feat: add Minecraft 26.1 (protocol 775) support (#679)

* fix: Modern Forge (FML2/FML3) proxy support and LoginPluginMessage codec

Fix several bugs preventing Forge 1.13-1.20.1 clients from connecting
through Gate to modded backend servers:

- Fix LoginPluginMessage to use raw bytes instead of length-prefixed
  encoding, matching the Minecraft protocol spec and LoginPluginResponse.
  This also fixes Velocity forwarding version negotiation which silently
  fell back to v1.
- Add FML2/FML3 marker detection in handshake connection type. Forge
  1.13-1.20.1 clients use these tokens instead of FORGE.
- Preserve FML2/FML3 tokens in ModernToken() when connecting to backend.
- Add BungeeForge extraData property to legacy and BungeeGuard forwarding
  so backend servers with BungeeForge can identify Forge clients.
- Add omitempty to Property.Signature JSON tag to avoid empty signatures
  in forwarded properties.

Closes #613

* test: add Forge e2e tests verifying FML2/FML3 proxy flow

Add end-to-end tests that simulate the full Forge client connection
flow: handshake detection → backend token preservation → legacy
forwarding with BungeeForge extraData → LoginPluginMessage decoding.

These tests confirm that all bugs from #613 are caught (verified by
running against pre-fix code where they all fail) and fixed.

* feat: add Minecraft 26.1 (protocol 775) support

Port packet ID mappings from Velocity for the new Minecraft 26.1 version.

Synced from: robinbraemer/Velocity#10

* feat: add ServerIdHash to LoginEvent

Port server ID hash from Velocity's LoginEvent so plugins can access
the hash sent to Mojang during online-mode authentication.

* fix: add pre-sizing caps and queue limits to prevent memory exhaustion

Port security hardening from Velocity:
- Cap pre-allocation of arrays decoded from untrusted packet data to
  32768 entries (ReadStringArray, ReadVarIntArray, ReadIntArray,
  AvailableCommands wireNodes) to prevent memory bombs
- Add negative length validation to ReadStringArray
- Add max queue length (1024 packets) to PlayPacketQueue to prevent
  unbounded memory growth from malicious or buggy peers

* fix: cap pre-allocation in more packet decode methods

Cap slice/map pre-allocations from untrusted VarInt lengths in:
- playerinfo.Remove: cap UUID slice allocation
- CustomReportDetails: cap map allocation
- KnownPacks: cap slice allocation for clientbound direction

* test: add tests for 26.1 packet IDs, reader caps, and queue limit

- Test all 28 packet ID mappings for Minecraft 26.1 (serverbound + clientbound)
- Test ReadStringArray, ReadVarIntArray, ReadIntArray negative length rejection
- Test capped allocation prevents OOM from huge untrusted lengths
- Test roundtrip encode/decode for string and varint arrays
- Test PlayPacketQueue max limit and nil safety

* refactor: simplify pre-alloc caps and fix naming

- Export MaxPreAllocSize constant and use it everywhere instead of
  hardcoded 1<<15 magic numbers
- Harden ReadKeyArray and ReadProperties with same pre-alloc cap
  (missed in initial hardening pass)
- Rename ServerIdHash to ServerIDHash per Go naming conventions

* style: go fmt

* fix: check error returns in tests (lint)

* fix: use %g format for float32 quota.OPS in validation error

Author: robinbraemer

pkg/edition/java/config/config.go

@@ -204,7 +204,7 @@ func (c *Config) Validate() (warns []error, errs []error) {
 	for _, quota := range []QuotaSettings{c.Quota.Connections, c.Quota.Logins} {
 		if quota.Enabled {
 			if quota.OPS <= 0 {
-				e("Invalid quota ops %d, use a number > 0", quota.OPS)
+				e("Invalid quota ops %g, use a number > 0", quota.OPS)
 			}
 			if quota.Burst < 1 {
 				e("Invalid quota burst %d, use a number >= 1", quota.Burst)

pkg/edition/java/forge/modernforge/modern.go

@@ -9,11 +9,17 @@ import (
 const Token = "FORGE"
 
 // ModernToken aligns the acquisition logic with the internal code of Forge.
+// It preserves FML2/FML3 tokens for Forge 1.13-1.20.1, and FORGE tokens for 1.20.2+.
 func ModernToken(hostName string) string {
 	natVersion := 0
 	idx := strings.Index(hostName, "\000")
 	if idx != -1 {
 		for _, pt := range strings.Split(hostName, "\000") {
+			// FML2 (1.13-1.17) and FML3 (1.18-1.20.1) use their own tokens
+			// with trailing null bytes as part of the Forge handshake format.
+			if strings.HasPrefix(pt, "FML2") || strings.HasPrefix(pt, "FML3") {
+				return "\000" + pt + "\000"
+			}
 			if strings.HasPrefix(pt, Token) {
 				if len(pt) > len(Token) {
 					natVersion, _ = strconv.Atoi(pt[len(Token):])

pkg/edition/java/forge/modernforge/modern_test.go

@@ -0,0 +1,48 @@
+package modernforge
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestModernToken(t *testing.T) {
+	tests := []struct {
+		name     string
+		hostName string
+		want     string
+	}{
+		{
+			name:     "FORGE token without NAT version",
+			hostName: "server.example.com\000FORGE",
+			want:     "\000FORGE",
+		},
+		{
+			name:     "FORGE token with NAT version 2",
+			hostName: "server.example.com\000FORGE2",
+			want:     "\000FORGE2",
+		},
+		{
+			name:     "FML2 token (Forge 1.13-1.17)",
+			hostName: "server.example.com\000FML2\000",
+			want:     "\000FML2\000",
+		},
+		{
+			name:     "FML3 token (Forge 1.18-1.20.1)",
+			hostName: "server.example.com\000FML3\000",
+			want:     "\000FML3\000",
+		},
+		{
+			name:     "no token",
+			hostName: "server.example.com",
+			want:     "\000FORGE",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := ModernToken(tt.hostName)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}

pkg/edition/java/netmc/connection.go

@@ -344,7 +344,11 @@ func (c *minecraftConn) bufferPacket(packet proto.Packet, canQueue bool) (err er
 		c.mu.Lock()
 		playPacketQueue := c.playPacketQueue
 		c.mu.Unlock()
-		if playPacketQueue.Queue(packet) {
+		queued, queueErr := playPacketQueue.Queue(packet)
+		if queueErr != nil {
+			return queueErr
+		}
+		if queued {
 			// Packet was queued, don't write it now
 			c.log.V(1).Info("queued packet", "packet", fmt.Sprintf("%T", packet))
 			return nil

pkg/edition/java/profile/gameprofile.go

@@ -57,7 +57,7 @@ func (g *GameProfile) UnmarshalJSON(data []byte) (err error) {
 type Property struct {
 	Name      string `json:"name"`
 	Value     string `json:"value"`
-	Signature string `json:"signature"`
+	Signature string `json:"signature,omitempty"`
 }
 
 func (p *Property) String() string {

pkg/edition/java/proto/packet/available_commands.go

@@ -155,13 +155,13 @@ func (a *AvailableCommands) Decode(c *proto.PacketContext, rd io.Reader) error {
 	if err != nil {
 		return err
 	}
-	wireNodes := make([]*WireNode, commands)
+	wireNodes := make([]*WireNode, 0, min(commands, util.MaxPreAllocSize))
 	for i := 0; i < commands; i++ {
 		wn := &WireNode{IDx: i}
 		if err = wn.decode(rd, c.Protocol); err != nil {
 			return err
 		}
-		wireNodes[i] = wn
+		wireNodes = append(wireNodes, wn)
 	}
 
 	var ok bool

pkg/edition/java/proto/packet/config/KnownPacks.go

@@ -26,11 +26,11 @@ func (p *KnownPacks) Decode(c *proto.PacketContext, rd io.Reader) error {
 	if c.Direction == proto.ServerBound && packCount > MaxLengthPacks {
 		return fmt.Errorf("%w: %d", ErrTooManyPacks, packCount)
 	}
-	packs := make([]KnownPack, packCount)
+	packs := make([]KnownPack, 0, min(packCount, MaxLengthPacks))
 	for i := 0; i < packCount; i++ {
 		var pack KnownPack
 		pack.Read(rd)
-		packs[i] = pack
+		packs = append(packs, pack)
 	}
 	p.Packs = packs
 	return nil

pkg/edition/java/proto/packet/customreportdetails.go

@@ -24,7 +24,7 @@ func (p *CustomReportDetails) Decode(c *proto.PacketContext, rd io.Reader) (err
 	r := protoutil.PanicReader(rd)
 	var detailsCount int
 	r.VarInt(&detailsCount)
-	p.Details = make(map[string]string, detailsCount)
+	p.Details = make(map[string]string, min(detailsCount, protoutil.MaxPreAllocSize))
 	for i := 0; i < detailsCount; i++ {
 		var key, value string
 		r.String(&key)

pkg/edition/java/proto/packet/login.go

@@ -412,15 +412,18 @@ func (l *LoginPluginMessage) Encode(_ *proto.PacketContext, wr io.Writer) error
 	w := util.PanicWriter(wr)
 	w.VarInt(l.ID)
 	w.String(l.Channel)
-	w.Bytes(l.Data)
-	return nil
+	// Data is the remaining bytes in the packet (not length-prefixed),
+	// same format as LoginPluginResponse.Data.
+	return util.WriteRawBytes(wr, l.Data)
 }
 
 func (l *LoginPluginMessage) Decode(_ *proto.PacketContext, rd io.Reader) (err error) {
 	r := util.PanicReader(rd)
 	r.VarInt(&l.ID)
 	r.String(&l.Channel)
-	l.Data, err = util.ReadBytes(rd)
+	// Data is the remaining bytes in the packet (not length-prefixed),
+	// same format as LoginPluginResponse.Data.
+	l.Data, err = util.ReadRawBytes(rd)
 	if errors.Is(err, io.EOF) {
 		// Ignore if we couldn't read data
 		return nil

pkg/edition/java/proto/packet/login_plugin_message_test.go

@@ -0,0 +1,106 @@
+package packet
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.minekube.com/gate/pkg/edition/java/proto/util"
+	"go.minekube.com/gate/pkg/edition/java/proto/version"
+	"go.minekube.com/gate/pkg/gate/proto"
+)
+
+// TestLoginPluginMessage_WireFormat verifies that LoginPluginMessage.Data is encoded
+// as raw remaining bytes (NOT length-prefixed), matching the Minecraft protocol spec
+// and consistent with LoginPluginResponse which already uses raw bytes.
+func TestLoginPluginMessage_WireFormat(t *testing.T) {
+	msg := &LoginPluginMessage{
+		ID:      42,
+		Channel: "velocity:player_info",
+		Data:    []byte{0x04}, // e.g. forwarding version 4
+	}
+
+	ctx := &proto.PacketContext{
+		Direction: proto.ClientBound,
+		Protocol:  version.Minecraft_1_20_2.Protocol,
+	}
+
+	// Encode
+	var buf bytes.Buffer
+	require.NoError(t, msg.Encode(ctx, &buf))
+	encoded := buf.Bytes()
+
+	// Manually build the expected wire format:
+	// VarInt(42) + String("velocity:player_info") + raw byte 0x04
+	var expected bytes.Buffer
+	util.PanicWriter(&expected).VarInt(42)
+	util.PanicWriter(&expected).String("velocity:player_info")
+	expected.WriteByte(0x04) // raw data, no length prefix
+	assert.Equal(t, expected.Bytes(), encoded,
+		"LoginPluginMessage data must be written as raw bytes, not length-prefixed")
+
+	// Verify decode reads raw bytes (no length prefix)
+	decoded := &LoginPluginMessage{}
+	require.NoError(t, decoded.Decode(ctx, bytes.NewReader(encoded)))
+	assert.Equal(t, 42, decoded.ID)
+	assert.Equal(t, "velocity:player_info", decoded.Channel)
+	assert.Equal(t, []byte{0x04}, decoded.Data,
+		"Decoded data should be the raw remaining bytes")
+}
+
+// TestLoginPluginMessage_MultiByteData tests with larger data payloads.
+func TestLoginPluginMessage_MultiByteData(t *testing.T) {
+	data := []byte("hello forge handshake data")
+	original := &LoginPluginMessage{
+		ID:      1,
+		Channel: "fml:loginwrapper",
+		Data:    data,
+	}
+
+	ctx := &proto.PacketContext{
+		Direction: proto.ClientBound,
+		Protocol:  version.Minecraft_1_20.Protocol,
+	}
+
+	var buf bytes.Buffer
+	require.NoError(t, original.Encode(ctx, &buf))
+
+	// Build expected wire format manually
+	var expected bytes.Buffer
+	util.PanicWriter(&expected).VarInt(1)
+	util.PanicWriter(&expected).String("fml:loginwrapper")
+	expected.Write(data) // raw data
+	assert.Equal(t, expected.Bytes(), buf.Bytes(),
+		"Multi-byte data must be written as raw bytes")
+
+	decoded := &LoginPluginMessage{}
+	require.NoError(t, decoded.Decode(ctx, bytes.NewReader(buf.Bytes())))
+	assert.Equal(t, original.ID, decoded.ID)
+	assert.Equal(t, original.Channel, decoded.Channel)
+	assert.Equal(t, data, decoded.Data)
+}
+
+// TestLoginPluginMessage_EmptyData tests with no data payload.
+func TestLoginPluginMessage_EmptyData(t *testing.T) {
+	original := &LoginPluginMessage{
+		ID:      5,
+		Channel: "test:channel",
+		Data:    nil,
+	}
+
+	ctx := &proto.PacketContext{
+		Direction: proto.ClientBound,
+		Protocol:  version.Minecraft_1_20.Protocol,
+	}
+
+	var buf bytes.Buffer
+	require.NoError(t, original.Encode(ctx, &buf))
+
+	decoded := &LoginPluginMessage{}
+	require.NoError(t, decoded.Decode(ctx, &buf))
+
+	assert.Equal(t, original.ID, decoded.ID)
+	assert.Equal(t, original.Channel, decoded.Channel)
+	assert.Empty(t, decoded.Data)
+}