s8n/auth-limbo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
auth-limbo/docs/RESEARCH-2B2T-QUEUE.md
s8n ab1f607df6 docs: AuthLimbo v2 research + architecture + roadmap 
4 parallel research agents output (2026-05-07):
- RESEARCH-2B2T-QUEUE.md — 2b2t queue tech deep-dive: architecture, drama
  timeline, 5 patterns to copy + 5 to avoid
- RESEARCH-LIMBO-PLUGIN-SURVEY.md — open-source plugin survey: STEAL list
  (Elytrium LimboAPI/LimboAuth + PistonQueue), PATTERN list, SKIP list
- V2-ARCHITECTURE.md — Paper-only stack with Velocity-ready seam, 7-state
  login flow, snapshot-on-pre-login, transparent FIFO trust tiers
- V2-ROADMAP.md — M0-M5 milestones with acceptance criteria + dep graph

Stack decision: Paper-only for now (no proxy required), but architecture
split into Gatekeeper + Restore layers so future Velocity migration is
mechanical. Trip-wires codified for when to reconsider.

Anti-drama policy locked in code (not config): no paid priority, no
hidden veteran tier, transparent ban appeals.

Bootstrap repo at git.s8n.ru/s8n/auth-limbo-v2 ready for M0 work.
2026-05-07 19:31:40 +01:00

5.5 KiB
Raw Permalink Blame History

Research: 2b2t Queue / Login Gatekeeper

Read-only reference for AuthLimbo v2 design. Last updated 2026-05-07.

TL;DR

  • Architecture: BungeeCord-style proxy plus a separate "queue server" (a stripped-down Minecraft instance acting as a holding world); the main Paper server is gated behind it.
  • Drain model: Slow FIFO with a small reserved pool for paid priority — pacing is what protects main from join-flood crashes more than any explicit packet shaper.
  • Drama: Almost every controversy (paid priority, veteran-queue removal, prio-strip ban waves) is policy-layer, not technical. Avoid the policies; copy the architecture.

1. Architecture

  • Two-tier: Velocity/Bungee proxy -> queue server (limbo holding JVM) -> main Paper server. Queue is its own process, not a plugin on main.
  • Public clones use the same shape: PistonQueue (Bungee+Velocity, v4.0.0 Apr 2026, most production-grade), AnarchyQueue (Velocity, pairs with QueueServerPlugin on the limbo instance), LeeesBungeeQueue (archived 2025-04-28, 1.12.2 cap).
  • Queue state is in-memory on the proxy; clones don't persist across restart. Disconnect = back of line.

2. Queue Mechanics

  • Pure FIFO inside each tier. Tiers historically: priority -> veteran -> regular. Today: priority -> regular.
  • Slot allocation: ~200 reserved slots for priority on ~1000-cap main; regular advances only when a non-reserved slot frees.
  • Drain rate is wall-clock, not packet-throttled — 1000-deep regular queue = 6-12h.
  • ETA = naive position * avg_drain. Wrong because priority steals slots from above; ETA can go up.

3. AFK + Reconnect

  • 2016 queue: reconnect every ~30s, drove hacked-client adoption. Replaced within a year by limbo-queue with auto-updating position.
  • Main: 15-min idle disconnect. Queue: long-lived TCP; drop = position lost. 2bored2wait (archived) proxies queue locally for headless waiting.

4. Priority Queue

  • Separate FIFO + reserved slot pool. Tier check = permission/uuid lookup on join.
  • Pricing: $19.99/mo originally, now $29/mo via 2b2t.shop.
  • TheCampingRusher held add/remove power on priority + veteran lists; Torogadude incident.
  • Reserved-slot design means a queue can exist even when main isn't full — structurally pay-to-skip.

5. Chunk-Load / Crash Mitigation

  • Queue server runs near-empty world; no chunk gen, minimal ticks, absorbs thousands of idle TCP sessions cheaply.
  • Pacing the drain protects main's chunk pipeline; no explicit login-packet shaper beyond letting PlayerJoinEvent finish before pulling next.
  • Nocom (Jul 2018 - Jul 2021): unrate-limited CPacketPlayerDigging flood on queue starved keepalives, forced mass disconnects, skipped queue. Hausemaster: 500 pkt/s late-2019; factor-14 May 2020; factor-8 next day; factor-2 Jul 2021; full patch 2021-07-15. Leijurv's Monte Carlo particle-filter tracker (2020-2021) kept working at 2 checks/s.

6. Veteran Tier

  • Whitelist: joined_before = 2016-06-01, offline lookup against historical login data.
  • Removed 2017-12-04 explicitly to "increase incentive to buy priority". Trust burned.

7. Bot Ecosystem

  • Mineflayer / headless clients sit in queue 24/7 — indistinguishable from a human leaving client running.
  • Detection: behavior only (instant logout on join, scripted movement). "Good" bot = afk-for-owner; "exploit" bot = multi-account prio-skip or queue-bypass client.
  • For AuthLimbo v2: AFK bots in pre-auth limbo cost ~nothing. Gate at promote-to-main, not join-limbo.

8. Failure Modes

  • Nocom-era queue crashes dropped 1000+ waiting players.
  • "Ghost queue" — players queued but TCP dead — caused by keepalive starvation, fixed by rate limits.
  • Recovery: full restart loses all positions. No persisted state.

9. Public Clones — Survey

  • PistonQueue — Bungee+Velocity, reserved slots, shadow-ban, pre-queue auth, active.
  • AnarchyQueue — Velocity, minimal, needs QueueServerPlugin companion.
  • LeeesBungeeQueue — archived 2025.
  • Shirodo-Queue, eslym/bungee-queue — toy reimplementations.
  • Common mistakes: in-memory only, no priority-abuse audit log, no rate-limit on queue's own packet handlers (re-creates Nocom-class risk).

10. Drama Timeline

  • 2016-06 Rusher influx; queue introduced.
  • 2016-2017 Rusher holds add/remove power on priority + veteran lists.
  • 2017-12-04 Veteran queue removed. Mass quits.
  • 2018-07 / 2021-07 Nocom queue-bypass exploit + tracking.
  • 2022-04 ~40 prio-stripped + banned over a doxxing chain.
  • 2022-12-07 500+ accounts prio-banned cumulatively; 2builders12rules discord forms to track strips.

Drama-Avoidance Principles for AuthLimbo v2

  1. No paid priority. Ever. FIFO only; no money-tied reserved slots.
  2. No hidden-criteria veteran tier. If seniority exists, rule is public, automated, irrevocable.
  3. No staff add/remove of queue position. Admin commands log to append-only audit; no silent privilege.
  4. Persist queue state. Position survives proxy restart (sqlite/redis).
  5. Rate-limit every packet handler in limbo. Nocom is the canonical lesson.
  6. Honest ETA or no ETA. Position only, or confidence interval — no fake countdowns.
  7. Privacy-first limbo (AuthLimbo thesis): new joiners isolated from main-world coords/inventory until AuthMe login completes.
  8. Bots welcome in limbo, gated at promote. Don't fight Mineflayer pre-auth.
  9. Open source the gatekeeper. Hausemaster's plugin is closed; opacity amplifies drama.
  10. Document idle/disconnect rules in-game. No silent kicks.