Go to file

Haowei Wen c660bba4aa Merge pull request #167 from yushijinhun/develop Release v1.1.46		2022-07-02 14:01:49 +08:00
.github/workflows	workflow: change commit author to github-actions[bot]	2021-07-25 03:09:32 +08:00
src	polish	2022-07-02 14:00:25 +08:00
.gitignore	Add .gitignore	2017-08-12 21:37:44 +08:00
build.gradle	switch to junit 5	2022-05-03 23:15:27 +08:00
CONTRIBUTING.md	Create CONTRIBUTING.md	2020-04-13 00:04:05 +08:00
LICENSE	Change the license to AGPLv3	2019-01-12 17:43:28 +08:00
README.en.md	add -Dauthlibinjector.usernameCheck option	2022-07-02 13:24:51 +08:00
README.md	add -Dauthlibinjector.usernameCheck option	2022-07-02 13:24:51 +08:00
settings.gradle	Add gradle scripts	2017-08-12 22:42:31 +08:00

README.en.md

English
简体中文(Chinese Simplified)

authlib-injector

authlib-injector enables you to build a Minecraft authentication system offering all the features that genuine Minecraft has.

See the wiki for documents and detailed descriptions.

Download

You can download the latest authlib-injector build from here.

Build

Dependencies: Gradle, JDK 8+

Run:

gradle

Build output can be found in build/libs.

Deploy

Configure Minecraft server with the following JVM parameter:

-javaagent:{/path/to/authlib-injector.jar}={Authentication Server URL}

Options

-Dauthlibinjector.mojangNamespace={default|enabled|disabled}
    Whether to enable Mojang namespace (@mojang suffix).
    It's enabled by default if the authentication server does NOT send feature.no_mojang_namespace option.

    If enabled, virtual player <username>@mojang will have the same skin as premium (Mojang) player <username>.
    For example,
     - /give @p minecraft:skull 1 3 {SkullOwner:"Notch@mojang"}
     - /npc skin Notch@mojang
    will display Notch's skin.

    Note that the virtual player does NOT have the same UUID as its corresponding premium player.
    To distinguish virtual players from actual ones, the most significant bit of time_hi_and_version is set to 1 (see RFC 4122 section 4.1.3).
    For example:
      069a79f4-44e9-4726-a5be-fca90e38aaf5 Notch
      069a79f4-44e9-c726-a5be-fca90e38aaf5 Notch@mojang
    We use this approach because, in RFC 4122, UUID version has only 6 possible values (0~5), which means the most significant is always 0.
    In fact, Mojang uses version-4 (random) UUID, so its corresponding virtual player has a version-12 UUID.

-Dauthlibinjector.mojangProxy={proxy server URL}
    Use proxy when accessing Mojang authentication service.
    Only SOCKS protocol is supported.
    URL format: socks://<host>:<port>

    This proxy setting only affects Mojang namespace feature, and the proxy is used only when accessing Mojang's servers.
    To enable proxy for your customized authentication server, see https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html .

-Dauthlibinjector.legacySkinPolyfill={default|enabled|disabled}
    Whether to polyfill legacy skin API, namely 'GET /skins/MinecraftSkins/{username}.png'.
    It's enabled by default if the authentication server does NOT send feature.legacy_skin_api option.

-Dauthlibinjector.debug (equals -Dauthlibinjector.debug=verbose,authlib)
 or -Dauthlibinjector.debug={comma-separated debug options}
    Available debug options:
     - verbose             enable verbose logging
     - authlib             print logs from Mojang authlib
     - dumpClass           dump modified classes
     - printUntransformed  print classes that are analyzed but not transformed, implies 'verbose'

-Dauthlibinjector.ignoredPackages={comma-separated package list}
    Ignore specified packages. Classes in these packages will not be analyzed or modified.

-Dauthlibinjector.disableHttpd
    Disable local HTTP server.
    Features (see below) depending on local HTTP server will be unavailable:
     - Mojang namespace
     - Legacy skin API polyfill

-Dauthlibinjector.httpdPort={port}
    Sets the port used by the local HTTP server, defaults to 0 (randomly chosen).

-Dauthlibinjector.noShowServerName
    Do not show authentication server name in Minecraft menu screen.
    By default, authlib-injector alters --versionType parameter to display the authentication server name.
    This feature can be disabled using this option.

-Dauthlibinjector.mojangAntiFeatures={default|enabled|disabled}
    Whether to turn on Minecraft's anti-features.
    It's disabled by default if the authentication server does NOT send feature.enable_mojang_anti_features option.

    These anti-features include:
     - Minecraft server blocklist
     - The API to query user privileges:
       * Online chat (allowed if the option is disabled)
       * Multiplayer (allowed if the option is disabled)
       * Realms (allowed if the option is disabled)
       * Telemetry (turned off if the option is disabled)
       * Profanity filter (turned off if the option is disabled)

-Dauthlibinjector.profileKey={default|enabled|disabled}
    Whether to enable the profile signing key feature. This feature is introduced in 22w17a, and is used to implement the multiplayer secure chat signing.
    If this this feature is enabled, Minecraft will send a POST request to /minecraftservices/player/certificates to retrieve the key pair issued by the authentication server.
    It's disabled by default if the authentication server does NOT send feature.enable_profile_key option.

    If the profile signing key isn't present, the player will be unable to join servers that enable enforce-secure-profile=true option.
    And other players' Minecraft client will log a warning message when receiving an unsigned chat message.

-Dauthlibinjector.usernameCheck={default|enabled|disabled}
    Whether to enable username validation. If disabled, Minecraft, BungeeCord and Paper will NOT perform username validation.
    It's disabled by default if the authentication server does NOT send feature.usernameCheck option.
    Turning on this option will prevent players whose username contains special characters from joining the server.