Fix parsing of illegal uuids with spaces

Bump advanced-security/maven-dependency-submission-action from 3.0.2 to 4.0.0

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,41 +0,0 @@
----
-name: Bug report
-about: Something isn't working
-title: ''
-labels: 'bug'
-assignees: ''
-
----
-
-[//]: # (Lines in this format are considered as comments and will not be displayed.)
-[//]: # (Before reporting make sure you're running the **latest build** of the plugin and checked for existing issues!)
-
-### What behaviour is observed:
-[//]: # (What happened?)
-
-### What behaviour is expected:
-[//]: # (What did you expect?)
-
-### Steps/models to reproduce:
-[//]: # (The actions that cause the issue. Please explain it in detail)
-
-### Screenshots (if applicable)
-[//]: # (You can drop the files here directly)
-
-### Plugin list:
-[//]: # (This can be found by running `/pl`)
-
-### Environment description
-[//]: # (Server software with exact version number, Minecraft version, SQLite/MySQL/MariaDB, ...)
-
-### Plugin version or build number (don't write latest):
-[//]: # (This can be found by running `/version plugin-name`.)
-
-### Server Log:
-[//]: # (No images please - only the textual representation)
-[Hastebin](https://hastebin.com/) / [Gist](https://gist.github.com/) link of the error, stacktrace or the complete log (if any)
-
-### Configuration:
-[//]: # (No images please - only the textual representation)
-[//]: # (remember to delete any sensitive data)
-[Hastebin](https://hastebin.com/) / [Gist](https://gist.github.com/) link of your config.yml file 

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,69 @@
+name: 🐞 Bug Report
+description: Something isn't working, broken, not expected behavior
+labels: [ bug ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        This ticket is about bugs, so broken, not expected behavior. Feedback about this form is appreciated.
+  - type: textarea
+    attributes:
+      label: What happened?
+      description: What behavior is observed?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What did you expect?
+      description: What behavior is expected?
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: The actions that cause the issues. Please explain it in detail.
+  - type: input
+    attributes:
+      label: Plugin list
+      description: This can be found by running `/pl`
+      placeholder: AuthMe, ProtocolLib, ...
+  - type: input
+    attributes:
+      label: Configuration file
+      description: |
+        Link to the contents of your config.yml file.
+        You can use [GitHub](https://gist.github.com/), [Hastebin](https://hastebin.com) or similar for that.
+      placeholder: https://gist.github.com/games647/88c4439e1cd7810f21318b1b24a04ee0
+  - type: textarea
+    attributes:
+      label: Server log
+      description: The error, stacktrace or link the complete log. You can use the links above for long versions.
+      placeholder: https://www.toptal.com/developers/hastebin / https://gist.github.com/
+  - type: input
+    attributes:
+      label: Plugin version
+      description: Plugin version or build number. This can be found by running `/version plugin-name`
+      placeholder: v3.1-SNAPSHOT-570b321
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Platform
+      description: Server software - choose your proxy software if you have multiple servers
+      options:
+        - Spigot
+        - BungeeCord
+        - Velocity
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Relevance
+      description: Check list for previous tickets
+      options:
+        - label: |
+            I tried the [latest build](https://ci.codemc.io/job/Games647/job/FastLogin/) 
+            (build refers to development builds not necessary a release version; i.e. v1.10 is out of date)
+          required: true
+        - label: |
+            I checked for existing tickets -
+            If there are, please vote them with a thumbs reaction and not create new ones
+          required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,12 @@
+# General configuration for issue templates
+
+# Allow issues without a template
+#blank_issues_enabled: false
+
+# Extra section on creating issues to redirect to another site
+contact_links:
+  - name: 📌 Questions
+    url: https://github.com/games647/FastLogin/discussions
+    about:
+      You want to ask something - general questions. Example includes how to set it up or how it is working internally
+

.github/ISSUE_TEMPLATE/enhancement_request.md

@@ -1,22 +0,0 @@
----
-name: Enhancement request
-about: New feature or change request
-title: ''
-labels: 'enhancement'
-assignees: ''
-
----
-
-[//]: # (Lines in this format are considered as comments and will not be displayed.)
-
-### Is your feature request related to a problem? Please describe.
-[//]: # (A clear and concise description of what the problem is. Ex. I'm always frustrated when [...])
-
-### Describe the solution you'd like
-[//]: # (A clear and concise description of what you want to happen.)
-
-### Describe alternatives you've considered
-[//]: # (A clear and concise description of any alternative solutions or features you've considered.)
-
-### Additional context
-[//]: # (Add any other context or screenshots about the feature request here.)

.github/ISSUE_TEMPLATE/enhancement_request.yaml

@@ -0,0 +1,43 @@
+name: 💡 Enhancement request
+description: New feature or change request
+labels: [ enhancement ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        This ticket is about suggestions for a feature or particular enhancement. 
+        Feedback about this form is appreciated.
+  - type: textarea
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+  - type: textarea
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+  - type: dropdown
+    attributes:
+      label: Platform
+      description: Server software - choose your proxy software if you have multiple servers
+      options:
+        - Spigot
+        - BungeeCord
+        - Velocity
+        - All / Shared
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Relevance
+      description: Check list for previous tickets
+      options:
+        - label: |
+            I checked for existing tickets -
+            If there are, please vote them with a thumbs reaction and not create new ones
+          required: true

.github/ISSUE_TEMPLATE/question.md

@@ -1,10 +0,0 @@
----
-name: Question
-about: You want to ask something
-title: ''
-labels: 'question'
-assignees: ''
-
----
-
-

.github/dependabot.yml

@@ -0,0 +1,35 @@
+version: 2
+
+updates:
+  # Updates for workflow files
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the
+    # default location of `.github/workflows`
+    directory: "/"
+    schedule:
+      interval: "monthly"
+
+  # Maven project
+  - package-ecosystem: maven
+    directory: "/"
+    schedule:
+      interval: weekly
+
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
+        exclude-patterns:
+          # Create single PR for these
+          # Plugin require special evaluation about their compatibility
+          - "com.lenis0012.bukkit:loginsecurity"
+          - "com.comphenix.protocol:ProtocolLib"
+
+    ignore:
+      # HikariCP dropped Java 8 support with 5.0
+      - dependency-name: "com.zaxxer:HikariCP"
+        update-types: ["version-update:semver-major"]
+      # SnakeYAML has breaking changes with 2.0
+      - dependency-name: "org.yaml:snakeyaml"
+        update-types: ["version-update:semver-major"]

.github/pull_request_template.md

@@ -1,8 +1,11 @@
 [//]: # (Lines in this format are considered as comments and will not be displayed.)
+
 [//]: # (If your work is in progress, please consider making a draft pull request.)
 
 ### Summary of your change
-[//]: # (Example: motiviation, enhancement)
+
+[//]: # (Example: motivation, enhancement)
 
 ### Related issue
+
 [//]: # (Reference it using '#NUMBER'. Ex: Fixes/Related #...)

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,65 @@
+# GitHub automatic code security scanning using CodeQL
+
+# Human-readable name in the actions tab
+name: "CodeQL"
+
+on:
+  workflow_run:
+    workflows: ["Maven Build"]
+    branches: [main]
+    types:
+      - completed
+
+jobs:
+  # job i
+  analyze:
+
+    # Display name
+    name: Analyze
+
+    # Environment
+    runs-on: ubuntu-latest
+
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: true
+      matrix:
+        # Languages to scan
+        language: [ 'java' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      # Setup Java
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version-file: '.java-version'
+          cache: 'maven'
+
+      # Manually start the autobuild process, because autobuild always selects Java 8 as build toolchain, but
+      # we are doing cross-crompiling from a newer Java version
+      - name: Build with Maven
+        # Extracted from autobuild
+        run: mvn package -f "pom.xml" --batch-mode -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dspotless.check.skip=true -t /home/runner/.m2/toolchains.xml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/maven.yml

@@ -1,42 +1,47 @@
-# Human readable name
-name: Java CI
+# Automatically build, run unit and integration tests to detect errors early (CI provided by GitHub)
+# including making pull requests review easier
 
-# Build on every push and pull request regardless of the branch
+# Human-readable name in the actions tab
+name: Maven Build
+
+# Build on every pull request regardless of the branch
 # Wiki: https://help.github.com/en/actions/reference/events-that-trigger-workflows
 on:
-    - push
-    - pull_request
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
 
 jobs:
   # job id
   build_and_test:
 
-    # Environment image - always newest OS
+    # Environment image - always use the newest OS
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
 
     # Run steps
     steps:
-    # Pull changes
-    - uses: actions/checkout@v2
-    # Cache artifacts - however this has the downside that we don't get notified of
-    # artifact resolution failures like invalid repository
-    # Nevertheless the repositories should be more stable and it makes no sense to pull
-    # a same version every time
-    # A dry run would make more sense
-    - uses: actions/cache@v1
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
-    # Setup Java
-    - name: Set up JDK
-      uses: actions/setup-java@v1.3.0
-      with:
-        # Use Java 8, because it's minimum required version
-        java-version: 8
-    # Build and test (included in package)
-    - name: Build with Maven and test
-    # Run non-interactive, package (with compile+test),
-    # ignore snapshot updates, because they are likely to have breaking changes, enforce checksums to validate posssible errors in depdendencies
-      run: mvn --batch-mode package --no-snapshot-updates --strict-checksums --file pom.xml
+      # Pull changes
+      - uses: actions/checkout@v4
+
+      # Setup Java
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version-file: '.java-version'
+          cache: 'maven'
+
+      # Build and test (included in package)
+      - name: Build with Maven and test
+        # Run non-interactive, package (with compile+test),
+        # ignore snapshot updates, because they are likely to have breaking changes, enforce checksums
+        run: mvn test --batch-mode --threads 2.0C --no-snapshot-updates --strict-checksums --file pom.xml
+
+      - name: Update dependency graph
+        if: ${{ github.event_name == 'push' }}
+        uses: advanced-security/maven-dependency-submission-action@v4.0.0

.gitignore

@@ -13,6 +13,9 @@ nb-configuration.xml
 *.iws
 .idea/
 
+# VSCode
+.vscode/
+
 # Maven
 target/
 pom.xml.versionsBackup
@@ -42,3 +45,5 @@ hs_err_pid*
 # Mac filesystem dust
 .DS_Store
 
+# Factorypath from Visual Studio Code
+.factorypath

.java-version

@@ -0,0 +1,2 @@
+# Latest GitHub Action java release that is installed on the runners
+21

CHANGELOG.md

@@ -1,5 +1,7 @@
 ### 1.11
 
+* TODO: Replace reflection with methodhandles
+
 * Use direct proxies instead of ssl factories for multiple IP-addresses
 * Remove local address check for multiple IP-addresses
 * Fix parsing of local IP-addresses
@@ -33,7 +35,7 @@
 * Automatically register accounts if they are not in the auth plugin database but in the FastLogin database
 * Update BungeeAuth dependency and use the new API. Please update your plugin if you still use the old one.
 * Remove deprecated API methods from the last version
-* Finally update the IP column on every login
+* Finally, update the IP column on every login
 * No duplicate session login
 * Fix timestamp parsing in newer versions of SQLite
 * Fix Spigot console command invocation sends result to in game players
@@ -80,7 +82,7 @@
 * Fix player entry is not saved if namechangecheck is enabled
 * Fix skin applies for third-party plugins
 * Switch to mcapi.ca for uuid lookups
-* Fix BungeeCord not setting an premium uuid
+* Fix BungeeCord not setting a premium uuid
 * Fix setting skin on Cauldron
 * Fix saving on name change
 
@@ -146,7 +148,7 @@
 ### 1.2
 
 * Fix race condition in BungeeCord
-* Fix dead lock in xAuth
+* Fix deadlock in xAuth
 * Added API methods for plugins to set their own password generator
 * Added API methods for plugins to set their own auth plugin hook
 => Added support for AdvancedLogin
@@ -180,7 +182,7 @@
 * Added a forwardSkin config option
 * Added premium UUID support
 * Updated to the newest changes of Spigot
-* Removes the need of an Bukkit auth plugin if you use a bungeecord one
+* Removes the need of a Bukkit auth plugin if you use a bungeecord one
 * Optimize performance and thread-safety
 * Fixed BungeeCord support
 * Changed config option auto-login to auto-register to clarify the usage

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015-2018
+Copyright (c) 2015-2023 games647 and contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-

README.md

@@ -11,26 +11,29 @@ So they don't need to enter passwords. This is also called auto login (auto-logi
 * Cauldron support
 * Forge/Sponge message support
 * Premium UUID support
-* Forwards Skins
-* Detect user name changed and will update the existing database record
+* Forward skins
+* Detect username changed and will update the existing database record
 * BungeeCord support
 * Auto register new premium players
 * Plugin: ProtocolSupport is supported and can be used as an alternative to ProtocolLib
 * No client modifications needed
-* Good performance by using async non blocking operations
+* Good performance by using async operations
 * Locale messages
-* Import the database from similar plugins
+* Support for Bedrock players proxies through FloodGate
+
+## Issues
+
+Please use issues for bug reports, suggestions, questions and more. Please check for existing issues. Existing issues
+can be voted up by adding up vote to the original post. Closing issues means that they are marked as resolved. Comments
+are still allowed and it could be re-opened.
 
 ## Development builds
 
-Development builds of this project can be acquired at the provided CI (continuous integration) server. It contains the
-latest changes from the Source-Code in preparation for the following release. This means they could contain new
-features, bug fixes and other changes since the last release.
+Development builds contain the latest changes from the Source-Code. They are bleeding edge and could introduce new bugs,
+but also include features, enhancements and bug fixes that are not yet in a released version. If you click on the left
+side on `Changes`, you can see iterative change sets leading to a specific build.
 
-Nevertheless builds are only tested using a small set of automated and a few manual tests. Therefore they **could**
-contain new bugs and are likely to be less stable than released versions.
-
-https://ci.codemc.org/job/Games647/job/FastLogin/changes
+You can download them from here: https://ci.codemc.org/job/Games647/job/FastLogin/
 
 ***
 
@@ -46,29 +49,43 @@ https://ci.codemc.org/job/Games647/job/FastLogin/changes
     fastlogin.command.premium.other
     fastlogin.command.cracked.other
 
+## Placeholder
+
+This plugin supports `PlaceholderAPI` on `Spigot`. It exports the following variable
+`%fastlogin_status%`. In BungeeCord environments, the status of a player will be delivered with a delay after the player
+already successful joined the server. This takes about a couple of milliseconds. In this case the value
+will be `Unknown`.
+
+Possible values: `Premium`, `Cracked`, `Unknown`
+
 ## Requirements
 
-* Plugin: 
-    * [ProtocolLib](https://www.spigotmc.org/resources/protocollib.1997/) or 
-    * [ProtocolSupport](https://www.spigotmc.org/resources/protocolsupport.7201/)
-* [Spigot](https://www.spigotmc.org) 1.7.10+
-* Java 8+
-* Run Spigot and/or BungeeCord/Waterfall in offline mode (see server.properties or config.yml)
-* An auth plugin. Supported plugins
+* Java 17+ (Recommended)
+* Server software in offlinemode:
+  * Spigot (or a fork e.g. Paper) 1.8.8+
+    * Protocol plugin:
+      * [ProtocolLib 5.1+](https://www.spigotmc.org/resources/protocollib.1997/) or
+      * [ProtocolSupport](https://www.spigotmc.org/resources/protocolsupport.7201/)
+  * Latest BungeeCord (or a fork e.g. Waterfall) or Velocity
+* An auth plugin.
 
-### Bukkit/Spigot/Paper
+### Supported auth plugins
+
+#### Spigot/Paper
 
-* [AuthMe (5.X)](https://dev.bukkit.org/bukkit-plugins/authme-reloaded/)
-* [xAuth](https://dev.bukkit.org/bukkit-plugins/xauth/)
-* [LogIt](https://github.com/games647/LogIt)
 * [AdvancedLogin (Paid)](https://www.spigotmc.org/resources/advancedlogin.10510/)
+* [AuthMe (5.X)](https://dev.bukkit.org/bukkit-plugins/authme-reloaded/)
 * [CrazyLogin](https://dev.bukkit.org/bukkit-plugins/crazylogin/)
 * [LoginSecurity](https://dev.bukkit.org/bukkit-plugins/loginsecurity/)
+* [LogIt](https://github.com/games647/LogIt)
 * [UltraAuth](https://dev.bukkit.org/bukkit-plugins/ultraauth-aa/)
+* [UserLogin](https://www.spigotmc.org/resources/userlogin.80669/)
+* [xAuth](https://dev.bukkit.org/bukkit-plugins/xauth/)
 
-### BungeeCord/Waterfall
+#### BungeeCord/Waterfall
 
 * [BungeeAuth](https://www.spigotmc.org/resources/bungeeauth.493/)
+* [BungeeAuthenticator](https://www.spigotmc.org/resources/bungeecordauthenticator.87669/)
 
 ## Network requests
 
@@ -81,23 +98,31 @@ This plugin performs network requests to:
 
 ## How to install
 
-### Bukkit/Spigot/Paper
+### Spigot/Paper
 
 1. Download and install ProtocolLib/ProtocolSupport
-2. Download and install FastLogin (or FastLoginBukkit for newer versions)
-3. Set your server in offline mode by setting the value onlinemode in your server.properties to false
+2. Download and install FastLogin (or `FastLoginBukkit` for newer versions)
+3. Set your server in offline mode by setting the value `onlinemode` in your server.properties to false
 
-### BungeeCord/Waterfall
+### BungeeCord/Waterfall or Velocity
 
-1. Activate BungeeCord in the Spigot configuration
-2. Restart your server
-3. Now there is proxy-whitelist file in the FastLogin folder
-Put your stats id from the BungeeCord config into this file
-4. Activate ipForward in your BungeeCord config
-5. Download and Install FastLogin (or FastLoginBungee in newer versions) on BungeeCord AND Spigot
-(on the servers where your login plugin is or where player should be able to execute the commands of FastLogin)
-6. Check your database settings in the config of FastLogin on BungeeCord
-7. Set your proxy (BungeeCord) in offline mode by setting the value onlinemode in your config.yml to false
-8. You should *always* firewall your Spigot server that it's only accessible through BungeeCord 
-    * https://www.spigotmc.org/wiki/bungeecord-installation/#post-installation
-    * BungeeCord doesn't support SQLite per default, so you should change the configuration to MySQL or MariaDB
+Install the plugin on both platforms, that is proxy (BungeeCord or Velocity) and backend server (Spigot).
+
+1. Activate proxy support in the server configuration
+   * This is often found in `spigot.yml` or `paper.yml`
+2. Restart the backend server
+3. Now there is `allowed-proxies.txt` file in the FastLogin folder of the restarted server
+    * BungeeCord: Put your `stats`-id from the BungeeCord config into this file
+    * Velocity: On plugin startup the plugin generates a `proxyId.txt` inside the plugins folder of the proxy
+4. Activate ip forwarding in your proxy config
+5. Check your database settings in the config of FastLogin on your proxy
+    * The proxies only ship with a limited set of drivers where Spigot supports more. Therefore, these are supported:
+    * BungeeCord: `com.mysql.jdbc.Driver` for MySQL/MariaDB/PostgreSQL
+    * Velocity: `fastlogin.mariadb.jdbc.Driver` for MySQL/MariaDB/PostgreSQL
+    * Note the embedded file storage SQLite is not available
+    * MySQL/MariaDB/PostgreSQL requires an external database server running. Check your server provider if there is one available
+   or install one.
+6. Set proxy and Spigot in offline mode by setting the value `onlinemode` in your `config.yml` to false
+7. You should *always* configure the firewall for your Spigot server so that it's only accessible through your proxy
+   * This is also the case without this plugin
+   * https://www.spigotmc.org/wiki/bungeecord-installation/#post-installation

bukkit/pom.xml

@@ -1,15 +1,46 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<!--
+
+    SPDX-License-Identifier: MIT
+
+    The MIT License (MIT)
+
+    Copyright (c) 2015-2023 games647 and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+
+-->
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
+    <properties>
+        <nettyVersion>4.1.79.Final</nettyVersion>
+    </properties>
+
     <parent>
         <groupId>com.github.games647</groupId>
         <artifactId>fastlogin</artifactId>
-        <version>1.11-SNAPSHOT</version>
+        <version>1.12-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <!--This have to be in lowercase because it's used by plugin.yml-->
+    <!--This has to be in lowercase because it's used by plugin.yml-->
     <artifactId>fastlogin.bukkit</artifactId>
     <packaging>jar</packaging>
 
@@ -18,13 +49,16 @@
     <build>
         <plugins>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>3.2.2</version>
+                <version>3.5.1</version>
                 <configuration>
                     <createDependencyReducedPom>false</createDependencyReducedPom>
                     <shadedArtifactAttached>false</shadedArtifactAttached>
                     <relocations>
+                        <relocation>
+                            <pattern>org.yaml.snakeyaml</pattern>
+                            <shadedPattern>fastlogin.yaml</shadedPattern>
+                        </relocation>
                         <relocation>
                             <pattern>com.zaxxer.hikari</pattern>
                             <shadedPattern>fastlogin.hikari</shadedPattern>
@@ -41,7 +75,34 @@
                             <pattern>com.google.gson</pattern>
                             <shadedPattern>fastlogin.gson</shadedPattern>
                         </relocation>
+                        <relocation>
+                            <pattern>com.google.common</pattern>
+                            <shadedPattern>fastlogin.guava</shadedPattern>
+                            <excludes>
+                                <exclude>com.google.common.collect.Multimap</exclude>
+                            </excludes>
+                        </relocation>
+                        <relocation>
+                            <pattern>io.papermc.lib</pattern>
+                            <shadedPattern>fastlogin.paperlib</shadedPattern>
+                        </relocation>
                     </relocations>
+                    <!-- Rename the service file too to let SLF4J api find our own relocated jdk logger -->
+                    <!-- Located in META-INF/services -->
+                    <transformers>
+                        <transformer
+                                implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
+                    </transformers>
+                    <minimizeJar>true</minimizeJar>
+                    <filters>
+                        <filter>
+                            <artifact>*:*</artifact>
+                            <excludes>
+                                <exclude>META-INF/MANIFEST.MF</exclude>
+                                <exclude>**/module-info.class</exclude>
+                            </excludes>
+                        </filter>
+                    </filters>
                 </configuration>
                 <executions>
                     <execution>
@@ -56,20 +117,16 @@
     </build>
 
     <repositories>
-        <!-- Bukkit-Server-API -->
+        <!-- PaperSpigot API and PaperLib -->
         <repository>
-            <id>spigot-repo</id>
-            <url>https://hub.spigotmc.org/nexus/content/repositories/snapshots/</url>
-            <!-- Disable snapshot release policy to speed up, when finding a artifact -->
-            <releases>
-                <enabled>false</enabled>
-            </releases>
+            <id>papermc</id>
+            <url>https://papermc.io/repo/repository/maven-public/</url>
         </repository>
 
         <!-- ProtocolLib -->
         <repository>
             <id>dmulloy2-repo</id>
-            <url>https://repo.dmulloy2.net/nexus/repository/public/</url>
+            <url>https://repo.dmulloy2.net/repository/public/</url>
             <snapshots>
                 <enabled>false</enabled>
             </snapshots>
@@ -79,12 +136,6 @@
         <repository>
             <id>codemc-releases</id>
             <url>https://repo.codemc.io/repository/maven-public/</url>
-        </repository>
-
-        <!-- GitHub automatic maven builds -->
-        <repository>
-            <id>jitpack.io</id>
-            <url>https://jitpack.io</url>
             <snapshots>
                 <enabled>false</enabled>
             </snapshots>
@@ -98,6 +149,15 @@
                 <enabled>false</enabled>
             </snapshots>
         </repository>
+
+        <!-- GitHub automatic maven builds -->
+        <repository>
+            <id>jitpack.io</id>
+            <url>https://jitpack.io</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
     </repositories>
 
     <dependencies>
@@ -108,20 +168,53 @@
             <version>${project.version}</version>
         </dependency>
 
-        <!--Server API-->
         <dependency>
-            <groupId>org.spigotmc</groupId>
-            <artifactId>spigot-api</artifactId>
-            <version>1.12.2-R0.1-SNAPSHOT</version>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>1.33</version>
+            <scope>compile</scope>
+        </dependency>
+
+        <!-- PaperSpigot API for correcting user cache usage -->
+        <dependency>
+            <groupId>io.papermc.paper</groupId>
+            <artifactId>paper-api</artifactId>
+            <version>1.19-R0.1-SNAPSHOT</version>
             <scope>provided</scope>
+            <!-- Use our own newer api version -->
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>com.mojang</groupId>
+            <artifactId>datafixerupper</artifactId>
+            <version>5.0.28</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!--Library for listening and sending Minecraft packets-->
         <dependency>
             <groupId>com.comphenix.protocol</groupId>
             <artifactId>ProtocolLib</artifactId>
-            <version>4.5.0</version>
+            <version>5.1.0</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!--Changing onlinemode on login process-->
@@ -129,15 +222,63 @@
             <groupId>com.github.ProtocolSupport</groupId>
             <artifactId>ProtocolSupport</artifactId>
             <!--4.29.dev after commit about API improvements-->
-            <version>3a80c661fe</version>
+            <version>master-66b494a8dd-1</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!--Floodgate for Xbox Live Authentication-->
+        <dependency>
+            <groupId>org.geysermc.floodgate</groupId>
+            <artifactId>api</artifactId>
+            <version>${floodgate.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- Bedrock player bridge -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>core</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- We need the API, but it was excluded above -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>api</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!--Provide premium placeholders-->
         <dependency>
             <groupId>me.clip</groupId>
             <artifactId>placeholderapi</artifactId>
-            <version>2.10.4</version>
+            <version>2.11.5</version>
             <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
@@ -152,7 +293,7 @@
         <dependency>
             <groupId>fr.xephi</groupId>
             <artifactId>authme</artifactId>
-            <version>5.4.0</version>
+            <version>5.6.0-beta2</version>
             <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
@@ -166,7 +307,7 @@
         <dependency>
             <groupId>com.lenis0012.bukkit</groupId>
             <artifactId>loginsecurity</artifactId>
-            <version>3.0.1</version>
+            <version>3.3.0</version>
             <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
@@ -233,5 +374,34 @@
             <scope>system</scope>
             <systemPath>${project.basedir}/lib/UltraAuth v2.1.2.jar</systemPath>
         </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk18on</artifactId>
+            <version>1.77</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-transport</artifactId>
+            <version>${nettyVersion}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-codec</artifactId>
+            <version>${nettyVersion}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <!-- Provided by the spigot, required for testing ProtocolLib -->
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>2.6</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java

@@ -1,61 +1,94 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit;
 
 import com.github.games647.craftapi.model.skin.SkinProperty;
-import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
 import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.jetbrains.annotations.Nullable;
 
 import java.util.Optional;
 
 /**
  * Represents a client connecting to the server.
- *
+ * <p>
  * This session is invalid if the player disconnects or the login was successful
  */
 public class BukkitLoginSession extends LoginSession {
 
     private static final byte[] EMPTY_ARRAY = {};
 
-    private final String serverId;
     private final byte[] verifyToken;
 
+    private final ClientPublicKey clientPublicKey;
+
     private boolean verified;
 
     private SkinProperty skinProperty;
 
-    public BukkitLoginSession(String username, String serverId, byte[] verifyToken, boolean registered
-            , StoredProfile profile) {
+    public BukkitLoginSession(String username, byte[] verifyToken, ClientPublicKey publicKey, boolean registered,
+                              StoredProfile profile) {
         super(username, registered, profile);
 
-        this.serverId = serverId;
+        this.clientPublicKey = publicKey;
         this.verifyToken = verifyToken.clone();
     }
 
     //available for BungeeCord
     public BukkitLoginSession(String username, boolean registered) {
-        this(username, "", EMPTY_ARRAY, registered, null);
+        this(username, EMPTY_ARRAY, null, registered, null);
     }
 
     //cracked player
     public BukkitLoginSession(String username, StoredProfile profile) {
-        this(username, "", EMPTY_ARRAY, false, profile);
+        this(username, EMPTY_ARRAY, null, false, profile);
     }
 
     //ProtocolSupport
     public BukkitLoginSession(String username, boolean registered, StoredProfile profile) {
-        this(username, "", EMPTY_ARRAY, registered, profile);
+        this(username, EMPTY_ARRAY, null, registered, profile);
     }
 
     /**
-     * Gets the verify token the server sent to the client.
-     *
+     * Gets the verify-token the server sent to the client.
+     * <p>
      * Empty if it's a BungeeCord connection
      *
-     * @return the verify token from the server
+     * @return verify token from the server
      */
     public synchronized byte[] getVerifyToken() {
         return verifyToken.clone();
     }
 
+    @Nullable
+    public ClientPublicKey getClientPublicKey() {
+        return clientPublicKey;
+    }
+
     /**
      * @return premium skin if available
      */

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitScheduler.java

@@ -0,0 +1,48 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.fastlogin.core.AsyncScheduler;
+import org.bukkit.Bukkit;
+import org.bukkit.plugin.Plugin;
+import org.slf4j.Logger;
+
+import java.util.concurrent.Executor;
+
+public class BukkitScheduler extends AsyncScheduler {
+
+    private final Executor syncExecutor;
+
+    public BukkitScheduler(Plugin plugin, Logger logger) {
+        super(logger, command -> Bukkit.getScheduler().runTaskAsynchronously(plugin, command));
+
+        syncExecutor = task -> Bukkit.getScheduler().runTask(plugin, task);
+    }
+
+    public Executor getSyncExecutor() {
+        return syncExecutor;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BungeeManager.java

@@ -0,0 +1,236 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.fastlogin.bukkit.listener.BungeeListener;
+import com.github.games647.fastlogin.core.message.ChannelMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.google.common.io.ByteArrayDataOutput;
+import com.google.common.io.ByteStreams;
+import org.bukkit.Bukkit;
+import org.bukkit.Server;
+import org.bukkit.entity.Player;
+import org.bukkit.plugin.messaging.PluginMessageRecipient;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+import java.util.stream.Stream;
+
+import static com.github.games647.fastlogin.core.message.ChangePremiumMessage.CHANGE_CHANNEL;
+import static com.github.games647.fastlogin.core.message.SuccessMessage.SUCCESS_CHANNEL;
+import static java.util.stream.Collectors.toSet;
+
+public class BungeeManager {
+
+    private static final String LEGACY_FILE_NAME = "proxy-whitelist.txt";
+    private static final String FILE_NAME = "allowed-proxies.txt";
+
+    //null if proxies allowed list is empty so bungeecord support is disabled
+    private Set<UUID> proxyIds;
+
+    private final FastLoginBukkit plugin;
+    private boolean enabled;
+
+    private final Collection<UUID> firedJoinEvents = new HashSet<>();
+
+    public BungeeManager(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    public void cleanup() {
+        //remove old blocked status
+        Bukkit.getOnlinePlayers().forEach(player -> player.removeMetadata(plugin.getName(), plugin));
+    }
+
+    public void sendPluginMessage(PluginMessageRecipient player, ChannelMessage message) {
+        if (player != null) {
+            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
+            message.writeTo(dataOutput);
+
+            NamespaceKey channel = new NamespaceKey(plugin.getName(), message.getChannelName());
+            player.sendPluginMessage(plugin, channel.getCombinedName(), dataOutput.toByteArray());
+        }
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public void initialize() {
+        enabled = detectProxy();
+
+        if (enabled) {
+            proxyIds = loadBungeeCordIds();
+            if (proxyIds.isEmpty()) {
+                plugin.getLog().info("No valid IDs found. Minecraft proxy support cannot work in the current state");
+            }
+
+            registerPluginChannels();
+            plugin.getLog().info("Found enabled proxy configuration");
+            plugin.getLog().info("Remember to follow the proxy guide to complete your setup");
+        } else {
+            plugin.getLog().warn("Disabling Minecraft proxy configuration. Assuming direct connections from now on.");
+        }
+    }
+
+    private boolean isProxySupported(String className, String fieldName)
+        throws ClassNotFoundException, NoSuchFieldException, IllegalAccessException {
+        return Class.forName(className).getDeclaredField(fieldName).getBoolean(null);
+    }
+
+    private boolean isVelocityEnabled()
+        throws NoSuchFieldException, IllegalArgumentException, IllegalAccessException, ClassNotFoundException,
+        NoSuchMethodException, InvocationTargetException {
+        try {
+            Class<?> globalConfig = Class.forName("io.papermc.paper.configuration.GlobalConfiguration");
+            Object global = globalConfig.getDeclaredMethod("get").invoke(null);
+            Object proxiesConfiguration = global.getClass().getDeclaredField("proxies").get(global);
+
+            Field velocitySectionField = proxiesConfiguration.getClass().getDeclaredField("velocity");
+            Object velocityConfig = velocitySectionField.get(proxiesConfiguration);
+
+            return velocityConfig.getClass().getDeclaredField("enabled").getBoolean(velocityConfig);
+        } catch (ClassNotFoundException classNotFoundException) {
+            // try again using the older Paper configuration, because the old class file still exists in newer versions
+            if (isProxySupported("com.destroystokyo.paper.PaperConfig", "velocitySupport")) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private boolean detectProxy() {
+        try {
+            if (isProxySupported("org.spigotmc.SpigotConfig", "bungee")) {
+                return true;
+            }
+        } catch (ClassNotFoundException classNotFoundException) {
+            // leave stacktrace for class not found out
+            plugin.getLog().warn("Cannot check for BungeeCord support: {}", classNotFoundException.getMessage());
+        } catch (NoSuchFieldException | IllegalAccessException ex) {
+            plugin.getLog().warn("Cannot check for BungeeCord support", ex);
+        }
+
+        try {
+            return isVelocityEnabled();
+        } catch (ClassNotFoundException classNotFoundException) {
+            plugin.getLog().warn("Cannot check for Velocity support in Paper: {}", classNotFoundException.getMessage());
+        } catch (NoSuchFieldException | IllegalAccessException | NoSuchMethodException | InvocationTargetException ex) {
+            plugin.getLog().warn("Cannot check for Velocity support in Paper", ex);
+        }
+
+        return false;
+    }
+
+    private void registerPluginChannels() {
+        Server server = Bukkit.getServer();
+
+        // check for incoming messages from the bungeecord version of this plugin
+        String groupId = plugin.getName();
+        String forceChannel = NamespaceKey.getCombined(groupId, LoginActionMessage.FORCE_CHANNEL);
+        server.getMessenger().registerIncomingPluginChannel(plugin, forceChannel, new BungeeListener(plugin));
+
+        // outgoing
+        String successChannel = new NamespaceKey(groupId, SUCCESS_CHANNEL).getCombinedName();
+        String changeChannel = new NamespaceKey(groupId, CHANGE_CHANNEL).getCombinedName();
+        server.getMessenger().registerOutgoingPluginChannel(plugin, successChannel);
+        server.getMessenger().registerOutgoingPluginChannel(plugin, changeChannel);
+    }
+
+    private Set<UUID> loadBungeeCordIds() {
+        Path proxiesFile = plugin.getPluginFolder().resolve(FILE_NAME);
+        Path legacyFile = plugin.getPluginFolder().resolve(LEGACY_FILE_NAME);
+        try {
+            if (Files.notExists(proxiesFile)) {
+                if (Files.exists(legacyFile)) {
+                    Files.move(legacyFile, proxiesFile);
+                }
+
+                if (Files.notExists(legacyFile)) {
+                    Files.createFile(proxiesFile);
+                }
+            }
+
+            Files.deleteIfExists(legacyFile);
+            try (Stream<String> lines = Files.lines(proxiesFile)) {
+                return lines.map(String::trim).map(UUID::fromString).collect(toSet());
+            }
+        } catch (IOException ex) {
+            plugin.getLog().error("Failed to read proxies", ex);
+        } catch (Exception ex) {
+            plugin.getLog().error("Failed to retrieve proxy Id. Disabling BungeeCord support", ex);
+        }
+
+        return Collections.emptySet();
+    }
+
+    public boolean isProxyAllowed(UUID proxyId) {
+        return proxyIds != null && proxyIds.contains(proxyId);
+    }
+
+    /**
+     * Mark the event to be fired including the task delay.
+     *
+     * @param player joining player
+     */
+    public synchronized void markJoinEventFired(Player player) {
+        firedJoinEvents.add(player.getUniqueId());
+    }
+
+    /**
+     * Check if the event fired including with the task delay. This necessary to restore the order of processing the
+     * BungeeCord messages after the PlayerJoinEvent fires including the delay.
+     * <p>
+     * If the join event fired, the delay exceeded, but it ran earlier and couldn't find the recently started login
+     * session. If not fired, we can start a new force login task. This will still match the requirement that we wait
+     * a certain time after the player join event fired.
+     *
+     * @param player joining player
+     * @return event fired including delay
+     */
+    public synchronized boolean didJoinEventFired(Player player) {
+        return firedJoinEvents.contains(player.getUniqueId());
+    }
+
+    /**
+     * Player quit clean up
+     *
+     * @param player joining player
+     */
+    public synchronized void cleanup(Player player) {
+        firedJoinEvents.remove(player.getUniqueId());
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/EncryptionUtil.java

@@ -1,116 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import java.math.BigInteger;
-import java.nio.charset.StandardCharsets;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.util.Random;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
-/**
- * Encryption and decryption minecraft util for connection between servers
- * and paid Minecraft account clients.
- *
- * @see net.minecraft.server.MinecraftEncryption
- */
-public class EncryptionUtil {
-
-    public static final int VERIFY_TOKEN_LENGTH = 4;
-    public static final String KEY_PAIR_ALGORITHM = "RSA";
-
-    private EncryptionUtil() {
-        //utility
-    }
-
-    /**
-     * Generate a RSA key pair
-     *
-     * @return The RSA key pair.
-     */
-    public static KeyPair generateKeyPair() {
-        try {
-            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
-
-            keyPairGenerator.initialize(1_024);
-            return keyPairGenerator.generateKeyPair();
-        } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
-            //Should be existing in every vm
-            throw new ExceptionInInitializerError(nosuchalgorithmexception);
-        }
-    }
-
-    /**
-     * Generate a random token. This is used to verify that we are communicating with the same player
-     * in a login session.
-     *
-     * @param random random generator
-     * @return an error with 4 bytes long
-     */
-    public static byte[] generateVerifyToken(Random random) {
-        byte[] token = new byte[VERIFY_TOKEN_LENGTH];
-        random.nextBytes(token);
-        return token;
-    }
-
-    /**
-     * Generate the server id based on client and server data.
-     *
-     * @param sessionId    session for the current login attempt
-     * @param sharedSecret shared secret between the client and the server
-     * @param publicKey    public key of the server
-     * @return the server id formatted as a hexadecimal string.
-     */
-    public static String getServerIdHashString(String sessionId, Key sharedSecret, PublicKey publicKey) {
-        try {
-            byte[] serverHash = getServerIdHash(sessionId, sharedSecret, publicKey);
-            return (new BigInteger(serverHash)).toString(16);
-        } catch (NoSuchAlgorithmException e) {
-            e.printStackTrace();
-        }
-
-        return "";
-    }
-
-    /**
-     * Decrypts the content and extracts the key spec.
-     *
-     * @param cipher     decryption cipher initialized with the private key
-     * @param sharedKey  the encrypted shared key
-     * @return shared secret key
-     * @throws GeneralSecurityException if it fails to decrypt the data
-     */
-    public static SecretKey decryptSharedKey(Cipher cipher, byte[] sharedKey) throws GeneralSecurityException {
-        return new SecretKeySpec(decrypt(cipher, sharedKey), "AES");
-    }
-
-    /**
-     * Decrypted the given data using the cipher.
-     *
-     * @param cipher decryption cypher initialized with the private key
-     * @param data   the encrypted data
-     * @return clear text data
-     * @throws GeneralSecurityException if it fails to decrypt the data
-     */
-    public static byte[] decrypt(Cipher cipher, byte[] data) throws GeneralSecurityException {
-        return cipher.doFinal(data);
-    }
-
-    private static byte[] getServerIdHash(String sessionId, Key sharedSecret, PublicKey publicKey)
-            throws NoSuchAlgorithmException {
-        MessageDigest digest = MessageDigest.getInstance("SHA-1");
-
-        digest.update(sessionId.getBytes(StandardCharsets.ISO_8859_1));
-        digest.update(sharedSecret.getEncoded());
-        digest.update(publicKey.getEncoded());
-
-        return digest.digest();
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java

@@ -1,38 +1,63 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit;
 
+import com.comphenix.protocol.ProtocolLibrary;
 import com.github.games647.fastlogin.bukkit.command.CrackedCommand;
 import com.github.games647.fastlogin.bukkit.command.PremiumCommand;
-import com.github.games647.fastlogin.bukkit.listener.BungeeListener;
 import com.github.games647.fastlogin.bukkit.listener.ConnectionListener;
+import com.github.games647.fastlogin.bukkit.listener.PaperCacheListener;
 import com.github.games647.fastlogin.bukkit.listener.protocollib.ProtocolLibListener;
 import com.github.games647.fastlogin.bukkit.listener.protocollib.SkinApplyListener;
 import com.github.games647.fastlogin.bukkit.listener.protocolsupport.ProtocolSupportListener;
 import com.github.games647.fastlogin.bukkit.task.DelayedAuthHook;
 import com.github.games647.fastlogin.core.CommonUtil;
 import com.github.games647.fastlogin.core.PremiumStatus;
-import com.github.games647.fastlogin.core.message.ChannelMessage;
-import com.github.games647.fastlogin.core.message.LoginActionMessage;
-import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.github.games647.fastlogin.core.hooks.bedrock.BedrockService;
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
+import com.github.games647.fastlogin.core.hooks.bedrock.GeyserService;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.github.games647.fastlogin.core.shared.PlatformPlugin;
-import com.google.common.io.ByteArrayDataOutput;
-import com.google.common.io.ByteStreams;
-
-import java.nio.file.Path;
-import java.util.Map;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
+import org.bukkit.Bukkit;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
 import org.bukkit.plugin.PluginManager;
 import org.bukkit.plugin.java.JavaPlugin;
-import org.bukkit.plugin.messaging.PluginMessageRecipient;
+import org.geysermc.floodgate.api.FloodgateApi;
+import org.geysermc.geyser.GeyserImpl;
+import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 
-import static com.github.games647.fastlogin.core.message.ChangePremiumMessage.CHANGE_CHANNEL;
-import static com.github.games647.fastlogin.core.message.SuccessMessage.SUCCESS_CHANNEL;
+import java.net.InetSocketAddress;
+import java.nio.file.Path;
+import java.util.Map;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
 
 /**
  * This plugin checks if a player has a paid account and if so tries to skip offline mode authentication.
@@ -41,45 +66,45 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
 
     //1 minutes should be enough as a timeout for bad internet connection (Server, Client and Mojang)
     private final ConcurrentMap<String, BukkitLoginSession> loginSession = CommonUtil.buildCache(1, -1);
-    private final Logger logger = CommonUtil.createLoggerFromJDK(getLogger());
     private final Map<UUID, PremiumStatus> premiumPlayers = new ConcurrentHashMap<>();
+    private final Logger logger;
 
     private boolean serverStarted;
-    private boolean bungeeCord;
+    private BungeeManager bungeeManager;
+    private final BukkitScheduler scheduler;
     private FastLoginCore<Player, CommandSender, FastLoginBukkit> core;
+    private FloodgateService floodgateService;
+    private GeyserService geyserService;
+
+    private PremiumPlaceholder premiumPlaceholder;
+
+    public FastLoginBukkit() {
+        this.logger = CommonUtil.initializeLoggerService(getLogger());
+        this.scheduler = new BukkitScheduler(this, logger);
+    }
 
     @Override
     public void onEnable() {
         core = new FastLoginCore<>(this);
         core.load();
-        try {
-            bungeeCord = Class.forName("org.spigotmc.SpigotConfig").getDeclaredField("bungee").getBoolean(null);
-        } catch (ClassNotFoundException notFoundEx) {
-            //ignore server has no bungee support
-        } catch (Exception ex) {
-            logger.warn("Cannot check bungeecord support. You use a non-Spigot build", ex);
-        }
 
         if (getServer().getOnlineMode()) {
-            //we need to require offline to prevent a loginSession request for a offline player
-            logger.error("Server have to be in offline mode");
+            //we need to require offline to prevent a loginSession request for an offline player
+            logger.error("Server has to be in offline mode");
             setEnabled(false);
             return;
         }
 
+        if (!initializeFloodgate()) {
+            setEnabled(false);
+        }
+
+        bungeeManager = new BungeeManager(this);
+        bungeeManager.initialize();
+
         PluginManager pluginManager = getServer().getPluginManager();
-        if (bungeeCord) {
-            setServerStarted();
-
-            // check for incoming messages from the bungeecord version of this plugin
-            String forceChannel = new NamespaceKey(getName(), LoginActionMessage.FORCE_CHANNEL).getCombinedName();
-            getServer().getMessenger().registerIncomingPluginChannel(this, forceChannel, new BungeeListener(this));
-
-            // outgoing
-            String successChannel = new NamespaceKey(getName(), SUCCESS_CHANNEL).getCombinedName();
-            String changeChannel = new NamespaceKey(getName(), CHANGE_CHANNEL).getCombinedName();
-            getServer().getMessenger().registerOutgoingPluginChannel(this, successChannel);
-            getServer().getMessenger().registerOutgoingPluginChannel(this, changeChannel);
+        if (bungeeManager.isEnabled()) {
+            markInitialized();
         } else {
             if (!core.setupDatabase()) {
                 setEnabled(false);
@@ -87,12 +112,18 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
             }
 
             if (pluginManager.isPluginEnabled("ProtocolSupport")) {
-                pluginManager.registerEvents(new ProtocolSupportListener(this), this);
+                pluginManager.registerEvents(new ProtocolSupportListener(this, core.getAntiBot()), this);
             } else if (pluginManager.isPluginEnabled("ProtocolLib")) {
-                ProtocolLibListener.register(this);
-                pluginManager.registerEvents(new SkinApplyListener(this), this);
+                ProtocolLibListener.register(this, core.getAntiBot(), core.getConfig().getBoolean("verifyClientKeys"));
+
+                //if server is using paper - we need to set the skin at pre login anyway, so no need for this listener
+                if (!isPaper() && getConfig().getBoolean("forwardSkin")) {
+                    pluginManager.registerEvents(new SkinApplyListener(this), this);
+                }
             } else {
                 logger.warn("Either ProtocolLib or ProtocolSupport have to be installed if you don't use BungeeCord");
+                setEnabled(false);
+                return;
             }
         }
 
@@ -101,16 +132,37 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
 
         pluginManager.registerEvents(new ConnectionListener(this), this);
 
+        //if server is using paper - we need to add one more listener to correct the user cache usage
+        if (isPaper()) {
+            pluginManager.registerEvents(new PaperCacheListener(this), this);
+        }
+
         //register commands using a unique name
-        getCommand("premium").setExecutor(new PremiumCommand(this));
-        getCommand("cracked").setExecutor(new CrackedCommand(this));
+        Optional.ofNullable(getCommand("premium")).ifPresent(c -> c.setExecutor(new PremiumCommand(this)));
+        Optional.ofNullable(getCommand("cracked")).ifPresent(c -> c.setExecutor(new CrackedCommand(this)));
 
         if (pluginManager.isPluginEnabled("PlaceholderAPI")) {
-            //prevents NoClassDef errors if it's not available
-            PremiumPlaceholder.register(this);
+            premiumPlaceholder = new PremiumPlaceholder(this);
+            premiumPlaceholder.register();
         }
     }
 
+    private boolean initializeFloodgate() {
+        if (getServer().getPluginManager().getPlugin("Geyser-Spigot") != null) {
+            geyserService = new GeyserService(GeyserImpl.getInstance(), core);
+        }
+
+        if (getServer().getPluginManager().getPlugin("floodgate") != null) {
+            floodgateService = new FloodgateService(FloodgateApi.getInstance(), core);
+
+            // Check Floodgate config values and return
+            return floodgateService.isValidFloodgateConfigString("autoLoginFloodgate")
+                    && floodgateService.isValidFloodgateConfigString("allowFloodgateNameConflict");
+        }
+
+        return true;
+    }
+
     @Override
     public void onDisable() {
         loginSession.clear();
@@ -120,8 +172,21 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
             core.close();
         }
 
-        //remove old blacklists
-        getServer().getOnlinePlayers().forEach(player -> player.removeMetadata(getName(), this));
+        if (bungeeManager != null) {
+            bungeeManager.cleanup();
+        }
+
+        if (premiumPlaceholder != null && getServer().getPluginManager().isPluginEnabled("PlaceholderAPI")) {
+            try {
+                premiumPlaceholder.unregister();
+            } catch (Exception | NoSuchMethodError exception) {
+                logger.error("Failed to unregister placeholder", exception);
+            }
+        }
+
+        if (getServer().getPluginManager().isPluginEnabled("ProtocolLib")) {
+            ProtocolLibrary.getProtocolManager().getAsynchronousManager().unregisterAsyncHandlers(this);
+        }
     }
 
     public FastLoginCore<Player, CommandSender, FastLoginBukkit> getCore() {
@@ -138,24 +203,53 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
         return loginSession;
     }
 
+    public BukkitLoginSession getSession(InetSocketAddress address) {
+        String id = getSessionId(address);
+        return loginSession.get(id);
+    }
+
+    public String getSessionId(InetSocketAddress address) {
+        return address.getAddress().getHostAddress() + ':' + address.getPort();
+    }
+
+    public void putSession(InetSocketAddress address, BukkitLoginSession session) {
+        String id = getSessionId(address);
+        loginSession.put(id, session);
+    }
+
+    public void removeSession(InetSocketAddress address) {
+        String id = getSessionId(address);
+        loginSession.remove(id);
+    }
+
     public Map<UUID, PremiumStatus> getPremiumPlayers() {
         return premiumPlayers;
     }
 
-    public boolean isBungeeEnabled() {
-        return bungeeCord;
-    }
-
     /**
      * Fetches the premium status of an online player.
+     * {@snippet :
+     * // Bukkit's players object after successful authentication i.e. PlayerJoinEvent
+     * // except for proxies like BungeeCord and Velocity where the details are sent delayed (1-2 seconds)
+     * Player player;
+     * PremiumStatus status = JavaPlugin.getPlugin(FastLoginBukkit.class).getStatus(player.getUniqueId());
+     * switch (status) {
+     *     case CRACKED:
+     *         // player is offline
+     *         break;
+     *     case PREMIUM:
+     *         // account is premium and player passed the verification
+     *         break;
+     *     case UNKNOWN:
+     *         // no record about this player
+     * }
+     * }
      *
-     * @param onlinePlayer
+     * @param onlinePlayer player that is currently online player (play state)
      * @return the online status or unknown if an error happened, the player isn't online or BungeeCord doesn't send
      * us the status message yet (This means you cannot check the login status on the PlayerJoinEvent).
-     * @deprecated this method could be removed in future versions and exists only as a temporarily solution
      */
-    @Deprecated
-    public PremiumStatus getStatus(UUID onlinePlayer) {
+    public @NotNull PremiumStatus getStatus(@NotNull UUID onlinePlayer) {
         return premiumPlayers.getOrDefault(onlinePlayer, PremiumStatus.UNKNOWN);
     }
 
@@ -169,20 +263,12 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
         return serverStarted;
     }
 
-    public void setServerStarted() {
-        if (!this.serverStarted) {
-            this.serverStarted = true;
-        }
+    public void markInitialized() {
+        this.serverStarted = true;
     }
 
-    public void sendPluginMessage(PluginMessageRecipient player, ChannelMessage message) {
-        if (player != null) {
-            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-            message.writeTo(dataOutput);
-
-            NamespaceKey channel = new NamespaceKey(getName(), message.getChannelName());
-            player.sendPluginMessage(this, channel.getCombinedName(), dataOutput.toByteArray());
-        }
+    public BungeeManager getBungeeManager() {
+        return bungeeManager;
     }
 
     @Override
@@ -195,8 +281,54 @@ public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<Comman
         return logger;
     }
 
+    @Override
+    public BukkitScheduler getScheduler() {
+        return scheduler;
+    }
+
     @Override
     public void sendMessage(CommandSender receiver, String message) {
         receiver.sendMessage(message);
     }
+
+    /**
+     * Checks if a plugin is installed on the server
+     *
+     * @param name the name of the plugin
+     * @return true if the plugin is installed
+     */
+    @Override
+    public boolean isPluginInstalled(String name) {
+        // the plugin may be enabled after FastLogin, so isPluginEnabled() won't work here
+        return Bukkit.getServer().getPluginManager().getPlugin(name) != null;
+    }
+
+    public FloodgateService getFloodgateService() {
+        return floodgateService;
+    }
+
+    public GeyserService getGeyserService() {
+        return geyserService;
+    }
+
+    @Override
+    public BedrockService<?> getBedrockService() {
+        if (floodgateService != null) {
+            return floodgateService;
+        }
+        return geyserService;
+    }
+
+    private boolean isPaper() {
+        return isClassAvailable("com.destroystokyo.paper.PaperConfig").isPresent()
+                || isClassAvailable("io.papermc.paper.configuration.Configuration").isPresent();
+    }
+
+    private Optional<Class<?>> isClassAvailable(String clazzName) {
+        try {
+            return Optional.of(Class.forName(clazzName));
+        } catch (ClassNotFoundException e) {
+            return Optional.empty();
+        }
+    }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/InetUtils.java

@@ -0,0 +1,63 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import java.net.InetAddress;
+
+public final class InetUtils {
+
+    private InetUtils() {
+        // Utility
+    }
+
+    /**
+     * Verifies if the given IP address is from the local network
+     *
+     * @param address IP address
+     * @return true if address is from local network or even from the device itself (loopback)
+     */
+    public static boolean isLocalAddress(InetAddress address) {
+        // Loopback addresses like 127.0.* (IPv4) or [::1] (IPv6)
+        return address.isLoopbackAddress()
+                // Example: 10.0.0.0, 172.16.0.0, 192.168.0.0, fec0::/10 (deprecated)
+                // Ref: https://en.wikipedia.org/wiki/IP_address#Private_addresses
+                || address.isSiteLocalAddress()
+                // Example: 169.254.0.0/16, fe80::/10
+                // Ref: https://en.wikipedia.org/wiki/IP_address#Address_autoconfiguration
+                || address.isLinkLocalAddress()
+                // non deprecated unique site-local that java doesn't check yet -> fc00::/7
+                || isIPv6UniqueSiteLocal(address);
+    }
+
+    private static boolean isIPv6UniqueSiteLocal(InetAddress address) {
+        // ref: https://en.wikipedia.org/wiki/Unique_local_address
+
+        // currently undefined but could be used in the near future fc00::/8
+        return (address.getAddress()[0] & 0xFF) == 0xFC
+                // in use for unique site-local fd00::/8
+                || (address.getAddress()[0] & 0xFF) == 0xFD;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/PremiumPlaceholder.java

@@ -1,15 +1,40 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit;
 
-import java.util.stream.Collectors;
-
-import me.clip.placeholderapi.PlaceholderAPI;
 import me.clip.placeholderapi.expansion.PlaceholderExpansion;
+import org.bukkit.OfflinePlayer;
+import org.jetbrains.annotations.NotNull;
 
-import org.bukkit.entity.Player;
+import java.util.Collections;
+import java.util.List;
 
 public class PremiumPlaceholder extends PlaceholderExpansion {
 
-    private static final String PLACEHOLDER_VARIABLE = "fastlogin_status";
+    private static final String PLACEHOLDER_VARIABLE = "status";
 
     private final FastLoginBukkit plugin;
 
@@ -17,37 +42,43 @@ public class PremiumPlaceholder extends PlaceholderExpansion {
         this.plugin = plugin;
     }
 
-    public static void register(FastLoginBukkit plugin) {
-        PremiumPlaceholder placeholderHook = new PremiumPlaceholder(plugin);
-        PlaceholderAPI.registerPlaceholderHook(PLACEHOLDER_VARIABLE, placeholderHook);
+    @Override
+    public boolean persist() {
+        return true;
     }
 
     @Override
-    public String onPlaceholderRequest(Player player, String variable) {
-        if (player != null && PLACEHOLDER_VARIABLE.equals(variable)) {
-            return plugin.getStatus(player.getUniqueId()).name();
+    public @NotNull List<String> getPlaceholders() {
+        return Collections.singletonList(PLACEHOLDER_VARIABLE);
+    }
+
+    @Override
+    public String onRequest(OfflinePlayer player, @NotNull String identifier) {
+        // player is null if offline
+        if (player != null && PLACEHOLDER_VARIABLE.equals(identifier)) {
+            return plugin.getStatus(player.getUniqueId()).getReadableName();
         }
 
-        return "";
+        return null;
     }
 
     @Override
-    public String getIdentifier() {
-        return PLACEHOLDER_VARIABLE;
-    }
-
-    @Override
-    public String getPlugin() {
+    public @NotNull String getIdentifier() {
         return plugin.getName();
     }
 
     @Override
-    public String getAuthor() {
-        return plugin.getDescription().getAuthors().stream().collect(Collectors.joining(", "));
+    public String getRequiredPlugin() {
+        return plugin.getName();
     }
 
     @Override
-    public String getVersion() {
-        return plugin.getName();
+    public @NotNull String getAuthor() {
+        return String.join(", ", plugin.getDescription().getAuthors());
+    }
+
+    @Override
+    public @NotNull String getVersion() {
+        return plugin.getDescription().getVersion();
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java

@@ -1,11 +1,38 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.command;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.StoredProfile;
-
-import org.bukkit.Bukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPremiumToggleEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import org.bukkit.command.Command;
 import org.bukkit.command.CommandSender;
+import org.jetbrains.annotations.NotNull;
+
+import static com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent.PremiumToggleReason;
 
 public class CrackedCommand extends ToggleCommand {
 
@@ -14,9 +41,10 @@ public class CrackedCommand extends ToggleCommand {
     }
 
     @Override
-    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
+    public boolean onCommand(@NotNull CommandSender sender, @NotNull Command command, @NotNull String label,
+                             String[] args) {
         if (args.length == 0) {
-            onCrackedSelf(sender, command, args);
+            onCrackedSelf(sender);
         } else {
             onCrackedOther(sender, command, args);
         }
@@ -24,7 +52,7 @@ public class CrackedCommand extends ToggleCommand {
         return true;
     }
 
-    private void onCrackedSelf(CommandSender sender, Command cmd, String[] args) {
+    private void onCrackedSelf(CommandSender sender) {
         if (isConsole(sender)) {
             return;
         }
@@ -33,23 +61,20 @@ public class CrackedCommand extends ToggleCommand {
             return;
         }
 
-        if (plugin.isBungeeEnabled()) {
-            sendBungeeActivateMessage(sender, sender.getName(), false);
-            plugin.getCore().sendLocaleMessage("wait-on-proxy", sender);
-        } else {
-            //todo: load async if
-            StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
-            if (profile.isPremium()) {
-                plugin.getCore().sendLocaleMessage("remove-premium", sender);
+        // todo: load async if
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
+        if (profile.isPremium()) {
+            plugin.getCore().sendLocaleMessage("remove-premium", sender);
 
-                profile.setPremium(false);
-                profile.setId(null);
-                Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                    plugin.getCore().getStorage().save(profile);
-                });
-            } else {
-                plugin.getCore().sendLocaleMessage("not-premium", sender);
-            }
+            profile.setPremium(false);
+            profile.setId(null);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_OTHER));
+            });
+        } else {
+            plugin.getCore().sendLocaleMessage("not-premium", sender);
         }
     }
 
@@ -76,8 +101,10 @@ public class CrackedCommand extends ToggleCommand {
             plugin.getCore().sendLocaleMessage("remove-premium", sender);
 
             profile.setPremium(false);
-            Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
+            plugin.getScheduler().runAsync(() -> {
                 plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_OTHER));
             });
         }
     }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java

@@ -1,19 +1,45 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.command;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.StoredProfile;
-
-import java.util.UUID;
-
-import org.bukkit.Bukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPremiumToggleEvent;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent.PremiumToggleReason;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import org.bukkit.command.Command;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
+import org.jetbrains.annotations.NotNull;
+
+import java.util.UUID;
 
 /**
  * Let users activate fast login by command. This only be accessible if
- * the user has access to it's account. So we can make sure that not another
- * person with a paid account and the same username can steal his account.
+ * the user has access to its account. So we can make sure that not another
+ * person with a paid account and the same username can steal their account.
  */
 public class PremiumCommand extends ToggleCommand {
 
@@ -22,9 +48,10 @@ public class PremiumCommand extends ToggleCommand {
     }
 
     @Override
-    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
+    public boolean onCommand(@NotNull CommandSender sender, @NotNull Command command, @NotNull String label,
+                             String[] args) {
         if (args.length == 0) {
-            onPremiumSelf(sender, command, args);
+            onPremiumSelf(sender);
         } else {
             onPremiumOther(sender, command, args);
         }
@@ -32,7 +59,7 @@ public class PremiumCommand extends ToggleCommand {
         return true;
     }
 
-    private void onPremiumSelf(CommandSender sender, Command cmd, String[] args) {
+    private void onPremiumSelf(CommandSender sender) {
         if (isConsole(sender)) {
             return;
         }
@@ -41,27 +68,29 @@ public class PremiumCommand extends ToggleCommand {
             return;
         }
 
-            UUID id = ((Player) sender).getUniqueId();
-            if (plugin.getConfig().getBoolean("premium-warning") && !plugin.getCore().getPendingConfirms().contains(id)) {
-                sender.sendMessage(plugin.getCore().getMessage("premium-warning"));
-                plugin.getCore().getPendingConfirms().add(id);
-                return;
-            }
+        UUID id = ((Player) sender).getUniqueId();
+        if (plugin.getConfig().getBoolean("premium-warning") && !plugin.getCore().getPendingConfirms().contains(id)) {
+            sender.sendMessage(plugin.getCore().getMessage("premium-warning"));
+            plugin.getCore().getPendingConfirms().add(id);
+            return;
+        }
 
-            plugin.getCore().getPendingConfirms().remove(id);
-            //todo: load async
-            StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
-            if (profile.isPremium()) {
-                plugin.getCore().sendLocaleMessage("already-exists", sender);
-            } else {
-                //todo: resolve uuid
-                profile.setPremium(true);
-                Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                    plugin.getCore().getStorage().save(profile);
-                });
+        plugin.getCore().getPendingConfirms().remove(id);
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
+        if (profile.isPremium()) {
+            plugin.getCore().sendLocaleMessage("already-exists", sender);
+        } else {
+            //todo: resolve uuid
+            profile.setPremium(true);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_SELF));
+            });
 
-                plugin.getCore().sendLocaleMessage("add-premium", sender);
-            }
+            plugin.getCore().sendLocaleMessage("add-premium", sender);
+        }
     }
 
     private void onPremiumOther(CommandSender sender, Command command, String[] args) {
@@ -85,8 +114,10 @@ public class PremiumCommand extends ToggleCommand {
         } else {
             //todo: resolve uuid
             profile.setPremium(true);
-            Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
+            plugin.getScheduler().runAsync(() -> {
                 plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_OTHER));
             });
 
             plugin.getCore().sendLocaleMessage("add-premium-other", sender);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/ToggleCommand.java

@@ -1,11 +1,33 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.command;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
 import com.github.games647.fastlogin.core.message.ChannelMessage;
-
-import java.util.Optional;
-
 import org.bukkit.Bukkit;
 import org.bukkit.command.Command;
 import org.bukkit.command.CommandExecutor;
@@ -13,6 +35,8 @@ import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
 import org.bukkit.plugin.messaging.PluginMessageRecipient;
 
+import java.util.Optional;
+
 public abstract class ToggleCommand implements CommandExecutor {
 
     protected final FastLoginBukkit plugin;
@@ -22,16 +46,16 @@ public abstract class ToggleCommand implements CommandExecutor {
     }
 
     protected boolean hasOtherPermission(CommandSender sender, Command cmd) {
-        if (!sender.hasPermission(cmd.getPermission() + ".other")) {
-            plugin.getCore().sendLocaleMessage("no-permission", sender);
-            return false;
+        if (sender.hasPermission(cmd.getPermission() + ".other")) {
+            return true;
         }
 
-        return true;
+        plugin.getCore().sendLocaleMessage("no-permission", sender);
+        return false;
     }
 
     protected boolean forwardBungeeCommand(CommandSender sender, String target, boolean activate) {
-        if (plugin.isBungeeEnabled()) {
+        if (plugin.getBungeeManager().isEnabled()) {
             sendBungeeActivateMessage(sender, target, activate);
             plugin.getCore().sendLocaleMessage("wait-on-proxy", sender);
             return true;
@@ -53,7 +77,7 @@ public abstract class ToggleCommand implements CommandExecutor {
     protected void sendBungeeActivateMessage(CommandSender invoker, String target, boolean activate) {
         if (invoker instanceof PluginMessageRecipient) {
             ChannelMessage message = new ChangePremiumMessage(target, activate, true);
-            plugin.sendPluginMessage((PluginMessageRecipient) invoker, message);
+            plugin.getBungeeManager().sendPluginMessage((PluginMessageRecipient) invoker, message);
         } else {
             Optional<? extends Player> optPlayer = Bukkit.getServer().getOnlinePlayers().stream().findFirst();
             if (!optPlayer.isPresent()) {
@@ -63,7 +87,7 @@ public abstract class ToggleCommand implements CommandExecutor {
 
             Player sender = optPlayer.get();
             ChannelMessage message = new ChangePremiumMessage(target, activate, false);
-            plugin.sendPluginMessage(sender, message);
+            plugin.getBungeeManager().sendPluginMessage(sender, message);
         }
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java

@@ -1,15 +1,41 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.event;
 
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.LoginSession;
 import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import org.bukkit.event.Cancellable;
 import org.bukkit.event.Event;
 import org.bukkit.event.HandlerList;
+import org.jetbrains.annotations.NotNull;
 
 public class BukkitFastLoginAutoLoginEvent extends Event implements FastLoginAutoLoginEvent, Cancellable {
 
-    private static final HandlerList handlers = new HandlerList();
+    private static final HandlerList HANDLERS = new HandlerList();
     private final LoginSession session;
     private final StoredProfile profile;
     private boolean cancelled;
@@ -42,11 +68,11 @@ public class BukkitFastLoginAutoLoginEvent extends Event implements FastLoginAut
     }
 
     @Override
-    public HandlerList getHandlers() {
-        return handlers;
+    public @NotNull HandlerList getHandlers() {
+        return HANDLERS;
     }
 
     public static HandlerList getHandlerList() {
-        return handlers;
+        return HANDLERS;
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java

@@ -1,14 +1,40 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.event;
 
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.LoginSource;
 import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import org.bukkit.event.Event;
 import org.bukkit.event.HandlerList;
+import org.jetbrains.annotations.NotNull;
 
 public class BukkitFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent {
 
-    private static final HandlerList handlers = new HandlerList();
+    private static final HandlerList HANDLERS = new HandlerList();
     private final String username;
     private final LoginSource source;
     private final StoredProfile profile;
@@ -37,11 +63,11 @@ public class BukkitFastLoginPreLoginEvent extends Event implements FastLoginPreL
     }
 
     @Override
-    public HandlerList getHandlers() {
-        return handlers;
+    public @NotNull HandlerList getHandlers() {
+        return HANDLERS;
     }
 
     public static HandlerList getHandlerList() {
-        return handlers;
+        return HANDLERS;
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPremiumToggleEvent.java

@@ -0,0 +1,64 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+import org.jetbrains.annotations.NotNull;
+
+public class BukkitFastLoginPremiumToggleEvent extends Event implements FastLoginPremiumToggleEvent {
+
+    private static final HandlerList HANDLERS = new HandlerList();
+    private final StoredProfile profile;
+    private final PremiumToggleReason reason;
+
+    public BukkitFastLoginPremiumToggleEvent(StoredProfile profile, PremiumToggleReason reason) {
+        super(true);
+        this.profile = profile;
+        this.reason = reason;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public PremiumToggleReason getReason() {
+        return reason;
+    }
+
+    @Override
+    public @NotNull HandlerList getHandlers() {
+        return HANDLERS;
+    }
+
+    public static HandlerList getHandlerList() {
+        return HANDLERS;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java

@@ -1,40 +1,81 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.hook;
 
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
 import fr.xephi.authme.api.v3.AuthMeApi;
 import fr.xephi.authme.events.RestoreSessionEvent;
-
+import fr.xephi.authme.process.Management;
+import fr.xephi.authme.process.register.executors.ApiPasswordRegisterParams;
+import fr.xephi.authme.process.register.executors.RegistrationMethod;
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.EventPriority;
 import org.bukkit.event.Listener;
 
+import java.lang.reflect.Field;
+
 /**
- * GitHub: https://github.com/Xephi/AuthMeReloaded/
+ * GitHub: <a href="https://github.com/Xephi/AuthMeReloaded/">...</a>
  * <p>
  * Project page:
  * <p>
- * Bukkit: https://dev.bukkit.org/bukkit-plugins/authme-reloaded/
+ * Bukkit: <a href="https://dev.bukkit.org/bukkit-plugins/authme-reloaded/">...</a>
  * <p>
- * Spigot: https://www.spigotmc.org/resources/authme-reloaded.6269/
+ * Spigot: <a href="https://www.spigotmc.org/resources/authme-reloaded.6269/">...</a>
  */
 public class AuthMeHook implements AuthPlugin<Player>, Listener {
 
     private final FastLoginBukkit plugin;
 
+    private final AuthMeApi authmeAPI;
+    private Management authmeManagement;
+
     public AuthMeHook(FastLoginBukkit plugin) {
         this.plugin = plugin;
+        this.authmeAPI = AuthMeApi.getInstance();
+
+        if (plugin.getCore().getConfig().getBoolean("respectIpLimit", false)) {
+            try {
+                Field managementField = this.authmeAPI.getClass().getDeclaredField("management");
+                managementField.setAccessible(true);
+                this.authmeManagement = (Management) managementField.get(this.authmeAPI);
+            } catch (NoSuchFieldException | IllegalAccessException exception) {
+                this.authmeManagement = null;
+            }
+        }
     }
 
     @EventHandler(priority = EventPriority.HIGHEST, ignoreCancelled = true)
     public void onSessionRestore(RestoreSessionEvent restoreSessionEvent) {
         Player player = restoreSessionEvent.getPlayer();
 
-        String id = '/' + player.getAddress().getAddress().getHostAddress() + ':' + player.getAddress().getPort();
-        BukkitLoginSession session = plugin.getLoginSessions().get(id);
+        BukkitLoginSession session = plugin.getSession(player.spigot().getRawAddress());
         if (session != null && session.isVerified()) {
             restoreSessionEvent.setCancelled(true);
         }
@@ -42,24 +83,32 @@ public class AuthMeHook implements AuthPlugin<Player>, Listener {
 
     @Override
     public boolean forceLogin(Player player) {
-        if (AuthMeApi.getInstance().isAuthenticated(player)) {
+        if (authmeAPI.isAuthenticated(player)) {
+            plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
             return false;
         }
 
         //skips registration and login
-        AuthMeApi.getInstance().forceLogin(player);
+        authmeAPI.forceLogin(player);
         return true;
     }
 
     @Override
     public boolean isRegistered(String playerName) {
-        return AuthMeApi.getInstance().isRegistered(playerName);
+        return authmeAPI.isRegistered(playerName);
     }
 
     @Override
+    //this automatically login the player too
     public boolean forceRegister(Player player, String password) {
-        //this automatically login the player too
-        AuthMeApi.getInstance().forceRegister(player, password);
+        //if we have the management - we can trigger register with IP limit checks
+        if (authmeManagement != null) {
+            authmeManagement.performRegister(RegistrationMethod.PASSWORD_REGISTRATION,
+                    ApiPasswordRegisterParams.of(player, password, true));
+        } else {
+            authmeAPI.forceRegister(player, password);
+        }
+
         return true;
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/CrazyLoginHook.java

@@ -1,28 +1,52 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.hook;
 
-import com.comphenix.protocol.reflect.FieldUtils;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
 import de.st_ddt.crazylogin.CrazyLogin;
 import de.st_ddt.crazylogin.data.LoginPlayerData;
 import de.st_ddt.crazylogin.databases.CrazyLoginDataDatabase;
 import de.st_ddt.crazylogin.listener.PlayerListener;
 import de.st_ddt.crazylogin.metadata.Authenticated;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
 
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
 /**
- * GitHub: https://github.com/ST-DDT/CrazyLogin
+ * GitHub: <a href="https://github.com/ST-DDT/CrazyLogin">...</a>
  * <p>
  * Project page:
  * <p>
- * Bukkit: https://dev.bukkit.org/server-mods/crazylogin/
+ * Bukkit: <a href="https://dev.bukkit.org/server-mods/crazylogin/">...</a>
  */
 public class CrazyLoginHook implements AuthPlugin<Player> {
 
@@ -96,11 +120,11 @@ public class CrazyLoginHook implements AuthPlugin<Player> {
     public boolean forceRegister(Player player, String password) {
         CrazyLoginDataDatabase crazyDatabase = crazyLoginPlugin.getCrazyDatabase();
 
-        //this executes a sql query and accesses only thread safe collections so we can run it async
+        //this executes a sql query and accesses only thread safe collections, so we can run it async
         LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player.getName());
         if (playerData == null) {
             //create a fake account - this will be saved to the database with the password=FAILEDLOADING
-            //user cannot login with that password unless the admin uses plain text
+            //user cannot log in with that password unless the admin uses plain text
             //this automatically marks the player as logged in
             crazyDatabase.save(new LoginPlayerData(player));
             return forceLogin(player);
@@ -109,15 +133,8 @@ public class CrazyLoginHook implements AuthPlugin<Player> {
         return false;
     }
 
-    private PlayerListener getListener() {
-        PlayerListener listener;
-        try {
-            listener = (PlayerListener) FieldUtils.readField(crazyLoginPlugin, "playerListener", true);
-        } catch (IllegalAccessException ex) {
-            plugin.getLog().error("Failed to get the listener instance for auto login", ex);
-            listener = null;
-        }
-
-        return listener;
+    protected PlayerListener getListener() {
+        FieldAccessor accessor = Accessors.getFieldAccessor(crazyLoginPlugin.getClass(), PlayerListener.class, true);
+        return (PlayerListener) accessor.get(crazyLoginPlugin);
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/LogItHook.java

@@ -1,18 +1,42 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.hook;
 
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
 import io.github.lucaseasedup.logit.CancelledState;
 import io.github.lucaseasedup.logit.LogItCore;
 import io.github.lucaseasedup.logit.account.Account;
 import io.github.lucaseasedup.logit.session.SessionManager;
+import org.bukkit.entity.Player;
 
 import java.time.Instant;
 
-import org.bukkit.entity.Player;
-
 /**
- * GitHub: https://github.com/XziomekX/LogIt
+ * GitHub: <a href="https://github.com/XziomekX/LogIt">...</a>
  * <p>
  * Project page:
  * <p>
@@ -22,11 +46,21 @@ import org.bukkit.entity.Player;
  */
 public class LogItHook implements AuthPlugin<Player> {
 
+    private final FastLoginBukkit plugin;
+
+    public LogItHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
     @Override
     public boolean forceLogin(Player player) {
         SessionManager sessionManager = LogItCore.getInstance().getSessionManager();
-        return sessionManager.isSessionAlive(player)
-                || sessionManager.startSession(player) == CancelledState.NOT_CANCELLED;
+        if (sessionManager.isSessionAlive(player)) {
+            plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+            return false;
+        }
+
+        return sessionManager.startSession(player) == CancelledState.NOT_CANCELLED;
     }
 
     @Override

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/LoginSecurityHook.java

@@ -1,3 +1,28 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.hook;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
@@ -7,17 +32,16 @@ import com.lenis0012.bukkit.loginsecurity.session.AuthService;
 import com.lenis0012.bukkit.loginsecurity.session.PlayerSession;
 import com.lenis0012.bukkit.loginsecurity.session.action.LoginAction;
 import com.lenis0012.bukkit.loginsecurity.session.action.RegisterAction;
-
 import org.bukkit.entity.Player;
 
 /**
- * GitHub: https://github.com/lenis0012/LoginSecurity-2
+ * GitHub: <a href="https://github.com/lenis0012/LoginSecurity-2">...</a>
  * <p>
  * Project page:
  * <p>
- * Bukkit: https://dev.bukkit.org/bukkit-plugins/loginsecurity/
+ * Bukkit: <a href="https://dev.bukkit.org/bukkit-plugins/loginsecurity/">...</a>
  * <p>
- * Spigot: https://www.spigotmc.org/resources/loginsecurity.19362/
+ * Spigot: <a href="https://www.spigotmc.org/resources/loginsecurity.19362/">...</a>
  */
 public class LoginSecurityHook implements AuthPlugin<Player> {
 
@@ -30,6 +54,11 @@ public class LoginSecurityHook implements AuthPlugin<Player> {
     @Override
     public boolean forceLogin(Player player) {
         PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
+        if (session.isAuthorized()) {
+            plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+            return true;
+        }
+
         return session.isAuthorized()
                 || session.performAction(new LoginAction(AuthService.PLUGIN, plugin)).isSuccess();
     }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/UltraAuthHook.java

@@ -1,28 +1,49 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.hook;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import ultraauth.api.UltraAuthAPI;
+import ultraauth.managers.PlayerManager;
 
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.bukkit.plugin.Plugin;
-import ultraauth.api.UltraAuthAPI;
-import ultraauth.main.Main;
-import ultraauth.managers.PlayerManager;
-
 /**
  * Project page:
  * <p>
- * Bukkit: https://dev.bukkit.org/bukkit-plugins/ultraauth-aa/
+ * Bukkit: <a href="https://dev.bukkit.org/bukkit-plugins/ultraauth-aa/">...</a>
  * <p>
- * Spigot: https://www.spigotmc.org/resources/ultraauth.17044/
+ * Spigot: <a href="https://www.spigotmc.org/resources/ultraauth.17044/">...</a>
  */
 public class UltraAuthHook implements AuthPlugin<Player> {
 
-    private final Plugin ultraAuthPlugin = Main.main;
     private final FastLoginBukkit plugin;
 
     public UltraAuthHook(FastLoginBukkit plugin) {
@@ -34,7 +55,8 @@ public class UltraAuthHook implements AuthPlugin<Player> {
         //not thread-safe
         Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(plugin, () -> {
             if (UltraAuthAPI.isAuthenticated(player)) {
-                return true;
+                plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+                return false;
             }
 
             UltraAuthAPI.authenticatedPlayer(player);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/XAuthHook.java

@@ -1,30 +1,53 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.hook;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
 import de.luricos.bukkit.xAuth.xAuth;
 import de.luricos.bukkit.xAuth.xAuthPlayer;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
 
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
 /**
- * GitHub: https://github.com/LycanDevelopment/xAuth/
+ * GitHub: <a href="https://github.com/LycanDevelopment/xAuth/">...</a>
  * <p>
  * Project page:
  * <p>
- * Bukkit: https://dev.bukkit.org/bukkit-plugins/xauth/
+ * Bukkit: <a href="https://dev.bukkit.org/bukkit-plugins/xauth/">...</a>
  */
-public class xAuthHook implements AuthPlugin<Player> {
+public class XAuthHook implements AuthPlugin<Player> {
 
     private final xAuth xAuthPlugin = xAuth.getPlugin();
     private final FastLoginBukkit plugin;
 
-    public xAuthHook(FastLoginBukkit plugin) {
+    public XAuthHook(FastLoginBukkit plugin) {
         this.plugin = plugin;
     }
 
@@ -35,7 +58,8 @@ public class xAuthHook implements AuthPlugin<Player> {
             xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
             if (xAuthPlayer != null) {
                 if (xAuthPlayer.isAuthenticated()) {
-                    return true;
+                    plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+                    return false;
                 }
 
                 //we checked that the player is premium (paid account)

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BungeeListener.java

@@ -1,3 +1,28 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener;
 
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
@@ -9,43 +34,29 @@ import com.github.games647.fastlogin.core.message.LoginActionMessage;
 import com.github.games647.fastlogin.core.message.LoginActionMessage.Type;
 import com.google.common.io.ByteArrayDataInput;
 import com.google.common.io.ByteStreams;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.util.Collections;
-import java.util.Set;
-import java.util.UUID;
-import java.util.stream.Stream;
-
 import org.bukkit.Bukkit;
 import org.bukkit.entity.Player;
 import org.bukkit.plugin.messaging.PluginMessageListener;
+import org.jetbrains.annotations.NotNull;
 
-import static java.util.stream.Collectors.toSet;
+import java.util.UUID;
 
 /**
  * Responsible for receiving messages from a BungeeCord instance.
- *
+ * <p>
  * This class also receives the plugin message from the bungeecord version of this plugin in order to get notified if
  * the connection is in online mode.
  */
 public class BungeeListener implements PluginMessageListener {
 
-    private static final String FILE_NAME = "proxy-whitelist.txt";
-
     private final FastLoginBukkit plugin;
-    //null if whitelist is empty so bungeecord support is disabled
-    private final Set<UUID> proxyIds;
 
     public BungeeListener(FastLoginBukkit plugin) {
         this.plugin = plugin;
-        this.proxyIds = loadBungeeCordIds();
     }
 
     @Override
-    public void onPluginMessageReceived(String channel, Player player, byte[] message) {
+    public void onPluginMessageReceived(@NotNull String channel, Player player, byte[] message) {
         ByteArrayDataInput dataInput = ByteStreams.newDataInput(message);
 
         LoginActionMessage loginMessage = new LoginActionMessage();
@@ -53,22 +64,25 @@ public class BungeeListener implements PluginMessageListener {
 
         plugin.getLog().debug("Received plugin message {}", loginMessage);
 
-        //check if the player is still online or disconnected
-        Player checkedPlayer = Bukkit.getPlayerExact(loginMessage.getPlayerName());
-        if (checkedPlayer == null) {
+        Player targetPlayer = player;
+        if (!loginMessage.getPlayerName().equals(player.getName())) {
+            targetPlayer = Bukkit.getPlayerExact(loginMessage.getPlayerName());
+        }
+
+        if (targetPlayer == null) {
+            plugin.getLog().warn("Force action player {} not found", loginMessage.getPlayerName());
             return;
         }
 
-        //fail if target player is blacklisted because already authenticated or wrong bungeecord id
-        if (checkedPlayer.hasMetadata(plugin.getName())) {
-            plugin.getLog().warn("Received message {} from a blacklisted player {}", loginMessage, checkedPlayer);
+        // fail if target player is blocked because already authenticated or wrong bungeecord id
+        if (targetPlayer.hasMetadata(plugin.getName())) {
+            plugin.getLog().warn("Received message {} from a blocked player {}", loginMessage, targetPlayer);
         } else {
-            //fail if BungeeCord support is disabled (id = null)
             UUID sourceId = loginMessage.getProxyId();
-            if (proxyIds.contains(sourceId)) {
-                readMessage(checkedPlayer, loginMessage);
+            if (plugin.getBungeeManager().isProxyAllowed(sourceId)) {
+                readMessage(targetPlayer, loginMessage);
             } else {
-                plugin.getLog().warn("Received proxy id: {} that doesn't exist in the proxy whitelist file", sourceId);
+                plugin.getLog().warn("Received proxy id: {} that doesn't exist in the proxy file", sourceId);
             }
         }
     }
@@ -77,53 +91,47 @@ public class BungeeListener implements PluginMessageListener {
         String playerName = message.getPlayerName();
         Type type = message.getType();
 
-        InetSocketAddress address = player.getAddress();
-        String id = '/' + address.getAddress().getHostAddress() + ':' + address.getPort();
+        plugin.getLog().info("Player info {} command for {} from proxy", type, playerName);
         if (type == Type.LOGIN) {
-            BukkitLoginSession playerSession = new BukkitLoginSession(playerName, true);
-            playerSession.setVerified(true);
-            plugin.getLoginSessions().put(id, playerSession);
-
-            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, new ForceLoginTask(plugin.getCore(), player), 10L);
+            onLoginMessage(player, playerName);
         } else if (type == Type.REGISTER) {
-            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, () -> {
-                AuthPlugin<Player> authPlugin = plugin.getCore().getAuthPluginHook();
-                try {
-                    //we need to check if the player is registered on Bukkit too
-                    if (authPlugin == null || !authPlugin.isRegistered(playerName)) {
-                        BukkitLoginSession playerSession = new BukkitLoginSession(playerName, false);
-                        playerSession.setVerified(true);
-                        plugin.getLoginSessions().put(id, playerSession);
-                        new ForceLoginTask(plugin.getCore(), player).run();
-                    }
-                } catch (Exception ex) {
-                    plugin.getLog().error("Failed to query isRegistered for player: {}", player, ex);
-                }
-            }, 10L);
+            onRegisterMessage(player, playerName);
         } else if (type == Type.CRACKED) {
             //we don't start a force login task here so update it manually
             plugin.getPremiumPlayers().put(player.getUniqueId(), PremiumStatus.CRACKED);
         }
     }
 
-    public Set<UUID> loadBungeeCordIds() {
-        Path whitelistFile = plugin.getPluginFolder().resolve(FILE_NAME);
-        try {
-            if (Files.notExists(whitelistFile)) {
-                Files.createFile(whitelistFile);
-            }
+    private void onLoginMessage(Player player, String playerName) {
+        BukkitLoginSession playerSession = new BukkitLoginSession(playerName, true);
+        startLoginTaskIfReady(player, playerSession);
+    }
 
-            try (Stream<String> lines = Files.lines(whitelistFile)) {
-                return lines.map(String::trim)
-                        .map(UUID::fromString)
-                        .collect(toSet());
+    private void onRegisterMessage(Player player, String playerName) {
+        Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
+            AuthPlugin<Player> authPlugin = plugin.getCore().getAuthPluginHook();
+            try {
+                //we need to check if the player is registered on Bukkit too
+                if (authPlugin == null || !authPlugin.isRegistered(playerName)) {
+                    BukkitLoginSession playerSession = new BukkitLoginSession(playerName, false);
+                    startLoginTaskIfReady(player, playerSession);
+                }
+            } catch (Exception ex) {
+                plugin.getLog().error("Failed to query isRegistered for player: {}", player, ex);
             }
-        } catch (IOException ex) {
-            plugin.getLog().error("Failed to create file for Proxy whitelist", ex);
-        } catch (Exception ex) {
-            plugin.getLog().error("Failed to retrieve proxy Id. Disabling BungeeCord support", ex);
+        });
+    }
+
+    private void startLoginTaskIfReady(Player player, BukkitLoginSession session) {
+        session.setVerified(true);
+        plugin.putSession(player.spigot().getRawAddress(), session);
+
+        // only start a new login task if the join event fired earlier. This event then didn't
+        boolean result = plugin.getBungeeManager().didJoinEventFired(player);
+        plugin.getLog().info("Delaying force login until join event fired?: {}", result);
+        if (result) {
+            Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player, session);
+            Bukkit.getScheduler().runTaskAsynchronously(plugin, forceLoginTask);
         }
-
-        return Collections.emptySet();
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/ConnectionListener.java

@@ -1,8 +1,35 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener;
 
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.task.FloodgateAuthTask;
 import com.github.games647.fastlogin.bukkit.task.ForceLoginTask;
-
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
 import org.bukkit.Bukkit;
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
@@ -12,9 +39,11 @@ import org.bukkit.event.player.PlayerJoinEvent;
 import org.bukkit.event.player.PlayerLoginEvent;
 import org.bukkit.event.player.PlayerLoginEvent.Result;
 import org.bukkit.event.player.PlayerQuitEvent;
+import org.bukkit.metadata.Metadatable;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
 
 /**
- * This listener tells authentication plugins if the player has a premium account and we checked it successfully. So the
+ * This listener tells authentication plugins weather the player has a premium account. So the
  * plugin can skip authentication.
  */
 public class ConnectionListener implements Listener {
@@ -29,6 +58,7 @@ public class ConnectionListener implements Listener {
 
     @EventHandler(priority = EventPriority.LOWEST)
     public void onPlayerLogin(PlayerLoginEvent loginEvent) {
+        removeBlockedStatus(loginEvent.getPlayer());
         if (loginEvent.getResult() == Result.ALLOWED && !plugin.isServerFullyStarted()) {
             loginEvent.disallow(Result.KICK_OTHER, plugin.getCore().getMessage("not-started"));
         }
@@ -38,24 +68,55 @@ public class ConnectionListener implements Listener {
     public void onPlayerJoin(PlayerJoinEvent joinEvent) {
         Player player = joinEvent.getPlayer();
 
-        removeBlacklistStatus(player);
-        if (!plugin.isBungeeEnabled()) {
-            //Wait before auth plugin and we received a message from BungeeCord initializes the player
-            Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player);
-            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, forceLoginTask, DELAY_LOGIN);
+        Bukkit.getScheduler().runTaskLater(plugin, () -> {
+            delayForceLogin(player);
+            // delay the login process to let auth plugins initialize the player
+            // Magic number however as there is no direct event from those plugins
+        }, DELAY_LOGIN);
+    }
+
+    private void delayForceLogin(Player player) {
+        // session exists so the player is ready for force login
+        // cases: Paper (firing BungeeCord message before PlayerJoinEvent) or not running BungeeCord and already
+        // having the login session from the login process
+        BukkitLoginSession session = plugin.getSession(player.spigot().getRawAddress());
+
+        if (session == null) {
+            // Floodgate players usually don't have a session at this point
+            // exception: if force login by bungee message had been delayed
+            FloodgateService floodgateService = plugin.getFloodgateService();
+            if (floodgateService != null) {
+                FloodgatePlayer floodgatePlayer = floodgateService.getBedrockPlayer(player.getUniqueId());
+                if (floodgatePlayer != null) {
+                    Runnable floodgateAuthTask = new FloodgateAuthTask(plugin.getCore(), player, floodgatePlayer);
+                    Bukkit.getScheduler().runTaskAsynchronously(plugin, floodgateAuthTask);
+                    return;
+                }
+            }
+
+            String sessionId = plugin.getSessionId(player.spigot().getRawAddress());
+            plugin.getLog().info("No on-going login session for player: {} with ID {}. ", player, sessionId);
+            plugin.getLog().info("Setups using Minecraft proxies will start delayed "
+                + "when the command from the proxy is received");
+        } else {
+            Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player, session);
+            Bukkit.getScheduler().runTaskAsynchronously(plugin, forceLoginTask);
         }
+
+        plugin.getBungeeManager().markJoinEventFired(player);
     }
 
     @EventHandler
     public void onPlayerQuit(PlayerQuitEvent quitEvent) {
         Player player = quitEvent.getPlayer();
-        removeBlacklistStatus(player);
 
+        removeBlockedStatus(player);
         plugin.getCore().getPendingConfirms().remove(player.getUniqueId());
         plugin.getPremiumPlayers().remove(player.getUniqueId());
+        plugin.getBungeeManager().cleanup(player);
     }
 
-    private void removeBlacklistStatus(Player player) {
+    private void removeBlockedStatus(Metadatable player) {
         player.removeMetadata(plugin.getName(), plugin);
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperCacheListener.java

@@ -0,0 +1,66 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener;
+
+import com.destroystokyo.paper.profile.ProfileProperty;
+import com.github.games647.craftapi.model.skin.Textures;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent.Result;
+
+public class PaperCacheListener implements Listener {
+
+    private final FastLoginBukkit plugin;
+
+    public PaperCacheListener(final FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(priority = EventPriority.HIGHEST)
+    //if paper is used - player skin must be set at pre login, otherwise user cache is used
+    // user cache makes premium name change basically impossible
+    public void onAsyncPlayerPreLogin(AsyncPlayerPreLoginEvent event) {
+        if (event.getLoginResult() != Result.ALLOWED) {
+            return;
+        }
+
+        // event gives us only IP, not the port, so we need to loop through all the sessions
+        for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
+            if (!event.getName().equals(session.getUsername())) {
+                continue;
+            }
+
+            session.getSkin().ifPresent(skin -> event.getPlayerProfile().setProperty(new ProfileProperty(Textures.KEY,
+                    skin.getValue(), skin.getSignature())));
+            break;
+        }
+    }
+
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java

@@ -0,0 +1,226 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
+import com.google.common.hash.Hasher;
+import com.google.common.hash.Hashing;
+import com.google.common.io.Resources;
+import com.google.common.primitives.Longs;
+import lombok.val;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Base64.Encoder;
+import java.util.Random;
+import java.util.UUID;
+
+/**
+ * Encryption and decryption minecraft util for connection between servers
+ * and paid Minecraft account clients.
+ */
+final class EncryptionUtil {
+
+    public static final int VERIFY_TOKEN_LENGTH = 4;
+    public static final String KEY_PAIR_ALGORITHM = "RSA";
+
+    private static final int RSA_LENGTH = 2_048;
+
+    private static final PublicKey MOJANG_SESSION_KEY;
+    private static final int LINE_LENGTH = 76;
+    private static final Encoder KEY_ENCODER = Base64.getMimeEncoder(
+            LINE_LENGTH, "\n".getBytes(StandardCharsets.UTF_8)
+    );
+    private static final int MILLISECOND_SIZE = 8;
+    private static final int UUID_SIZE = 2 * MILLISECOND_SIZE;
+
+    static {
+        try {
+            MOJANG_SESSION_KEY = loadMojangSessionKey();
+        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException ex) {
+            throw new RuntimeException("Failed to load Mojang session key", ex);
+        }
+    }
+
+    private EncryptionUtil() {
+        throw new RuntimeException("No instantiation of utility classes allowed");
+    }
+
+    /**
+     * Generate an RSA key pair
+     *
+     * @return The RSA key pair.
+     */
+    public static KeyPair generateKeyPair() {
+        try {
+            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
+
+            keyPairGenerator.initialize(RSA_LENGTH);
+            return keyPairGenerator.generateKeyPair();
+        } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
+            // Should be existing in every vm
+            throw new ExceptionInInitializerError(nosuchalgorithmexception);
+        }
+    }
+
+    /**
+     * Generate a random token. This is used to verify that we are communicating with the same player
+     * in a login session.
+     *
+     * @param random random generator
+     * @return a token with 4 bytes long
+     */
+    public static byte[] generateVerifyToken(Random random) {
+        byte[] token = new byte[VERIFY_TOKEN_LENGTH];
+        random.nextBytes(token);
+        return token;
+    }
+
+    /**
+     * Generate the server id based on client and server data.
+     *
+     * @param serverId     session for the current login attempt
+     * @param sharedSecret shared secret between the client and the server
+     * @param publicKey    public key of the server
+     * @return the server id formatted as a hexadecimal string.
+     */
+    public static String getServerIdHashString(String serverId, SecretKey sharedSecret, PublicKey publicKey) {
+        byte[] serverHash = getServerIdHash(serverId, publicKey, sharedSecret);
+        return (new BigInteger(serverHash)).toString(16);
+    }
+
+    /**
+     * Decrypts the content and extracts the key spec.
+     *
+     * @param privateKey private server key
+     * @param sharedKey  the encrypted shared key
+     * @return shared secret key
+     */
+    public static SecretKey decryptSharedKey(PrivateKey privateKey, byte[] sharedKey)
+            throws NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException,
+            BadPaddingException, InvalidKeyException {
+        return new SecretKeySpec(decrypt(privateKey, sharedKey), "AES");
+    }
+
+    public static boolean verifyClientKey(ClientPublicKey clientKey, Instant verifyTimestamp, UUID premiumId)
+            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        if (clientKey.isExpired(verifyTimestamp)) {
+            return false;
+        }
+
+        Signature verifier = Signature.getInstance("SHA1withRSA");
+        // key of the signer
+        verifier.initVerify(MOJANG_SESSION_KEY);
+        verifier.update(toSignable(clientKey, premiumId));
+        return verifier.verify(clientKey.signature());
+    }
+
+    private static byte[] toSignable(ClientPublicKey clientPublicKey, UUID ownerPremiumId) {
+        if (ownerPremiumId == null) {
+            long expiry = clientPublicKey.expiry().toEpochMilli();
+            String encoded = KEY_ENCODER.encodeToString(clientPublicKey.key().getEncoded());
+            return (expiry + "-----BEGIN RSA PUBLIC KEY-----\n" + encoded + "\n-----END RSA PUBLIC KEY-----\n")
+                    .getBytes(StandardCharsets.US_ASCII);
+        }
+
+        byte[] keyData = clientPublicKey.key().getEncoded();
+        return ByteBuffer.allocate(keyData.length + UUID_SIZE + MILLISECOND_SIZE)
+                .putLong(ownerPremiumId.getMostSignificantBits())
+                .putLong(ownerPremiumId.getLeastSignificantBits())
+                .putLong(clientPublicKey.expiry().toEpochMilli())
+                .put(keyData)
+                .array();
+    }
+
+    public static boolean verifyNonce(byte[] expected, PrivateKey decryptionKey, byte[] encryptedNonce)
+            throws NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException,
+            BadPaddingException, InvalidKeyException {
+        byte[] decryptedNonce = decrypt(decryptionKey, encryptedNonce);
+        return Arrays.equals(expected, decryptedNonce);
+    }
+
+    public static boolean verifySignedNonce(byte[] nonce, PublicKey clientKey, long signatureSalt, byte[] signature)
+            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        Signature verifier = Signature.getInstance("SHA256withRSA");
+        // key of the signer
+        verifier.initVerify(clientKey);
+
+        verifier.update(nonce);
+        verifier.update(Longs.toByteArray(signatureSalt));
+        return verifier.verify(signature);
+    }
+
+    private static PublicKey loadMojangSessionKey()
+            throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        val keyUrl = FastLoginBukkit.class.getClassLoader().getResource("yggdrasil_session_pubkey.der");
+        val keyData = Resources.toByteArray(keyUrl);
+        val keySpec = new X509EncodedKeySpec(keyData);
+
+        return KeyFactory.getInstance("RSA").generatePublic(keySpec);
+    }
+
+    private static byte[] decrypt(PrivateKey key, byte[] data)
+            throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
+            IllegalBlockSizeException, BadPaddingException {
+        Cipher cipher = Cipher.getInstance(key.getAlgorithm());
+        cipher.init(Cipher.DECRYPT_MODE, key);
+        return cipher.doFinal(data);
+    }
+
+    private static byte[] getServerIdHash(String sessionId, PublicKey publicKey, SecretKey sharedSecret) {
+        @SuppressWarnings("deprecation")
+        Hasher hasher = Hashing.sha1().newHasher();
+
+        hasher.putBytes(sessionId.getBytes(StandardCharsets.ISO_8859_1));
+        hasher.putBytes(sharedSecret.getEncoded());
+        hasher.putBytes(publicKey.getEncoded());
+
+        return hasher.hash().asBytes();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java

@@ -1,3 +1,28 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener.protocollib;
 
 import com.comphenix.protocol.ProtocolLibrary;
@@ -5,35 +30,38 @@ import com.comphenix.protocol.events.PacketEvent;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent;
-import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
 import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
 
 import java.security.PublicKey;
 import java.util.Random;
 
-import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
-import org.bukkit.command.CommandSender;
-import org.bukkit.entity.Player;
-
 public class NameCheckTask extends JoinManagement<Player, CommandSender, ProtocolLibLoginSource>
-        implements Runnable {
+    implements Runnable {
 
     private final FastLoginBukkit plugin;
     private final PacketEvent packetEvent;
-    private final PublicKey publicKey;
+
+    private final ClientPublicKey clientKey;
+    private final PublicKey serverKey;
 
     private final Random random;
 
     private final Player player;
     private final String username;
 
-    public NameCheckTask(FastLoginBukkit plugin, PacketEvent packetEvent, Random random,
-                         Player player, String username, PublicKey publicKey) {
-        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
+    public NameCheckTask(FastLoginBukkit plugin, Random random, Player player, PacketEvent packetEvent,
+                         String username, ClientPublicKey clientKey, PublicKey serverKey) {
+        super(plugin.getCore(), plugin.getCore().getAuthPluginHook(), plugin.getBedrockService());
 
         this.plugin = plugin;
         this.packetEvent = packetEvent;
-        this.publicKey = publicKey;
+        this.clientKey = clientKey;
+        this.serverKey = serverKey;
         this.random = random;
         this.player = player;
         this.username = username;
@@ -42,14 +70,15 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco
     @Override
     public void run() {
         try {
-            super.onLogin(username, new ProtocolLibLoginSource(packetEvent, player, random, publicKey));
+            super.onLogin(username, new ProtocolLibLoginSource(player, random, serverKey, clientKey));
         } finally {
             ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
         }
     }
 
     @Override
-    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLibLoginSource source, StoredProfile profile) {
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLibLoginSource source,
+                                                             StoredProfile profile) {
         BukkitFastLoginPreLoginEvent event = new BukkitFastLoginPreLoginEvent(username, source, profile);
         plugin.getServer().getPluginManager().callEvent(event);
         return event;
@@ -58,10 +87,10 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco
     //Minecraft server implementation
     //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L161
     @Override
-    public void requestPremiumLogin(ProtocolLibLoginSource source, StoredProfile profile
-            , String username, boolean registered) {
+    public void requestPremiumLogin(ProtocolLibLoginSource source, StoredProfile profile,
+                                    String username, boolean registered) {
         try {
-            source.setOnlineMode();
+            source.enableOnlinemode();
         } catch (Exception ex) {
             plugin.getLog().error("Cannot send encryption packet. Falling back to cracked login for: {}", profile, ex);
             return;
@@ -70,11 +99,11 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco
         String ip = player.getAddress().getAddress().getHostAddress();
         core.getPendingLogin().put(ip + username, new Object());
 
-        String serverId = source.getServerId();
         byte[] verify = source.getVerifyToken();
+        ClientPublicKey clientKey = source.getClientKey();
 
-        BukkitLoginSession playerSession = new BukkitLoginSession(username, serverId, verify, registered, profile);
-        plugin.getLoginSessions().put(player.getAddress().toString(), playerSession);
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, verify, clientKey, registered, profile);
+        plugin.putSession(player.getAddress(), playerSession);
         //cancel only if the player has a paid account otherwise login as normal offline player
         synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
             packetEvent.setCancelled(true);
@@ -84,6 +113,6 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco
     @Override
     public void startCrackedSession(ProtocolLibLoginSource source, StoredProfile profile, String username) {
         BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);
-        plugin.getLoginSessions().put(player.getAddress().toString(), loginSession);
+        plugin.putSession(player.getAddress(), loginSession);
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java

@@ -1,3 +1,28 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener.protocollib;
 
 import com.comphenix.protocol.PacketType;
@@ -5,29 +30,59 @@ import com.comphenix.protocol.ProtocolLibrary;
 import com.comphenix.protocol.events.PacketAdapter;
 import com.comphenix.protocol.events.PacketContainer;
 import com.comphenix.protocol.events.PacketEvent;
-import com.github.games647.fastlogin.bukkit.EncryptionUtil;
+import com.comphenix.protocol.injector.PacketFilterManager;
+import com.comphenix.protocol.injector.player.PlayerInjectionHandler;
+import com.comphenix.protocol.reflect.FuzzyReflection;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import com.comphenix.protocol.utility.MinecraftVersion;
+import com.comphenix.protocol.wrappers.BukkitConverters;
+import com.comphenix.protocol.wrappers.Converters;
+import com.comphenix.protocol.wrappers.WrappedGameProfile;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-
-import java.security.KeyPair;
-import java.security.SecureRandom;
-
-import org.bukkit.Bukkit;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
+import com.github.games647.fastlogin.core.antibot.AntiBotService;
+import com.github.games647.fastlogin.core.antibot.AntiBotService.Action;
+import com.mojang.datafixers.util.Either;
+import io.netty.channel.Channel;
+import io.netty.channel.ChannelHandler;
+import io.netty.util.AttributeKey;
+import lombok.val;
 import org.bukkit.entity.Player;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.net.InetSocketAddress;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.time.Instant;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.function.Function;
 
 import static com.comphenix.protocol.PacketType.Login.Client.ENCRYPTION_BEGIN;
 import static com.comphenix.protocol.PacketType.Login.Client.START;
 
 public class ProtocolLibListener extends PacketAdapter {
 
-    private static final int WORKER_THREADS = 3;
-
     private final FastLoginBukkit plugin;
+    private final PlayerInjectionHandler handler;
 
     //just create a new once on plugin enable. This used for verify token generation
     private final SecureRandom random = new SecureRandom();
     private final KeyPair keyPair = EncryptionUtil.generateKeyPair();
+    private final AntiBotService antiBotService;
 
-    public ProtocolLibListener(FastLoginBukkit plugin) {
+    private final boolean verifyClientKeys;
+
+    public ProtocolLibListener(FastLoginBukkit plugin, AntiBotService antiBotService, boolean verifyClientKeys) {
         //run async in order to not block the server, because we are making api calls to Mojang
         super(params()
                 .plugin(plugin)
@@ -35,28 +90,62 @@ public class ProtocolLibListener extends PacketAdapter {
                 .optionAsync());
 
         this.plugin = plugin;
+        this.antiBotService = antiBotService;
+        this.verifyClientKeys = verifyClientKeys;
+        this.handler = getHandler();
     }
 
-    public static void register(FastLoginBukkit plugin) {
-        //they will be created with a static builder, because otherwise it will throw a NoClassDefFoundError
+    public static void register(FastLoginBukkit plugin, AntiBotService antiBotService, boolean verifyClientKeys) {
+        // they will be created with a static builder, because otherwise it will throw a NoClassDefFoundError
+        // TODO: make synchronous processing, but do web or database requests async
         ProtocolLibrary.getProtocolManager()
                 .getAsynchronousManager()
-                .registerAsyncHandler(new ProtocolLibListener(plugin))
-                .start(WORKER_THREADS);
+                .registerAsyncHandler(new ProtocolLibListener(plugin, antiBotService, verifyClientKeys))
+                .start();
     }
 
     @Override
     public void onPacketReceiving(PacketEvent packetEvent) {
         if (packetEvent.isCancelled()
-                || plugin.getCore().getAuthPluginHook()== null
+                || plugin.getCore().getAuthPluginHook() == null
                 || !plugin.isServerFullyStarted()) {
             return;
         }
 
+        plugin.getLog().info("New packet {} from {}", packetEvent.getPacketType(), packetEvent.getPlayer());
+
         Player sender = packetEvent.getPlayer();
         PacketType packetType = packetEvent.getPacketType();
         if (packetType == START) {
-            onLogin(packetEvent, sender);
+
+            if (plugin.getFloodgateService() != null) {
+                boolean success = processFloodgateTasks(packetEvent);
+                // don't continue execution if the player was kicked by Floodgate
+                if (!success) {
+                    return;
+                }
+            }
+
+            PacketContainer packet = packetEvent.getPacket();
+
+            InetSocketAddress address = sender.getAddress();
+            String username = getUsername(packet);
+
+            Action action = antiBotService.onIncomingConnection(address, username);
+            switch (action) {
+                case Ignore:
+                    // just ignore
+                    return;
+                case Block:
+                    String message = plugin.getCore().getMessage("kick-antibot");
+                    sender.kickPlayer(message);
+                    break;
+                case Continue:
+                default:
+                    //player.getName() won't work at this state
+                    onLoginStart(packetEvent, sender, username);
+                    break;
+            }
         } else {
             onEncryptionBegin(packetEvent, sender);
         }
@@ -65,26 +154,176 @@ public class ProtocolLibListener extends PacketAdapter {
     private void onEncryptionBegin(PacketEvent packetEvent, Player sender) {
         byte[] sharedSecret = packetEvent.getPacket().getByteArrays().read(0);
 
-        packetEvent.getAsyncMarker().incrementProcessingDelay();
-        Runnable verifyTask = new VerifyResponseTask(plugin, packetEvent, sender, sharedSecret, keyPair);
-        Bukkit.getScheduler().runTaskAsynchronously(plugin, verifyTask);
+        BukkitLoginSession session = plugin.getSession(sender.getAddress());
+        if (session == null) {
+            plugin.getLog().warn("Profile {} tried to send encryption response at invalid state", sender.getAddress());
+            sender.kickPlayer(plugin.getCore().getMessage("invalid-request"));
+        } else {
+            byte[] expectedVerifyToken = session.getVerifyToken();
+            if (verifyNonce(sender, packetEvent.getPacket(), session.getClientPublicKey(), expectedVerifyToken)) {
+                packetEvent.getAsyncMarker().incrementProcessingDelay();
+
+                Runnable verifyTask = new VerifyResponseTask(
+                        plugin, packetEvent, sender, session, sharedSecret, keyPair
+                );
+                plugin.getScheduler().runAsync(verifyTask);
+            } else {
+                sender.kickPlayer(plugin.getCore().getMessage("invalid-verify-token"));
+            }
+        }
     }
 
-    private void onLogin(PacketEvent packetEvent, Player player) {
+    private boolean verifyNonce(Player sender, PacketContainer packet,
+                                ClientPublicKey clientPublicKey, byte[] expectedToken) {
+        try {
+            if (new MinecraftVersion(1, 19, 0).atOrAbove()
+                    && !new MinecraftVersion(1, 19, 3).atOrAbove()) {
+                Either<byte[], ?> either = packet.getSpecificModifier(Either.class).read(0);
+                if (clientPublicKey == null) {
+                    Optional<byte[]> left = either.left();
+                    if (!left.isPresent()) {
+                        plugin.getLog().error("No verify token sent if requested without player signed key {}", sender);
+                        return false;
+                    }
+
+                    return EncryptionUtil.verifyNonce(expectedToken, keyPair.getPrivate(), left.get());
+                } else {
+                    Optional<?> optSignatureData = either.right();
+                    if (!optSignatureData.isPresent()) {
+                        plugin.getLog().error("No signature given to sent player signing key {}", sender);
+                        return false;
+                    }
+
+                    Object signatureData = optSignatureData.get();
+                    long salt = FuzzyReflection.getFieldValue(signatureData, Long.TYPE, true);
+                    byte[] signature = FuzzyReflection.getFieldValue(signatureData, byte[].class, true);
+
+                    PublicKey publicKey = clientPublicKey.key();
+                    return EncryptionUtil.verifySignedNonce(expectedToken, publicKey, salt, signature);
+                }
+            } else {
+                byte[] nonce = packet.getByteArrays().read(1);
+                return EncryptionUtil.verifyNonce(expectedToken, keyPair.getPrivate(), nonce);
+            }
+        } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | NoSuchPaddingException
+                 | IllegalBlockSizeException | BadPaddingException signatureEx) {
+            plugin.getLog().error("Invalid signature from player {}", sender, signatureEx);
+            return false;
+        }
+    }
+
+    private void onLoginStart(PacketEvent packetEvent, Player player, String username) {
         //this includes ip:port. Should be unique for an incoming login request with a timeout of 2 minutes
         String sessionKey = player.getAddress().toString();
 
         //remove old data every time on a new login in order to keep the session only for one person
-        plugin.getLoginSessions().remove(sessionKey);
+        plugin.removeSession(player.getAddress());
 
-        //player.getName() won't work at this state
         PacketContainer packet = packetEvent.getPacket();
+        Optional<ClientPublicKey> clientKey;
+        if (new MinecraftVersion(1, 19, 3).atOrAbove()) {
+            // public key sent separate
+            clientKey = Optional.empty();
+        } else {
+            val profileKey = packet.getOptionals(BukkitConverters.getWrappedPublicKeyDataConverter())
+                    .optionRead(0);
+
+            clientKey = profileKey.flatMap(Function.identity()).flatMap(data -> {
+                Instant expires = data.getExpireTime();
+                PublicKey key = data.getKey();
+                byte[] signature = data.getSignature();
+                return Optional.of(ClientPublicKey.of(expires, key, signature));
+            });
+
+            // start reading from index 1, because 0 is already used by the public key
+            Optional<UUID> sessionUUID = packet.getOptionals(Converters.passthrough(UUID.class)).readSafely(1);
+            if (verifyClientKeys && sessionUUID.isPresent() && clientKey.isPresent()
+                    && verifyPublicKey(clientKey.get(), sessionUUID.get())) {
+                // missing or incorrect
+                // expired always not allowed
+                player.kickPlayer(plugin.getCore().getMessage("invalid-public-key"));
+                plugin.getLog().warn("Invalid public key from player {}", username);
+                return;
+            }
+        }
+
 
-        String username = packet.getGameProfiles().read(0).getName();
         plugin.getLog().trace("GameProfile {} with {} connecting", sessionKey, username);
 
         packetEvent.getAsyncMarker().incrementProcessingDelay();
-        Runnable nameCheckTask = new NameCheckTask(plugin, packetEvent, random, player, username, keyPair.getPublic());
-        Bukkit.getScheduler().runTaskAsynchronously(plugin, nameCheckTask);
+        Runnable nameCheckTask = new NameCheckTask(
+                plugin, random, player, packetEvent, username, clientKey.orElse(null), keyPair.getPublic()
+        );
+        plugin.getScheduler().runAsync(nameCheckTask);
+    }
+
+    private boolean verifyPublicKey(ClientPublicKey clientKey, UUID sessionPremiumUUID) {
+        try {
+            return EncryptionUtil.verifyClientKey(clientKey, Instant.now(), sessionPremiumUUID);
+        } catch (SignatureException | InvalidKeyException | NoSuchAlgorithmException ex) {
+            return false;
+        }
+    }
+
+    private String getUsername(PacketContainer packet) {
+        WrappedGameProfile profile = packet.getGameProfiles().readSafely(0);
+        if (profile == null) {
+            return packet.getStrings().read(0);
+        }
+
+        //player.getName() won't work at this state
+        return profile.getName();
+    }
+
+    private static PlayerInjectionHandler getHandler() {
+        PacketFilterManager manager = (PacketFilterManager) ProtocolLibrary.getProtocolManager();
+        FieldAccessor accessor = Accessors.getFieldAccessor(manager.getClass(), PlayerInjectionHandler.class, true);
+        return (PlayerInjectionHandler) accessor.get(manager);
+    }
+
+    private FloodgatePlayer getFloodgatePlayer(Player player) {
+        Channel channel = handler.getChannel(player);
+        AttributeKey<FloodgatePlayer> floodgateAttribute = AttributeKey.valueOf("floodgate-player");
+        return channel.attr(floodgateAttribute).get();
+    }
+
+    /**
+     * Reimplementation of the tasks injected Floodgate in ProtocolLib that are not run due to a bug
+     * @see <a href="https://github.com/GeyserMC/Floodgate/issues/143">Issue Floodgate#143</a>
+     * @see <a href="https://github.com/GeyserMC/Floodgate/blob/5d5713ed9e9eeab0f4abdaa9cf5cd8619dc1909b/spigot/src/main/java/org/geysermc/floodgate/addon/data/SpigotDataHandler.java#L121-L175">Floodgate/SpigotDataHandler</a>
+     * @param packetEvent the PacketEvent that won't be processed by Floodgate
+     * @return false if the player was kicked
+     */
+    private boolean processFloodgateTasks(PacketEvent packetEvent) {
+        PacketContainer packet = packetEvent.getPacket();
+        Player player = packetEvent.getPlayer();
+        FloodgatePlayer floodgatePlayer = getFloodgatePlayer(player);
+        if (floodgatePlayer == null) {
+            return true;
+        }
+
+        // kick the player, if necessary
+        Channel channel = handler.getChannel(packetEvent.getPlayer());
+        AttributeKey<String> kickMessageAttribute = AttributeKey.valueOf("floodgate-kick-message");
+        String kickMessage = channel.attr(kickMessageAttribute).get();
+        if (kickMessage != null) {
+            player.kickPlayer(kickMessage);
+            return false;
+        }
+
+        // add prefix
+        String username = floodgatePlayer.getCorrectUsername();
+        if (packet.getGameProfiles().size() > 0) {
+            packet.getGameProfiles().write(0,
+                    new WrappedGameProfile(floodgatePlayer.getCorrectUniqueId(), username));
+        } else {
+            packet.getStrings().write(0, username);
+        }
+
+        // remove real Floodgate data handler
+        ChannelHandler floodgateHandler = channel.pipeline().get("floodgate_data_handler");
+        channel.pipeline().remove(floodgateHandler);
+
+        return true;
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java

@@ -1,44 +1,68 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener.protocollib;
 
 import com.comphenix.protocol.ProtocolLibrary;
 import com.comphenix.protocol.ProtocolManager;
 import com.comphenix.protocol.events.PacketContainer;
-import com.comphenix.protocol.events.PacketEvent;
+import com.comphenix.protocol.reflect.StructureModifier;
 import com.comphenix.protocol.wrappers.WrappedChatComponent;
-import com.github.games647.fastlogin.bukkit.EncryptionUtil;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
 import com.github.games647.fastlogin.core.shared.LoginSource;
+import org.bukkit.entity.Player;
 
-import java.lang.reflect.InvocationTargetException;
 import java.net.InetSocketAddress;
 import java.security.PublicKey;
 import java.util.Arrays;
 import java.util.Random;
 
-import org.bukkit.entity.Player;
-
 import static com.comphenix.protocol.PacketType.Login.Server.DISCONNECT;
 import static com.comphenix.protocol.PacketType.Login.Server.ENCRYPTION_BEGIN;
 
-public class ProtocolLibLoginSource implements LoginSource {
+class ProtocolLibLoginSource implements LoginSource {
 
-    private final PacketEvent packetEvent;
     private final Player player;
 
     private final Random random;
+
+    private final ClientPublicKey clientKey;
     private final PublicKey publicKey;
 
     private final String serverId = "";
     private byte[] verifyToken;
 
-    public ProtocolLibLoginSource(PacketEvent packetEvent, Player player, Random random, PublicKey publicKey) {
-        this.packetEvent = packetEvent;
+    ProtocolLibLoginSource(Player player, Random random, PublicKey serverPublicKey, ClientPublicKey clientKey) {
         this.player = player;
         this.random = random;
-        this.publicKey = publicKey;
+        this.publicKey = serverPublicKey;
+        this.clientKey = clientKey;
     }
 
     @Override
-    public void setOnlineMode() throws Exception {
+    public void enableOnlinemode() {
         verifyToken = EncryptionUtil.generateVerifyToken(random);
 
         /*
@@ -49,16 +73,24 @@ public class ProtocolLibLoginSource implements LoginSource {
         PacketContainer newPacket = new PacketContainer(ENCRYPTION_BEGIN);
 
         newPacket.getStrings().write(0, serverId);
-        newPacket.getSpecificModifier(PublicKey.class).write(0, publicKey);
+        StructureModifier<PublicKey> keyModifier = newPacket.getSpecificModifier(PublicKey.class);
+        int verifyField = 0;
+        if (keyModifier.getFields().isEmpty()) {
+            // Since 1.16.4 this is now a byte field
+            newPacket.getByteArrays().write(0, publicKey.getEncoded());
+            verifyField++;
+        } else {
+            keyModifier.write(0, publicKey);
+        }
 
-        newPacket.getByteArrays().write(0, verifyToken);
+        newPacket.getByteArrays().write(verifyField, verifyToken);
 
-        //serverId is a empty string
+        //serverId is an empty string
         ProtocolLibrary.getProtocolManager().sendServerPacket(player, newPacket);
     }
 
     @Override
-    public void kick(String message) throws InvocationTargetException {
+    public void kick(String message) {
         ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
 
         PacketContainer kickPacket = new PacketContainer(DISCONNECT);
@@ -76,7 +108,11 @@ public class ProtocolLibLoginSource implements LoginSource {
 
     @Override
     public InetSocketAddress getAddress() {
-        return packetEvent.getPlayer().getAddress();
+        return player.getAddress();
+    }
+
+    public ClientPublicKey getClientKey() {
+        return clientKey;
     }
 
     public String getServerId() {
@@ -89,12 +125,11 @@ public class ProtocolLibLoginSource implements LoginSource {
 
     @Override
     public String toString() {
-        return this.getClass().getSimpleName() + '{' +
-                "packetEvent=" + packetEvent +
-                ", player=" + player +
-                ", random=" + random +
-                ", serverId='" + serverId + '\'' +
-                ", verifyToken=" + Arrays.toString(verifyToken) +
-                '}';
+        return this.getClass().getSimpleName() + '{'
+            + "player=" + player
+            + ", random=" + random
+            + ", serverId='" + serverId + '\''
+            + ", verifyToken=" + Arrays.toString(verifyToken)
+            + '}';
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java

@@ -1,17 +1,35 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener.protocollib;
 
-import com.comphenix.protocol.reflect.MethodUtils;
-import com.comphenix.protocol.reflect.accessors.Accessors;
-import com.comphenix.protocol.reflect.accessors.MethodAccessor;
-import com.comphenix.protocol.utility.MinecraftReflection;
 import com.comphenix.protocol.wrappers.WrappedGameProfile;
 import com.comphenix.protocol.wrappers.WrappedSignedProperty;
 import com.github.games647.craftapi.model.skin.Textures;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-
-import java.lang.reflect.InvocationTargetException;
-
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.EventPriority;
@@ -21,9 +39,6 @@ import org.bukkit.event.player.PlayerLoginEvent.Result;
 
 public class SkinApplyListener implements Listener {
 
-    private static final Class<?> GAME_PROFILE = MinecraftReflection.getGameProfileClass();
-    private static final MethodAccessor GET_PROPERTIES = Accessors.getMethodAccessor(GAME_PROFILE, "getProperties");
-
     private final FastLoginBukkit plugin;
 
     public SkinApplyListener(FastLoginBukkit plugin) {
@@ -39,14 +54,12 @@ public class SkinApplyListener implements Listener {
 
         Player player = loginEvent.getPlayer();
 
-        if (plugin.getConfig().getBoolean("forwardSkin")) {
-            //go through every session, because player.getAddress is null 
-            //loginEvent.getAddress is just a InetAddress not InetSocketAddress, so not unique enough
-            for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
-                if (session.getUsername().equals(player.getName())) {
-                    session.getSkin().ifPresent(skin -> applySkin(player, skin.getValue(), skin.getSignature()));
-                    break;
-                }
+        //go through every session, because player.getAddress is null
+        //loginEvent.getAddress is just a InetAddress not InetSocketAddress, so not unique enough
+        for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
+            if (session.getUsername().equals(player.getName())) {
+                session.getSkin().ifPresent(skin -> applySkin(player, skin.getValue(), skin.getSignature()));
+                break;
             }
         }
     }
@@ -55,16 +68,6 @@ public class SkinApplyListener implements Listener {
         WrappedGameProfile gameProfile = WrappedGameProfile.fromPlayer(player);
 
         WrappedSignedProperty skin = WrappedSignedProperty.fromValues(Textures.KEY, skinData, signature);
-        try {
-            gameProfile.getProperties().put(Textures.KEY, skin);
-        } catch (ClassCastException castException) {
-            //Cauldron, MCPC, Thermos, ...
-            Object map = GET_PROPERTIES.invoke(gameProfile.getHandle());
-            try {
-                MethodUtils.invokeMethod(map, "put", new Object[]{Textures.KEY, skin.getHandle()});
-            } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException ex) {
-                plugin.getLog().error("Error setting premium skin of: {}", player, ex);
-            }
-        }
+        gameProfile.getProperties().put(Textures.KEY, skin);
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java

@@ -1,55 +1,112 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener.protocollib;
 
 import com.comphenix.protocol.ProtocolLibrary;
 import com.comphenix.protocol.events.PacketContainer;
 import com.comphenix.protocol.events.PacketEvent;
-import com.comphenix.protocol.injector.server.TemporaryPlayerFactory;
-import com.comphenix.protocol.reflect.FieldUtils;
+import com.comphenix.protocol.injector.packet.PacketRegistry;
+import com.comphenix.protocol.injector.temporary.TemporaryPlayerFactory;
+import com.comphenix.protocol.reflect.EquivalentConverter;
 import com.comphenix.protocol.reflect.FuzzyReflection;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.ConstructorAccessor;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import com.comphenix.protocol.utility.MinecraftReflection;
+import com.comphenix.protocol.utility.MinecraftVersion;
+import com.comphenix.protocol.wrappers.BukkitConverters;
+import com.comphenix.protocol.wrappers.Converters;
 import com.comphenix.protocol.wrappers.WrappedChatComponent;
 import com.comphenix.protocol.wrappers.WrappedGameProfile;
+import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData;
 import com.github.games647.craftapi.model.auth.Verification;
 import com.github.games647.craftapi.model.skin.SkinProperty;
 import com.github.games647.craftapi.resolver.MojangResolver;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
-import com.github.games647.fastlogin.bukkit.EncryptionUtil;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.InetUtils;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
+import lombok.val;
+import org.bukkit.entity.Player;
 
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
 import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.security.GeneralSecurityException;
+import java.security.Key;
 import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.util.Arrays;
 import java.util.Optional;
 import java.util.UUID;
 
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.bukkit.entity.Player;
-
 import static com.comphenix.protocol.PacketType.Login.Client.START;
 import static com.comphenix.protocol.PacketType.Login.Server.DISCONNECT;
 
 public class VerifyResponseTask implements Runnable {
 
+    private static final String ENCRYPTION_CLASS_NAME = "MinecraftEncryption";
+    private static final Class<?> ENCRYPTION_CLASS;
+    private static final String ADDRESS_VERIFY_WARNING = "This indicates the use of reverse-proxy like HAProxy, "
+            + "TCPShield, BungeeCord, Velocity, etc. "
+            + "By default (configurable in the config) this plugin requests Mojang to verify the connecting IP "
+            + "to this server with the one used to log into Minecraft to prevent MITM attacks. In "
+            + "order to work this security feature, the actual client IP needs to be forwarding "
+            + "(keyword IP forwarding). This process will also be useful for other server "
+            + "features like IP banning, so that it doesn't ban the proxy IP.";
+
+    static {
+        ENCRYPTION_CLASS = MinecraftReflection.getMinecraftClass(
+                "util." + ENCRYPTION_CLASS_NAME, ENCRYPTION_CLASS_NAME
+        );
+    }
+
     private final FastLoginBukkit plugin;
     private final PacketEvent packetEvent;
     private final KeyPair serverKey;
 
     private final Player player;
 
+    private final BukkitLoginSession session;
+
     private final byte[] sharedSecret;
 
-    public VerifyResponseTask(FastLoginBukkit plugin, PacketEvent packetEvent, Player player,
+    private static Method encryptMethod;
+    private static Method cipherMethod;
+
+    public VerifyResponseTask(FastLoginBukkit plugin, PacketEvent packetEvent,
+                              Player player, BukkitLoginSession session,
                               byte[] sharedSecret, KeyPair keyPair) {
         this.plugin = plugin;
         this.packetEvent = packetEvent;
         this.player = player;
+        this.session = session;
         this.sharedSecret = Arrays.copyOf(sharedSecret, sharedSecret.length);
         this.serverKey = keyPair;
     }
@@ -57,15 +114,9 @@ public class VerifyResponseTask implements Runnable {
     @Override
     public void run() {
         try {
-            BukkitLoginSession session = plugin.getLoginSessions().get(player.getAddress().toString());
-            if (session == null) {
-                disconnect("invalid-request", true
-                        , "GameProfile {0} tried to send encryption response at invalid state", player.getAddress());
-            } else {
-                verifyResponse(session);
-            }
+            verifyResponse(session);
         } finally {
-            //this is a fake packet; it shouldn't be send to the server
+            //this is a fake packet; it shouldn't be sent to the server
             synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
                 packetEvent.setCancelled(true);
             }
@@ -77,158 +128,203 @@ public class VerifyResponseTask implements Runnable {
     private void verifyResponse(BukkitLoginSession session) {
         PrivateKey privateKey = serverKey.getPrivate();
 
-        Cipher cipher;
         SecretKey loginKey;
         try {
-            cipher = Cipher.getInstance(privateKey.getAlgorithm());
-            cipher.init(Cipher.DECRYPT_MODE, privateKey);
-
-            loginKey = EncryptionUtil.decryptSharedKey(cipher, sharedSecret);
+            loginKey = EncryptionUtil.decryptSharedKey(privateKey, sharedSecret);
         } catch (GeneralSecurityException securityEx) {
-            disconnect("error-kick", false, "Cannot decrypt received contents", securityEx);
+            disconnect("error-kick", "Cannot decrypt received contents", securityEx);
             return;
         }
 
         try {
-            if (!checkVerifyToken(session, cipher, privateKey) || !encryptConnection(loginKey)) {
+            if (!enableEncryption(loginKey)) {
                 return;
             }
         } catch (Exception ex) {
-            disconnect("error-kick", false, "Cannot decrypt received contents", ex);
+            disconnect("error-kick", "Cannot decrypt received contents", ex);
             return;
         }
 
         String serverId = EncryptionUtil.getServerIdHashString("", loginKey, serverKey.getPublic());
 
-        String username = session.getUsername();
+        String requestedUsername = session.getRequestUsername();
         InetSocketAddress socketAddress = player.getAddress();
         try {
             MojangResolver resolver = plugin.getCore().getResolver();
             InetAddress address = socketAddress.getAddress();
-            Optional<Verification> response = resolver.hasJoined(username, serverId, address);
+            Optional<Verification> response = resolver.hasJoined(requestedUsername, serverId, address);
             if (response.isPresent()) {
-                plugin.getLog().info("GameProfile {} has a verified premium account", username);
-
-                SkinProperty[] properties = response.get().getProperties();
-                if (properties.length > 0) {
-                    session.setSkinProperty(properties[0]);
-                }
-
-                session.setUuid(response.get().getId());
-                session.setVerified(true);
-
-                setPremiumUUID(session.getUuid());
-                receiveFakeStartPacket(username);
+                encryptConnection(session, requestedUsername, response.get());
             } else {
-                //user tried to fake a authentication
-                disconnect("invalid-session", true
-                        , "GameProfile {0} ({1}) tried to log in with an invalid session ServerId: {2}"
-                        , session.getUsername(), socketAddress, serverId);
+                //user tried to fake an authentication
+                disconnect(
+                        "invalid-session",
+                        "Session server rejected incoming connection for GameProfile {} ({}). Possible reasons are"
+                                + "1) Client IP address contacting Mojang and server during server join were different "
+                                + "(Do you use a reverse proxy? -> Enable IP forwarding, "
+                                + "or disable the feature in the config). "
+                                + "2) Player is offline, but tried to bypass the authentication"
+                                + "3) Client uses an outdated username for connecting (Fix: Restart client)",
+                        requestedUsername, address
+                );
+
+                if (InetUtils.isLocalAddress(address)) {
+                    plugin.getLog().warn(
+                            "The incoming request for player {} uses a local IP address",
+                            requestedUsername
+                    );
+                    plugin.getLog().warn(ADDRESS_VERIFY_WARNING);
+                } else {
+                    plugin.getLog().warn("If you think this is an error, please verify that the incoming "
+                            + "IP address {} is not associated with a server hosting company.", address);
+                    plugin.getLog().warn(ADDRESS_VERIFY_WARNING);
+                }
             }
         } catch (IOException ioEx) {
-            disconnect("error-kick", false, "Failed to connect to session server", ioEx);
+            disconnect("error-kick", "Failed to connect to session server", ioEx);
         }
     }
 
+    private void encryptConnection(BukkitLoginSession session, String requestedUsername, Verification verification) {
+        plugin.getLog().info("Profile {} has a verified premium account", requestedUsername);
+        String realUsername = verification.getName();
+        if (realUsername == null) {
+            disconnect("invalid-session", "Username field null for {}", requestedUsername);
+            return;
+        }
+
+        SkinProperty[] properties = verification.getProperties();
+        if (properties.length > 0) {
+            session.setSkinProperty(properties[0]);
+        }
+
+        session.setVerifiedUsername(realUsername);
+        session.setUuid(verification.getId());
+        session.setVerified(true);
+
+        setPremiumUUID(session.getUuid());
+        receiveFakeStartPacket(realUsername, session.getClientPublicKey(), session.getUuid());
+    }
+
     private void setPremiumUUID(UUID premiumUUID) {
         if (plugin.getConfig().getBoolean("premiumUuid") && premiumUUID != null) {
             try {
                 Object networkManager = getNetworkManager();
                 //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/NetworkManager.java#L69
-                FieldUtils.writeField(networkManager, "spoofedUUID", premiumUUID, true);
+
+                Class<?> managerClass = networkManager.getClass();
+                FieldAccessor accessor = Accessors.getFieldAccessorOrNull(managerClass, "spoofedUUID", UUID.class);
+                accessor.set(networkManager, premiumUUID);
             } catch (Exception exc) {
                 plugin.getLog().error("Error setting premium uuid of {}", player, exc);
             }
         }
     }
 
-    private boolean checkVerifyToken(BukkitLoginSession session, Cipher cipher, PrivateKey privateKey)
-            throws GeneralSecurityException {
-        byte[] requestVerify = session.getVerifyToken();
-        //encrypted verify token
-        byte[] responseVerify = packetEvent.getPacket().getByteArrays().read(1);
-
-        //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L182
-        if (!Arrays.equals(requestVerify, EncryptionUtil.decrypt(cipher, responseVerify))) {
-            //check if the verify token are equal to the server sent one
-            disconnect("invalid-verify-token", true
-                    , "GameProfile {0} ({1}) tried to login with an invalid verify token. Server: {2} Client: {3}"
-                    , session.getUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);
-            return false;
-        }
-
-        return true;
-    }
-
     //try to get the networkManager from ProtocolLib
-    private Object getNetworkManager() throws IllegalAccessException, ClassNotFoundException {
+    private Object getNetworkManager() throws ClassNotFoundException {
         Object injectorContainer = TemporaryPlayerFactory.getInjectorFromPlayer(player);
 
-        //ChannelInjector
+        // ChannelInjector
         Class<?> injectorClass = Class.forName("com.comphenix.protocol.injector.netty.Injector");
         Object rawInjector = FuzzyReflection.getFieldValue(injectorContainer, injectorClass, true);
-        return FieldUtils.readField(rawInjector, "networkManager", true);
+
+        Class<?> rawInjectorClass = rawInjector.getClass();
+        FieldAccessor accessor = Accessors.getFieldAccessorOrNull(rawInjectorClass, "networkManager", Object.class);
+        return accessor.get(rawInjector);
     }
 
-    private boolean encryptConnection(SecretKey loginKey) throws IllegalArgumentException {
+    private boolean enableEncryption(SecretKey loginKey) throws IllegalArgumentException {
+        plugin.getLog().info("Enabling onlinemode encryption for {}", player.getAddress());
+        // Initialize method reflections
+        if (encryptMethod == null) {
+            Class<?> networkManagerClass = MinecraftReflection.getNetworkManagerClass();
+
+            try {
+                // Try to get the old (pre MC 1.16.4) encryption method
+                encryptMethod = FuzzyReflection.fromClass(networkManagerClass)
+                        .getMethodByParameters("a", SecretKey.class);
+            } catch (IllegalArgumentException exception) {
+                // Get the new encryption method
+                encryptMethod = FuzzyReflection.fromClass(networkManagerClass)
+                        .getMethodByParameters("a", Cipher.class, Cipher.class);
+
+                // Get the needed Cipher helper method (used to generate ciphers from login key)
+                cipherMethod = FuzzyReflection.fromClass(ENCRYPTION_CLASS)
+                        .getMethodByParameters("a", int.class, Key.class);
+            }
+        }
+
         try {
-            //get the NMS connection handle of this player
-            Object networkManager = getNetworkManager();
+            Object networkManager = this.getNetworkManager();
 
-            //try to detect the method by parameters
-            Method encryptMethod = FuzzyReflection
-                    .fromObject(networkManager).getMethodByParameters("a", SecretKey.class);
+            // If cipherMethod is null - use old encryption (pre MC 1.16.4), otherwise use the new cipher one
+            if (cipherMethod == null) {
+                // Encrypt/decrypt packet flow, this behaviour is expected by the client
+                encryptMethod.invoke(networkManager, loginKey);
+            } else {
+                // Create ciphers from login key
+                Object decryptionCipher = cipherMethod.invoke(null, Cipher.DECRYPT_MODE, loginKey);
+                Object encryptionCipher = cipherMethod.invoke(null, Cipher.ENCRYPT_MODE, loginKey);
 
-            //encrypt/decrypt following packets
-            //the client expects this behaviour
-            encryptMethod.invoke(networkManager, loginKey);
+                // Encrypt/decrypt packet flow, this behaviour is expected by the client
+                encryptMethod.invoke(networkManager, decryptionCipher, encryptionCipher);
+            }
         } catch (Exception ex) {
-            disconnect("error-kick", false, "Couldn't enable encryption", ex);
+            disconnect("error-kick", "Couldn't enable encryption", ex);
             return false;
         }
 
         return true;
     }
 
-    private void disconnect(String reasonKey, boolean debug, String logMessage, Object... arguments) {
-        if (debug) {
-            plugin.getLog().debug(logMessage, arguments);
-        } else {
-            plugin.getLog().error(logMessage, arguments);
-        }
-
+    private void disconnect(String reasonKey, String logMessage, Object... arguments) {
+        plugin.getLog().error(logMessage, arguments);
         kickPlayer(plugin.getCore().getMessage(reasonKey));
     }
 
     private void kickPlayer(String reason) {
         PacketContainer kickPacket = new PacketContainer(DISCONNECT);
         kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(reason));
-        try {
-            //send kick packet at login state
-            //the normal event.getPlayer.kickPlayer(String) method does only work at play state
-            ProtocolLibrary.getProtocolManager().sendServerPacket(player, kickPacket);
-            //tell the server that we want to close the connection
-            player.kickPlayer("Disconnect");
-        } catch (InvocationTargetException ex) {
-            plugin.getLog().error("Error sending kick packet for: {}", player, ex);
-        }
+        //send kick packet at login state
+        //the normal event.getPlayer.kickPlayer(String) method does only work at play state
+        ProtocolLibrary.getProtocolManager().sendServerPacket(player, kickPacket);
+        //tell the server that we want to close the connection
+        player.kickPlayer("Disconnect");
     }
 
     //fake a new login packet in order to let the server handle all the other stuff
-    private void receiveFakeStartPacket(String username) {
-        //see StartPacketListener for packet information
-        PacketContainer startPacket = new PacketContainer(START);
+    private void receiveFakeStartPacket(String username, ClientPublicKey clientKey, UUID uuid) {
+        PacketContainer startPacket;
+        if (new MinecraftVersion(1, 20, 2).atOrAbove()) {
+            startPacket = new PacketContainer(START);
+            startPacket.getStrings().write(0, username);
+            startPacket.getUUIDs().write(0, uuid);
+        } else if (new MinecraftVersion(1, 19, 3).atOrAbove()) {
+            startPacket = new PacketContainer(START);
+            startPacket.getStrings().write(0, username);
+            startPacket.getOptionals(Converters.passthrough(UUID.class)).write(0, Optional.of(uuid));
+        } else if (new MinecraftVersion(1, 19, 0).atOrAbove()) {
+            startPacket = new PacketContainer(START);
+            startPacket.getStrings().write(0, username);
 
-        //uuid is ignored by the packet definition
-        WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username);
-        startPacket.getGameProfiles().write(0, fakeProfile);
-        try {
-            //we don't want to handle our own packets so ignore filters
-            ProtocolLibrary.getProtocolManager().recieveClientPacket(player, startPacket, false);
-        } catch (InvocationTargetException | IllegalAccessException ex) {
-            plugin.getLog().warn("Failed to fake a new start packet for: {}", username, ex);
-            //cancel the event in order to prevent the server receiving an invalid packet
-            kickPlayer(plugin.getCore().getMessage("error-kick"));
+            EquivalentConverter<WrappedProfileKeyData> converter = BukkitConverters.getWrappedPublicKeyDataConverter();
+            val wrappedKey = Optional.ofNullable(clientKey).map(key ->
+                    new WrappedProfileKeyData(clientKey.expiry(), clientKey.key(), clientKey.signature())
+            );
+
+            startPacket.getOptionals(converter).write(0, wrappedKey);
+        } else {
+            //uuid is ignored by the packet definition
+            WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username);
+
+            Class<?> profileHandleType = fakeProfile.getHandleType();
+            Class<?> packetHandleType = PacketRegistry.getPacketClassFromType(START);
+            ConstructorAccessor startCons = Accessors.getConstructorAccessorOrNull(packetHandleType, profileHandleType);
+            startPacket = new PacketContainer(START, startCons.invoke(fakeProfile.getHandle()));
         }
+
+        //we don't want to handle our own packets so ignore filters
+        ProtocolLibrary.getProtocolManager().receiveClientPacket(player, startPacket, false);
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java

@@ -0,0 +1,55 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener.protocollib.packet;
+
+import lombok.Value;
+import lombok.experimental.Accessors;
+
+import java.security.PublicKey;
+import java.time.Instant;
+import java.util.Base64;
+import java.util.StringJoiner;
+
+@Accessors(fluent = true)
+@Value(staticConstructor = "of")
+public class ClientPublicKey {
+    Instant expiry;
+    PublicKey key;
+    byte[] signature;
+
+    public boolean isExpired(Instant verifyTimestamp) {
+        return !verifyTimestamp.isBefore(expiry);
+    }
+
+    @Override
+    public String toString() {
+        return new StringJoiner(", ", ClientPublicKey.class.getSimpleName() + '[', "]")
+                .add("expiry=" + expiry)
+                .add("key=" + Base64.getEncoder().encodeToString(key.getEncoded()))
+                .add("signature=" + Base64.getEncoder().encodeToString(signature))
+                .toString();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolLoginSource.java

@@ -1,11 +1,35 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener.protocolsupport;
 
 import com.github.games647.fastlogin.core.shared.LoginSource;
+import protocolsupport.api.events.PlayerLoginStartEvent;
 
 import java.net.InetSocketAddress;
 
-import protocolsupport.api.events.PlayerLoginStartEvent;
-
 public class ProtocolLoginSource implements LoginSource {
 
     private final PlayerLoginStartEvent loginStartEvent;
@@ -15,7 +39,7 @@ public class ProtocolLoginSource implements LoginSource {
     }
 
     @Override
-    public void setOnlineMode() {
+    public void enableOnlinemode() {
         loginStartEvent.setOnlineMode(true);
     }
 
@@ -26,7 +50,7 @@ public class ProtocolLoginSource implements LoginSource {
 
     @Override
     public InetSocketAddress getAddress() {
-        return loginStartEvent.getAddress();
+        return loginStartEvent.getConnection().getRawAddress();
     }
 
     public PlayerLoginStartEvent getLoginStartEvent() {
@@ -35,8 +59,8 @@ public class ProtocolLoginSource implements LoginSource {
 
     @Override
     public String toString() {
-        return this.getClass().getSimpleName() + '{' +
-                "loginStartEvent=" + loginStartEvent +
-                '}';
+        return this.getClass().getSimpleName() + '{'
+            + "loginStartEvent=" + loginStartEvent
+            + '}';
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java

@@ -1,16 +1,39 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.listener.protocolsupport;
 
 import com.github.games647.craftapi.UUIDAdapter;
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent;
-import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.antibot.AntiBotService;
+import com.github.games647.fastlogin.core.antibot.AntiBotService.Action;
 import com.github.games647.fastlogin.core.shared.JoinManagement;
-
-import java.net.InetSocketAddress;
-import java.util.Optional;
-
 import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
@@ -19,15 +42,20 @@ import protocolsupport.api.events.ConnectionCloseEvent;
 import protocolsupport.api.events.PlayerLoginStartEvent;
 import protocolsupport.api.events.PlayerProfileCompleteEvent;
 
+import java.net.InetSocketAddress;
+import java.util.Optional;
+
 public class ProtocolSupportListener extends JoinManagement<Player, CommandSender, ProtocolLoginSource>
         implements Listener {
 
     private final FastLoginBukkit plugin;
+    private final AntiBotService antiBotService;
 
-    public ProtocolSupportListener(FastLoginBukkit plugin) {
-        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
+    public ProtocolSupportListener(FastLoginBukkit plugin, AntiBotService antiBotService) {
+        super(plugin.getCore(), plugin.getCore().getAuthPluginHook(), plugin.getBedrockService());
 
         this.plugin = plugin;
+        this.antiBotService = antiBotService;
     }
 
     @EventHandler
@@ -37,24 +65,40 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
         }
 
         String username = loginStartEvent.getConnection().getProfile().getName();
-        InetSocketAddress address = loginStartEvent.getAddress();
+        InetSocketAddress address = loginStartEvent.getConnection().getRawAddress();
+        plugin.getLog().info("Incoming login request for {} from {}", username, address);
 
-        //remove old data every time on a new login in order to keep the session only for one person
-        plugin.getLoginSessions().remove(address.toString());
+        Action action = antiBotService.onIncomingConnection(address, username);
+        switch (action) {
+            case Ignore:
+                // just ignore
+                return;
+            case Block:
+                String message = plugin.getCore().getMessage("kick-antibot");
+                loginStartEvent.denyLogin(message);
+                break;
+            case Continue:
+            default:
+                //remove old data every time on a new login in order to keep the session only for one person
+                plugin.removeSession(address);
 
-        super.onLogin(username, new ProtocolLoginSource(loginStartEvent));
+                ProtocolLoginSource source = new ProtocolLoginSource(loginStartEvent);
+                super.onLogin(username, source);
+                break;
+        }
     }
 
     @EventHandler
     public void onConnectionClosed(ConnectionCloseEvent closeEvent) {
-        InetSocketAddress address = closeEvent.getConnection().getAddress();
-        plugin.getLoginSessions().remove(address.toString());
+        InetSocketAddress address = closeEvent.getConnection().getRawAddress();
+        plugin.removeSession(address);
     }
 
     @EventHandler
     public void onPropertiesResolve(PlayerProfileCompleteEvent profileCompleteEvent) {
-        InetSocketAddress address = profileCompleteEvent.getAddress();
-        BukkitLoginSession session = plugin.getLoginSessions().get(address.toString());
+        InetSocketAddress address = profileCompleteEvent.getConnection().getRawAddress();
+
+        BukkitLoginSession session = plugin.getSession(address);
 
         if (session != null && profileCompleteEvent.getConnection().getProfile().isOnlineMode()) {
             session.setVerified(true);
@@ -68,30 +112,28 @@ public class ProtocolSupportListener extends JoinManagement<Player, CommandSende
     }
 
     @Override
-    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLoginSource source, StoredProfile profile) {
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLoginSource source,
+                                                             StoredProfile profile) {
         BukkitFastLoginPreLoginEvent event = new BukkitFastLoginPreLoginEvent(username, source, profile);
         plugin.getServer().getPluginManager().callEvent(event);
         return event;
     }
 
     @Override
-    public void requestPremiumLogin(ProtocolLoginSource source, StoredProfile profile, String username
-            , boolean registered) {
-        source.setOnlineMode();
+    public void requestPremiumLogin(ProtocolLoginSource source, StoredProfile profile, String username,
+                                    boolean registered) {
+        source.enableOnlinemode();
 
         String ip = source.getAddress().getAddress().getHostAddress();
         plugin.getCore().getPendingLogin().put(ip + username, new Object());
 
         BukkitLoginSession playerSession = new BukkitLoginSession(username, registered, profile);
-        plugin.getLoginSessions().put(source.getAddress().toString(), playerSession);
-        if (plugin.getConfig().getBoolean("premiumUuid")) {
-            source.getLoginStartEvent().setOnlineMode(true);
-        }
+        plugin.putSession(source.getAddress(), playerSession);
     }
 
     @Override
     public void startCrackedSession(ProtocolLoginSource source, StoredProfile profile, String username) {
         BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);
-        plugin.getLoginSessions().put(source.getAddress().toString(), loginSession);
+        plugin.putSession(source.getAddress(), loginSession);
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/DelayedAuthHook.java

@@ -1,3 +1,28 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.task;
 
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
@@ -6,17 +31,16 @@ import com.github.games647.fastlogin.bukkit.hook.CrazyLoginHook;
 import com.github.games647.fastlogin.bukkit.hook.LogItHook;
 import com.github.games647.fastlogin.bukkit.hook.LoginSecurityHook;
 import com.github.games647.fastlogin.bukkit.hook.UltraAuthHook;
-import com.github.games647.fastlogin.bukkit.hook.xAuthHook;
+import com.github.games647.fastlogin.bukkit.hook.XAuthHook;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.event.Listener;
 
 import java.lang.reflect.Constructor;
 import java.util.Arrays;
 import java.util.List;
 
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.bukkit.event.Listener;
-
 public class DelayedAuthHook implements Runnable {
 
     private final FastLoginBukkit plugin;
@@ -28,7 +52,7 @@ public class DelayedAuthHook implements Runnable {
     @Override
     public void run() {
         boolean hookFound = isHookFound();
-        if (plugin.isBungeeEnabled()) {
+        if (plugin.getBungeeManager().isEnabled()) {
             plugin.getLog().info("BungeeCord setting detected. No auth plugin is required");
         } else if (!hookFound) {
             plugin.getLog().warn("No auth plugin were found by this plugin "
@@ -38,7 +62,7 @@ public class DelayedAuthHook implements Runnable {
         }
 
         if (hookFound) {
-            plugin.setServerStarted();
+            plugin.markInitialized();
         }
     }
 
@@ -68,13 +92,13 @@ public class DelayedAuthHook implements Runnable {
 
     private AuthPlugin<Player> getAuthHook() {
         try {
-            @SuppressWarnings("unchecked")
             List<Class<? extends AuthPlugin<Player>>> hooks = Arrays.asList(AuthMeHook.class,
                     CrazyLoginHook.class, LogItHook.class, LoginSecurityHook.class, UltraAuthHook.class,
-                    xAuthHook.class);
+                    XAuthHook.class);
 
             for (Class<? extends AuthPlugin<Player>> clazz : hooks) {
-                String pluginName = clazz.getSimpleName().replace("Hook", "");
+                String pluginName = clazz.getSimpleName();
+                pluginName = pluginName.substring(0, pluginName.length() - "Hook".length());
                 //uses only member classes which uses AuthPlugin interface (skip interfaces)
                 if (Bukkit.getPluginManager().isPluginEnabled(pluginName)) {
                     //check only for enabled plugins. A single plugin could be disabled by plugin managers
@@ -88,7 +112,7 @@ public class DelayedAuthHook implements Runnable {
         return null;
     }
 
-    private AuthPlugin<Player> newInstance(Class<? extends AuthPlugin<Player>> clazz)
+    protected AuthPlugin<Player> newInstance(Class<? extends AuthPlugin<Player>> clazz)
             throws ReflectiveOperationException {
         try {
             Constructor<? extends AuthPlugin<Player>> cons = clazz.getDeclaredConstructor(FastLoginBukkit.class);

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/FloodgateAuthTask.java

@@ -0,0 +1,71 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.task;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.FloodgateManagement;
+import org.bukkit.Bukkit;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+
+import java.net.InetSocketAddress;
+import java.util.UUID;
+
+public class FloodgateAuthTask extends FloodgateManagement<Player, CommandSender, BukkitLoginSession, FastLoginBukkit> {
+
+    public FloodgateAuthTask(FastLoginCore<Player, CommandSender, FastLoginBukkit> core, Player player,
+                             FloodgatePlayer floodgatePlayer) {
+        super(core, player, floodgatePlayer);
+    }
+
+    @Override
+    protected void startLogin() {
+        BukkitLoginSession session = new BukkitLoginSession(player.getName(), isRegistered, profile);
+
+        // enable auto login based on the value of 'autoLoginFloodgate' in config.yml
+        session.setVerified(isAutoAuthAllowed(autoLoginFloodgate));
+
+        // run login task
+        Runnable forceLoginTask = new ForceLoginTask(core.getPlugin().getCore(), player, session);
+        Bukkit.getScheduler().runTaskAsynchronously(core.getPlugin(), forceLoginTask);
+    }
+
+    protected String getName(Player player) {
+        return player.getName();
+    }
+
+    protected UUID getUUID(Player player) {
+        return player.getUniqueId();
+    }
+
+    protected InetSocketAddress getAddress(Player player) {
+        return player.getAddress();
+    }
+
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/ForceLoginTask.java

@@ -1,41 +1,66 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit.task;
 
 import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
 import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
 import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginAutoLoginEvent;
 import com.github.games647.fastlogin.core.PremiumStatus;
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.message.SuccessMessage;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.github.games647.fastlogin.core.shared.ForceLoginManagement;
 import com.github.games647.fastlogin.core.shared.LoginSession;
-
-import java.util.concurrent.ExecutionException;
-
 import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import org.bukkit.Bukkit;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
 import org.bukkit.metadata.FixedMetadataValue;
 
+import java.util.concurrent.ExecutionException;
+
 public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender, BukkitLoginSession, FastLoginBukkit> {
 
-    public ForceLoginTask(FastLoginCore<Player, CommandSender, FastLoginBukkit> core, Player player) {
-        super(core, player, getSession(core.getPlugin(), player));
-    }
-
-    private static BukkitLoginSession getSession(FastLoginBukkit plugin, Player player) {
-        //remove the bungeecord identifier if there is ones
-        String id = '/' + player.getAddress().getAddress().getHostAddress() + ':' + player.getAddress().getPort();
-        return plugin.getLoginSessions().remove(id);
+    public ForceLoginTask(FastLoginCore<Player, CommandSender, FastLoginBukkit> core, Player player,
+                          BukkitLoginSession session) {
+        super(core, player, session);
     }
 
     @Override
     public void run() {
-        //blacklist this target player for BungeeCord ID brute force attacks
+        // block this target player for BungeeCord ID brute force attacks
         FastLoginBukkit plugin = core.getPlugin();
         player.setMetadata(core.getPlugin().getName(), new FixedMetadataValue(plugin, true));
 
+        if (session != null && !session.getUsername().equals(player.getName())) {
+            String playerName = player.getName();
+            plugin.getLog().warn("Player username {} is not matching session {}", playerName, session.getUsername());
+            return;
+        }
+
         super.run();
 
         PremiumStatus status = PremiumStatus.CRACKED;
@@ -55,8 +80,8 @@ public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender,
 
     @Override
     public void onForceActionSuccess(LoginSession session) {
-        if (core.getPlugin().isBungeeEnabled()) {
-            core.getPlugin().sendPluginMessage(player, new SuccessMessage());
+        if (core.getPlugin().getBungeeManager().isEnabled()) {
+            core.getPlugin().getBungeeManager().sendPluginMessage(player, new SuccessMessage());
         }
     }
 
@@ -78,10 +103,6 @@ public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender,
 
     @Override
     public boolean isOnlineMode() {
-        if (session == null) {
-            return false;
-        }
-
-        return session.isVerified() && player.getName().equals(session.getUsername());
+        return session.isVerified();
     }
 }

bukkit/src/main/resources/plugin.yml

@@ -1,4 +1,4 @@
-# project data for Bukkit in order to register our plugin with all it components
+# project data for Bukkit in order to register our plugin with all it's components
 # ${-} are variables from Maven (pom.xml) which will be replaced after the build
 name: ${project.parent.name}
 version: ${project.version}-${git.commit.id.abbrev}
@@ -11,17 +11,22 @@ description: |
 website: ${project.url}
 dev-url: ${project.url}
 
-# This plugin don't have to be transformed for compatibility with Minecraft >= 1.13
+# This plugin doesn't have to be transformed for compatibility with Minecraft >= 1.13
 api-version: '1.13'
 
 softdepend:
-    # We depend either ProtocolLib or ProtocolSupport
+    # We depend on either ProtocolLib or ProtocolSupport
     - ProtocolSupport
     - ProtocolLib
+    # Premium variable
     - PlaceholderAPI
+    # Bedrock Player Bridge
+    - Geyser-Spigot
+    - floodgate
     # Auth plugins
     - AuthMe
     - LoginSecurity
+    - SodionAuth
     - xAuth
     - LogIt
     - UltraAuth
@@ -35,7 +40,7 @@ commands:
         permission: ${project.artifactId}.command.premium
 
     cracked:
-        description: 'Label the invoker or the player specified as cracked if he was marked premium before'
+        description: 'Label the invoker or the player specified as cracked if marked premium before'
         aliases: [unpremium]
         usage: /<command> [player]
         permission: ${project.artifactId}.command.cracked

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/EncryptionUtilTest.java

@@ -1,42 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import java.security.SecureRandom;
-
-import org.junit.Test;
-
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.CoreMatchers.notNullValue;
-
-import static org.junit.Assert.assertThat;
-
-public class EncryptionUtilTest {
-
-    @Test
-    public void testVerifyToken() throws Exception {
-        SecureRandom random = new SecureRandom();
-        byte[] token = EncryptionUtil.generateVerifyToken(random);
-
-        assertThat(token, notNullValue());
-        assertThat(token.length, is(4));
-    }
-
-    // @Test
-    // public void testDecryptSharedSecret() throws Exception {
-    //
-    // }
-    //
-    // @Test
-    // public void testDecryptData() throws Exception {
-    //
-    // }
-
-    // private static SecretKey createNewSharedKey() {
-    //     try {
-    //         KeyGenerator keygenerator = KeyGenerator.getInstance("AES");
-    //         keygenerator.init(128);
-    //         return keygenerator.generateKey();
-    //     } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
-    //         throw new Error(nosuchalgorithmexception);
-    //     }
-    // }
-}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/FastLoginBukkitTest.java

@@ -0,0 +1,48 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.fastlogin.core.CommonUtil;
+import lombok.val;
+import net.md_5.bungee.api.chat.TextComponent;
+import net.md_5.bungee.chat.ComponentSerializer;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class FastLoginBukkitTest {
+
+    @Test
+    void testRGB() {
+        val message = "&x00002a00002b&lText";
+        val msg = CommonUtil.translateColorCodes(message);
+        assertEquals(msg, "§x00002a00002b§lText");
+
+        val components = TextComponent.fromLegacyText(msg);
+        val expected = "{\"bold\":true,\"color\":\"#00a00b\",\"text\":\"Text\"}";
+        assertEquals(ComponentSerializer.toString(components), expected);
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/ReflectionTest.java

@@ -0,0 +1,43 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import fr.xephi.authme.api.v3.AuthMeApi;
+import fr.xephi.authme.process.Management;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class ReflectionTest {
+
+    @Test
+    void testAuthMeManagementField() {
+        FieldAccessor accessor = Accessors.getFieldAccessor(AuthMeApi.class, Management.class, true);
+        assertNotNull(accessor.getField());
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/hook/CrazyLoginHookTest.java

@@ -0,0 +1,44 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import de.st_ddt.crazylogin.CrazyLogin;
+import de.st_ddt.crazylogin.listener.PlayerListener;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class CrazyLoginHookTest {
+
+    @Test
+    void testPlayerListener() {
+        FieldAccessor accessor = Accessors.getFieldAccessor(CrazyLogin.class, PlayerListener.class, true);
+        assertNotNull(accessor.getField());
+    }
+
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/Base64Adapter.java

@@ -0,0 +1,49 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.google.gson.TypeAdapter;
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonWriter;
+import lombok.val;
+
+import java.io.IOException;
+import java.util.Base64;
+
+public class Base64Adapter extends TypeAdapter<byte[]> {
+
+    @Override
+    public void write(JsonWriter out, byte[] value) throws IOException {
+        val encoded = Base64.getEncoder().encodeToString(value);
+        out.value(encoded);
+    }
+
+    @Override
+    public byte[] read(JsonReader in) throws IOException {
+        String encoded = in.nextString();
+        return Base64.getDecoder().decode(encoded);
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java

@@ -0,0 +1,298 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.github.games647.fastlogin.bukkit.listener.protocollib.SignatureTestData.SignatureData;
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
+import com.google.common.hash.Hashing;
+import lombok.val;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.math.BigInteger;
+import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.interfaces.RSAPublicKey;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.UUID;
+import java.util.concurrent.ThreadLocalRandom;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class EncryptionUtilTest {
+
+    @Test
+    void testVerifyToken() {
+        val random = ThreadLocalRandom.current();
+        byte[] token = EncryptionUtil.generateVerifyToken(random);
+
+        assertAll(
+                () -> assertNotNull(token),
+                () -> assertEquals(token.length, 4)
+        );
+    }
+
+    @Test
+    void testServerKey() {
+        KeyPair keyPair = EncryptionUtil.generateKeyPair();
+
+        Key privateKey = keyPair.getPrivate();
+        assertEquals(privateKey.getAlgorithm(), "RSA");
+
+        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+        assertEquals(publicKey.getAlgorithm(), "RSA");
+
+        // clients accept larger values than the standard vanilla server, but we shouldn't crash them
+        assertAll(
+                () -> assertTrue(publicKey.getModulus().bitLength() >= 1024),
+                () -> assertTrue(publicKey.getModulus().bitLength() < 8192)
+        );
+    }
+
+    @Test
+    void testExpiredClientKey() throws Exception {
+        val clientKey = ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+
+        // Client expires at the exact second mentioned, so use it for verification
+        val expiredTimestamp = clientKey.expiry();
+        assertFalse(EncryptionUtil.verifyClientKey(clientKey, expiredTimestamp, null));
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {
+            // expiration date changed should make the signature invalid while still being not expired
+            "client_keys/invalid_wrong_expiration.json",
+            // changed public key no longer corresponding to the signature
+            "client_keys/invalid_wrong_key.json",
+            // signature modified no longer corresponding to key and expiration date
+            "client_keys/invalid_wrong_signature.json"
+    })
+    void testInvalidClientKey(String clientKeySource) throws Exception {
+        val clientKey = ResourceLoader.loadClientKey(clientKeySource);
+        Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        assertFalse(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp, null));
+    }
+
+    @Test
+    void testValidClientKey() throws Exception {
+        val clientKey = ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+        val verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        assertTrue(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp, null));
+    }
+
+    @Test
+    void testValid191ClientKey() throws Exception {
+        val clientKey = ResourceLoader.loadClientKey("client_keys/valid_public_key_19_1.json");
+        val verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        val ownerPremiumId = UUID.fromString("0aaa2c13-922a-411b-b655-9b8c08404695");
+        assertTrue(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp, ownerPremiumId));
+    }
+
+    @Test
+    void testIncorrect191ClientOwner() throws Exception {
+        val clientKey = ResourceLoader.loadClientKey("client_keys/valid_public_key_19_1.json");
+        val verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        val ownerPremiumId = UUID.fromString("61699b2e-d327-4a01-9f1e-0ea8c3f06bc6");
+        assertFalse(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp, ownerPremiumId));
+    }
+
+    @Test
+    void testDecryptSharedSecret() throws Exception {
+        KeyPair serverPair = EncryptionUtil.generateKeyPair();
+        val serverPK = serverPair.getPublic();
+
+        SecretKey secretKey = generateSharedKey();
+        byte[] encryptedSecret = encrypt(serverPK, secretKey.getEncoded());
+
+        SecretKey decryptSharedKey = EncryptionUtil.decryptSharedKey(serverPair.getPrivate(), encryptedSecret);
+        assertEquals(decryptSharedKey, secretKey);
+    }
+
+    private static byte[] encrypt(PublicKey receiverKey, byte... message)
+            throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
+            IllegalBlockSizeException, BadPaddingException {
+        val encryptCipher = Cipher.getInstance(receiverKey.getAlgorithm());
+        encryptCipher.init(Cipher.ENCRYPT_MODE, receiverKey);
+        return encryptCipher.doFinal(message);
+    }
+
+    private static SecretKeySpec generateSharedKey() {
+        // according to wiki.vg 16 bytes long
+        byte[] sharedKey = new byte[16];
+        ThreadLocalRandom.current().nextBytes(sharedKey);
+        // shared key is to be used for the AES/CFB8 stream cipher to encrypt the traffic
+        // therefore the encryption/decryption has to be AES
+        return new SecretKeySpec(sharedKey, "AES");
+    }
+
+    @Test
+    void testServerIdHash() throws Exception {
+        val serverId = "";
+        val sharedSecret = generateSharedKey();
+        val serverPK = ResourceLoader.loadClientKey("client_keys/valid_public_key.json").key();
+
+        String sessionHash = getServerHash(serverId, sharedSecret, serverPK);
+        assertEquals(EncryptionUtil.getServerIdHashString(serverId, sharedSecret, serverPK), sessionHash);
+    }
+
+    private static String getServerHash(@SuppressWarnings("SameParameterValue") CharSequence serverId,
+                                        SecretKey sharedSecret, PublicKey serverPK) {
+        // https://wiki.vg/Protocol_Encryption#Client
+        // sha1 := Sha1()
+        // sha1.update(ASCII encoding of the server id string from Encryption Request)
+        // sha1.update(shared secret)
+        // sha1.update(server's encoded public key from Encryption Request)
+        // hash := sha1.hexdigest() # String of hex characters
+        @SuppressWarnings("deprecation")
+        val hasher = Hashing.sha1().newHasher();
+        hasher.putString(serverId, StandardCharsets.US_ASCII);
+        hasher.putBytes(sharedSecret.getEncoded());
+        hasher.putBytes(serverPK.getEncoded());
+        //  It works by treating the sha1 output bytes as one large integer in two's complement and then printing the
+        //  integer in base 16, placing a minus sign if the interpreted number is negative.
+        // reference: 
+        // https://github.com/SpigotMC/BungeeCord/blob/ff5727c5ef9c0b56ad35f9816ae6bd660b622cf0/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java#L456
+        return new BigInteger(hasher.hash().asBytes()).toString(16);
+    }
+
+    @Test
+    void testServerIdHashWrongSecret() throws Exception {
+        val serverId = "";
+        val sharedSecret = generateSharedKey();
+        val serverPK = ResourceLoader.loadClientKey("client_keys/valid_public_key.json").key();
+
+        String sessionHash = getServerHash(serverId, sharedSecret, serverPK);
+        assertNotEquals(EncryptionUtil.getServerIdHashString("", generateSharedKey(), serverPK), sessionHash);
+    }
+
+    @Test
+    void testServerIdHashWrongServerKey() {
+        val serverId = "";
+        val sharedSecret = generateSharedKey();
+        val serverPK = EncryptionUtil.generateKeyPair().getPublic();
+
+        String sessionHash = getServerHash(serverId, sharedSecret, serverPK);
+        val wrongPK = EncryptionUtil.generateKeyPair().getPublic();
+        assertNotEquals(EncryptionUtil.getServerIdHashString("", sharedSecret, wrongPK), sessionHash);
+    }
+
+    @Test
+    void testValidSignedNonce() throws Exception {
+        ClientPublicKey clientKey = ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+        SignatureTestData testData = SignatureTestData.fromResource("signature/valid_signature.json");
+        assertTrue(verifySignedNonce(testData, clientKey));
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {
+            "signature/incorrect_nonce.json",
+            "signature/incorrect_salt.json",
+            "signature/incorrect_signature.json",
+    })
+    void testIncorrectNonce(String signatureSource) throws Exception {
+        ClientPublicKey clientKey = ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+        SignatureTestData testData = SignatureTestData.fromResource(signatureSource);
+        assertFalse(verifySignedNonce(testData, clientKey));
+    }
+
+    @Test
+    void testWrongPublicKeySigned() throws Exception {
+        // load a different public key
+        ClientPublicKey clientKey = ResourceLoader.loadClientKey("client_keys/invalid_wrong_key.json");
+        SignatureTestData testData = SignatureTestData.fromResource("signature/valid_signature.json");
+        assertFalse(verifySignedNonce(testData, clientKey));
+    }
+
+    private static boolean verifySignedNonce(SignatureTestData testData, ClientPublicKey clientKey)
+            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        PublicKey clientPublicKey = clientKey.key();
+
+        byte[] nonce = testData.getNonce();
+        SignatureData signature = testData.getSignature();
+        long salt = signature.getSalt();
+        return EncryptionUtil.verifySignedNonce(nonce, clientPublicKey, salt, signature.getSignature());
+    }
+
+    @Test
+    void testNonce() throws Exception {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+        val encryptedNonce = encrypt(serverKey.getPublic(), expected);
+
+        assertTrue(EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce));
+    }
+
+    @Test
+    void testNonceIncorrect() throws Exception {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+
+        // flipped first character
+        val encryptedNonce = encrypt(serverKey.getPublic(), new byte[]{0, 2, 3, 4});
+        assertFalse(EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce));
+    }
+
+    @Test
+    void testNonceFailedDecryption() throws Exception {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+        // generate a new keypair that is different
+        val encryptedNonce = encrypt(EncryptionUtil.generateKeyPair().getPublic(), expected);
+
+        assertThrows(GeneralSecurityException.class,
+                () -> EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce)
+        );
+    }
+
+    @Test
+    void testNonceIncorrectEmpty() {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+        byte[] encryptedNonce = {};
+
+        assertThrows(GeneralSecurityException.class,
+                () -> EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce)
+        );
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ResourceLoader.java

@@ -0,0 +1,97 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey;
+import com.google.common.io.Resources;
+import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.time.Instant;
+import java.util.Base64;
+
+public class ResourceLoader {
+
+    public static RSAPrivateKey parsePrivateKey(String keySpec)
+        throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        try (
+            Reader reader = new StringReader(keySpec);
+            PemReader pemReader = new PemReader(reader)
+        ) {
+            PemObject pemObject = pemReader.readPemObject();
+            byte[] content = pemObject.getContent();
+            KeySpec privateKeySpec = new PKCS8EncodedKeySpec(content);
+
+            KeyFactory factory = KeyFactory.getInstance("RSA");
+            return (RSAPrivateKey) factory.generatePrivate(privateKeySpec);
+        }
+    }
+
+    protected static ClientPublicKey loadClientKey(String path)
+        throws NoSuchAlgorithmException, IOException, InvalidKeySpecException {
+        URL keyUrl = Resources.getResource(path);
+
+        String lines = Resources.toString(keyUrl, StandardCharsets.US_ASCII);
+        JsonObject object = new Gson().fromJson(lines, JsonObject.class);
+
+        Instant expires = Instant.parse(object.getAsJsonPrimitive("expires_at").getAsString());
+        String key = object.getAsJsonPrimitive("key").getAsString();
+        RSAPublicKey publicKey = parsePublicKey(key);
+
+        byte[] signature = Base64.getDecoder().decode(object.getAsJsonPrimitive("signature").getAsString());
+        return ClientPublicKey.of(expires, publicKey, signature);
+    }
+
+    private static RSAPublicKey parsePublicKey(String keySpec)
+        throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
+        try (
+            Reader reader = new StringReader(keySpec);
+            PemReader pemReader = new PemReader(reader)
+        ) {
+            PemObject pemObject = pemReader.readPemObject();
+            byte[] content = pemObject.getContent();
+            KeySpec pubKeySpec = new X509EncodedKeySpec(content);
+
+            KeyFactory factory = KeyFactory.getInstance("RSA");
+            return (RSAPublicKey) factory.generatePublic(pubKeySpec);
+        }
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SignatureTestData.java

@@ -0,0 +1,73 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.google.common.io.Resources;
+import com.google.gson.Gson;
+import com.google.gson.annotations.JsonAdapter;
+import lombok.val;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+public class SignatureTestData {
+
+    public static SignatureTestData fromResource(String resourceName) throws IOException {
+        val keyUrl = Resources.getResource(resourceName);
+        val encodedSignature = Resources.toString(keyUrl, StandardCharsets.US_ASCII);
+
+        return new Gson().fromJson(encodedSignature, SignatureTestData.class);
+    }
+
+    @JsonAdapter(Base64Adapter.class)
+    private byte[] nonce;
+
+    private SignatureData signature;
+
+    public byte[] getNonce() {
+        return nonce;
+    }
+
+    public SignatureData getSignature() {
+        return signature;
+    }
+
+    public static class SignatureData {
+
+        private long salt;
+
+        @JsonAdapter(Base64Adapter.class)
+        private byte[] signature;
+
+        public long getSalt() {
+            return salt;
+        }
+
+        public byte[] getSignature() {
+            return signature;
+        }
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTaskTest.java

@@ -0,0 +1,66 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.listener.protocollib;
+
+import com.comphenix.protocol.injector.packet.PacketRegistry;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import com.comphenix.protocol.utility.MinecraftReflection;
+import org.bukkit.Bukkit;
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+
+import java.util.Optional;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mockStatic;
+
+class VerifyResponseTaskTest {
+
+    private static final String NETTY_INJECTOR_CLASS =
+            "com.comphenix.protocol.injector.netty.channel.NettyChannelInjector";
+
+    @Test
+    void getNetworkManagerReflection() throws ClassNotFoundException {
+        try (
+                MockedStatic<Bukkit> bukkitMock = mockStatic(Bukkit.class);
+                MockedStatic<MinecraftReflection> reflectionMock = mockStatic(MinecraftReflection.class);
+                MockedStatic<PacketRegistry> registryMock = mockStatic(PacketRegistry.class)
+        ) {
+            bukkitMock.when(Bukkit::getVersion).thenReturn("git-Bukkit-18fbb24 (MC: 1.17)");
+            reflectionMock.when(MinecraftReflection::getMinecraftPackage).thenReturn("xyz");
+            reflectionMock.when(MinecraftReflection::getEnumProtocolClass).thenReturn(Object.class);
+
+            registryMock.when(() -> PacketRegistry.tryGetPacketClass(any())).thenReturn(Optional.empty());
+            
+            
+            Class<?> injectorClass = Class.forName(NETTY_INJECTOR_CLASS);
+            FieldAccessor accessor = Accessors.getFieldAccessorOrNull(injectorClass, "networkManager", Object.class);
+            assertNotNull(accessor.getField());
+        }
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/task/DelayedAuthHookTest.java

@@ -0,0 +1,60 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.task;
+
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import lombok.val;
+import org.bukkit.entity.Player;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class DelayedAuthHookTest {
+
+    @Test
+    void createNewReflectiveInstance() throws ReflectiveOperationException {
+        val authHook = new DelayedAuthHook(null);
+        assertNotNull(authHook.newInstance(DummyHook.class));
+    }
+
+    public static class DummyHook implements AuthPlugin<Player> {
+
+        @Override
+        public boolean forceLogin(Player player) {
+            return false;
+        }
+
+        @Override
+        public boolean forceRegister(Player player, String password) {
+            return false;
+        }
+
+        @Override
+        public boolean isRegistered(String playerName) throws Exception {
+            return false;
+        }
+    }
+}

bukkit/src/test/java/integration/README.md

@@ -0,0 +1,53 @@
+# Integration tests for authentication
+
+## Description
+
+Projects require integration tests in order to check against errors that could only occur if connected to other
+components. However, they are heavier in terms of performance and require a more complex setup. Unit tests often make
+use of fake, mock, stubs, etc. implementations to test the unit in isolation and thus could hide issues across
+boundaries of a unit. Nevertheless, both are not replacement for each other.
+
+## Usage in this project
+
+The authentication system is a core component, so it requires some kind of testing. Here we are going to
+spin up a Spigot server and test with the supported authentication schemes against the implementation of MCProtocolLib.
+
+### Goals
+
+* OS platform independent
+* Reproducible, but not fixed to a specific image hash
+    * This is a dev container, so fixing it to feature/major version is enough instead of a version fixed by hash
+* Improve container spin up
+    * E.g. Remove/Reduce world generation
+
+### Note on automation
+
+The simplest solution it to use the official Mojang session and authentication servers. However, this would require
+a spare Minecraft account. Mocking the auth servers would be a solution to avoid this.
+
+## Related
+
+Interest blog article about integration tests and why they are necessary.
+https://software.rajivprab.com/2019/04/28/rethinking-software-testing-perspectives-from-the-world-of-hardware/
+
+## Issues
+
+### Slow startup
+
+Tried a lot of optimizations like only loading a single world without the nether or the end. However, there the startup
+is still slow. If you have any ideas on how to tune the startup parameters of the Minecraft server or the JVM
+itself to reduce the startup time, please suggest it.
+
+### Checkpoint
+
+An idea to optimize the time is to use CRIU (checkpoint and restore). So to save the process at a certain stage and
+restore all data multiple times. This could cause a lot of issues like open files have to be present. However, the
+impact is significant and since it runs inside the container all files, pids (pid=1) should be matching. Potential
+checkpoint locations are:
+
+* Direct before loading the plugins
+  * Likely before binding the port to prevent issues
+* After loading the libraries
+
+Nevertheless, the current state requires to run it with root and the Java support is currently still in progress.
+

bukkit/src/test/resources/client_keys/README.md

@@ -0,0 +1,27 @@
+# About
+
+This contains test resources for the unit tests. The files are extracted from the Minecraft directory with slight
+modifications. The files are found in `$MINECRAFT_HOME$/profilekeys/`, where `$MINECRAFT_HOME$` represents the
+OS-dependent minecraft folder.
+
+**Notable the files in this folder do not contain the private key information. It should be explicitly
+stripped before including it.**
+
+## Minecraft folder
+
+* Windows: `%appdata%\.minecraft`
+* Linux: `/home/username/.minecraft`
+* Mac: `~/Library/Application Support/minecraft`
+
+## Directory structure
+
+* `valid_public_key.json`: Extracted from the actual file
+* `invalid_wrong_expiration.json`: Changed the expiration date
+* `invalid_wrong_key.json`: Modified public key while keeping the RSA structure valid
+* `invalid_wrong_signature.json`: Changed a character in the public key signature
+
+## File content
+
+* `expires_at`: Expiration date
+* `key`: Public key from the original file out of `public_key.key`
+* `signature`: Mojang signed signature of this public key

bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T07:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/invalid_wrong_key.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T08:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU3I+xmDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWcPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/invalid_wrong_signature.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T08:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRxK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/valid_public_key.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T08:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/valid_public_key_19_1.json

@@ -0,0 +1,5 @@
+{
+  "expires_at": "2022-07-29T12:57:39.011Z",
+  "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYOUXdid0c09/eYoseLf8qG9fKQ/G2DY9wlSyEZaFMflwZ8ZpLFYigxzfaimpT3A5cbFIdIH2W2sYl5PwsKSs128GBh/rxXUEZlLkIkS+EfxyuMp9ITclxAjCqvFgfJbZHugtB9Ofi6knCEEgjFwMDh2efdpOXkCxtHuPFfnVzDJBbHWdlCCtJesMAnA2jCT7CqCwsi7sW2QxuTarqHP/cHKiBeBIu/SngGUB6eWmvAwERW5x2D+O26w8Z5sQCND3xQ4D868RALiPNG94TyKoJV+jKi0tTUmjGGs/1ksbSGDQb5xqIH0NYKZhoZrczYPNmJX4k7g5BA5RHX8AGORaQIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+  "signature": "Fto/GDqEMTWpNrktWSi3tnP3ZZlo8r4Jled/5PKYRvaL/zksfjB2RK2O8pZL+w5mI2VAViTVAQmSJEF2o/BCb2L0zXp3/hC9VhZj5NTVi4KbHfnfMorj7/WJP2vvMgVxIxgLb3EEQXGS2Mmo0w2ikUVauwXgLWECvVt10KAZnTAWNIvpM8NUoZ2oCCxVimYHBtlwWQ7WvowAatP4ypa7fo3xhQg8Im1hvQDsFTNp58pgnd7l3l99xLj1uYOUJM06HGZJ/Xd0kzzJz44Csh4m50Q0RP4Nq5L+fYPeUx990Z1r1lw0sSayk+vA2Qnxgbs/z6KgkxfhBg7oOlp4ykl9cLC2kA/LdV6igqsdr/KoP4GWxwTA7RgQbhMkDFdmIg1W+gh3XqwASFQK2BAN/eAfmDTf8u9BtOEF7Ehn9uPOaiFiGztyaHxXNIkVSPTG2GXMFSijnd3Ms28jHYVY/67INTnDRmN0//KzBAoTRMe1S5idai19kug4EUVIRKDziipowzCPdbD18trdQGpK0dYOrw9XQiQd4N4V3eItpyAULGiZd8KcjgKo4orqgsUfNyhLI1keig7TyJUE3FkBOfX4hlZBm7Q/Wq4hwarlc5yZIjhsuivKV/q4tcnYYPwjP7kNMRsIApWG+yHmSIo8QfZhBiPxvtWSSLZgoFgnlxfaEko="
+}

bukkit/src/test/resources/signature/README.md

@@ -0,0 +1,16 @@
+# About
+
+This contains test resources for the unit tests. Files in this folder include pre-made cryptographic signatures.
+
+## Directory structure
+
+* `valid_signature.json`: Extracted using packet extract from an actual authentication
+* `incorrect_nonce.json`: Different nonce token simulating that the server expected a different token than signed
+* `incorrect_salt.json`: Salt sent is different to the content signed by the signature (changed salt field)
+* `incorrect_signature.json`: Changed signature
+
+## File content
+
+* `nonce`: Server generated nonce token
+* `salt`: Client generated random token that will be signed
+* `signature`: Nonce and salt signed using the client key from `valid_public_key.json`

bukkit/src/test/resources/signature/incorrect_nonce.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "galNig\u003d\u003d",
+    "signature": {
+        "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -2985008842905108412
+    }
+}

bukkit/src/test/resources/signature/incorrect_salt.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "GalNig\u003d\u003d",
+    "signature": {
+        "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -1985008842905108412
+    }
+}

bukkit/src/test/resources/signature/incorrect_signature.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "GalNig\u003d\u003d",
+    "signature": {
+        "signature": "jlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -2985008842905108412
+    }
+}

bukkit/src/test/resources/signature/valid_signature.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "GalNig\u003d\u003d",
+    "signature": {
+        "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -2985008842905108412
+    }
+}

bungee/pom.xml

@@ -1,15 +1,42 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<!--
+
+    SPDX-License-Identifier: MIT
+
+    The MIT License (MIT)
+
+    Copyright (c) 2015-2023 games647 and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+
+-->
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
         <groupId>com.github.games647</groupId>
         <artifactId>fastlogin</artifactId>
-        <version>1.11-SNAPSHOT</version>
+        <version>1.12-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <!--This have to be in lowercase because it's used by plugin.yml-->
+    <!--This has to be in lowercase because it's used by plugin.yml-->
     <artifactId>fastlogin.bungee</artifactId>
     <packaging>jar</packaging>
 
@@ -19,10 +46,11 @@
     <build>
         <plugins>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>3.2.2</version>
+                <version>3.5.1</version>
                 <configuration>
+                    <minimizeJar>true</minimizeJar>
+
                     <createDependencyReducedPom>false</createDependencyReducedPom>
                     <shadedArtifactAttached>false</shadedArtifactAttached>
                     <artifactSet>
@@ -30,6 +58,7 @@
                             <!--Those classes are already present in BungeeCord version-->
                             <exclude>net.md-5:bungeecord-config</exclude>
                             <exclude>com.google.code.gson:gson</exclude>
+                            <exclude>com.google.guava:guava</exclude>
                         </excludes>
                     </artifactSet>
                     <relocations>
@@ -42,6 +71,21 @@
                             <shadedPattern>fastlogin.slf4j</shadedPattern>
                         </relocation>
                     </relocations>
+                    <!-- Rename the service file too to let SLF4J api find our own relocated jdk logger -->
+                    <!-- Located in META-INF/services -->
+                    <transformers>
+                        <transformer
+                                implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
+                    </transformers>
+                    <filters>
+                        <filter>
+                            <artifact>*:*</artifact>
+                            <excludes>
+                                <exclude>META-INF/MANIFEST.MF</exclude>
+                                <exclude>**/module-info.class</exclude>
+                            </excludes>
+                        </filter>
+                    </filters>
                 </configuration>
                 <executions>
                     <execution>
@@ -60,6 +104,14 @@
             <id>codemc-repo</id>
             <url>https://repo.codemc.io/repository/maven-public/</url>
         </repository>
+
+        <repository>
+            <id>jitpack.io</id>
+            <url>https://jitpack.io</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
     </repositories>
 
     <dependencies>
@@ -74,8 +126,81 @@
         <dependency>
             <groupId>net.md-5</groupId>
             <artifactId>bungeecord-proxy</artifactId>
-            <version>1.14-SNAPSHOT</version>
+            <version>1.19-R0.1-SNAPSHOT</version>
             <scope>provided</scope>
+            <!-- Use our own newer api version -->
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>mysql</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.md-5</groupId>
+                    <artifactId>bungeecord-native</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.md-5</groupId>
+                    <artifactId>bungeecord-query</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.md-5</groupId>
+                    <artifactId>bungeecord-slf4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.maven</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.maven.resolver</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!--Floodgate for Xbox Live Authentication-->
+        <dependency>
+            <groupId>org.geysermc.floodgate</groupId>
+            <artifactId>api</artifactId>
+            <version>${floodgate.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- Bedrock player bridge -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>core</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- We need the API, but it was excluded above -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>api</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!--Login plugin-->

bungee/src/main/java/com/github/games647/fastlogin/bungee/BungeeLoginSession.java

@@ -1,7 +1,32 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee;
 
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 
 public class BungeeLoginSession extends LoginSession {
 
@@ -34,10 +59,10 @@ public class BungeeLoginSession extends LoginSession {
 
     @Override
     public synchronized String toString() {
-        return this.getClass().getSimpleName() + '{' +
-                "alreadySaved=" + alreadySaved +
-                ", alreadyLogged=" + alreadyLogged +
-                ", registered=" + registered +
-                "} " + super.toString();
+        return this.getClass().getSimpleName() + '{'
+            + "alreadySaved=" + alreadySaved
+            + ", alreadyLogged=" + alreadyLogged
+            + ", registered=" + registered
+            + "} " + super.toString();
     }
 }

bungee/src/main/java/com/github/games647/fastlogin/bungee/BungeeLoginSource.java

@@ -1,15 +1,39 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee;
 
 import com.github.games647.fastlogin.core.shared.LoginSource;
-
-import java.net.InetSocketAddress;
-
 import net.md_5.bungee.api.ChatColor;
 import net.md_5.bungee.api.chat.ComponentBuilder;
 import net.md_5.bungee.api.chat.TextComponent;
 import net.md_5.bungee.api.connection.PendingConnection;
 import net.md_5.bungee.api.event.PreLoginEvent;
 
+import java.net.InetSocketAddress;
+
 public class BungeeLoginSource implements LoginSource {
 
     private final PendingConnection connection;
@@ -21,7 +45,7 @@ public class BungeeLoginSource implements LoginSource {
     }
 
     @Override
-    public void setOnlineMode() {
+    public void enableOnlinemode() {
         connection.setOnlineMode(true);
     }
 
@@ -29,10 +53,11 @@ public class BungeeLoginSource implements LoginSource {
     public void kick(String message) {
         preLoginEvent.setCancelled(true);
 
-        if (message != null)
-            preLoginEvent.setCancelReason(TextComponent.fromLegacyText(message));
-        else
+        if (message == null) {
             preLoginEvent.setCancelReason(new ComponentBuilder("Kicked").color(ChatColor.WHITE).create());
+        } else {
+            preLoginEvent.setCancelReason(TextComponent.fromLegacyText(message));
+        }
     }
 
     @Override
@@ -46,8 +71,8 @@ public class BungeeLoginSource implements LoginSource {
 
     @Override
     public String toString() {
-        return this.getClass().getSimpleName() + '{' +
-                "connection=" + connection +
-                '}';
+        return this.getClass().getSimpleName() + '{'
+            + "connection=" + connection
+            + '}';
     }
 }

bungee/src/main/java/com/github/games647/fastlogin/bungee/FastLoginBungee.java

@@ -1,9 +1,39 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee;
 
 import com.github.games647.fastlogin.bungee.hook.BungeeAuthHook;
 import com.github.games647.fastlogin.bungee.listener.ConnectListener;
 import com.github.games647.fastlogin.bungee.listener.PluginMessageListener;
+import com.github.games647.fastlogin.core.AsyncScheduler;
 import com.github.games647.fastlogin.core.CommonUtil;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import com.github.games647.fastlogin.core.hooks.bedrock.BedrockService;
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
+import com.github.games647.fastlogin.core.hooks.bedrock.GeyserService;
 import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
 import com.github.games647.fastlogin.core.message.ChannelMessage;
 import com.github.games647.fastlogin.core.message.NamespaceKey;
@@ -14,21 +44,25 @@ import com.google.common.collect.MapMaker;
 import com.google.common.io.ByteArrayDataOutput;
 import com.google.common.io.ByteStreams;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
-
-import java.nio.file.Path;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.ThreadFactory;
-
 import net.md_5.bungee.api.CommandSender;
 import net.md_5.bungee.api.chat.TextComponent;
 import net.md_5.bungee.api.connection.PendingConnection;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.connection.Server;
+import net.md_5.bungee.api.plugin.Listener;
 import net.md_5.bungee.api.plugin.Plugin;
+import net.md_5.bungee.api.plugin.PluginManager;
 import net.md_5.bungee.api.scheduler.GroupedThreadFactory;
-
+import org.geysermc.floodgate.api.FloodgateApi;
+import org.geysermc.geyser.GeyserImpl;
 import org.slf4j.Logger;
 
+import java.nio.file.Path;
+import java.util.Collections;
+import java.util.List;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.ThreadFactory;
+
 /**
  * BungeeCord version of FastLogin. This plugin keeps track on online mode connections.
  */
@@ -37,11 +71,15 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
     private final ConcurrentMap<PendingConnection, BungeeLoginSession> session = new MapMaker().weakKeys().makeMap();
 
     private FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core;
+    private AsyncScheduler scheduler;
+    private FloodgateService floodgateService;
+    private GeyserService geyserService;
     private Logger logger;
 
     @Override
     public void onEnable() {
-        logger = CommonUtil.createLoggerFromJDK(getLogger());
+        logger = CommonUtil.initializeLoggerService(getLogger());
+        scheduler = new AsyncScheduler(logger, task -> getProxy().getScheduler().runAsync(this, task));
 
         core = new FastLoginCore<>(this);
         core.load();
@@ -49,13 +87,24 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
             return;
         }
 
+        if (isPluginInstalled("floodgate")) {
+            floodgateService = new FloodgateService(FloodgateApi.getInstance(), core);
+        }
+
+        if (isPluginInstalled("Geyser-BungeeCord")) {
+            geyserService = new GeyserService(GeyserImpl.getInstance(), core);
+        }
+
         //events
-        getProxy().getPluginManager().registerListener(this, new ConnectListener(this));
-        getProxy().getPluginManager().registerListener(this, new PluginMessageListener(this));
+        PluginManager pluginManager = getProxy().getPluginManager();
+
+        Listener connectListener = new ConnectListener(this, core.getAntiBot());
+        pluginManager.registerListener(this, connectListener);
+        pluginManager.registerListener(this, new PluginMessageListener(this));
 
         //this is required to listen to incoming messages from the server
-        getProxy().registerChannel(new NamespaceKey(getName(), ChangePremiumMessage.CHANGE_CHANNEL).getCombinedName());
-        getProxy().registerChannel(new NamespaceKey(getName(), SuccessMessage.SUCCESS_CHANNEL).getCombinedName());
+        getProxy().registerChannel(NamespaceKey.getCombined(getName(), ChangePremiumMessage.CHANGE_CHANNEL));
+        getProxy().registerChannel(NamespaceKey.getCombined(getName(), SuccessMessage.SUCCESS_CHANNEL));
 
         registerHook();
     }
@@ -76,10 +125,25 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
     }
 
     private void registerHook() {
-        Plugin plugin = getProxy().getPluginManager().getPlugin("BungeeAuth");
-        if (plugin != null) {
-            core.setAuthPluginHook(new BungeeAuthHook());
-            logger.info("Hooked into BungeeAuth");
+        try {
+            List<Class<? extends AuthPlugin<ProxiedPlayer>>> hooks = Collections.singletonList(
+                    BungeeAuthHook.class
+            );
+
+            for (Class<? extends AuthPlugin<ProxiedPlayer>> clazz : hooks) {
+                String pluginName = clazz.getSimpleName();
+                pluginName = pluginName.substring(0, pluginName.length() - "Hook".length());
+                //uses only member classes which uses AuthPlugin interface (skip interfaces)
+                Plugin plugin = getProxy().getPluginManager().getPlugin(pluginName);
+                if (plugin != null) {
+                    logger.info("Hooking into auth plugin: {}", pluginName);
+                    core.setAuthPluginHook(
+                            clazz.getDeclaredConstructor(FastLoginBungee.class).newInstance(this));
+                    break;
+                }
+            }
+        } catch (ReflectiveOperationException ex) {
+            logger.error("Couldn't load the auth hook class", ex);
         }
     }
 
@@ -117,10 +181,36 @@ public class FastLoginBungee extends Plugin implements PlatformPlugin<CommandSen
     @SuppressWarnings("deprecation")
     public ThreadFactory getThreadFactory() {
         return new ThreadFactoryBuilder()
-                .setNameFormat(getName() + " Database Pool Thread #%1$d")
+                .setNameFormat(getName() + " Pool Thread #%1$d")
                 //Hikari create daemons by default
                 .setDaemon(true)
                 .setThreadFactory(new GroupedThreadFactory(this, getName()))
                 .build();
     }
+
+    @Override
+    public AsyncScheduler getScheduler() {
+        return scheduler;
+    }
+
+    @Override
+    public boolean isPluginInstalled(String name) {
+        return getProxy().getPluginManager().getPlugin(name) != null;
+    }
+
+    public FloodgateService getFloodgateService() {
+        return floodgateService;
+    }
+
+    public GeyserService getGeyserService() {
+        return geyserService;
+    }
+
+    @Override
+    public BedrockService<?> getBedrockService() {
+        if (floodgateService != null) {
+            return floodgateService;
+        }
+        return geyserService;
+    }
 }

bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginAutoLoginEvent.java

@@ -1,8 +1,33 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.event;
 
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.LoginSession;
 import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import net.md_5.bungee.api.plugin.Cancellable;
 import net.md_5.bungee.api.plugin.Event;
 

bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPreLoginEvent.java

@@ -1,8 +1,33 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.event;
 
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.LoginSource;
 import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import net.md_5.bungee.api.plugin.Event;
 
 public class BungeeFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent {

bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPremiumToggleEvent.java

@@ -0,0 +1,51 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bungee.event;
+
+import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import net.md_5.bungee.api.plugin.Event;
+
+public class BungeeFastLoginPremiumToggleEvent extends Event implements FastLoginPremiumToggleEvent {
+
+    private final StoredProfile profile;
+    private final PremiumToggleReason reason;
+
+    public BungeeFastLoginPremiumToggleEvent(StoredProfile profile, PremiumToggleReason reason) {
+        this.profile = profile;
+        this.reason = reason;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public PremiumToggleReason getReason() {
+        return reason;
+    }
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/hook/BungeeAuthHook.java

@@ -1,23 +1,52 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.hook;
 
+import com.github.games647.fastlogin.bungee.FastLoginBungee;
 import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
 import me.vik1395.BungeeAuth.Main;
 import me.vik1395.BungeeAuthAPI.RequestHandler;
-
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 
 /**
- * GitHub: https://github.com/vik1395/BungeeAuth-Minecraft
- *
+ * GitHub:
+ * <a href="https://github.com/vik1395/BungeeAuth-Minecraft">...</a>
+ * <p>
  * Project page:
- *
- * Spigot: https://www.spigotmc.org/resources/bungeeauth.493/
+ * <p>
+ * Spigot:
+ * <a href="https://www.spigotmc.org/resources/bungeeauth.493/">...</a>
  */
 public class BungeeAuthHook implements AuthPlugin<ProxiedPlayer> {
 
     private final RequestHandler requestHandler = new RequestHandler();
 
+    public BungeeAuthHook(FastLoginBungee plugin) {
+    }
+
     @Override
     public boolean forceLogin(ProxiedPlayer player) {
         String playerName = player.getName();

bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java

@@ -1,16 +1,43 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.listener;
 
 import com.github.games647.craftapi.UUIDAdapter;
+import com.github.games647.fastlogin.bungee.BungeeLoginSession;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
 import com.github.games647.fastlogin.bungee.task.AsyncPremiumCheck;
+import com.github.games647.fastlogin.bungee.task.FloodgateAuthTask;
 import com.github.games647.fastlogin.bungee.task.ForceLoginTask;
-import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.antibot.AntiBotService;
+import com.github.games647.fastlogin.core.antibot.AntiBotService.Action;
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
 import com.github.games647.fastlogin.core.shared.LoginSession;
-
-import java.lang.reflect.Field;
-import java.util.UUID;
-
-import net.md_5.bungee.api.ProxyServer;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import com.google.common.base.Throwables;
+import net.md_5.bungee.api.chat.TextComponent;
 import net.md_5.bungee.api.connection.PendingConnection;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.connection.Server;
@@ -21,9 +48,19 @@ import net.md_5.bungee.api.event.ServerConnectedEvent;
 import net.md_5.bungee.api.plugin.Listener;
 import net.md_5.bungee.connection.InitialHandler;
 import net.md_5.bungee.connection.LoginResult;
-import net.md_5.bungee.connection.LoginResult.Property;
 import net.md_5.bungee.event.EventHandler;
 import net.md_5.bungee.event.EventPriority;
+import net.md_5.bungee.protocol.Property;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodHandles.Lookup;
+import java.lang.reflect.Field;
+import java.net.InetSocketAddress;
+import java.util.UUID;
 
 /**
  * Enables online mode logins for specified users and sends plugin message to the Bukkit version of this plugin in
@@ -31,24 +68,68 @@ import net.md_5.bungee.event.EventPriority;
  */
 public class ConnectListener implements Listener {
 
+    private static final String UUID_FIELD_NAME = "uniqueId";
+    protected static final MethodHandle UNIQUE_ID_SETTER;
+
+    static {
+        MethodHandle setHandle = null;
+        try {
+            Lookup lookup = MethodHandles.lookup();
+
+            Class.forName("net.md_5.bungee.connection.InitialHandler");
+
+            Field uuidField = InitialHandler.class.getDeclaredField(UUID_FIELD_NAME);
+            uuidField.setAccessible(true);
+            setHandle = lookup.unreflectSetter(uuidField);
+        } catch (ReflectiveOperationException reflectiveOperationException) {
+            Logger logger = LoggerFactory.getLogger(ConnectListener.class);
+            logger.error(
+                    "Cannot find Bungee initial handler; Disabling premium UUID and skin won't work.",
+                    reflectiveOperationException
+            );
+        }
+
+        UNIQUE_ID_SETTER = setHandle;
+    }
+
     private final FastLoginBungee plugin;
+    private final AntiBotService antiBotService;
     private final Property[] emptyProperties = {};
 
-    public ConnectListener(FastLoginBungee plugin) {
+    public ConnectListener(FastLoginBungee plugin, AntiBotService antiBotService) {
         this.plugin = plugin;
+        this.antiBotService = antiBotService;
     }
 
     @EventHandler
     public void onPreLogin(PreLoginEvent preLoginEvent) {
+        PendingConnection connection = preLoginEvent.getConnection();
         if (preLoginEvent.isCancelled()) {
             return;
         }
 
-        preLoginEvent.registerIntent(plugin);
+        InetSocketAddress address = preLoginEvent.getConnection().getAddress();
+        String username = connection.getName();
 
-        PendingConnection connection = preLoginEvent.getConnection();
-        Runnable asyncPremiumCheck = new AsyncPremiumCheck(plugin, preLoginEvent, connection);
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, asyncPremiumCheck);
+        plugin.getLog().info("Incoming login request for {} from {}", username, connection.getSocketAddress());
+
+        Action action = antiBotService.onIncomingConnection(address, username);
+        switch (action) {
+            case Ignore:
+                // just ignore
+                return;
+            case Block:
+                String message = plugin.getCore().getMessage("kick-antibot");
+                preLoginEvent.setCancelReason(TextComponent.fromLegacyText(message));
+                preLoginEvent.setCancelled(true);
+                break;
+            case Continue:
+            default:
+                preLoginEvent.registerIntent(plugin);
+                Runnable asyncPremiumCheck = new AsyncPremiumCheck(plugin, preLoginEvent, connection, username);
+                plugin.getScheduler().runAsync(asyncPremiumCheck);
+                break;
+        }
     }
 
     @EventHandler(priority = EventPriority.LOWEST)
@@ -60,48 +141,79 @@ public class ConnectListener implements Listener {
         //use the login event instead of the post login event in order to send the login success packet to the client
         //with the offline uuid this makes it possible to set the skin then
         PendingConnection connection = loginEvent.getConnection();
-        InitialHandler initialHandler = (InitialHandler) connection;
-
-        String username = initialHandler.getLoginRequest().getData();
         if (connection.isOnlineMode()) {
             LoginSession session = plugin.getSession().get(connection);
-            session.setUuid(connection.getUniqueId());
+
+            UUID verifiedUUID = connection.getUniqueId();
+            String verifiedUsername = connection.getName();
+            session.setUuid(verifiedUUID);
+            session.setVerifiedUsername(verifiedUsername);
 
             StoredProfile playerProfile = session.getProfile();
-            playerProfile.setId(connection.getUniqueId());
+            playerProfile.setId(verifiedUUID);
 
-            //bungeecord will do this automatically so override it on disabled option
-            if (!plugin.getCore().getConfig().get("premiumUuid", true)) {
-                try {
-                    UUID offlineUUID = UUIDAdapter.generateOfflineId(username);
+            // BungeeCord will do this automatically so override it on disabled option
+            if (UNIQUE_ID_SETTER != null) {
+                InitialHandler initialHandler = (InitialHandler) connection;
 
-                    //bungeecord doesn't support overriding the premium uuid
-                    //so we have to do it with reflection
-                    Field idField = InitialHandler.class.getDeclaredField("uniqueId");
-                    idField.setAccessible(true);
-                    idField.set(connection, offlineUUID);
-                } catch (NoSuchFieldException | IllegalAccessException ex) {
-                    plugin.getLog().error("Failed to set offline uuid of {}", username, ex);
+                if (!plugin.getCore().getConfig().get("premiumUuid", true)) {
+                    setOfflineId(initialHandler, verifiedUsername);
                 }
-            }
 
-            if (!plugin.getCore().getConfig().get("forwardSkin", true)) {
-                //this is null on offline mode
-                LoginResult loginProfile = initialHandler.getLoginProfile();
-                if (loginProfile != null) {
+                if (!plugin.getCore().getConfig().get("forwardSkin", true)) {
+                    // this is null on offline mode
+                    LoginResult loginProfile = initialHandler.getLoginProfile();
                     loginProfile.setProperties(emptyProperties);
                 }
             }
         }
     }
 
+    protected void setOfflineId(InitialHandler connection, String username) {
+        try {
+            UUID oldPremiumId = connection.getUniqueId();
+            UUID offlineUUID = UUIDAdapter.generateOfflineId(username);
+
+            // BungeeCord only allows setting the UUID in PreLogin events and before requesting online mode
+            // However if online mode is requested, it will override previous values
+            // So we have to do it with reflection
+            UNIQUE_ID_SETTER.invokeExact(connection, offlineUUID);
+
+            String format = "Overridden UUID from {} to {} (based of {}) on {}";
+            plugin.getLog().info(format, oldPremiumId, offlineUUID, username, connection);
+        } catch (Exception ex) {
+            plugin.getLog().error("Failed to set offline uuid of {}", username, ex);
+        } catch (Throwable throwable) {
+            // throw remaining exceptions like out of memory that we shouldn't handle ourselves
+            Throwables.throwIfUnchecked(throwable);
+        }
+    }
+
     @EventHandler
     public void onServerConnected(ServerConnectedEvent serverConnectedEvent) {
         ProxiedPlayer player = serverConnectedEvent.getPlayer();
         Server server = serverConnectedEvent.getServer();
 
-        Runnable loginTask = new ForceLoginTask(plugin.getCore(), player, server);
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, loginTask);
+        FloodgateService floodgateService = plugin.getFloodgateService();
+        if (floodgateService != null) {
+            FloodgatePlayer floodgatePlayer = floodgateService.getBedrockPlayer(player.getUniqueId());
+            if (floodgatePlayer != null) {
+                Runnable floodgateAuthTask = new FloodgateAuthTask(plugin.getCore(), player, floodgatePlayer, server);
+                plugin.getScheduler().runAsync(floodgateAuthTask);
+                return;
+            }
+        }
+
+        BungeeLoginSession session = plugin.getSession().get(player.getPendingConnection());
+        if (session == null) {
+            return;
+        }
+
+        // delay sending force command, because Paper will process the login event asynchronously
+        // In this case it means that the force command (plugin message) is already received and processed while
+        // player is still in the login phase and reported to be offline.
+        Runnable loginTask = new ForceLoginTask(plugin.getCore(), player, server, session);
+        plugin.getScheduler().runAsync(loginTask);
     }
 
     @EventHandler

bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/PluginMessageListener.java

@@ -1,20 +1,42 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.listener;
 
 import com.github.games647.fastlogin.bungee.BungeeLoginSession;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
 import com.github.games647.fastlogin.bungee.task.AsyncToggleMessage;
-import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
 import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
 import com.github.games647.fastlogin.core.message.NamespaceKey;
 import com.github.games647.fastlogin.core.message.SuccessMessage;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import com.google.common.io.ByteArrayDataInput;
 import com.google.common.io.ByteStreams;
-
-import java.util.Arrays;
-
 import net.md_5.bungee.api.CommandSender;
-import net.md_5.bungee.api.ProxyServer;
 import net.md_5.bungee.api.chat.TextComponent;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.connection.Server;
@@ -22,6 +44,8 @@ import net.md_5.bungee.api.event.PluginMessageEvent;
 import net.md_5.bungee.api.plugin.Listener;
 import net.md_5.bungee.event.EventHandler;
 
+import java.util.Arrays;
+
 public class PluginMessageListener implements Listener {
 
     private final FastLoginBungee plugin;
@@ -44,7 +68,7 @@ public class PluginMessageListener implements Listener {
         }
 
         //the client shouldn't be able to read the messages in order to know something about server internal states
-        //moreover the client shouldn't be able fake a running premium check by sending the result message
+        //moreover the client shouldn't be able to fake a running premium check by sending the result message
         pluginMessageEvent.setCancelled(true);
 
         if (!(pluginMessageEvent.getSender() instanceof Server)) {
@@ -56,7 +80,7 @@ public class PluginMessageListener implements Listener {
         byte[] data = Arrays.copyOf(pluginMessageEvent.getData(), pluginMessageEvent.getData().length);
         ProxiedPlayer forPlayer = (ProxiedPlayer) pluginMessageEvent.getReceiver();
 
-        ProxyServer.getInstance().getScheduler().runAsync(plugin, () -> readMessage(forPlayer, channel, data));
+        plugin.getScheduler().runAsync(() -> readMessage(forPlayer, channel, data));
     }
 
     private void readMessage(ProxiedPlayer forPlayer, String channel, byte[] data) {
@@ -82,16 +106,24 @@ public class PluginMessageListener implements Listener {
 
                 core.getPendingConfirms().remove(forPlayer.getUniqueId());
                 Runnable task = new AsyncToggleMessage(core, forPlayer, playerName, true, isSourceInvoker);
-                ProxyServer.getInstance().getScheduler().runAsync(plugin, task);
+                plugin.getScheduler().runAsync(task);
             } else {
                 Runnable task = new AsyncToggleMessage(core, forPlayer, playerName, false, isSourceInvoker);
-                ProxyServer.getInstance().getScheduler().runAsync(plugin, task);
+                plugin.getScheduler().runAsync(task);
             }
         }
     }
 
     private void onSuccessMessage(ProxiedPlayer forPlayer) {
-        if (forPlayer.getPendingConnection().isOnlineMode()) {
+        boolean shouldPersist = forPlayer.getPendingConnection().isOnlineMode();
+
+        FloodgateService floodgateService = plugin.getFloodgateService();
+        if (!shouldPersist && floodgateService != null) {
+            // always save floodgate players to lock this username
+            shouldPersist = floodgateService.isBedrockPlayer(forPlayer.getUniqueId());
+        }
+
+        if (shouldPersist) {
             //bukkit module successfully received and force logged in the user
             //update only on success to prevent corrupt data
             BungeeLoginSession loginSession = plugin.getSession().get(forPlayer.getPendingConnection());

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncPremiumCheck.java

@@ -1,18 +1,41 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.task;
 
 import com.github.games647.fastlogin.bungee.BungeeLoginSession;
 import com.github.games647.fastlogin.bungee.BungeeLoginSource;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
 import com.github.games647.fastlogin.bungee.event.BungeeFastLoginPreLoginEvent;
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.shared.JoinManagement;
 import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
-
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import net.md_5.bungee.api.CommandSender;
 import net.md_5.bungee.api.connection.PendingConnection;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.event.PreLoginEvent;
-import net.md_5.bungee.connection.InitialHandler;
 
 public class AsyncPremiumCheck extends JoinManagement<ProxiedPlayer, CommandSender, BungeeLoginSource>
         implements Runnable {
@@ -20,22 +43,23 @@ public class AsyncPremiumCheck extends JoinManagement<ProxiedPlayer, CommandSend
     private final FastLoginBungee plugin;
     private final PreLoginEvent preLoginEvent;
 
+    private final String username;
     private final PendingConnection connection;
 
-    public AsyncPremiumCheck(FastLoginBungee plugin, PreLoginEvent preLoginEvent, PendingConnection connection) {
-        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
+    public AsyncPremiumCheck(FastLoginBungee plugin, PreLoginEvent preLoginEvent, PendingConnection connection,
+                             String username) {
+        super(plugin.getCore(), plugin.getCore().getAuthPluginHook(), plugin.getBedrockService());
 
         this.plugin = plugin;
         this.preLoginEvent = preLoginEvent;
         this.connection = connection;
+        this.username = username;
     }
 
     @Override
     public void run() {
         plugin.getSession().remove(connection);
 
-        InitialHandler initialHandler = (InitialHandler) connection;
-        String username = initialHandler.getLoginRequest().getData();
         try {
             super.onLogin(username, new BungeeLoginSource(connection, preLoginEvent));
         } finally {
@@ -53,7 +77,7 @@ public class AsyncPremiumCheck extends JoinManagement<ProxiedPlayer, CommandSend
     @Override
     public void requestPremiumLogin(BungeeLoginSource source, StoredProfile profile,
                                     String username, boolean registered) {
-        source.setOnlineMode();
+        source.enableOnlinemode();
         plugin.getSession().put(source.getConnection(), new BungeeLoginSession(username, registered, profile));
 
         String ip = source.getAddress().getAddress().getHostAddress();

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncToggleMessage.java

@@ -1,9 +1,35 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.task;
 
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
-import com.github.games647.fastlogin.core.StoredProfile;
+import com.github.games647.fastlogin.bungee.event.BungeeFastLoginPremiumToggleEvent;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
-
+import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent.PremiumToggleReason;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import net.md_5.bungee.api.CommandSender;
 import net.md_5.bungee.api.ProxyServer;
 import net.md_5.bungee.api.chat.TextComponent;
@@ -46,6 +72,10 @@ public class AsyncToggleMessage implements Runnable {
         playerProfile.setPremium(false);
         playerProfile.setId(null);
         core.getStorage().save(playerProfile);
+        PremiumToggleReason reason = (!isPlayerSender || !sender.getName().equalsIgnoreCase(playerProfile.getName()))
+            ? PremiumToggleReason.COMMAND_OTHER : PremiumToggleReason.COMMAND_SELF;
+        core.getPlugin().getProxy().getPluginManager().callEvent(
+                new BungeeFastLoginPremiumToggleEvent(playerProfile, reason));
         sendMessage("remove-premium");
     }
 
@@ -58,6 +88,10 @@ public class AsyncToggleMessage implements Runnable {
 
         playerProfile.setPremium(true);
         core.getStorage().save(playerProfile);
+        PremiumToggleReason reason = (!isPlayerSender || !sender.getName().equalsIgnoreCase(playerProfile.getName()))
+            ? PremiumToggleReason.COMMAND_OTHER : PremiumToggleReason.COMMAND_SELF;
+        core.getPlugin().getProxy().getPluginManager().callEvent(
+                new BungeeFastLoginPremiumToggleEvent(playerProfile, reason));
         sendMessage("add-premium");
     }
 

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/FloodgateAuthTask.java

@@ -0,0 +1,77 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bungee.task;
+
+import com.github.games647.fastlogin.bungee.BungeeLoginSession;
+import com.github.games647.fastlogin.bungee.FastLoginBungee;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.FloodgateManagement;
+import net.md_5.bungee.api.CommandSender;
+import net.md_5.bungee.api.connection.ProxiedPlayer;
+import net.md_5.bungee.api.connection.Server;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+
+import java.net.InetSocketAddress;
+import java.util.UUID;
+
+public class FloodgateAuthTask
+        extends FloodgateManagement<ProxiedPlayer, CommandSender, BungeeLoginSession, FastLoginBungee> {
+
+    private final Server server;
+
+    public FloodgateAuthTask(FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core, ProxiedPlayer player,
+            FloodgatePlayer floodgatePlayer, Server server) {
+        super(core, player, floodgatePlayer);
+        this.server = server;
+    }
+
+    @Override
+    protected void startLogin() {
+        BungeeLoginSession session = new BungeeLoginSession(player.getName(), isRegistered, profile);
+        core.getPlugin().getSession().put(player.getPendingConnection(), session);
+
+        // run login task
+        Runnable forceLoginTask = new ForceLoginTask(core.getPlugin().getCore(), player, server, session,
+                isAutoAuthAllowed(autoLoginFloodgate));
+        core.getPlugin().getScheduler().runAsync(forceLoginTask);
+    }
+
+    @Override
+    protected String getName(ProxiedPlayer player) {
+        return player.getName();
+    }
+
+    @Override
+    protected UUID getUUID(ProxiedPlayer player) {
+        return player.getUniqueId();
+    }
+
+    @Override
+    protected InetSocketAddress getAddress(ProxiedPlayer player) {
+        return player.getAddress();
+    }
+
+}

bungee/src/main/java/com/github/games647/fastlogin/bungee/task/ForceLoginTask.java

@@ -1,34 +1,68 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bungee.task;
 
 import com.github.games647.fastlogin.bungee.BungeeLoginSession;
 import com.github.games647.fastlogin.bungee.FastLoginBungee;
 import com.github.games647.fastlogin.bungee.event.BungeeFastLoginAutoLoginEvent;
-import com.github.games647.fastlogin.core.StoredProfile;
 import com.github.games647.fastlogin.core.message.ChannelMessage;
 import com.github.games647.fastlogin.core.message.LoginActionMessage;
 import com.github.games647.fastlogin.core.message.LoginActionMessage.Type;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
 import com.github.games647.fastlogin.core.shared.ForceLoginManagement;
 import com.github.games647.fastlogin.core.shared.LoginSession;
-
-import java.util.UUID;
-
 import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
 import net.md_5.bungee.api.CommandSender;
 import net.md_5.bungee.api.ProxyServer;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
 import net.md_5.bungee.api.connection.Server;
 
+import java.util.UUID;
+
 public class ForceLoginTask
         extends ForceLoginManagement<ProxiedPlayer, CommandSender, BungeeLoginSession, FastLoginBungee> {
 
     private final Server server;
 
+    //treat player as if they had a premium account, even when they don't
+    //use for Floodgate auto login/register
+    private final boolean forcedOnlineMode;
+
     public ForceLoginTask(FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core,
-             ProxiedPlayer player, Server server) {
-        super(core, player, core.getPlugin().getSession().get(player.getPendingConnection()));
+                          ProxiedPlayer player, Server server, BungeeLoginSession session, boolean forcedOnlineMode) {
+        super(core, player, session);
 
         this.server = server;
+        this.forcedOnlineMode = forcedOnlineMode;
+    }
+
+    public ForceLoginTask(FastLoginCore<ProxiedPlayer, CommandSender, FastLoginBungee> core, ProxiedPlayer player,
+            Server server, BungeeLoginSession session) {
+        this(core, player, server, session, false);
     }
 
     @Override
@@ -91,6 +125,6 @@ public class ForceLoginTask
 
     @Override
     public boolean isOnlineMode() {
-        return player.getPendingConnection().isOnlineMode();
+        return forcedOnlineMode || player.getPendingConnection().isOnlineMode();
     }
 }

bungee/src/main/resources/bungee.yml

@@ -11,6 +11,11 @@ author: games647, https://github.com/games647/FastLogin/graphs/contributors
 softDepends:
     # BungeeCord auth plugins
     - BungeeAuth
+    - BungeeCordAuthenticatorBungee
+    - SodionAuth
+    # Bedrock Player Bridge
+    - Geyser-BungeeCord
+    - floodgate
 
 description: |
     ${project.description}

bungee/src/test/java/com/github/games647/fastlogin/bungee/listener/ConnectListenerTest.java

@@ -0,0 +1,57 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bungee.listener;
+
+import net.md_5.bungee.BungeeCord;
+import net.md_5.bungee.conf.Configuration;
+import net.md_5.bungee.connection.InitialHandler;
+import org.junit.jupiter.api.Test;
+
+import java.lang.reflect.Field;
+import java.util.UUID;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.mock;
+
+class ConnectListenerTest {
+
+    @Test
+    void testUUIDSetter() throws Throwable {
+        BungeeCord proxyMock = mock(BungeeCord.class);
+        BungeeCord.setInstance(proxyMock);
+        
+        Configuration configMock = mock(Configuration.class);
+        Field configField = proxyMock.getClass().getField("config");
+        configField.setAccessible(true);
+        configField.set(proxyMock, configMock);
+
+        InitialHandler handler = new InitialHandler(proxyMock, null);
+
+        UUID expectedUUID = UUID.randomUUID();
+        ConnectListener.UNIQUE_ID_SETTER.invokeExact(handler, expectedUUID);
+        assertEquals(expectedUUID, handler.getUniqueId());
+    }
+}

checkstyle.xml

@@ -0,0 +1,233 @@
+<?xml version="1.0"?>
+<!--
+
+    SPDX-License-Identifier: MIT
+
+    The MIT License (MIT)
+
+    Copyright (c) 2015-2023 games647 and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+
+-->
+<!DOCTYPE module PUBLIC
+          "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+          "https://checkstyle.org/dtds/configuration_1_3.dtd">
+
+<!--
+
+  Checkstyle configuration that checks the sun coding conventions from:
+
+    - the Java Language Specification at
+      https://docs.oracle.com/javase/specs/jls/se11/html/index.html
+
+    - the Sun Code Conventions at https://www.oracle.com/java/technologies/javase/codeconventions-contents.html
+
+    - the Javadoc guidelines at
+      https://www.oracle.com/technical-resources/articles/java/javadoc-tool.html
+
+    - the JDK Api documentation https://docs.oracle.com/en/java/javase/11/
+
+    - some best practices
+
+  Checkstyle is very configurable. Be sure to read the documentation at
+  https://checkstyle.org (or in your downloaded distribution).
+
+  Most Checks are configurable, be sure to consult the documentation.
+
+  To completely disable a check, just comment it out or delete it from the file.
+  To suppress certain violations please review suppression filters.
+
+  Finally, it is worth reading the documentation.
+
+-->
+
+<module name="Checker">
+  <!--
+      If you set the basedir property below, then all reported file
+      names will be relative to the specified directory. See
+      https://checkstyle.org/config.html#Checker
+
+      <property name="basedir" value="${basedir}"/>
+  -->
+  <property name="severity" value="error"/>
+
+  <property name="fileExtensions" value="java, properties, xml"/>
+
+  <!-- Excludes all 'module-info.java' files              -->
+  <!-- See https://checkstyle.org/config_filefilters.html -->
+  <module name="BeforeExecutionExclusionFileFilter">
+    <property name="fileNamePattern" value="module\-info\.java$"/>
+  </module>
+
+  <!-- https://checkstyle.org/config_filters.html#SuppressionFilter -->
+  <module name="SuppressionFilter">
+    <property name="file" value="${org.checkstyle.sun.suppressionfilter.config}"
+              default="checkstyle-suppressions.xml" />
+    <property name="optional" value="true"/>
+  </module>
+
+  <!-- Checks that a package-info.java file exists for each package.     -->
+  <!-- See https://checkstyle.org/config_javadoc.html#JavadocPackage -->
+  <!--<module name="JavadocPackage"/>-->
+
+  <!-- Checks whether files end with a new line.                        -->
+  <!-- See https://checkstyle.org/config_misc.html#NewlineAtEndOfFile -->
+  <module name="NewlineAtEndOfFile"/>
+
+  <!-- Checks that property files contain the same keys.         -->
+  <!-- See https://checkstyle.org/config_misc.html#Translation -->
+  <module name="Translation"/>
+
+  <!-- Checks for Size Violations.                    -->
+  <!-- See https://checkstyle.org/config_sizes.html -->
+  <module name="FileLength"/>
+  <module name="LineLength">
+    <property name="max" value="120"/>
+    <property name="fileExtensions" value="java"/>
+    <property name="ignorePattern" value="^ *\* *@see.+$"/>
+  </module>
+
+  <!-- Checks for whitespace                               -->
+  <!-- See https://checkstyle.org/config_whitespace.html -->
+  <module name="FileTabCharacter"/>
+
+  <!-- Miscellaneous other checks.                   -->
+  <!-- See https://checkstyle.org/config_misc.html -->
+  <module name="RegexpSingleline">
+    <property name="format" value="\s+$"/>
+    <property name="minimum" value="0"/>
+    <property name="maximum" value="0"/>
+    <property name="message" value="Line has trailing spaces."/>
+  </module>
+
+  <!-- Checks for Headers                                -->
+  <!-- See https://checkstyle.org/config_header.html   -->
+  <!-- <module name="Header"> -->
+  <!--   <property name="headerFile" value="${checkstyle.header.file}"/> -->
+  <!--   <property name="fileExtensions" value="java"/> -->
+  <!-- </module> -->
+
+  <module name="TreeWalker">
+
+    <!-- Checks for Javadoc comments.                     -->
+    <!-- See https://checkstyle.org/config_javadoc.html -->
+    <module name="InvalidJavadocPosition"/>
+    <module name="JavadocMethod"/>
+    <!--<module name="JavadocType"/>-->
+    <!--<module name="JavadocVariable"/>-->
+    <!--<module name="JavadocStyle"/>-->
+    <!--<module name="MissingJavadocMethod"/>-->
+
+    <!-- Checks for Naming Conventions.                  -->
+    <!-- See https://checkstyle.org/config_naming.html -->
+    <module name="ConstantName"/>
+    <module name="LocalFinalVariableName"/>
+    <module name="LocalVariableName"/>
+    <module name="MemberName"/>
+    <module name="MethodName"/>
+    <module name="PackageName"/>
+    <module name="ParameterName"/>
+    <module name="StaticVariableName"/>
+    <module name="TypeName"/>
+
+    <!-- Checks for imports                              -->
+    <!-- See https://checkstyle.org/config_imports.html -->
+    <module name="AvoidStarImport"/>
+    <module name="IllegalImport"/> <!-- defaults to sun.* packages -->
+    <module name="RedundantImport"/>
+    <module name="UnusedImports">
+      <property name="processJavadoc" value="false"/>
+    </module>
+
+    <!-- Checks for Size Violations.                    -->
+    <!-- See https://checkstyle.org/config_sizes.html -->
+    <module name="MethodLength"/>
+    <module name="ParameterNumber"/>
+
+    <!-- Checks for whitespace                               -->
+    <!-- See https://checkstyle.org/config_whitespace.html -->
+    <module name="EmptyForIteratorPad"/>
+    <module name="GenericWhitespace"/>
+    <module name="MethodParamPad"/>
+    <module name="NoWhitespaceAfter"/>
+    <module name="NoWhitespaceBefore"/>
+    <module name="OperatorWrap"/>
+    <module name="ParenPad"/>
+    <module name="TypecastParenPad"/>
+    <module name="WhitespaceAfter"/>
+    <module name="WhitespaceAround"/>
+
+    <!-- Modifier Checks                                    -->
+    <!-- See https://checkstyle.org/config_modifier.html -->
+    <module name="ModifierOrder"/>
+    <module name="RedundantModifier"/>
+
+    <!-- Checks for blocks. You know, those {}'s         -->
+    <!-- See https://checkstyle.org/config_blocks.html -->
+    <module name="AvoidNestedBlocks"/>
+    <module name="EmptyBlock"/>
+    <module name="LeftCurly"/>
+    <module name="NeedBraces"/>
+    <module name="RightCurly"/>
+
+    <!-- Checks for common coding problems               -->
+    <!-- See https://checkstyle.org/config_coding.html -->
+    <module name="EmptyStatement"/>
+    <module name="EqualsHashCode"/>
+    <module name="IllegalInstantiation"/>
+    <module name="InnerAssignment"/>
+    <!--<module name="MagicNumber"/>-->
+    <module name="MissingSwitchDefault"/>
+    <module name="MultipleVariableDeclarations"/>
+    <module name="SimplifyBooleanExpression"/>
+    <module name="SimplifyBooleanReturn"/>
+
+    <!-- Checks for class design                         -->
+    <!-- See https://checkstyle.org/config_design.html -->
+    <!--<module name="DesignForExtension"/>-->
+    <module name="FinalClass"/>
+    <module name="HideUtilityClassConstructor"/>
+    <module name="InterfaceIsType"/>
+
+    <!-- Miscellaneous other checks.                   -->
+    <!-- See https://checkstyle.org/config_misc.html -->
+    <module name="ArrayTypeStyle"/>
+    <!--<module name="FinalParameters"/>-->
+<!--    <module name="TodoComment"/>-->
+    <module name="UpperEll"/>
+
+    <!-- https://checkstyle.org/config_filters.html#SuppressionXpathFilter -->
+    <module name="SuppressionXpathFilter">
+      <property name="file" value="${org.checkstyle.sun.suppressionxpathfilter.config}"
+                default="checkstyle-xpath-suppressions.xml" />
+      <property name="optional" value="true"/>
+    </module>
+
+    <!-- Suppress filters via comments -->
+    <!-- https://stackoverflow.com/a/4023351/9767089 -->
+    <module name="SuppressionCommentFilter">
+      <property name="offCommentFormat" value="CHECKSTYLE.OFF\: ([\w\|]+)"/>
+      <property name="onCommentFormat" value="CHECKSTYLE.ON\: ([\w\|]+)"/>
+      <property name="checkFormat" value="$1"/>
+    </module>
+
+  </module>
+
+</module>

core/pom.xml

@@ -1,11 +1,38 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<!--
+
+    SPDX-License-Identifier: MIT
+
+    The MIT License (MIT)
+
+    Copyright (c) 2015-2023 games647 and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+
+-->
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
         <groupId>com.github.games647</groupId>
         <artifactId>fastlogin</artifactId>
-        <version>1.11-SNAPSHOT</version>
+        <version>1.12-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -17,7 +44,7 @@
     <repositories>
         <repository>
             <id>luck-repo</id>
-            <url>https://ci.lucko.me/plugin/repository/everything</url>
+            <url>https://ci.lucko.me/plugin/repository/everything/</url>
             <snapshots>
                 <enabled>false</enabled>
             </snapshots>
@@ -26,8 +53,33 @@
             <id>codemc-repo</id>
             <url>https://repo.codemc.io/repository/maven-public/</url>
         </repository>
+        <!-- Floodgate -->
+        <repository>
+            <id>opencollab-snapshot</id>
+            <url>https://repo.opencollab.dev/maven-snapshots/</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+        </repository>
     </repositories>
 
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>3.3.0</version>
+                <configuration>
+                    <archive>
+                        <manifestEntries>
+                            <Automatic-Module-Name>com.github.games647.fastlogin.core</Automatic-Module-Name>
+                        </manifestEntries>
+                    </archive>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
     <dependencies>
         <!-- Libraries that we shade into the project -->
 
@@ -35,28 +87,65 @@
         <dependency>
             <groupId>com.zaxxer</groupId>
             <artifactId>HikariCP</artifactId>
-            <version>3.4.2</version>
+            <version>4.0.3</version>
+            <exclusions>
+                <!-- HikariCP uses an old version of this API that has a typo in the service interface -->
+                <!-- We will use the api provided by the jdk14 dependency -->
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!--Logging framework implements slf4j which is required by hikari-->
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-jdk14</artifactId>
-            <version>1.7.30</version>
+            <version>2.0.11</version>
         </dependency>
 
-        <!--GSON is not at the right position for Minecraft 1.7-->
-        <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>2.2.4</version>
-        </dependency>
-
-        <!-- snakeyaml is present in Bungee, Spigot, Cauldron and so we could use this independent implementation -->
+        <!-- snakeyaml is present in Bungee, Spigot, Cauldron, so we could use this independent implementation -->
         <dependency>
             <groupId>net.md-5</groupId>
             <artifactId>bungeecord-config</artifactId>
-            <version>1.12-SNAPSHOT</version>
+            <version>1.19-R0.1-SNAPSHOT</version>
+        </dependency>
+
+        <!--Floodgate for Xbox Live Authentication-->
+        <dependency>
+            <groupId>org.geysermc.floodgate</groupId>
+            <artifactId>api</artifactId>
+            <version>${floodgate.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- Bedrock player bridge -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>core</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- We need the API, but it was excluded above -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>api</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
             <exclusions>
                 <exclusion>
                     <groupId>*</groupId>
@@ -69,16 +158,50 @@
         <dependency>
             <groupId>com.github.games647</groupId>
             <artifactId>craftapi</artifactId>
-            <version>0.3</version>
+            <version>0.6.2</version>
         </dependency>
 
-        <!-- APIs we can use because they are available in all platforms (Spigot, Bungee, Cauldron) -->
+        <!-- APIs we can use because they are available in all platforms (Spigot, Bungee, Velocity) -->
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <!-- The Uranium project (fork of Cauldron) uses 17.0 like Spigot 1.8 as experimental feature -->
-            <!-- Project url: https://github.com/UraniumMC/Uranium -->
-            <version>10.0.1</version>
+            <!-- Old version for velocity -->
+            <version>25.1-jre</version>
+            <!-- Exclude compile time dependencies not marked as such on upstream  -->
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.findbugs</groupId>
+                    <artifactId>jsr305</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.checkerframework</groupId>
+                    <artifactId>checker-qual</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.google.errorprone</groupId>
+                    <artifactId>error_prone_annotations</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.google.j2objc</groupId>
+                    <artifactId>j2objc-annotations</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>animal-sniffer-annotations</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.10.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.xerial</groupId>
+            <artifactId>sqlite-jdbc</artifactId>
+            <version>[3.36,)</version>
             <scope>provided</scope>
         </dependency>
     </dependencies>

core/src/main/java/com/github/games647/fastlogin/core/AsyncScheduler.java

@@ -0,0 +1,75 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.core;
+
+import org.slf4j.Logger;
+
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Executor;
+import java.util.concurrent.atomic.AtomicInteger;
+
+/**
+ * This limits the number of threads that are used at maximum. Thread creation can be very heavy for the CPU and
+ * context switching between threads too. However, we need many threads for blocking HTTP and database calls.
+ * Nevertheless, this number can be further limited, because the number of actually working database threads
+ * is limited by the size of our database pool. The goal is to separate concerns into processing and blocking only
+ * threads.
+ */
+public class AsyncScheduler {
+
+    private static final int MAX_CAPACITY = 1024;
+
+    //todo: single thread for delaying and scheduling tasks
+    private final Logger logger;
+
+    // 30 threads are still too many - the optimal solution is to separate into processing and blocking threads
+    // where processing threads could only be max number of cores while blocking threads could be minimized using
+    // non-blocking I/O and a single event executor
+    private final Executor processingPool;
+
+    private final AtomicInteger currentlyRunning = new AtomicInteger();
+
+    public AsyncScheduler(Logger logger, Executor processingPool) {
+        this.logger = logger;
+        this.processingPool = processingPool;
+    }
+
+    public CompletableFuture<Void> runAsync(Runnable task) {
+        return CompletableFuture.runAsync(() -> process(task), processingPool).exceptionally(error -> {
+            logger.warn("Error occurred on thread pool", error);
+            return null;
+        });
+    }
+
+    private void process(Runnable task) {
+        currentlyRunning.incrementAndGet();
+        try {
+            task.run();
+        } finally {
+            currentlyRunning.getAndDecrement();
+        }
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java

@@ -1,182 +0,0 @@
-package com.github.games647.fastlogin.core;
-
-import com.github.games647.craftapi.UUIDAdapter;
-import com.github.games647.fastlogin.core.shared.FastLoginCore;
-import com.zaxxer.hikari.HikariConfig;
-import com.zaxxer.hikari.HikariDataSource;
-
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.time.Instant;
-import java.util.Optional;
-import java.util.Properties;
-import java.util.UUID;
-import java.util.concurrent.ThreadFactory;
-
-import static java.sql.Statement.RETURN_GENERATED_KEYS;
-
-public class AuthStorage {
-
-    private static final String PREMIUM_TABLE = "premium";
-
-    private static final String LOAD_BY_NAME = "SELECT * FROM `" + PREMIUM_TABLE + "` WHERE `Name`=? LIMIT 1";
-    private static final String LOAD_BY_UUID = "SELECT * FROM `" + PREMIUM_TABLE + "` WHERE `UUID`=? LIMIT 1";
-    private static final String INSERT_PROFILE = "INSERT INTO `" + PREMIUM_TABLE
-            + "` (`UUID`, `Name`, `Premium`, `LastIp`) " + "VALUES (?, ?, ?, ?) ";
-    // limit not necessary here, because it's unique
-    private static final String UPDATE_PROFILE = "UPDATE `" + PREMIUM_TABLE
-            + "` SET `UUID`=?, `Name`=?, `Premium`=?, `LastIp`=?, `LastLogin`=CURRENT_TIMESTAMP WHERE `UserID`=?";
-
-    private final FastLoginCore<?, ?, ?> core;
-    private final HikariDataSource dataSource;
-
-    public AuthStorage(FastLoginCore<?, ?, ?> core, String host, int port, String databasePath,
-                       HikariConfig config, boolean useSSL) {
-        this.core = core;
-        config.setPoolName(core.getPlugin().getName());
-
-        //a try to fix https://www.spigotmc.org/threads/fastlogin.101192/page-26#post-1874647
-        Properties properties = new Properties();
-        properties.setProperty("date_string_format", "yyyy-MM-dd HH:mm:ss");
-        properties.setProperty("useSSL", String.valueOf(useSSL));
-        config.setDataSourceProperties(properties);
-        ThreadFactory platformThreadFactory = core.getPlugin().getThreadFactory();
-        if (platformThreadFactory != null) {
-            config.setThreadFactory(platformThreadFactory);
-        }
-
-        String jdbcUrl = "jdbc:";
-        if (config.getDriverClassName().contains("sqlite")) {
-            String pluginFolder = core.getPlugin().getPluginFolder().toAbsolutePath().toString();
-            databasePath = databasePath.replace("{pluginDir}", pluginFolder);
-
-            jdbcUrl += "sqlite://" + databasePath;
-            config.setConnectionTestQuery("SELECT 1");
-            config.setMaximumPoolSize(1);
-        } else {
-            jdbcUrl += "mysql://" + host + ':' + port + '/' + databasePath;
-            // enable MySQL specific optimizations
-            // default prepStmtCacheSize 25 - amount of cached statements - enough for us
-            // default prepStmtCacheSqlLimit 256 - length of SQL - our queries are not longer
-            // disabled by default - will return the same prepared statement instance
-            config.addDataSourceProperty("cachePrepStmts", true);
-            // default false - available in newer versions caches the statements server-side
-            config.addDataSourceProperty("useServerPrepStmts", true);
-        }
-
-        config.setJdbcUrl(jdbcUrl);
-        this.dataSource = new HikariDataSource(config);
-    }
-
-    public void createTables() throws SQLException {
-        String createDataStmt = "CREATE TABLE IF NOT EXISTS `" + PREMIUM_TABLE + "` ("
-                + "`UserID` INTEGER PRIMARY KEY AUTO_INCREMENT, "
-                + "`UUID` CHAR(36), "
-                + "`Name` VARCHAR(16) NOT NULL, "
-                + "`Premium` BOOLEAN NOT NULL, "
-                + "`LastIp` VARCHAR(255) NOT NULL, "
-                + "`LastLogin` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, "
-                //the premium shouldn't steal the cracked account by changing the name
-                + "UNIQUE (`Name`) "
-                + ')';
-
-        if (dataSource.getJdbcUrl().contains("sqlite")) {
-            createDataStmt = createDataStmt.replace("AUTO_INCREMENT", "AUTOINCREMENT");
-        }
-
-        //todo: add uuid index usage
-        try (Connection con = dataSource.getConnection();
-             Statement createStmt = con.createStatement()) {
-            createStmt.executeUpdate(createDataStmt);
-        }
-    }
-
-    public StoredProfile loadProfile(String name) {
-        try (Connection con = dataSource.getConnection();
-             PreparedStatement loadStmt = con.prepareStatement(LOAD_BY_NAME)
-        ) {
-            loadStmt.setString(1, name);
-
-            try (ResultSet resultSet = loadStmt.executeQuery()) {
-                return parseResult(resultSet).orElseGet(() -> new StoredProfile(null, name, false, ""));
-            }
-        } catch (SQLException sqlEx) {
-            core.getPlugin().getLog().error("Failed to query profile: {}", name, sqlEx);
-        }
-
-        return null;
-    }
-
-    public StoredProfile loadProfile(UUID uuid) {
-        try (Connection con = dataSource.getConnection();
-             PreparedStatement loadStmt = con.prepareStatement(LOAD_BY_UUID)) {
-            loadStmt.setString(1, UUIDAdapter.toMojangId(uuid));
-
-            try (ResultSet resultSet = loadStmt.executeQuery()) {
-                return parseResult(resultSet).orElse(null);
-            }
-        } catch (SQLException sqlEx) {
-            core.getPlugin().getLog().error("Failed to query profile: {}", uuid, sqlEx);
-        }
-
-        return null;
-    }
-
-    private Optional<StoredProfile> parseResult(ResultSet resultSet) throws SQLException {
-        if (resultSet.next()) {
-            long userId = resultSet.getInt(1);
-
-            UUID uuid = Optional.ofNullable(resultSet.getString(2)).map(UUIDAdapter::parseId).orElse(null);
-
-            String name = resultSet.getString(3);
-            boolean premium = resultSet.getBoolean(4);
-            String lastIp = resultSet.getString(5);
-            Instant lastLogin = resultSet.getTimestamp(6).toInstant();
-            return Optional.of(new StoredProfile(userId, uuid, name, premium, lastIp, lastLogin));
-        }
-
-        return Optional.empty();
-    }
-
-    public void save(StoredProfile playerProfile) {
-        try (Connection con = dataSource.getConnection()) {
-            String uuid = playerProfile.getOptId().map(UUIDAdapter::toMojangId).orElse(null);
-
-            if (playerProfile.isSaved()) {
-                try (PreparedStatement saveStmt = con.prepareStatement(UPDATE_PROFILE)) {
-                    saveStmt.setString(1, uuid);
-                    saveStmt.setString(2, playerProfile.getName());
-                    saveStmt.setBoolean(3, playerProfile.isPremium());
-                    saveStmt.setString(4, playerProfile.getLastIp());
-
-                    saveStmt.setLong(5, playerProfile.getRowId());
-                    saveStmt.execute();
-                }
-            } else {
-                try (PreparedStatement saveStmt = con.prepareStatement(INSERT_PROFILE, RETURN_GENERATED_KEYS)) {
-                    saveStmt.setString(1, uuid);
-
-                    saveStmt.setString(2, playerProfile.getName());
-                    saveStmt.setBoolean(3, playerProfile.isPremium());
-                    saveStmt.setString(4, playerProfile.getLastIp());
-
-                    saveStmt.execute();
-                    try (ResultSet generatedKeys = saveStmt.getGeneratedKeys()) {
-                        if (generatedKeys != null && generatedKeys.next()) {
-                            playerProfile.setRowId(generatedKeys.getInt(1));
-                        }
-                    }
-                }
-            }
-        } catch (SQLException ex) {
-            core.getPlugin().getLog().error("Failed to save playerProfile {}", playerProfile, ex);
-        }
-    }
-
-    public void close() {
-        dataSource.close();
-    }
-}

core/src/main/java/com/github/games647/fastlogin/core/CommonUtil.java

@@ -1,24 +1,48 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.core;
 
-import com.github.games647.craftapi.cache.SafeCacheBuilder;
-import com.google.common.cache.CacheLoader;
+import com.google.common.cache.CacheBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.jul.JDK14LoggerAdapter;
 
 import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.slf4j.impl.JDK14LoggerAdapter;
-
-public class CommonUtil {
+public final class CommonUtil {
 
     private static final char COLOR_CHAR = '&';
     private static final char TRANSLATED_CHAR = '§';
 
     public static <K, V> ConcurrentMap<K, V> buildCache(int expireAfterWrite, int maxSize) {
-        SafeCacheBuilder<Object, Object> builder = SafeCacheBuilder.newBuilder();
+        CacheBuilder<Object, Object> builder = CacheBuilder.newBuilder();
 
         if (expireAfterWrite > 0) {
             builder.expireAfterWrite(expireAfterWrite, TimeUnit.MINUTES);
@@ -28,15 +52,13 @@ public class CommonUtil {
             builder.maximumSize(maxSize);
         }
 
-        return builder.build(CacheLoader.from(() -> {
-            throw new UnsupportedOperationException();
-        }));
+        return builder.<K, V>build().asMap();
     }
 
     public static String translateColorCodes(String rawMessage) {
         char[] chars = rawMessage.toCharArray();
         for (int i = 0; i < chars.length - 1; i++) {
-            if (chars[i] == COLOR_CHAR && "0123456789AaBbCcDdEeFfKkLlMmNnOoRr".indexOf(chars[i + 1]) > -1) {
+            if (chars[i] == COLOR_CHAR && "x0123456789AaBbCcDdEeFfKkLlMmNnOoRr".indexOf(chars[i + 1]) > -1) {
                 chars[i] = TRANSLATED_CHAR;
                 chars[i + 1] = Character.toLowerCase(chars[i + 1]);
             }
@@ -45,22 +67,50 @@ public class CommonUtil {
         return new String(chars);
     }
 
-    public static Logger createLoggerFromJDK(java.util.logging.Logger parent) {
+    /**
+     * This creates a SLF4J logger. In the process it initializes the SLF4J service provider. This method looks
+     * for the provider in the plugin jar instead of in the server jar when creating a Logger. The provider is only
+     * initialized once, so this method should be called early.
+     * <p>
+     * The provider is bound to the service class `SLF4JServiceProvider`. Relocating this class makes it available
+     * for exclusive own usage. Other dependencies will use the relocated service too, and therefore will find the
+     * initialized provider.
+     *
+     * @param parent JDK logger
+     * @return slf4j logger
+     */
+    public static Logger initializeLoggerService(java.util.logging.Logger parent) {
+        // set the class loader to the plugin one to find our own SLF4J provider in the plugin jar and not in the global
+        ClassLoader oldLoader = Thread.currentThread().getContextClassLoader();
+
+        ClassLoader pluginLoader = CommonUtil.class.getClassLoader();
+        Thread.currentThread().setContextClassLoader(pluginLoader);
+
+        // Trigger provider search
+        LoggerFactory.getLogger(parent.getName()).info("Initialize logging service");
         try {
             parent.setLevel(Level.ALL);
-
-            Class<JDK14LoggerAdapter> adapterClass = JDK14LoggerAdapter.class;
-            Constructor<JDK14LoggerAdapter> cons = adapterClass.getDeclaredConstructor(java.util.logging.Logger.class);
-            cons.setAccessible(true);
-            return cons.newInstance(parent);
-        } catch (ReflectiveOperationException reflectEx) {
+            return createJDKLogger(parent);
+        } catch (IllegalAccessException | InstantiationException | InvocationTargetException
+                 | NoSuchMethodException reflectEx) {
             parent.log(Level.WARNING, "Cannot create slf4j logging adapter", reflectEx);
             parent.log(Level.WARNING, "Creating logger instance manually...");
             return LoggerFactory.getLogger(parent.getName());
+        } finally {
+            // restore previous class loader
+            Thread.currentThread().setContextClassLoader(oldLoader);
         }
     }
 
+    protected static JDK14LoggerAdapter createJDKLogger(java.util.logging.Logger parent)
+            throws NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
+        Class<JDK14LoggerAdapter> adapterClass = JDK14LoggerAdapter.class;
+        Constructor<JDK14LoggerAdapter> cons = adapterClass.getDeclaredConstructor(java.util.logging.Logger.class);
+        cons.setAccessible(true);
+        return cons.newInstance(parent);
+    }
+
     private CommonUtil() {
-        //Utility class
+        throw new RuntimeException("No instantiation of utility classes allowed");
     }
 }

core/src/main/java/com/github/games647/fastlogin/core/PremiumStatus.java

@@ -1,10 +1,45 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.core;
 
 public enum PremiumStatus {
 
-    PREMIUM,
+    PREMIUM("Premium"),
 
-    CRACKED,
+    CRACKED("Cracked"),
 
-    UNKNOWN
+    UNKNOWN("Unknown");
+
+    private final String readableName;
+
+    PremiumStatus(String readableName) {
+        this.readableName = readableName;
+    }
+
+    public String getReadableName() {
+        return readableName;
+    }
 }

core/src/main/java/com/github/games647/fastlogin/core/ProxyAgnosticMojangResolver.java

@@ -0,0 +1,81 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.core;
+
+import com.github.games647.craftapi.model.auth.Verification;
+import com.github.games647.craftapi.resolver.MojangResolver;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.InetAddress;
+import java.util.Optional;
+
+/**
+ * An extension to {@link MojangResolver} which allows connection using transparent reverse proxies.
+ * The significant difference is that unlike MojangResolver from the CraftAPI implementation, which sends the
+ * "ip" parameter when the hostIp parameter is an IPv4 address, but skips it for IPv6, this implementation leaves out
+ * the "ip" parameter also for IPv4, effectively enabling transparent proxies to work.
+ *
+ * @author games647, Enginecrafter77
+ */
+public class ProxyAgnosticMojangResolver extends MojangResolver {
+
+    private static final String HOST = "sessionserver.mojang.com";
+
+    /**
+     * A formatting string containing a URL used to call the {@code hasJoined} method on mojang session servers.
+     * <p>
+     * Formatting parameters:
+     * 1. The username of the player in question
+     * 2. The serverId of this server
+     */
+    public static final String ENDPOINT = "https://" + HOST + "/session/minecraft/hasJoined?username=%s&serverId=%s";
+
+    @Override
+    public Optional<Verification> hasJoined(String username, String serverHash, InetAddress hostIp)
+        throws IOException {
+        String url = String.format(ENDPOINT, username, serverHash);
+
+        HttpURLConnection conn = this.getConnection(url);
+        int responseCode = conn.getResponseCode();
+
+        Verification verification = null;
+
+        // Mojang session servers send HTTP 204 (NO CONTENT) when the authentication seems invalid
+        // If that's not our case, the authentication is valid, and so we can parse the response.
+        if (responseCode != HttpURLConnection.HTTP_NO_CONTENT) {
+            verification = this.parseRequest(conn, this::parseVerification);
+        }
+
+        return Optional.ofNullable(verification);
+    }
+
+    // Functional implementation of InputStreamAction, used in hasJoined method in parseRequest call
+    protected Verification parseVerification(InputStream input) throws IOException {
+        return this.readJson(input, Verification.class);
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/StoredProfile.java

@@ -1,94 +0,0 @@
-package com.github.games647.fastlogin.core;
-
-import com.github.games647.craftapi.model.Profile;
-
-import java.time.Instant;
-import java.util.Optional;
-import java.util.UUID;
-
-import javax.annotation.Nullable;
-
-public class StoredProfile extends Profile {
-
-    private long rowId;
-
-    private boolean premium;
-    private String lastIp;
-    private Instant lastLogin;
-
-    public StoredProfile(long rowId, UUID uuid, String playerName, boolean premium, String lastIp, Instant lastLogin) {
-        super(uuid, playerName);
-
-        this.rowId = rowId;
-        this.premium = premium;
-        this.lastIp = lastIp;
-        this.lastLogin = lastLogin;
-    }
-
-    public StoredProfile(UUID uuid, String playerName, boolean premium, String lastIp) {
-        this(-1, uuid, playerName, premium, lastIp, Instant.now());
-    }
-
-    public synchronized boolean isSaved() {
-        return rowId >= 0;
-    }
-
-    public synchronized void setPlayerName(String playerName) {
-        this.name = playerName;
-    }
-
-    public synchronized long getRowId() {
-        return rowId;
-    }
-
-    public synchronized void setRowId(long generatedId) {
-        this.rowId = generatedId;
-    }
-
-    @Nullable
-    public synchronized UUID getId() {
-        return id;
-    }
-
-    public synchronized Optional<UUID> getOptId() {
-        return Optional.ofNullable(id);
-    }
-
-    public synchronized void setId(UUID uniqueId) {
-        this.id = uniqueId;
-    }
-
-    public synchronized boolean isPremium() {
-        return premium;
-    }
-
-    public synchronized void setPremium(boolean premium) {
-        this.premium = premium;
-    }
-
-    public synchronized String getLastIp() {
-        return lastIp;
-    }
-
-    public synchronized void setLastIp(String lastIp) {
-        this.lastIp = lastIp;
-    }
-
-    public synchronized Instant getLastLogin() {
-        return lastLogin;
-    }
-
-    public synchronized void setLastLogin(Instant lastLogin) {
-        this.lastLogin = lastLogin;
-    }
-
-    @Override
-    public synchronized String toString() {
-        return this.getClass().getSimpleName() + '{' +
-                "rowId=" + rowId +
-                ", premium=" + premium +
-                ", lastIp='" + lastIp + '\'' +
-                ", lastLogin=" + lastLogin +
-                "} " + super.toString();
-    }
-}

core/src/main/java/com/github/games647/fastlogin/core/antibot/AntiBotService.java

@@ -0,0 +1,62 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.core.antibot;
+
+import org.slf4j.Logger;
+
+import java.net.InetSocketAddress;
+
+public class AntiBotService {
+
+    private final Logger logger;
+
+    private final RateLimiter rateLimiter;
+    private final Action limitReachedAction;
+
+    public AntiBotService(Logger logger, RateLimiter rateLimiter, Action limitReachedAction) {
+        this.logger = logger;
+
+        this.rateLimiter = rateLimiter;
+        this.limitReachedAction = limitReachedAction;
+    }
+
+    public Action onIncomingConnection(InetSocketAddress clientAddress, String username) {
+        if (!rateLimiter.tryAcquire()) {
+            logger.warn("Anti-Bot join limit - Ignoring {}", clientAddress);
+            return limitReachedAction;
+        }
+
+        return Action.Continue;
+    }
+
+    public enum Action {
+        Ignore,
+
+        Block,
+
+        Continue
+    }
+}

core/src/main/java/com/github/games647/fastlogin/core/antibot/RateLimiter.java

@@ -0,0 +1,32 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2023 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.core.antibot;
+
+@FunctionalInterface
+public interface RateLimiter {
+
+    boolean tryAcquire();
+}