AuthSecurity

[MaxBQb]

First of all: Minecraft Server is not secure. It's even less secure, when online mode is false (Sad, but true).

So bot should help us to hold each login :)

When user logins bot check info about him If user not logged in: kick him with reason "Not authorized"

If has username assoсiated discord id Send direct message with poll "Was it you?"

Connection attempt detected!
Username: Jenkins
IP: 123.45.67.89
Time: 28.10.21 10:29:23

Answer yes will allow user to login Also remembers this ip in list for a week (as expire date)

If ip listed and not expires, then no poll needed and expire date updated

each user may use %login command

%login userame will result as poll results is there are assoc presented, if not: request admin (with another poll) to add new assoc for user

If login attempt detected and there is no username assoсiated discord id Tag all minecrafters with login poll (1 upvote needed), then reques for assoc.

NO LOGIN POSSIBLE WITHOUT ASSOC ANYWAY

[MaxBQb]

When user triggers %login command Before log in, then he will have 5 minutes to log in from any IP (this IP will save after login, and 5 minutes timer shuts down, meaning that another connection attemp from different ip will be denied (if not listed))

[MaxBQb]

About assoc polls:

@Admin, is this two are equal?

Discord name: TheOldMan
Username: Jenkins

Y/N

Requires 1 vote, but only from user with same rights which needed to run %assoc

[MaxBQb]

Use special 6 letters code for secure: generated by random for each kick reason Each nickname has last active code and code expires date User requested for run %auth me <code> (will available for minute)

Also ban by ip if 5+ non-logined access detected for login without codes: %auth login <nickname> will give allow access for first connected ip in 5 minutes range

%auth revoke <nick> - revokes access from all ips for given nick (if it assocs with current discord user)

[MaxBQb]

Please use only non simmilar ascii symbols NO I l 1

YES QWERTYUPASFGHJKZXCVBNM23456789

[MaxBQb]

When user tries to login and was kicked (not in assocs) Bot requests all users about who was there.. User may use %auth me <code>
Bot will follow by path code -> username -> and check code expires date If code is fresh check if username associated with that discord user If not -> request for assoc, if assoc rejected -> sets code expires date to 0

[Druzai]

I implemented secure authorization, slightly changed subcommands of auth command:

banlist
login <nick> <code>
off
on
revoke all | <ip> [nick]
unban <ip>

Testing translations for now

[Druzai]

Thoughtfully tested Fully implemented authorization in 39fe31eca0732c063e25a1cdcc82f0e44431f285