Skip to content

demirler/InvitePlugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.idea
.idea
 
 
gradle/wrapper
gradle/wrapper
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

InvitePlugin

  • Made by demirler
  • Runs on 1.17 to 1.21.x
  • Minimum required Java version is 17

InvitePlugin is a flexible access-control system that redefines how player entry is managed on Minecraft servers.
It combines the strict security of a whitelist with the practicality and scalability of a token-based verification model.

Instead of manually editing server files, administrators can dynamically control access while maintaining full oversight of player activity.

🚀 Quick Start

Players cannot perform any in-game actions until they activate their account.

🔹 Player Activation

/invite TOKEN

Activates the player using a valid invite token.

🔹 Generate a Token

/invite

Generates a new invite token.

🔹 Operator Force Verification

/inviteop UUID

Allows an operator to manually verify a player without consuming a token.

Operators have unlimited token generation privileges.

Installation

Drop the .jar file into plugins folder of the server

🛡 How It Works

InvitePlugin replaces the static nature of the default whitelist with a dynamic verification layer:

  • Players join the server normally.
  • Until verified, they are fully restricted from performing actions.
  • Verification occurs via token validation.
  • Operators can bypass token usage when necessary.

This preserves whitelist-level protection while improving usability and automation.

📂 Data & Persistence

All player data is stored persistently in a local .db file.

Each player record contains:

  • UUID (primary identifier)
  • Last known username
  • Remaining invite count
  • Verification status
  • Failed activation attempts
  • Tokens generated by the player

The system is UUID-based to ensure stability across name changes.

🔐 Anti-Abuse Protection

To prevent brute-force attempts:

  • Failed token attempts are tracked per player.
  • After exceeding a defined threshold, a cooldown is applied.
  • Cooldown duration increases progressively with repeated failures.

This makes token guessing impractical while preserving legitimate usability.

⚙ Technical Notes (For Developers)

  • Designed for compatibility with Spigot and Paper.
  • Uses UUID-based player tracking instead of name-based identification.
  • Includes Paper-aware offline player resolution with safe fallback for Spigot.
  • Storage system abstracts player data through a structured PlayerData model.
  • Verification logic updates state atomically and persists immediately.

The /inviteop command performs a force-verification by marking the player's joinedBefore state as true without modifying invite counts.

The architecture is intentionally lightweight and designed for minimal performance overhead.

📜 License

Licensed under GNU GPL v3.

About

Token-based whitelist plugin for Minecraft servers.

Topics

plugin minecraft bukkit spigot minecraft-mod bukkitdev minecraft-plugin mc token-based-authentication purpur

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.2.1 Latest
Feb 22, 2026

Packages

 
 
 

Contributors

Languages