Dedicated Server Software - Minecraft.Server.exe (#498)

* add: Dedicated Server implementation

- Introduced `ServerMain.cpp` for the dedicated server logic, handling command-line arguments, server initialization, and network management.
- Created `postbuild_server.ps1` script for post-build tasks, including copying necessary resources and DLLs for the dedicated server.
- Added `CopyServerAssets.cmake` to manage the copying of server assets during the build process, ensuring required files are available for the dedicated server.
- Defined project filters in `Minecraft.Server.vcxproj.filters` for better organization of server-related files.

* add: refactor world loader & add server properties

- Introduced ServerLogger for logging startup steps and world I/O operations.
- Implemented ServerProperties for loading and saving server configuration from `server.properties`.
- Added WorldManager to handle world loading and creation based on server properties.
- Updated ServerMain to integrate server properties loading and world management.
- Enhanced project files to include new source and header files for the server components.

* update: implement enhanced logging functionality with configurable log levels

* update: update keyboard and mouse input initialization 1dc8a005ed111463c22c17b487e5ec8a3e2d30f3

* fix: change virtual screen resolution to 1920x1080(HD)

Since 31881af56936aeef38ff322b975fd0 , `skinHud.swf` for 720 is not included in `MediaWindows64.arc`,
the app crashes unless the virtual screen is set to HD.

* fix: dedicated server build settings for miniaudio migration and missing sources

- remove stale Windows64 Miles (mss64) link/copy references from server build
- add Common/Filesystem/Filesystem.cpp to Minecraft.Server.vcxproj
- add Windows64/PostProcesser.cpp to Minecraft.Server.vcxproj
- fix unresolved externals (PostProcesser::*, FileExists) in dedicated server build

* update: changed the virtual screen to 720p

Since the crash caused by the 720p `skinHud.swf` not being included in `MediaWindows64.arc` has been resolved, switching back to 720p to reduce resource usage.

* add: add Docker support for Dedicated Server

add with entrypoint and build scripts

* fix: add initial save for newly created worlds in dedicated server

on the server side, I fixed the behavior introduced after commit aadb511, where newly created worlds are intentionally not saved to disk immediately.

* update: add basically all configuration options that are implemented in the classes to `server.properties`

* update: add LAN advertising configuration for server.properties

LAN-Discovery, which isn’t needed in server mode and could potentially be a security risk, has also been disabled(only server mode).

* add: add implementing interactive command line using linenoise

- Integrated linenoise library for line editing and completion in the server console.
- Updated ServerLogger to handle external writes safely during logging.
- Modified ServerMain to initialize and manage the ServerCli for command input.
- The implementation is separate from everything else, so it doesn't affect anything else.
- The command input section and execution section are separated into threads.

* update: enhance command line completion with predictive hints

Like most command line tools, it highlights predictions in gray.

* add: implement `StringUtils` for string manipulation and refactor usages

Unified the scattered utility functions.

* fix: send DisconnectPacket on shutdown and fix Win64 recv-thread teardown race

Before this change, server/host shutdown closed sockets directly in
ServerConnection::stop(), which bypassed the normal disconnect flow.
As a result, clients could be dropped without receiving a proper
DisconnectPacket during stop/kill/world-close paths.

Also, WinsockNetLayer::Shutdown() could destroy synchronization objects
while host-side recv threads were still exiting, causing a crash in
RecvThreadProc (access violation on world close in host mode).

* fix: return client to menus when Win64 host connection drops

- Add client-side host disconnect handling in CPlatformNetworkManagerStub::DoWork() for _WINDOWS64.
- When in QNET_STATE_GAME_PLAY as a non-host and WinsockNetLayer::IsConnected() becomes false, trigger g_NetworkManager.HandleDisconnect(false) to enter the normal disconnect/UI flow.
- Use m_bLeaveGameOnTick as a one-shot guard to prevent repeated disconnect handling while the link remains down.
- Reset m_bLeaveGameOnTick on LeaveGame(), HostGame(), and JoinGame() to avoid stale state across sessions.

* update: converted Japanese comments to English

* add: create `Minecraft.Server` developer guide in English and Japanese

* update: add note about issue

* add: add `nlohmann/json` json lib

* add: add FileUtils

Moved file operations to `utils`.

* add: Dedicated Server BAN access manager with persistent player and IP bans

- add Access frontend that publishes thread-safe ban manager snapshots for dedicated server use
- add BanManager storage for banned-players.json and banned-ips.json with load/save/update flows
- add persistent player and IP ban checks during dedicated server connection handling
- add UTF-8 BOM-safe JSON parsing and shared file helpers backed by nlohmann/json
- add Unicode-safe ban file read/write and safer atomic replacement behavior on Windows
- add active-ban snapshot APIs and expiry-aware filtering for expires metadata
- add RAII-based dedicated access shutdown handling during server startup and teardown

* update: changed file read/write operations to use `FileUtils`.

- As a side effect, saving has become faster!

* fix: Re-added the source that had somehow disappeared.

* add: significantly improved the dedicated server logging system

- add ServerLogManager to Minecraft.Server as the single entry point for dedicated-server log output
- forward CMinecraftApp logger output to the server logger when running with g_Win64DedicatedServer
- add named network logs for incoming, accepted, rejected, and disconnected connections
- cache connection metadata by smallId so player name and remote IP remain available for disconnect logs
- keep Minecraft.Client changes minimal by using lightweight hook points and handling log orchestration on the server side

* fix: added the updated library source

* add: add `ban` and `pardon` commands for Player and IP

* fix: fix stop command shutdown process

add dedicated server shutdown request handling

* fix: fixed the save logic during server shutdown

Removed redundant repeated saves and eliminated the risks of async writes.

* update: added new sever files to Docker entrypoint

* fix: replace shutdown flag with atomic variable for thread safety

* update: update Dedicated Server developer guide

English is machine translated.
Please forgive me.

* update: check for the existence of `GameHDD` and create

* add: add Whitelist to Dedicated Server

* refactor: clean up and refactor the code

- unify duplicated implementations that were copied repeatedly
- update outdated patterns to more modern ones

* fix: include UI header (new update fix)

* fix: fix the detection range for excessive logging

`getHighestNonEmptyY()` returning `-1` occurs normally when the chunk is entirely air.
The caller (`Minecraft.World/LevelChunk.cpp:2400`) normalizes `-1` to `0`.

* update: add world size config to dedicated server properties

* update: update README add explanation of  `server.properties` & launch arguments

* update: add nightly release workflow for dedicated server and client builds to Actions

* fix: update name for workflow

* add random seed generation

* add: add Docker nightly workflow for Dedicated Server publish to GitHub Container Registry

* fix: ghost player when clients disconnect out of order

#4

* fix: fix 7zip option

* fix: fix Docker workflow for Dedicated Server artifact handling

* add: add no build Dedicated Server startup scripts and Docker Compose

* update: add README for Docker Dedicated Server setup with no local build

* refactor: refactor command path structure

As the number of commands has increased and become harder to navigate, each command has been organized into separate folders.

* update: support stream(file stdin) input mode for server CLI

Support for the stream (file stdin) required when attaching a tty to a Docker container on Linux.

* add: add new CLI Console Commands for Dedicated Server

Most of these commands are executed using the command dispatcher implemented on the `Minecraft.World` side. When registering them with the dispatcher, the sender uses a permission-enabled configuration that treats the CLI as a player.

- default game.
- enchant
- experience.
- give
- kill(currently, getting a permission error for some reason)
- time
- weather.
- update tp & gamemode command

* fix: change player map icon to random select

* update: increase the player limit

* add: restore the basic anti-cheat implementation and add spawn protection

Added the following anti-cheat measures and add spawn protection to `server.properties`.
- instant break
- speed
- reach

* fix: fix Docker image tag

---------

Co-authored-by: sylvessa <225480449+sylvessa@users.noreply.github.com>

1 files changed, 631 insertions, 0 deletions

diff --git a/Minecraft.Server/Access/BanManager.cpp b/Minecraft.Server/Access/BanManager.cpp
new file mode 100644
index 00000000..59f5bccc
--- /dev/null
+++ b/Minecraft.Server/Access/BanManager.cpp
@@ -0,0 +1,631 @@
+#include "stdafx.h"
+
+#include "BanManager.h"
+
+#include "..\Common\AccessStorageUtils.h"
+#include "..\Common\FileUtils.h"
+#include "..\Common\NetworkUtils.h"
+#include "..\Common\StringUtils.h"
+#include "..\ServerLogger.h"
+#include "..\vendor\nlohmann\json.hpp"
+
+#include <algorithm>
+#include <stdio.h>
+
+namespace ServerRuntime
+{
+	namespace Access
+	{
+		using OrderedJson = nlohmann::ordered_json;
+
+		namespace
+		{
+			static const char *kBannedPlayersFileName = "banned-players.json";
+			static const char *kBannedIpsFileName = "banned-ips.json";
+
+			static bool TryParseUtcTimestamp(const std::string &text, unsigned long long *outFileTime)
+			{
+				if (outFileTime == nullptr)
+				{
+					return false;
+				}
+
+				std::string trimmed = StringUtils::TrimAscii(text);
+				if (trimmed.empty())
+				{
+					return false;
+				}
+
+				unsigned year = 0;
+				unsigned month = 0;
+				unsigned day = 0;
+				unsigned hour = 0;
+				unsigned minute = 0;
+				unsigned second = 0;
+				if (sscanf_s(trimmed.c_str(), "%4u-%2u-%2uT%2u:%2u:%2uZ", &year, &month, &day, &hour, &minute, &second) != 6)
+				{
+					return false;
+				}
+
+				SYSTEMTIME utc = {};
+				utc.wYear = (WORD)year;
+				utc.wMonth = (WORD)month;
+				utc.wDay = (WORD)day;
+				utc.wHour = (WORD)hour;
+				utc.wMinute = (WORD)minute;
+				utc.wSecond = (WORD)second;
+
+				FILETIME fileTime = {};
+				if (!SystemTimeToFileTime(&utc, &fileTime))
+				{
+					return false;
+				}
+
+				ULARGE_INTEGER value = {};
+				value.LowPart = fileTime.dwLowDateTime;
+				value.HighPart = fileTime.dwHighDateTime;
+				*outFileTime = value.QuadPart;
+				return true;
+			}
+
+			static bool IsMetadataExpired(const BanMetadata &metadata, unsigned long long nowFileTime)
+			{
+				if (metadata.expires.empty())
+				{
+					return false;
+				}
+
+				unsigned long long expiresFileTime = 0;
+				if (!TryParseUtcTimestamp(metadata.expires, &expiresFileTime))
+				{
+					// Keep malformed metadata active instead of silently unbanning a player or address.
+					return false;
+				}
+
+				return expiresFileTime <= nowFileTime;
+			}
+		}
+		BanManager::BanManager(const std::string &baseDirectory)
+			: m_baseDirectory(baseDirectory.empty() ? "." : baseDirectory)
+		{
+		}
+
+		bool BanManager::EnsureBanFilesExist() const
+		{
+			const std::string playersPath = GetBannedPlayersFilePath();
+			const std::string ipsPath = GetBannedIpsFilePath();
+
+			const bool playersOk = AccessStorageUtils::EnsureJsonListFileExists(playersPath);
+			const bool ipsOk = AccessStorageUtils::EnsureJsonListFileExists(ipsPath);
+			if (!playersOk)
+			{
+				LogErrorf("access", "failed to create %s", playersPath.c_str());
+			}
+			if (!ipsOk)
+			{
+				LogErrorf("access", "failed to create %s", ipsPath.c_str());
+			}
+			return playersOk && ipsOk;
+		}
+
+		bool BanManager::Reload()
+		{
+			std::vector<BannedPlayerEntry> players;
+			std::vector<BannedIpEntry> ips;
+
+			if (!LoadPlayers(&players))
+			{
+				return false;
+			}
+			if (!LoadIps(&ips))
+			{
+				return false;
+			}
+
+			m_bannedPlayers.swap(players);
+			m_bannedIps.swap(ips);
+			return true;
+		}
+
+		bool BanManager::Save() const
+		{
+			std::vector<BannedPlayerEntry> players;
+			std::vector<BannedIpEntry> ips;
+			return SnapshotBannedPlayers(&players) &&
+				SnapshotBannedIps(&ips) &&
+				SavePlayers(players) &&
+				SaveIps(ips);
+		}
+		bool BanManager::LoadPlayers(std::vector<BannedPlayerEntry> *outEntries) const
+		{
+			if (outEntries == nullptr)
+			{
+				return false;
+			}
+			outEntries->clear();
+
+			std::string text;
+			const std::string path = GetBannedPlayersFilePath();
+			if (!FileUtils::ReadTextFile(path, &text))
+			{
+				LogErrorf("access", "failed to read %s", path.c_str());
+				return false;
+			}
+			if (text.empty())
+			{
+				text = "[]";
+			}
+
+			OrderedJson root;
+			try
+			{
+				// Strip an optional UTF-8 BOM because some editors prepend it when rewriting JSON files.
+				root = OrderedJson::parse(StringUtils::StripUtf8Bom(text));
+			}
+			catch (const nlohmann::json::exception &e)
+			{
+				LogErrorf("access", "failed to parse %s: %s", path.c_str(), e.what());
+				return false;
+			}
+
+			if (!root.is_array())
+			{
+				LogErrorf("access", "failed to parse %s: root json value is not an array", path.c_str());
+				return false;
+			}
+
+			const unsigned long long nowFileTime = FileUtils::GetCurrentUtcFileTime();
+			for (const auto &object : root)
+			{
+				if (!object.is_object())
+				{
+					LogWarnf("access", "skipping banned player entry that is not an object in %s", path.c_str());
+					continue;
+				}
+
+				std::string rawXuid;
+				if (!AccessStorageUtils::TryGetStringField(object, "xuid", &rawXuid))
+				{
+					LogWarnf("access", "skipping banned player entry without xuid in %s", path.c_str());
+					continue;
+				}
+
+				BannedPlayerEntry entry;
+				entry.xuid = AccessStorageUtils::NormalizeXuid(rawXuid);
+				if (entry.xuid.empty())
+				{
+					LogWarnf("access", "skipping banned player entry with empty xuid in %s", path.c_str());
+					continue;
+				}
+
+				AccessStorageUtils::TryGetStringField(object, "name", &entry.name);
+				AccessStorageUtils::TryGetStringField(object, "created", &entry.metadata.created);
+				AccessStorageUtils::TryGetStringField(object, "source", &entry.metadata.source);
+				AccessStorageUtils::TryGetStringField(object, "expires", &entry.metadata.expires);
+				AccessStorageUtils::TryGetStringField(object, "reason", &entry.metadata.reason);
+				NormalizeMetadata(&entry.metadata);
+
+				// Ignore entries that already expired before reload so the in-memory cache starts from the active set.
+				if (IsMetadataExpired(entry.metadata, nowFileTime))
+				{
+					continue;
+				}
+
+				outEntries->push_back(entry);
+			}
+
+			return true;
+		}
+		bool BanManager::LoadIps(std::vector<BannedIpEntry> *outEntries) const
+		{
+			if (outEntries == nullptr)
+			{
+				return false;
+			}
+			outEntries->clear();
+
+			std::string text;
+			const std::string path = GetBannedIpsFilePath();
+			if (!FileUtils::ReadTextFile(path, &text))
+			{
+				LogErrorf("access", "failed to read %s", path.c_str());
+				return false;
+			}
+			if (text.empty())
+			{
+				text = "[]";
+			}
+
+			OrderedJson root;
+			try
+			{
+				// Strip an optional UTF-8 BOM because some editors prepend it when rewriting JSON files.
+				root = OrderedJson::parse(StringUtils::StripUtf8Bom(text));
+			}
+			catch (const nlohmann::json::exception &e)
+			{
+				LogErrorf("access", "failed to parse %s: %s", path.c_str(), e.what());
+				return false;
+			}
+
+			if (!root.is_array())
+			{
+				LogErrorf("access", "failed to parse %s: root json value is not an array", path.c_str());
+				return false;
+			}
+
+			const unsigned long long nowFileTime = FileUtils::GetCurrentUtcFileTime();
+			for (const auto &object : root)
+			{
+				if (!object.is_object())
+				{
+					LogWarnf("access", "skipping banned ip entry that is not an object in %s", path.c_str());
+					continue;
+				}
+
+				std::string rawIp;
+				if (!AccessStorageUtils::TryGetStringField(object, "ip", &rawIp))
+				{
+					LogWarnf("access", "skipping banned ip entry without ip in %s", path.c_str());
+					continue;
+				}
+
+				BannedIpEntry entry;
+				entry.ip = NetworkUtils::NormalizeIpToken(rawIp);
+				if (entry.ip.empty())
+				{
+					LogWarnf("access", "skipping banned ip entry with empty ip in %s", path.c_str());
+					continue;
+				}
+
+				AccessStorageUtils::TryGetStringField(object, "created", &entry.metadata.created);
+				AccessStorageUtils::TryGetStringField(object, "source", &entry.metadata.source);
+				AccessStorageUtils::TryGetStringField(object, "expires", &entry.metadata.expires);
+				AccessStorageUtils::TryGetStringField(object, "reason", &entry.metadata.reason);
+				NormalizeMetadata(&entry.metadata);
+
+				// Ignore entries that already expired before reload so the in-memory cache starts from the active set.
+				if (IsMetadataExpired(entry.metadata, nowFileTime))
+				{
+					continue;
+				}
+
+				outEntries->push_back(entry);
+			}
+
+			return true;
+		}
+		bool BanManager::SavePlayers(const std::vector<BannedPlayerEntry> &entries) const
+		{
+			OrderedJson root = OrderedJson::array();
+			for (const auto &entry : entries)
+			{
+				OrderedJson object = OrderedJson::object();
+				object["xuid"] = AccessStorageUtils::NormalizeXuid(entry.xuid);
+				object["name"] = entry.name;
+				object["created"] = entry.metadata.created;
+				object["source"] = entry.metadata.source;
+				object["expires"] = entry.metadata.expires;
+				object["reason"] = entry.metadata.reason;
+				root.push_back(object);
+			}
+
+			const std::string path = GetBannedPlayersFilePath();
+			const std::string json = root.empty() ? std::string("[]\n") : (root.dump(2) + "\n");
+			if (!FileUtils::WriteTextFileAtomic(path, json))
+			{
+				LogErrorf("access", "failed to write %s", path.c_str());
+				return false;
+			}
+			return true;
+		}
+
+		bool BanManager::SaveIps(const std::vector<BannedIpEntry> &entries) const
+		{
+			OrderedJson root = OrderedJson::array();
+			for (const auto &entry : entries)
+			{
+				OrderedJson object = OrderedJson::object();
+				object["ip"] = NetworkUtils::NormalizeIpToken(entry.ip);
+				object["created"] = entry.metadata.created;
+				object["source"] = entry.metadata.source;
+				object["expires"] = entry.metadata.expires;
+				object["reason"] = entry.metadata.reason;
+				root.push_back(object);
+			}
+
+			const std::string path = GetBannedIpsFilePath();
+			const std::string json = root.empty() ? std::string("[]\n") : (root.dump(2) + "\n");
+			if (!FileUtils::WriteTextFileAtomic(path, json))
+			{
+				LogErrorf("access", "failed to write %s", path.c_str());
+				return false;
+			}
+			return true;
+		}
+
+		const std::vector<BannedPlayerEntry> &BanManager::GetBannedPlayers() const
+		{
+			return m_bannedPlayers;
+		}
+
+		const std::vector<BannedIpEntry> &BanManager::GetBannedIps() const
+		{
+			return m_bannedIps;
+		}
+
+		bool BanManager::SnapshotBannedPlayers(std::vector<BannedPlayerEntry> *outEntries) const
+		{
+			if (outEntries == nullptr)
+			{
+				return false;
+			}
+
+			outEntries->clear();
+			outEntries->reserve(m_bannedPlayers.size());
+
+			const unsigned long long nowFileTime = FileUtils::GetCurrentUtcFileTime();
+			for (const auto &entry : m_bannedPlayers)
+			{
+				if (!IsMetadataExpired(entry.metadata, nowFileTime))
+				{
+					outEntries->push_back(entry);
+				}
+			}
+			return true;
+		}
+
+		bool BanManager::SnapshotBannedIps(std::vector<BannedIpEntry> *outEntries) const
+		{
+			if (outEntries == nullptr)
+			{
+				return false;
+			}
+
+			outEntries->clear();
+			outEntries->reserve(m_bannedIps.size());
+
+			const unsigned long long nowFileTime = FileUtils::GetCurrentUtcFileTime();
+			for (const auto &entry : m_bannedIps)
+			{
+				if (!IsMetadataExpired(entry.metadata, nowFileTime))
+				{
+					outEntries->push_back(entry);
+				}
+			}
+			return true;
+		}
+		bool BanManager::IsPlayerBannedByXuid(const std::string &xuid) const
+		{
+			const std::string normalized = AccessStorageUtils::NormalizeXuid(xuid);
+			if (normalized.empty())
+			{
+				return false;
+			}
+
+			const unsigned long long nowFileTime = FileUtils::GetCurrentUtcFileTime();
+			return std::any_of(
+				m_bannedPlayers.begin(),
+				m_bannedPlayers.end(),
+				[&normalized, nowFileTime](const BannedPlayerEntry &entry)
+				{
+					return entry.xuid == normalized && !IsMetadataExpired(entry.metadata, nowFileTime);
+				});
+		}
+
+		bool BanManager::IsIpBanned(const std::string &ip) const
+		{
+			const std::string normalized = NetworkUtils::NormalizeIpToken(ip);
+			if (normalized.empty())
+			{
+				return false;
+			}
+
+			const unsigned long long nowFileTime = FileUtils::GetCurrentUtcFileTime();
+			return std::any_of(
+				m_bannedIps.begin(),
+				m_bannedIps.end(),
+				[&normalized, nowFileTime](const BannedIpEntry &entry)
+				{
+					return entry.ip == normalized && !IsMetadataExpired(entry.metadata, nowFileTime);
+				});
+		}
+
+		bool BanManager::AddPlayerBan(const BannedPlayerEntry &entry)
+		{
+			std::vector<BannedPlayerEntry> updatedEntries;
+			if (!SnapshotBannedPlayers(&updatedEntries))
+			{
+				return false;
+			}
+
+			BannedPlayerEntry normalized = entry;
+			normalized.xuid = AccessStorageUtils::NormalizeXuid(normalized.xuid);
+			NormalizeMetadata(&normalized.metadata);
+			if (normalized.xuid.empty())
+			{
+				return false;
+			}
+
+			const auto existing = std::find_if(
+				updatedEntries.begin(),
+				updatedEntries.end(),
+				[&normalized](const BannedPlayerEntry &candidate)
+				{
+					return candidate.xuid == normalized.xuid;
+				});
+			if (existing != updatedEntries.end())
+			{
+				// Update the existing entry in place so the stored list remains unique by canonical XUID.
+				*existing = normalized;
+				if (!SavePlayers(updatedEntries))
+				{
+					return false;
+				}
+				m_bannedPlayers.swap(updatedEntries);
+				return true;
+			}
+
+			updatedEntries.push_back(normalized);
+			if (!SavePlayers(updatedEntries))
+			{
+				return false;
+			}
+			m_bannedPlayers.swap(updatedEntries);
+			return true;
+		}
+
+		bool BanManager::AddIpBan(const BannedIpEntry &entry)
+		{
+			std::vector<BannedIpEntry> updatedEntries;
+			if (!SnapshotBannedIps(&updatedEntries))
+			{
+				return false;
+			}
+
+			BannedIpEntry normalized = entry;
+			normalized.ip = NetworkUtils::NormalizeIpToken(normalized.ip);
+			NormalizeMetadata(&normalized.metadata);
+			if (normalized.ip.empty())
+			{
+				return false;
+			}
+
+			const auto existing = std::find_if(
+				updatedEntries.begin(),
+				updatedEntries.end(),
+				[&normalized](const BannedIpEntry &candidate)
+				{
+					return candidate.ip == normalized.ip;
+				});
+			if (existing != updatedEntries.end())
+			{
+				// Update the existing entry in place so the stored list remains unique by normalized IP.
+				*existing = normalized;
+				if (!SaveIps(updatedEntries))
+				{
+					return false;
+				}
+				m_bannedIps.swap(updatedEntries);
+				return true;
+			}
+
+			updatedEntries.push_back(normalized);
+			if (!SaveIps(updatedEntries))
+			{
+				return false;
+			}
+			m_bannedIps.swap(updatedEntries);
+			return true;
+		}
+
+		bool BanManager::RemovePlayerBanByXuid(const std::string &xuid)
+		{
+			const std::string normalized = AccessStorageUtils::NormalizeXuid(xuid);
+			if (normalized.empty())
+			{
+				return false;
+			}
+
+			std::vector<BannedPlayerEntry> updatedEntries;
+			if (!SnapshotBannedPlayers(&updatedEntries))
+			{
+				return false;
+			}
+
+			size_t oldSize = updatedEntries.size();
+			updatedEntries.erase(
+				std::remove_if(
+					updatedEntries.begin(),
+					updatedEntries.end(),
+					[&normalized](const BannedPlayerEntry &entry) { return entry.xuid == normalized; }),
+				updatedEntries.end());
+
+			if (updatedEntries.size() == oldSize)
+			{
+				return false;
+			}
+			if (!SavePlayers(updatedEntries))
+			{
+				return false;
+			}
+			m_bannedPlayers.swap(updatedEntries);
+			return true;
+		}
+
+
+		bool BanManager::RemoveIpBan(const std::string &ip)
+		{
+			const std::string normalized = NetworkUtils::NormalizeIpToken(ip);
+			if (normalized.empty())
+			{
+				return false;
+			}
+
+			std::vector<BannedIpEntry> updatedEntries;
+			if (!SnapshotBannedIps(&updatedEntries))
+			{
+				return false;
+			}
+
+			size_t oldSize = updatedEntries.size();
+			updatedEntries.erase(
+				std::remove_if(
+					updatedEntries.begin(),
+					updatedEntries.end(),
+					[&normalized](const BannedIpEntry &entry) { return entry.ip == normalized; }),
+				updatedEntries.end());
+
+			if (updatedEntries.size() == oldSize)
+			{
+				return false;
+			}
+			if (!SaveIps(updatedEntries))
+			{
+				return false;
+			}
+			m_bannedIps.swap(updatedEntries);
+			return true;
+		}
+		std::string BanManager::GetBannedPlayersFilePath() const
+		{
+			return BuildPath(kBannedPlayersFileName);
+		}
+
+		std::string BanManager::GetBannedIpsFilePath() const
+		{
+			return BuildPath(kBannedIpsFileName);
+		}
+
+
+		BanMetadata BanManager::BuildDefaultMetadata(const char *source)
+		{
+			BanMetadata metadata;
+			metadata.created = StringUtils::GetCurrentUtcTimestampIso8601();
+			metadata.source = (source != nullptr) ? source : "Server";
+			metadata.expires = "";
+			metadata.reason = "";
+			return metadata;
+		}
+
+
+		void BanManager::NormalizeMetadata(BanMetadata *metadata)
+		{
+			if (metadata == nullptr)
+			{
+				return;
+			}
+
+			metadata->created = StringUtils::TrimAscii(metadata->created);
+			metadata->source = StringUtils::TrimAscii(metadata->source);
+			metadata->expires = StringUtils::TrimAscii(metadata->expires);
+			metadata->reason = StringUtils::TrimAscii(metadata->reason);
+		}
+
+
+		std::string BanManager::BuildPath(const char *fileName) const
+		{
+			return AccessStorageUtils::BuildPathFromBaseDirectory(m_baseDirectory, fileName);
+		}
+	}
+}