• Table of Contents
• Introducation
• Workflows With Screenshots:
  • For Players:
  • For Ops:
  • For Server Owner:
• Deployment & Configurations
  • Deployment using docker-compse
• Local Dev Setup
• Custimizations
• Feature Requests
• License
• Contact
• Built With

Gatekeeper aims to make whitelist application and management for Minecraft server easier than ever before.

What's provided out of the box:

• An easy-to-use self-serve web interface for players to apply for the whitelist
• Email dispatching mechanism for Ops to process incoming requests
• Real-time confirmation and notification emails to users for application status update
• One-click processing workflow for Ops to deny/approve user applications
• Automatic grant whitelist for approved users on the server via RCON
• Management and monitoring dashboard for the server owner
• Rich configuration and customization options (see below)
• Multi-language support with builtin Chinese translation

On top of these, it is implemented with security(encryotion; private endpoints token-based authentication) and fault-torlance(retry operations; message queue connection recovery mechaism) in mind.

• Players apply for whitelist by filling in required information and complete Minecraft account verification process on the website

• Once an application is submitted, the player will receive a confirmation email with a link to view his/her current application status

• Once the application is approved, the player's Minecraft username will be granted whitelist on the Minecraft server and the player will receive a notification email

• If the application is denied, the player will be notified via email as well. The player will be able to re-submit another application

• Key features:

  • Form submission is protected by Google Recaptcha
  • Process in place to verify the player's Minecraft username to prevent identity misuse
  • Disallow repeat/duplicate application from the same user
  • Asynchronous message processing model which improves responsiveness
  • Encoded and encrypted status check the link to prevent access from unintended users

• Assigned Ops of each application will be notified via email and will be provided with an action link. On the action page, Ops could view the application details and deny/approve the corresponding application by a single click

• Optionally, Ops could add a note for that application when making decisions for future references

• Key features:

  • No login required for Ops to simplify the workflow
  • Encryption and encoding in place to prevent misuse: the action page is only visible for Ops who are assigned with a particular application. Once an application is resolved, it will no longer be available.

• Server owner could view/monitor/manage all applications through the management dashboard which are only accessible with configured root credentials

• Key features:

  • Centralized dashboard to manage all applications, view aggregate stats.
  • Able to export application entries to external CSV files
  • The dashboard login page is also protected by Recaptcha to enhance security

For simple deployment, you could follow the steps below using docker compose. I've also provided Helm chart to deploy on Kubernetes cluster for more reliable production use case(advanced). For a brief walkthrough for Kubernetes deployment please check out the wiki page:

https://github.com/tywin1104/mc-gatekeeper/wiki/Walk-through-deployment-in-Kubernetes-cluster-with-Helm

• Clone the repo onto your workstation / Linux virtual machine(EC2, droplet...)

• Make sure docker and docker-compose is installed on your workstation

• Create config.yaml inside the server directory. Fill in the values according to your setup. (see config_sample.yaml for reference)

  mongodbConn: mongodb://mongo:27017 rabbitMQConn: amqp://guest:guest@rabbitmq

  Keep these two configuration value as above.

• Inside docker-compose.yaml, change RECAPTCHA_SITEKEY to your recaptcha sitekey(v2 invisible)

• If you are running in a machine with domain name DNS configured, you need to change FRONTEND_DEPLOYED_URL in docker-compose.yaml to be your domain address instead of localhost.

• run docker-compose up -d

• Once the process is finished, go to http://localhost or your configured domain address to view the application

Note: The web app part (frontend) is intended to be publicly accessible across the Internet and the backend server API should be consumed only by the client application for security reasons. A running MongoDB and RabbitMQ instance are required components for the system.

More to come...

Open API Spec for the backend server

Here are some possible trivial custimizations that could be done that fits your need. Different from changing the configuration values, these will incur minor code change and require rebuilding the image to your own container registry in order to deploy

• Add/ Change translations for multilanguages

  See app/locale directory for translation files

• Add fields to the whitelist request form

• Style custimization for the frontend app page.

• Change Email templates

  See server/mailer/templates

• .....

Please open a issue to request a feature or make a contact directly

Distributed under the MIT License. See LICENSE for more information

Tianyi Zhang - [email protected]

• React
• Bootstrap
• Material UI
• Recaptcha
• Go
• RabbitMQ
• MongoDB