Back to Directory Moderator Gating Spec

CrestDuty Specifications

A secure verification gate requiring password authorization for administrative command access. Developed and maintained by AdithyaDev.

Problem

If a moderator or administrator account is compromised (e.g. through credential leaks, session theft, or offline account hijacking on cracked launchers), the malicious actor immediately obtains full access to creative spawns, item drops, and game management commands, presenting a high risk of server griefing.

Architecture

CrestDuty intercepts administrative commands and creative inventory interactions using low-level event listeners. Upon joining, staff members are placed in a locked state. They cannot execute commands, open inventories, move items, or drop loot until they authorize by running /duty <password>.

Technical Highlights

  • Initial Credentials Setup: Enforces password and nickname configuration via /duty set on first use.
  • Activity Auditing: Isolates logs for commands, creative item spawns, drops, and coordinates during duty sessions.
  • Locked State Pipeline: Hooks into movement, interaction, and chat events to deny unauthorized commands.

Results

  • Protected Operations: Secures critical administrative features against hijacked staff sessions.
  • Unified Event Audit Logs: Clean command logs allow quick investigations of staff activities.

Specifications

  • Platform: PaperMC (Java)
  • Authorization: In-Game Password
  • Deny Pipeline: Strict Events Gating
  • Logs: Dedicated Local File

Technologies Used

JavaPaper APIPassword HashingEvents Pipeline

Architect

Designed and built by AdithyaDev for CrestMC.

Developer Info