# FastLogin config# Project site: https://www.spigotmc.org/resources/fastlogin

1. # FastLogin config
2. # Project site: https://www.spigotmc.org/resources/fastlogin.14153
3. # Source code: https://github.com/games647/FastLogin
4. #
5. # You can access the newest config here:
6. # https://github.com/games647/FastLogin/blob/main/core/src/main/resources/config.yml
7.  
8. # This a **very** simple anti bot protection. Recommendation is to use a a dedicated program to approach this
9. # problem. Low level firewalls like uwf (or iptables direct) are more efficient than a Minecraft plugin. TCP reverse
10. # proxies could also be used and offload some work even to different host.
11. #
12. # The settings wil limit how many connections this plugin will handle. After hitting this limit. FastLogin will
13. # completely ignore incoming connections. Effectively there will be no database requests and network requests.
14. # Therefore auto logins won't be possible.
15. anti-bot:
16. # Image the following like bucket. The following is total amount that is allowed in this bucket, while expire
17. # means how long it takes for every entry to expire.
18. # Total number of connections
19. connections: 600
20. # Amount of minutes after the first connection got inserted will expire and made available
21. expire: 10
22.  
23. # Request a premium login without forcing the player to type a command
24. #
25. # If you activate autoRegister, this plugin will check/do these points on login:
26. # 1. An existing cracked account shouldn't exist
27. # -> paid accounts cannot steal the existing account of cracked players
28. # - (Already registered players could still use the /premium command to activate premium checks)
29. # 2. Automatically registers an account with a strong random generated password
30. # -> cracked player cannot register an account for the premium player and so cannot the steal the account
31. #
32. # Furthermore the premium player check have to be made based on the player name
33. # This means if a cracked player connects to the server and we request a paid account login from this player
34. # the player just disconnect and sees the message: 'bad login' or 'invalid session'
35. # There is no way to change this message
36. # For more information: https://github.com/games647/FastLogin#why-do-players-have-to-invoke-a-command
37. autoRegister: false
38.  
39. # Should FastLogin respect per IP limit of registrations (e.g. in AuthMe)
40. # Because most auth plugins do their stuff async - FastLogin will still think the player was registered
41. # To work best - you also need to enable auto-register-unknown
42. #
43. # If set to true - FastLogin will always attempt to register the player, even if the limit is exceeded
44. # It is up to the auth plugin to handle the excessive registration
45. # https://github.com/games647/FastLogin/issues/458
46. respectIpLimit: false
47.  
48. # This is extra configuration option to the feature above. If we request a premium authentication from a player who
49. # isn't actual premium but used a premium username, the player will disconnect with the reason "invalid session" or
50. # "bad login".
51. #
52. # If you activate this, we are remembering this player and do not force another premium authentication if the player
53. # tries to join again, so the player could join as cracked player.
54. secondAttemptCracked: false
55.  
56. # New cracked players will be kicked from server. Good if you want switch from offline-mode to online-mode without
57. # losing players!
58. #
59. # Existing cracked and premium players could still join your server. Moreover you could add playernames to a
60. # allowlist.
61. # So that these cracked players could join too although they are new players.
62. switchMode: false
63.  
64. # If this plugin detected that a player has a premium, it can also set the associated
65. # uuid from that account. So if the player changes the username, they will still have
66. # the same player data (inventory, permissions, ...)
67. #
68. # Warning: This also means that the UUID will be different if the player is connecting
69. # through a offline mode connection. This **could** cause plugin compatibility issues.
70. #
71. # This is a example and doesn't apply for every plugin.
72. # Example: If you want to ban players who aren't online at the moment, the ban plugin will look
73. # after a offline uuid associated to the player, because the server is in offline mode. Then the premium
74. # players could still join the server, because they have different UUID.
75. #
76. # Moreover you may want to convert the offline UUID to a premium UUID. This will ensure that the player
77. # will have the same inventory, permissions, ... if they switched to premium authentication from offline/cracked
78. # authentication.
79. #
80. # This feature requires Cauldron, Spigot or a fork of Spigot (Paper)
81. premiumUuid: false
82.  
83. # This will make an additional check (only for player names which are not in the database) against the mojang servers
84. # in order to get the premium UUID. If that premium UUID is in the database, we can assume on successful login that the
85. # player changed it's username and we just update the name in the database.
86. # Examples:
87. # #### Case 1
88. # autoRegister = false
89. # nameChangeCheck = false
90. #
91. # GameProfile logins as cracked until the player invoked the command /premium. Then we could override the existing
92. # database record.
93. #
94. # #### Case 2
95. # autoRegister = false
96. # nameChangeCheck = true
97. #
98. # Connect the Mojang API and check what UUID the player has (UUID exists => Paid Minecraft account). If that UUID is in
99. # the database it's an **existing player** and FastLogin can **assume** the player is premium and changed the username.
100. # If it's not in the database, it's a new player and **could be a cracked player**. So we just use a offline mode
101. # authentication for this player.
102. #
103. # **Limitation**: Cracked players who uses the new username of a paid account cannot join the server if the database
104. # contains the old name. (Example: The owner of the paid account no longer plays on the server, but changed the username
105. # in the meanwhile).
106. #
107. # #### Case 3
108. # autoRegister = true
109. # nameChangeCheck = false
110. #
111. # We will always request a premium authentication if the username is unknown to us, but is in use by a paid Minecraft
112. # account. This means it's kind of a more aggressive check like nameChangeCheck = true and autoRegister = false, because
113. # it request a premium authentication which are completely new to us, that even the premium UUID is not in our database.
114. #
115. # **Limitation**: see below
116. #
117. # #### Case 4
118. # autoRegister = true
119. # nameChangeCheck = true
120. #
121. # Based on autoRegister it checks if the player name is premium and login using a premium authentication. After that
122. # fastlogin receives the premium UUID and can update the database record.
123. #
124. # **Limitation from autoRegister**: New offline players who uses the username of an existing Minecraft cannot join the
125. # server.
126. nameChangeCheck: false
127.  
128. # If your players have a premium account and a skin associated to their account, this plugin
129. # can download the data and set it to the online player.
130. #
131. # Keep in mind that this will only works if the player:
132. # * is the owner of the premium account
133. # * the server connection is established through a premium connection (paid account authentication)
134. # * has a skin
135. #
136. # This means this plugin doesn't need to create a new connection to the Mojang servers, because
137. # the skin data is included in the Auth-Verification-Response sent by Mojang. If you want to use for other
138. # players like cracked player, you have to use other plugins.
139. #
140. # If you use PaperSpigot - FastLogin will always try to set the skin, even if forwardSkin is set to false
141. # It is needed to allow premium name change to work correctly
142. # https://github.com/games647/FastLogin/issues/457
143. #
144. # If you want to use skins for your cracked player, you need an additional plugin like
145. # ChangeSkin, SkinRestorer, ...
146. forwardSkin: true
147.  
148. # Displays a warning message that this message SHOULD only be invoked by
149. # users who actually are the owner of this account. So not by cracked players
150. #
151. # If they still want to invoke the command, they have to invoke /premium again
152. premium-warning: true
153.  
154. # If you have autoRegister or nameChangeCheck enabled, you could be rate-limited by Mojang.
155. # The requests of the both options will be only made by FastLogin if the username is unknown to the server
156. # You are allowed to make 600 requests per 10-minutes (60 per minute)
157. # If you own a big server this value could be too low
158. # Once the limit is reached, new players are always logged in as cracked until the rate-limit is expired.
159. # (to the next ten minutes)
160. #
161. # The limit is IP-wide. If you have multiple IPv4-addresses you specify them here. FastLogin will then use it in
162. # rotating order --> 5 different IP-addresses 5 * 600 per 10 minutes
163. # If this list is empty only the default one will be used
164. #
165. # Lists are created like this:
166. #ip-addresses:
167. # - 192-168-0-2
168. ip-addresses: []
169.  
170. # How many requests should be established to the Mojang API for Name -> UUID requests. Some other plugins as well
171. # as the head Minecraft block make such requests as well. Using this option you can limit the amount requests this
172. # plugin should make.
173. #
174. # If you lower this value, other plugins could still make requests while FastLogin cannot.
175. # Mojang limits the amount of request to 600 per 10 minutes per IPv4-address.
176. mojang-request-limit: 600
177.  
178. # This option automatically registers players which are in the FastLogin database, but not in the auth plugin database.
179. # This can happen if you switch your auth plugin or cleared the database of the auth plugin.
180. # https://github.com/games647/FastLogin/issues/85
181. auto-register-unknown: false
182.  
183. # This disables the auto login from fastlogin. So a premium (like a paid account) authentication is requested, but
184. # the player won't be auto logged into the account.
185. #
186. # This can be used as 2Factor authentication for better security of your accounts. A hacker then needs both passwords.
187. # The password of your Minecraft and the password to login in with your auth plugin
188. autoLogin: true
189.  
190. # Floodgate configuration
191. # Connecing through Floodgate requires player's to sign in via their Xbox Live account
192. # !!!!!!!! WARNING: FLOODGATE SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
193. # Enabling any of these settings might lead to people gaining unauthorized access to other's accounts!
194.  
195. # Automatically log in players connecting through Floodgate.
196. # Possible values:
197. # false: Disables auto login for every player connecting through Floodgate
198. # true: Enables auto login for every player connecting through Floodgate
199. # linked: Only Bedrock accounts that are linked to a Java account will be logged in automatically
200. # no-conflict: Bedrock players will only be automatically logged in if the Mojang API reports
201. # that there is no existing Premium Java MC account with their name.
202. # This option can be useful if you are not using 'username-prefix' in floodgate/config.yml
203. # Requires 'autoLogin' to be 'true'
204. # !!!!!!!! WARNING: FLOODGATE SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
205. # Enabling this might lead to people gaining unauthorized access to other's accounts!
206. autoLoginFloodgate: false
207.  
208. # This enables Floodgate or Offline Geyser players to join the server, even if they are using the name of an
209. # existing Java **PREMIUM** account (so someone has bought Minecraft with that username)
210. #
211. # Java and Bedrock players will get different UUIDs, so their inventories, location, etc. will be different.
212. # However, some plugins (such as AuthMe) rely on names instead of UUIDs to identify a player which might cause issues.
213. # In the case of AuthMe (and other auth plugins), both the Java and the Bedrock player will have the same password.
214. #
215. # To prevent conflits from two different players having the same name, it is highly recommended to use a 'username-prefix'
216. # in floodgate/config.yml
217. # Note: 'username-prefix' is currently broken when used with FastLogin and ProtocolLib. For more information visit:
218. # https://github.com/games647/FastLogin/issues/493
219. # A solution to this is to replace ProtocolLib with ProtocolSupport
220. #
221. # Possible values:
222. # false: Kick Bedrock players, if they are using an existing Premium Java account's name
223. # Note: Linked Floodgate players have the same name as their Java profile, so the Bedrock player will always conflict
224. # their own Java account's name. Therefore, setting this to false will prevent any linked player from joining.
225. # true: Bypass name conflict checking.
226. # linked: Floodgate accounts linked to a Java account will be allowed to join with conflicting names
227. # For Offline Geyser players, 'linked' works as 'false'
228. # !!!!!!!! WARNING: FLOODGATE/GEYSER SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
229. # Enabling this might lead to people gaining unauthorized access to other's accounts!
230. allowFloodgateNameConflict: false
231.  
232. # Automatically register players connecting through Floodgate.
233. # autoLoginFloodgate must be available for the player to use this
234. # Possible values:
235. # false: Disables auto registering for every player connecting through Floodgate
236. # true: Enables auto registering for every player connecting through Floodgate
237. # linked: Only Bedrock accounts that are linked to a Java account will be registered automatically
238. # no-conflict: Bedrock players will only be automatically registered if the Mojang API reports
239. # that there is no existing Premium Java MC account with their name.
240. # This option can be useful if you are not using 'username-prefix' in floodgate/config.yml
241. # Requires 'autoRegister' to be 'true'
242. # !!!!!!!! WARNING: FLOODGATE SUPPORT IS AN EXPERIMENTAL FEATURE !!!!!!!!
243. # Enabling this might lead to people gaining unauthorized access to other's accounts!
244. autoRegisterFloodgate: false
245.  
246. # Database configuration
247. # Recommended is the use of MariaDB (a better version of MySQL)
248.  
249. # Single file SQLite database
250. #driver: 'org.sqlite.JDBC'
251. # File location
252. #database: '{pluginDir}/FastLogin.db'
253.  
254. # MySQL/MariaDB
255. # If you want to enable it uncomment only the lines below this not this line.
256. # If on velocity use 'fastlogin.mariadb.jdbc.Driver' as driver
257. driver: 'com.mysql.jdbc.Driver'
258. host: '87.98.251.165'
259. port: 3306
260. database: 'fastlogin'
261. username: 'myUser'
262. password: 'myPassword'
263.  
264. # Advanced Connection Pool settings in seconds
265. #timeout: 30
266. #lifetime: 30
267.  
268. ## It's recommended to enable SSL if the MySQL server isn't running on the same host
269. ## This will encrypt the connection for secure transportation of the sql server password
270. #useSSL: false
271. ## Verification requirements for the server cert,
272. ## Values: Required (unchecked SSL connection), VerifyCA (verify CA), VerifyFull (verify CA and matching hostname)
273. #sslMode=Required
274. ## TLS is preferred for this technique, then your host stored certificate store will be used to verify the server cert
275. ## Similar to HTTPS. If that's not possible RSA can be used with the following options.
276. ## This allows to request the public RSA key from the server to encrypt the data to it. True would allow machine-in-the-
277. ## middle attacks.
278. #allowPublicKeyRetrieval=false
279. ## Path to the RSA public key if key retrieval is forbidden
280. #ServerRSAPublicKeyFile=
281.  
282. # HTTP proxies for connecting to the Mojang servers in order to check if the username of a player is premium.
283. # This is a workaround to prevent rate-limiting by Mojang. These proxies will only be used once your server hit
284. # the rate-limit or the custom value above.
285. # Please make sure you use reliable proxies.
286. proxies:
287. # 'IP:Port' or 'Domain:Port'
288. # - 'xyz.com:1337'
289. # - 'test.com:5131'