
SideGate
SideGate is a Minecraft server plugin that provides a hybrid authentication system for mixed-access environments. Premium players can join normally through Mojang authentication, while administrators may optionally allow specific non-authenticated accounts
Обновлён 17 июня 2026 г. · опубликован 1 января 2026 г.
SideGate

Hybrid Access Control for Online-Mode Servers
Keep online-mode security while selectively allowing administrator-approved guest accounts.

What is SideGate?
SideGate is a Bukkit-compatible plugin (Spigot/Paper/Purpur) designed for servers that want to keep online-mode=true while selectively allowing administrator-approved guest accounts.
Authenticated players continue using the server's standard login flow, while approved guest accounts are handled through configurable SideGate access policies.
Why use SideGate?
- Keep standard online-mode behavior for authenticated players.
- Avoid changing the entire server authentication mode.
- Control exactly which guest accounts may join.
- Apply restrictions and visual labels to guest accounts.
Core Features
- Hybrid Login Flow: Authenticated players use the standard server login process, while approved guest accounts follow SideGate access rules.
- Manual Account Override:
premium-usernamescan always follow the standard login path. - Guest Admission Policy: Use
allow-all-guestsorallowed-guests. - Optional Account Detection: Optional account status lookup with internal cache (
auto-detect-premium). - Floodgate/Geyser Support: Automatically bypass guest classification for detected Bedrock players when either Bukkit plugin is installed.
- Guest Handling: Apply guest tags, GameModes, titles, subtitles, and messages.
- Guest Chat Prefix: Prefix applies to guest-tagged players only.
- Runtime Reload:
/sidegate reload. - Public API: Addon plugins can integrate through SideGate API services.
Installation
Required dependency: ProtocolLib (SpigotMC)
https://www.spigotmc.org/resources/protocollib.1997/
- Install ProtocolLib (5.x+).
- Optionally install Floodgate and/or Geyser-Spigot for automatic Bedrock detection.
- Put the SideGate
.jarfile in your/pluginsfolder. - Set
online-mode=trueinserver.properties. - Start or restart the server.
Configuration Example
# SideGate Configuration
enable-guest-mode: true
auto-detect-premium: true
allow-all-guests: false
premium-usernames:
- "TamKungZ"
premium-session-failure:
action: "KICK_WITH_MESSAGE" # or FALLBACK_TO_GUEST
message: "&cThis username belongs to a Premium account.\n&eChange your username and try again."
allowed-guests:
- "FriendName1"
- "FriendName2"
guest-settings:
default-gamemode: "SURVIVAL"
chat-prefix: "&7[Guest] &r"
messages:
join-title: "&cACCESS RESTRICTED"
join-subtitle: "&7Guest Mode"
join-message:
- "&c=================================="
- "&6 Welcome to SideGate Protocol"
- "&7 Account Status: &cGuest (Non-License)"
- "&7 You have restricted gameplay access."
- "&c=================================="
Requirements
- Java: 17+
- Server: Spigot / Paper / Purpur (Bukkit-compatible)
- Dependency: ProtocolLib 5.x+ (SpigotMC) (GitHub)
- Optional integrations: Floodgate, Geyser-Spigot
Bug Reports
Submit issues at:
https://github.com/TamKungZ/SideGate/issues
Please include:
- Server software + exact version
- Java version
- ProtocolLib version
- SideGate version
- Relevant startup/login logs
Project Status & License
Closed Source
- Normal server usage is allowed.
- Separate addon plugins using the SideGate public API are allowed.
- Modification, redistribution, or repackaging is not allowed without permission.
- Commercial use or monetization requires prior permission via email: kittiwut.pimpromma@gmail.com
Public reference snapshot:
https://github.com/TamKungZ/SideGate (sidegate-1.0.0-rc.1)
Security Notice
Guest account access may introduce identity verification limitations. For trusted/private servers, additional authentication or permission management plugins are recommended.
Версии
| Версия | Канал | Игра | Загрузчики | Дата | Скачать |
|---|---|---|---|---|---|
| 1.2.2 | Бета | 1.21.11, 26.1, 26.1.1, 26.1.2 | bukkit, paper, purpur, spigot | 17 июня 2026 г. | Скачать (69 КБ) |
| 1.2.1 | Релиз | 1.21.11, 26.1, 26.1.1, 26.1.2 | bukkit, paper, purpur, spigot | 10 июня 2026 г. | Скачать (65 КБ) |
| 1.2.0 | Релиз | 1.21.11, 26.1, 26.1.1, 26.1.2 | bukkit, paper, purpur, spigot | 19 мая 2026 г. | Скачать (30 КБ) |
| 1.0.1 | Релиз | 1.21.8, 1.21.9, 1.21.10, 1.21.11 | bukkit, paper, purpur, spigot | 1 января 2026 г. | Скачать (12 КБ) |
Ченджлог
1.2.2Бета26.1, 26.1.1, 26.1.2 · 17 июня 2026 г.
SideGate 1.2.2
Release date: 2026-06-10
Added
- Added
proxy-mode.enabledfor Bukkit backends connected through SideGate for Velocity. - Added platform-neutral
LoginDecisionresults andevaluateLogin(String)to the public API. - Added
isProxyModeEnabled()to the public API. - Added configurable Velocity login-decision logging and a Premium-session failure message.
Changed
- Velocity now owns Premium/Guest login decisions while Bukkit proxy mode only applies Guest tags, gamemode, titles, messages, and chat prefix.
- ProtocolLib remains a required dependency for every Bukkit installation, including proxy-mode backends.
- Velocity Premium checks now fail closed on invalid usernames, Mojang API errors, and unexpected responses.
- Velocity Premium checks now use asynchronous HTTP with request deduplication instead of blocking the pre-login handler.
- Velocity now preserves prior Floodgate/authentication-plugin decisions and tracks Guest candidates by connection with expiration.
- Velocity login routing is disabled when
online-modeis false or modern player forwarding is not configured. - Velocity now replaces its generic invalid-session response for Premium-name conflicts with the configured SideGate message.
allow-all-guestsnow defaults totruein both editions.
1.2.1Релиз26.1, 26.1.1, 26.1.2 · 10 июня 2026 г.
SideGate 1.2.1
Release date: 2026-06-10
Added
- Optional Floodgate and Geyser-Spigot integration. Detected Bedrock players stay on the Floodgate/Geyser authentication path and are not classified or tagged as SideGate guests.
- Soft dependencies for
floodgateandGeyser-Spigot; neither plugin is required when Bedrock support is not used. - Added configurable
premium-session-failure.actionwithKICK_WITH_MESSAGEandFALLBACK_TO_GUESTmodes. - Added a configurable Premium-name conflict message. SideGate compares the login UUID with the official Mojang profile before encryption so cracked launchers that abort on HTTP 401 receive the configured message.
- Added Guest fallback for Premium-name UUID mismatches before encryption, plus same-connection fallback when an invalid encrypted session response is available.
Changed
- Mojang profile lookups now run through ProtocolLib's asynchronous listener path to avoid blocking the packet thread.
- Premium lookup cache entries now expire after 10 minutes and use bounded eviction instead of clearing the entire cache.
- Premium lookup cache entries now retain the official Mojang UUID for early Premium-name conflict detection.
- Mojang API errors, invalid responses, and invalid Java usernames now fail closed by leaving authentication to the server instead of granting guest access.
- Guest connection selection now requires an exact address match or matching login profile name; unsafe cross-connection and port-only fallbacks were removed.
- Removed duplicate
[SideGate]text from plugin logger messages because Bukkit already adds the plugin name. - Compatibility and issue-report startup notices now use
INFO; the ProtocolLib dev-build warning is skipped when a development build is already installed.
Fixed
- Fixed Floodgate/Geyser Bedrock players being treated as non-premium guests.
- Fixed a possible guest injection mix-up when multiple login connections were pending.
- Fixed a ProtocolLib
TemporaryPlayerwarning and stack trace caused by reading an unavailable UUID during early login.
1.2.0Релиз26.1, 26.1.1, 26.1.2 · 19 мая 2026 г.
SideGate 1.2.0
Release date: 2026-05-18
Added
- Runtime API service (
SideGateApi) exposed through BukkitServicesManagerfor addon/plugin integration. - Runtime reload support with
/sidegate reloadto re-read config and rebind listeners. - Guest handling improvements: guest scoreboard tag, configurable join title/subtitle/messages, and guest-only chat prefix.
Changed
- ProtocolLib is now
compileOnlyto avoid shading/packaging ProtocolLib into SideGate and prevent classloader conflicts. - Login-state injection path was adjusted to prefer stable accept states (
READY_TO_ACCEPT, fallbackACCEPTED) to reduce non-premium login timeouts. - Defensive ProtocolLib runtime checks were added to avoid
NullPointerExceptionwhen ProtocolManager is temporarily unavailable. - Guest login injection now cancels login at
STARTand immediately injects approved guests, with delayed fallback retained for packet-order edge cases. - Post-auth login pipeline now supports modern
GameProfilemethod signatures (verifyLoginAndFinishConnectionSetup,startClientVerification,finishLoginAndWaitForClient) for newer Paper builds.
Fixed
- Fixed startup failure where
ProtocolLibrary.getProtocolManager()could benulland crash plugin enable/disable. - Fixed guest login flow instability causing repeated guest injection and disconnect timeout behavior in hybrid mode.
- Fixed
Invalid session/timeout on Paper 1.21.11 when guest login state advanced incompletely.
Compatibility
- Server: Paper/Spigot/Purpur (Bukkit-compatible)
- Tested: Paper 1.20.1, Spigot 1.20.1, Paper 1.21.11
- Practical compatibility range from implementation behavior: 1.20.1-1.21.11 (with ProtocolLib dev build recommended for 1.21.9+)
- Java: 17+
- Dependency: ProtocolLib 5.x+
Notes
- For hybrid guest mode operation, set
enforce-secure-profile=falseinserver.properties. - Keep
online-mode=true; SideGate handles approved guest flow without globally switching offline mode. - Added startup warning for Minecraft
1.21.9-26.xto recommend ProtocolLib dev build:https://github.com/dmulloy2/ProtocolLib/releases/tag/dev-build.
1.0.1Релиз1.21.9, 1.21.10, 1.21.11 · 1 января 2026 г.
SideGate v1.0.1 Changelog
New Features & Enhancements
- Hybrid Auto-Detection System
- Implemented intelligent Mojang API integration. The plugin now automatically verifies if a connecting username belongs to a paid Minecraft account.
- Premium Players: Automatically routed through the standard secure login process (preserving skins and UUIDs).
- Guest/Cracked Players: Automatically redirected to the guest injection protocol without manual intervention.
- Config Option:
auto-detect-premium: true(Enabled by default).
- Premium Override List
- Added a
premium-usernamesconfiguration list. - Allows administrators to manually force specific usernames to be treated as Premium, bypassing the API check. This is useful for staff security or in cases of API downtime.
- Added a
- Performance Optimization
- Introduced
ConcurrentHashMapcaching for API results. This minimizes external HTTP requests and prevents login lag during peak traffic. - Added a cache cleanup mechanism to prevent memory overflow.
- Introduced
Bug Fixes & Stability
- UUID Handling: Refined the logic for detecting Offline UUIDs (Version 3) to ensure guest restrictions are applied correctly only to non-premium players.
- Packet Injection: Improved the stability of the
Login.Client.STARTpacket listener to reduce potential conflicts with other protocol-based plugins.
Configuration Changes
- Added
auto-detect-premium(boolean) to toggle the hybrid detection system. - Added
premium-usernames(list) for manual premium overrides. - Updated default messages to clearer, more professional wording.
Upgrade Instructions: To utilize the new features, please regenerate your config.yml or manually add the new auto-detect-premium and premium-usernames keys to your existing configuration.
Комментарии
Загружаем…



