search

kyngs / LibreLogin

Open-source, multiplatform, and highly customizable authentication plugin with outstanding features and API.
Mozilla Public License 2.0
171 stars 56 forks source link

Support for reverse proxies / VPNs #113

Closed TheMatten closed 1 year ago

TheMatten commented 1 year ago

Right now, when checking player session, LibreLogin always provides ip parameter to Mojang API if it's IPv4: https://github.com/kyngs/LibreLogin/blob/6332ad89e0556bbf1e74360a0a7c04a4c81931ad/Plugin/src/main/java/xyz/kyngs/librelogin/paper/PaperListeners.java#L373

But when connecting through reverse proxy or to server running in private network, client IP used for client-side API request and IP used to connect to server may be different, resulting in 204 response and "Invalid session" error.

Similarly to FastLogin (https://github.com/games647/FastLogin/blob/1715c08ee685385f2837a323c6eb0b7fa63b807a/core/src/main/java/com/github/games647/fastlogin/core/ProxyAgnosticMojangResolver.java#L37), LibreLogin could add option to always omit ip parameter, making such setups possible, as it isn't much of a security improvement anyway.

kyngs commented 1 year ago

Can you verify whether commit 02dedbc44c1b25ff54a0b5daa3ec951f2ecde028 resolved the issue?