+    }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/ForceLoginTask.java

@@ -1,85 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import com.github.games647.fastlogin.bukkit.hooks.BukkitAuthPlugin;
-
-import java.util.logging.Level;
-
-import org.bukkit.ChatColor;
-import org.bukkit.entity.Player;
-import org.bukkit.metadata.FixedMetadataValue;
-
-public class ForceLoginTask implements Runnable {
-
-    protected final FastLoginBukkit plugin;
-    private final Player player;
-
-    public ForceLoginTask(FastLoginBukkit plugin, Player player) {
-        this.plugin = plugin;
-        this.player = player;
-    }
-
-    @Override
-    public void run() {
-        if (!player.isOnline()) {
-            return;
-        }
-
-        //remove the bungeecord identifier
-        String id = '/' + player.getAddress().getAddress().getHostAddress() + ':' + player.getAddress().getPort();
-        PlayerSession session = plugin.getSessions().get(id);
-
-        //blacklist this target player for BungeeCord Id brute force attacks
-        player.setMetadata(plugin.getName(), new FixedMetadataValue(plugin, true));
-        //check if it's the same player as we checked before
-
-        final BukkitAuthPlugin authPlugin = plugin.getAuthPlugin();
-        if (session == null || !player.getName().equals(session.getUsername()) || authPlugin == null) {
-            return;
-        }
-
-        Storage storage = plugin.getStorage();
-        PlayerProfile playerProfile = null;
-        if (storage != null) {
-            playerProfile = storage.getProfile(session.getUsername(), false);
-        }
-
-        if (session.isVerified()) {
-            boolean success = true;
-            if (playerProfile != null) {
-                playerProfile.setUuid(session.getUuid());
-                playerProfile.setPremium(true);
-            }
-
-            if (success) {
-                if (session.needsRegistration()) {
-                    if (forceRegister(authPlugin, player)) {
-                        storage.save(playerProfile);
-                    }
-                } else {
-                    if (forceLogin(authPlugin, player)) {
-                        storage.save(playerProfile);
-                    }
-                }
-            }
-        } else if (playerProfile != null) {
-            storage.save(playerProfile);
-        }
-    }
-
-    private boolean forceRegister(BukkitAuthPlugin authPlugin, Player player) {
-        plugin.getLogger().log(Level.FINE, "Register player {0}", player.getName());
-
-        String generatedPassword = plugin.generateStringPassword();
-        boolean success = authPlugin.forceRegister(player, generatedPassword);
-        player.sendMessage(ChatColor.DARK_GREEN + "Auto registered with password: " + generatedPassword);
-        player.sendMessage(ChatColor.DARK_GREEN + "You may want change it?");
-        return success;
-    }
-
-    private boolean forceLogin(BukkitAuthPlugin authPlugin, Player player) {
-        plugin.getLogger().log(Level.FINE, "Logging player {0} in", player.getName());
-        boolean success = authPlugin.forceLogin(player);
-        player.sendMessage(ChatColor.DARK_GREEN + "Auto logged in");
-        return success;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/MojangApiConnector.java

@@ -1,124 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import com.comphenix.protocol.wrappers.WrappedSignedProperty;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.regex.Pattern;
-
-import org.json.simple.JSONArray;
-import org.json.simple.JSONObject;
-import org.json.simple.JSONValue;
-
-public class MojangApiConnector {
-
-    //http connection, read timeout and user agent for a connection to mojang api servers
-    private static final int TIMEOUT = 1 * 1_000;
-    private static final String USER_AGENT = "Premium-Checker";
-
-    //mojang api check to prove a player is logged in minecraft and made a join server request
-    private static final String HAS_JOINED_URL = "https://sessionserver.mojang.com/session/minecraft/hasJoined?";
-
-    //only premium (paid account) users have a uuid from here
-    private static final String UUID_LINK = "https://api.mojang.com/users/profiles/minecraft/";
-    //this includes a-zA-Z1-9_
-    private static final String VALID_PLAYERNAME = "^\\w{2,16}$";
-
-    //compile the pattern only on plugin enable -> and this have to be threadsafe
-    private final Pattern playernameMatcher = Pattern.compile(VALID_PLAYERNAME);
-
-    private final FastLoginBukkit plugin;
-
-    public MojangApiConnector(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    /**
-     *
-     * @param playerName
-     * @return null on non-premium
-     */
-    public UUID getPremiumUUID(String playerName) {
-        //check if it's a valid playername
-        if (playernameMatcher.matcher(playerName).matches()) {
-            //only make a API call if the name is valid existing mojang account
-            try {
-                HttpURLConnection connection = getConnection(UUID_LINK + playerName);
-                if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) {
-                    BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
-                    String line = reader.readLine();
-                    if (line != null && !line.equals("null")) {
-                        JSONObject userData = (JSONObject) JSONValue.parseWithException(line);
-                        String uuid = (String) userData.get("id");
-                        return parseId(uuid);
-                    }
-                }
-                //204 - no content for not found
-            } catch (Exception ex) {
-                plugin.getLogger().log(Level.SEVERE, "Failed to check if player has a paid account", ex);
-            }
-            //this connection doesn't need to be closed. So can make use of keep alive in java
-        }
-
-        return null;
-    }
-
-    public boolean hasJoinedServer(PlayerSession session, String serverId) {
-        try {
-            String url = HAS_JOINED_URL + "username=" + session.getUsername() + "&serverId=" + serverId;
-            HttpURLConnection conn = getConnection(url);
-
-            BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
-            String line = reader.readLine();
-            if (line != null && !line.equals("null")) {
-                //validate parsing
-                //http://wiki.vg/Protocol_Encryption#Server
-                JSONObject userData = (JSONObject) JSONValue.parseWithException(line);
-                String uuid = (String) userData.get("id");
-                session.setUuid(parseId(uuid));
-
-                JSONArray properties = (JSONArray) userData.get("properties");
-                JSONObject skinProperty = (JSONObject) properties.get(0);
-
-                String propertyName = (String) skinProperty.get("name");
-                if (propertyName.equals("textures")) {
-                    String skinValue = (String) skinProperty.get("value");
-                    String signature = (String) skinProperty.get("signature");
-                    session.setSkin(WrappedSignedProperty.fromValues(propertyName, skinValue, signature));
-                }
-
-                return true;
-            }
-        } catch (Exception ex) {
-            //catch not only ioexceptions also parse and NPE on unexpected json format
-            plugin.getLogger().log(Level.WARNING, "Failed to verify session", ex);
-        }
-
-        //this connection doesn't need to be closed. So can make use of keep alive in java
-        return false;
-    }
-
-    private UUID parseId(String withoutDashes) {
-        return UUID.fromString(withoutDashes.substring(0, 8)
-                + "-" + withoutDashes.substring(8, 12)
-                + "-" + withoutDashes.substring(12, 16)
-                + "-" + withoutDashes.substring(16, 20)
-                + "-" + withoutDashes.substring(20, 32));
-    }
-
-    private HttpURLConnection getConnection(String url) throws IOException {
-        HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
-        connection.setConnectTimeout(TIMEOUT);
-        connection.setReadTimeout(TIMEOUT);
-        //the new Mojang API just uses json as response
-        connection.setRequestProperty("Content-Type", "application/json");
-        connection.setRequestProperty("User-Agent", USER_AGENT);
-
-        return connection;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/PlayerProfile.java

@@ -1,78 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import java.util.UUID;
-
-public class PlayerProfile {
-
-    private final String playerName;
-
-    private long userId;
-
-    private UUID uuid;
-    private boolean premium;
-    private String lastIp;
-    private long lastLogin;
-
-    public PlayerProfile(long userId, UUID uuid, String playerName, boolean premium
-            , String lastIp, long lastLogin) {
-        this.userId = userId;
-        this.uuid = uuid;
-        this.playerName = playerName;
-        this.premium = premium;
-        this.lastIp = lastIp;
-        this.lastLogin = lastLogin;
-    }
-
-    public PlayerProfile(UUID uuid, String playerName, boolean premium, String lastIp) {
-        this.userId = -1;
-
-        this.uuid = uuid;
-        this.playerName = playerName;
-        this.premium = premium;
-        this.lastIp = lastIp;
-    }
-
-    public String getPlayerName() {
-        return playerName;
-    }
-
-    public synchronized long getUserId() {
-        return userId;
-    }
-
-    protected synchronized void setUserId(long generatedId) {
-        this.userId = generatedId;
-    }
-
-    public synchronized UUID getUuid() {
-        return uuid;
-    }
-
-    public synchronized void setUuid(UUID uuid) {
-        this.uuid = uuid;
-    }
-
-    public synchronized boolean isPremium() {
-        return premium;
-    }
-
-    public synchronized void setPremium(boolean premium) {
-        this.premium = premium;
-    }
-
-    public synchronized String getLastIp() {
-        return lastIp;
-    }
-
-    public synchronized void setLastIp(String lastIp) {
-        this.lastIp = lastIp;
-    }
-
-    public long getLastLogin() {
-        return lastLogin;
-    }
-
-    public synchronized void setLastLogin(long lastLogin) {
-        this.lastLogin = lastLogin;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/PlayerSession.java

@@ -1,144 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import com.comphenix.protocol.wrappers.WrappedSignedProperty;
-
-import java.util.UUID;
-
-import org.apache.commons.lang.ArrayUtils;
-
-/**
- * Represents a client connecting to the server.
- *
- * This session is invalid if the player disconnects or the login was successful
- */
-public class PlayerSession {
-
-    private final String username;
-    private final String serverId;
-    private final byte[] verifyToken;
-
-    private UUID uuid;
-    private WrappedSignedProperty skinProperty;
-    private boolean verified;
-    private boolean registered;
-
-    public PlayerSession(String username, String serverId, byte[] verifyToken) {
-        this.username = username;
-        this.serverId = serverId;
-        this.verifyToken = ArrayUtils.clone(verifyToken);
-    }
-
-    public PlayerSession(String username) {
-        this(username, "", ArrayUtils.EMPTY_BYTE_ARRAY);
-    }
-
-    /**
-     * Gets the random generated server id. This makes sure the request
-     * sent from the client is just for this server.
-     *
-     * See this for details
-     * http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
-     *
-     * Empty if it's a BungeeCord connection
-     *
-     * @return random generated server id
-     */
-    public String getServerId() {
-        return serverId;
-    }
-
-    /**
-     * Gets the verify token the server sent to the client.
-     *
-     * Empty if it's a BungeeCord connection
-     *
-     * @return the verify token from the server
-     */
-    public byte[] getVerifyToken() {
-        return ArrayUtils.clone(verifyToken);
-    }
-
-    /**
-     * Gets the username the player sent to the server
-     *
-     * @return the client sent username
-     */
-    public String getUsername() {
-        return username;
-    }
-
-    /**
-     * Gets the premium skin of this player
-     *
-     * @return skin property or null if the player has no skin or is a cracked account
-     */
-    public synchronized WrappedSignedProperty getSkin() {
-        return this.skinProperty;
-    }
-
-    /**
-     * Sets the premium skin property which was retrieved by the session server
-     *
-     * @param skinProperty premium skin property
-     */
-    public synchronized void setSkin(WrappedSignedProperty skinProperty) {
-        this.skinProperty = skinProperty;
-    }
-
-    /**
-     * Sets whether the account of this player already exists
-     *
-     * @param registered whether the account exists
-     */
-    public synchronized void setRegistered(boolean registered) {
-        this.registered = registered;
-    }
-
-    /**
-     * Gets whether the account of this player already exists.
-     *
-     * @return whether the account exists
-     */
-    public synchronized boolean needsRegistration() {
-        return !registered;
-    }
-
-    /**
-     * Sets whether the player has a premium (paid account) account
-     * and valid session
-     *
-     * @param verified whether the player has valid session
-     */
-    public synchronized void setVerified(boolean verified) {
-        this.verified = verified;
-    }
-
-    /**
-     * Get the premium UUID of this player
-     *
-     * @return the premium UUID or null if not fetched
-     */
-    public synchronized UUID getUuid() {
-        return uuid;
-    }
-
-
-    /**
-     * Set the online UUID if it's fetched
-     *
-     * @param uuid premium UUID
-     */
-    public synchronized void setUuid(UUID uuid) {
-        this.uuid = uuid;
-    }
-
-    /**
-     * Get whether the player has a premium (paid account) account
-     * and valid session
-     *
-     * @return whether the player has a valid session
-     */
-    public synchronized boolean isVerified() {
-        return verified;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/PremiumPlaceholder.java

@@ -0,0 +1,53 @@
+package com.github.games647.fastlogin.bukkit;
+
+import java.util.stream.Collectors;
+
+import me.clip.placeholderapi.PlaceholderAPI;
+import me.clip.placeholderapi.expansion.PlaceholderExpansion;
+
+import org.bukkit.entity.Player;
+
+public class PremiumPlaceholder extends PlaceholderExpansion {
+
+    private static final String PLACEHOLDER_VARIABLE = "fastlogin_status";
+
+    private final FastLoginBukkit plugin;
+
+    public PremiumPlaceholder(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    public static void register(FastLoginBukkit plugin) {
+        PremiumPlaceholder placeholderHook = new PremiumPlaceholder(plugin);
+        PlaceholderAPI.registerPlaceholderHook(PLACEHOLDER_VARIABLE, placeholderHook);
+    }
+
+    @Override
+    public String onPlaceholderRequest(Player player, String variable) {
+        if (player != null && PLACEHOLDER_VARIABLE.equals(variable)) {
+            return plugin.getStatus(player.getUniqueId()).name();
+        }
+
+        return "";
+    }
+
+    @Override
+    public String getIdentifier() {
+        return PLACEHOLDER_VARIABLE;
+    }
+
+    @Override
+    public String getPlugin() {
+        return plugin.getName();
+    }
+
+    @Override
+    public String getAuthor() {
+        return plugin.getDescription().getAuthors().stream().collect(Collectors.joining(", "));
+    }
+
+    @Override
+    public String getVersion() {
+        return plugin.getName();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/Storage.java

@@ -1,201 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import com.comphenix.protocol.utility.SafeCacheBuilder;
-import com.google.common.cache.CacheLoader;
-import com.zaxxer.hikari.HikariConfig;
-import com.zaxxer.hikari.HikariDataSource;
-
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.TimeUnit;
-import java.util.logging.Level;
-
-public class Storage {
-
-    private static final String PREMIUM_TABLE = "premium";
-
-    private final ConcurrentMap<String, PlayerProfile> profileCache = SafeCacheBuilder
-            .<String, PlayerProfile>newBuilder()
-            .concurrencyLevel(20)
-            .expireAfterAccess(30, TimeUnit.MINUTES)
-            .build(new CacheLoader<String, PlayerProfile>() {
-                @Override
-                public PlayerProfile load(String key) throws Exception {
-                    //should be fetched manually
-                    throw new UnsupportedOperationException("Not supported yet.");
-                }
-            });
-
-    private final HikariDataSource dataSource;
-    private final FastLoginBukkit plugin;
-
-    public Storage(FastLoginBukkit plugin, String driver, String host, int port, String databasePath
-            , String user, String pass) {
-        this.plugin = plugin;
-
-        HikariConfig databaseConfig = new HikariConfig();
-        databaseConfig.setUsername(user);
-        databaseConfig.setPassword(pass);
-        databaseConfig.setDriverClassName(driver);
-
-        databasePath = databasePath.replace("{pluginDir}", plugin.getDataFolder().getAbsolutePath());
-
-        String jdbcUrl = "jdbc:";
-        if (driver.contains("sqlite")) {
-            jdbcUrl += "sqlite" + "://" + databasePath;
-            databaseConfig.setConnectionTestQuery("SELECT 1");
-        } else {
-            jdbcUrl += "mysql" + "://" + host + ':' + port + '/' + databasePath;
-        }
-
-        databaseConfig.setJdbcUrl(jdbcUrl);
-        this.dataSource = new HikariDataSource(databaseConfig);
-    }
-
-    public void createTables() throws SQLException {
-        Connection con = null;
-        try {
-            con = dataSource.getConnection();
-            Statement statement = con.createStatement();
-            String createDataStmt = "CREATE TABLE IF NOT EXISTS " + PREMIUM_TABLE + " ("
-                    + "`UserID` INTEGER PRIMARY KEY AUTO_INCREMENT, "
-                    + "`UUID` CHAR(36), "
-                    + "`Name` VARCHAR(16) NOT NULL, "
-                    + "`Premium` BOOLEAN NOT NULL, "
-                    + "`LastIp` VARCHAR(255) NOT NULL, "
-                    + "`LastLogin` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, "
-                    + "UNIQUE (`UUID`), "
-                    //the premium shouldn't steal the cracked account by changing the name
-                    + "UNIQUE (`Name`) "
-                    + ")";
-
-            if (dataSource.getJdbcUrl().contains("sqlite")) {
-                createDataStmt = createDataStmt.replace("AUTO_INCREMENT", "AUTOINCREMENT");
-            }
-
-            statement.executeUpdate(createDataStmt);
-        } finally {
-            closeQuietly(con);
-        }
-    }
-
-    public PlayerProfile getProfile(String name, boolean fetch) {
-        if (profileCache.containsKey(name)) {
-            return profileCache.get(name);
-        } else if (fetch) {
-            Connection con = null;
-            try {
-                con = dataSource.getConnection();
-                PreparedStatement loadStatement = con.prepareStatement("SELECT * FROM " + PREMIUM_TABLE
-                        + " WHERE `Name`=? LIMIT 1");
-                loadStatement.setString(1, name);
-
-                ResultSet resultSet = loadStatement.executeQuery();
-                if (resultSet.next()) {
-                    long userId = resultSet.getInt(1);
-
-                    String unparsedUUID = resultSet.getString(2);
-                    UUID uuid;
-                    if (unparsedUUID == null) {
-                        uuid = null;
-                    } else {
-                        uuid = FastLoginBukkit.parseId(unparsedUUID);
-                    }
-
-//                    String name = resultSet.getString(3);
-                    boolean premium = resultSet.getBoolean(4);
-                    String lastIp = resultSet.getString(5);
-                    long lastLogin = resultSet.getTimestamp(6).getTime();
-                    PlayerProfile playerProfile = new PlayerProfile(userId, uuid, name, premium, lastIp, lastLogin);
-                    profileCache.put(name, playerProfile);
-                    return playerProfile;
-                } else {
-                    PlayerProfile crackedProfile = new PlayerProfile(null, name, false, "");
-                    profileCache.put(name, crackedProfile);
-                    return crackedProfile;
-                }
-            } catch (SQLException sqlEx) {
-                plugin.getLogger().log(Level.SEVERE, "Failed to query profile", sqlEx);
-            } finally {
-                closeQuietly(con);
-            }
-        }
-
-        return null;
-    }
-
-    public boolean save(PlayerProfile playerProfile) {
-        Connection con = null;
-        try {
-            con = dataSource.getConnection();
-
-            UUID uuid = playerProfile.getUuid();
-
-            if (playerProfile.getUserId() == -1) {
-                PreparedStatement saveStatement = con.prepareStatement("INSERT INTO " + PREMIUM_TABLE
-                        + " (UUID, Name, Premium, LastIp) VALUES (?, ?, ?, ?)", Statement.RETURN_GENERATED_KEYS);
-
-                if (uuid == null) {
-                    saveStatement.setString(1, null);
-                } else {
-                    saveStatement.setString(1, uuid.toString().replace("-", ""));
-                }
-
-                saveStatement.setString(2, playerProfile.getPlayerName());
-                saveStatement.setBoolean(3, playerProfile.isPremium());
-                saveStatement.setString(4, playerProfile.getLastIp());
-                saveStatement.execute();
-
-                ResultSet generatedKeys = saveStatement.getGeneratedKeys();
-                if (generatedKeys != null && generatedKeys.next()) {
-                    playerProfile.setUserId(generatedKeys.getInt(1));
-                }
-            } else {
-                PreparedStatement saveStatement = con.prepareStatement("UPDATE " + PREMIUM_TABLE
-                        + " SET UUID=?, Name=?, Premium=?, LastIp=?, LastLogin=CURRENT_TIMESTAMP WHERE UserID=?");
-
-                if (uuid == null) {
-                    saveStatement.setString(1, null);
-                } else {
-                    saveStatement.setString(1, uuid.toString().replace("-", ""));
-                }
-
-                saveStatement.setString(2, playerProfile.getPlayerName());
-                saveStatement.setBoolean(3, playerProfile.isPremium());
-                saveStatement.setString(4, playerProfile.getLastIp());
-//                saveStatement.setTimestamp(5, new Timestamp(playerProfile.getLastLogin()));
-
-                saveStatement.setLong(5, playerProfile.getUserId());
-                saveStatement.execute();
-            }
-
-            return true;
-        } catch (SQLException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Failed to save playerProfile", ex);
-        } finally {
-            closeQuietly(con);
-        }
-
-        return false;
-    }
-
-    public void close() {
-        dataSource.close();
-        profileCache.clear();
-    }
-
-    private void closeQuietly(Connection con) {
-        if (con != null) {
-            try {
-                con.close();
-            } catch (SQLException sqlEx) {
-                plugin.getLogger().log(Level.SEVERE, "Failed to close connection", sqlEx);
-            }
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java

@@ -0,0 +1,87 @@
+package com.github.games647.fastlogin.bukkit.command;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.StoredProfile;
+
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandSender;
+
+public class CrackedCommand extends ToggleCommand {
+
+    public CrackedCommand(FastLoginBukkit plugin) {
+        super(plugin);
+    }
+
+    @Override
+    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
+        if (args.length == 0) {
+            onCrackedSelf(sender, command, args);
+        } else {
+            onCrackedOther(sender, command, args);
+        }
+
+        return true;
+    }
+
+    private void onCrackedSelf(CommandSender sender, Command cmd, String[] args) {
+        if (isConsole(sender)) {
+            return;
+        }
+
+        if (forwardCrackedCommand(sender, sender.getName())) {
+            return;
+        }
+
+        if (plugin.isBungeeEnabled()) {
+            sendBungeeActivateMessage(sender, sender.getName(), false);
+            plugin.getCore().sendLocaleMessage("wait-on-proxy", sender);
+        } else {
+            //todo: load async if
+            StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
+            if (profile.isPremium()) {
+                plugin.getCore().sendLocaleMessage("remove-premium", sender);
+
+                profile.setPremium(false);
+                profile.setId(null);
+                plugin.getScheduler().runAsync(() -> {
+                    plugin.getCore().getStorage().save(profile);
+                });
+            } else {
+                plugin.getCore().sendLocaleMessage("not-premium", sender);
+            }
+        }
+    }
+
+    private void onCrackedOther(CommandSender sender, Command command, String[] args) {
+        if (!hasOtherPermission(sender, command)) {
+            return;
+        }
+
+        if (forwardCrackedCommand(sender, args[0])) {
+            return;
+        }
+
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(args[0]);
+        if (profile == null) {
+            sender.sendMessage("Error occurred");
+            return;
+        }
+
+        //existing player is already cracked
+        if (profile.isSaved() && !profile.isPremium()) {
+            plugin.getCore().sendLocaleMessage("not-premium-other", sender);
+        } else {
+            plugin.getCore().sendLocaleMessage("remove-premium", sender);
+
+            profile.setPremium(false);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+            });
+        }
+    }
+
+    private boolean forwardCrackedCommand(CommandSender sender, String target) {
+        return forwardBungeeCommand(sender, target, false);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java

@@ -0,0 +1,110 @@
+package com.github.games647.fastlogin.bukkit.command;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.ConfirmationState;
+import com.github.games647.fastlogin.core.StoredProfile;
+
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+
+/**
+ * Let users activate fast login by command. This only be accessible if
+ * the user has access to it's account. So we can make sure that not another
+ * person with a paid account and the same username can steal his account.
+ */
+public class PremiumCommand extends ToggleCommand {
+
+    public PremiumCommand(FastLoginBukkit plugin) {
+        super(plugin);
+    }
+
+    @Override
+    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
+        if (args.length == 0) {
+            onPremiumSelf(sender, command, args);
+        } else {
+            onPremiumOther(sender, command, args);
+        }
+
+        return true;
+    }
+
+    private void onPremiumSelf(CommandSender sender, Command cmd, String[] args) {
+        if (isConsole(sender)) {
+            return;
+        }
+
+        Player player = (Player) sender;
+        String playerName = sender.getName();
+        if (forwardPremiumCommand(sender, playerName)) {
+            return;
+        }
+
+        // non-bungee mode
+        if (plugin.getConfig().getBoolean("premium-confirm")) {
+            ConfirmationState state = plugin.getCore().getPendingConfirms().get(playerName);
+            if (state == null) {
+                // no pending confirmation
+                plugin.getCore().getPendingConfirms().put(playerName, ConfirmationState.REQUIRE_RELOGIN);
+                player.kickPlayer(plugin.getCore().getMessage("premium-confirm"));
+            } else if (state == ConfirmationState.REQUIRE_AUTH_PLUGIN_LOGIN) {
+                // player logged in successful using premium authentication
+                activate(sender, playerName);
+            }
+        } else {
+            activate(sender, playerName);
+        }
+    }
+
+    private void activate(CommandSender sender, String playerName) {
+        plugin.getCore().getPendingConfirms().remove(playerName);
+
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(playerName);
+        if (profile.isPremium()) {
+            plugin.getCore().sendLocaleMessage("already-exists", sender);
+        } else {
+            //todo: resolve uuid
+            profile.setPremium(true);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+            });
+
+            plugin.getCore().sendLocaleMessage("add-premium", sender);
+        }
+    }
+
+    private void onPremiumOther(CommandSender sender, Command command, String[] args) {
+        if (!hasOtherPermission(sender, command)) {
+            return;
+        }
+
+        if (forwardPremiumCommand(sender, args[0])) {
+            return;
+        }
+
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(args[0]);
+        if (profile == null) {
+            plugin.getCore().sendLocaleMessage("player-unknown", sender);
+            return;
+        }
+
+        if (profile.isPremium()) {
+            plugin.getCore().sendLocaleMessage("already-exists-other", sender);
+        } else {
+            //todo: resolve uuid
+            profile.setPremium(true);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+            });
+
+            plugin.getCore().sendLocaleMessage("add-premium-other", sender);
+        }
+    }
+
+    private boolean forwardPremiumCommand(CommandSender sender, String target) {
+        return forwardBungeeCommand(sender, target, true);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/ToggleCommand.java

@@ -0,0 +1,69 @@
+package com.github.games647.fastlogin.bukkit.command;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
+import com.github.games647.fastlogin.core.message.ChannelMessage;
+
+import java.util.Optional;
+
+import org.bukkit.Bukkit;
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandExecutor;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.plugin.messaging.PluginMessageRecipient;
+
+public abstract class ToggleCommand implements CommandExecutor {
+
+    protected final FastLoginBukkit plugin;
+
+    public ToggleCommand(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    protected boolean hasOtherPermission(CommandSender sender, Command cmd) {
+        if (!sender.hasPermission(cmd.getPermission() + ".other")) {
+            plugin.getCore().sendLocaleMessage("no-permission", sender);
+            return false;
+        }
+
+        return true;
+    }
+
+    protected boolean forwardBungeeCommand(CommandSender sender, String target, boolean activate) {
+        if (plugin.isBungeeEnabled()) {
+            sendBungeeActivateMessage(sender, target, activate);
+            plugin.getCore().sendLocaleMessage("wait-on-proxy", sender);
+            return true;
+        }
+
+        return false;
+    }
+
+    protected boolean isConsole(CommandSender sender) {
+        if (sender instanceof Player) {
+            return false;
+        }
+
+        //console or command block
+        sender.sendMessage(plugin.getCore().getMessage("no-console"));
+        return true;
+    }
+
+    protected void sendBungeeActivateMessage(CommandSender invoker, String target, boolean activate) {
+        if (invoker instanceof PluginMessageRecipient) {
+            ChannelMessage message = new ChangePremiumMessage(target, activate, true);
+            plugin.sendPluginMessage((PluginMessageRecipient) invoker, message);
+        } else {
+            Optional<? extends Player> optPlayer = Bukkit.getServer().getOnlinePlayers().stream().findFirst();
+            if (!optPlayer.isPresent()) {
+                plugin.getLog().info("No player online to send a plugin message to the proxy");
+                return;
+            }
+
+            Player sender = optPlayer.get();
+            ChannelMessage message = new ChangePremiumMessage(target, activate, false);
+            plugin.sendPluginMessage(sender, message);
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/commands/CrackedCommand.java

@@ -1,81 +0,0 @@
-package com.github.games647.fastlogin.bukkit.commands;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.PlayerProfile;
-import com.google.common.io.ByteArrayDataOutput;
-import com.google.common.io.ByteStreams;
-
-import org.bukkit.Bukkit;
-import org.bukkit.ChatColor;
-import org.bukkit.command.Command;
-import org.bukkit.command.CommandExecutor;
-import org.bukkit.command.CommandSender;
-import org.bukkit.entity.Player;
-
-public class CrackedCommand implements CommandExecutor {
-
-    protected final FastLoginBukkit plugin;
-
-    public CrackedCommand(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @Override
-    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
-        if (args.length == 0) {
-            if (!(sender instanceof Player)) {
-                //console or command block
-                sender.sendMessage(ChatColor.DARK_RED + "Only players can remove themselves from the premium list");
-                return true;
-            }
-
-            final Player player = (Player) sender;
-//            UUID uuid = player.getUniqueId();
-
-            if (plugin.isBungeeCord()) {
-                notifiyBungeeCord((Player) sender);
-                sender.sendMessage(ChatColor.YELLOW + "Sending request...");
-            } else {
-                //todo: load async if it's not in the cache anymore
-                final PlayerProfile profile = plugin.getStorage().getProfile(player.getName(), true);
-                if (profile.isPremium()) {
-                    sender.sendMessage(ChatColor.DARK_GREEN + "Removed from the list of premium players");
-                    profile.setPremium(false);
-                    profile.setUuid(null);
-                    Bukkit.getScheduler().runTaskAsynchronously(plugin, new Runnable() {
-                        @Override
-                        public void run() {
-                            plugin.getStorage().save(profile);
-                        }
-                    });
-                } else {
-                    sender.sendMessage(ChatColor.DARK_RED + "You are not in the premium list");
-                }
-            }
-
-            return true;
-        } else {
-            sender.sendMessage(ChatColor.DARK_RED + "NOT IMPLEMENTED YET");
-            //todo:
-//            String playerName = args[0];
-//            boolean existed = plugin.getEnabledPremium().remove(playerName);
-//            if (existed) {
-//                sender.sendMessage(ChatColor.DARK_GREEN + "Removed from the list of premium players");
-//                notifiyBungeeCord((Player) sender);
-//            } else {
-//                sender.sendMessage(ChatColor.DARK_RED + "User is not in the premium list");
-//            }
-        }
-
-        return true;
-    }
-
-    private void notifiyBungeeCord(Player target) {
-        if (plugin.isBungeeCord()) {
-            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-            dataOutput.writeUTF("OFF");
-
-            target.sendPluginMessage(plugin, plugin.getName(), dataOutput.toByteArray());
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/commands/PremiumCommand.java

@@ -1,87 +0,0 @@
-package com.github.games647.fastlogin.bukkit.commands;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.PlayerProfile;
-import com.google.common.io.ByteArrayDataOutput;
-import com.google.common.io.ByteStreams;
-
-import org.bukkit.Bukkit;
-import org.bukkit.ChatColor;
-import org.bukkit.command.Command;
-import org.bukkit.command.CommandExecutor;
-import org.bukkit.command.CommandSender;
-import org.bukkit.entity.Player;
-
-/**
- * Let users activate fast login by command. This only be accessible if
- * the user has access to it's account. So we can make sure that not another
- * person with a paid account and the same username can steal his account.
- */
-public class PremiumCommand implements CommandExecutor {
-
-    protected final FastLoginBukkit plugin;
-
-    public PremiumCommand(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @Override
-    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
-        if (args.length == 0) {
-            if (!(sender instanceof Player)) {
-                //console or command block
-                sender.sendMessage(ChatColor.DARK_RED + "Only players can add themselves as premium");
-                return true;
-            }
-
-            Player player = (Player) sender;
-//            UUID uuid = player.getUniqueId();
-
-            if (plugin.isBungeeCord()) {
-                notifiyBungeeCord(player);
-                sender.sendMessage(ChatColor.YELLOW + "Sending request...");
-            } else {
-//            //todo: load async if it's not in the cache anymore
-                final PlayerProfile profile = plugin.getStorage().getProfile(player.getName(), true);
-                if (profile.isPremium()) {
-                    sender.sendMessage(ChatColor.DARK_RED + "You are already on the premium list");
-                } else {
-                    //todo: resolve uuid
-                    profile.setPremium(true);
-                    Bukkit.getScheduler().runTaskAsynchronously(plugin, new Runnable() {
-                        @Override
-                        public void run() {
-                            plugin.getStorage().save(profile);
-                        }
-                    });
-                    
-                    sender.sendMessage(ChatColor.DARK_GREEN + "Added to the list of premium players");
-                }
-            }
-
-            return true;
-        } else {
-            sender.sendMessage(ChatColor.DARK_RED + "NOT IMPLEMENTED YET");
-            //todo: async load
-//            String playerName = args[0];
-//            boolean didntexist = plugin.getEnabledPremium().add(playerName);
-//            if (!didntexist) {
-//                sender.sendMessage(ChatColor.DARK_RED + "You are already on the premium list");
-//            } else {
-//                sender.sendMessage(ChatColor.DARK_GREEN + "Added to the list of premium players");
-//            }
-//            notifiyBungeeCord();
-        }
-
-        return true;
-    }
-
-    private void notifiyBungeeCord(Player target) {
-        if (plugin.isBungeeCord()) {
-            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-            dataOutput.writeUTF("ON");
-
-            target.sendPluginMessage(plugin, plugin.getName(), dataOutput.toByteArray());
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java

@@ -0,0 +1,52 @@
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import org.bukkit.event.Cancellable;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+
+public class BukkitFastLoginAutoLoginEvent extends Event implements FastLoginAutoLoginEvent, Cancellable {
+
+    private static final HandlerList handlers = new HandlerList();
+    private final LoginSession session;
+    private final StoredProfile profile;
+    private boolean cancelled;
+
+    public BukkitFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        super(true);
+
+        this.session = session;
+        this.profile = profile;
+    }
+
+    @Override
+    public LoginSession getSession() {
+        return session;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public boolean isCancelled() {
+        return cancelled;
+    }
+
+    @Override
+    public void setCancelled(boolean cancelled) {
+        this.cancelled = cancelled;
+    }
+
+    @Override
+    public HandlerList getHandlers() {
+        return handlers;
+    }
+
+    public static HandlerList getHandlerList() {
+        return handlers;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java

@@ -0,0 +1,47 @@
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSource;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+
+public class BukkitFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent {
+
+    private static final HandlerList handlers = new HandlerList();
+    private final String username;
+    private final LoginSource source;
+    private final StoredProfile profile;
+
+    public BukkitFastLoginPreLoginEvent(String username, LoginSource source, StoredProfile profile) {
+        super(true);
+
+        this.username = username;
+        this.source = source;
+        this.profile = profile;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public LoginSource getSource() {
+        return source;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public HandlerList getHandlers() {
+        return handlers;
+    }
+
+    public static HandlerList getHandlerList() {
+        return handlers;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java

@@ -0,0 +1,65 @@
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
+import fr.xephi.authme.api.v3.AuthMeApi;
+import fr.xephi.authme.events.RestoreSessionEvent;
+
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+
+/**
+ * GitHub: https://github.com/Xephi/AuthMeReloaded/
+ * <p>
+ * Project page:
+ * <p>
+ * Bukkit: https://dev.bukkit.org/bukkit-plugins/authme-reloaded/
+ * <p>
+ * Spigot: https://www.spigotmc.org/resources/authme-reloaded.6269/
+ */
+public class AuthMeHook implements AuthPlugin<Player>, Listener {
+
+    private final FastLoginBukkit plugin;
+
+    public AuthMeHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(priority = EventPriority.HIGHEST, ignoreCancelled = true)
+    public void onSessionRestore(RestoreSessionEvent restoreSessionEvent) {
+        Player player = restoreSessionEvent.getPlayer();
+
+        String id = '/' + player.getAddress().getAddress().getHostAddress() + ':' + player.getAddress().getPort();
+        BukkitLoginSession session = plugin.getLoginSessions().get(id);
+        if (session != null && session.isVerified()) {
+            restoreSessionEvent.setCancelled(true);
+        }
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        if (AuthMeApi.getInstance().isAuthenticated(player)) {
+            return false;
+        }
+
+        //skips registration and login
+        AuthMeApi.getInstance().forceLogin(player);
+        return true;
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return AuthMeApi.getInstance().isRegistered(playerName);
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        //this automatically login the player too
+        AuthMeApi.getInstance().forceRegister(player, password);
+        return true;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/CrazyLoginHook.java

@@ -0,0 +1,123 @@
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.comphenix.protocol.reflect.FieldUtils;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
+import de.st_ddt.crazylogin.CrazyLogin;
+import de.st_ddt.crazylogin.data.LoginPlayerData;
+import de.st_ddt.crazylogin.databases.CrazyLoginDataDatabase;
+import de.st_ddt.crazylogin.listener.PlayerListener;
+import de.st_ddt.crazylogin.metadata.Authenticated;
+
+import java.util.Optional;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+
+/**
+ * GitHub: https://github.com/ST-DDT/CrazyLogin
+ * <p>
+ * Project page:
+ * <p>
+ * Bukkit: https://dev.bukkit.org/server-mods/crazylogin/
+ */
+public class CrazyLoginHook implements AuthPlugin<Player> {
+
+    private final FastLoginBukkit plugin;
+
+    private final CrazyLogin crazyLoginPlugin;
+    private final PlayerListener playerListener;
+
+    public CrazyLoginHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+
+        crazyLoginPlugin = CrazyLogin.getPlugin();
+        playerListener = getListener();
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        //not thread-safe operation
+        Future<Optional<LoginPlayerData>> future = Bukkit.getScheduler().callSyncMethod(plugin, () -> {
+            LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player);
+            if (playerData != null) {
+                //mark the account as logged in
+                playerData.setLoggedIn(true);
+
+                String ip = player.getAddress().getAddress().getHostAddress();
+//this should be done after login to restore the inventory, show players, prevent potential memory leaks...
+//from: https://github.com/ST-DDT/CrazyLogin/blob/master/src/main/java/de/st_ddt/crazylogin/CrazyLogin.java#L1948
+                playerData.resetLoginFails();
+                player.setFireTicks(0);
+
+                if (playerListener != null) {
+                    playerListener.removeMovementBlocker(player);
+                    playerListener.disableHidenInventory(player);
+                    playerListener.disableSaveLogin(player);
+                    playerListener.unhidePlayer(player);
+                }
+
+//loginFailuresPerIP.remove(IP);
+//illegalCommandUsesPerIP.remove(IP);
+//tempBans.remove(IP);
+                playerData.addIP(ip);
+                player.setMetadata("Authenticated", new Authenticated(crazyLoginPlugin, player));
+                crazyLoginPlugin.unregisterDynamicHooks();
+                return Optional.of(playerData);
+            }
+
+            return Optional.empty();
+        });
+
+        try {
+            Optional<LoginPlayerData> result = future.get().filter(LoginPlayerData::isLoggedIn);
+            if (result.isPresent()) {
+                //SQL-Queries should run async
+                crazyLoginPlugin.getCrazyDatabase().saveWithoutPassword(result.get());
+                return true;
+            }
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceLogin player: {}", player, ex);
+            return false;
+        }
+
+        return false;
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return crazyLoginPlugin.getPlayerData(playerName) != null;
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        CrazyLoginDataDatabase crazyDatabase = crazyLoginPlugin.getCrazyDatabase();
+
+        //this executes a sql query and accesses only thread safe collections so we can run it async
+        LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player.getName());
+        if (playerData == null) {
+            //create a fake account - this will be saved to the database with the password=FAILEDLOADING
+            //user cannot login with that password unless the admin uses plain text
+            //this automatically marks the player as logged in
+            crazyDatabase.save(new LoginPlayerData(player));
+            return forceLogin(player);
+        }
+
+        return false;
+    }
+
+    private PlayerListener getListener() {
+        PlayerListener listener;
+        try {
+            listener = (PlayerListener) FieldUtils.readField(crazyLoginPlugin, "playerListener", true);
+        } catch (IllegalAccessException ex) {
+            plugin.getLog().error("Failed to get the listener instance for auto login", ex);
+            listener = null;
+        }
+
+        return listener;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/LogItHook.java

@@ -0,0 +1,47 @@
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
+import io.github.lucaseasedup.logit.CancelledState;
+import io.github.lucaseasedup.logit.LogItCore;
+import io.github.lucaseasedup.logit.account.Account;
+import io.github.lucaseasedup.logit.session.SessionManager;
+
+import java.time.Instant;
+
+import org.bukkit.entity.Player;
+
+/**
+ * GitHub: https://github.com/XziomekX/LogIt
+ * <p>
+ * Project page:
+ * <p>
+ * Bukkit: Unknown
+ * <p>
+ * Spigot: Unknown
+ */
+public class LogItHook implements AuthPlugin<Player> {
+
+    @Override
+    public boolean forceLogin(Player player) {
+        SessionManager sessionManager = LogItCore.getInstance().getSessionManager();
+        return sessionManager.isSessionAlive(player)
+                || sessionManager.startSession(player) == CancelledState.NOT_CANCELLED;
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return LogItCore.getInstance().getAccountManager().isRegistered(playerName);
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        Account account = new Account(player.getName());
+        account.changePassword(password);
+
+        Instant now = Instant.now();
+        account.setLastActiveDate(now.getEpochSecond());
+        account.setRegistrationDate(now.getEpochSecond());
+        return LogItCore.getInstance().getAccountManager().insertAccount(account) == CancelledState.NOT_CANCELLED;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/LoginSecurityHook.java

@@ -0,0 +1,48 @@
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import com.lenis0012.bukkit.loginsecurity.LoginSecurity;
+import com.lenis0012.bukkit.loginsecurity.session.AuthService;
+import com.lenis0012.bukkit.loginsecurity.session.PlayerSession;
+import com.lenis0012.bukkit.loginsecurity.session.action.LoginAction;
+import com.lenis0012.bukkit.loginsecurity.session.action.RegisterAction;
+
+import org.bukkit.entity.Player;
+
+/**
+ * GitHub: https://github.com/lenis0012/LoginSecurity-2
+ * <p>
+ * Project page:
+ * <p>
+ * Bukkit: https://dev.bukkit.org/bukkit-plugins/loginsecurity/
+ * <p>
+ * Spigot: https://www.spigotmc.org/resources/loginsecurity.19362/
+ */
+public class LoginSecurityHook implements AuthPlugin<Player> {
+
+    private final FastLoginBukkit plugin;
+
+    public LoginSecurityHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
+        return session.isAuthorized()
+                || session.performAction(new LoginAction(AuthService.PLUGIN, plugin)).isSuccess();
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        PlayerSession session = LoginSecurity.getSessionManager().getOfflineSession(playerName);
+        return session.isRegistered();
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
+        return session.performAction(new RegisterAction(AuthService.PLUGIN, plugin, password)).isSuccess();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/UltraAuthHook.java

@@ -0,0 +1,63 @@
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.plugin.Plugin;
+import ultraauth.api.UltraAuthAPI;
+import ultraauth.main.Main;
+import ultraauth.managers.PlayerManager;
+
+/**
+ * Project page:
+ * <p>
+ * Bukkit: https://dev.bukkit.org/bukkit-plugins/ultraauth-aa/
+ * <p>
+ * Spigot: https://www.spigotmc.org/resources/ultraauth.17044/
+ */
+public class UltraAuthHook implements AuthPlugin<Player> {
+
+    private final Plugin ultraAuthPlugin = Main.main;
+    private final FastLoginBukkit plugin;
+
+    public UltraAuthHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        //not thread-safe
+        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(plugin, () -> {
+            if (UltraAuthAPI.isAuthenticated(player)) {
+                return true;
+            }
+
+            UltraAuthAPI.authenticatedPlayer(player);
+            return UltraAuthAPI.isAuthenticated(player);
+        });
+
+        try {
+            return future.get();
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceLogin player: {}", player, ex);
+            return false;
+        }
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return UltraAuthAPI.isRegisterd(playerName);
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        UltraAuthAPI.setPlayerPasswordOnline(player, password);
+        //the register method silents any exception so check if our entry was saved
+        return PlayerManager.getInstance().checkPlayerPassword(player, password) && forceLogin(player);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/xAuthHook.java

@@ -0,0 +1,86 @@
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
+import de.luricos.bukkit.xAuth.xAuth;
+import de.luricos.bukkit.xAuth.xAuthPlayer;
+
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+
+/**
+ * GitHub: https://github.com/LycanDevelopment/xAuth/
+ * <p>
+ * Project page:
+ * <p>
+ * Bukkit: https://dev.bukkit.org/bukkit-plugins/xauth/
+ */
+public class xAuthHook implements AuthPlugin<Player> {
+
+    private final xAuth xAuthPlugin = xAuth.getPlugin();
+    private final FastLoginBukkit plugin;
+
+    public xAuthHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        //not thread-safe
+        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(plugin, () -> {
+            xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
+            if (xAuthPlayer != null) {
+                if (xAuthPlayer.isAuthenticated()) {
+                    return true;
+                }
+
+                //we checked that the player is premium (paid account)
+                xAuthPlayer.setPremium(true);
+
+                //unprotect the inventory, op status...
+                return xAuthPlugin.getPlayerManager().doLogin(xAuthPlayer);
+            }
+
+            return false;
+        });
+
+        try {
+            return future.get();
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceLogin player: {}", player, ex);
+            return false;
+        }
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        //this will load the player if it's not in the cache
+        xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(playerName);
+        return xAuthPlayer != null && xAuthPlayer.isRegistered();
+    }
+
+    @Override
+    public boolean forceRegister(Player player, final String password) {
+        //not thread-safe
+        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(xAuthPlugin, () -> {
+            xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
+            //this should run async because the plugin executes a sql query, but the method
+            //accesses non thread-safe collections :(
+            return xAuthPlayer != null
+                    && xAuthPlugin.getAuthClass(xAuthPlayer).adminRegister(player.getName(), password, null);
+
+        });
+
+        try {
+            //login in the player after registration
+            return future.get() && forceLogin(player);
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceRegister player: {}", player, ex);
+            return false;
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/AuthMeHook.java

@@ -1,35 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import fr.xephi.authme.api.NewAPI;
-
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/Xephi/AuthMeReloaded/
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/authme-reloaded/
- * Spigot: https://www.spigotmc.org/resources/authme-reloaded.6269/
- */
-public class AuthMeHook implements BukkitAuthPlugin {
-
-    @Override
-    public boolean forceLogin(Player player) {
-        //skips registration and login
-        NewAPI.getInstance().forceLogin(player);
-        //commented because the operation above is performed async -> race conditions
-//        return NewAPI.getInstance().isAuthenticated(player);
-        return true;
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        return NewAPI.getInstance().isRegistered(playerName);
-    }
-
-    @Override
-    public boolean forceRegister(Player player, String password) {
-        NewAPI.getInstance().forceRegister(player, password);
-        return true;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/CrazyLoginHook.java

@@ -1,119 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.comphenix.protocol.reflect.FuzzyReflection;
-
-import de.st_ddt.crazylogin.CrazyLogin;
-import de.st_ddt.crazylogin.data.LoginPlayerData;
-import de.st_ddt.crazylogin.databases.CrazyLoginDataDatabase;
-import de.st_ddt.crazylogin.listener.PlayerListener;
-import de.st_ddt.crazylogin.metadata.Authenticated;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/ST-DDT/CrazyLogin
- *
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/server-mods/crazylogin/
- */
-public class CrazyLoginHook implements BukkitAuthPlugin {
-
-    protected final CrazyLogin crazyLoginPlugin = CrazyLogin.getPlugin();
-    private final PlayerListener playerListener = getListener();
-
-    @Override
-    public boolean forceLogin(final Player player) {
-        //not thread-safe operation
-        Future<LoginPlayerData> future = Bukkit.getScheduler().callSyncMethod(crazyLoginPlugin
-                , new Callable<LoginPlayerData>() {
-            @Override
-            public LoginPlayerData call() throws Exception {
-                LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player.getName());
-                if (playerData != null) {
-                    //mark the account as logged in
-                    playerData.setLoggedIn(true);
-
-                    String ip = player.getAddress().getAddress().getHostAddress();
-//this should be done after login to restore the inventory, unhide players, prevent potential memory leaks...
-//from: https://github.com/ST-DDT/CrazyLogin/blob/master/src/main/java/de/st_ddt/crazylogin/CrazyLogin.java#L1948
-                    playerData.resetLoginFails();
-                    player.setFireTicks(0);
-
-                    if (playerListener != null) {
-                        playerListener.removeMovementBlocker(player);
-                        playerListener.disableHidenInventory(player);
-                        playerListener.disableSaveLogin(player);
-                        playerListener.unhidePlayer(player);
-                    }
-
-                    //loginFailuresPerIP.remove(IP);
-                    //illegalCommandUsesPerIP.remove(IP);
-                    //tempBans.remove(IP);
-                    playerData.addIP(ip);
-                    player.setMetadata("Authenticated", new Authenticated(crazyLoginPlugin, player));
-                    crazyLoginPlugin.unregisterDynamicHooks();
-                    return playerData;
-                }
-
-                return null;
-            }
-        });
-
-        try {
-            LoginPlayerData result = future.get();
-            if (result != null) {
-                //SQL-Queries should run async
-                crazyLoginPlugin.getCrazyDatabase().saveWithoutPassword(result);
-                return true;
-            }
-        } catch (InterruptedException | ExecutionException ex) {
-            crazyLoginPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-
-        return false;
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        return crazyLoginPlugin.getPlayerData(playerName) != null;
-    }
-
-    @Override
-    public boolean forceRegister(final Player player, String password) {
-        final CrazyLoginDataDatabase crazyDatabase = crazyLoginPlugin.getCrazyDatabase();
-
-        //this executes a sql query and accesses only thread safe collections so we can run it async
-        LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player.getName());
-        if (playerData == null) {
-            //create a fake account - this will be saved to the database with the password=FAILEDLOADING
-            //user cannot login with that password unless the admin uses plain text
-            //this automatically marks the player as logged in
-            playerData = new LoginPlayerData(player);
-            crazyDatabase.save(playerData);
-
-            return forceLogin(player);
-        }
-
-        return false;
-    }
-
-    private PlayerListener getListener() {
-        PlayerListener listener;
-        try {
-            listener = FuzzyReflection.getFieldValue(crazyLoginPlugin, PlayerListener.class, true);
-        } catch (Exception ex) {
-            crazyLoginPlugin.getLogger().log(Level.SEVERE, "Failed to get the listener instance for auto login", ex);
-            listener = null;
-        }
-
-        return listener;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/LoginSecurityHook.java

@@ -1,86 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.google.common.base.Charsets;
-import com.lenis0012.bukkit.ls.LoginSecurity;
-import com.lenis0012.bukkit.ls.data.DataManager;
-
-import java.net.InetAddress;
-
-import java.util.UUID;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-import org.bukkit.Bukkit;
-
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/lenis0012/LoginSecurity-2 Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/loginsecurity/ Spigot:
- * https://www.spigotmc.org/resources/loginsecurity.19362/
- *
- * on join:
- * https://github.com/lenis0012/LoginSecurity-2/blob/master/src/main/java/com/lenis0012/bukkit/ls/LoginSecurity.java#L282
- */
-public class LoginSecurityHook implements BukkitAuthPlugin {
-
-    protected final LoginSecurity securityPlugin = LoginSecurity.instance;
-
-    @Override
-    public boolean forceLogin(final Player player) {
-        //Login command of this plugin: (How the plugin logs the player in)
-        //https://github.com/lenis0012/LoginSecurity-2/blob/master/src/main/java/com/lenis0012/bukkit/ls/commands/LoginCommand.java#L39
-
-        //not thread-safe operation
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(securityPlugin, new Callable<Boolean>() {
-            @Override
-            public Boolean call() throws Exception {
-                String name = player.getName().toLowerCase();
-
-                //mark the user as logged in
-                securityPlugin.authList.remove(name);
-                //cancel timeout timer
-                securityPlugin.thread.timeout.remove(name);
-                //remove effects and restore location
-                securityPlugin.rehabPlayer(player, name);
-
-                return true;
-            }
-        });
-
-        try {
-            return future.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            securityPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        //https://github.com/lenis0012/LoginSecurity-2/blob/master/src/main/java/com/lenis0012/bukkit/ls/LoginSecurity.java#L296
-        DataManager dataManager = securityPlugin.data;
-
-        //https://github.com/lenis0012/LoginSecurity-2/blob/master/src/main/java/com/lenis0012/bukkit/ls/LoginSecurity.java#L283
-        UUID offlineUuid = UUID.nameUUIDFromBytes(("OfflinePlayer:" + playerName).getBytes(Charsets.UTF_8));
-        return dataManager.isRegistered(offlineUuid.toString().replace("-", ""));
-        //check for loginsecurity sessions in order to prevent a sql query?
-        //sesUse && thread.getSession().containsKey(uuid) && checkLastIp(player)) {
-    }
-
-    @Override
-    public boolean forceRegister(final Player player, final String password) {
-        final DataManager dataManager = securityPlugin.data;
-
-        UUID playerUUID = player.getUniqueId();
-        final String uuidString = playerUUID.toString().replace("-", "");
-        final InetAddress ipAddress = player.getAddress().getAddress();
-        final String passwordHash = securityPlugin.hasher.hash(password);
-
-        //this executes a sql query without interacting with other parts so we can run it async.
-        dataManager.register(uuidString, passwordHash, securityPlugin.hasher.getTypeId(), ipAddress.toString());
-        return forceLogin(player);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/RoyalAuthHook.java

@@ -1,68 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.royaldev.royalauth.AuthPlayer;
-import org.royaldev.royalauth.Config;
-import org.royaldev.royalauth.RoyalAuth;
-
-/**
- * Github: https://github.com/RoyalDev/RoyalAuth
- *
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/royalauth/
- */
-public class RoyalAuthHook implements BukkitAuthPlugin {
-
-    private final RoyalAuth royalAuthPlugin = (RoyalAuth) Bukkit.getPluginManager().getPlugin("RoyalAuth");
-
-    @Override
-    public boolean forceLogin(final Player player) {
-        //not thread-safe
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(royalAuthPlugin, new Callable<Boolean>() {
-            @Override
-            public Boolean call() throws Exception {
-                AuthPlayer authPlayer = AuthPlayer.getAuthPlayer(player);
-
-//https://github.com/RoyalDev/RoyalAuth/blob/master/src/main/java/org/royaldev/royalauth/commands/CmdLogin.java#L62
-                //not thread-safe
-                authPlayer.login();
-
-                return true;
-            }
-        });
-
-        try {
-            return future.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            royalAuthPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        AuthPlayer authPlayer = AuthPlayer.getAuthPlayer(playerName);
-        return authPlayer.isRegistered();
-    }
-
-    @Override
-    public boolean forceRegister(Player player, String password) {
-//https://github.com/RoyalDev/RoyalAuth/blob/master/src/main/java/org/royaldev/royalauth/commands/CmdRegister.java#L50
-        AuthPlayer authPlayer = AuthPlayer.getAuthPlayer(player);
-
-        boolean registerSuccess = authPlayer.setPassword(password, Config.passwordHashType);
-        if (registerSuccess) {
-            //login in the player after registration
-            return forceLogin(player);
-        }
-
-        return false;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/xAuthHook.java

@@ -1,91 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import de.luricos.bukkit.xAuth.xAuth;
-import de.luricos.bukkit.xAuth.xAuthPlayer;
-
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/LycanDevelopment/xAuth/
- *
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/xauth/
- */
-public class xAuthHook implements BukkitAuthPlugin {
-
-    protected final xAuth xAuthPlugin = xAuth.getPlugin();
-
-    @Override
-    public boolean forceLogin(final Player player) {
-        //not thread-safe
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(xAuthPlugin, new Callable<Boolean>() {
-            @Override
-            public Boolean call() throws Exception {
-                xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
-                if (xAuthPlayer != null) {
-                    //we checked that the player is premium (paid account)
-                    //unprotect the inventory, op status...
-                    xAuthPlayer.setPremium(true);
-
-                    xAuthPlugin.getPlayerManager().doLogin(xAuthPlayer);
-                    return true;
-                }
-
-                return false;
-            }
-        });
-
-        try {
-            return future.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            xAuthPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        //this will load the player if it's not in the cache
-        xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(playerName);
-        return xAuthPlayer != null && xAuthPlayer.isRegistered();
-    }
-
-    @Override
-    public boolean forceRegister(final Player player, final String password) {
-        //not thread-safe
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(xAuthPlugin, new Callable<Boolean>() {
-            @Override
-            public Boolean call() throws Exception {
-                xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
-                if (xAuthPlayer != null) {
-                    //this should run async because the plugin executes a sql query, but the method
-                    //accesses non thread-safe collections :(
-                    boolean registerSuccess = xAuthPlugin.getAuthClass(xAuthPlayer)
-                            .adminRegister(player.getName(), password, null);
-
-                    if (registerSuccess) {
-                        //login in the player after registration
-                        return forceLogin(player);
-                    }
-                }
-
-                return false;
-            }
-        });
-
-        try {
-            return future.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            xAuthPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BukkitJoinListener.java

@@ -1,55 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener;
-
-import com.comphenix.protocol.wrappers.WrappedGameProfile;
-import com.comphenix.protocol.wrappers.WrappedSignedProperty;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.ForceLoginTask;
-import com.github.games647.fastlogin.bukkit.PlayerSession;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.bukkit.event.EventHandler;
-import org.bukkit.event.Listener;
-import org.bukkit.event.player.PlayerJoinEvent;
-import org.bukkit.event.player.PlayerQuitEvent;
-
-/**
- * This listener tells authentication plugins if the player has a premium account and we checked it successfully. So the
- * plugin can skip authentication.
- */
-public class BukkitJoinListener implements Listener {
-
-    private static final long DELAY_LOGIN = 1 * 20L / 2;
-
-    protected final FastLoginBukkit plugin;
-
-    public BukkitJoinListener(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @EventHandler(ignoreCancelled = true)
-    public void onPlayerJoin(PlayerJoinEvent joinEvent) {
-        final Player player = joinEvent.getPlayer();
-
-        //removing the session because we now use it
-        final PlayerSession session = plugin.getSessions().get(player.getAddress().toString());
-        if (session != null && plugin.getConfig().getBoolean("forwardSkin")) {
-            WrappedGameProfile gameProfile = WrappedGameProfile.fromPlayer(player);
-            WrappedSignedProperty skin = session.getSkin();
-            if (skin != null) {
-                gameProfile.getProperties().put("textures", skin);
-            }
-        }
-
-        //Wait before auth plugin and we received a message from BungeeCord initializes the player
-        Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, new ForceLoginTask(plugin, player), DELAY_LOGIN);
-    }
-
-    @EventHandler
-    public void onPlayerQuit(PlayerQuitEvent quitEvent) {
-        final Player player = quitEvent.getPlayer();
-
-        //prevent memory leaks
-        player.removeMetadata(plugin.getName(), plugin);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BungeeCordListener.java

@@ -1,114 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.PlayerSession;
-import com.github.games647.fastlogin.bukkit.hooks.BukkitAuthPlugin;
-import com.google.common.base.Charsets;
-import com.google.common.io.ByteArrayDataInput;
-import com.google.common.io.ByteStreams;
-import com.google.common.io.Files;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.UUID;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.bukkit.metadata.FixedMetadataValue;
-import org.bukkit.plugin.messaging.PluginMessageListener;
-
-/**
- * Responsible for receiving messages from a BungeeCord instance.
- *
- * This class also receives the plugin message from the bungeecord version of this plugin in order to get notified if
- * the connection is in online mode.
- */
-public class BungeeCordListener implements PluginMessageListener {
-
-    private static final String FILE_NAME = "proxy-whitelist.txt";
-
-    protected final FastLoginBukkit plugin;
-    //null if whitelist is empty so bungeecord support is disabled
-    private final UUID proxyId;
-
-    public BungeeCordListener(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-        this.proxyId = loadBungeeCordId();
-    }
-
-    @Override
-    public void onPluginMessageReceived(String channel, Player player, byte[] message) {
-        if (!channel.equals(plugin.getName())) {
-            return;
-        }
-
-        ByteArrayDataInput dataInput = ByteStreams.newDataInput(message);
-        String subchannel = dataInput.readUTF();
-        plugin.getLogger().log(Level.FINEST, "Received plugin message for subchannel {0} from {1}"
-                , new Object[]{subchannel, player});
-
-        final String playerName = dataInput.readUTF();
-
-        //check if the player is still online or disconnected
-        final Player checkedPlayer = plugin.getServer().getPlayerExact(playerName);
-        //fail if target player is blacklisted because already authed or wrong bungeecord id
-        if (checkedPlayer != null && !checkedPlayer.hasMetadata(plugin.getName())) {
-            //bungeecord UUID
-            long mostSignificantBits = dataInput.readLong();
-            long leastSignificantBits = dataInput.readLong();
-            UUID sourceId = new UUID(mostSignificantBits, leastSignificantBits);
-            //fail if BungeeCord support is disabled (id = null)
-            if (sourceId.equals(proxyId)) {
-                final PlayerSession playerSession = new PlayerSession(playerName);
-                if ("AUTO_LOGIN".equalsIgnoreCase(subchannel)) {
-                    playerSession.setVerified(true);
-                    playerSession.setRegistered(true);
-                    plugin.getSessions().put(checkedPlayer.getAddress().toString(), playerSession);
-                } else if ("AUTO_REGISTER".equalsIgnoreCase(subchannel)) {
-                    playerSession.setVerified(true);
-
-                    Bukkit.getScheduler().runTaskAsynchronously(plugin, new Runnable() {
-                        @Override
-                        public void run() {
-                            BukkitAuthPlugin authPlugin = plugin.getAuthPlugin();
-                            try {
-                                //we need to check if the player is registered on Bukkit too
-                                if (authPlugin != null && !authPlugin.isRegistered(playerName)) {
-                                    plugin.getSessions().put(checkedPlayer.getAddress().toString(), playerSession);
-                                }
-                            } catch (Exception ex) {
-                                plugin.getLogger().log(Level.SEVERE, "Failed to query isRegistered", ex);
-                            }
-                        }
-                    });
-                }
-            } else {
-                //blacklist target for the current login
-                checkedPlayer.setMetadata(plugin.getName(), new FixedMetadataValue(plugin, true));
-            }
-        }
-    }
-
-    public UUID loadBungeeCordId() {
-        File whitelistFile = new File(plugin.getDataFolder(), FILE_NAME);
-        //create a new folder if it doesn't exist. Fail silently otherwise
-        whitelistFile.getParentFile().mkdir();
-        try {
-            if (!whitelistFile.exists()) {
-                whitelistFile.createNewFile();
-            }
-
-            String firstLine = Files.readFirstLine(whitelistFile, Charsets.UTF_8);
-            if (firstLine != null && !firstLine.isEmpty()) {
-                return UUID.fromString(firstLine.trim());
-            }
-        } catch (IOException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Failed to create file for Proxy whitelist", ex);
-        } catch (Exception ex) {
-            plugin.getLogger().log(Level.SEVERE, "Failed to retrieve proxy Id. Disabling BungeeCord support", ex);
-        }
-
-        return null;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BungeeListener.java

@@ -0,0 +1,129 @@
+package com.github.games647.fastlogin.bukkit.listener;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.task.ForceLoginTask;
+import com.github.games647.fastlogin.core.PremiumStatus;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import com.github.games647.fastlogin.core.message.LoginActionMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage.Type;
+import com.google.common.io.ByteArrayDataInput;
+import com.google.common.io.ByteStreams;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collections;
+import java.util.Set;
+import java.util.UUID;
+import java.util.stream.Stream;
+
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.plugin.messaging.PluginMessageListener;
+
+import static java.util.stream.Collectors.toSet;
+
+/**
+ * Responsible for receiving messages from a BungeeCord instance.
+ *
+ * This class also receives the plugin message from the bungeecord version of this plugin in order to get notified if
+ * the connection is in online mode.
+ */
+public class BungeeListener implements PluginMessageListener {
+
+    private static final String FILE_NAME = "proxy-whitelist.txt";
+
+    private final FastLoginBukkit plugin;
+    //null if whitelist is empty so bungeecord support is disabled
+    private final Set<UUID> proxyIds;
+
+    public BungeeListener(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+        this.proxyIds = loadBungeeCordIds();
+    }
+
+    @Override
+    public void onPluginMessageReceived(String channel, Player player, byte[] message) {
+        ByteArrayDataInput dataInput = ByteStreams.newDataInput(message);
+
+        LoginActionMessage loginMessage = new LoginActionMessage();
+        loginMessage.readFrom(dataInput);
+
+        plugin.getLog().debug("Received plugin message {}", loginMessage);
+
+        //check if the player is still online or disconnected
+        Player checkedPlayer = Bukkit.getPlayerExact(loginMessage.getPlayerName());
+        if (checkedPlayer == null) {
+            return;
+        }
+
+        //fail if target player is blacklisted because already authenticated or wrong bungeecord id
+        if (checkedPlayer.hasMetadata(plugin.getName())) {
+            plugin.getLog().warn("Received message {} from a blacklisted player {}", loginMessage, checkedPlayer);
+        } else {
+            //fail if BungeeCord support is disabled (id = null)
+            UUID sourceId = loginMessage.getProxyId();
+            if (proxyIds.contains(sourceId)) {
+                readMessage(checkedPlayer, loginMessage);
+            } else {
+                plugin.getLog().warn("Received proxy id: {} that doesn't exist in the proxy whitelist file", sourceId);
+            }
+        }
+    }
+
+    private void readMessage(Player player, LoginActionMessage message) {
+        String playerName = message.getPlayerName();
+        Type type = message.getType();
+
+        InetSocketAddress address = player.getAddress();
+        String id = '/' + address.getAddress().getHostAddress() + ':' + address.getPort();
+        if (type == Type.LOGIN) {
+            BukkitLoginSession playerSession = new BukkitLoginSession(playerName, true);
+            playerSession.setVerified(true);
+            plugin.getLoginSessions().put(id, playerSession);
+
+            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, new ForceLoginTask(plugin.getCore(), player), 10L);
+        } else if (type == Type.REGISTER) {
+            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, () -> {
+                AuthPlugin<Player> authPlugin = plugin.getCore().getAuthPluginHook();
+                try {
+                    //we need to check if the player is registered on Bukkit too
+                    if (authPlugin == null || !authPlugin.isRegistered(playerName)) {
+                        BukkitLoginSession playerSession = new BukkitLoginSession(playerName, false);
+                        playerSession.setVerified(true);
+                        plugin.getLoginSessions().put(id, playerSession);
+                        new ForceLoginTask(plugin.getCore(), player).run();
+                    }
+                } catch (Exception ex) {
+                    plugin.getLog().error("Failed to query isRegistered for player: {}", player, ex);
+                }
+            }, 10L);
+        } else if (type == Type.CRACKED) {
+            //we don't start a force login task here so update it manually
+            plugin.getPremiumPlayers().put(player.getUniqueId(), PremiumStatus.CRACKED);
+        }
+    }
+
+    public Set<UUID> loadBungeeCordIds() {
+        Path whitelistFile = plugin.getPluginFolder().resolve(FILE_NAME);
+        try {
+            if (Files.notExists(whitelistFile)) {
+                Files.createFile(whitelistFile);
+            }
+
+            try (Stream<String> lines = Files.lines(whitelistFile)) {
+                return lines.map(String::trim)
+                        .map(UUID::fromString)
+                        .collect(toSet());
+            }
+        } catch (IOException ex) {
+            plugin.getLog().error("Failed to create file for Proxy whitelist", ex);
+        } catch (Exception ex) {
+            plugin.getLog().error("Failed to retrieve proxy Id. Disabling BungeeCord support", ex);
+        }
+
+        return Collections.emptySet();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/ConnectionListener.java

@@ -0,0 +1,60 @@
+package com.github.games647.fastlogin.bukkit.listener;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.task.ForceLoginTask;
+
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.PlayerJoinEvent;
+import org.bukkit.event.player.PlayerLoginEvent;
+import org.bukkit.event.player.PlayerLoginEvent.Result;
+import org.bukkit.event.player.PlayerQuitEvent;
+
+/**
+ * This listener tells authentication plugins if the player has a premium account and we checked it successfully. So the
+ * plugin can skip authentication.
+ */
+public class ConnectionListener implements Listener {
+
+    private static final long DELAY_LOGIN = 20L / 2;
+
+    private final FastLoginBukkit plugin;
+
+    public ConnectionListener(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(priority = EventPriority.LOWEST)
+    public void onPlayerLogin(PlayerLoginEvent loginEvent) {
+        if (loginEvent.getResult() == Result.ALLOWED && !plugin.isServerFullyStarted()) {
+            loginEvent.disallow(Result.KICK_OTHER, plugin.getCore().getMessage("not-started"));
+        }
+    }
+
+    @EventHandler(ignoreCancelled = true)
+    public void onPlayerJoin(PlayerJoinEvent joinEvent) {
+        Player player = joinEvent.getPlayer();
+
+        removeBlacklistStatus(player);
+        if (!plugin.isBungeeEnabled()) {
+            //Wait before auth plugin and we received a message from BungeeCord initializes the player
+            Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player);
+            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, forceLoginTask, DELAY_LOGIN);
+        }
+    }
+
+    @EventHandler
+    public void onPlayerQuit(PlayerQuitEvent quitEvent) {
+        Player player = quitEvent.getPlayer();
+        removeBlacklistStatus(player);
+
+        plugin.getPremiumPlayers().remove(player.getUniqueId());
+    }
+
+    private void removeBlacklistStatus(Player player) {
+        player.removeMetadata(plugin.getName(), plugin);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/EncryptionPacketListener.java

@@ -1,228 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener;
-
-import com.comphenix.protocol.PacketType;
-import com.comphenix.protocol.ProtocolManager;
-import com.comphenix.protocol.events.PacketAdapter;
-import com.comphenix.protocol.events.PacketContainer;
-import com.comphenix.protocol.events.PacketEvent;
-import com.comphenix.protocol.injector.server.TemporaryPlayerFactory;
-import com.comphenix.protocol.reflect.FuzzyReflection;
-import com.comphenix.protocol.wrappers.WrappedChatComponent;
-import com.comphenix.protocol.wrappers.WrappedGameProfile;
-import com.github.games647.fastlogin.bukkit.EncryptionUtil;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.PlayerSession;
-
-import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.PrivateKey;
-import java.util.Arrays;
-import java.util.UUID;
-import java.util.logging.Level;
-
-import javax.crypto.SecretKey;
-
-import org.bukkit.entity.Player;
-
-/**
- * Handles incoming encryption responses from connecting clients.
- * It prevents them from reaching the server because that cannot handle
- * it in offline mode.
- *
- * Moreover this manages a started premium check from
- * this plugin. So check if all data is correct and we can prove him as a
- * owner of a paid minecraft account.
- *
- * Receiving packet information:
- * http://wiki.vg/Protocol#Encryption_Response
- *
- * sharedSecret=encrypted byte array
- * verify token=encrypted byte array
- */
-public class EncryptionPacketListener extends PacketAdapter {
-
-    private final ProtocolManager protocolManager;
-    //hides the inherit Plugin plugin field, but we need this type
-    private final FastLoginBukkit plugin;
-
-    public EncryptionPacketListener(FastLoginBukkit plugin, ProtocolManager protocolManger) {
-        //run async in order to not block the server, because we make api calls to Mojang
-        super(params(plugin, PacketType.Login.Client.ENCRYPTION_BEGIN).optionAsync());
-
-        this.plugin = plugin;
-        this.protocolManager = protocolManger;
-    }
-
-    /**
-     * C->S : Handshake State=2
-     * C->S : Login Start
-     * S->C : Encryption Key Request
-     * (Client Auth)
-     * C->S : Encryption Key Response
-     * (Server Auth, Both enable encryption)
-     * S->C : Login Success (*)
-     *
-     * On offline logins is Login Start followed by Login Success
-     *
-     * Minecraft Server implementation
-     * https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L180
-     */
-    @Override
-    public void onPacketReceiving(PacketEvent packetEvent) {
-        Player player = packetEvent.getPlayer();
-
-        //the player name is unknown to ProtocolLib (so getName() doesn't work) - now uses ip:port as key
-        String uniqueSessionKey = player.getAddress().toString();
-        PlayerSession session = plugin.getSessions().get(uniqueSessionKey);
-        if (session == null) {
-            disconnect(packetEvent, "Invalid request", Level.FINE
-                    , "Player {0} tried to send encryption response at invalid state"
-                    , player.getAddress());
-            return;
-        }
-
-        PrivateKey privateKey = plugin.getServerKey().getPrivate();
-
-        byte[] sharedSecret = packetEvent.getPacket().getByteArrays().read(0);
-        SecretKey loginKey = EncryptionUtil.decryptSharedKey(privateKey, sharedSecret);
-        if (!checkVerifyToken(session, privateKey, packetEvent) || !encryptConnection(player, loginKey, packetEvent)) {
-            return;
-        }
-
-        //this makes sure the request from the client is for us
-        //this might be relevant http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
-        String generatedId = session.getServerId();
-
-        //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L193
-        //generate the server id based on client and server data
-        byte[] serverIdHash = EncryptionUtil.getServerIdHash(generatedId, plugin.getServerKey().getPublic(), loginKey);
-        String serverId = (new BigInteger(serverIdHash)).toString(16);
-
-        String username = session.getUsername();
-        if (plugin.getApiConnector().hasJoinedServer(session, serverId)) {
-            plugin.getLogger().log(Level.FINE, "Player {0} has a verified premium account", username);
-
-            session.setVerified(true);
-            setPremiumUUID(session, player);
-            receiveFakeStartPacket(username, player);
-        } else {
-            //user tried to fake a authentication
-            disconnect(packetEvent, "Invalid session", Level.FINE
-                    , "Player {0} ({1}) tried to log in with an invalid session ServerId: {2}"
-                    , session.getUsername(), player.getAddress(), serverId);
-        }
-
-        //this is a fake packet; it shouldn't be send to the server
-        packetEvent.setCancelled(true);
-    }
-
-    private void setPremiumUUID(PlayerSession session, Player player) {
-        UUID uuid = session.getUuid();
-        if (plugin.getConfig().getBoolean("premiumUuid") && uuid != null) {
-            try {
-                Object networkManager = getNetworkManager(player);
-                //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/NetworkManager.java#L69
-                Field spoofField = FuzzyReflection.fromObject(networkManager).getFieldByType("spoofedUUID", UUID.class);
-                spoofField.set(networkManager, uuid);
-            } catch (ReflectiveOperationException reflectiveOperationException) {
-                plugin.getLogger().log(Level.SEVERE, "Error setting premium uuid", reflectiveOperationException);
-            }
-        }
-    }
-
-    private boolean checkVerifyToken(PlayerSession session, PrivateKey privateKey, PacketEvent packetEvent) {
-        byte[] requestVerify = session.getVerifyToken();
-        //encrypted verify token
-        byte[] responseVerify = packetEvent.getPacket().getByteArrays().read(1);
-
-        //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L182
-        if (!Arrays.equals(requestVerify, EncryptionUtil.decryptData(privateKey, responseVerify))) {
-            //check if the verify token are equal to the server sent one
-            disconnect(packetEvent, "Invalid token", Level.FINE
-                    , "Player {0} ({1}) tried to login with an invalid verify token. "
-                            + "Server: {2} Client: {3}"
-                    , session.getUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);
-            return false;
-        }
-
-        return true;
-    }
-
-    //try to get the networkManager from ProtocolLib
-    private Object getNetworkManager(Player player)
-            throws IllegalAccessException, NoSuchFieldException {
-        Object socketInjector = TemporaryPlayerFactory.getInjectorFromPlayer(player);
-        Field injectorField = socketInjector.getClass().getDeclaredField("injector");
-        injectorField.setAccessible(true);
-
-        Object rawInjector = injectorField.get(socketInjector);
-
-        injectorField = rawInjector.getClass().getDeclaredField("networkManager");
-        injectorField.setAccessible(true);
-        return injectorField.get(rawInjector);
-    }
-
-    private boolean encryptConnection(Player player, SecretKey loginKey, PacketEvent packetEvent)
-            throws IllegalArgumentException {
-        try {
-            //get the NMS connection handle of this player
-            Object networkManager = getNetworkManager(player);
-
-            //try to detect the method by parameters
-            Method encryptConnectionMethod = FuzzyReflection.fromObject(networkManager)
-                    .getMethodByParameters("a", SecretKey.class);
-
-            //encrypt/decrypt following packets
-            //the client expects this behaviour
-            encryptConnectionMethod.invoke(networkManager, loginKey);
-        } catch (ReflectiveOperationException ex) {
-            disconnect(packetEvent, "Error occurred", Level.SEVERE, "Couldn't enable encryption", ex);
-            return false;
-        }
-
-        return true;
-    }
-
-    private void disconnect(PacketEvent packetEvent, String kickReason, Level logLevel, String logMessage
-            , Object... arguments) {
-        plugin.getLogger().log(logLevel, logMessage, arguments);
-        kickPlayer(packetEvent.getPlayer(), kickReason);
-        //cancel the event in order to prevent the server receiving an invalid packet
-        packetEvent.setCancelled(true);
-    }
-
-    private void kickPlayer(Player player, String reason) {
-        PacketContainer kickPacket = protocolManager.createPacket(PacketType.Login.Server.DISCONNECT);
-        kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(reason));
-
-        try {
-            //send kick packet at login state
-            //the normal event.getPlayer.kickPlayer(String) method does only work at play state
-            protocolManager.sendServerPacket(player, kickPacket);
-            //tell the server that we want to close the connection
-            player.kickPlayer("Disconnect");
-        } catch (InvocationTargetException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Error sending kickpacket", ex);
-        }
-    }
-
-    //fake a new login packet in order to let the server handle all the other stuff
-    private void receiveFakeStartPacket(String username, Player from) {
-        //see StartPacketListener for packet information
-        PacketContainer startPacket = protocolManager.createPacket(PacketType.Login.Client.START);
-
-        //uuid is ignored by the packet definition
-        WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username);
-        startPacket.getGameProfiles().write(0, fakeProfile);
-        try {
-            //we don't want to handle our own packets so ignore filters
-            protocolManager.recieveClientPacket(from, startPacket, false);
-        } catch (InvocationTargetException | IllegalAccessException ex) {
-            plugin.getLogger().log(Level.WARNING, "Failed to fake a new start packet", ex);
-            //cancel the event in order to prevent the server receiving an invalid packet
-            kickPlayer(from, "Error occured");
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/ProtocolSupportListener.java

@@ -1,84 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.PlayerProfile;
-import com.github.games647.fastlogin.bukkit.PlayerSession;
-import com.github.games647.fastlogin.bukkit.hooks.BukkitAuthPlugin;
-
-import java.net.InetSocketAddress;
-import java.util.UUID;
-import java.util.logging.Level;
-
-import org.bukkit.event.EventHandler;
-import org.bukkit.event.Listener;
-
-import protocolsupport.api.events.PlayerLoginStartEvent;
-import protocolsupport.api.events.PlayerPropertiesResolveEvent;
-
-public class ProtocolSupportListener implements Listener {
-
-    protected final FastLoginBukkit plugin;
-
-    public ProtocolSupportListener(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @EventHandler(ignoreCancelled = true)
-    public void onLoginStart(PlayerLoginStartEvent loginStartEvent) {
-        if (loginStartEvent.isLoginDenied()) {
-            return;
-        }
-
-        String username = loginStartEvent.getName();
-
-        //remove old data every time on a new login in order to keep the session only for one person
-        plugin.getSessions().remove(username);
-
-        PlayerProfile playerProfile = plugin.getStorage().getProfile(username, true);
-        if (playerProfile != null) {
-            if (playerProfile.isPremium()) {
-                if (playerProfile.getUserId() != -1) {
-                    startPremiumSession(username, loginStartEvent, true);
-                }
-            } else if (playerProfile.getUserId() == -1) {
-                //user not exists in the db
-                BukkitAuthPlugin authPlugin = plugin.getAuthPlugin();
-                try {
-                    if (plugin.getConfig().getBoolean("autoRegister") && !authPlugin.isRegistered(username)) {
-                        UUID premiumUUID = plugin.getApiConnector().getPremiumUUID(username);
-                        if (premiumUUID != null) {
-                            plugin.getLogger().log(Level.FINER, "Player {0} uses a premium username", username);
-                            startPremiumSession(username, loginStartEvent, false);
-                        }
-                    }
-                } catch (Exception ex) {
-                    plugin.getLogger().log(Level.SEVERE, "Failed to query isRegistered", ex);
-                }
-            }
-        }
-    }
-
-    @EventHandler(ignoreCancelled = true)
-    public void onPropertiesResolve(PlayerPropertiesResolveEvent propertiesResolveEvent) {
-        //skin was resolved -> premium player
-        if (propertiesResolveEvent.hasProperty("textures")) {
-            InetSocketAddress address = propertiesResolveEvent.getAddress();
-            PlayerSession session = plugin.getSessions().get(address.toString());
-            if (session != null) {
-                session.setVerified(true);
-            }
-        }
-    }
-
-    private void startPremiumSession(String playerName, PlayerLoginStartEvent loginStartEvent, boolean registered) {
-        loginStartEvent.setOnlineMode(true);
-        InetSocketAddress address = loginStartEvent.getAddress();
-
-        PlayerSession playerSession = new PlayerSession(playerName, null, null);
-        playerSession.setRegistered(registered);
-        plugin.getSessions().put(address.toString(), playerSession);
-        if (plugin.getConfig().getBoolean("premiumUuid")) {
-            loginStartEvent.setUseOnlineModeUUID(true);
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/StartPacketListener.java

@@ -1,149 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener;
-
-import com.comphenix.protocol.PacketType;
-import com.comphenix.protocol.ProtocolManager;
-import com.comphenix.protocol.events.PacketAdapter;
-import com.comphenix.protocol.events.PacketContainer;
-import com.comphenix.protocol.events.PacketEvent;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.PlayerProfile;
-import com.github.games647.fastlogin.bukkit.PlayerSession;
-import com.github.games647.fastlogin.bukkit.hooks.BukkitAuthPlugin;
-
-import java.lang.reflect.InvocationTargetException;
-import java.security.PublicKey;
-import java.util.Random;
-import java.util.UUID;
-import java.util.logging.Level;
-
-import org.bukkit.entity.Player;
-
-/**
- * Handles incoming start packets from connecting clients. It
- * checks if we can start checking if the player is premium and
- * start a request to the client that it should start online mode
- * login.
- *
- * Receiving packet information:
- * http://wiki.vg/Protocol#Login_Start
- *
- * String=Username
- */
-public class StartPacketListener extends PacketAdapter {
-
-    private static final int VERIFY_TOKEN_LENGTH = 4;
-
-    private final ProtocolManager protocolManager;
-    //hides the inherit Plugin plugin field, but we need a more detailed type than just Plugin
-    private final FastLoginBukkit plugin;
-
-    //just create a new once on plugin enable. This used for verify token generation
-    private final Random random = new Random();
-
-    public StartPacketListener(FastLoginBukkit plugin, ProtocolManager protocolManger) {
-        //run async in order to not block the server, because we are making api calls to Mojang
-        super(params(plugin, PacketType.Login.Client.START).optionAsync());
-
-        this.plugin = plugin;
-        this.protocolManager = protocolManger;
-    }
-
-    /**
-     * C->S : Handshake State=2
-     * C->S : Login Start
-     * S->C : Encryption Key Request
-     * (Client Auth)
-     * C->S : Encryption Key Response
-     * (Server Auth, Both enable encryption)
-     * S->C : Login Success (*)
-     *
-     * On offline logins is Login Start followed by Login Success
-     */
-    @Override
-    public void onPacketReceiving(PacketEvent packetEvent) {
-        final Player player = packetEvent.getPlayer();
-
-        //this includes ip:port. Should be unique for an incoming login request with a timeout of 2 minutes
-        String sessionKey = player.getAddress().toString();
-
-        //remove old data every time on a new login in order to keep the session only for one person
-        plugin.getSessions().remove(sessionKey);
-
-        //player.getName() won't work at this state
-        PacketContainer packet = packetEvent.getPacket();
-        String username = packet.getGameProfiles().read(0).getName();
-        plugin.getLogger().log(Level.FINER, "Player {0} with {1} connecting to the server"
-                , new Object[]{sessionKey, username});
-
-        PlayerProfile playerProfile = plugin.getStorage().getProfile(username, true);
-        if (playerProfile != null) {
-            if (playerProfile.isPremium()) {
-                if (playerProfile.getUserId() != -1) {
-                    enablePremiumLogin(username, sessionKey, player, packetEvent, true);
-                }
-            } else if (playerProfile.getUserId() == -1) {
-                //user not exists in the db
-                BukkitAuthPlugin authPlugin = plugin.getAuthPlugin();
-                try {
-                    if (plugin.getConfig().getBoolean("autoRegister") && !authPlugin.isRegistered(username)) {
-                        UUID premiumUUID = plugin.getApiConnector().getPremiumUUID(username);
-                        if (premiumUUID != null) {
-                            plugin.getLogger().log(Level.FINER, "Player {0} uses a premium username", username);
-                            enablePremiumLogin(username, sessionKey, player, packetEvent, false);
-                        }
-                    }
-                } catch (Exception ex) {
-                    plugin.getLogger().log(Level.SEVERE, "Failed to query isRegistered", ex);
-                }
-            }
-        }
-    }
-
-    //minecraft server implementation
-    //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L161
-    private void enablePremiumLogin(String username, String sessionKey, Player player, PacketEvent packetEvent
-            , boolean registered) {
-        //randomized server id to make sure the request is for our server
-        //this could be relevant http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
-        String serverId = Long.toString(random.nextLong(), 16);
-
-        //generate a random token which should be the same when we receive it from the client
-        byte[] verifyToken = new byte[VERIFY_TOKEN_LENGTH];
-        random.nextBytes(verifyToken);
-
-        boolean success = sentEncryptionRequest(player, serverId, verifyToken);
-        if (success) {
-            PlayerSession playerSession = new PlayerSession(username, serverId, verifyToken);
-            playerSession.setRegistered(registered);
-            plugin.getSessions().put(sessionKey, playerSession);
-            //cancel only if the player has a paid account otherwise login as normal offline player
-            packetEvent.setCancelled(true);
-        }
-    }
-
-    private boolean sentEncryptionRequest(Player player, String serverId, byte[] verifyToken) {
-        try {
-            /**
-             * Packet Information: http://wiki.vg/Protocol#Encryption_Request
-             *
-             * ServerID="" (String)
-             * key=public server key
-             * verifyToken=random 4 byte array
-             */
-            PacketContainer newPacket = protocolManager.createPacket(PacketType.Login.Server.ENCRYPTION_BEGIN);
-
-            newPacket.getStrings().write(0, serverId);
-            newPacket.getSpecificModifier(PublicKey.class).write(0, plugin.getServerKey().getPublic());
-
-            newPacket.getByteArrays().write(0, verifyToken);
-
-            //serverId is a empty string
-            protocolManager.sendServerPacket(player, newPacket);
-            return true;
-        } catch (InvocationTargetException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Cannot send encryption packet. Falling back to normal login", ex);
-        }
-
-        return false;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java

@@ -0,0 +1,109 @@
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.events.PacketEvent;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+
+import java.security.PublicKey;
+import java.util.Random;
+
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+
+public class NameCheckTask extends JoinManagement<Player, CommandSender, ProtocolLibLoginSource>
+        implements Runnable {
+
+    private final FastLoginBukkit plugin;
+    private final PacketEvent packetEvent;
+    private final PublicKey publicKey;
+
+    private final Random random;
+
+    private final Player player;
+    private final String username;
+
+    public NameCheckTask(FastLoginBukkit plugin, PacketEvent packetEvent, Random random,
+                         Player player, String username, PublicKey publicKey) {
+        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
+
+        this.plugin = plugin;
+        this.packetEvent = packetEvent;
+        this.publicKey = publicKey;
+        this.random = random;
+        this.player = player;
+        this.username = username;
+    }
+
+    @Override
+    public void run() {
+        try {
+            super.onLogin(username, new ProtocolLibLoginSource(packetEvent, player, random, publicKey));
+        } finally {
+            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
+        }
+    }
+
+    @Override
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLibLoginSource source, StoredProfile profile) {
+        BukkitFastLoginPreLoginEvent event = new BukkitFastLoginPreLoginEvent(username, source, profile);
+        plugin.getServer().getPluginManager().callEvent(event);
+        return event;
+    }
+
+    //Minecraft server implementation
+    //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L161
+    @Override
+    public void requestPremiumLogin(ProtocolLibLoginSource source, StoredProfile profile
+            , String username, boolean registered) {
+        try {
+            source.setOnlineMode();
+        } catch (Exception ex) {
+            plugin.getLog().error("Cannot send encryption packet. Falling back to cracked login for: {}", profile, ex);
+            return;
+        }
+
+        String ip = player.getAddress().getAddress().getHostAddress();
+        core.getPendingLogin().put(ip + username, new Object());
+
+        String serverId = source.getServerId();
+        byte[] verify = source.getVerifyToken();
+
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, serverId, verify, registered, profile);
+        plugin.getLoginSessions().put(player.getAddress().toString(), playerSession);
+        //cancel only if the player has a paid account otherwise login as normal offline player
+        synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
+            packetEvent.setCancelled(true);
+        }
+    }
+
+    @Override
+    public void requestConfirmationLogin(ProtocolLibLoginSource source, StoredProfile profile, String username) {
+        try {
+            source.setOnlineMode();
+        } catch (Exception ex) {
+            plugin.getLog().error("Cannot send encryption packet. Falling back to cracked login for: {}", profile, ex);
+            return;
+        }
+
+        String serverId = source.getServerId();
+        byte[] verify = source.getVerifyToken();
+
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, serverId, verify, profile);
+        plugin.getLoginSessions().put(player.getAddress().toString(), playerSession);
+        //cancel only if the player has a paid account otherwise login as normal offline player
+        synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
+            packetEvent.setCancelled(true);
+        }
+    }
+
+    @Override
+    public void startCrackedSession(ProtocolLibLoginSource source, StoredProfile profile, String username) {
+        BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);
+        plugin.getLoginSessions().put(player.getAddress().toString(), loginSession);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java

@@ -0,0 +1,89 @@
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.comphenix.protocol.PacketType;
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.events.PacketAdapter;
+import com.comphenix.protocol.events.PacketContainer;
+import com.comphenix.protocol.events.PacketEvent;
+import com.github.games647.fastlogin.bukkit.EncryptionUtil;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+
+import java.security.KeyPair;
+import java.security.SecureRandom;
+
+import org.bukkit.entity.Player;
+
+import static com.comphenix.protocol.PacketType.Login.Client.ENCRYPTION_BEGIN;
+import static com.comphenix.protocol.PacketType.Login.Client.START;
+
+public class ProtocolLibListener extends PacketAdapter {
+
+    private static final int WORKER_THREADS = 3;
+
+    private final FastLoginBukkit plugin;
+
+    //just create a new once on plugin enable. This used for verify token generation
+    private final SecureRandom random = new SecureRandom();
+    private final KeyPair keyPair = EncryptionUtil.generateKeyPair();
+
+    public ProtocolLibListener(FastLoginBukkit plugin) {
+        //run async in order to not block the server, because we are making api calls to Mojang
+        super(params()
+                .plugin(plugin)
+                .types(START, ENCRYPTION_BEGIN)
+                .optionAsync());
+
+        this.plugin = plugin;
+    }
+
+    public static void register(FastLoginBukkit plugin) {
+        //they will be created with a static builder, because otherwise it will throw a NoClassDefFoundError
+        ProtocolLibrary.getProtocolManager()
+                .getAsynchronousManager()
+                .registerAsyncHandler(new ProtocolLibListener(plugin))
+                .start(WORKER_THREADS);
+    }
+
+    @Override
+    public void onPacketReceiving(PacketEvent packetEvent) {
+        if (packetEvent.isCancelled()
+                || plugin.getCore().getAuthPluginHook()== null
+                || !plugin.isServerFullyStarted()) {
+            return;
+        }
+
+        Player sender = packetEvent.getPlayer();
+        PacketType packetType = packetEvent.getPacketType();
+        if (packetType == START) {
+            onLogin(packetEvent, sender);
+        } else {
+            onEncryptionBegin(packetEvent, sender);
+        }
+    }
+
+    private void onEncryptionBegin(PacketEvent packetEvent, Player sender) {
+        byte[] sharedSecret = packetEvent.getPacket().getByteArrays().read(0);
+
+        packetEvent.getAsyncMarker().incrementProcessingDelay();
+        Runnable verifyTask = new VerifyResponseTask(plugin, packetEvent, sender, sharedSecret, keyPair);
+        plugin.getScheduler().runAsync(verifyTask);
+    }
+
+    private void onLogin(PacketEvent packetEvent, Player player) {
+        //this includes ip:port. Should be unique for an incoming login request with a timeout of 2 minutes
+        String sessionKey = player.getAddress().toString();
+
+        //remove old data every time on a new login in order to keep the session only for one person
+        plugin.getLoginSessions().remove(sessionKey);
+
+        //player.getName() won't work at this state
+        PacketContainer packet = packetEvent.getPacket();
+
+        String username = packet.getGameProfiles().read(0).getName();
+        plugin.getLog().trace("GameProfile {} with {} connecting", sessionKey, username);
+
+        packetEvent.getAsyncMarker().incrementProcessingDelay();
+        Runnable nameCheckTask = new NameCheckTask(plugin, packetEvent, random, player, username, keyPair.getPublic());
+        plugin.getScheduler().runAsync(nameCheckTask);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java

@@ -0,0 +1,100 @@
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.ProtocolManager;
+import com.comphenix.protocol.events.PacketContainer;
+import com.comphenix.protocol.events.PacketEvent;
+import com.comphenix.protocol.wrappers.WrappedChatComponent;
+import com.github.games647.fastlogin.bukkit.EncryptionUtil;
+import com.github.games647.fastlogin.core.shared.LoginSource;
+
+import java.lang.reflect.InvocationTargetException;
+import java.net.InetSocketAddress;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.Random;
+
+import org.bukkit.entity.Player;
+
+import static com.comphenix.protocol.PacketType.Login.Server.DISCONNECT;
+import static com.comphenix.protocol.PacketType.Login.Server.ENCRYPTION_BEGIN;
+
+public class ProtocolLibLoginSource implements LoginSource {
+
+    private final PacketEvent packetEvent;
+    private final Player player;
+
+    private final Random random;
+    private final PublicKey publicKey;
+
+    private final String serverId = "";
+    private byte[] verifyToken;
+
+    public ProtocolLibLoginSource(PacketEvent packetEvent, Player player, Random random, PublicKey publicKey) {
+        this.packetEvent = packetEvent;
+        this.player = player;
+        this.random = random;
+        this.publicKey = publicKey;
+    }
+
+    @Override
+    public void setOnlineMode() throws Exception {
+        verifyToken = EncryptionUtil.generateVerifyToken(random);
+
+        /*
+         * Packet Information: https://wiki.vg/Protocol#Encryption_Request
+         *
+         * ServerID="" (String) key=public server key verifyToken=random 4 byte array
+         */
+        PacketContainer newPacket = new PacketContainer(ENCRYPTION_BEGIN);
+
+        newPacket.getStrings().write(0, serverId);
+        newPacket.getSpecificModifier(PublicKey.class).write(0, publicKey);
+
+        newPacket.getByteArrays().write(0, verifyToken);
+
+        //serverId is a empty string
+        ProtocolLibrary.getProtocolManager().sendServerPacket(player, newPacket);
+    }
+
+    @Override
+    public void kick(String message) throws InvocationTargetException {
+        ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
+
+        PacketContainer kickPacket = new PacketContainer(DISCONNECT);
+        kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(message));
+
+        try {
+            //send kick packet at login state
+            //the normal event.getPlayer.kickPlayer(String) method does only work at play state
+            protocolManager.sendServerPacket(player, kickPacket);
+        } finally {
+            //tell the server that we want to close the connection
+            player.kickPlayer("Disconnect");
+        }
+    }
+
+    @Override
+    public InetSocketAddress getAddress() {
+        return packetEvent.getPlayer().getAddress();
+    }
+
+    public String getServerId() {
+        return serverId;
+    }
+
+    public byte[] getVerifyToken() {
+        return verifyToken.clone();
+    }
+
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + '{' +
+                "packetEvent=" + packetEvent +
+                ", player=" + player +
+                ", random=" + random +
+                ", serverId='" + serverId + '\'' +
+                ", verifyToken=" + Arrays.toString(verifyToken) +
+                '}';
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java

@@ -0,0 +1,70 @@
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.comphenix.protocol.reflect.MethodUtils;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.MethodAccessor;
+import com.comphenix.protocol.utility.MinecraftReflection;
+import com.comphenix.protocol.wrappers.WrappedGameProfile;
+import com.comphenix.protocol.wrappers.WrappedSignedProperty;
+import com.github.games647.craftapi.model.skin.Textures;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+
+import java.lang.reflect.InvocationTargetException;
+
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.PlayerLoginEvent;
+import org.bukkit.event.player.PlayerLoginEvent.Result;
+
+public class SkinApplyListener implements Listener {
+
+    private static final Class<?> GAME_PROFILE = MinecraftReflection.getGameProfileClass();
+    private static final MethodAccessor GET_PROPERTIES = Accessors.getMethodAccessor(GAME_PROFILE, "getProperties");
+
+    private final FastLoginBukkit plugin;
+
+    public SkinApplyListener(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(priority = EventPriority.LOW)
+    //run this on the loginEvent to let skins plugins see the skin like in normal Minecraft behaviour
+    public void onPlayerLogin(PlayerLoginEvent loginEvent) {
+        if (loginEvent.getResult() != Result.ALLOWED) {
+            return;
+        }
+
+        Player player = loginEvent.getPlayer();
+
+        if (plugin.getConfig().getBoolean("forwardSkin")) {
+            //go through every session, because player.getAddress is null 
+            //loginEvent.getAddress is just a InetAddress not InetSocketAddress, so not unique enough
+            for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
+                if (session.getUsername().equals(player.getName())) {
+                    session.getSkin().ifPresent(skin -> applySkin(player, skin.getValue(), skin.getSignature()));
+                    break;
+                }
+            }
+        }
+    }
+
+    private void applySkin(Player player, String skinData, String signature) {
+        WrappedGameProfile gameProfile = WrappedGameProfile.fromPlayer(player);
+
+        WrappedSignedProperty skin = WrappedSignedProperty.fromValues(Textures.KEY, skinData, signature);
+        try {
+            gameProfile.getProperties().put(Textures.KEY, skin);
+        } catch (ClassCastException castException) {
+            //Cauldron, MCPC, Thermos, ...
+            Object map = GET_PROPERTIES.invoke(gameProfile.getHandle());
+            try {
+                MethodUtils.invokeMethod(map, "put", new Object[]{Textures.KEY, skin.getHandle()});
+            } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException ex) {
+                plugin.getLog().error("Error setting premium skin of: {}", player, ex);
+            }
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java

@@ -0,0 +1,234 @@
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.events.PacketContainer;
+import com.comphenix.protocol.events.PacketEvent;
+import com.comphenix.protocol.injector.server.TemporaryPlayerFactory;
+import com.comphenix.protocol.reflect.FieldUtils;
+import com.comphenix.protocol.reflect.FuzzyReflection;
+import com.comphenix.protocol.wrappers.WrappedChatComponent;
+import com.comphenix.protocol.wrappers.WrappedGameProfile;
+import com.github.games647.craftapi.model.auth.Verification;
+import com.github.games647.craftapi.model.skin.SkinProperty;
+import com.github.games647.craftapi.resolver.MojangResolver;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.EncryptionUtil;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.util.Arrays;
+import java.util.Optional;
+import java.util.UUID;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+
+import org.bukkit.entity.Player;
+
+import static com.comphenix.protocol.PacketType.Login.Client.START;
+import static com.comphenix.protocol.PacketType.Login.Server.DISCONNECT;
+
+public class VerifyResponseTask implements Runnable {
+
+    private final FastLoginBukkit plugin;
+    private final PacketEvent packetEvent;
+    private final KeyPair serverKey;
+
+    private final Player player;
+
+    private final byte[] sharedSecret;
+
+    public VerifyResponseTask(FastLoginBukkit plugin, PacketEvent packetEvent, Player player,
+                              byte[] sharedSecret, KeyPair keyPair) {
+        this.plugin = plugin;
+        this.packetEvent = packetEvent;
+        this.player = player;
+        this.sharedSecret = Arrays.copyOf(sharedSecret, sharedSecret.length);
+        this.serverKey = keyPair;
+    }
+
+    @Override
+    public void run() {
+        try {
+            BukkitLoginSession session = plugin.getLoginSessions().get(player.getAddress().toString());
+            if (session == null) {
+                disconnect("invalid-request", true
+                        , "GameProfile {0} tried to send encryption response at invalid state", player.getAddress());
+            } else {
+                verifyResponse(session);
+            }
+        } finally {
+            //this is a fake packet; it shouldn't be send to the server
+            synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
+                packetEvent.setCancelled(true);
+            }
+
+            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
+        }
+    }
+
+    private void verifyResponse(BukkitLoginSession session) {
+        PrivateKey privateKey = serverKey.getPrivate();
+
+        Cipher cipher;
+        SecretKey loginKey;
+        try {
+            cipher = Cipher.getInstance(privateKey.getAlgorithm());
+            cipher.init(Cipher.DECRYPT_MODE, privateKey);
+
+            loginKey = EncryptionUtil.decryptSharedKey(cipher, sharedSecret);
+        } catch (GeneralSecurityException securityEx) {
+            disconnect("error-kick", false, "Cannot decrypt received contents", securityEx);
+            return;
+        }
+
+        try {
+            if (!checkVerifyToken(session, cipher, privateKey) || !encryptConnection(loginKey)) {
+                return;
+            }
+        } catch (Exception ex) {
+            disconnect("error-kick", false, "Cannot decrypt received contents", ex);
+            return;
+        }
+
+        String serverId = EncryptionUtil.getServerIdHashString("", loginKey, serverKey.getPublic());
+
+        String username = session.getUsername();
+        InetSocketAddress socketAddress = player.getAddress();
+        try {
+            MojangResolver resolver = plugin.getCore().getResolver();
+            InetAddress address = socketAddress.getAddress();
+            Optional<Verification> response = resolver.hasJoined(username, serverId, address);
+            if (response.isPresent()) {
+                plugin.getLog().info("GameProfile {} has a verified premium account", username);
+
+                SkinProperty[] properties = response.get().getProperties();
+                if (properties.length > 0) {
+                    session.setSkinProperty(properties[0]);
+                }
+
+                session.setUuid(response.get().getId());
+                session.setVerified(true);
+
+                setPremiumUUID(session.getUuid());
+                receiveFakeStartPacket(username);
+            } else {
+                //user tried to fake a authentication
+                disconnect("invalid-session", true
+                        , "GameProfile {0} ({1}) tried to log in with an invalid session ServerId: {2}"
+                        , session.getUsername(), socketAddress, serverId);
+            }
+        } catch (IOException ioEx) {
+            disconnect("error-kick", false, "Failed to connect to session server", ioEx);
+        }
+    }
+
+    private void setPremiumUUID(UUID premiumUUID) {
+        if (plugin.getConfig().getBoolean("premiumUuid") && premiumUUID != null) {
+            try {
+                Object networkManager = getNetworkManager();
+                //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/NetworkManager.java#L69
+                FieldUtils.writeField(networkManager, "spoofedUUID", premiumUUID, true);
+            } catch (Exception exc) {
+                plugin.getLog().error("Error setting premium uuid of {}", player, exc);
+            }
+        }
+    }
+
+    private boolean checkVerifyToken(BukkitLoginSession session, Cipher cipher, PrivateKey privateKey)
+            throws GeneralSecurityException {
+        byte[] requestVerify = session.getVerifyToken();
+        //encrypted verify token
+        byte[] responseVerify = packetEvent.getPacket().getByteArrays().read(1);
+
+        //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L182
+        if (!Arrays.equals(requestVerify, EncryptionUtil.decrypt(cipher, responseVerify))) {
+            //check if the verify token are equal to the server sent one
+            disconnect("invalid-verify-token", true
+                    , "GameProfile {0} ({1}) tried to login with an invalid verify token. Server: {2} Client: {3}"
+                    , session.getUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);
+            return false;
+        }
+
+        return true;
+    }
+
+    //try to get the networkManager from ProtocolLib
+    private Object getNetworkManager() throws IllegalAccessException, ClassNotFoundException {
+        Object injectorContainer = TemporaryPlayerFactory.getInjectorFromPlayer(player);
+
+        //ChannelInjector
+        Class<?> injectorClass = Class.forName("com.comphenix.protocol.injector.netty.Injector");
+        Object rawInjector = FuzzyReflection.getFieldValue(injectorContainer, injectorClass, true);
+        return FieldUtils.readField(rawInjector, "networkManager", true);
+    }
+
+    private boolean encryptConnection(SecretKey loginKey) throws IllegalArgumentException {
+        try {
+            //get the NMS connection handle of this player
+            Object networkManager = getNetworkManager();
+
+            //try to detect the method by parameters
+            Method encryptMethod = FuzzyReflection
+                    .fromObject(networkManager).getMethodByParameters("a", SecretKey.class);
+
+            //encrypt/decrypt following packets
+            //the client expects this behaviour
+            encryptMethod.invoke(networkManager, loginKey);
+        } catch (Exception ex) {
+            disconnect("error-kick", false, "Couldn't enable encryption", ex);
+            return false;
+        }
+
+        return true;
+    }
+
+    private void disconnect(String reasonKey, boolean debug, String logMessage, Object... arguments) {
+        if (debug) {
+            plugin.getLog().debug(logMessage, arguments);
+        } else {
+            plugin.getLog().error(logMessage, arguments);
+        }
+
+        kickPlayer(plugin.getCore().getMessage(reasonKey));
+    }
+
+    private void kickPlayer(String reason) {
+        PacketContainer kickPacket = new PacketContainer(DISCONNECT);
+        kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(reason));
+        try {
+            //send kick packet at login state
+            //the normal event.getPlayer.kickPlayer(String) method does only work at play state
+            ProtocolLibrary.getProtocolManager().sendServerPacket(player, kickPacket);
+            //tell the server that we want to close the connection
+            player.kickPlayer("Disconnect");
+        } catch (InvocationTargetException ex) {
+            plugin.getLog().error("Error sending kick packet for: {}", player, ex);
+        }
+    }
+
+    //fake a new login packet in order to let the server handle all the other stuff
+    private void receiveFakeStartPacket(String username) {
+        //see StartPacketListener for packet information
+        PacketContainer startPacket = new PacketContainer(START);
+
+        //uuid is ignored by the packet definition
+        WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username);
+        startPacket.getGameProfiles().write(0, fakeProfile);
+        try {
+            //we don't want to handle our own packets so ignore filters
+            ProtocolLibrary.getProtocolManager().recieveClientPacket(player, startPacket, false);
+        } catch (InvocationTargetException | IllegalAccessException ex) {
+            plugin.getLog().warn("Failed to fake a new start packet for: {}", username, ex);
+            //cancel the event in order to prevent the server receiving an invalid packet
+            kickPlayer(plugin.getCore().getMessage("error-kick"));
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolLoginSource.java

@@ -0,0 +1,38 @@
+package com.github.games647.fastlogin.bukkit.listener.protocolsupport;
+
+import com.github.games647.fastlogin.core.shared.LoginSource;
+
+import java.net.InetSocketAddress;
+
+import protocolsupport.api.events.PlayerLoginStartEvent;
+
+public class ProtocolLoginSource implements LoginSource {
+
+    private final PlayerLoginStartEvent loginStartEvent;
+
+    public ProtocolLoginSource(PlayerLoginStartEvent loginStartEvent) {
+        this.loginStartEvent = loginStartEvent;
+    }
+
+    @Override
+    public void setOnlineMode() {
+        loginStartEvent.setOnlineMode(true);
+    }
+
+    @Override
+    public void kick(String message) {
+        loginStartEvent.denyLogin(message);
+    }
+
+    @Override
+    public InetSocketAddress getAddress() {
+        return loginStartEvent.getAddress();
+    }
+
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + '{' +
+                "loginStartEvent=" + loginStartEvent +
+                '}';
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java

@@ -0,0 +1,102 @@
+package com.github.games647.fastlogin.bukkit.listener.protocolsupport;
+
+import com.github.games647.craftapi.UUIDAdapter;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+
+import java.net.InetSocketAddress;
+import java.util.Optional;
+
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.Listener;
+import protocolsupport.api.events.ConnectionCloseEvent;
+import protocolsupport.api.events.PlayerLoginStartEvent;
+import protocolsupport.api.events.PlayerProfileCompleteEvent;
+
+public class ProtocolSupportListener extends JoinManagement<Player, CommandSender, ProtocolLoginSource>
+        implements Listener {
+
+    private final FastLoginBukkit plugin;
+
+    public ProtocolSupportListener(FastLoginBukkit plugin) {
+        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
+
+        this.plugin = plugin;
+    }
+
+    @EventHandler
+    public void onLoginStart(PlayerLoginStartEvent loginStartEvent) {
+        if (loginStartEvent.isLoginDenied() || plugin.getCore().getAuthPluginHook() == null) {
+            return;
+        }
+
+        String username = loginStartEvent.getConnection().getProfile().getName();
+        InetSocketAddress address = loginStartEvent.getAddress();
+
+        //remove old data every time on a new login in order to keep the session only for one person
+        plugin.getLoginSessions().remove(address.toString());
+
+        super.onLogin(username, new ProtocolLoginSource(loginStartEvent));
+    }
+
+    @EventHandler
+    public void onConnectionClosed(ConnectionCloseEvent closeEvent) {
+        InetSocketAddress address = closeEvent.getConnection().getAddress();
+        plugin.getLoginSessions().remove(address.toString());
+    }
+
+    @EventHandler
+    public void onPropertiesResolve(PlayerProfileCompleteEvent profileCompleteEvent) {
+        InetSocketAddress address = profileCompleteEvent.getAddress();
+        BukkitLoginSession session = plugin.getLoginSessions().get(address.toString());
+
+        if (session != null && profileCompleteEvent.getConnection().getProfile().isOnlineMode()) {
+            session.setVerified(true);
+
+            if (!plugin.getConfig().getBoolean("premiumUuid")) {
+                String username = Optional.ofNullable(profileCompleteEvent.getForcedName())
+                        .orElse(profileCompleteEvent.getConnection().getProfile().getName());
+                profileCompleteEvent.setForcedUUID(UUIDAdapter.generateOfflineId(username));
+            }
+        }
+    }
+
+    @Override
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLoginSource source, StoredProfile profile) {
+        BukkitFastLoginPreLoginEvent event = new BukkitFastLoginPreLoginEvent(username, source, profile);
+        plugin.getServer().getPluginManager().callEvent(event);
+        return event;
+    }
+
+    @Override
+    public void requestPremiumLogin(ProtocolLoginSource source, StoredProfile profile, String username
+            , boolean registered) {
+        source.setOnlineMode();
+
+        String ip = source.getAddress().getAddress().getHostAddress();
+        plugin.getCore().getPendingLogin().put(ip + username, new Object());
+
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, registered, profile);
+        plugin.getLoginSessions().put(source.getAddress().toString(), playerSession);
+    }
+
+    @Override
+    public void requestConfirmationLogin(ProtocolLoginSource source, StoredProfile profile, String username) {
+        source.setOnlineMode();
+
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, profile);
+        plugin.getLoginSessions().put(source.getAddress().toString(), playerSession);
+    }
+
+    @Override
+    public void startCrackedSession(ProtocolLoginSource source, StoredProfile profile, String username) {
+        BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);
+        plugin.getLoginSessions().put(source.getAddress().toString(), loginSession);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/DelayedAuthHook.java

@@ -0,0 +1,100 @@
+package com.github.games647.fastlogin.bukkit.task;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.hook.AuthMeHook;
+import com.github.games647.fastlogin.bukkit.hook.CrazyLoginHook;
+import com.github.games647.fastlogin.bukkit.hook.LogItHook;
+import com.github.games647.fastlogin.bukkit.hook.LoginSecurityHook;
+import com.github.games647.fastlogin.bukkit.hook.UltraAuthHook;
+import com.github.games647.fastlogin.bukkit.hook.xAuthHook;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
+import java.lang.reflect.Constructor;
+import java.util.Arrays;
+import java.util.List;
+
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.event.Listener;
+
+public class DelayedAuthHook implements Runnable {
+
+    private final FastLoginBukkit plugin;
+
+    public DelayedAuthHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public void run() {
+        boolean hookFound = isHookFound();
+        if (plugin.isBungeeEnabled()) {
+            plugin.getLog().info("BungeeCord setting detected. No auth plugin is required");
+        } else if (!hookFound) {
+            plugin.getLog().warn("No auth plugin were found by this plugin "
+                    + "(other plugins could hook into this after the initialization of this plugin)"
+                    + "and BungeeCord is deactivated. "
+                    + "Either one or both of the checks have to pass in order to use this plugin");
+        }
+
+        if (hookFound) {
+            plugin.setServerStarted();
+        }
+    }
+
+    private boolean isHookFound() {
+        return plugin.getCore().getAuthPluginHook() != null || registerHooks();
+    }
+
+    private boolean registerHooks() {
+        AuthPlugin<Player> authPluginHook = getAuthHook();
+        if (authPluginHook == null) {
+            //run this check for exceptions (errors) and not found plugins
+            plugin.getLog().warn("No support offline Auth plugin found. ");
+            return false;
+        }
+
+        if (authPluginHook instanceof Listener) {
+            Bukkit.getPluginManager().registerEvents((Listener) authPluginHook, plugin);
+        }
+
+        if (plugin.getCore().getAuthPluginHook() == null) {
+            plugin.getLog().info("Hooking into auth plugin: {}", authPluginHook.getClass().getSimpleName());
+            plugin.getCore().setAuthPluginHook(authPluginHook);
+        }
+
+        return true;
+    }
+
+    private AuthPlugin<Player> getAuthHook() {
+        try {
+            @SuppressWarnings("unchecked")
+            List<Class<? extends AuthPlugin<Player>>> hooks = Arrays.asList(AuthMeHook.class,
+                    CrazyLoginHook.class, LogItHook.class, LoginSecurityHook.class, UltraAuthHook.class,
+                    xAuthHook.class);
+
+            for (Class<? extends AuthPlugin<Player>> clazz : hooks) {
+                String pluginName = clazz.getSimpleName().replace("Hook", "");
+                //uses only member classes which uses AuthPlugin interface (skip interfaces)
+                if (Bukkit.getPluginManager().isPluginEnabled(pluginName)) {
+                    //check only for enabled plugins. A single plugin could be disabled by plugin managers
+                    return newInstance(clazz);
+                }
+            }
+        } catch (ReflectiveOperationException ex) {
+            plugin.getLog().error("Couldn't load the auth hook class", ex);
+        }
+
+        return null;
+    }
+
+    private AuthPlugin<Player> newInstance(Class<? extends AuthPlugin<Player>> clazz)
+            throws ReflectiveOperationException {
+        try {
+            Constructor<? extends AuthPlugin<Player>> cons = clazz.getDeclaredConstructor(FastLoginBukkit.class);
+            return cons.newInstance(plugin);
+        } catch (NoSuchMethodException noMethodEx) {
+            return clazz.getDeclaredConstructor().newInstance();
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/ForceLoginTask.java

@@ -0,0 +1,87 @@
+package com.github.games647.fastlogin.bukkit.task;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.PremiumStatus;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.message.SuccessMessage;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.ForceLoginManagement;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+
+import java.util.concurrent.ExecutionException;
+
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import org.bukkit.Bukkit;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.metadata.FixedMetadataValue;
+
+public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender, BukkitLoginSession, FastLoginBukkit> {
+
+    public ForceLoginTask(FastLoginCore<Player, CommandSender, FastLoginBukkit> core, Player player) {
+        super(core, player, getSession(core.getPlugin(), player));
+    }
+
+    private static BukkitLoginSession getSession(FastLoginBukkit plugin, Player player) {
+        //remove the bungeecord identifier if there is ones
+        String id = '/' + player.getAddress().getAddress().getHostAddress() + ':' + player.getAddress().getPort();
+        return plugin.getLoginSessions().remove(id);
+    }
+
+    @Override
+    public void run() {
+        //blacklist this target player for BungeeCord ID brute force attacks
+        FastLoginBukkit plugin = core.getPlugin();
+        player.setMetadata(core.getPlugin().getName(), new FixedMetadataValue(plugin, true));
+
+        super.run();
+
+        PremiumStatus status = PremiumStatus.CRACKED;
+        if (isOnlineMode()) {
+            status = PremiumStatus.PREMIUM;
+        }
+
+        plugin.getPremiumPlayers().put(player.getUniqueId(), status);
+    }
+
+    @Override
+    public FastLoginAutoLoginEvent callFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        BukkitFastLoginAutoLoginEvent event = new BukkitFastLoginAutoLoginEvent(session, profile);
+        core.getPlugin().getServer().getPluginManager().callEvent(event);
+        return event;
+    }
+
+    @Override
+    public void onForceActionSuccess(LoginSession session) {
+        if (core.getPlugin().isBungeeEnabled()) {
+            core.getPlugin().sendPluginMessage(player, new SuccessMessage());
+        }
+    }
+
+    @Override
+    public String getName(Player player) {
+        return player.getName();
+    }
+
+    @Override
+    public boolean isOnline(Player player) {
+        try {
+            //the player-list isn't thread-safe
+            return Bukkit.getScheduler().callSyncMethod(core.getPlugin(), player::isOnline).get();
+        } catch (InterruptedException | ExecutionException ex) {
+            core.getPlugin().getLog().error("Failed to perform thread-safe online check for {}", player, ex);
+            return false;
+        }
+    }
+
+    @Override
+    public boolean isOnlineMode() {
+        if (session == null) {
+            return false;
+        }
+
+        return session.isVerified() && player.getName().equals(session.getUsername());
+    }
+}

bukkit/src/main/resources/config.yml

@@ -1,73 +0,0 @@
-# FastLogin config
-# Project site: https://www.spigotmc.org/resources/fastlogin.14153
-# Source code: https://github.com/games647/FastLogin
-#
-# You can access the newest config here:
-# https://github.com/games647/FastLogin/blob/master/bukkit/src/main/resources/config.yml
-
-# Request a premium login without forcing the player to type a command
-#
-# If you activate autoRegister, this plugin will check/do these points on login:
-# 1. An existing cracked account shouldn't exist
-# -> paid accounts cannot steal the existing account of cracked players
-# - (Already registered players could still use the /premium command to activate premium checks)
-# 2. Automatically registers an account with a strong random generated password
-# -> cracked player cannot register an account for the premium player and so cannot the steal the account
-#
-# Furthermore the premium player check have to be made based on the player name
-# This means if a cracked player connects to the server and we request a paid account login from this player
-# the player just disconnect and sees the message: 'bad login' or 'invalid session'
-# There is no way to change this message
-# For more information: https://github.com/games647/FastLogin#why-do-players-have-to-invoke-a-command
-autoRegister: false
-
-# If this plugin detected that a player has a premium, it can also set the associated
-# uuid from that account. So if the players changes their usernames, they will still have
-# the same playerdata (inventory, permissions, ...)
-#
-# Warning: This also means that the UUID will be different if the player is connecting
-# through a offline mode connection. This **could** cause plugin compatibility issues.
-#
-# This is a example and doesn't apply for every plugin.
-# Example: If you want to ban players who aren't online at the moment, the ban plugin will look
-# after a offline uuid associated to the player, because the server is in offline mode. Then the premium
-# players could still join the server, because they have different UUID.
-#
-# Moreover you may want to convert the offline UUID to a premium UUID. This will ensure that the player
-# will have the same inventory, permissions, ... if they switched to premium authentification from offline/cracked
-# authentification.
-#
-# This feature requires Cauldron, Spigot or a fork of Spigot (PaperSpigot, TacoSpigot)
-premiumUuid: false
-
-# If your players have a premium account and a skin associated to their account, this plugin
-# can download the data and set it to the online player.
-#
-# Keep in mind that this will only works if the player:
-# * is the owner of the premium account
-# * the serverconnection is established through a premium connection (paid account authentification)
-# * has a skin
-#
-# This means this plugin doesn't need to create a new connection to the Mojang servers, because
-# the skin data is included in the Auth-Verification-Response sent by Mojang. If you want to use for other
-# players like cracked player, you have to use other plugins.
-#
-# If you want to use skins for your cracked player, you need an additional plugin like
-# ChangeSkin, SkinRestoer, ...
-forwardSkin: true
-
-# Database configuration
-# Recommened is the use of MariaDB (a better version of MySQL)
-
-# Single file SQLite database
-driver: org.sqlite.JDBC
-# File location
-database: '{pluginDir}/FastLogin.db'
-
-# MySQL and SQLite
-#driver: com.mysql.jdbc.Driver
-#host: localhost
-#port: 3306
-#database: fastlogin
-#username: myUser
-#password: myPassword

bukkit/src/main/resources/plugin.yml

@@ -1,28 +1,31 @@
-# project informations for Bukkit in order to register our plugin with all it components
+# project data for Bukkit in order to register our plugin with all it components
 # ${-} are variables from Maven (pom.xml) which will be replaced after the build
 name: ${project.parent.name}
-version: ${project.version}
+version: ${project.version}-${git.commit.id.abbrev}
 main: ${project.groupId}.${project.artifactId}.${project.name}
 
-# meta informations for plugin managers
+# meta data for plugin managers
 authors: [games647, 'https://github.com/games647/FastLogin/graphs/contributors']
 description: |
     ${project.description}
 website: ${project.url}
 dev-url: ${project.url}
 
-# Without Protocollib the plugin does not work at all
-depend: [ProtocolLib]
+# This plugin don't have to be transformed for compatibility with Minecraft >= 1.13
+api-version: '1.13'
 
 softdepend:
+    # We depend either ProtocolLib or ProtocolSupport
     - ProtocolSupport
+    - ProtocolLib
+    - PlaceholderAPI
     # Auth plugins
-    - xAuth
     - AuthMe
-    - CrazyLogin
     - LoginSecurity
-    - RoyalAuth
+    - xAuth
+    - LogIt
     - UltraAuth
+    - CrazyLogin
 
 commands:
     ${project.parent.name}:
@@ -31,11 +34,11 @@ commands:
         usage: /<command> [player]
         permission: ${project.artifactId}.command.premium
 
-    unpremium:
+    cracked:
         description: 'Label the invoker or the player specified as cracked if he was marked premium before'
-        aliases: [cracked]
+        aliases: [unpremium]
         usage: /<command> [player]
-        permission: ${project.artifactId}.command.unpremium
+        permission: ${project.artifactId}.command.cracked
 
 permissions:
     ${project.artifactId}.command.premium:
@@ -47,11 +50,11 @@ permissions:
         children:
             ${project.artifactId}.command.premium: true
 
-    ${project.artifactId}.command.unpremium:
+    ${project.artifactId}.command.cracked:
         description: 'Label themselves as cracked'
         default: true
 
-    ${project.artifactId}.command..unpremium.other:
+    ${project.artifactId}.command.cracked.other:
         description: 'Label others as cracked'
         children:
-            ${project.artifactId}.command.unpremium: true
+            ${project.artifactId}.command.cracked: true

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/EncryptionUtilTest.java

@@ -0,0 +1,42 @@
+package com.github.games647.fastlogin.bukkit;
+
+import java.security.SecureRandom;
+
+import org.junit.Test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.notNullValue;
+
+import static org.junit.Assert.assertThat;
+
+public class EncryptionUtilTest {
+
+    @Test
+    public void testVerifyToken() throws Exception {
+        SecureRandom random = new SecureRandom();
+        byte[] token = EncryptionUtil.generateVerifyToken(random);
+
+        assertThat(token, notNullValue());
+        assertThat(token.length, is(4));
+    }
+
+    // @Test
+    // public void testDecryptSharedSecret() throws Exception {
+    //
+    // }
+    //
+    // @Test
+    // public void testDecryptData() throws Exception {
+    //
+    // }
+
+    // private static SecretKey createNewSharedKey() {
+    //     try {
+    //         KeyGenerator keygenerator = KeyGenerator.getInstance("AES");
+    //         keygenerator.init(128);
+    //         return keygenerator.generateKey();
+    //     } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
+    //         throw new Error(nosuchalgorithmexception);
+    //     }
+    // }
+}

bungee/pom.xml

@@ -1,11 +1,11 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
         <groupId>com.github.games647</groupId>
         <artifactId>fastlogin</artifactId>
-        <version>1.0</version>
+        <version>1.11-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -16,45 +16,75 @@
     <!--Represents the main plugin-->
     <name>FastLoginBungee</name>
 
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>3.2.2</version>
+                <configuration>
+                    <createDependencyReducedPom>false</createDependencyReducedPom>
+                    <shadedArtifactAttached>false</shadedArtifactAttached>
+                    <artifactSet>
+                        <excludes>
+                            <!--Those classes are already present in BungeeCord version-->
+                            <exclude>net.md-5:bungeecord-config</exclude>
+                            <exclude>com.google.code.gson:gson</exclude>
+                        </excludes>
+                    </artifactSet>
+                    <relocations>
+                        <relocation>
+                            <pattern>com.zaxxer.hikari</pattern>
+                            <shadedPattern>fastlogin.hikari</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>org.slf4j</pattern>
+                            <shadedPattern>fastlogin.slf4j</shadedPattern>
+                        </relocation>
+                    </relocations>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
     <repositories>
-        <!--Waterfall-->
-<!--        <repository>
-            <id>ellune-releases</id>
-            <url>https://repo.ellune.net/content/repositories/snapshots/</url>
-        </repository>-->
-
-        <!--BungeeCord with also the part outside the API-->
         <repository>
-            <id>RYRED-REPO</id>
-            <url>http://mvn.ryred.co/repository/snapshots/</url>
-        </repository>
-
-        <!--Github automatic maven builds-->
-        <repository>
-            <id>jitpack.io</id>
-            <url>https://jitpack.io</url>
+            <id>codemc-repo</id>
+            <url>https://repo.codemc.io/repository/maven-public/</url>
         </repository>
     </repositories>
 
     <dependencies>
+        <!--Common plugin component-->
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>fastlogin.core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <!--BungeeCord with also the part outside the API-->
         <dependency>
             <groupId>net.md-5</groupId>
             <artifactId>bungeecord-proxy</artifactId>
-            <version>1.9-SNAPSHOT</version>
+            <version>1.14-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
-<!--        <dependency>
-            <groupId>io.github.waterfallmc</groupId>
-            <artifactId>waterfall-api</artifactId>
-            <version>1.9-SNAPSHOT</version>
-            <type>jar</type>
-            <scope>provided</scope>
-        </dependency>-->
 
+        <!--Login plugin-->
         <dependency>
-            <groupId>com.github.MatteCarra</groupId>
+            <groupId>me.vik1395</groupId>
             <artifactId>BungeeAuth</artifactId>
-            <version>-1.2.1-gc367d92-8</version>
+            <version>1.4</version>
+            <scope>system</scope>
+            <systemPath>${project.basedir}/lib/BungeeAuth-1.4.jar</systemPath>
         </dependency>
     </dependencies>
 </project>

bungee/src/main/java/com/github/games647/fastlogin/bungee/BungeeLoginSession.java

@@ -0,0 +1,48 @@
+package com.github.games647.fastlogin.bungee;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+
+public class BungeeLoginSession extends LoginSession {
+
+    private boolean alreadySaved;
+    private boolean alreadyLogged;
+
+    public BungeeLoginSession(String username, boolean registered, StoredProfile profile) {
+        super(username, registered, profile);
+    }
+
+    public BungeeLoginSession(String username, StoredProfile profile) {
+        super(username, profile);
+    }
+
+    public synchronized void setRegistered(boolean registered) {
+        this.registered = registered;
+    }
+
+    public synchronized boolean isAlreadySaved() {
+        return alreadySaved;
+    }
+
+    public synchronized void setAlreadySaved(boolean alreadySaved) {
+        this.alreadySaved = alreadySaved;
+        this.confirmationLogin = false;
+    }
+
+    public synchronized boolean isAlreadyLogged() {
+        return alreadyLogged;
+    }
+
+    public synchronized void setAlreadyLogged(boolean alreadyLogged) {
+        this.alreadyLogged = alreadyLogged;
+    }
+
+    @Override
+    public synchronized String toString() {
+        return this.getClass().getSimpleName() + '{' +
+                "alreadySaved=" + alreadySaved +
+                ", alreadyLogged=" + alreadyLogged +
+                ", registered=" + registered +
+                "} " + super.toString();
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/BungeeLoginSource.java

@@ -0,0 +1,53 @@
+package com.github.games647.fastlogin.bungee;
+
+import com.github.games647.fastlogin.core.shared.LoginSource;
+
+import java.net.InetSocketAddress;
+
+import net.md_5.bungee.api.ChatColor;
+import net.md_5.bungee.api.chat.ComponentBuilder;
+import net.md_5.bungee.api.chat.TextComponent;
+import net.md_5.bungee.api.connection.PendingConnection;
+import net.md_5.bungee.api.event.PreLoginEvent;
+
+public class BungeeLoginSource implements LoginSource {
+
+    private final PendingConnection connection;
+    private final PreLoginEvent preLoginEvent;
+
+    public BungeeLoginSource(PendingConnection connection, PreLoginEvent preLoginEvent) {
+        this.connection = connection;
+        this.preLoginEvent = preLoginEvent;
+    }
+
+    @Override
+    public void setOnlineMode() {
+        connection.setOnlineMode(true);
+    }
+
+    @Override
+    public void kick(String message) {
+        preLoginEvent.setCancelled(true);
+
+        if (message != null)
+            preLoginEvent.setCancelReason(TextComponent.fromLegacyText(message));
+        else
+            preLoginEvent.setCancelReason(new ComponentBuilder("Kicked").color(ChatColor.WHITE).create());
+    }
+
+    @Override
+    public InetSocketAddress getAddress() {
+        return connection.getAddress();
+    }
+
+    public PendingConnection getConnection() {
+        return connection;
+    }
+
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + '{' +
+                "connection=" + connection +
+                '}';
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/FastLoginBungee.java

@@ -1,146 +1,134 @@
 package com.github.games647.fastlogin.bungee;
 
-import com.github.games647.fastlogin.bungee.hooks.BungeeAuthHook;
-import com.github.games647.fastlogin.bungee.hooks.BungeeAuthPlugin;
-import com.google.common.cache.CacheBuilder;
+import com.github.games647.fastlogin.bungee.hook.BungeeAuthHook;
+import com.github.games647.fastlogin.bungee.listener.ConnectListener;
+import com.github.games647.fastlogin.bungee.listener.PluginMessageListener;
+import com.github.games647.fastlogin.core.AsyncScheduler;
+import com.github.games647.fastlogin.core.CommonUtil;
+import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
+import com.github.games647.fastlogin.core.message.ChannelMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.github.games647.fastlogin.core.message.SuccessMessage;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.PlatformPlugin;
+import com.google.common.collect.MapMaker;
+import com.google.common.io.ByteArrayDataOutput;
+import com.google.common.io.ByteStreams;
+import com.google.common.util.concurrent.ThreadFactoryBuilder;
 
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Files;
-import java.util.Random;
-import java.util.UUID;
+import java.nio.file.Path;
 import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.TimeUnit;
-import java.util.logging.Level;
-import net.md_5.bungee.api.connection.PendingConnection;
+import java.util.concurrent.ThreadFactory;
 
+import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.chat.TextComponent;
+import net.md_5.bungee.api.connection.PendingConnection;
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+import net.md_5.bungee.api.connection.Server;
 import net.md_5.bungee.api.plugin.Plugin;
-import net.md_5.bungee.config.Configuration;
-import net.md_5.bungee.config.ConfigurationProvider;
-import net.md_5.bungee.config.YamlConfiguration;
+import net.md_5.bungee.api.scheduler.GroupedThreadFactory;
+
+import org.slf4j.Logger;
 
 /**
  * BungeeCord version of FastLogin. This plugin keeps track on online mode connections.
  */
-public class FastLoginBungee extends Plugin {
+public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSender> {
 
-    public static UUID parseId(String withoutDashes) {
-        return UUID.fromString(withoutDashes.substring(0, 8)
-                + "-" + withoutDashes.substring(8, 12)
-                + "-" + withoutDashes.substring(12, 16)
-                + "-" + withoutDashes.substring(16, 20)
-                + "-" + withoutDashes.substring(20, 32));
-    }
+    private final ConcurrentMap<PendingConnection, BungeeLoginSession> session = new MapMaker().weakKeys().makeMap();
 
-    private static final char[] CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-            .toCharArray();
-
-    private BungeeAuthPlugin bungeeAuthPlugin;
-    private final MojangApiConnector mojangApiConnector = new MojangApiConnector(this);
-    private Storage storage;
-    private Configuration configuration;
-
-    private final Random random = new Random();
-
-    private final ConcurrentMap<PendingConnection, Object> pendingAutoRegister = CacheBuilder
-            .newBuilder()
-            .expireAfterWrite(1, TimeUnit.MINUTES)
-            .<PendingConnection, Object>build().asMap();
+    private FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core;
+    private AsyncScheduler scheduler;
+    private Logger logger;
 
     @Override
     public void onEnable() {
-        if (!getDataFolder().exists()) {
-            getDataFolder().mkdir();
-        }
+        logger = CommonUtil.createLoggerFromJDK(getLogger());
+        scheduler = new AsyncScheduler(logger, getThreadFactory());
 
-        File configFile = new File(getDataFolder(), "config.yml");
-        if (!configFile.exists()) {
-            try (InputStream in = getResourceAsStream("config.yml")) {
-                Files.copy(in, configFile.toPath());
-            } catch (IOException ioExc) {
-                getLogger().log(Level.SEVERE, "Error saving default config", ioExc);
-            }
-        }
-
-        try {
-            configuration = ConfigurationProvider.getProvider(YamlConfiguration.class).load(configFile);
-
-            String driver = configuration.getString("driver");
-            String host = configuration.getString("host", "");
-            int port = configuration.getInt("port", 3306);
-            String database = configuration.getString("database");
-
-            String username = configuration.getString("username", "");
-            String password = configuration.getString("password", "");
-            storage = new Storage(this, driver, host, port, database, username, password);
-            try {
-                storage.createTables();
-            } catch (Exception ex) {
-                getLogger().log(Level.SEVERE, "Failed to setup database. Disabling plugin...", ex);
-                return;
-            }
-
-        } catch (IOException ioExc) {
-            getLogger().log(Level.SEVERE, "Error loading config. Disabling plugin...", ioExc);
+        core = new FastLoginCore<>(this);
+        core.load();
+        if (!core.setupDatabase()) {
             return;
         }
 
         //events
-        getProxy().getPluginManager().registerListener(this, new PlayerConnectionListener(this));
+        getProxy().getPluginManager().registerListener(this, new ConnectListener(this));
+        getProxy().getPluginManager().registerListener(this, new PluginMessageListener(this));
 
-        //this is required to listen to messages from the server
-        getProxy().registerChannel(getDescription().getName());
+        //this is required to listen to incoming messages from the server
+        getProxy().registerChannel(NamespaceKey.getCombined(getName(), ChangePremiumMessage.CHANGE_CHANNEL));
+        getProxy().registerChannel(NamespaceKey.getCombined(getName(), SuccessMessage.SUCCESS_CHANNEL));
 
         registerHook();
     }
 
-    public String generateStringPassword() {
-        StringBuilder generatedPassword = new StringBuilder(8);
-        for (int i = 1; i <= 8; i++) {
-            generatedPassword.append(CHARACTERS[random.nextInt(CHARACTERS.length - 1)]);
-        }
-
-        return generatedPassword.toString();
-    }
-
     @Override
     public void onDisable() {
-        if (storage != null) {
-            storage.close();
+        if (core != null) {
+            core.close();
         }
     }
 
-    public Configuration getConfiguration() {
-        return configuration;
+    public FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> getCore() {
+        return core;
     }
 
-    public Storage getStorage() {
-        return storage;
-    }
-
-    public MojangApiConnector getMojangApiConnector() {
-        return mojangApiConnector;
-    }
-
-    public ConcurrentMap<PendingConnection, Object> getPendingAutoRegister() {
-        return pendingAutoRegister;
-    }
-
-    /**
-     * Get the auth plugin hook for BungeeCord
-     *
-     * @return the auth hook for BungeeCord. null if none found
-     */
-    public BungeeAuthPlugin getBungeeAuthPlugin() {
-        return bungeeAuthPlugin;
+    public ConcurrentMap<PendingConnection, BungeeLoginSession> getSession() {
+        return session;
     }
 
     private void registerHook() {
         Plugin plugin = getProxy().getPluginManager().getPlugin("BungeeAuth");
         if (plugin != null) {
-            bungeeAuthPlugin = new BungeeAuthHook();
-            getLogger().info("Hooked into BungeeAuth");
+            core.setAuthPluginHook(new BungeeAuthHook());
+            logger.info("Hooked into BungeeAuth");
         }
     }
+
+    public void sendPluginMessage(Server server, ChannelMessage message) {
+        if (server != null) {
+            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
+            message.writeTo(dataOutput);
+
+            NamespaceKey channel = new NamespaceKey(getName(), message.getChannelName());
+            server.sendData(channel.getCombinedName(), dataOutput.toByteArray());
+        }
+    }
+
+    @Override
+    public String getName() {
+        return getDescription().getName();
+    }
+
+    @Override
+    public Path getPluginFolder() {
+        return getDataFolder().toPath();
+    }
+
+    @Override
+    public Logger getLog() {
+        return logger;
+    }
+
+    @Override
+    public void sendMessage(CommandSender receiver, String message) {
+        receiver.sendMessage(TextComponent.fromLegacyText(message));
+    }
+
+    @Override
+    @SuppressWarnings("deprecation")
+    public ThreadFactory getThreadFactory() {
+        return new ThreadFactoryBuilder()
+                .setNameFormat(getName() + " Pool Thread #%1$d")
+                //Hikari create daemons by default
+                .setDaemon(true)
+                .setThreadFactory(new GroupedThreadFactory(this, getName()))
+                .build();
+    }
+
+    @Override
+    public AsyncScheduler getScheduler() {
+        return scheduler;
+    }
 }

bungee/src/main/java/com/github/games647/fastlogin/bungee/ForceLoginTask.java

@@ -1,72 +0,0 @@
-package com.github.games647.fastlogin.bungee;
-
-import com.github.games647.fastlogin.bungee.hooks.BungeeAuthPlugin;
-import com.google.common.io.ByteArrayDataOutput;
-import com.google.common.io.ByteStreams;
-
-import java.util.UUID;
-
-import net.md_5.bungee.api.connection.ProxiedPlayer;
-import net.md_5.bungee.api.connection.Server;
-
-public class ForceLoginTask implements Runnable {
-
-    private final FastLoginBungee plugin;
-    private final ProxiedPlayer player;
-
-    public ForceLoginTask(FastLoginBungee plugin, ProxiedPlayer player) {
-        this.plugin = plugin;
-        this.player = player;
-    }
-
-    @Override
-    public void run() {
-        PlayerProfile playerProfile = plugin.getStorage().getProfile(player.getName(), false);
-
-        if (playerProfile.getUserId() == -1) {
-            playerProfile.setPremium(player.getPendingConnection().isOnlineMode());
-            if (player.getPendingConnection().isOnlineMode()) {
-                playerProfile.setUuid(player.getUniqueId());
-            }
-        }
-
-        //force login only on success
-        if (player.getPendingConnection().isOnlineMode()) {
-            Server server = player.getServer();
-
-            boolean autoRegister = plugin.getPendingAutoRegister().remove(player.getPendingConnection()) != null;
-
-            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-            //subchannel name
-            if (autoRegister) {
-                dataOutput.writeUTF("AUTO_REGISTER");
-            } else {
-                dataOutput.writeUTF("AUTO_LOGIN");
-            }
-
-            //Data is sent through a random player. We have to tell the Bukkit version of this plugin the target
-            dataOutput.writeUTF(player.getName());
-
-            //proxy identifier to check if it's a acceptable proxy
-            UUID proxyId = UUID.fromString(plugin.getProxy().getConfig().getUuid());
-            dataOutput.writeLong(proxyId.getMostSignificantBits());
-            dataOutput.writeLong(proxyId.getLeastSignificantBits());
-
-            server.sendData(plugin.getDescription().getName(), dataOutput.toByteArray());
-
-            BungeeAuthPlugin authPlugin = plugin.getBungeeAuthPlugin();
-            if (authPlugin != null) {
-                if (autoRegister) {
-                    String password = plugin.generateStringPassword();
-                    if (authPlugin.forceRegister(player, password)) {
-                        plugin.getStorage().save(playerProfile);
-                    }
-                } else if (authPlugin.forceLogin(player)) {
-                    plugin.getStorage().save(playerProfile);
-                }
-            }
-        } else {
-            plugin.getStorage().save(playerProfile);
-        }
-    }
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/MojangApiConnector.java

@@ -1,78 +0,0 @@
-package com.github.games647.fastlogin.bungee;
-
-import com.google.gson.Gson;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.regex.Pattern;
-import net.md_5.bungee.BungeeCord;
-
-public class MojangApiConnector {
-
-    //http connection, read timeout and user agent for a connection to mojang api servers
-    private static final int TIMEOUT = 1 * 1_000;
-    private static final String USER_AGENT = "Premium-Checker";
-
-    //mojang api check to prove a player is logged in minecraft and made a join server request
-    private static final String HAS_JOINED_URL = "https://sessionserver.mojang.com/session/minecraft/hasJoined?";
-
-    //only premium (paid account) users have a uuid from here
-    private static final String UUID_LINK = "https://api.mojang.com/users/profiles/minecraft/";
-    //this includes a-zA-Z1-9_
-    private static final String VALID_PLAYERNAME = "^\\w{2,16}$";
-
-    //compile the pattern only on plugin enable -> and this have to be threadsafe
-    private final Pattern playernameMatcher = Pattern.compile(VALID_PLAYERNAME);
-
-    private final FastLoginBungee plugin;
-
-    private final Gson gson = new Gson();
-
-    public MojangApiConnector(FastLoginBungee plugin) {
-        this.plugin = plugin;
-    }
-
-    /**
-     *
-     * @param playerName
-     * @return null on non-premium
-     */
-    public UUID getPremiumUUID(String playerName) {
-        //check if it's a valid playername
-        if (playernameMatcher.matcher(playerName).matches()) {
-            //only make a API call if the name is valid existing mojang account
-            try {
-                HttpURLConnection connection = getConnection(UUID_LINK + playerName);
-                if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) {
-                    BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
-                    String line = reader.readLine();
-                    if (line != null && !line.equals("null")) {
-                        MojangPlayer mojangPlayer = BungeeCord.getInstance().gson.fromJson(line, MojangPlayer.class);
-                        return FastLoginBungee.parseId(mojangPlayer.getId());
-                    }
-                }
-                //204 - no content for not found
-            } catch (Exception ex) {
-                plugin.getLogger().log(Level.SEVERE, "Failed to check if player has a paid account", ex);
-            }
-            //this connection doesn't need to be closed. So can make use of keep alive in java
-        }
-
-        return null;
-    }
-
-    private HttpURLConnection getConnection(String url) throws IOException {
-        HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
-        connection.setConnectTimeout(TIMEOUT);
-        connection.setReadTimeout(TIMEOUT);
-        //the new Mojang API just uses json as response
-        connection.setRequestProperty("Content-Type", "application/json");
-        connection.setRequestProperty("User-Agent", USER_AGENT);
-
-        return connection;
-    }
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/MojangPlayer.java

@@ -1,15 +0,0 @@
-package com.github.games647.fastlogin.bungee;
-
-public class MojangPlayer {
-
-    private String id;
-    private String name;
-
-    public String getId() {
-        return id;
-    }
-
-    public String getName() {
-        return name;
-    }
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/PlayerConnectionListener.java

@@ -1,145 +0,0 @@
-package com.github.games647.fastlogin.bungee;
-
-import com.github.games647.fastlogin.bungee.hooks.BungeeAuthPlugin;
-import com.google.common.io.ByteArrayDataInput;
-import com.google.common.io.ByteStreams;
-
-import java.util.UUID;
-import java.util.logging.Level;
-
-import net.md_5.bungee.api.ChatColor;
-import net.md_5.bungee.api.ProxyServer;
-import net.md_5.bungee.api.chat.TextComponent;
-import net.md_5.bungee.api.connection.PendingConnection;
-import net.md_5.bungee.api.connection.ProxiedPlayer;
-import net.md_5.bungee.api.connection.Server;
-import net.md_5.bungee.api.event.PluginMessageEvent;
-import net.md_5.bungee.api.event.PreLoginEvent;
-import net.md_5.bungee.api.event.ServerConnectedEvent;
-import net.md_5.bungee.api.plugin.Listener;
-import net.md_5.bungee.event.EventHandler;
-
-/**
- * Enables online mode logins for specified users and sends
- * plugin message to the Bukkit version of this plugin in
- * order to clear that the connection is online mode.
- */
-public class PlayerConnectionListener implements Listener {
-
-    protected final FastLoginBungee plugin;
-
-    public PlayerConnectionListener(FastLoginBungee plugin) {
-        this.plugin = plugin;
-    }
-
-    @EventHandler
-    public void onPreLogin(final PreLoginEvent preLoginEvent) {
-        if (preLoginEvent.isCancelled()) {
-            return;
-        }
-
-        preLoginEvent.registerIntent(plugin);
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, new Runnable() {
-            @Override
-            public void run() {
-                PendingConnection connection = preLoginEvent.getConnection();
-                String username = connection.getName();
-                try {
-                    PlayerProfile playerProfile = plugin.getStorage().getProfile(username, true);
-                    if (playerProfile != null) {
-                        if (playerProfile.isPremium()) {
-                            if (playerProfile.getUserId() != -1) {
-                                connection.setOnlineMode(true);
-                            }
-                        } else if (playerProfile.getUserId() == -1) {
-                            //user not exists in the db
-                            BungeeAuthPlugin authPlugin = plugin.getBungeeAuthPlugin();
-                            if (plugin.getConfiguration().getBoolean("autoRegister")
-                                    && (authPlugin == null || !authPlugin.isRegistered(username))) {
-                                UUID premiumUUID = plugin.getMojangApiConnector().getPremiumUUID(username);
-                                if (premiumUUID != null) {
-                                    plugin.getLogger().log(Level.FINER, "Player {0} uses a premium username", username);
-                                    connection.setOnlineMode(true);
-                                    plugin.getPendingAutoRegister().put(connection, new Object());
-                                }
-                            }
-                        }
-                    }
-                } catch (Exception ex) {
-                    plugin.getLogger().log(Level.SEVERE, "Failed to check premium state", ex);
-                } finally {
-                    preLoginEvent.completeIntent(plugin);
-                }
-            }
-        });
-    }
-
-    @EventHandler
-    public void onServerConnected(ServerConnectedEvent serverConnectedEvent) {
-        ProxiedPlayer player = serverConnectedEvent.getPlayer();
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, new ForceLoginTask(plugin, player));
-    }
-
-    @EventHandler
-    public void onPluginMessage(PluginMessageEvent pluginMessageEvent) {
-        String channel = pluginMessageEvent.getTag();
-        if (pluginMessageEvent.isCancelled() || !plugin.getDescription().getName().equals(channel)) {
-            return;
-        }
-
-        //the client shouldn't be able to read the messages in order to know something about server internal states
-        //moreover the client shouldn't be able fake a running premium check by sending the result message
-        pluginMessageEvent.setCancelled(true);
-
-        //check if the message is sent from the server
-        if (Server.class.isAssignableFrom(pluginMessageEvent.getSender().getClass())) {
-            byte[] data = pluginMessageEvent.getData();
-            ByteArrayDataInput dataInput = ByteStreams.newDataInput(data);
-            String subchannel = dataInput.readUTF();
-
-            final ProxiedPlayer forPlayer = (ProxiedPlayer) pluginMessageEvent.getReceiver();
-            if ("ON".equals(subchannel)) {
-                ProxyServer.getInstance().getScheduler().runAsync(plugin, new Runnable() {
-                    @Override
-                    public void run() {
-                        PlayerProfile playerProfile = plugin.getStorage().getProfile(forPlayer.getName(), true);
-                        if (playerProfile.isPremium()) {
-                            if (forPlayer.isConnected()) {
-                                TextComponent textComponent = new TextComponent("You are already on the premium list");
-                                textComponent.setColor(ChatColor.DARK_RED);
-                                forPlayer.sendMessage(textComponent);
-                            }
-
-                            return;
-                        }
-
-                        playerProfile.setPremium(true);
-                        //todo: set uuid
-                        plugin.getStorage().save(playerProfile);
-                    }
-                });
-            } else if ("OFF".equals(subchannel)) {
-                ProxyServer.getInstance().getScheduler().runAsync(plugin, new Runnable() {
-                    @Override
-                    public void run() {
-                        PlayerProfile playerProfile = plugin.getStorage().getProfile(forPlayer.getName(), true);
-                        if (!playerProfile.isPremium()) {
-                            if (forPlayer.isConnected()) {
-                                TextComponent textComponent = new TextComponent("You are not in the premium list");
-                                textComponent.setColor(ChatColor.DARK_RED);
-                                forPlayer.sendMessage(textComponent);
-                            }
-
-                            return;
-                        }
-
-                        playerProfile.setPremium(false);
-                        playerProfile.setUuid(null);
-                        //todo: set uuid
-                        plugin.getStorage().save(playerProfile);
-                    }
-                });
-            }
-        }
-    }
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/PlayerProfile.java

@@ -1,78 +0,0 @@
-package com.github.games647.fastlogin.bungee;
-
-import java.util.UUID;
-
-public class PlayerProfile {
-
-    private final String playerName;
-
-    private long userId;
-
-    private UUID uuid;
-    private boolean premium;
-    private String lastIp;
-    private long lastLogin;
-
-    public PlayerProfile(long userId, UUID uuid, String playerName, boolean premium
-            , String lastIp, long lastLogin) {
-        this.userId = userId;
-        this.uuid = uuid;
-        this.playerName = playerName;
-        this.premium = premium;
-        this.lastIp = lastIp;
-        this.lastLogin = lastLogin;
-    }
-
-    public PlayerProfile(UUID uuid, String playerName, boolean premium, String lastIp) {
-        this.userId = -1;
-
-        this.uuid = uuid;
-        this.playerName = playerName;
-        this.premium = premium;
-        this.lastIp = lastIp;
-    }
-
-    public String getPlayerName() {
-        return playerName;
-    }
-
-    public synchronized long getUserId() {
-        return userId;
-    }
-
-    protected synchronized void setUserId(long generatedId) {
-        this.userId = generatedId;
-    }
-
-    public synchronized UUID getUuid() {
-        return uuid;
-    }
-
-    public synchronized void setUuid(UUID uuid) {
-        this.uuid = uuid;
-    }
-
-    public synchronized boolean isPremium() {
-        return premium;
-    }
-
-    public synchronized void setPremium(boolean premium) {
-        this.premium = premium;
-    }
-
-    public synchronized String getLastIp() {
-        return lastIp;
-    }
-
-    public synchronized void setLastIp(String lastIp) {
-        this.lastIp = lastIp;
-    }
-
-    public long getLastLogin() {
-        return lastLogin;
-    }
-
-    public synchronized void setLastLogin(long lastLogin) {
-        this.lastLogin = lastLogin;
-    }
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/Storage.java

@@ -1,201 +0,0 @@
-package com.github.games647.fastlogin.bungee;
-
-import com.google.common.cache.CacheBuilder;
-import com.google.common.cache.CacheLoader;
-import com.zaxxer.hikari.HikariConfig;
-import com.zaxxer.hikari.HikariDataSource;
-
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.TimeUnit;
-import java.util.logging.Level;
-
-public class Storage {
-
-    private static final String PREMIUM_TABLE = "premium";
-
-    private final ConcurrentMap<String, PlayerProfile> profileCache = CacheBuilder
-            .<String, PlayerProfile>newBuilder()
-            .concurrencyLevel(20)
-            .expireAfterAccess(30, TimeUnit.MINUTES)
-            .build(new CacheLoader<String, PlayerProfile>() {
-                @Override
-                public PlayerProfile load(String key) throws Exception {
-                    //should be fetched manually
-                    throw new UnsupportedOperationException("Not supported yet.");
-                }
-            }).asMap();
-
-    private final HikariDataSource dataSource;
-    private final FastLoginBungee plugin;
-
-    public Storage(FastLoginBungee plugin, String driver, String host, int port, String databasePath
-            , String user, String pass) {
-        this.plugin = plugin;
-
-        HikariConfig databaseConfig = new HikariConfig();
-        databaseConfig.setUsername(user);
-        databaseConfig.setPassword(pass);
-        databaseConfig.setDriverClassName(driver);
-
-        databasePath = databasePath.replace("{pluginDir}", plugin.getDataFolder().getAbsolutePath());
-
-        String jdbcUrl = "jdbc:";
-        if (driver.contains("sqlite")) {
-            jdbcUrl += "sqlite" + "://" + databasePath;
-            databaseConfig.setConnectionTestQuery("SELECT 1");
-        } else {
-            jdbcUrl += "mysql" + "://" + host + ':' + port + '/' + databasePath;
-        }
-
-        databaseConfig.setJdbcUrl(jdbcUrl);
-        this.dataSource = new HikariDataSource(databaseConfig);
-    }
-
-    public void createTables() throws SQLException {
-        Connection con = null;
-        try {
-            con = dataSource.getConnection();
-            Statement statement = con.createStatement();
-            String createDataStmt = "CREATE TABLE IF NOT EXISTS " + PREMIUM_TABLE + " ("
-                    + "`UserID` INTEGER PRIMARY KEY AUTO_INCREMENT, "
-                    + "`UUID` CHAR(36), "
-                    + "`Name` VARCHAR(16) NOT NULL, "
-                    + "`Premium` BOOLEAN NOT NULL, "
-                    + "`LastIp` VARCHAR(255) NOT NULL, "
-                    + "`LastLogin` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, "
-                    + "UNIQUE (`UUID`), "
-                    //the premium shouldn't steal the cracked account by changing the name
-                    + "UNIQUE (`Name`) "
-                    + ")";
-
-            if (dataSource.getJdbcUrl().contains("sqlite")) {
-                createDataStmt = createDataStmt.replace("AUTO_INCREMENT", "AUTOINCREMENT");
-            }
-
-            statement.executeUpdate(createDataStmt);
-        } finally {
-            closeQuietly(con);
-        }
-    }
-
-    public PlayerProfile getProfile(String name, boolean fetch) {
-        if (profileCache.containsKey(name)) {
-            return profileCache.get(name);
-        } else if (fetch) {
-            Connection con = null;
-            try {
-                con = dataSource.getConnection();
-                PreparedStatement loadStatement = con.prepareStatement("SELECT * FROM " + PREMIUM_TABLE
-                        + " WHERE `Name`=? LIMIT 1");
-                loadStatement.setString(1, name);
-
-                ResultSet resultSet = loadStatement.executeQuery();
-                if (resultSet.next()) {
-                    long userId = resultSet.getInt(1);
-
-                    String unparsedUUID = resultSet.getString(2);
-                    UUID uuid;
-                    if (unparsedUUID == null) {
-                        uuid = null;
-                    } else {
-                        uuid = FastLoginBungee.parseId(unparsedUUID);
-                    }
-
-//                    String name = resultSet.getString(3);
-                    boolean premium = resultSet.getBoolean(4);
-                    String lastIp = resultSet.getString(5);
-                    long lastLogin = resultSet.getTimestamp(6).getTime();
-                    PlayerProfile playerProfile = new PlayerProfile(userId, uuid, name, premium, lastIp, lastLogin);
-                    profileCache.put(name, playerProfile);
-                    return playerProfile;
-                } else {
-                    PlayerProfile crackedProfile = new PlayerProfile(null, name, false, "");
-                    profileCache.put(name, crackedProfile);
-                    return crackedProfile;
-                }
-            } catch (SQLException sqlEx) {
-                plugin.getLogger().log(Level.SEVERE, "Failed to query profile", sqlEx);
-            } finally {
-                closeQuietly(con);
-            }
-        }
-
-        return null;
-    }
-
-    public boolean save(PlayerProfile playerProfile) {
-        Connection con = null;
-        try {
-            con = dataSource.getConnection();
-
-            UUID uuid = playerProfile.getUuid();
-
-            if (playerProfile.getUserId() == -1) {
-                PreparedStatement saveStatement = con.prepareStatement("INSERT INTO " + PREMIUM_TABLE
-                        + " (UUID, Name, Premium, LastIp) VALUES (?, ?, ?, ?)", Statement.RETURN_GENERATED_KEYS);
-
-                if (uuid == null) {
-                    saveStatement.setString(1, null);
-                } else {
-                    saveStatement.setString(1, uuid.toString().replace("-", ""));
-                }
-
-                saveStatement.setString(2, playerProfile.getPlayerName());
-                saveStatement.setBoolean(3, playerProfile.isPremium());
-                saveStatement.setString(4, playerProfile.getLastIp());
-                saveStatement.execute();
-
-                ResultSet generatedKeys = saveStatement.getGeneratedKeys();
-                if (generatedKeys != null && generatedKeys.next()) {
-                    playerProfile.setUserId(generatedKeys.getInt(1));
-                }
-            } else {
-                PreparedStatement saveStatement = con.prepareStatement("UPDATE " + PREMIUM_TABLE
-                        + " SET UUID=?, Name=?, Premium=?, LastIp=?, LastLogin=CURRENT_TIMESTAMP WHERE UserID=?");
-
-                if (uuid == null) {
-                    saveStatement.setString(1, null);
-                } else {
-                    saveStatement.setString(1, uuid.toString().replace("-", ""));
-                }
-
-                saveStatement.setString(2, playerProfile.getPlayerName());
-                saveStatement.setBoolean(3, playerProfile.isPremium());
-                saveStatement.setString(4, playerProfile.getLastIp());
-//                saveStatement.setTimestamp(5, new Timestamp(playerProfile.getLastLogin()));
-
-                saveStatement.setLong(5, playerProfile.getUserId());
-                saveStatement.execute();
-            }
-
-            return true;
-        } catch (SQLException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Failed to save playerProfile", ex);
-        } finally {
-            closeQuietly(con);
-        }
-
-        return false;
-    }
-
-    public void close() {
-        dataSource.close();
-        profileCache.clear();
-    }
-
-    private void closeQuietly(Connection con) {
-        if (con != null) {
-            try {
-                con.close();
-            } catch (SQLException sqlEx) {
-                plugin.getLogger().log(Level.SEVERE, "Failed to close connection", sqlEx);
-            }
-        }
-    }
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginAutoLoginEvent.java

@@ -0,0 +1,39 @@
+package com.github.games647.fastlogin.bungee.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import net.md_5.bungee.api.plugin.Cancellable;
+import net.md_5.bungee.api.plugin.Event;
+
+public class BungeeFastLoginAutoLoginEvent extends Event implements FastLoginAutoLoginEvent, Cancellable {
+
+    private final LoginSession session;
+    private final StoredProfile profile;
+    private boolean cancelled;
+
+    public BungeeFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        this.session = session;
+        this.profile = profile;
+    }
+
+    @Override
+    public LoginSession getSession() {
+        return session;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public boolean isCancelled() {
+        return cancelled;
+    }
+
+    @Override
+    public void setCancelled(boolean cancelled) {
+        this.cancelled = cancelled;
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPreLoginEvent.java

@@ -0,0 +1,34 @@
+package com.github.games647.fastlogin.bungee.event;
+
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSource;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import net.md_5.bungee.api.plugin.Event;
+
+public class BungeeFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent {
+
+    private final String username;
+    private final LoginSource source;
+    private final StoredProfile profile;
+
+    public BungeeFastLoginPreLoginEvent(String username, LoginSource source, StoredProfile profile) {
+        this.username = username;
+        this.source = source;
+        this.profile = profile;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public LoginSource getSource() {
+        return source;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/hook/BungeeAuthHook.java

@@ -0,0 +1,36 @@
+package com.github.games647.fastlogin.bungee.hook;
+
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+
+import me.vik1395.BungeeAuth.Main;
+import me.vik1395.BungeeAuthAPI.RequestHandler;
+
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+
+/**
+ * GitHub: https://github.com/vik1395/BungeeAuth-Minecraft
+ *
+ * Project page:
+ *
+ * Spigot: https://www.spigotmc.org/resources/bungeeauth.493/
+ */
+public class BungeeAuthHook implements AuthPlugin<ProxiedPlayer> {
+
+    private final RequestHandler requestHandler = new RequestHandler();
+
+    @Override
+    public boolean forceLogin(ProxiedPlayer player) {
+        String playerName = player.getName();
+        return Main.plonline.contains(playerName) || requestHandler.forceLogin(playerName);
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return requestHandler.isRegistered(playerName);
+    }
+
+    @Override
+    public boolean forceRegister(ProxiedPlayer player, String password) {
+        return requestHandler.forceRegister(player, password);
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/hooks/BungeeAuthHook.java

@@ -1,104 +0,0 @@
-package com.github.games647.fastlogin.bungee.hooks;
-
-import java.lang.reflect.Method;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Random;
-
-import me.vik1395.BungeeAuth.ListenerClass;
-import me.vik1395.BungeeAuth.Main;
-import me.vik1395.BungeeAuth.Password.PasswordHandler;
-import me.vik1395.BungeeAuth.Tables;
-
-import net.md_5.bungee.api.connection.ProxiedPlayer;
-
-/**
- * Github: https://github.com/MatteCarra/BungeeAuth
- *
- * Project page:
- *
- * Spigot: https://www.spigotmc.org/resources/bungeeauth.493/
- */
-public class BungeeAuthHook implements BungeeAuthPlugin {
-
-    //https://github.com/MatteCarra/BungeeAuth/blob/master/src/me/vik1395/BungeeAuth/Login.java#L32
-    private final Tables databaseConnection = new Tables();
-
-    @Override
-    public boolean forceLogin(final ProxiedPlayer player) {
-//https://github.com/MatteCarra/BungeeAuth/blob/master/src/me/vik1395/BungeeAuth/Login.java#L92-95
-        Main.plonline.add(player.getName());
-
-        //renamed from ct to databaseConnection
-//            databaseConnection.setStatus(player.getName(), "online");
-        final Class<?>[] parameterTypes = new Class<?>[]{String.class, String.class};
-        final Object[] arguments = new Object[]{player.getName(), "online"};
-
-        try {
-            callProtected("setStatus", parameterTypes, arguments);
-            ListenerClass.movePlayer(player, false);
-
-            //proparly not thread-safe
-            ListenerClass.prelogin.get(player.getName()).cancel();
-        } catch (Exception ex) {
-            Main.plugin.getLogger().severe("[BungeeAuth] Error force loging in player");
-            return false;
-        }
-
-        return true;
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        //https://github.com/MatteCarra/BungeeAuth/blob/master/src/me/vik1395/BungeeAuth/Register.java#L46
-        //renamed t to databaseConnection
-        return databaseConnection.checkPlayerEntry(playerName);
-    }
-
-    @Override
-    public boolean forceRegister(final ProxiedPlayer player, String password) {
-        //https://github.com/MatteCarra/BungeeAuth/blob/master/src/me/vik1395/BungeeAuth/Register.java#L102
-        PasswordHandler ph = new PasswordHandler();
-        Random rand = new Random();
-        int maxp = 7; //Total Password Hashing methods.
-        Date dNow = new Date();
-        SimpleDateFormat ft = new SimpleDateFormat("yyyy.MM.dd HH:mm:ss");
-
-        String Pw = password;
-        String pType = "" + rand.nextInt(maxp + 1);
-        String regdate = ft.format(dNow);
-        //https://github.com/MatteCarra/BungeeAuth/blob/master/src/me/vik1395/BungeeAuth/Register.java#L60
-        String lastip = player.getAddress().getAddress().getHostAddress();
-        String lastseen = regdate;
-        String hash = ph.newHash(Pw, pType);
-
-        //creates a new SQL entry with the player's details.
-
-        //renamed t to databaseConnection
-//            databaseConnection.newPlayerEntry(player.getName(), hash, pType, "", lastip, regdate, lastip, lastseen);
-
-        final Class<?>[] parameterTypes = new Class<?>[] {String.class, String.class, String.class, String.class
-                , String.class, String.class, String.class, String.class};
-        final Object[] arguments = new Object[] {player.getName(), hash, pType, "", lastip, regdate, lastip, lastseen};
-
-        try {
-            callProtected("newPlayerEntry", parameterTypes, arguments);
-            //proparly not thread-safe
-            forceLogin(player);
-        } catch (Exception ex) {
-            Main.plugin.getLogger().severe("[BungeeAuth] Error when creating a new player in the Database");
-            return false;
-        }
-
-        return true;
-    }
-
-    //pail ;(
-    private void callProtected(String methodName, Class<?>[] parameterTypes, Object[] arguments) throws Exception {
-        Class<? extends Tables> tableClass = databaseConnection.getClass();
-
-        Method method = tableClass.getDeclaredMethod(methodName, parameterTypes);
-        method.setAccessible(true);
-        method.invoke(databaseConnection, arguments);
-    }
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/hooks/BungeeAuthPlugin.java

@@ -1,55 +0,0 @@
-package com.github.games647.fastlogin.bungee.hooks;
-
-import net.md_5.bungee.api.connection.ProxiedPlayer;
-
-/**
- * Represents a supporting authentication plugin in BungeeCord/Waterfall/... servers
- */
-public interface BungeeAuthPlugin {
-
-    /**
-     * Login the premium (paid account) player after
-     * the player joined successfully a server.
-     *
-     * @param player the player that needs to be logged in
-     * @return if the operation was successful
-     */
-    boolean forceLogin(ProxiedPlayer player);
-
-    /**
-     * Checks whether an account exists for this player name.
-     *
-     * This check should check if a cracked player account exists
-     * so we can be sure the premium player doesn't steal the account
-     * of that player.
-     *
-     * This operation will be performed async while the player is
-     * connecting
-     *
-     * @param playerName player name
-     * @return if the player has an account
-     * @throws Exception if an error occurred
-     */
-    boolean isRegistered(String playerName) throws Exception;
-
-    /**
-     * Forces a register in order to protect the paid account.
-     * The method will be invoked after the player joined a server.
-     *
-     * After a successful registration the player should be logged
-     * in too.
-     *
-     * The method will be called only for premium accounts.
-     * So it's recommended to set additionally premium property
-     * if possible.
-     *
-     * If we don't register an account, cracked players
-     * could steal the unregistered account from the paid
-     * player account
-     *
-     * @param player the premium account
-     * @param password a strong random generated password
-     * @return if the operation was successful
-     */
-    boolean forceRegister(ProxiedPlayer player, String password);
-}

bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java

@@ -0,0 +1,113 @@
+package com.github.games647.fastlogin.bungee.listener;
+
+import com.github.games647.craftapi.UUIDAdapter;
+import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.bungee.task.AsyncPremiumCheck;
+import com.github.games647.fastlogin.bungee.task.ForceLoginTask;
+import com.github.games647.fastlogin.core.ConfirmationState;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+
+import java.lang.reflect.Field;
+import java.util.UUID;
+
+import net.md_5.bungee.api.connection.PendingConnection;
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+import net.md_5.bungee.api.connection.Server;
+import net.md_5.bungee.api.event.LoginEvent;
+import net.md_5.bungee.api.event.PlayerDisconnectEvent;
+import net.md_5.bungee.api.event.PreLoginEvent;
+import net.md_5.bungee.api.event.ServerConnectedEvent;
+import net.md_5.bungee.api.plugin.Listener;
+import net.md_5.bungee.connection.InitialHandler;
+import net.md_5.bungee.connection.LoginResult;
+import net.md_5.bungee.connection.LoginResult.Property;
+import net.md_5.bungee.event.EventHandler;
+import net.md_5.bungee.event.EventPriority;
+
+/**
+ * Enables online mode logins for specified users and sends plugin message to the Bukkit version of this plugin in
+ * order to clear that the connection is online mode.
+ */
+public class ConnectListener implements Listener {
+
+    private final FastLoginBungee plugin;
+    private final Property[] emptyProperties = {};
+
+    public ConnectListener(FastLoginBungee plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler
+    public void onPreLogin(PreLoginEvent preLoginEvent) {
+        if (preLoginEvent.isCancelled()) {
+            return;
+        }
+
+        preLoginEvent.registerIntent(plugin);
+
+        PendingConnection connection = preLoginEvent.getConnection();
+        Runnable asyncPremiumCheck = new AsyncPremiumCheck(plugin, preLoginEvent, connection);
+        plugin.getScheduler().runAsync(asyncPremiumCheck);
+    }
+
+    @EventHandler(priority = EventPriority.LOWEST)
+    public void onLogin(LoginEvent loginEvent) {
+        if (loginEvent.isCancelled()) {
+            return;
+        }
+
+        //use the login event instead of the post login event in order to send the login success packet to the client
+        //with the offline uuid this makes it possible to set the skin then
+        PendingConnection connection = loginEvent.getConnection();
+        InitialHandler initialHandler = (InitialHandler) connection;
+
+        String username = initialHandler.getLoginRequest().getData();
+        if (connection.isOnlineMode()) {
+            LoginSession session = plugin.getSession().get(connection);
+            session.setUuid(connection.getUniqueId());
+
+            StoredProfile playerProfile = session.getProfile();
+            playerProfile.setId(connection.getUniqueId());
+
+            //bungeecord will do this automatically so override it on disabled option
+            if (!plugin.getCore().getConfig().get("premiumUuid", true)) {
+                try {
+                    UUID offlineUUID = UUIDAdapter.generateOfflineId(username);
+
+                    //bungeecord doesn't support overriding the premium uuid
+                    //so we have to do it with reflection
+                    Field idField = InitialHandler.class.getDeclaredField("uniqueId");
+                    idField.setAccessible(true);
+                    idField.set(connection, offlineUUID);
+                } catch (NoSuchFieldException | IllegalAccessException ex) {
+                    plugin.getLog().error("Failed to set offline uuid of {}", username, ex);
+                }
+            }
+
+            if (!plugin.getCore().getConfig().get("forwardSkin", true)) {
+                //this is null on offline mode
+                LoginResult loginProfile = initialHandler.getLoginProfile();
+                if (loginProfile != null) {
+                    loginProfile.setProperties(emptyProperties);
+                }
+            }
+        }
+    }
+
+    @EventHandler
+    public void onServerConnected(ServerConnectedEvent serverConnectedEvent) {
+        ProxiedPlayer player = serverConnectedEvent.getPlayer();
+        Server server = serverConnectedEvent.getServer();
+
+        Runnable loginTask = new ForceLoginTask(plugin.getCore(), player, server);
+        plugin.getScheduler().runAsync(loginTask);
+    }
+
+    @EventHandler
+    public void onDisconnect(PlayerDisconnectEvent disconnectEvent) {
+        ProxiedPlayer player = disconnectEvent.getPlayer();
+        plugin.getSession().remove(player.getPendingConnection());
+        plugin.getCore().getPendingConfirms().remove(player.getName(), ConfirmationState.REQUIRE_AUTH_PLUGIN_LOGIN);
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/PluginMessageListener.java

@@ -0,0 +1,127 @@
+package com.github.games647.fastlogin.bungee.listener;
+
+import com.github.games647.fastlogin.bungee.BungeeLoginSession;
+import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.bungee.task.AsyncToggleMessage;
+import com.github.games647.fastlogin.core.ConfirmationState;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.github.games647.fastlogin.core.message.SuccessMessage;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.google.common.io.ByteArrayDataInput;
+import com.google.common.io.ByteStreams;
+
+import java.util.Arrays;
+
+import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+import net.md_5.bungee.api.connection.Server;
+import net.md_5.bungee.api.event.PluginMessageEvent;
+import net.md_5.bungee.api.plugin.Listener;
+import net.md_5.bungee.event.EventHandler;
+
+public class PluginMessageListener implements Listener {
+
+    private final FastLoginBungee plugin;
+
+    private final String successChannel;
+    private final String changeChannel;
+
+    public PluginMessageListener(FastLoginBungee plugin) {
+        this.plugin = plugin;
+
+        this.successChannel = new NamespaceKey(plugin.getName(), SuccessMessage.SUCCESS_CHANNEL).getCombinedName();
+        this.changeChannel = new NamespaceKey(plugin.getName(), ChangePremiumMessage.CHANGE_CHANNEL).getCombinedName();
+    }
+
+    @EventHandler
+    public void onPluginMessage(PluginMessageEvent pluginMessageEvent) {
+        String channel = pluginMessageEvent.getTag();
+        if (pluginMessageEvent.isCancelled() || !channel.startsWith(plugin.getName().toLowerCase())) {
+            return;
+        }
+
+        //the client shouldn't be able to read the messages in order to know something about server internal states
+        //moreover the client shouldn't be able fake a running premium check by sending the result message
+        pluginMessageEvent.setCancelled(true);
+
+        if (!(pluginMessageEvent.getSender() instanceof Server)) {
+            //check if the message is sent from the server
+            return;
+        }
+
+        //so that we can safely process this in the background
+        byte[] data = Arrays.copyOf(pluginMessageEvent.getData(), pluginMessageEvent.getData().length);
+        ProxiedPlayer forPlayer = (ProxiedPlayer) pluginMessageEvent.getReceiver();
+
+        plugin.getScheduler().runAsync(() -> readMessage(forPlayer, channel, data));
+    }
+
+    private void readMessage(ProxiedPlayer fromPlayer, String channel, byte[] data) {
+        ByteArrayDataInput dataInput = ByteStreams.newDataInput(data);
+        if (successChannel.equals(channel)) {
+            onSuccessMessage(fromPlayer);
+        } else if (changeChannel.equals(channel)) {
+            ChangePremiumMessage changeMessage = new ChangePremiumMessage();
+            changeMessage.readFrom(dataInput);
+
+            String playerName = changeMessage.getPlayerName();
+            boolean isSourceInvoker = changeMessage.isSourceInvoker();
+            onChangeMessage(fromPlayer, changeMessage.shouldEnable(), playerName, isSourceInvoker);
+        }
+    }
+
+    private void onChangeMessage(ProxiedPlayer fromPlayer, boolean shouldEnable, String playerName, boolean isSourceInvoker) {
+        FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core = plugin.getCore();
+        if (shouldEnable) {
+            if (!isSourceInvoker) {
+                // fromPlayer is not the target player
+                activePremiumLogin(fromPlayer, playerName, false);
+                return;
+            }
+
+            if (plugin.getCore().getConfig().getBoolean("premium-confirm", true)) {
+                ConfirmationState state = plugin.getCore().getPendingConfirms().get(playerName);
+                if (state == null) {
+                    // no pending confirmation
+                    core.sendLocaleMessage("premium-confirm", fromPlayer);
+                    core.getPendingConfirms().put(playerName, ConfirmationState.REQUIRE_RELOGIN);
+                } else if (state == ConfirmationState.REQUIRE_AUTH_PLUGIN_LOGIN) {
+                    // player logged in successful using premium authentication
+                    activePremiumLogin(fromPlayer, playerName, true);
+                }
+            } else {
+                activePremiumLogin(fromPlayer, playerName, true);
+            }
+        } else {
+            Runnable task = new AsyncToggleMessage(core, fromPlayer, playerName, false, isSourceInvoker);
+            plugin.getScheduler().runAsync(task);
+        }
+    }
+
+    private void activePremiumLogin(ProxiedPlayer fromPlayer, String playerName, boolean isSourceInvoker) {
+        plugin.getCore().getPendingConfirms().remove(playerName);
+        Runnable task = new AsyncToggleMessage(plugin.getCore(), fromPlayer, playerName, true, isSourceInvoker);
+        plugin.getScheduler().runAsync(task);
+    }
+
+    private void onSuccessMessage(ProxiedPlayer forPlayer) {
+        if (forPlayer.getPendingConnection().isOnlineMode()) {
+            //bukkit module successfully received and force logged in the user
+            //update only on success to prevent corrupt data
+            BungeeLoginSession loginSession = plugin.getSession().get(forPlayer.getPendingConnection());
+            StoredProfile playerProfile = loginSession.getProfile();
+            loginSession.setRegistered(true);
+
+            if (!loginSession.isAlreadySaved()) {
+                loginSession.setAlreadySaved(true);
+
+                playerProfile.setId(loginSession.getUuid());
+                playerProfile.setPremium(true);
+
+                plugin.getCore().getStorage().save(playerProfile);
+            }
+        }
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncPremiumCheck.java

@@ -0,0 +1,73 @@
+package com.github.games647.fastlogin.bungee.task;
+
+import com.github.games647.fastlogin.bungee.BungeeLoginSession;
+import com.github.games647.fastlogin.bungee.BungeeLoginSource;
+import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.bungee.event.BungeeFastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+
+import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.connection.PendingConnection;
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+import net.md_5.bungee.api.event.PreLoginEvent;
+import net.md_5.bungee.connection.InitialHandler;
+
+public class AsyncPremiumCheck extends JoinManagement<ProxiedPlayer, CommandSender, BungeeLoginSource>
+        implements Runnable {
+
+    private final FastLoginBungee plugin;
+    private final PreLoginEvent preLoginEvent;
+
+    private final PendingConnection connection;
+
+    public AsyncPremiumCheck(FastLoginBungee plugin, PreLoginEvent preLoginEvent, PendingConnection connection) {
+        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
+
+        this.plugin = plugin;
+        this.preLoginEvent = preLoginEvent;
+        this.connection = connection;
+    }
+
+    @Override
+    public void run() {
+        plugin.getSession().remove(connection);
+
+        InitialHandler initialHandler = (InitialHandler) connection;
+        String username = initialHandler.getLoginRequest().getData();
+        try {
+            super.onLogin(username, new BungeeLoginSource(connection, preLoginEvent));
+        } finally {
+            preLoginEvent.completeIntent(plugin);
+        }
+    }
+
+    @Override
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, BungeeLoginSource source,
+                                                             StoredProfile profile) {
+        return plugin.getProxy().getPluginManager()
+                .callEvent(new BungeeFastLoginPreLoginEvent(username, source, profile));
+    }
+
+    @Override
+    public void requestPremiumLogin(BungeeLoginSource source, StoredProfile profile,
+                                    String username, boolean registered) {
+        source.setOnlineMode();
+        plugin.getSession().put(source.getConnection(), new BungeeLoginSession(username, registered, profile));
+
+        String ip = source.getAddress().getAddress().getHostAddress();
+        plugin.getCore().getPendingLogin().put(ip + username, new Object());
+    }
+
+    @Override
+    public void requestConfirmationLogin(BungeeLoginSource source, StoredProfile profile, String username) {
+        source.setOnlineMode();
+        plugin.getSession().put(source.getConnection(), new BungeeLoginSession(username, profile));
+    }
+
+    @Override
+    public void startCrackedSession(BungeeLoginSource source, StoredProfile profile, String username) {
+        plugin.getSession().put(source.getConnection(), new BungeeLoginSession(username, false, profile));
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncToggleMessage.java

@@ -0,0 +1,73 @@
+package com.github.games647.fastlogin.bungee.task;
+
+import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+
+import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.ProxyServer;
+import net.md_5.bungee.api.chat.TextComponent;
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+
+public class AsyncToggleMessage implements Runnable {
+
+    private final FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core;
+    private final ProxiedPlayer sender;
+    private final String targetPlayer;
+    private final boolean toPremium;
+    private final boolean isPlayerSender;
+
+    public AsyncToggleMessage(FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core,
+             ProxiedPlayer sender, String playerName, boolean toPremium, boolean playerSender) {
+        this.core = core;
+        this.sender = sender;
+        this.targetPlayer = playerName;
+        this.toPremium = toPremium;
+        this.isPlayerSender = playerSender;
+    }
+
+    @Override
+    public void run() {
+        if (toPremium) {
+            activatePremium();
+        } else {
+            turnOffPremium();
+        }
+    }
+
+    private void turnOffPremium() {
+        StoredProfile playerProfile = core.getStorage().loadProfile(targetPlayer);
+        //existing player is already cracked
+        if (playerProfile.isSaved() && !playerProfile.isPremium()) {
+            sendMessage("not-premium");
+            return;
+        }
+
+        playerProfile.setPremium(false);
+        playerProfile.setId(null);
+        core.getStorage().save(playerProfile);
+        sendMessage("remove-premium");
+    }
+
+    private void activatePremium() {
+        StoredProfile playerProfile = core.getStorage().loadProfile(targetPlayer);
+        if (playerProfile.isPremium()) {
+            sendMessage("already-exists");
+            return;
+        }
+
+        playerProfile.setPremium(true);
+        core.getStorage().save(playerProfile);
+        sendMessage("add-premium");
+    }
+
+    private void sendMessage(String localeId) {
+        String message = core.getMessage(localeId);
+        if (isPlayerSender) {
+            sender.sendMessage(TextComponent.fromLegacyText(message));
+        } else {
+            CommandSender console = ProxyServer.getInstance().getConsole();
+            console.sendMessage(TextComponent.fromLegacyText(message));
+        }
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/ForceLoginTask.java

@@ -0,0 +1,96 @@
+package com.github.games647.fastlogin.bungee.task;
+
+import com.github.games647.fastlogin.bungee.BungeeLoginSession;
+import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.bungee.event.BungeeFastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.message.ChannelMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage.Type;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.ForceLoginManagement;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+
+import java.util.UUID;
+
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.ProxyServer;
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+import net.md_5.bungee.api.connection.Server;
+
+public class ForceLoginTask
+        extends ForceLoginManagement<ProxiedPlayer, CommandSender, BungeeLoginSession, FastLoginBungee> {
+
+    private final Server server;
+
+    public ForceLoginTask(FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core,
+             ProxiedPlayer player, Server server) {
+        super(core, player, core.getPlugin().getSession().get(player.getPendingConnection()));
+
+        this.server = server;
+    }
+
+    @Override
+    public void run() {
+        if (session == null) {
+            return;
+        }
+
+        super.run();
+
+        if (!isOnlineMode()) {
+            session.setAlreadySaved(true);
+        }
+    }
+
+    @Override
+    public boolean forceLogin(ProxiedPlayer player) {
+        if (session.isAlreadyLogged()) {
+            return true;
+        }
+
+        session.setAlreadyLogged(true);
+        return super.forceLogin(player);
+    }
+
+    @Override
+    public FastLoginAutoLoginEvent callFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        return core.getPlugin().getProxy().getPluginManager()
+                .callEvent(new BungeeFastLoginAutoLoginEvent(session, profile));
+    }
+
+    @Override
+    public boolean forceRegister(ProxiedPlayer player) {
+        return session.isAlreadyLogged() || super.forceRegister(player);
+    }
+
+    @Override
+    public void onForceActionSuccess(LoginSession session) {
+        //sub channel name
+        Type type = Type.LOGIN;
+        if (session.needsRegistration()) {
+            type = Type.REGISTER;
+        }
+
+        UUID proxyId = UUID.fromString(ProxyServer.getInstance().getConfig().getUuid());
+        ChannelMessage loginMessage = new LoginActionMessage(type, player.getName(), proxyId);
+
+        core.getPlugin().sendPluginMessage(server, loginMessage);
+    }
+
+    @Override
+    public String getName(ProxiedPlayer player) {
+        return player.getName();
+    }
+
+    @Override
+    public boolean isOnline(ProxiedPlayer player) {
+        return player.isConnected();
+    }
+
+    @Override
+    public boolean isOnlineMode() {
+        return player.getPendingConnection().isOnlineMode();
+    }
+}

bungee/src/main/resources/bungee.yml

@@ -1,16 +1,16 @@
-# project informations for BungeeCord
+# project data for BungeeCord
 # This file will be prioritised over plugin.yml which can be also used for Bungee
 # This make it easy to combine BungeeCord and Bukkit support in one plugin
 name: ${project.parent.name}
 # ${-} will be automatically replaced by Maven
 main: ${project.groupId}.${project.artifactId}.${project.name}
 
-version: ${project.version}
-author: games647, http://github.com/games647/FastLogin/graphs/contributors
+version: ${project.version}-${git.commit.id.abbrev}
+author: games647, https://github.com/games647/FastLogin/graphs/contributors
 
-softdepends:
+softDepends:
     # BungeeCord auth plugins
     - BungeeAuth
 
 description: |
-    ${project.description}
+    ${project.description}

core/pom.xml

@@ -0,0 +1,82 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.github.games647</groupId>
+        <artifactId>fastlogin</artifactId>
+        <version>1.11-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>fastlogin.core</artifactId>
+    <packaging>jar</packaging>
+
+    <name>FastLoginCore</name>
+
+    <repositories>
+        <repository>
+            <id>luck-repo</id>
+            <url>https://ci.lucko.me/plugin/repository/everything</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+        <repository>
+            <id>codemc-repo</id>
+            <url>https://repo.codemc.io/repository/maven-public/</url>
+        </repository>
+    </repositories>
+
+    <dependencies>
+        <!-- Libraries that we shade into the project -->
+
+        <!--Database pooling-->
+        <dependency>
+            <groupId>com.zaxxer</groupId>
+            <artifactId>HikariCP</artifactId>
+            <version>3.4.2</version>
+        </dependency>
+
+        <!--Logging framework implements slf4j which is required by hikari-->
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
+            <version>1.7.30</version>
+        </dependency>
+
+        <!-- snakeyaml is present in Bungee, Spigot, Cauldron and so we could use this independent implementation -->
+        <dependency>
+            <groupId>net.md-5</groupId>
+            <artifactId>bungeecord-config</artifactId>
+            <version>1.12-SNAPSHOT</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!--Common component for contacting the Mojang API-->
+        <dependency>
+            <groupId>com.github.games647</groupId>
+            <artifactId>craftapi</artifactId>
+            <version>0.4</version>
+        </dependency>
+
+        <!-- APIs we can use because they are available in all platforms (Spigot, Bungee) -->
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>17.0</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.2.4</version>
+        </dependency>
+    </dependencies>
+</project>

core/src/main/java/com/github/games647/fastlogin/core/AsyncScheduler.java

@@ -0,0 +1,69 @@
+package com.github.games647.fastlogin.core;
+
+import com.google.common.util.concurrent.MoreExecutors;
+
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+
+import org.slf4j.Logger;
+
+/**
+ * This limits the number of threads that are used at maximum. Thread creation can be very heavy for the CPU and
+ * context switching between threads too. However we need many threads for blocking HTTP and database calls.
+ * Nevertheless this number can be further limited, because the number of actually working database threads
+ * is limited by the size of our database pool. The goal is to separate concerns into processing and blocking only
+ * threads.
+ */
+public class AsyncScheduler {
+
+    private static final int MAX_CAPACITY = 1024;
+
+    //todo: single thread for delaying and scheduling tasks
+    private final Logger logger;
+
+    // 30 threads are still too many - the optimal solution is to separate into processing and blocking threads
+    // where processing threads could only be max number of cores while blocking threads could be minimized using
+    // non-blocking I/O and a single event executor
+    private final ExecutorService processingPool;
+
+    /*
+    private final ExecutorService databaseExecutor = new ThreadPoolExecutor(1, 10,
+            0L, TimeUnit.MILLISECONDS,
+            new LinkedBlockingQueue<>(MAX_CAPACITY));
+     */
+
+    public AsyncScheduler(Logger logger, ThreadFactory threadFactory) {
+        this.logger = logger;
+        processingPool = new ThreadPoolExecutor(6, 32,
+                60L, TimeUnit.SECONDS,
+                new LinkedBlockingQueue<>(MAX_CAPACITY), threadFactory);
+    }
+
+    /*
+    public <R> CompletableFuture<R> runDatabaseTask(Supplier<R> databaseTask) {
+        return CompletableFuture.supplyAsync(databaseTask, databaseExecutor)
+                .exceptionally(error -> {
+                    logger.warn("Error occurred on thread pool", error);
+                    return null;
+                })
+                // change context to the processing pool
+                .thenApplyAsync(r -> r, processingPool);
+    }
+     */
+
+    public CompletableFuture<Void> runAsync(Runnable task) {
+        return CompletableFuture.runAsync(task, processingPool).exceptionally(error -> {
+            logger.warn("Error occurred on thread pool", error);
+            return null;
+        });
+    }
+
+    public void shutdown() {
+        MoreExecutors.shutdownAndAwaitTermination(processingPool, 1, TimeUnit.MINUTES);
+        //MoreExecutors.shutdownAndAwaitTermination(databaseExecutor, 1, TimeUnit.MINUTES);
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java

@@ -0,0 +1,185 @@
+package com.github.games647.fastlogin.core;
+
+import com.github.games647.craftapi.UUIDAdapter;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.zaxxer.hikari.HikariConfig;
+import com.zaxxer.hikari.HikariDataSource;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.time.Instant;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.UUID;
+import java.util.concurrent.ThreadFactory;
+
+import static java.sql.Statement.RETURN_GENERATED_KEYS;
+
+public class AuthStorage {
+
+    private static final String PREMIUM_TABLE = "premium";
+
+    private static final String LOAD_BY_NAME = "SELECT * FROM `" + PREMIUM_TABLE + "` WHERE `Name`=? LIMIT 1";
+    private static final String LOAD_BY_UUID = "SELECT * FROM `" + PREMIUM_TABLE + "` WHERE `UUID`=? LIMIT 1";
+    private static final String INSERT_PROFILE = "INSERT INTO `" + PREMIUM_TABLE
+            + "` (`UUID`, `Name`, `Premium`, `LastIp`) " + "VALUES (?, ?, ?, ?) ";
+    // limit not necessary here, because it's unique
+    private static final String UPDATE_PROFILE = "UPDATE `" + PREMIUM_TABLE
+            + "` SET `UUID`=?, `Name`=?, `Premium`=?, `LastIp`=?, `LastLogin`=CURRENT_TIMESTAMP WHERE `UserID`=?";
+
+    private final FastLoginCore<?, ?, ?> core;
+    private final HikariDataSource dataSource;
+
+    public AuthStorage(FastLoginCore<?, ?, ?> core, String host, int port, String databasePath,
+                       HikariConfig config, boolean useSSL) {
+        this.core = core;
+        config.setPoolName(core.getPlugin().getName());
+
+        //a try to fix https://www.spigotmc.org/threads/fastlogin.101192/page-26#post-1874647
+        Properties properties = new Properties();
+        properties.setProperty("date_string_format", "yyyy-MM-dd HH:mm:ss");
+        properties.setProperty("useSSL", String.valueOf(useSSL));
+        config.setDataSourceProperties(properties);
+        ThreadFactory platformThreadFactory = core.getPlugin().getThreadFactory();
+        if (platformThreadFactory != null) {
+            config.setThreadFactory(platformThreadFactory);
+        }
+
+        String jdbcUrl = "jdbc:";
+        if (config.getDriverClassName().contains("sqlite")) {
+            String pluginFolder = core.getPlugin().getPluginFolder().toAbsolutePath().toString();
+            databasePath = databasePath.replace("{pluginDir}", pluginFolder);
+
+            jdbcUrl += "sqlite://" + databasePath;
+            config.setConnectionTestQuery("SELECT 1");
+            config.setMaximumPoolSize(1);
+        } else {
+            jdbcUrl += "mysql://" + host + ':' + port + '/' + databasePath;
+            // enable MySQL specific optimizations
+            // default prepStmtCacheSize 25 - amount of cached statements - enough for us
+            // default prepStmtCacheSqlLimit 256 - length of SQL - our queries are not longer
+            // disabled by default - will return the same prepared statement instance
+            config.addDataSourceProperty("cachePrepStmts", true);
+            // default false - available in newer versions caches the statements server-side
+            config.addDataSourceProperty("useServerPrepStmts", true);
+        }
+
+        config.setJdbcUrl(jdbcUrl);
+        this.dataSource = new HikariDataSource(config);
+    }
+
+    public void createTables() throws SQLException {
+        // choose surrogate PK(ID), because UUID can be null for offline players
+        // if UUID is always Premium UUID we would have to update offline player entries on insert
+        // name cannot be PK, because it can be changed for premium players
+        String createDataStmt = "CREATE TABLE IF NOT EXISTS `" + PREMIUM_TABLE + "` ("
+                + "`UserID` INTEGER PRIMARY KEY AUTO_INCREMENT, "
+                + "`UUID` CHAR(36), "
+                + "`Name` VARCHAR(16) NOT NULL, "
+                + "`Premium` BOOLEAN NOT NULL, "
+                + "`LastIp` VARCHAR(255) NOT NULL, "
+                + "`LastLogin` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, "
+                //the premium shouldn't steal the cracked account by changing the name
+                + "UNIQUE (`Name`) "
+                + ')';
+
+        if (dataSource.getJdbcUrl().contains("sqlite")) {
+            createDataStmt = createDataStmt.replace("AUTO_INCREMENT", "AUTOINCREMENT");
+        }
+
+        //todo: add unique uuid index usage
+        try (Connection con = dataSource.getConnection();
+             Statement createStmt = con.createStatement()) {
+            createStmt.executeUpdate(createDataStmt);
+        }
+    }
+
+    public StoredProfile loadProfile(String name) {
+        try (Connection con = dataSource.getConnection();
+             PreparedStatement loadStmt = con.prepareStatement(LOAD_BY_NAME)
+        ) {
+            loadStmt.setString(1, name);
+
+            try (ResultSet resultSet = loadStmt.executeQuery()) {
+                return parseResult(resultSet).orElseGet(() -> new StoredProfile(null, name, false, ""));
+            }
+        } catch (SQLException sqlEx) {
+            core.getPlugin().getLog().error("Failed to query profile: {}", name, sqlEx);
+        }
+
+        return null;
+    }
+
+    public StoredProfile loadProfile(UUID uuid) {
+        try (Connection con = dataSource.getConnection();
+             PreparedStatement loadStmt = con.prepareStatement(LOAD_BY_UUID)) {
+            loadStmt.setString(1, UUIDAdapter.toMojangId(uuid));
+
+            try (ResultSet resultSet = loadStmt.executeQuery()) {
+                return parseResult(resultSet).orElse(null);
+            }
+        } catch (SQLException sqlEx) {
+            core.getPlugin().getLog().error("Failed to query profile: {}", uuid, sqlEx);
+        }
+
+        return null;
+    }
+
+    private Optional<StoredProfile> parseResult(ResultSet resultSet) throws SQLException {
+        if (resultSet.next()) {
+            long userId = resultSet.getInt(1);
+
+            UUID uuid = Optional.ofNullable(resultSet.getString(2)).map(UUIDAdapter::parseId).orElse(null);
+
+            String name = resultSet.getString(3);
+            boolean premium = resultSet.getBoolean(4);
+            String lastIp = resultSet.getString(5);
+            Instant lastLogin = resultSet.getTimestamp(6).toInstant();
+            return Optional.of(new StoredProfile(userId, uuid, name, premium, lastIp, lastLogin));
+        }
+
+        return Optional.empty();
+    }
+
+    public void save(StoredProfile playerProfile) {
+        try (Connection con = dataSource.getConnection()) {
+            String uuid = playerProfile.getOptId().map(UUIDAdapter::toMojangId).orElse(null);
+
+            if (playerProfile.isSaved()) {
+                try (PreparedStatement saveStmt = con.prepareStatement(UPDATE_PROFILE)) {
+                    saveStmt.setString(1, uuid);
+                    saveStmt.setString(2, playerProfile.getName());
+                    saveStmt.setBoolean(3, playerProfile.isPremium());
+                    saveStmt.setString(4, playerProfile.getLastIp());
+
+                    saveStmt.setLong(5, playerProfile.getRowId());
+                    saveStmt.execute();
+                }
+            } else {
+                try (PreparedStatement saveStmt = con.prepareStatement(INSERT_PROFILE, RETURN_GENERATED_KEYS)) {
+                    saveStmt.setString(1, uuid);
+
+                    saveStmt.setString(2, playerProfile.getName());
+                    saveStmt.setBoolean(3, playerProfile.isPremium());
+                    saveStmt.setString(4, playerProfile.getLastIp());
+
+                    saveStmt.execute();
+                    try (ResultSet generatedKeys = saveStmt.getGeneratedKeys()) {
+                        if (generatedKeys != null && generatedKeys.next()) {
+                            playerProfile.setRowId(generatedKeys.getInt(1));
+                        }
+                    }
+                }
+            }
+        } catch (SQLException ex) {
+            core.getPlugin().getLog().error("Failed to save playerProfile {}", playerProfile, ex);
+        }
+    }
+
+    public void close() {
+        dataSource.close();
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/CommonUtil.java

@@ -0,0 +1,66 @@
+package com.github.games647.fastlogin.core;
+
+import com.github.games647.craftapi.cache.SafeCacheBuilder;
+import com.google.common.cache.CacheLoader;
+
+import java.lang.reflect.Constructor;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.TimeUnit;
+import java.util.logging.Level;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.impl.JDK14LoggerAdapter;
+
+public class CommonUtil {
+
+    private static final char COLOR_CHAR = '&';
+    private static final char TRANSLATED_CHAR = '§';
+
+    public static <K, V> ConcurrentMap<K, V> buildCache(int expireAfterWrite, int maxSize) {
+        SafeCacheBuilder<Object, Object> builder = SafeCacheBuilder.newBuilder();
+
+        if (expireAfterWrite > 0) {
+            builder.expireAfterWrite(expireAfterWrite, TimeUnit.MINUTES);
+        }
+
+        if (maxSize > 0) {
+            builder.maximumSize(maxSize);
+        }
+
+        return builder.build(CacheLoader.from(() -> {
+            throw new UnsupportedOperationException();
+        }));
+    }
+
+    public static String translateColorCodes(String rawMessage) {
+        char[] chars = rawMessage.toCharArray();
+        for (int i = 0; i < chars.length - 1; i++) {
+            if (chars[i] == COLOR_CHAR && "0123456789AaBbCcDdEeFfKkLlMmNnOoRr".indexOf(chars[i + 1]) > -1) {
+                chars[i] = TRANSLATED_CHAR;
+                chars[i + 1] = Character.toLowerCase(chars[i + 1]);
+            }
+        }
+
+        return new String(chars);
+    }
+
+    public static Logger createLoggerFromJDK(java.util.logging.Logger parent) {
+        try {
+            parent.setLevel(Level.ALL);
+
+            Class<JDK14LoggerAdapter> adapterClass = JDK14LoggerAdapter.class;
+            Constructor<JDK14LoggerAdapter> cons = adapterClass.getDeclaredConstructor(java.util.logging.Logger.class);
+            cons.setAccessible(true);
+            return cons.newInstance(parent);
+        } catch (ReflectiveOperationException reflectEx) {
+            parent.log(Level.WARNING, "Cannot create slf4j logging adapter", reflectEx);
+            parent.log(Level.WARNING, "Creating logger instance manually...");
+            return LoggerFactory.getLogger(parent.getName());
+        }
+    }
+
+    private CommonUtil() {
+        //Utility class
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/ConfirmationState.java

@@ -0,0 +1,15 @@
+package com.github.games647.fastlogin.core;
+
+public enum ConfirmationState {
+
+    /**
+     * Require server login where we request onlinemode authentication
+     */
+    REQUIRE_RELOGIN,
+
+    /**
+     * The command have to be invoked again to confirm that the player who joined through onlinemode knows
+     * the password of the cracked account
+     */
+    REQUIRE_AUTH_PLUGIN_LOGIN
+}

core/src/main/java/com/github/games647/fastlogin/core/PremiumStatus.java

@@ -0,0 +1,10 @@
+package com.github.games647.fastlogin.core;
+
+public enum PremiumStatus {
+
+    PREMIUM,
+
+    CRACKED,
+
+    UNKNOWN
+}

core/src/main/java/com/github/games647/fastlogin/core/StoredProfile.java

@@ -0,0 +1,92 @@
+package com.github.games647.fastlogin.core;
+
+import com.github.games647.craftapi.model.Profile;
+
+import java.time.Instant;
+import java.util.Optional;
+import java.util.UUID;
+
+public class StoredProfile extends Profile {
+
+    private long rowId;
+
+    private boolean premium;
+    private String lastIp;
+    private Instant lastLogin;
+
+    public StoredProfile(long rowId, UUID uuid, String playerName, boolean premium, String lastIp, Instant lastLogin) {
+        super(uuid, playerName);
+
+        this.rowId = rowId;
+        this.premium = premium;
+        this.lastIp = lastIp;
+        this.lastLogin = lastLogin;
+    }
+
+    public StoredProfile(UUID uuid, String playerName, boolean premium, String lastIp) {
+        this(-1, uuid, playerName, premium, lastIp, Instant.now());
+    }
+
+    public synchronized boolean isSaved() {
+        return rowId >= 0;
+    }
+
+    public synchronized void setPlayerName(String playerName) {
+        this.name = playerName;
+    }
+
+    public synchronized long getRowId() {
+        return rowId;
+    }
+
+    public synchronized void setRowId(long generatedId) {
+        this.rowId = generatedId;
+    }
+
+    // can be null
+    public synchronized UUID getId() {
+        return id;
+    }
+
+    public synchronized Optional<UUID> getOptId() {
+        return Optional.ofNullable(id);
+    }
+
+    public synchronized void setId(UUID uniqueId) {
+        this.id = uniqueId;
+    }
+
+    public synchronized boolean isPremium() {
+        return premium;
+    }
+
+    public synchronized void setPremium(boolean premium) {
+        this.premium = premium;
+    }
+
+    public synchronized String getLastIp() {
+        return lastIp;
+    }
+
+    public synchronized void setLastIp(String lastIp) {
+        this.lastIp = lastIp;
+    }
+
+    public synchronized Instant getLastLogin() {
+        return lastLogin;
+    }
+
+    public synchronized void setLastLogin(Instant lastLogin) {
+        this.lastLogin = lastLogin;
+    }
+
+    @Override
+    public synchronized String toString() {
+        return this.getClass().getSimpleName() + '{' +
+                "rowId=" + rowId +
+                ", premium=" + premium +
+                ", lastIp='" + lastIp + '\'' +
+                ", lastLogin=" + lastLogin +
+                "} " + super.toString();
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/hooks/AuthPlugin.java

@@ -1,15 +1,15 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import org.bukkit.entity.Player;
+package com.github.games647.fastlogin.core.hooks;
 
 /**
- * Represents a supporting authentication plugin in Bukkit/Spigot/... servers
+ * Represents a supporting authentication plugin in BungeeCord and Bukkit/Spigot/... servers
+ *
+ * @param <P> either {@link org.bukkit.entity.Player} for Bukkit or {@link net.md_5.bungee.api.connection.ProxiedPlayer}
+ *           for BungeeCord
  */
-public interface BukkitAuthPlugin {
+public interface AuthPlugin<P> {
 
     /**
-     * Login the premium (paid account) player after
-     * the player joined successfully the server.
+     * Login the premium (paid account) player after the player joined successfully the server.
      *
      * <strong>This operation will be performed async while the player successfully
      * joined the server.</strong>
@@ -17,23 +17,7 @@ public interface BukkitAuthPlugin {
      * @param player the player that needs to be logged in
      * @return if the operation was successful
      */
-    boolean forceLogin(Player player);
-
-    /**
-     * Checks whether an account exists for this player name.
-     *
-     * This check should check if a cracked player account exists
-     * so we can be sure the premium player doesn't steal the account
-     * of that player.
-     *
-     * This operation will be performed async while the player is
-     * connecting.
-     *
-     * @param playerName player name
-     * @return if the player has an account
-     * @throws Exception if an error occurred
-     */
-    boolean isRegistered(String playerName) throws Exception;
+    boolean forceLogin(P player);
 
     /**
      * Forces a register in order to protect the paid account.
@@ -56,5 +40,21 @@ public interface BukkitAuthPlugin {
      * @param password a strong random generated password
      * @return if the operation was successful
      */
-    boolean forceRegister(Player player, String password);
+    boolean forceRegister(P player, String password);
+
+    /**
+     * Checks whether an account exists for this player name.
+     *
+     * This check should check if a cracked player account exists
+     * so we can be sure the premium player doesn't steal the account
+     * of that player.
+     *
+     * This operation will be performed async while the player is
+     * connecting.
+     *
+     * @param playerName player name
+     * @return if the player has an account
+     * @throws Exception if an error occurred
+     */
+    boolean isRegistered(String playerName) throws Exception;
 }

core/src/main/java/com/github/games647/fastlogin/core/hooks/DefaultPasswordGenerator.java

@@ -0,0 +1,25 @@
+package com.github.games647.fastlogin.core.hooks;
+
+import java.security.SecureRandom;
+import java.util.Random;
+import java.util.stream.IntStream;
+
+public class DefaultPasswordGenerator<P> implements PasswordGenerator<P> {
+
+    private static final int PASSWORD_LENGTH = 8;
+    private static final char[] PASSWORD_CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+            .toCharArray();
+
+    private final Random random = new SecureRandom();
+
+    @Override
+    public String getRandomPassword(P player) {
+        StringBuilder generatedPassword = new StringBuilder(8);
+        IntStream.rangeClosed(1, PASSWORD_LENGTH)
+                .map(i -> random.nextInt(PASSWORD_CHARACTERS.length - 1))
+                .mapToObj(pos -> PASSWORD_CHARACTERS[pos])
+                .forEach(generatedPassword::append);
+
+        return generatedPassword.toString();
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/hooks/PasswordGenerator.java

@@ -0,0 +1,7 @@
+package com.github.games647.fastlogin.core.hooks;
+
+@FunctionalInterface
+public interface PasswordGenerator<P> {
+
+    String getRandomPassword(P player);
+}

core/src/main/java/com/github/games647/fastlogin/core/message/ChangePremiumMessage.java

@@ -0,0 +1,66 @@
+package com.github.games647.fastlogin.core.message;
+
+import com.google.common.io.ByteArrayDataInput;
+import com.google.common.io.ByteArrayDataOutput;
+
+public class ChangePremiumMessage implements ChannelMessage {
+
+    public static final String CHANGE_CHANNEL = "ch-st";
+
+    private String playerName;
+    private boolean willEnable;
+    private boolean isSourceInvoker;
+
+    public ChangePremiumMessage(String playerName, boolean willEnable, boolean isSourceInvoker) {
+        this.playerName = playerName;
+        this.willEnable = willEnable;
+        this.isSourceInvoker = isSourceInvoker;
+    }
+
+    public ChangePremiumMessage() {
+        //reading from
+    }
+
+    public String getPlayerName() {
+        return playerName;
+    }
+
+    public boolean shouldEnable() {
+        return willEnable;
+    }
+
+    /**
+     * @return true if the player invoker = target
+     */
+    public boolean isSourceInvoker() {
+        return isSourceInvoker;
+    }
+
+    @Override
+    public String getChannelName() {
+        return CHANGE_CHANNEL;
+    }
+
+    @Override
+    public void readFrom(ByteArrayDataInput input) {
+        willEnable = input.readBoolean();
+        playerName = input.readUTF();
+        isSourceInvoker = input.readBoolean();
+    }
+
+    @Override
+    public void writeTo(ByteArrayDataOutput output) {
+        output.writeBoolean(willEnable);
+        output.writeUTF(playerName);
+        output.writeBoolean(isSourceInvoker);
+    }
+
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + '{' +
+                "playerName='" + playerName + '\'' +
+                ", shouldEnable=" + willEnable +
+                ", isSourceInvoker=" + isSourceInvoker +
+                '}';
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/message/ChannelMessage.java

@@ -0,0 +1,13 @@
+package com.github.games647.fastlogin.core.message;
+
+import com.google.common.io.ByteArrayDataInput;
+import com.google.common.io.ByteArrayDataOutput;
+
+public interface ChannelMessage {
+
+    String getChannelName();
+
+    void readFrom(ByteArrayDataInput input);
+
+    void writeTo(ByteArrayDataOutput output);
+}

core/src/main/java/com/github/games647/fastlogin/core/message/LoginActionMessage.java

@@ -0,0 +1,85 @@
+package com.github.games647.fastlogin.core.message;
+
+import com.google.common.io.ByteArrayDataInput;
+import com.google.common.io.ByteArrayDataOutput;
+
+import java.util.UUID;
+
+public class LoginActionMessage implements ChannelMessage {
+
+    public static final String FORCE_CHANNEL = "force";
+
+    private Type type;
+
+    private String playerName;
+    private UUID proxyId;
+
+    public LoginActionMessage(Type type, String playerName, UUID proxyId) {
+        this.type = type;
+        this.playerName = playerName;
+        this.proxyId = proxyId;
+    }
+
+    public LoginActionMessage() {
+        //reading mode
+    }
+
+    public Type getType() {
+        return type;
+    }
+
+    public String getPlayerName() {
+        return playerName;
+    }
+
+    public UUID getProxyId() {
+        return proxyId;
+    }
+
+    @Override
+    public void readFrom(ByteArrayDataInput input) {
+        this.type = Type.values()[input.readInt()];
+
+        this.playerName = input.readUTF();
+
+        //bungeecord UUID
+        long mostSignificantBits = input.readLong();
+        long leastSignificantBits = input.readLong();
+        this.proxyId = new UUID(mostSignificantBits, leastSignificantBits);
+    }
+
+    @Override
+    public void writeTo(ByteArrayDataOutput output) {
+        output.writeInt(type.ordinal());
+
+        //Data is sent through a random player. We have to tell the Bukkit version of this plugin the target
+        output.writeUTF(playerName);
+
+        //proxy identifier to check if it's a acceptable proxy
+        output.writeLong(proxyId.getMostSignificantBits());
+        output.writeLong(proxyId.getLeastSignificantBits());
+    }
+
+    @Override
+    public String getChannelName() {
+        return FORCE_CHANNEL;
+    }
+
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + '{' +
+                "type='" + type + '\'' +
+                ", playerName='" + playerName + '\'' +
+                ", proxyId=" + proxyId +
+                '}';
+    }
+
+    public enum Type {
+
+        LOGIN,
+
+        REGISTER,
+
+        CRACKED
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/message/NamespaceKey.java

@@ -0,0 +1,26 @@
+package com.github.games647.fastlogin.core.message;
+
+public class NamespaceKey {
+
+    private static final char SEPARATOR_CHAR = ':';
+
+    private final String namespace;
+    private final String key;
+
+    private final String combined;
+
+    public NamespaceKey(String namespace, String key) {
+        this.namespace = namespace.toLowerCase();
+        this.key = key.toLowerCase();
+
+        this.combined = this.namespace + SEPARATOR_CHAR + this.key;
+    }
+
+    public String getCombinedName()  {
+        return combined;
+    }
+
+    public static String getCombined(String namespace, String key) {
+        return new NamespaceKey(namespace, key).combined;
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/message/SuccessMessage.java

@@ -0,0 +1,29 @@
+package com.github.games647.fastlogin.core.message;
+
+import com.google.common.io.ByteArrayDataInput;
+import com.google.common.io.ByteArrayDataOutput;
+
+public class SuccessMessage implements ChannelMessage {
+
+    public static final String SUCCESS_CHANNEL = "succ";
+
+    @Override
+    public String getChannelName() {
+        return SUCCESS_CHANNEL;
+    }
+
+    @Override
+    public void readFrom(ByteArrayDataInput input) {
+        //empty
+    }
+
+    @Override
+    public void writeTo(ByteArrayDataOutput output) {
+        //empty
+    }
+
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + "{}";
+    }
+}