Fix Xbox authentication and add support for proxies (#1162)

Waterdog and ProxyPass will work when `enable-proxy-connections` is set to true at the expense of security.

bootstrap/sponge/src/main/java/org/geysermc/platform/sponge/GeyserSpongeConfiguration.java

@@ -258,6 +258,11 @@ public String getUniqueId() {
         }
     }
 
+    @Override
+    public boolean isEnableProxyConnections() {
+        return node.getNode("enable-proxy-connections").getBoolean(false);
+    }
+
     @Override
     public int getMtu() {
         return node.getNode("mtu").getInt(1400);

connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java

@@ -36,7 +36,7 @@
 public interface GeyserConfiguration {
 
     // Modify this when you update the config
-    int CURRENT_CONFIG_VERSION = 3;
+    int CURRENT_CONFIG_VERSION = 4;
 
     IBedrockConfiguration getBedrock();
 
@@ -120,6 +120,9 @@ interface IMetricsInfo {
         String getUniqueId();
     }
 
+    // if u have offline mode enabled pls be safe
+    boolean isEnableProxyConnections();
+
     int getMtu();
 
     int getConfigVersion();

connector/src/main/java/org/geysermc/connector/configuration/GeyserJacksonConfiguration.java

@@ -143,6 +143,9 @@ public static class MetricsInfo implements IMetricsInfo {
         private String uniqueId;
     }
 
+    @JsonProperty("enable-proxy-connections")
+    private boolean enableProxyConnections = false;
+
     @JsonProperty("mtu")
     private int mtu = 1400;
 

connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java

@@ -72,7 +72,7 @@ private static boolean validateChainData(JsonNode data) throws Exception {
             }
 
             if (lastKey != null) {
-                EncryptionUtils.verifyJwt(jwt, lastKey);
+                 if (!EncryptionUtils.verifyJwt(jwt, lastKey)) return false;
             }
 
             JsonNode payloadNode = JSON_MAPPER.readTree(jwt.getPayload().toString());
@@ -105,7 +105,7 @@ private static void encryptConnectionWithCert(GeyserConnector connector, GeyserS
 
             connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
 
-            if (!validChain) {
+            if (!validChain && !session.getConnector().getConfig().isEnableProxyConnections()) {
                 session.disconnect(LanguageUtils.getLocaleStringLog("geyser.network.remote.invalid_xbox_account"));
                 return;
             }

connector/src/main/resources/config.yml

@@ -117,9 +117,14 @@ metrics:
   # UUID of server, don't change!
   uuid: generateduuid
 
-# ADVANCED OPTIONS - DO NOT TOUCH UNLESS YOU KNOW WHAT YOU ARE DOING! 
+# ADVANCED OPTIONS - DO NOT TOUCH UNLESS YOU KNOW WHAT YOU ARE DOING!
+
+# Allow connections from ProxyPass and Waterdog.
+# See https://www.spigotmc.org/wiki/firewall-guide/ for assistance - use UDP instead of TCP.
+enable-proxy-connections: false
+
 # The internet supports a maximum MTU of 1492 but could cause issues with packet fragmentation.
 # 1400 is the default.
 # mtu: 1400
 
-config-version: 3
+config-version: 4