[request] Add support for MCLeaksApiClient
TomLewis opened this issue ยท 2 comments
Please add support for MCLeaks account checking, to check for temporary accounts used to hack, there is a api available to use.
https://github.com/TheMrGong/MCLeaksApiClient
Can you provide some more requirements? Is this supposed to be a command? Warnings on login? Automatic bans? Disallow joins?
I'd also need some further information from @TheMrGong before implementing this
- How does the API check this data?
- How accurate is it? What's the likely hood of false positives?
- How reliable is the API service?
- Will integrating with it generate too much traffic for your current server(s) to handle?
- Will it be available for the foreseeable future?
The API runs off of a private extension which gets accounts from MCLeaks' website and submits tokens to my server. Your requests are compared against an existing list of accounts to see if it matches any existing accounts.
False-positives are rare, generally when a player has changed their password and is their account isn't accessible but their name is still in the database. A unique advantage my database has is it stores account tokens so that I can check and see if accounts are still available. Since day 1 I've had the ability to check accounts, which allows someone who believes their account is unfairly marked as MCLeaks to request it be removed.
In terms of reliability, I've implemented failover in the case of either server crashes or me updating the server. I haven't had an issue with it so far, and it ensures even if the main server is down, you can still check accounts. In any case, if there wasn't failover, then joining wouldn't be impeded, but MCLeaks checks wouldn't work.
Currently, the server handles ~200 requests an hour with no issues. I've ran a crude test and I've seen the server handle reliably ~100 requests a second. If performance truly becomes an issue I have 3 plans for that case. A small fix such as improving caches, then using money I have on standby to upgrade the server and finally, purchasing more servers to implement load balancing.
The API itself has been running in private for a while, only recently has it become public. I have no plans to discontinue the service as I use it myself in a variety of private projects.