OPShield

[1.2.0] — 2026-03-15

🐛 Bug Fixes (7 fixes)

BUG-1 — Deprecated ChatColor API replaced with Adventure LegacyComponentSerializer

• Root cause: getMsg() used ChatColor.translateAlternateColorCodes('&', msg), which is deprecated in Paper 1.21 and produces build warnings.
• Fix: Replaced with LegacyComponentSerializer.legacyAmpersand().deserialize(raw). All sendMessage() calls now pass Component objects. Added helper methods send(sender, key) and sendReplaced(sender, key, ...) to centralise message dispatch. Bukkit.broadcastMessage() replaced with Bukkit.broadcast().

BUG-2 — allow_op_reload: false had no effect on console

• Root cause: The reload handler checked !allowOpReload && sender instanceof Player first, so console senders (who are not instanceof Player) skipped the check entirely and were always permitted.
• Fix: The behaviour is now explicit and documented: allow_op_reload intentionally controls in-game players only. Console is always allowed to reload. Added a clear comment in code and updated the README to document this intent. The help message was also updated to reflect the correct usage.

BUG-3 — savePersistentData() blocked the main thread with I/O

• Root cause: Every wrong password attempt triggered savePersistentData() synchronously on the main server thread, writing to data.yml via file I/O which can stall the tick cycle on loaded servers.
• Fix: savePersistentData() now snapshots the maps on the main thread (thread-safe, fast), then dispatches the actual file write via Bukkit.getScheduler().runTaskAsynchronously(). onDisable() still saves synchronously because async tasks may not execute during shutdown.

BUG-4 — No way to manually unlock a locked-out player

• Root cause: When a player was locked out there was no command to lift the lockout. Admins had to either wait for the timer or delete data.yml entirely.
• Fix: Added /opshield unlock <player|ip> command. Accepts either a player name (matched case-insensitively) or an IP address (dots automatically converted to underscores to match the storage key). Clears failedAttempts, lockoutTimestamps, and lockoutCount for the matching key. Requires opshield.unlock permission (default: op). New unlock_success and unlock_not_found message keys added to all language files.

BUG-5 — Lockout reset allowed infinite brute-force with fixed delay

• Root cause: When a lockout expired, isLockedOut() cleared both lockoutTimestamps and failedAttempts, resetting the counter to zero. An attacker could attempt max-attempts - 1 wrong passwords, wait out the lockout, and repeat indefinitely without ever receiving a longer penalty.
• Fix: Introduced lockoutCount (persisted in data.yml as lockout_count). Each time a lockout is triggered, the count increments and the duration doubles: lockoutDurationMinutes * 2^(count-1), capped at 24 hours. On successful authentication the failedAttempts and lockoutTimestamps are cleared, but lockoutCount is preserved so repeated abuse continues to receive longer lockouts. The unlock command (BUG-4) clears all three maps.

BUG-6 — Command block / server-console bypass is documented (not a code bug)

• Root cause: Lockout and whitelist checks are gated on sender instanceof Player — command blocks and other plugins dispatching /op bypass these checks by design because they have no IP address.
• Fix: Added explicit documentation in README explaining this is intentional. Server administrators are advised to restrict physical/panel access to prevent console-level abuse.

BUG-7 — CommandMap reflection failure was fully silent

• Root cause: If getCommandMap() reflection failed (e.g., custom server forks, future API changes), the exception was caught by a bare catch (Exception ignored) block with no log output, making diagnosis impossible.
• Fix: Replaced ignored with a getLogger().fine(...) call that logs the failure at FINE level with the command name and exception message. This appears in debug logs without spamming the console under normal operation.

✨ New Features

• /opshield unlock <player|ip> — manually clear lockout for a player or IP (opshield.unlock permission)
• /opshield (no args) — now shows a brief help line instead of an error
• /ops alias added for /opshield
• Exponential backoff: lockout duration doubles per repeat offender (capped at 24 h)
• Language file defaults auto-merged from jar — new keys appear automatically in existing language files without requiring users to recreate them

🔧 Other Changes

• pom.xml: version → 1.2.0; switched dependency from spigot-api to paper-api (Paper bundles Adventure — no extra shade required); compiler source/target bumped from Java 17 → Java 21 (maven.compiler.release)
• plugin.yml: version → 1.2.0; added opshield.unlock permission; updated descriptions; added /ops alias
• All 3 language files (en, vn, ru): added unlock_success and unlock_not_found keys; updated lockout_message to mention increasing duration

---