PrivateAuth - LibreLogin Alte 1.0

PrivateAuth
SQLite-based authentication with IP sessions for Velocity

_______________________________

PrivateAuth is a lightweight authentication system that runs directly on your Velocity proxy.
It handles registration, login and password changes in a single SQLite database, remembers players by IP sessions, and can auto-login trusted players without asking for their password every time.

No extra Spigot/Paper auth plugin required – everything happens on the proxy side.
_______________________________

✨ Features

1. Proxy-side auth for Velocity – Designed for Velocity networks (Spigot resource type: Bungee – Proxy).
2. SQLite storage – Simple file database (auth.db) inside the plugin folder. No MySQL required.
3. IP session login – Remember players for a configurable amount of minutes; if IP + session are still valid, they are logged in automatically.
4. Auth lobby & main server routing
   
   1. Players with no valid session are forced to the auth server (e.g. lobby).
   2. After successful /login or /register, they’re sent to your main server automatically.
   3. A background task periodically moves authenticated players off the auth lobby if they somehow get stuck there (silent, no console spam).

1. Secure password handling
   
   1. New accounts use salted SHA-256 with a per-player salt.
   2. Legacy hashes (LibreLogin BCrypt / unsalted SHA-256) are automatically upgraded on next login.
2. LibreLogin migration
   
   1. Import accounts from LibreLogin’s SQLite database (`plugins/librelogin/user-data.db`).
   2. Keeps existing password hashes; players can log in with the same password.
3. Chat & command blocking
   
   1. On the auth server, unauthenticated players cannot chat.
   2. Commands are blocked except a configurable whitelist (login/register/etc.).
4. Configurable titles & messages – Fully customizable prompts & messages in [ICODE]config.yml[/ICODE] (colors with `&` codes).
5. Failed login protection – Kick players after too many wrong passwords (configurable limit).
6. Admin tools – Unregister accounts safely, including a protection so admins can’t delete other admins’ accounts.
7. Self-contained dependencies – Automatically downloads [ICODE]sqlite-jdbc[/ICODE] and [ICODE]jBCrypt[/ICODE] at runtime. No manual extra jars or setup.

_______________________________

How it works (flow)

1. Player connects to the proxy.
2. PrivateAuth checks its SQLite DB and the player’s last IP + last login time.
3. If the session is still valid, the player is auto-logged in and goes straight to your main server.
4. If there’s no valid session:
   
   1. Player is sent to the auth server (e.g. `lobby`).
   2. They see either a Register prompt (new account) or Login prompt (existing account).
   3. Chat + most commands are blocked until they authenticate.

1. After a successful /login or /register, PrivateAuth silently sends them to the configured send server (e.g. `survival`).

_______________________________

Commands

1. [ICODE]/login [/ICODE]
   Log in to an existing account. Only works on the auth (lobby) server.
2. [ICODE]/register [/ICODE]
   Register a new account. Only works on the auth (lobby) server.
   – Checks that both passwords match and that the password is long enough.
3. [ICODE]/changepass [/ICODE]
   Change your password.
   – Only works on the main server (`send-server` in config).
   – Requires the player to be already authenticated.
4. [ICODE]/unregister [/ICODE]
   Admin command to delete a player’s account.
   – Kicks the player if they are online, forcing them to register again on next join.
   – Safety check: you cannot unregister another admin (player with `privateauth.admin`) unless it’s yourself.
5. [ICODE]/pa-migratelibre[/ICODE]
   Migrate all accounts from LibreLogin’s SQLite database into PrivateAuth.
   – Runs in a background task – no proxy freeze.
   – Can be executed from console or by a player with permission.

_______________________________

Permissions

1. [ICODE]privateauth.unregister[/ICODE] – Use [ICODE]/unregister[/ICODE].
2. [ICODE]privateauth.migrate[/ICODE] – Use [ICODE]/pa-migratelibre[/ICODE].
3. [ICODE]privateauth.admin[/ICODE] – Marks a player as “admin-protected” against being unregistered by others.

(Player login/register/changepass commands are available to everyone, no extra permission needed.)
_______________________________

⚙️ Configuration (config.yml)

[ICODE]config.yml[/ICODE] is created on first start and contains:

1. allowed-commands-while-unauthorized – Command whitelist for unauthenticated players (no leading slash).
2. auth-server-name – Name of the lobby/auth server defined in [ICODE]velocity.toml[/ICODE].
3. send-server – Name of the main server players are sent to after login.
4. max-login-attempts – Kick player after this many wrong passwords (-1 to disable).
5. ip-session-minutes – How long IP sessions remain valid.
6. use-titles – Show big titles for login/register prompts.
7. All messages – Every user-facing message (including kick messages) is customizable with `&` color codes.

_______________________________

Installation

1. Download PrivateAuth and drop the jar into your Velocity [ICODE]plugins[/ICODE] folder.
2. Start Velocity once.
   – PrivateAuth will create its folder, [ICODE]config.yml[/ICODE], [ICODE]auth.db[/ICODE], and a [ICODE]libs[/ICODE] folder.
   – It also automatically downloads the required SQLite and jBCrypt libraries.
3. Edit [ICODE]plugins/PrivateAuth/config.yml[/ICODE]:
   
   1. Set [ICODE]auth-server-name[/ICODE] (e.g. `lobby`).
   2. Set [ICODE]send-server[/ICODE] (e.g. `survival`).
   3. Tweak [ICODE]ip-session-minutes[/ICODE], [ICODE]max-login-attempts[/ICODE] and messages to your liking.
4. Make sure those server names exist in your [ICODE]velocity.toml[/ICODE].
5. Restart Velocity. Done – players will now be required to /register or /login on the auth server.

_______________________________

LibreLogin Migration

If you previously used LibreLogin with its default SQLite database, you can migrate all accounts:

1. Stop your proxy.
2. Ensure LibreLogin’s database is available at:
   [ICODE]plugins/librelogin/user-data.db[/ICODE]
   (this is the default path PrivateAuth expects).
3. Start your proxy with PrivateAuth installed.
4. Run [ICODE]/pa-migratelibre[/ICODE] from console or a player with [ICODE]privateauth.migrate[/ICODE].
   The migration runs in the background; progress & summary are logged to console.
5. Players can now log in with the same passwords as before. On first successful login, their account will automatically be upgraded to PrivateAuth’s salted SHA-256 format.

_______________________________

❓ FAQ

Q: Does this require a plugin on my Spigot/Paper servers?
A: No. PrivateAuth runs entirely on the Velocity proxy. Just set your servers to use Velocity’s player info forwarding as usual.

Q: Can players execute commands before logging in?
A: Only the commands you allow in [ICODE]allowed-commands-while-unauthorized[/ICODE] (for example `/login`, `/register`, `/changepass`). Everything else is blocked until they are authenticated.

Q: Can I customize all messages?
A: Yes. Every message and title text can be changed in [ICODE]config.yml[/ICODE] using standard `&` color codes.
_______________________________