VeloAuth

🚀 Features

• VeloAuth & Auth: Bumped to v1.3.1 with command refactoring, premium auth improvements (4c8a727), and added allow-cracked-on-premium-nicks config (b14c2e5).
• 2FA / TOTP: Implemented TOTP service (05c1347) with clickable QR links (3a852f6, 6d741c3). Enhanced privacy by switching to base32 secrets in URLs (de4c205) and simplified the logic by hardcoding the QR endpoint (a7b5608).

⚙️ Refactoring & Fixes

• Database & Logs: Refactored DB management, improved TOTP replay protection (fca09e7), and renamed record to save in AuditLogService for consistency (0b588d2).
• Cleanups: Removed ASCII QR rendering and its dependencies (6d741c3). Hardcoded shutdown/closed messages to English to prevent encoding issues (f9780f0).

• Password complexity policy. New optional security.password-policy section in config.yml with min-digits, min-uppercase, min-lowercase, min-special counters. All default to 0 (= no constraint), so existing configs keep working unchanged.
• Discord webhook alerts are now wired. `. Previously the service existed but was never instantiated.
• Kick-reason logs are now readable.
• Translation updates
• Fixes

0745b2f feat: Add conflict mode, timestamp, and original nickname columns to player database operations. (rafalohaki)

09916dd feat: introduce ListenerFactory for listener instantiation and integrate IPRateLimiter cleanup into AuthCache (rafalohaki)

e4e5573 refactor: Encapsulate internal database components by reducing visibility and simplify virtual thread executor management. (rafalohaki)

f2fed46 feat: make premium resolver more resilient by accepting both 204 and 404 for not-found responses and prioritizing explicit offline results over unknown resolver states. (rafalohaki)

4f14efa feat: Enhance brute force protection by tracking failed login attempts per username (rafalohaki)

d2d4ece Add unit and integration tests for database and authentication components (rafalohaki)

964bc85 feat: add command in progress message and improve premium detection logic (rafalohaki)

a271307 mandatory update (rafalohaki) ea37746 refactor: update dependency injection to use Jakarta and improve initialization handling in VeloAuth and AuthListener (rafalohaki) 6aff115 Fix: Prevent premium player UUID corruption by denying pre-login on database errors, update Velocity API, and add a new 'waiting for server' localization message. (rafalohaki)

🆕 New Features

• More languages support
• Comprehensive Floodgate/Bedrock support with Geyser integration

🔧 Improvements

• Complete configuration management overhaul with SettingsLoader
• Enhanced Discord webhook URL validation
• Improved credential handling and password key definitions
• Virtual thread execution for conflict handling and better performance
• Enhanced error handling across all components
• Better bcrypt cost and language code validation
• Dynamic IP rate limiting settings
• Async IO operations for improved responsiveness

🐛 Bug Fixes

• Enhanced Floodgate username prefix validation and logging
• Improved premium detection logic in AuthListener
• Better database health check and connection management
• Fixed HTTP JSON client parsing and numeric string conversion
• Improved thread safety with AtomicInteger for brute force tracking
• Enhanced error message constants and formatting
• Fixed nickname conflict resolution in PreLoginHandler
• Better UUID verification with runtime exception handling

c3371d9 build: update HikariCP, Jackson, and JUnit dependency versions. (rafalohaki)

20dee59 update instructions (rafalohaki)

05cdd6f feat: Implement asynchronous premium resolution during PreLoginEvent using EventTask and switch AuthCache eviction to LRU. (rafalohaki)

d84f1fc version update (rafalohaki)

• 6d66e1a fix typo (rafalohaki)
• 89f773e feat: Implement Mojang API failure handling and advanced nickname conflict resolution using UUIDs to prevent name sniping. (rafalohaki)
• 426883d feat: Introduce configurable session inactivity timeout and enhance login and cache management robustness. (rafalohaki)
• ca6c940 Merge pull request #10 from rafalohaki/snyk-upgrade-e534f8f3500dbc96aceb8d2e19fe8747 (rafalohaki)
• 53afcbe . (rafalohaki)
• 97f0985 . (rafalohaki)
• 0620904 update rules (rafalohaki)
• 1ac55a9 fix: upgrade org.postgresql:postgresql from 42.7.8 to 42.7.9 (snyk-bot)

some optimizations and code cleanup

add Finnish language support for VeloAuth

small translation changes

delete lang folder to regenerate new

update to 1.0.2

please regenerate lang folder

add bstats, cleanup code

Updated most i18n translations

H2 database fix I was using mainly postgres, my fault i didnt test h2

stable update quality fixes

some fixes

refactor

refactor(logging): add level checks before logging in cache and connection management