spigot-anti-piracy-backend

spigot-anti-piracy-backend

A Koa.js powered Node.js backend to blacklist leaked Spigot Premium plugins

Motivation

I'm sad that such a project is existing. Since 2011 I'm providing the community with a lot of free CraftBukkit plugins. Over a million downloads in total. That is a huge number. Nevertheless the community is in some points an unkind one. It does not matter how much spare time you spent, the update was never fast enough. And complaining is always easier than to say "thank you!".

With the premium plugin solution, Spigot offers the developers a way to the get something back for their work. And in general a lot cheaper than hiring a private plugin developer. When you see your plugin only one week after the inital release on sites that offer leaked plugins, it's frustrating.

That's why I decided to make my own validation service, to blacklist the leaker a lot faster than sending DMCA request to OCH's.

Description

The Spigot built in piracy protection is known and easy to remove. There is a way to receive the user id of the buyer in your code. Please contact me on SpigotMC, I'd like to make the method not total publicly accessible.

Once you retrieved the user id you can make a POST request the URL where you service runs. In the body, include the following information:

user_id=foobar

Example Java implementation

String rawData = "user_id=";
String userId = someObject().getUserID();
String encodedData = null;
try {
    encodedData = rawData + URLEncoder.encode(userId, "UTF-8");
} catch (UnsupportedEncodingException e) {
    // catch error or not. up to you
    return;
}

That's it.

The service is only accepting POST, no GET. You recieve a JSON with either blacklisted true or false:

{
  "blacklisted": true
}

Installation

Ensure that your server you wish to run the piracy backend with is running at least Node 4 This has been tested up to Node v6.1

Normal Installation

$ npm install -g spigot-anti-piracy-backend

(Optionally without the global flag)

Development Installation

$ git clone https://github.com/timbru31/spigot-anti-piracy-backend.git
$ cd spigot-anti-piracy-backend
$ npm install
$ npm run build

Usage

You need to manually maintain a blacklisted users file. I'd recommend a simple text file, with one blacklisted user id per line.

Just use

$ npm run start

Configuration via enviorment variables

Enviroment Variable	Default	Description
PORT	3000	Port to run the app on
BLACKLISTED_USERS_FILE	./banned_users.txt	Blacklist file
LOG_FILE	./request.log	Log file for requests
PROXY	false	Tells Koa to run on proxy mode, for support for X-Forwarded Headers
JSON_LOG	true	Logs to the file in a JSON format, disable for human readable output

It's up to you, if you would like to spin the service up with e.g. a linux start script.

For example here is an upstart script which runs the script as a non privileged user.

You can read more about upstart here

(Script was inspired by http://technosophos.com/2013/03/06/how-use-ubuntus-upstart-control-nodejs-forever.html)

description "Spigot Anti-Piracy Backend Server"
author "timbru31"

# Start up when the system hits any normal runlevel, and
# shuts down when the system goes to shutdown or reboot.
start on filesystem or runlevel [2345]
stop on runlevel [06]

setuid example
# The user's home directory
env HOME=/home/example
env PORT=3005
env BLACKLISTED_USERS_FILE=/home/example/banned_users.txt

# automatically respawn
respawn
respawn limit 99 5

# Send error messages to the console. Useful for debugging.
#console output

script
  spigot-anti-piracy-backend
end script

Development

You can watch the app.js for file changes via the task

$ npm run watch

It uses Nodemon to watch for file changes and re-starts the server using babel-node instead of node.

Test are run via

$ npm run test

The code is linted using ESLint using the babel-eslint parser. Keep the warnings to zero. :smile:

Please make sure they all pass and add new ones when you develop new stuff! :smile:

Please follow the commitizen style when making new commits!

Future

Since this is a blacklist solution, a planned future is to validate the supplied user id against the buyers of the premium plugin. Only when it's on the list, the plugin is allowed to start (as long, as the user is not blacklisted).

The following document query can be used to retrieve an array of all user id's who bought the plugin:

let buyers = Array.from(document.querySelector('.memberList').querySelectorAll('a.username'));
buyers.forEach((elem, index, arr) => {
  arr[index] = parseInt(elem.pathname.replace(/\/members\/[-_a-zA-Z0-9]+\./, '').replace('/', ''));
});

The project is written using bleeding edge software. I'm trying my best to keep it updated. Greenkeeper is helping me to do so, by making pull request for dependency updates. Thanks for this great service! :rocket:

When Node is ready for async/await, I'm planning to remove all the Babel stuff again. (as soon as Koa 2.0 becomes stable)

License

This plugin is released under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) license.

Please see LICENSE.md for more information.

Changelog

0.5.1 (2016-05-25)

chore

• tets against Node 6, too (bca1c47fd61af355a6c77817de7b301d109f77f8)
• update dependencies (8dde026e140188a430f61d0d5abfe2b6e1738b81)
• updated babel-eslint (fb09519c944a03256923a93a3a5b9caccde8ae61)
• updated depndencies (a0605c8e588ce8d21dff00f95471905e5a1dc718)

fix

• typo in log message (ba83e4aac6ceeb30789b9731f47cb772d79c04c6)

<a name="0.5.0"></a>