diff --git a/docs/planning/dynamic-servers-page-implementation.md b/docs/planning/dynamic-servers-page-implementation.md index 538ca30..81a8282 100644 --- a/docs/planning/dynamic-servers-page-implementation.md +++ b/docs/planning/dynamic-servers-page-implementation.md @@ -17,11 +17,14 @@ Cloudflare Workers acting as a serverless proxy between the website and Pterodac **Why This Architecture:** - ✅ **Serverless:** No VPS to maintain (critical for RV travel!) -- ✅ **Secure:** API keys hidden in Worker environment variables +- ✅ **Secure:** API keys hidden in Worker environment variables, IPs gated behind Discord - ✅ **Fast:** Edge caching protects Pterodactyl from traffic spikes - ✅ **Free:** Cloudflare Workers free tier covers our needs - ✅ **RV-Ready:** Fully decoupled, graceful degradation if panel goes down +**Security Policy:** +Server IP addresses and connection details are **NOT publicly displayed** on the website. They are gated behind Discord access with minimum Awakened tier ($1/month) verification. This drives community engagement and prevents random server scanning. + --- ## Architecture Overview @@ -216,24 +219,27 @@ Key features: - "Pulse" animation for online status (Frost cyan) - Offline status in Fire orange - Player count display (if available) +- **NO IP addresses displayed** (Discord-gated security policy) +- "Join via Discord" call-to-action messaging - Error handling with friendly message - Auto-refresh every 60 seconds **Task 4.2: Add Easy Wins** -1. **Copy IP Button:** -```javascript - -``` - -2. **Auto-Refresh:** +1. **Auto-Refresh:** ```javascript setInterval(() => { fetch(WORKER_URL).then(/* update UI */); }, 60000); // Every 60 seconds ``` +2. **Discord CTA:** +```html +
+

Server IPs available in Discord for Awakened+ members!

+ Join Discord → +
+``` + **Task 4.3: Test on Preview** 1. Commit changes to git 2. Push to Gitea (auto-deploys to GitHub → Cloudflare Pages) @@ -248,11 +254,12 @@ setInterval(() => { - ✅ All servers display - ✅ Status indicators correct (green pulse = online, red = offline) - ✅ Player counts showing (if Pterodactyl provides them) -- ✅ Copy IP buttons work +- ✅ "Join via Discord" messaging clear and prominent - ✅ Auto-refresh updates without page reload - ✅ Mobile responsive (no horizontal scroll!) - ✅ Error message displays if Worker fails - ✅ Loading state shows during fetch +- ✅ NO IP addresses or ports visible on public page --- @@ -420,9 +427,9 @@ Minecraft server status doesn't change rapidly. If a server goes down, users wil ## Future Enhancements (Post-Launch) ### ✅ Easy Wins (Add These!) -1. **Copy IP Button** - One line of JavaScript -2. **Auto-Refresh** - `setInterval` every 60 seconds -3. **Status Pulse Animation** - CSS keyframe already provided +1. **Auto-Refresh** - `setInterval` every 60 seconds +2. **Status Pulse Animation** - CSS keyframe already provided +3. **"Join via Discord" CTA** - Clear messaging directing users to Discord for server IPs ### ⚠️ Possible But Complex 1. **Modpack logos** - Would need image hosting, careful sizing @@ -446,6 +453,14 @@ Minecraft server status doesn't change rapidly. If a server goes down, users wil - ✅ `.dev.vars` file in `.gitignore` - ✅ Service Account has minimal permissions (read-only) +### IP Address Protection (Community Engagement Strategy) +- ✅ Server IPs and ports **NOT displayed** on public website +- ✅ Connection details gated behind Discord access +- ✅ Minimum Awakened tier ($1/month) required +- ✅ Drives community engagement and FOMO +- ✅ Prevents random server scanning and bot attacks +- ✅ Worker still fetches IP data but frontend doesn't render it + ### CORS Configuration - ✅ Only allows `https://firefrostgaming.com` origin - ✅ Rejects requests from other domains