From 8fa86e7f93f61a1336299fef7fa4fcf3cd405143 Mon Sep 17 00:00:00 2001
From: Haowei Wen <yushijinhun@gmail.com>
Date: Sat, 2 Jul 2022 13:24:51 +0800
Subject: [PATCH] add -Dauthlibinjector.usernameCheck option

---
 README.en.md                                          | 11 ++++++++---
 README.md                                             |  5 +++++
 .../moe/yushi/authlibinjector/AuthlibInjector.java    | 10 ++++++++--
 src/main/java/moe/yushi/authlibinjector/Config.java   |  2 ++
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/README.en.md b/README.en.md
index 7788c81..d913e07 100644
--- a/README.en.md
+++ b/README.en.md
@@ -87,7 +87,7 @@ Configure Minecraft server with the following JVM parameter:
 
 -Dauthlibinjector.mojangAntiFeatures={default|enabled|disabled}
     Whether to turn on Minecraft's anti-features.
-    It's enabled by default if the authentication server does NOT send feature.enable_mojang_anti_features option.
+    It's disabled by default if the authentication server does NOT send feature.enable_mojang_anti_features option.
 
     These anti-features include:
      - Minecraft server blocklist
@@ -101,8 +101,13 @@ Configure Minecraft server with the following JVM parameter:
 -Dauthlibinjector.profileKey={default|enabled|disabled}
     Whether to enable the profile signing key feature. This feature is introduced in 22w17a, and is used to implement the multiplayer secure chat signing.
     If this this feature is enabled, Minecraft will send a POST request to /minecraftservices/player/certificates to retrieve the key pair issued by the authentication server.
-    It's enabled by default if the authentication server sends feature.enable_profile_key option.
+    It's disabled by default if the authentication server does NOT send feature.enable_profile_key option.
 
     If the profile signing key isn't present, the player will be unable to join servers that enable enforce-secure-profile=true option.
-    And other players' Minecraft client will log a warning when receiving an unsigned chat message.
+    And other players' Minecraft client will log a warning message when receiving an unsigned chat message.
+
+-Dauthlibinjector.usernameCheck={default|enabled|disabled}
+    Whether to enable username validation. If disabled, Minecraft, BungeeCord and Paper will NOT perform username validation.
+    It's disabled by default if the authentication server does NOT send feature.usernameCheck option.
+    Turning on this option will prevent players whose username contains special characters from joining the server.
 ```
diff --git a/README.md b/README.md
index ac4de15..0fdc9be 100644
--- a/README.md
+++ b/README.md
@@ -112,6 +112,11 @@ gradle
 
     当缺少消息签名密钥时, 玩家将无法进入设置了 enforce-secure-profile=true 选项的服务器.
     而当其他玩家的客户端在收到无有效签名的聊天消息时, 会在日志中记录警告.
+
+-Dauthlibinjector.usernameCheck={default|enabled|disabled}
+    是否启用玩家用户名检查, 若禁用, 则 authlib-injector 将关闭 Minecraft、BungeeCord 和 Paper 的用户名检查功能.
+    若验证服务器未设置 feature.usernameCheck 选项, 则默认禁用.
+    注意, 开启此功能将导致用户名包含非英文字符的玩家无法进入服务器.
 ```
 
 ## 捐助
diff --git a/src/main/java/moe/yushi/authlibinjector/AuthlibInjector.java b/src/main/java/moe/yushi/authlibinjector/AuthlibInjector.java
index 6ec32e1..aa94b6e 100644
--- a/src/main/java/moe/yushi/authlibinjector/AuthlibInjector.java
+++ b/src/main/java/moe/yushi/authlibinjector/AuthlibInjector.java
@@ -277,8 +277,14 @@ public final class AuthlibInjector {
 		transformer.units.add(new CitizensTransformer());
 		transformer.units.add(new ConcatenateURLTransformUnit());
 		transformer.units.add(new BungeeCordAllowedCharactersTransformer());
-		transformer.units.add(new UsernameCharacterCheckTransformer());
-		transformer.units.add(new PaperUsernameCheckTransformer());
+
+		boolean usernameCheckDefault = Boolean.TRUE.equals(config.getMeta().get("feature.usernameCheck"));
+		if (Config.usernameCheck.isEnabled(usernameCheckDefault)) {
+			log(INFO, "Username check is enforced");
+		} else {
+			transformer.units.add(new UsernameCharacterCheckTransformer());
+			transformer.units.add(new PaperUsernameCheckTransformer());
+		}
 
 		transformer.units.add(new SkinWhitelistTransformUnit());
 		SkinWhitelistTransformUnit.getWhitelistedDomains().addAll(config.getSkinDomains());
diff --git a/src/main/java/moe/yushi/authlibinjector/Config.java b/src/main/java/moe/yushi/authlibinjector/Config.java
index a5293fe..341f473 100644
--- a/src/main/java/moe/yushi/authlibinjector/Config.java
+++ b/src/main/java/moe/yushi/authlibinjector/Config.java
@@ -61,6 +61,7 @@ public final class Config {
 	public static FeatureOption legacySkinPolyfill;
 	public static FeatureOption mojangAntiFeatures;
 	public static FeatureOption profileKey;
+	public static FeatureOption usernameCheck;
 	public static boolean noShowServerName;
 	public static int httpdPort;
 
@@ -179,6 +180,7 @@ public final class Config {
 		legacySkinPolyfill = parseFeatureOption("authlibinjector.legacySkinPolyfill");
 		mojangAntiFeatures = parseFeatureOption("authlibinjector.mojangAntiFeatures");
 		profileKey = parseFeatureOption("authlibinjector.profileKey");
+		usernameCheck = parseFeatureOption("authlibinjector.usernameCheck");
 		httpdDisabled = System.getProperty("authlibinjector.disableHttpd") != null;
 		noShowServerName = System.getProperty("authlibinjector.noShowServerName") != null;
 		httpdPort = Integer.getInteger("authlibinjector.httpdPort", 0);