s8n/auth-limbo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
auth-limbo/docs/RESEARCH-2B2T-QUEUE.md
s8n ab1f607df6 docs: AuthLimbo v2 research + architecture + roadmap 
4 parallel research agents output (2026-05-07):
- RESEARCH-2B2T-QUEUE.md — 2b2t queue tech deep-dive: architecture, drama
  timeline, 5 patterns to copy + 5 to avoid
- RESEARCH-LIMBO-PLUGIN-SURVEY.md — open-source plugin survey: STEAL list
  (Elytrium LimboAPI/LimboAuth + PistonQueue), PATTERN list, SKIP list
- V2-ARCHITECTURE.md — Paper-only stack with Velocity-ready seam, 7-state
  login flow, snapshot-on-pre-login, transparent FIFO trust tiers
- V2-ROADMAP.md — M0-M5 milestones with acceptance criteria + dep graph

Stack decision: Paper-only for now (no proxy required), but architecture
split into Gatekeeper + Restore layers so future Velocity migration is
mechanical. Trip-wires codified for when to reconsider.

Anti-drama policy locked in code (not config): no paid priority, no
hidden veteran tier, transparent ban appeals.

Bootstrap repo at git.s8n.ru/s8n/auth-limbo-v2 ready for M0 work.
2026-05-07 19:31:40 +01:00

75 lines
5.5 KiB
Markdown
Raw Permalink Blame History

# Research: 2b2t Queue / Login Gatekeeper
Read-only reference for AuthLimbo v2 design. Last updated 2026-05-07.
## TL;DR
- **Architecture**: BungeeCord-style proxy plus a separate "queue server" (a stripped-down Minecraft instance acting as a holding world); the main Paper server is gated behind it.
- **Drain model**: Slow FIFO with a small reserved pool for paid priority — pacing is what protects main from join-flood crashes more than any explicit packet shaper.
- **Drama**: Almost every controversy (paid priority, veteran-queue removal, prio-strip ban waves) is policy-layer, not technical. Avoid the policies; copy the architecture.
## 1. Architecture
- Two-tier: **Velocity/Bungee proxy** -> **queue server** (limbo holding JVM) -> **main Paper server**. Queue is its own process, not a plugin on main.
- Public clones use the same shape: `PistonQueue` (Bungee+Velocity, v4.0.0 Apr 2026, most production-grade), `AnarchyQueue` (Velocity, pairs with `QueueServerPlugin` on the limbo instance), `LeeesBungeeQueue` (archived 2025-04-28, 1.12.2 cap).
- Queue state is **in-memory** on the proxy; clones don't persist across restart. Disconnect = back of line.
## 2. Queue Mechanics
- Pure FIFO inside each tier. Tiers historically: priority -> veteran -> regular. Today: priority -> regular.
- Slot allocation: ~200 reserved slots for priority on ~1000-cap main; regular advances only when a non-reserved slot frees.
- Drain rate is wall-clock, not packet-throttled — 1000-deep regular queue = 6-12h.
- ETA = naive `position * avg_drain`. Wrong because priority steals slots from above; ETA can go *up*.
## 3. AFK + Reconnect
- 2016 queue: reconnect every ~30s, drove hacked-client adoption. Replaced within a year by limbo-queue with auto-updating position.
- Main: 15-min idle disconnect. Queue: long-lived TCP; drop = position lost. `2bored2wait` (archived) proxies queue locally for headless waiting.
## 4. Priority Queue
- Separate FIFO + reserved slot pool. Tier check = permission/uuid lookup on join.
- Pricing: $19.99/mo originally, now $29/mo via 2b2t.shop.
- TheCampingRusher held add/remove power on priority + veteran lists; Torogadude incident.
- Reserved-slot design means a queue can exist even when main isn't full — structurally pay-to-skip.
## 5. Chunk-Load / Crash Mitigation
- Queue server runs near-empty world; no chunk gen, minimal ticks, absorbs thousands of idle TCP sessions cheaply.
- Pacing the drain protects main's chunk pipeline; no explicit login-packet shaper beyond letting `PlayerJoinEvent` finish before pulling next.
- **Nocom (Jul 2018 - Jul 2021)**: unrate-limited `CPacketPlayerDigging` flood on queue starved keepalives, forced mass disconnects, skipped queue. Hausemaster: 500 pkt/s late-2019; factor-14 May 2020; factor-8 next day; factor-2 Jul 2021; full patch 2021-07-15. Leijurv's Monte Carlo particle-filter tracker (2020-2021) kept working at 2 checks/s.
## 6. Veteran Tier
- Whitelist: `joined_before = 2016-06-01`, offline lookup against historical login data.
- Removed **2017-12-04** explicitly to "increase incentive to buy priority". Trust burned.
## 7. Bot Ecosystem
- Mineflayer / headless clients sit in queue 24/7 — indistinguishable from a human leaving client running.
- Detection: behavior only (instant logout on join, scripted movement). "Good" bot = afk-for-owner; "exploit" bot = multi-account prio-skip or queue-bypass client.
- For AuthLimbo v2: AFK bots in pre-auth limbo cost ~nothing. Gate at promote-to-main, not join-limbo.
## 8. Failure Modes
- Nocom-era queue crashes dropped 1000+ waiting players.
- "Ghost queue" — players queued but TCP dead — caused by keepalive starvation, fixed by rate limits.
- Recovery: full restart loses all positions. No persisted state.
## 9. Public Clones — Survey
- **PistonQueue** — Bungee+Velocity, reserved slots, shadow-ban, pre-queue auth, active.
- **AnarchyQueue** — Velocity, minimal, needs `QueueServerPlugin` companion.
- **LeeesBungeeQueue** — archived 2025.
- **Shirodo-Queue**, **eslym/bungee-queue** — toy reimplementations.
- Common mistakes: in-memory only, no priority-abuse audit log, no rate-limit on queue's own packet handlers (re-creates Nocom-class risk).
## 10. Drama Timeline
- **2016-06** Rusher influx; queue introduced.
- **2016-2017** Rusher holds add/remove power on priority + veteran lists.
- **2017-12-04** Veteran queue removed. Mass quits.
- **2018-07 / 2021-07** Nocom queue-bypass exploit + tracking.
- **2022-04** ~40 prio-stripped + banned over a doxxing chain.
- **2022-12-07** 500+ accounts prio-banned cumulatively; `2builders12rules` discord forms to track strips.
## Drama-Avoidance Principles for AuthLimbo v2
1. **No paid priority. Ever.** FIFO only; no money-tied reserved slots.
2. **No hidden-criteria veteran tier.** If seniority exists, rule is public, automated, irrevocable.
3. **No staff add/remove of queue position.** Admin commands log to append-only audit; no silent privilege.
4. **Persist queue state.** Position survives proxy restart (sqlite/redis).
5. **Rate-limit every packet handler in limbo.** Nocom is the canonical lesson.
6. **Honest ETA or no ETA.** Position only, or confidence interval — no fake countdowns.
7. **Privacy-first limbo (AuthLimbo thesis):** new joiners isolated from main-world coords/inventory until AuthMe login completes.
8. **Bots welcome in limbo, gated at promote.** Don't fight Mineflayer pre-auth.
9. **Open source the gatekeeper.** Hausemaster's plugin is closed; opacity amplifies drama.
10. **Document idle/disconnect rules in-game.** No silent kicks.
Reference in a new issue View git blame Copy permalink