From 1da8a6dbc84d949098f376b561406a497096c6b1 Mon Sep 17 00:00:00 2001 From: * <61941069+Git-Fal7@users.noreply.github.com> Date: Wed, 8 May 2024 09:55:00 +0300 Subject: [PATCH 1/5] Add bungeeguard fowarding mode --- pkg/edition/java/config/config.go | 7 +++++-- pkg/edition/java/proxy/session_client_auth.go | 3 +++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/edition/java/config/config.go b/pkg/edition/java/config/config.go index 74773310..e22c1d8b 100644 --- a/pkg/edition/java/config/config.go +++ b/pkg/edition/java/config/config.go @@ -133,8 +133,9 @@ type ( ShowPlugins bool `yaml:"showPlugins"` } Forwarding struct { - Mode ForwardingMode `yaml:"mode"` - VelocitySecret string `yaml:"velocitySecret"` // Used with "velocity" mode + Mode ForwardingMode `yaml:"mode"` + VelocitySecret string `yaml:"velocitySecret"` // Used with "velocity" mode + BungeeguardSecret string `yaml:"bungeeguardSecret"` // Used with "bungeeguard" mode } Compression struct { Threshold int `yaml:"threshold"` @@ -169,6 +170,8 @@ const ( // VelocityForwardingMode is a forwarding mode specified by the Velocity java proxy and // supported by PaperSpigot for versions starting at 1.13. VelocityForwardingMode ForwardingMode = "velocity" + // BungeeGuardFowardingMode is a forwarding mode used by versions lower than 1.13 + BungeeGuardFowardingMode ForwardingMode = "bungeeguard" ) // Validate validates Config. diff --git a/pkg/edition/java/proxy/session_client_auth.go b/pkg/edition/java/proxy/session_client_auth.go index 543274fc..ff273dda 100644 --- a/pkg/edition/java/proxy/session_client_auth.go +++ b/pkg/edition/java/proxy/session_client_auth.go @@ -73,6 +73,9 @@ func (a *authSessionHandler) Activated() { gameProfile := *a.inbound.delegate.Type().AddGameProfileTokensIfRequired( a.profile, a.config().Forwarding.Mode) + if a.config().Forwarding.Mode == config.BungeeGuardFowardingMode { + gameProfile.Properties = append(gameProfile.Properties, profile.Property{Name: "bungeeguard-token", Value: a.config().Forwarding.BungeeguardSecret}) + } profileRequest := NewGameProfileRequestEvent(a.inbound, gameProfile, a.onlineMode) a.eventMgr.Fire(profileRequest) conn := a.inbound.delegate.MinecraftConn From 0985149cdb5f14ab7b27eb2c7b62a6d9a3c1cdc3 Mon Sep 17 00:00:00 2001 From: * <61941069+Git-Fal7@users.noreply.github.com> Date: Wed, 8 May 2024 10:01:13 +0300 Subject: [PATCH 2/5] allow "bungeeguard" as a fowarding mode in the config --- pkg/edition/java/config/config.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/edition/java/config/config.go b/pkg/edition/java/config/config.go index e22c1d8b..939cbbdd 100644 --- a/pkg/edition/java/config/config.go +++ b/pkg/edition/java/config/config.go @@ -2,6 +2,7 @@ package config import ( "fmt" + liteconfig "go.minekube.com/gate/pkg/edition/java/lite/config" "go.minekube.com/gate/pkg/edition/java/proto/version" "go.minekube.com/gate/pkg/util/componentutil" @@ -218,9 +219,9 @@ func (c *Config) Validate() (warns []error, errs []error) { case NoneForwardingMode: w("Player forwarding is disabled! Backend servers will have players with " + "offline-mode UUIDs and the same IP as the proxy.") - case LegacyForwardingMode, VelocityForwardingMode: + case LegacyForwardingMode, VelocityForwardingMode, BungeeGuardFowardingMode: default: - e("Unknown forwarding mode %q, must be one of none,legacy,velocity", c.Forwarding.Mode) + e("Unknown forwarding mode %q, must be one of none,legacy,velocity,bungeeguard", c.Forwarding.Mode) } if len(c.Servers) == 0 { From 3cd0a11c43311e9e7f0480be2060ce745618f038 Mon Sep 17 00:00:00 2001 From: * <61941069+Git-Fal7@users.noreply.github.com> Date: Wed, 8 May 2024 10:09:31 +0300 Subject: [PATCH 3/5] make sure bungeeguard uses the legacy fowarding mode --- pkg/edition/java/proxy/phase/types.go | 2 +- pkg/edition/java/proxy/server.go | 2 +- pkg/edition/java/proxy/session_backend_login.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/edition/java/proxy/phase/types.go b/pkg/edition/java/proxy/phase/types.go index cd23d782..3c074814 100644 --- a/pkg/edition/java/proxy/phase/types.go +++ b/pkg/edition/java/proxy/phase/types.go @@ -77,7 +77,7 @@ func (*legacyForgeConnType) AddGameProfileTokensIfRequired( // since both use the "hostname" field in the handshake. We add a special property to the // profile instead, which will be ignored by non-Forge servers and can be intercepted by a // Forge coremod, such as SpongeForge. - if forwardingType == config.LegacyForwardingMode { + if forwardingType == config.LegacyForwardingMode || forwardingType == config.BungeeGuardFowardingMode { original.Properties = append(original.Properties, profile.Property{Name: "forgeClient", Value: "true"}) } return original diff --git a/pkg/edition/java/proxy/server.go b/pkg/edition/java/proxy/server.go index 9a874501..f1aaf8a6 100644 --- a/pkg/edition/java/proxy/server.go +++ b/pkg/edition/java/proxy/server.go @@ -342,7 +342,7 @@ func (s *serverConnection) handshakeAddr(vHost string, player Player) string { var ok bool if ha, ok = s.Server().ServerInfo().(HandshakeAddresser); !ok { if ha, ok = s.Server().(HandshakeAddresser); !ok { - if s.config().Forwarding.Mode == config.LegacyForwardingMode { + if s.config().Forwarding.Mode == config.LegacyForwardingMode || s.config().Forwarding.Mode == config.BungeeGuardFowardingMode { return s.createLegacyForwardingAddress() } } diff --git a/pkg/edition/java/proxy/session_backend_login.go b/pkg/edition/java/proxy/session_backend_login.go index e767359d..184a73f7 100644 --- a/pkg/edition/java/proxy/session_backend_login.go +++ b/pkg/edition/java/proxy/session_backend_login.go @@ -250,7 +250,7 @@ func (b *backendLoginSessionHandler) handleServerLoginSuccess() { } func (b *backendLoginSessionHandler) Disconnected() { - if b.config().Forwarding.Mode == config.LegacyForwardingMode { + if b.config().Forwarding.Mode == config.LegacyForwardingMode || b.config().Forwarding.Mode == config.BungeeGuardFowardingMode { b.requestCtx.result(nil, errs.NewSilentErr(`The connection to the remote server was unexpectedly closed. This is usually because the remote server does not have BungeeCord IP forwarding correctly enabled.`)) } else { From 29c16f634f93bc4622033a65fa74f4d6db751778 Mon Sep 17 00:00:00 2001 From: robinbraemer Date: Mon, 17 Jun 2024 10:12:02 +0200 Subject: [PATCH 4/5] fix typo; TODO createBungeeGuardForwardingAddress method --- pkg/edition/java/config/config.go | 8 ++++---- pkg/edition/java/proxy/phase/types.go | 2 +- pkg/edition/java/proxy/server.go | 10 +++++++++- pkg/edition/java/proxy/session_backend_login.go | 2 +- pkg/edition/java/proxy/session_client_auth.go | 4 ++-- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/pkg/edition/java/config/config.go b/pkg/edition/java/config/config.go index 939cbbdd..b0320a81 100644 --- a/pkg/edition/java/config/config.go +++ b/pkg/edition/java/config/config.go @@ -136,7 +136,7 @@ type ( Forwarding struct { Mode ForwardingMode `yaml:"mode"` VelocitySecret string `yaml:"velocitySecret"` // Used with "velocity" mode - BungeeguardSecret string `yaml:"bungeeguardSecret"` // Used with "bungeeguard" mode + BungeeGuardSecret string `yaml:"bungeeGuardSecret"` // Used with "bungeeguard" mode } Compression struct { Threshold int `yaml:"threshold"` @@ -171,8 +171,8 @@ const ( // VelocityForwardingMode is a forwarding mode specified by the Velocity java proxy and // supported by PaperSpigot for versions starting at 1.13. VelocityForwardingMode ForwardingMode = "velocity" - // BungeeGuardFowardingMode is a forwarding mode used by versions lower than 1.13 - BungeeGuardFowardingMode ForwardingMode = "bungeeguard" + // BungeeGuardForwardingMode is a forwarding mode used by versions lower than 1.13 + BungeeGuardForwardingMode ForwardingMode = "bungeeguard" ) // Validate validates Config. @@ -219,7 +219,7 @@ func (c *Config) Validate() (warns []error, errs []error) { case NoneForwardingMode: w("Player forwarding is disabled! Backend servers will have players with " + "offline-mode UUIDs and the same IP as the proxy.") - case LegacyForwardingMode, VelocityForwardingMode, BungeeGuardFowardingMode: + case LegacyForwardingMode, VelocityForwardingMode, BungeeGuardForwardingMode: default: e("Unknown forwarding mode %q, must be one of none,legacy,velocity,bungeeguard", c.Forwarding.Mode) } diff --git a/pkg/edition/java/proxy/phase/types.go b/pkg/edition/java/proxy/phase/types.go index 3c074814..d7da899f 100644 --- a/pkg/edition/java/proxy/phase/types.go +++ b/pkg/edition/java/proxy/phase/types.go @@ -77,7 +77,7 @@ func (*legacyForgeConnType) AddGameProfileTokensIfRequired( // since both use the "hostname" field in the handshake. We add a special property to the // profile instead, which will be ignored by non-Forge servers and can be intercepted by a // Forge coremod, such as SpongeForge. - if forwardingType == config.LegacyForwardingMode || forwardingType == config.BungeeGuardFowardingMode { + if forwardingType == config.LegacyForwardingMode || forwardingType == config.BungeeGuardForwardingMode { original.Properties = append(original.Properties, profile.Property{Name: "forgeClient", Value: "true"}) } return original diff --git a/pkg/edition/java/proxy/server.go b/pkg/edition/java/proxy/server.go index f1aaf8a6..77e9a2c0 100644 --- a/pkg/edition/java/proxy/server.go +++ b/pkg/edition/java/proxy/server.go @@ -342,8 +342,12 @@ func (s *serverConnection) handshakeAddr(vHost string, player Player) string { var ok bool if ha, ok = s.Server().ServerInfo().(HandshakeAddresser); !ok { if ha, ok = s.Server().(HandshakeAddresser); !ok { - if s.config().Forwarding.Mode == config.LegacyForwardingMode || s.config().Forwarding.Mode == config.BungeeGuardFowardingMode { + switch s.config().Forwarding.Mode { + case config.LegacyForwardingMode: return s.createLegacyForwardingAddress() + case config.BungeeGuardForwardingMode: + secret := s.config().Forwarding.BungeeGuardSecret + return s.createBungeeGuardForwardingAddress(secret) } } } @@ -490,6 +494,10 @@ func (s *serverConnection) createLegacyForwardingAddress() string { return b.String() } +func (s *serverConnection) createBungeeGuardForwardingAddress(secret string) string { + // TODO see https://github.com/PaperMC/Velocity/blob/e60e2063a87c8904b5ad89680aa51698b1ef8a0c/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/VelocityServerConnection.java#L154 +} + // Returns the active backend server connection or false if inactive. func (s *serverConnection) ensureConnected() (backend netmc.MinecraftConn, connected bool) { if s == nil { diff --git a/pkg/edition/java/proxy/session_backend_login.go b/pkg/edition/java/proxy/session_backend_login.go index 184a73f7..23595642 100644 --- a/pkg/edition/java/proxy/session_backend_login.go +++ b/pkg/edition/java/proxy/session_backend_login.go @@ -250,7 +250,7 @@ func (b *backendLoginSessionHandler) handleServerLoginSuccess() { } func (b *backendLoginSessionHandler) Disconnected() { - if b.config().Forwarding.Mode == config.LegacyForwardingMode || b.config().Forwarding.Mode == config.BungeeGuardFowardingMode { + if b.config().Forwarding.Mode == config.LegacyForwardingMode || b.config().Forwarding.Mode == config.BungeeGuardForwardingMode { b.requestCtx.result(nil, errs.NewSilentErr(`The connection to the remote server was unexpectedly closed. This is usually because the remote server does not have BungeeCord IP forwarding correctly enabled.`)) } else { diff --git a/pkg/edition/java/proxy/session_client_auth.go b/pkg/edition/java/proxy/session_client_auth.go index ff273dda..45eb9275 100644 --- a/pkg/edition/java/proxy/session_client_auth.go +++ b/pkg/edition/java/proxy/session_client_auth.go @@ -73,8 +73,8 @@ func (a *authSessionHandler) Activated() { gameProfile := *a.inbound.delegate.Type().AddGameProfileTokensIfRequired( a.profile, a.config().Forwarding.Mode) - if a.config().Forwarding.Mode == config.BungeeGuardFowardingMode { - gameProfile.Properties = append(gameProfile.Properties, profile.Property{Name: "bungeeguard-token", Value: a.config().Forwarding.BungeeguardSecret}) + if a.config().Forwarding.Mode == config.BungeeGuardForwardingMode { + gameProfile.Properties = append(gameProfile.Properties, profile.Property{Name: "bungeeguard-token", Value: a.config().Forwarding.BungeeGuardSecret}) } profileRequest := NewGameProfileRequestEvent(a.inbound, gameProfile, a.onlineMode) a.eventMgr.Fire(profileRequest) From 998186908de7a8dd6786daee2acbd54abbfae2c9 Mon Sep 17 00:00:00 2001 From: NixNux123 <95556010+NixNux123@users.noreply.github.com> Date: Fri, 13 Sep 2024 07:25:13 +0200 Subject: [PATCH 5/5] Bungeeguard Support (#382) * Fixed Bungeeguard Support - Fixed incomplete bungeeguard support - Added bungeeguard options to config.yml * Updated compatibility docs - Added bungeeguard as a forwarding option --- .web/docs/guide/compatibility.md | 4 ++-- config.yml | 4 +++- pkg/edition/java/proxy/server.go | 20 ++++++++++++++++++- pkg/edition/java/proxy/session_client_auth.go | 4 ---- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/.web/docs/guide/compatibility.md b/.web/docs/guide/compatibility.md index 141fb0c1..4874b37a 100644 --- a/.web/docs/guide/compatibility.md +++ b/.web/docs/guide/compatibility.md @@ -13,14 +13,14 @@ We highly recommend using [Paper](https://papermc.io/) for running a server in m Gate is tested with older and most recent versions of it. You can use `modern` forwarding (like Velocity does) if you run Paper -1.13.2 or higher. If you use Paper 1.12.2 or lower, you must use `legacy` BungeeCord-style forwarding. +1.13.2 or higher. If you use Paper 1.12.2 or lower, you can use `legacy` BungeeCord-style forwarding or the more secure `bungeeguard` [Bungeeguard](https://www.spigotmc.org/resources/bungeeguard.79601/) forwarding. ## Spigot Spigot is not well-tested with Gate. However, it is based on vanilla and as it is the base for Paper, it is relatively well-supported. -Spigot does not support Gate/Velocity modern forwarding, but does support legacy BungeeCord forwarding. +Spigot does not support Gate/Velocity modern forwarding, but does support legacy BungeeCord forwarding and the more secure Bungeeguard forwarding when using the [Bungeeguard](https://www.spigotmc.org/resources/bungeeguard.79601/) plugin. ## Forks of Spigot/Paper diff --git a/config.yml b/config.yml index 7c2e5033..cc6b2178 100644 --- a/config.yml +++ b/config.yml @@ -82,10 +82,12 @@ config: # This allows you to customize how player information such as IPs and UUIDs are forwarded to your server. # See the documentation for more information. forwarding: - # Options: legacy, none, velocity + # Options: legacy, none, bungeeguard, velocity mode: legacy # The secret used if the mode is velocity. #velocitySecret: secret_here + # The secret used if the mode is bungeeguard. + #bungeeGuardSecret: secret_here # Proxy protocol (HA-Proxy) determines whether Gate should support proxy protocol for players. # Do not enable this if you don't know what it is. proxyProtocol: false diff --git a/pkg/edition/java/proxy/server.go b/pkg/edition/java/proxy/server.go index 77e9a2c0..db53ce30 100644 --- a/pkg/edition/java/proxy/server.go +++ b/pkg/edition/java/proxy/server.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "go.minekube.com/gate/pkg/edition/java/forge/modernforge" + "go.minekube.com/gate/pkg/edition/java/profile" "net" "strings" "sync" @@ -495,7 +496,24 @@ func (s *serverConnection) createLegacyForwardingAddress() string { } func (s *serverConnection) createBungeeGuardForwardingAddress(secret string) string { - // TODO see https://github.com/PaperMC/Velocity/blob/e60e2063a87c8904b5ad89680aa51698b1ef8a0c/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/VelocityServerConnection.java#L154 + // Bungeeguard IP forwading is the same as the legacy Bungeecord IP forwarding but with an additional + // property in the profile properties that contains the bungeeguard-token. + playerIP := netutil.Host(s.player.RemoteAddr()) + b := new(strings.Builder) + b.WriteString(s.server.ServerInfo().Addr().String()) + const sep = "\000" + b.WriteString(sep) + b.WriteString(playerIP) + b.WriteString(sep) + b.WriteString(s.player.profile.ID.Undashed()) + b.WriteString(sep) + props, err := json.Marshal( + append(s.player.profile.Properties, profile.Property{Name: "bungeeguard-token", Value: secret})) + if err != nil { // should never happen + panic(err) + } + b.WriteString(string(props)) // first convert props to string + return b.String() } // Returns the active backend server connection or false if inactive. diff --git a/pkg/edition/java/proxy/session_client_auth.go b/pkg/edition/java/proxy/session_client_auth.go index 45eb9275..827ccf57 100644 --- a/pkg/edition/java/proxy/session_client_auth.go +++ b/pkg/edition/java/proxy/session_client_auth.go @@ -72,10 +72,6 @@ func (a *authSessionHandler) Activated() { // Some connection types may need to alter the game profile. gameProfile := *a.inbound.delegate.Type().AddGameProfileTokensIfRequired( a.profile, a.config().Forwarding.Mode) - - if a.config().Forwarding.Mode == config.BungeeGuardForwardingMode { - gameProfile.Properties = append(gameProfile.Properties, profile.Property{Name: "bungeeguard-token", Value: a.config().Forwarding.BungeeGuardSecret}) - } profileRequest := NewGameProfileRequestEvent(a.inbound, gameProfile, a.onlineMode) a.eventMgr.Fire(profileRequest) conn := a.inbound.delegate.MinecraftConn