Update versions.txt 5.6 build 2883

Affects issues:
- Close #3631

.github/ISSUE_TEMPLATE/security_vuln.md

@@ -1,22 +0,0 @@
----
-name: Security Vulnerability
-about: Create a report to help improving the plugin
-labels: 'Security Vulnerability'
-
----
-
-### Vulnerability description
-<!-- A clear and concise description of what the issue is. Post possible exceptions further down below -->
-
-
-### Steps to reproduce
-
-1. Set these config settings..
-2. Open `<plan address>/`
-3. ...
-
-### Server information
-
-
-### Additional information
-<!-- Any additional information -->

.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
 
     services:
       mariadb:
-        image: mariadb:latest
+        image: mariadb:11.1-rc
         ports:
           - 3306
         env:
@@ -19,34 +19,20 @@ jobs:
           MYSQL_PASSWORD: password
           MYSQL_DATABASE: test
           MYSQL_ROOT_PASSWORD: password
-        options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
+        options: --health-cmd="mariadb-admin ping" --health-interval=5s --health-timeout=2s --health-retries=3
 
     steps:
       - name: 📥 Checkout git repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: ☕ Setup JDK
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'adopt'
-          java-version: '17'
-      - name: 🚦 Setup Selenium Webdriver
-        uses: nanasess/setup-chromedriver@v1
-      - name: 🚦 Setup Selenium Webdriver settings
-        run: |
-          export DISPLAY=:99
-          chromedriver --url-base=/wd/hub &
-          sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
-      - name: 📶 Verify MariaDB connection 
-        env:
-          PORT: ${{ job.services.mariadb.ports[3306] }}
-        run: |
-          while ! mysqladmin ping -h"127.0.0.1" -P"$PORT" --silent; do
-            sleep 1
-          done
+          java-version: '21'
       - name: 💼 Load Gradle Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/.gradle/caches
@@ -68,15 +54,29 @@ jobs:
           echo "versionString=$(cat build/versions/jar.txt)" >> $GITHUB_ENV
           echo "artifactPath=$(pwd)/builds" >> $GITHUB_ENV
       - name: 📤 Upload Plan.jar 
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Plan-${{ env.versionString }}-${{ env.git_hash }}.jar
           path: ${{ env.artifactPath }}/Plan-${{ env.snapshotVersion }}.jar
       - name: 📤 Upload PlanFabric.jar 
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: PlanFabric-${{ env.versionString }}-${{ env.git_hash }}.jar
           path: ${{ env.artifactPath }}/PlanFabric-${{ env.snapshotVersion }}.jar
+      - name: 🚦 Setup Selenium Webdriver
+        uses: nanasess/setup-chromedriver@v2
+      - name: 🚦 Setup Selenium Webdriver settings
+        run: |
+          export DISPLAY=:99
+          chromedriver --url-base=/wd/hub &
+          sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
+      - name: 📶 Verify MariaDB connection 
+        env:
+          PORT: ${{ job.services.mariadb.ports[3306] }}
+        run: |
+          while ! mysqladmin ping -h"127.0.0.1" -P"$PORT" --silent; do
+            sleep 1
+          done
       - name: 🩺 Test 
         env:
           MYSQL_DB: test
@@ -108,11 +108,17 @@ jobs:
         with:
           branch: gh-pages # The branch the action should deploy to.
           folder: javadocs # The folder the action should deploy.
-      - name: 🩺 SonarCloud
+      - name: 🩺 SonarCloud - Java
+        if: "${{ env.SONAR_TOKEN != '' }}"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        if: "${{ env.SONAR_TOKEN != '' }}"
         run: |
           cd Plan
           ./gradlew sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=player-analytics-plan
+      - name: 🩺 SonarCloud - React
+        if: "${{ env.SONAR_TOKEN != '' }}"
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/on-release.yml

@@ -119,7 +119,7 @@ jobs:
           changelog: ${{ github.event.release.body }}
           changelog_type: markdown
           display_name: ${{ github.event.release.name }}
-          game_versions: "2:Java 17,73407:1.19,Fabric"
+          game_versions: "2:Java 17,75125:1.20,Fabric"
           release_type: release
           relations: fabric-api:requiredDependency,luckperms:optionalDependency
       - name: Upload prerelease to CurseForge 🚀
@@ -133,6 +133,6 @@ jobs:
           changelog: ${{ github.event.release.body }}
           changelog_type: markdown
           display_name: ${{ github.event.release.name }}
-          game_versions: "2:Java 17,73407:1.19,Fabric"
+          game_versions: "2:Java 17,75125:1.20,Fabric"
           release_type: beta
           relations: fabric-api:requiredDependency,luckperms:optionalDependency

Plan/api/build.gradle

@@ -8,7 +8,7 @@ compileJava {
     options.release = 8
 }
 
-ext.apiVersion = '5.5-R0.1'
+ext.apiVersion = '5.6-R0.1'
 
 publishing {
     repositories {

Plan/api/src/main/java/com/djrapitops/plan/capability/Capability.java

@@ -16,6 +16,8 @@
  */
 package com.djrapitops.plan.capability;
 
+import com.djrapitops.plan.delivery.web.ResourceService;
+
 import java.util.Optional;
 import java.util.UUID;
 
@@ -83,7 +85,16 @@ enum Capability {
     /**
      * {@link com.djrapitops.plan.delivery.web.ResourceService}
      */
-    PAGE_EXTENSION_RESOURCES;
+    PAGE_EXTENSION_RESOURCES,
+    /**
+     * {@link com.djrapitops.plan.delivery.web.ResourceService#addJavascriptToResource(String, String, ResourceService.Position, String, String)}
+     * {@link com.djrapitops.plan.delivery.web.ResourceService#addStyleToResource(String, String, ResourceService.Position, String, String)}
+     */
+    PAGE_EXTENSION_RESOURCES_REGISTER_DIRECT_CUSTOMIZATION,
+    /**
+     * {@link  com.djrapitops.plan.delivery.web.ResolverService#registerPermissions(String...)}
+     */
+    PAGE_EXTENSION_USER_PERMISSIONS;
 
     static Optional<Capability> getByName(String name) {
         if (name == null) {

Plan/api/src/main/java/com/djrapitops/plan/capability/CapabilityService.java

@@ -64,6 +64,9 @@ public interface CapabilityService {
         return Capability.getByName(capabilityName).isPresent();
     }
 
+    /**
+     * Singleton holder for listeners.
+     */
     class ListHolder {
         static final AtomicReference<List<Consumer<Boolean>>> enableListeners = new AtomicReference<>(
                 new CopyOnWriteArrayList<>()

Plan/api/src/main/java/com/djrapitops/plan/component/ComponentService.java

@@ -89,7 +89,7 @@ public interface ComponentService {
      * Converts the given input into a {@link Component}.
      * Input example {@code §ctext}.
      *
-     * @param legacy the input legacy
+     * @param legacy    the input legacy
      * @param character the character to use as the color prefix, usually {@code §}.
      * @return a {@link Component}
      * @see #fromLegacy(String)
@@ -115,7 +115,7 @@ public interface ComponentService {
      * Input example: {@code &#rrggbbtext}.
      *
      * @param adventureLegacy the input adventure legacy
-     * @param character the character to use as the color prefix, usually {@code &}.
+     * @param character       the character to use as the color prefix, usually {@code &}.
      * @return a {@link Component}
      * @see #fromAdventureLegacy(String)
      * @see Component#SECTION
@@ -139,7 +139,7 @@ public interface ComponentService {
      * Input example: {@code §x§r§r§g§g§b§btext}.
      *
      * @param bungeeLegacy the input bungee legacy
-     * @param character the character to use as the color prefix, usually {@code §}.
+     * @param character    the character to use as the color prefix, usually {@code §}.
      * @return a {@link Component}
      * @see Component#SECTION
      * @see Component#AMPERSAND
@@ -164,6 +164,9 @@ public interface ComponentService {
      */
     Component fromJson(String json);
 
+    /**
+     * Singleton holder for ComponentService.
+     */
     class Holder {
         static final AtomicReference<ComponentService> service = new AtomicReference<>();
 

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/ResolverService.java

@@ -17,9 +17,11 @@
 package com.djrapitops.plan.delivery.web;
 
 import com.djrapitops.plan.delivery.web.resolver.Resolver;
+import com.djrapitops.plan.delivery.web.resolver.request.Request;
 
 import java.util.List;
 import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.regex.Pattern;
 
@@ -63,6 +65,26 @@ public interface ResolverService {
      */
     void registerResolverForMatches(String pluginName, Pattern pattern, Resolver resolver);
 
+    /**
+     * Register a new permission that you are using in your {@link Resolver#canAccess(Request)} method.
+     * <p>
+     * The permissions are not given to any users by default, and need to be given by admin manually.
+     *
+     * @param webPermissions Permission strings, higher level permissions grant lower level automatically - eg. page.foo also grants page.foo.bar
+     * @return CompletableFuture that tells when the permissions have been stored.
+     */
+    CompletableFuture<Void> registerPermissions(String... webPermissions);
+
+    /**
+     * Register a new permission that you are using in your {@link Resolver#canAccess(Request)} method.
+     * <p>
+     * The permission is granted to any groups with {@code whenHasPermission} parameter.
+     *
+     * @param webPermission     Permission string, higher level permissions grant lower level automatically - eg. page.foo also grants page.foo.bar
+     * @param whenHasPermission Permission that a group already has that this permission should be granted to - eg. page.network.overview.numbers
+     */
+    void registerPermission(String webPermission, String whenHasPermission);
+
     /**
      * Obtain a {@link Resolver} for a target.
      * <p>

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/ResourceService.java

@@ -16,6 +16,9 @@
  */
 package com.djrapitops.plan.delivery.web;
 
+import com.djrapitops.plan.delivery.web.resolver.MimeType;
+import com.djrapitops.plan.delivery.web.resolver.NoAuthResolver;
+import com.djrapitops.plan.delivery.web.resolver.Response;
 import com.djrapitops.plan.delivery.web.resource.WebResource;
 
 import java.util.Optional;
@@ -48,7 +51,7 @@ public interface ResourceService {
     WebResource getResource(String pluginName, String fileName, Supplier<WebResource> source);
 
     /**
-     * Add javascript to load in an existing html resource.
+     * Add javascript to load in a html resource.
      * <p>
      * Adds {@code <script src="jsSrc"></script>} or multiple to the resource.
      *
@@ -63,6 +66,40 @@ public interface ResourceService {
      */
     void addScriptsToResource(String pluginName, String fileName, Position position, String... jsSources);
 
+    /**
+     * Add javascript to load in a html resource.
+     * <p>
+     * Requires PAGE_EXTENSION_RESOURCES_REGISTER_DIRECT_CUSTOMIZATION Capability.
+     *
+     * @param pluginName         Name of your plugin (for config purposes)
+     * @param fileName           Name of the .html file being modified
+     * @param position           Where to place the script tag on the page.
+     * @param scriptName         Name of your javascript file (used on the page)
+     * @param javascriptAsString Javascript file contents in UTF-8
+     * @throws IllegalArgumentException If fileName is null, empty or does not end with .html
+     * @throws IllegalArgumentException If anything is empty or null
+     */
+    default void addJavascriptToResource(String pluginName, String fileName, Position position, String scriptName, String javascriptAsString) {
+        if (javascriptAsString == null || javascriptAsString.isEmpty()) {
+            throw new IllegalArgumentException("null or empty 'javascriptAsString' given.");
+        }
+        if (scriptName == null || scriptName.isEmpty()) {
+            throw new IllegalArgumentException("null or empty 'scriptName' given.");
+        }
+        String actualScriptName = scriptName.endsWith(".js") ? scriptName : scriptName + ".js";
+
+        addScriptsToResource(pluginName, fileName, position, "/" + pluginName + "/" + actualScriptName);
+        ResolverService.getInstance().registerResolver(pluginName, "/" + pluginName + "/" + actualScriptName, (NoAuthResolver) request -> {
+            if (request.getPath().asString().endsWith(actualScriptName)) {
+                return Optional.of(Response.builder()
+                        .setContent(javascriptAsString)
+                        .setMimeType(MimeType.JS)
+                        .build());
+            }
+            return Optional.empty();
+        });
+    }
+
     /**
      * Add css to load in an existing html resource.
      * <p>
@@ -79,9 +116,46 @@ public interface ResourceService {
      */
     void addStylesToResource(String pluginName, String fileName, Position position, String... cssSources);
 
+
+    /**
+     * Add javascript to load in a html resource.
+     * <p>
+     * Requires PAGE_EXTENSION_RESOURCES_REGISTER_DIRECT_CUSTOMIZATION Capability.
+     *
+     * @param pluginName  Name of your plugin (for config purposes)
+     * @param fileName    Name of the .html file being modified
+     * @param position    Where to place the script tag on the page.
+     * @param cssFileName Name of your css file (used on the page)
+     * @param cssAsString CSS file contents in UTF-8
+     * @throws IllegalArgumentException If fileName is null, empty or does not end with .html
+     * @throws IllegalArgumentException If anything is empty or null
+     */
+    default void addStyleToResource(String pluginName, String fileName, Position position, String cssFileName, String cssAsString) {
+        if (cssAsString == null || cssAsString.isEmpty()) {
+            throw new IllegalArgumentException("null or empty 'cssAsString' given.");
+        }
+        if (cssFileName == null || cssFileName.isEmpty()) {
+            throw new IllegalArgumentException("null or empty 'cssFileName' given.");
+        }
+        String actualCssFileName = cssFileName.endsWith(".js") ? cssFileName : cssFileName + ".js";
+
+        addStylesToResource(pluginName, fileName, position, pluginName + "/" + actualCssFileName);
+        ResolverService.getInstance().registerResolver(pluginName, pluginName + "/" + actualCssFileName, (NoAuthResolver) request -> {
+            if (request.getPath().asString().equals(actualCssFileName)) {
+                return Optional.of(Response.builder()
+                        .setContent(cssAsString)
+                        .setMimeType(MimeType.CSS)
+                        .build());
+            }
+            return Optional.empty();
+        });
+    }
+
     enum Position {
         /**
          * Loaded before page contents.
+         * <p>
+         * Recommended for loading style sheets.
          */
         PRE_CONTENT,
         /**
@@ -94,7 +168,11 @@ public interface ResourceService {
          * Loaded after script execution.
          * <p>
          * Recommended for loading data to custom structure on the page.
+         *
+         * @see <a href="https://github.com/plan-player-analytics/Plan/blob/master/Plan/react/dashboard/public/pageExtensionApi.js">Javascript API</a>
+         * @deprecated No longer supported on React pages, use the javascript API in PRE_MAIN_SCRIPT.
          */
+        @Deprecated
         AFTER_MAIN_SCRIPT;
 
         public String cleanName() {

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/package-info.java

@@ -1,6 +1,5 @@
 /**
  * PageExtension API for extending the webserver and the website.
- *
  * <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5-PageExtension-API">Documentation</a>
  */
 package com.djrapitops.plan.delivery.web;

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/CompositeResolver.java

@@ -46,6 +46,11 @@ public final class CompositeResolver implements Resolver {
         this.resolvers = new ArrayList<>();
     }
 
+    /**
+     * Create a new builder for a .
+     *
+     * @return a builder.
+     */
     public static CompositeResolver.Builder builder() {
         return new Builder();
     }
@@ -100,6 +105,9 @@ public final class CompositeResolver implements Resolver {
         return getResolver(forThis.getPath()).map(resolver -> resolver.requiresAuth(forThis)).orElse(true);
     }
 
+    /**
+     * Builder class for {@link CompositeResolver}.
+     */
     public static class Builder {
         private final CompositeResolver composite;
 
@@ -132,6 +140,11 @@ public final class CompositeResolver implements Resolver {
             return this;
         }
 
+        /**
+         * Build the final result after adding all resolvers.
+         *
+         * @return The {@link CompositeResolver}
+         */
         public CompositeResolver build() {
             return composite;
         }

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/FunctionalResolverWrapper.java

@@ -22,11 +22,20 @@ import java.util.Optional;
 import java.util.function.Function;
 import java.util.function.Predicate;
 
+/**
+ * Utility class for constructing a {@link Resolver} with Functional Interfaces.
+ */
 public class FunctionalResolverWrapper implements Resolver {
 
     private final Function<Request, Optional<Response>> resolver;
     private final Predicate<Request> accessCheck;
 
+    /**
+     * Default constructor.
+     *
+     * @param resolver    Function that solves the {@link Request} into an Optional {@link Response}.
+     * @param accessCheck Predicate that checks if {@link Request} is allowed or if 403 Forbidden should be given.
+     */
     public FunctionalResolverWrapper(Function<Request, Optional<Response>> resolver, Predicate<Request> accessCheck) {
         this.resolver = resolver;
         this.accessCheck = accessCheck;

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/MimeType.java

@@ -20,7 +20,7 @@ public final class MimeType {
     public static final String HTML = "text/html";
     public static final String CSS = "text/css";
     public static final String JSON = "application/json";
-    public static final String JS = "application/javascript";
+    public static final String JS = "text/javascript";
     public static final String IMAGE = "image/gif";
     public static final String FAVICON = "image/x-icon";
     public static final String FONT_TTF = "application/x-font-ttf";

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/Resolver.java

@@ -19,7 +19,9 @@ package com.djrapitops.plan.delivery.web.resolver;
 import com.djrapitops.plan.delivery.web.resolver.request.Request;
 import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
 
+import java.util.HashSet;
 import java.util.Optional;
+import java.util.Set;
 
 /**
  * Interface for resolving requests of Plan webserver.
@@ -40,6 +42,25 @@ public interface Resolver {
      */
     boolean canAccess(Request request);
 
+    /**
+     * Override this to tell Plan what web permissions this endpoint uses.
+     * <p>
+     * This allows:
+     * <ul>
+     *     <li>Plan to store these permissions in the permission list</li>
+     *     <li>Users can grant/deny the permission for a group</li>
+     *     <li>Plan can show what endpoints specific permission gives access to</li>
+     * </ul>
+     * <p>
+     * Requires PAGE_EXTENSION_USER_PERMISSIONS capability
+     *
+     * @return Set of permissions eg. [plugin.custom.permission, plugin.custom.permission.child.node]
+     * @see com.djrapitops.plan.capability.CapabilityService for Capability checks
+     */
+    default Set<String> usedWebPermissions() {
+        return new HashSet<>();
+    }
+
     /**
      * Implement request resolution.
      *
@@ -51,10 +72,21 @@ public interface Resolver {
      */
     Optional<Response> resolve(Request request);
 
+    /**
+     * Creates a new {@link ResponseBuilder} for a {@link Response}.
+     *
+     * @return a new builder.
+     */
     default ResponseBuilder newResponseBuilder() {
         return Response.builder();
     }
 
+    /**
+     * Used to check if the resolver requires authentication to be used.
+     *
+     * @param request Incoming request that you can use to figure out if authentication is required.
+     * @return true if you want 401 to be given when user has not logged in.
+     */
     default boolean requiresAuth(Request request) {
         return true;
     }

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/ResponseBuilder.java

@@ -33,7 +33,7 @@ public class ResponseBuilder {
     /**
      * Set MIME Type of the Response.
      *
-     * @param mimeType MIME type of the Response https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types
+     * @param mimeType MIME type of the Response <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types">Documentation</a>
      * @return this builder.
      * @see MimeType for common MIME types.
      */
@@ -46,7 +46,7 @@ public class ResponseBuilder {
      * <p>
      * Default status code is 200 (OK) if not set.
      *
-     * @param code 1xx, 2xx, 3xx, 4xx, 5xx, https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
+     * @param code 1xx, 2xx, 3xx, 4xx, 5xx, <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status">Documentation</a>
      * @return this builder.
      */
     public ResponseBuilder setStatus(int code) {
@@ -57,7 +57,7 @@ public class ResponseBuilder {
     /**
      * Set HTTP Response header.
      *
-     * @param header Key of the header. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
+     * @param header Key of the header. <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers">Documentation</a>
      * @param value  Value for the header.
      * @return this builder.
      */
@@ -75,7 +75,7 @@ public class ResponseBuilder {
      * Utility method for building redirects.
      *
      * @param url URL to redirect the client to with 302 Found.
-     * @return https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Location
+     * @return <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Location">Documentation</a>
      */
     public ResponseBuilder redirectTo(String url) {
         return setStatus(302).setHeader("Location", url).setContent(new byte[0]);

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/exception/BadRequestException.java

@@ -26,6 +26,11 @@ package com.djrapitops.plan.delivery.web.resolver.exception;
  */
 public class BadRequestException extends IllegalArgumentException {
 
+    /**
+     * Default constructor.
+     *
+     * @param message Error message - avoid including any input incoming in the request to prevent XSS.
+     */
     public BadRequestException(String message) {
         super(message);
     }

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/package-info.java

@@ -1,6 +1,5 @@
 /**
  * Classes for implementing functionality with {@link com.djrapitops.plan.delivery.web.ResolverService}.
- *
  * <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5-PageExtension-API#resolverservice">Documentation</a>
  */
 package com.djrapitops.plan.delivery.web.resolver;

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/request/Request.java

@@ -43,7 +43,7 @@ public final class Request {
      * @param path        Requested path /example/target
      * @param query       Request parameters ?param=value etc
      * @param user        Web user doing the request (if authenticated)
-     * @param headers     Request headers https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
+     * @param headers     Request headers <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers">Documentation</a>
      * @param requestBody Raw body as bytes, if present
      */
     public Request(String method, URIPath path, URIQuery query, WebUser user, Map<String, String> headers, byte[] requestBody) {
@@ -57,6 +57,11 @@ public final class Request {
 
     /**
      * Special constructor that figures out URIPath and URIQuery from "/path/and?query=params" and has no request body.
+     *
+     * @param method  HTTP requst method
+     * @param target  The requested path and query, e.g. "/path/and?query=params"
+     * @param user    User that made the request
+     * @param headers HTTP request headers
      */
     public Request(String method, String target, WebUser user, Map<String, String> headers) {
         this.method = method;
@@ -121,7 +126,7 @@ public final class Request {
     /**
      * Get a header in the request.
      *
-     * @param key https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
+     * @param key <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers">Documentation</a>
      * @return Value if it is present in the request.
      */
     public Optional<String> getHeader(String key) {

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/request/URIQuery.java

@@ -16,6 +16,7 @@
  */
 package com.djrapitops.plan.delivery.web.resolver.request;
 
+import com.djrapitops.plan.delivery.web.resolver.exception.BadRequestException;
 import org.apache.commons.lang3.StringUtils;
 
 import java.io.UnsupportedEncodingException;
@@ -82,6 +83,8 @@ public final class URIQuery {
             );
         } catch (UnsupportedEncodingException e) {
             // If UTF-8 is unsupported, we have bigger problems
+        } catch (IllegalArgumentException badCharacter) {
+            throw new BadRequestException("URI Query contained bad character");
         }
     }
 

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/request/WebUser.java

@@ -17,6 +17,7 @@
 package com.djrapitops.plan.delivery.web.resolver.request;
 
 import java.util.*;
+import java.util.function.Supplier;
 
 public final class WebUser {
 
@@ -57,7 +58,16 @@ public final class WebUser {
     }
 
     public boolean hasPermission(String permission) {
-        return permissions.contains(permission);
+        for (String grant : permissions) {
+            String substitute = permission.replace(grant, "");
+            // Last character is . so it is a sub-permission of the parent, eg. page.player, page.player.thing -> .thing
+            if (substitute.isEmpty() || substitute.startsWith(".")) return true;
+        }
+        return false;
+    }
+
+    public boolean hasPermission(Supplier<String> permissionSupplier) {
+        return hasPermission(permissionSupplier.get());
     }
 
     public String getName() {

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resource/WebResource.java

@@ -16,11 +16,10 @@
  */
 package com.djrapitops.plan.delivery.web.resource;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
+import java.io.*;
 import java.nio.charset.StandardCharsets;
+import java.util.Optional;
+import java.util.function.Supplier;
 
 /**
  * Represents a customizable resource.
@@ -61,6 +60,18 @@ public interface WebResource {
      * @throws IOException If the stream can not be read.
      */
     static WebResource create(InputStream in) throws IOException {
+        return create(in, null);
+    }
+
+    /**
+     * Creates a new WebResource from an InputStream.
+     *
+     * @param in           InputStream for the resource, closed after inside the method.
+     * @param lastModified Epoch millisecond the resource was last modified
+     * @return WebResource.
+     * @throws IOException If the stream can not be read.
+     */
+    static WebResource create(InputStream in, Long lastModified) throws IOException {
         try (ByteArrayOutputStream out = new ByteArrayOutputStream()) {
             int read;
             byte[] bytes = new byte[1024];
@@ -68,12 +79,36 @@ public interface WebResource {
                 out.write(bytes, 0, read);
             }
 
-            return new ByteResource(out.toByteArray());
+            return new ByteResource(out.toByteArray(), lastModified);
         } finally {
             in.close();
         }
     }
 
+    /**
+     * Create a lazy WebResource that only reads contents if necessary.
+     *
+     * @param in           Supplier for InputStream, a lazy method that reads input when necessary.
+     * @param lastModified Last modified date for the resource.
+     * @return WebResource.
+     */
+    static WebResource create(Supplier<InputStream> in, Long lastModified) {
+        return new LazyWebResource(in, () -> {
+            try (ByteArrayOutputStream out = new ByteArrayOutputStream();
+                 InputStream input = in.get()) {
+                int read;
+                byte[] bytes = new byte[1024];
+                while ((read = input.read(bytes)) != -1) {
+                    out.write(bytes, 0, read);
+                }
+
+                return out.toByteArray();
+            } catch (IOException e) {
+                throw new UncheckedIOException(e);
+            }
+        }, lastModified);
+    }
+
     byte[] asBytes();
 
     /**
@@ -85,11 +120,21 @@ public interface WebResource {
 
     InputStream asStream();
 
+    default Optional<Long> getLastModified() {
+        return Optional.empty();
+    }
+
     final class ByteResource implements WebResource {
         private final byte[] content;
+        private final Long lastModified;
 
         public ByteResource(byte[] content) {
+            this(content, null);
+        }
+
+        public ByteResource(byte[] content, Long lastModified) {
             this.content = content;
+            this.lastModified = lastModified;
         }
 
         @Override
@@ -106,5 +151,42 @@ public interface WebResource {
         public InputStream asStream() {
             return new ByteArrayInputStream(content);
         }
+
+        @Override
+        public Optional<Long> getLastModified() {
+            return Optional.ofNullable(lastModified);
+        }
+    }
+
+    final class LazyWebResource implements WebResource {
+        private final Supplier<InputStream> inputStreamSupplier;
+        private final Supplier<byte[]> contentSupplier;
+        private final Long lastModified;
+
+        public LazyWebResource(Supplier<InputStream> inputStreamSupplier, Supplier<byte[]> contentSupplier, Long lastModified) {
+            this.inputStreamSupplier = inputStreamSupplier;
+            this.contentSupplier = contentSupplier;
+            this.lastModified = lastModified;
+        }
+
+        @Override
+        public byte[] asBytes() {
+            return contentSupplier.get();
+        }
+
+        @Override
+        public String asString() {
+            return new String(asBytes(), StandardCharsets.UTF_8);
+        }
+
+        @Override
+        public InputStream asStream() {
+            return inputStreamSupplier.get();
+        }
+
+        @Override
+        public Optional<Long> getLastModified() {
+            return Optional.ofNullable(lastModified);
+        }
     }
 }

Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resource/package-info.java

@@ -1,6 +1,5 @@
 /**
  * Classes for implementing functionality with {@link com.djrapitops.plan.delivery.web.ResourceService}.
- *
  * <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5-PageExtension-API#resourceservice">Documentation</a>
  */
 package com.djrapitops.plan.delivery.web.resource;

Plan/api/src/main/java/com/djrapitops/plan/extension/DataExtension.java

@@ -113,6 +113,7 @@ public interface DataExtension {
      * <p>
      * Requires Capability DATA_EXTENSION_BUILDER_API
      *
+     * @param text Text that is displayed next to the value.
      * @return new builder.
      */
     default ValueBuilder valueBuilder(String text) {

Plan/api/src/main/java/com/djrapitops/plan/extension/ExtensionService.java

@@ -81,6 +81,9 @@ public interface ExtensionService {
      */
     void unregister(DataExtension extension);
 
+    /**
+     * Singleton holder for {@link ExtensionService}.
+     */
     class Holder {
         static final AtomicReference<ExtensionService> service = new AtomicReference<>();
 

Plan/api/src/main/java/com/djrapitops/plan/extension/FormatType.java

@@ -42,6 +42,12 @@ public enum FormatType {
      */
     NONE;
 
+    /**
+     * Get a format type by the enum name without exception.
+     *
+     * @param name FormatType#name()
+     * @return Optional if the format type is found by that name, empty if not found.
+     */
     public static Optional<FormatType> getByName(String name) {
         if (name == null) {
             return Optional.empty();
@@ -51,4 +57,5 @@ public enum FormatType {
         } catch (IllegalArgumentException e) {
             return Optional.empty();
         }
-    }}
+    }
+}

Plan/api/src/main/java/com/djrapitops/plan/extension/Group.java

@@ -30,6 +30,11 @@ package com.djrapitops.plan.extension;
  */
 public interface Group {
 
+    /**
+     * Get the name of the group.
+     *
+     * @return Name of the group given by a {@link com.djrapitops.plan.extension.annotation.GroupProvider}, e.g. "Miner"
+     */
     String getGroupName();
 
 }

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/BooleanProvider.java

@@ -89,7 +89,7 @@ public @interface BooleanProvider {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -98,7 +98,7 @@ public @interface BooleanProvider {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/ComponentProvider.java

@@ -76,7 +76,7 @@ public @interface ComponentProvider {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -85,7 +85,7 @@ public @interface ComponentProvider {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/DoubleProvider.java

@@ -67,7 +67,7 @@ public @interface DoubleProvider {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -76,7 +76,7 @@ public @interface DoubleProvider {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/GroupProvider.java

@@ -62,7 +62,7 @@ public @interface GroupProvider {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -71,7 +71,7 @@ public @interface GroupProvider {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/InvalidateMethod.java

@@ -39,10 +39,18 @@ public @interface InvalidateMethod {
      */
     String value();
 
+    /**
+     * Multiple {@link InvalidateMethod} annotations are supported per class.
+     */
     @Retention(RetentionPolicy.RUNTIME)
     @Target(ElementType.TYPE)
     @interface Multiple {
 
+        /**
+         * All the annotations.
+         *
+         * @return All InvalidateMethod annotations in the class.
+         */
         InvalidateMethod[] value();
 
     }

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/NumberProvider.java

@@ -79,7 +79,7 @@ public @interface NumberProvider {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -88,7 +88,7 @@ public @interface NumberProvider {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/PercentageProvider.java

@@ -70,7 +70,7 @@ public @interface PercentageProvider {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -79,7 +79,7 @@ public @interface PercentageProvider {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/PluginInfo.java

@@ -44,7 +44,7 @@ public @interface PluginInfo {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -53,7 +53,7 @@ public @interface PluginInfo {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/StringProvider.java

@@ -79,7 +79,7 @@ public @interface StringProvider {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -88,7 +88,7 @@ public @interface StringProvider {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/annotation/TabInfo.java

@@ -41,7 +41,7 @@ public @interface TabInfo {
     /**
      * Name of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Name of the icon, if name is not valid no icon is shown.
      */
@@ -50,7 +50,7 @@ public @interface TabInfo {
     /**
      * Family of Font Awesome icon.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
      *
      * @return Family that matches an icon, if there is no icon for this family no icon is shown.
      */

Plan/api/src/main/java/com/djrapitops/plan/extension/builder/ValueBuilder.java

@@ -18,7 +18,10 @@ package com.djrapitops.plan.extension.builder;
 
 import com.djrapitops.plan.component.Component;
 import com.djrapitops.plan.extension.FormatType;
-import com.djrapitops.plan.extension.annotation.*;
+import com.djrapitops.plan.extension.annotation.BooleanProvider;
+import com.djrapitops.plan.extension.annotation.Conditional;
+import com.djrapitops.plan.extension.annotation.StringProvider;
+import com.djrapitops.plan.extension.annotation.Tab;
 import com.djrapitops.plan.extension.extractor.ExtensionMethod;
 import com.djrapitops.plan.extension.icon.Color;
 import com.djrapitops.plan.extension.icon.Family;
@@ -64,7 +67,7 @@ public interface ValueBuilder {
     /**
      * Icon displayed next to the value.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons
      *
      * @param iconName   Name of the icon
      * @param iconFamily Family of the icon
@@ -78,7 +81,7 @@ public interface ValueBuilder {
     /**
      * Icon displayed next to the value.
      * <p>
-     * See https://fontawesome.com/icons (select 'free')) for icons
+     * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons
      *
      * @param icon Icon built using the methods in {@link Icon}.
      * @return This builder.

Plan/api/src/main/java/com/djrapitops/plan/extension/icon/Color.java

@@ -47,6 +47,12 @@ public enum Color {
     BLACK,
     NONE;
 
+    /**
+     * Get a color by the enum name without exception.
+     *
+     * @param name Color#name()
+     * @return Optional if the color is found by that name, empty if not found.
+     */
     public static Optional<Color> getByName(String name) {
         if (name == null) {
             return Optional.empty();
@@ -56,4 +62,5 @@ public enum Color {
         } catch (IllegalArgumentException e) {
             return Optional.empty();
         }
-    }}
+    }
+}

Plan/api/src/main/java/com/djrapitops/plan/extension/icon/Family.java

@@ -37,6 +37,12 @@ public enum Family {
      */
     BRAND;
 
+    /**
+     * Get a family by the enum name without exception.
+     *
+     * @param name Family#name()
+     * @return Optional if the family is found by that name, empty if not found.
+     */
     public static Optional<Family> getByName(String name) {
         if (name == null) {
             return Optional.empty();

Plan/api/src/main/java/com/djrapitops/plan/extension/icon/Icon.java

@@ -16,10 +16,12 @@
  */
 package com.djrapitops.plan.extension.icon;
 
+import java.util.Objects;
+
 /**
  * Object that represents an icon on the website.
  * <p>
- * See https://fontawesome.com/icons (select 'free')) for icons and their {@link Family}.
+ * See <a href="https://fontawesome.com/icons">FontAwesome</a> (select 'free')) for icons and their {@link Family}.
  *
  * @author AuroraLS3
  */
@@ -72,11 +74,27 @@ public class Icon {
         return this;
     }
 
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Icon icon = (Icon) o;
+        return type == icon.type && Objects.equals(getName(), icon.getName()) && getColor() == icon.getColor();
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(id, type, getName(), getColor());
+    }
+
     @Override
     public String toString() {
         return "Icon{" + type.name() + ", '" + name + '\'' + ", " + color.name() + '}';
     }
 
+    /**
+     * Builder for an {@link Icon}.
+     */
     public static class Builder {
 
         private final Icon icon;

Plan/api/src/main/java/com/djrapitops/plan/extension/package-info.java

@@ -1,6 +1,5 @@
 /**
  * DataExtension API and related classes.
- *
  * <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">Documentation</a>
  */
 package com.djrapitops.plan.extension;

Plan/api/src/main/java/com/djrapitops/plan/extension/table/Table.java

@@ -21,10 +21,8 @@ import com.djrapitops.plan.extension.icon.Color;
 import com.djrapitops.plan.extension.icon.Icon;
 import org.apache.commons.lang3.StringUtils;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
+import java.util.*;
+import java.util.stream.Collectors;
 
 /**
  * Object for giving Plan table data.
@@ -100,6 +98,52 @@ public final class Table {
         return tableColumnFormats;
     }
 
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Table table = (Table) o;
+        return Arrays.equals(getColumns(), table.getColumns())
+                && Arrays.equals(getIcons(), table.getIcons())
+                && Arrays.equals(getTableColumnFormats(), table.getTableColumnFormats())
+                && valuesEqual(table);
+    }
+
+    private boolean valuesEqual(Table other) {
+        List<Object[]> rows1 = getRows();
+        List<Object[]> rows2 = other.getRows();
+        if (rows1.size() != rows2.size()) return false;
+        for (int i = 0; i < rows1.size(); i++) {
+            Object[] values1 = rows1.get(i);
+            Object[] values2 = rows2.get(i);
+            for (int j = 0; j < getMaxColumnSize(); j++) {
+                if (!Objects.equals(Objects.toString(values1[0]), Objects.toString(values2[0]))) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = Objects.hash(getRows());
+        result = 31 * result + Arrays.hashCode(getColumns());
+        result = 31 * result + Arrays.hashCode(getIcons());
+        result = 31 * result + Arrays.hashCode(getTableColumnFormats());
+        return result;
+    }
+
+    @Override
+    public String toString() {
+        return "Table{" +
+                "columns=" + Arrays.toString(columns) +
+                ", icons=" + Arrays.toString(icons) +
+                ", tableColumnFormats=" + Arrays.toString(tableColumnFormats) +
+                ", rows=" + rows.stream().map(Arrays::toString).collect(Collectors.toList()) +
+                '}';
+    }
+
     /**
      * Factory for creating new {@link Table} objects.
      */

Plan/api/src/main/java/com/djrapitops/plan/query/CommonQueries.java

@@ -62,14 +62,44 @@ public interface CommonQueries {
      */
     long fetchLastSeen(UUID playerUUID, UUID serverUUID);
 
+    /**
+     * Get the UUIDs of all servers Plan has registered.
+     *
+     * @return Set of Server UUIDs
+     */
     Set<UUID> fetchServerUUIDs();
 
+    /**
+     * Fetch UUID of a player by name.
+     *
+     * @param playerName Name of the player
+     * @return UUID if it is found by Plan or empty if not found.
+     */
     Optional<UUID> fetchUUIDOf(String playerName);
 
+    /**
+     * Fetch name of a player by UUID.
+     *
+     * @param playerUUID UUID of the player
+     * @return Name if it is known by Plan or empty if not.
+     */
     Optional<String> fetchNameOf(UUID playerUUID);
 
+    /**
+     * Check that schema has table you are using in your queries.
+     *
+     * @param table Name of the table, e.g. plan_users.
+     * @return true if table exists.
+     */
     boolean doesDBHaveTable(String table);
 
+    /**
+     * Check that schema table has a column you are using in your queries.
+     *
+     * @param table  Name of the table, e.g. plan_users.
+     * @param column Name of the column, e.g. id
+     * @return true if table and column exist.
+     */
     boolean doesDBHaveTableColumn(String table, String column);
 
     /**

Plan/api/src/main/java/com/djrapitops/plan/query/QueryService.java

@@ -126,7 +126,7 @@ public interface QueryService {
     CommonQueries getCommonQueries();
 
     /**
-     * See https://docs.oracle.com/javase/8/docs/api/java/util/function/package-summary.html
+     * See <a href="https://docs.oracle.com/javase/8/docs/api/java/util/function/package-summary.html">Functional Interfaces</a>
      */
     @FunctionalInterface
     interface ThrowingConsumer<T> {
@@ -134,7 +134,7 @@ public interface QueryService {
     }
 
     /**
-     * See https://docs.oracle.com/javase/8/docs/api/java/util/function/package-summary.html
+     * See <a href="https://docs.oracle.com/javase/8/docs/api/java/util/function/package-summary.html">Functional Interfaces</a>
      */
     @FunctionalInterface
     interface ThrowingFunction<T, R> {
@@ -142,7 +142,7 @@ public interface QueryService {
     }
 
     /**
-     * See https://docs.oracle.com/javase/8/docs/api/java/util/function/package-summary.html
+     * See <a href="https://docs.oracle.com/javase/8/docs/api/java/util/function/package-summary.html">Functional Interfaces</a>
      */
     @FunctionalInterface
     interface VoidFunction {

Plan/api/src/main/java/com/djrapitops/plan/query/package-info.java

@@ -1,6 +1,5 @@
 /**
  * Query API related classes.
- *
  * <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5-Query-API">Documentation</a>
  */
 package com.djrapitops.plan.query;

Plan/api/src/main/java/com/djrapitops/plan/settings/ListenerService.java

@@ -51,6 +51,9 @@ public interface ListenerService {
      */
     void registerListenerForPlan(Object listener);
 
+    /**
+     * Singleton holder for listeners.
+     */
     class Holder {
         static final AtomicReference<ListenerService> service = new AtomicReference<>();
 

Plan/build.gradle

@@ -11,13 +11,13 @@ buildscript {
 }
 
 plugins {
-    id "com.github.johnrengelman.shadow" version "7.1.2" apply false
+    id "com.github.johnrengelman.shadow" version "8.1.1" apply false
     id "java"
     id 'java-library'
     id "jacoco"
     id "checkstyle"
-    id "org.sonarqube" version "3.5.0.2730"
-    id 'fabric-loom' version '0.12.+' apply false
+    id "org.sonarqube" version "5.0.0.4638"
+    id 'fabric-loom' version '1.6-SNAPSHOT' apply false
 }
 
 apply plugin: 'nebula-aggregate-javadocs'
@@ -36,20 +36,22 @@ def buildVersion = determineBuildVersion()
 allprojects {
 
     group "com.djrapitops"
-    version "5.5-SNAPSHOT"
+    version "5.6-SNAPSHOT"
 
     ext.majorVersion = '5'
-    ext.minorVersion = '5'
+    ext.minorVersion = '6'
     ext.buildVersion = buildVersion
     ext.fullVersion = project.ext.majorVersion + '.' + project.ext.minorVersion + ' build ' + project.ext.buildVersion
+    ext.fullVersionFilename = project.ext.majorVersion + '.' + project.ext.minorVersion + '-build-' + project.ext.buildVersion
+    ext.fullVersionSemantic = project.ext.majorVersion + '.' + project.ext.minorVersion + '+build.' + project.ext.buildVersion
 
     // Fix for UTF-8 files showing with wrong encoding when compiled on Windows machines.
     compileJava { options.encoding = "UTF-8" }
-    tasks.withType(JavaCompile) { options.encoding = 'UTF-8' }
+    tasks.withType(JavaCompile).configureEach { options.encoding = 'UTF-8' }
     javadoc { options.encoding = 'UTF-8' }
 }
 
-logger.lifecycle("Building artifact for version $fullVersion")
+logger.lifecycle("Building artifact for version $fullVersion / $fullVersionFilename / $fullVersionSemantic")
 
 subprojects {
     // Build plugins
@@ -67,9 +69,9 @@ subprojects {
     }
 
     ext {
-        daggerVersion = "2.44.2"
+        daggerVersion = "2.51.1"
 
-        palVersion = "5.1.0"
+        palVersion = "5.2.0"
 
         bukkitVersion = "1.13.2-R0.1-SNAPSHOT"
         spigotVersion = "1.13.2-R0.1-SNAPSHOT"
@@ -81,29 +83,33 @@ subprojects {
         redisBungeeVersion = "0.3.8-SNAPSHOT"
         redisBungeeProxioDevVersion = "0.7.3"
 
-        commonsTextVersion = "1.10.0"
-        commonsCompressVersion = "1.22"
-        commonsCodecVersion = "1.15"
-        caffeineVersion = "3.1.2"
-        jettyVersion = "11.0.13"
+        commonsTextVersion = "1.12.0"
+        commonsCompressVersion = "1.26.2"
+        commonsCodecVersion = "1.17.0"
+        caffeineVersion = "3.1.8"
+        jettyVersion = "11.0.21"
         caffeineVersion = "2.9.2"
-        mysqlVersion = "8.0.31"
-        sqliteVersion = "3.40.0.0"
-        adventureVersion = "4.12.0"
-        hikariVersion = "5.0.1"
-        slf4jVersion = "2.0.6"
-        geoIpVersion = "3.0.2"
-        gsonVersion = "2.10"
-        dependencyDownloadVersion = "1.3.0"
+        mysqlVersion = "8.4.0"
+        mariadbVersion = "3.4.0"
+        sqliteVersion = "3.42.0.1"
+        adventureVersion = "4.17.0"
+        hikariVersion = "5.1.0"
+        slf4jVersion = "2.0.13"
+        geoIpVersion = "4.2.0"
+        gsonVersion = "2.11.0"
+        dependencyDownloadVersion = "1.3.1"
+        ipAddressMatcherVersion = "5.5.0"
+        jasyptVersion = "1.9.3"
 
-        bstatsVersion = "3.0.0"
-        placeholderapiVersion = "2.11.2"
+        bstatsVersion = "3.0.2"
+        placeholderapiVersion = "2.11.5"
         nkPlaceholderapiVersion = "1.4-SNAPSHOT"
 
-        junitVersion = "5.9.1"
-        mockitoVersion = "4.10.0"
-        testContainersVersion = "1.17.6"
-        swaggerVersion = "2.2.7"
+        junitVersion = "5.10.2"
+        mockitoVersion = "5.12.0"
+        seleniumVersion = "4.21.0"
+        testContainersVersion = "1.19.8"
+        swaggerVersion = "2.2.22"
     }
 
     repositories {
@@ -113,7 +119,6 @@ subprojects {
         maven { url = "https://papermc.io/repo/repository/maven-public/" } // Paper
         maven { url = "https://repo.spongepowered.org/repository/maven-public/" } // Sponge
         maven { url = "https://oss.sonatype.org/content/repositories/snapshots" } // BungeeCord
-        maven { url = "https://repo.velocitypowered.com/snapshots/" } // Velocity
         maven { url = "https://repo.playeranalytics.net/releases" } // Plan
         maven { url = "https://repo.md-5.net/content/repositories/snapshots/" } // RedisBungee
         maven { url = "https://jitpack.io" } // RedisBungee fork
@@ -126,6 +131,8 @@ subprojects {
         testImplementation "com.google.dagger:dagger:$daggerVersion"
         testAnnotationProcessor "com.google.dagger:dagger-compiler:$daggerVersion"
 
+        compileOnly "io.swagger.core.v3:swagger-core-jakarta:$swaggerVersion"
+
         // Test Tooling Dependencies
         testImplementation "org.junit.jupiter:junit-jupiter:$junitVersion"      // JUnit 5
         testImplementation "org.mockito:mockito-core:$mockitoVersion"           // Mockito Core
@@ -134,8 +141,9 @@ subprojects {
         // Awaitility (Concurrent wait conditions)
 
         // Testing dependencies required by Plan
-        testImplementation "org.xerial:sqlite-jdbc:$sqliteVersion"    // SQLite
-        testImplementation "mysql:mysql-connector-java:$mysqlVersion" // MySQL
+        testImplementation "org.xerial:sqlite-jdbc:$sqliteVersion" // SQLite
+        testImplementation "com.mysql:mysql-connector-j:$mysqlVersion" // MySQL
+        testImplementation "org.mariadb.jdbc:mariadb-java-client:$mariadbVersion" // MariaDB
     }
 
     configurations {
@@ -146,7 +154,7 @@ subprojects {
         testImplementation.extendsFrom shadow // Include shadowed dependencies in test classpath
     }
     // Test classes available to other modules
-    task testJar(type: Jar) {
+    tasks.register('testJar', Jar) {
         archiveClassifier.set("test")
         from sourceSets.test.output
     }
@@ -174,8 +182,8 @@ subprojects {
         }
     }
 
-    plugins.withType(JacocoPlugin) {
-        tasks["test"].finalizedBy 'jacocoTestReport'
+    plugins.withType(JacocoPlugin).configureEach {
+        tasks.named("test").get().finalizedBy 'jacocoTestReport'
     }
 }
 

Plan/bukkit/src/main/java/com/djrapitops/plan/BukkitServerShutdownSave.java

@@ -17,6 +17,8 @@
 package com.djrapitops.plan;
 
 import com.djrapitops.plan.gathering.ServerShutdownSave;
+import com.djrapitops.plan.gathering.afk.AFKTracker;
+import com.djrapitops.plan.gathering.listeners.bukkit.BukkitAFKListener;
 import com.djrapitops.plan.settings.locale.Locale;
 import com.djrapitops.plan.storage.database.DBSystem;
 import com.djrapitops.plan.utilities.java.Reflection;
@@ -26,6 +28,7 @@ import org.bukkit.Bukkit;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import java.util.Optional;
 
 /**
  * ServerShutdownSave implementation for Bukkit based servers.
@@ -52,6 +55,11 @@ public class BukkitServerShutdownSave extends ServerShutdownSave {
         return isStoppedBefore1p17() || isStoppedV1p17() || isStoppedAfterV1p17();
     }
 
+    @Override
+    public Optional<AFKTracker> getAfkTracker() {
+        return Optional.ofNullable(BukkitAFKListener.getAfkTracker());
+    }
+
     private boolean isStoppedBefore1p17() {
         try {
             // Special thanks to Fuzzlemann for figuring out the methods required for this check.

Plan/bukkit/src/main/java/com/djrapitops/plan/Plan.java

@@ -36,6 +36,7 @@ import org.bukkit.command.PluginCommand;
 import org.bukkit.configuration.file.FileConfiguration;
 import org.bukkit.plugin.java.JavaPlugin;
 
+import java.lang.reflect.Constructor;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
@@ -58,17 +59,29 @@ public class Plan extends JavaPlugin implements PlanPlugin {
     private RunnableFactory runnableFactory;
     private PlatformAbstractionLayer abstractionLayer;
     private ErrorLogger errorLogger;
+    private PlanBukkitComponent component;
 
     @Override
     public void onLoad() {
-        abstractionLayer = new BukkitPlatformLayer(this);
+        if (isFolia()) {
+            try {
+                // Attempt to load and use the Folia library for Java 17+
+                Class<?> foliaPlatformLayer = Class.forName("net.playeranalytics.plugin.FoliaPlatformLayer");
+                abstractionLayer = (PlatformAbstractionLayer) foliaPlatformLayer.getConstructor(JavaPlugin.class).newInstance(this);
+            } catch (Exception e) {
+                this.getLogger().log(Level.SEVERE, "Failed to load FoliaPlatformLayer", e);
+                abstractionLayer = new BukkitPlatformLayer(this);
+            }
+        } else {
+            abstractionLayer = new BukkitPlatformLayer(this);
+        }
         pluginLogger = abstractionLayer.getPluginLogger();
         runnableFactory = abstractionLayer.getRunnableFactory();
     }
 
     @Override
     public void onEnable() {
-        PlanBukkitComponent component = DaggerPlanBukkitComponent.builder()
+        component = DaggerPlanBukkitComponent.builder()
                 .plan(this)
                 .abstractionLayer(abstractionLayer)
                 .server(getServer())
@@ -135,11 +148,18 @@ public class Plan extends JavaPlugin implements PlanPlugin {
     public void onDisable() {
         storeSessionsOnShutdown();
         cancelAllTasks();
+        if (component != null) unregisterPlaceholders(component.placeholders());
         if (system != null) system.disable();
 
         pluginLogger.info(Locale.getStringNullSafe(locale, PluginLang.DISABLED));
     }
 
+    private void unregisterPlaceholders(BukkitPlaceholderRegistrar placeholders) {
+        if (placeholders != null) {
+            runnableFactory.create(placeholders::unregister);
+        }
+    }
+
     private void storeSessionsOnShutdown() {
         if (serverShutdownSave != null) {
             Optional<Future<?>> complete = serverShutdownSave.performSave();
@@ -159,7 +179,18 @@ public class Plan extends JavaPlugin implements PlanPlugin {
 
     public void cancelAllTasks() {
         runnableFactory.cancelAllKnownTasks();
-        Bukkit.getScheduler().cancelTasks(this);
+        if (!isFolia()) {
+            Bukkit.getScheduler().cancelTasks(this);
+        }
+    }
+
+    private static boolean isFolia() {
+        try {
+            Class.forName("io.papermc.paper.threadedregions.RegionizedServer");
+            return true;
+        } catch (ClassNotFoundException e) {
+            return false;
+        }
     }
 
     @Override

Plan/bukkit/src/main/java/com/djrapitops/plan/addons/placeholderapi/BukkitPlaceholderRegistrar.java

@@ -22,6 +22,7 @@ import com.djrapitops.plan.utilities.logging.ErrorLogger;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import java.util.concurrent.TimeUnit;
 
 @Singleton
 public class BukkitPlaceholderRegistrar {
@@ -30,6 +31,8 @@ public class BukkitPlaceholderRegistrar {
     private final PlanSystem system;
     private final ErrorLogger errorLogger;
 
+    private PlanPlaceholderExtension placeholderExtension;
+
     @Inject
     public BukkitPlaceholderRegistrar(
             PlanPlaceholders placeholders,
@@ -42,6 +45,23 @@ public class BukkitPlaceholderRegistrar {
     }
 
     public void register() {
-        new PlanPlaceholderExtension(placeholders, system, errorLogger).register();
+        placeholderExtension = new PlanPlaceholderExtension(placeholders, system, errorLogger);
+        placeholderExtension.register();
+    }
+
+    public void unregister() {
+        if (placeholderExtension != null) {
+            boolean success = false;
+            while (!success) {
+                success = placeholderExtension.unregister();
+                if (!success) {
+                    try {
+                        Thread.sleep(TimeUnit.SECONDS.toMillis(1));
+                    } catch (InterruptedException interrupted) {
+                        Thread.currentThread().interrupt();
+                    }
+                }
+            }
+        }
     }
 }

Plan/bukkit/src/main/java/com/djrapitops/plan/addons/placeholderapi/PlanPlaceholderExtension.java

@@ -19,6 +19,7 @@ package com.djrapitops.plan.addons.placeholderapi;
 import com.djrapitops.plan.PlanSystem;
 import com.djrapitops.plan.placeholder.PlanPlaceholders;
 import com.djrapitops.plan.processing.Processing;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import com.djrapitops.plan.utilities.logging.ErrorContext;
 import com.djrapitops.plan.utilities.logging.ErrorLogger;
 import com.djrapitops.plan.version.VersionChecker;
@@ -89,15 +90,25 @@ public class PlanPlaceholderExtension extends PlaceholderExpansion {
     }
 
     @Override
-    public String onRequest(OfflinePlayer player, String params) {
-        UUID uuid = player != null ? player.getUniqueId() : null;
-        if ("Server thread".equalsIgnoreCase(Thread.currentThread().getName())) {
-            return getCached(params, uuid);
+    public String onRequest(OfflinePlayer player, @Untrusted String params) {
+        try {
+            UUID uuid = player != null ? player.getUniqueId() : null;
+            if ("Server thread".equalsIgnoreCase(Thread.currentThread().getName())) {
+                return getCached(params, uuid);
+            }
+
+            return Optional.ofNullable(getCached(params, uuid))
+                    .orElseGet(() -> getPlaceholderValue(params, uuid));
+        } catch (IllegalStateException e) {
+            if ("zip file closed".equals(e.getMessage())) {
+                return null; // Plan is disabled.
+            } else {
+                throw e;
+            }
         }
-        return getPlaceholderValue(params, uuid);
     }
 
-    private String getPlaceholderValue(String params, UUID uuid) {
+    private String getPlaceholderValue(@Untrusted String params, UUID uuid) {
         try {
             String value = placeholders.onPlaceholderRequest(uuid, parseRequest(params), parseParameters(params));
 
@@ -114,14 +125,16 @@ public class PlanPlaceholderExtension extends PlaceholderExpansion {
         }
     }
 
-    private String parseRequest(String params) {
+    @Untrusted
+    private String parseRequest(@Untrusted String params) {
         return params.split(":")[0];
     }
 
-    private List<String> parseParameters(String params) {
+    @Untrusted
+    private List<String> parseParameters(@Untrusted String params) {
         List<String> parameters = new ArrayList<>();
         boolean first = true;
-        for (String parameter : params.split(":")) {
+        for (@Untrusted String parameter : params.split(":")) {
             if (first) {
                 first = false;
             } else {
@@ -131,8 +144,8 @@ public class PlanPlaceholderExtension extends PlaceholderExpansion {
         return parameters;
     }
 
-    private String getCached(String params, UUID uuid) {
-        String key = params + "-" + uuid;
+    private String getCached(@Untrusted String params, UUID uuid) {
+        @Untrusted String key = params + "-" + uuid;
 
         if (!currentlyProcessing.contains(key)) {
             currentlyProcessing.add(key);

Plan/bukkit/src/main/java/com/djrapitops/plan/gathering/BukkitSensor.java

@@ -16,13 +16,16 @@
  */
 package com.djrapitops.plan.gathering;
 
+import com.djrapitops.plan.gathering.domain.PluginMetadata;
 import org.bukkit.Bukkit;
 import org.bukkit.Server;
 import org.bukkit.World;
 import org.bukkit.entity.Player;
+import org.bukkit.plugin.Plugin;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import java.util.Arrays;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -129,4 +132,12 @@ public class BukkitSensor implements ServerSensor<World> {
                 .map(Player::getName)
                 .collect(Collectors.toList());
     }
+
+    @Override
+    public List<PluginMetadata> getInstalledPlugins() {
+        return Arrays.stream(Bukkit.getPluginManager().getPlugins())
+                .map(Plugin::getDescription)
+                .map(description -> new PluginMetadata(description.getName(), description.getVersion()))
+                .collect(Collectors.toList());
+    }
 }

Plan/bukkit/src/main/java/com/djrapitops/plan/gathering/importing/data/BukkitUserImportRefiner.java

@@ -25,7 +25,7 @@ import java.util.stream.Collectors;
 
 /**
  * UserImportRefiner attempts to find any crucial information that is missing.
- *
+ * <p>
  * - Finds UUIDs if only name is present.
  * - Finds Names if only UUID is present.
  * - Removes any importers that do not have any identifiers.

Plan/bukkit/src/main/java/com/djrapitops/plan/gathering/listeners/bukkit/BukkitAFKListener.java

@@ -62,6 +62,10 @@ public class BukkitAFKListener implements Listener {
         }
     }
 
+    public static AFKTracker getAfkTracker() {
+        return afkTracker;
+    }
+
     private void event(PlayerEvent event) {
         try {
             Player player = event.getPlayer();

Plan/bukkit/src/main/java/com/djrapitops/plan/gathering/listeners/bukkit/PlayerOnlineListener.java

@@ -16,6 +16,7 @@
  */
 package com.djrapitops.plan.gathering.listeners.bukkit;
 
+import com.djrapitops.plan.gathering.JoinAddressValidator;
 import com.djrapitops.plan.gathering.cache.JoinAddressCache;
 import com.djrapitops.plan.gathering.domain.BukkitPlayerData;
 import com.djrapitops.plan.gathering.domain.event.PlayerJoin;
@@ -28,6 +29,8 @@ import com.djrapitops.plan.identification.ServerUUID;
 import com.djrapitops.plan.storage.database.DBSystem;
 import com.djrapitops.plan.storage.database.transactions.events.BanStatusTransaction;
 import com.djrapitops.plan.storage.database.transactions.events.KickStoreTransaction;
+import com.djrapitops.plan.storage.database.transactions.events.StoreAllowlistBounceTransaction;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import com.djrapitops.plan.utilities.logging.ErrorContext;
 import com.djrapitops.plan.utilities.logging.ErrorLogger;
 import org.bukkit.event.EventHandler;
@@ -50,6 +53,7 @@ public class PlayerOnlineListener implements Listener {
 
     private final PlayerJoinEventConsumer playerJoinEventConsumer;
     private final PlayerLeaveEventConsumer playerLeaveEventConsumer;
+    private final JoinAddressValidator joinAddressValidator;
     private final JoinAddressCache joinAddressCache;
 
     private final ServerInfo serverInfo;
@@ -61,6 +65,7 @@ public class PlayerOnlineListener implements Listener {
     public PlayerOnlineListener(
             PlayerJoinEventConsumer playerJoinEventConsumer,
             PlayerLeaveEventConsumer playerLeaveEventConsumer,
+            JoinAddressValidator joinAddressValidator,
             JoinAddressCache joinAddressCache,
             ServerInfo serverInfo,
             DBSystem dbSystem,
@@ -69,6 +74,7 @@ public class PlayerOnlineListener implements Listener {
     ) {
         this.playerJoinEventConsumer = playerJoinEventConsumer;
         this.playerLeaveEventConsumer = playerLeaveEventConsumer;
+        this.joinAddressValidator = joinAddressValidator;
         this.joinAddressCache = joinAddressCache;
         this.serverInfo = serverInfo;
         this.dbSystem = dbSystem;
@@ -82,16 +88,14 @@ public class PlayerOnlineListener implements Listener {
             UUID playerUUID = event.getPlayer().getUniqueId();
             ServerUUID serverUUID = serverInfo.getServerUUID();
             boolean banned = PlayerLoginEvent.Result.KICK_BANNED == event.getResult();
+            boolean notWhitelisted = PlayerLoginEvent.Result.KICK_WHITELIST == event.getResult();
 
-            String address = event.getHostname();
-            if (!address.isEmpty()) {
-                address = address.substring(0, address.lastIndexOf(':'));
-                if (address.contains("\u0000")) {
-                    address = address.substring(0, address.indexOf('\u0000'));
-                }
-                if (address.contains("fml")) {
-                    address = address.substring(0, address.lastIndexOf("fml"));
-                }
+            if (notWhitelisted) {
+                dbSystem.getDatabase().executeTransaction(new StoreAllowlistBounceTransaction(playerUUID, event.getPlayer().getName(), serverUUID, System.currentTimeMillis()));
+            }
+
+            @Untrusted String address = joinAddressValidator.sanitize(event.getHostname());
+            if (joinAddressValidator.isValid(address)) {
                 joinAddressCache.put(playerUUID, address);
             }
             dbSystem.getDatabase().executeTransaction(new BanStatusTransaction(playerUUID, serverUUID, banned));

Plan/bukkit/src/main/java/com/djrapitops/plan/gathering/timed/BukkitPingCounter.java

@@ -53,7 +53,7 @@ import java.util.logging.Logger;
  * Task that handles player ping calculation on Bukkit based servers.
  * <p>
  * Modified PingManager from LagMonitor plugin.
- * https://github.com/games647/LagMonitor/blob/master/src/main/java/com/github/games647/lagmonitor/task/PingManager.java
+ * <a href="https://github.com/games647/LagMonitor/blob/master/src/main/java/com/github/games647/lagmonitor/task/PingManager.java">original</a>
  *
  * @author games647
  */
@@ -89,9 +89,9 @@ public class BukkitPingCounter extends TaskSystem.Task implements Listener {
         startRecording = new ConcurrentHashMap<>();
         playerHistory = new HashMap<>();
 
-        Optional<PingMethod> pingMethod = loadPingMethod();
-        if (pingMethod.isPresent()) {
-            this.pingMethod = pingMethod.get();
+        Optional<PingMethod> loaded = loadPingMethod();
+        if (loaded.isPresent()) {
+            this.pingMethod = loaded.get();
             pingMethodAvailable = true;
         } else {
             pingMethodAvailable = false;
@@ -100,6 +100,7 @@ public class BukkitPingCounter extends TaskSystem.Task implements Listener {
 
     private Optional<PingMethod> loadPingMethod() {
         PingMethod[] methods = new PingMethod[]{
+                new SpigotPingMethod(),
                 new PaperPingMethod(),
                 new ReflectiveLatencyFieldMethod(),
                 new ReflectivePingFieldMethod(),

Plan/bukkit/src/main/java/com/djrapitops/plan/gathering/timed/SpigotPingMethod.java

@@ -0,0 +1,64 @@
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2016-2018
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.djrapitops.plan.gathering.timed;
+
+import org.bukkit.entity.Player;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+public class SpigotPingMethod implements PingMethod {
+
+    private String reasonForUnavailability;
+
+    @Override
+    public boolean isAvailable() {
+        try {
+            //Only available in Paper
+            Class.forName("org.bukkit.entity.Player").getDeclaredMethod("getPing");
+            return true;
+        } catch (ClassNotFoundException | NoSuchMethodException noSuchMethodEx) {
+            reasonForUnavailability = noSuchMethodEx.toString();
+            return false;
+        }
+    }
+
+    @Override
+    public int getPing(Player player) {
+        if (reasonForUnavailability != null) return -1;
+
+        try {
+            Method getPing = player.getClass().getDeclaredMethod("getPing");
+            return (int) getPing.invoke(player);
+        } catch (IllegalAccessException | InvocationTargetException | NoSuchMethodException e) {
+            reasonForUnavailability = e.toString();
+            return -1;
+        }
+    }
+
+    @Override
+    public String getReasonForUnavailability() {
+        return reasonForUnavailability;
+    }
+}

Plan/bukkit/src/main/java/com/djrapitops/plan/modules/bukkit/BukkitTaskModule.java

@@ -19,13 +19,14 @@ package com.djrapitops.plan.modules.bukkit;
 import com.djrapitops.plan.TaskSystem;
 import com.djrapitops.plan.addons.placeholderapi.PlaceholderCacheRefreshTask;
 import com.djrapitops.plan.delivery.web.ResourceWriteTask;
-import com.djrapitops.plan.delivery.web.WebAssetVersionCheckTask;
 import com.djrapitops.plan.delivery.webserver.auth.ActiveCookieExpiryCleanupTask;
 import com.djrapitops.plan.delivery.webserver.cache.JSONFileStorage;
+import com.djrapitops.plan.delivery.webserver.configuration.AddressAllowList;
 import com.djrapitops.plan.extension.ExtensionServerDataUpdater;
 import com.djrapitops.plan.gathering.ShutdownDataPreservation;
 import com.djrapitops.plan.gathering.ShutdownHook;
 import com.djrapitops.plan.gathering.timed.BukkitPingCounter;
+import com.djrapitops.plan.gathering.timed.InstalledPluginGatheringTask;
 import com.djrapitops.plan.gathering.timed.ServerTPSCounter;
 import com.djrapitops.plan.gathering.timed.SystemUsageBuffer;
 import com.djrapitops.plan.settings.upkeep.ConfigStoreTask;
@@ -93,10 +94,6 @@ public interface BukkitTaskModule {
     @IntoSet
     TaskSystem.Task bindResourceWriteTask(ResourceWriteTask resourceWriteTask);
 
-    @Binds
-    @IntoSet
-    TaskSystem.Task bindWebAssetVersionCheckTask(WebAssetVersionCheckTask webAssetVersionCheckTask);
-
     @Binds
     @IntoSet
     TaskSystem.Task bindActiveCookieStoreExpiryTask(ActiveCookieExpiryCleanupTask activeCookieExpiryCleanupTask);
@@ -108,4 +105,12 @@ public interface BukkitTaskModule {
     @Binds
     @IntoSet
     TaskSystem.Task bindPlaceholderWarmupTask(PlaceholderCacheRefreshTask placeholderCacheRefreshTask);
+
+    @Binds
+    @IntoSet
+    TaskSystem.Task bindAddressAllowListUpdateTask(AddressAllowList addressAllowList);
+
+    @Binds
+    @IntoSet
+    TaskSystem.Task bindInstalledPluginGatheringTask(InstalledPluginGatheringTask installedPluginGatheringTask);
 }

Plan/bukkit/src/main/java/com/djrapitops/plan/utilities/java/Reflection.java

@@ -32,7 +32,7 @@ import java.lang.reflect.Field;
  * An utility class that simplifies reflection in Bukkit plugins.
  * <p>
  * Modified Reflection utility from LagMonitor plugin.
- * https://github.com/games647/LagMonitor/blob/master/src/main/java/com/github/games647/lagmonitor/traffic/Reflection.java
+ * <a href="https://github.com/games647/LagMonitor/blob/master/src/main/java/com/github/games647/lagmonitor/traffic/Reflection.java">original code</a>
  *
  * @author Kristian
  */

Plan/bungeecord/src/main/java/com/djrapitops/plan/gathering/BungeeSensor.java

@@ -17,9 +17,11 @@
 package com.djrapitops.plan.gathering;
 
 import com.djrapitops.plan.PlanBungee;
+import com.djrapitops.plan.gathering.domain.PluginMetadata;
 import com.djrapitops.plan.identification.properties.RedisCheck;
 import com.djrapitops.plan.identification.properties.RedisPlayersOnlineSupplier;
 import net.md_5.bungee.api.connection.ProxiedPlayer;
+import net.md_5.bungee.api.plugin.Plugin;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -35,11 +37,13 @@ public class BungeeSensor implements ServerSensor<Object> {
     private final IntSupplier onlinePlayerCountSupplier;
     private final IntSupplier onlinePlayerCountBungee;
     private final Supplier<Collection<ProxiedPlayer>> getPlayers;
+    private final Supplier<Collection<Plugin>> getPlugins;
 
     @Inject
     public BungeeSensor(PlanBungee plugin) {
         getPlayers = plugin.getProxy()::getPlayers;
         onlinePlayerCountBungee = plugin.getProxy()::getOnlineCount;
+        getPlugins = plugin.getProxy().getPluginManager()::getPlugins;
         onlinePlayerCountSupplier = RedisCheck.isClassAvailable() ? new RedisPlayersOnlineSupplier() : onlinePlayerCountBungee;
     }
 
@@ -58,4 +62,17 @@ public class BungeeSensor implements ServerSensor<Object> {
     public List<String> getOnlinePlayerNames() {
         return getPlayers.get().stream().map(ProxiedPlayer::getName).collect(Collectors.toList());
     }
+
+    @Override
+    public boolean usingRedisBungee() {
+        return RedisCheck.isClassAvailable();
+    }
+
+    @Override
+    public List<PluginMetadata> getInstalledPlugins() {
+        return getPlugins.get().stream()
+                .map(Plugin::getDescription)
+                .map(description -> new PluginMetadata(description.getName(), description.getVersion()))
+                .collect(Collectors.toList());
+    }
 }

Plan/bungeecord/src/main/java/com/djrapitops/plan/identification/BungeeServerInfo.java

@@ -26,6 +26,7 @@ import com.djrapitops.plan.processing.Processing;
 import com.djrapitops.plan.settings.locale.Locale;
 import com.djrapitops.plan.settings.locale.lang.PluginLang;
 import net.playeranalytics.plugin.server.PluginLogger;
+import org.jetbrains.annotations.Nullable;
 
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -73,17 +74,16 @@ public class BungeeServerInfo extends ServerInfo {
     @Override
     public void loadServerInfo() {
         logger.info(locale.getString(PluginLang.LOADING_SERVER_INFO));
-        checkIfDefaultIP();
 
-        this.server = fromFile.load(null).orElseGet(() -> fromDatabase.load(null)
-                .orElseGet(this::registerServer));
+        this.server = fromFile.load(null)
+                .orElseGet(this::registerServer);
         this.server.setProxy(true); // Ensure isProxy if loaded from file
 
         processing.submitNonCritical(this::updateStorage);
     }
 
     private void updateStorage() {
-        String address = addresses.getAccessAddress().orElseGet(addresses::getFallbackLocalhostAddress);
+        String address = getAddress();
 
         server.setWebAddress(address);
 
@@ -92,18 +92,6 @@ public class BungeeServerInfo extends ServerInfo {
         fromFile.save(server);
     }
 
-    /**
-     * @throws EnableException If IP setting is unset
-     */
-    private void checkIfDefaultIP() {
-        String ip = serverProperties.getIp();
-        if ("0.0.0.0".equals(ip)) {
-            logger.error("IP setting still 0.0.0.0 - Configure Alternative_IP/IP that connects to the Proxy server.");
-            logger.info("Player Analytics partially enabled (Use /planproxy reload to reload config)");
-            throw new EnableException("IP setting still 0.0.0.0 - Configure Alternative_IP/IP that connects to the Proxy server.");
-        }
-    }
-
     /**
      * @throws EnableException If IP setting is unset
      */
@@ -111,19 +99,22 @@ public class BungeeServerInfo extends ServerInfo {
         Server proxy = createServerObject();
 
         fromDatabase.save(proxy);
-        Server stored = fromDatabase.load(null)
-                .orElseThrow(() -> new EnableException("BungeeCord registration failed (DB)"));
+        Server stored = fromDatabase.load(proxy.getUuid())
+                .orElseThrow(() -> new EnableException("Server registration to database failed"));
 
         fromFile.save(stored);
         return stored;
     }
 
-    /**
-     * @throws EnableException If IP setting is unset
-     */
     private Server createServerObject() {
         ServerUUID serverUUID = generateNewUUID();
-        String accessAddress = addresses.getAccessAddress().orElseThrow(() -> new EnableException("Velocity can not have '0.0.0.0' or '' as an address. Set up 'Server.IP' setting."));
+        String accessAddress = getAddress();
         return new Server(-1, serverUUID, "BungeeCord", accessAddress, true, currentVersion);
     }
+
+    @Nullable
+    private String getAddress() {
+        return addresses.getAccessAddress()
+                .orElse(addresses.isWebserverEnabled() ? addresses.getFallbackLocalhostAddress() : null);
+    }
 }

Plan/bungeecord/src/main/java/com/djrapitops/plan/modules/bungee/BungeeSuperClassBindingModule.java

@@ -40,5 +40,5 @@ public interface BungeeSuperClassBindingModule {
     ListenerSystem bindListenerSystem(BungeeListenerSystem listenerSystem);
 
     @Binds
-    ServerSensor<Object> bindServerSensor(BungeeSensor sensor);
+    ServerSensor<?> bindServerSensor(BungeeSensor sensor);
 }

Plan/bungeecord/src/main/java/com/djrapitops/plan/modules/bungee/BungeeTaskModule.java

@@ -18,11 +18,12 @@ package com.djrapitops.plan.modules.bungee;
 
 import com.djrapitops.plan.TaskSystem;
 import com.djrapitops.plan.delivery.web.ResourceWriteTask;
-import com.djrapitops.plan.delivery.web.WebAssetVersionCheckTask;
 import com.djrapitops.plan.delivery.webserver.auth.ActiveCookieExpiryCleanupTask;
 import com.djrapitops.plan.delivery.webserver.cache.JSONFileStorage;
+import com.djrapitops.plan.delivery.webserver.configuration.AddressAllowList;
 import com.djrapitops.plan.extension.ExtensionServerDataUpdater;
 import com.djrapitops.plan.gathering.timed.BungeePingCounter;
+import com.djrapitops.plan.gathering.timed.InstalledPluginGatheringTask;
 import com.djrapitops.plan.gathering.timed.ProxyTPSCounter;
 import com.djrapitops.plan.gathering.timed.SystemUsageBuffer;
 import com.djrapitops.plan.settings.upkeep.NetworkConfigStoreTask;
@@ -82,9 +83,13 @@ public interface BungeeTaskModule {
 
     @Binds
     @IntoSet
-    TaskSystem.Task bindWebAssetVersionCheckTask(WebAssetVersionCheckTask webAssetVersionCheckTask);
+    TaskSystem.Task bindActiveCookieStoreExpiryTask(ActiveCookieExpiryCleanupTask activeCookieExpiryCleanupTask);
 
     @Binds
     @IntoSet
-    TaskSystem.Task bindActiveCookieStoreExpiryTask(ActiveCookieExpiryCleanupTask activeCookieExpiryCleanupTask);
+    TaskSystem.Task bindAddressAllowListUpdateTask(AddressAllowList addressAllowList);
+
+    @Binds
+    @IntoSet
+    TaskSystem.Task bindInstalledPluginGatheringTask(InstalledPluginGatheringTask installedPluginGatheringTask);
 }

Plan/bungeecord/src/test/java/com/djrapitops/plan/BungeeSystemTest.java

@@ -32,7 +32,8 @@ import utilities.mocks.BungeeMockComponent;
 
 import java.nio.file.Path;
 
-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assumptions.assumeTrue;
 
 /**
@@ -74,7 +75,7 @@ class BungeeSystemTest {
     }
 
     @Test
-    void bungeeDoesNotEnableWithDefaultIP() {
+    void bungeeEnablesWithDefaultIP() {
         PlanSystem bungeeSystem = component.getPlanSystem();
         try {
             PlanConfig config = bungeeSystem.getConfigSystem().getConfig();
@@ -86,8 +87,8 @@ class BungeeSystemTest {
             db.setTransactionExecutorServiceProvider(MoreExecutors::newDirectExecutorService);
             dbSystem.setActiveDatabase(db);
 
-            EnableException thrown = assertThrows(EnableException.class, bungeeSystem::enable);
-            assertEquals("IP setting still 0.0.0.0 - Configure Alternative_IP/IP that connects to the Proxy server.", thrown.getMessage());
+            bungeeSystem.enable();
+            assertTrue(bungeeSystem.isEnabled());
         } finally {
             bungeeSystem.disable();
         }

Plan/common/build.gradle

@@ -3,16 +3,18 @@ import org.apache.tools.ant.filters.ReplaceTokens
 
 plugins {
     id "dev.vankka.dependencydownload.plugin" version "$dependencyDownloadVersion"
-    id "com.github.node-gradle.node" version "3.5.0"
-    id "io.swagger.core.v3.swagger-gradle-plugin" version "2.2.7"
+    id "com.github.node-gradle.node" version "7.0.2"
+    id "io.swagger.core.v3.swagger-gradle-plugin" version "2.2.22"
 }
 
 configurations {
     // Runtime downloading scopes
     mysqlDriver
+    mariadbDriver
     sqliteDriver
-    testImplementation.extendsFrom mysqlDriver, sqliteDriver
-    compileOnly.extendsFrom mysqlDriver, sqliteDriver
+    ipAddressMatcher
+    testImplementation.extendsFrom mysqlDriver, mariadbDriver, sqliteDriver, ipAddressMatcher
+    compileOnly.extendsFrom mysqlDriver, mariadbDriver, sqliteDriver, ipAddressMatcher
 
     swaggerJson // swagger.json configuration
 }
@@ -25,6 +27,14 @@ task generateResourceForMySQLDriver(type: GenerateDependencyDownloadResourceTask
     includeShadowJarRelocations = false
 }
 
+task generateResourceForMariaDBDriver(type: GenerateDependencyDownloadResourceTask) {
+    var conf = configurations.mariadbDriver
+    configuration = conf
+    file = "assets/plan/dependencies/" + conf.name + ".txt"
+    // Not necessary to include in the resource
+    includeShadowJarRelocations = false
+}
+
 task generateResourceForSQLiteDriver(type: GenerateDependencyDownloadResourceTask) {
     var conf = configurations.sqliteDriver
     configuration = conf
@@ -33,18 +43,29 @@ task generateResourceForSQLiteDriver(type: GenerateDependencyDownloadResourceTas
     includeShadowJarRelocations = false
 }
 
+task generateResourceForIpAddressMatcher(type: GenerateDependencyDownloadResourceTask) {
+    var conf = configurations.ipAddressMatcher
+    configuration = conf
+    file = "assets/plan/dependencies/" + conf.name + ".txt"
+    // Not necessary to include in the resource
+    includeShadowJarRelocations = false
+}
+
 dependencies {
     implementation project(":api")
     shadow project(":extensions")
 
     shadow "net.playeranalytics:platform-abstraction-layer-api:$palVersion"
-    compileOnly "net.kyori:adventure-api:4.12.0"
+    compileOnly "net.kyori:adventure-api:$adventureVersion"
     shadow("dev.vankka:dependencydownload-runtime:$dependencyDownloadVersion") {
         // Effectively disables relocating
         exclude module: "jar-relocator"
     }
-    mysqlDriver "mysql:mysql-connector-java:$mysqlVersion"
+    mysqlDriver "com.mysql:mysql-connector-j:$mysqlVersion"
+    mariadbDriver "org.mariadb.jdbc:mariadb-java-client:$mariadbVersion"
     sqliteDriver "org.xerial:sqlite-jdbc:$sqliteVersion"
+    sqliteDriver "org.slf4j:slf4j-nop:1.7.36"
+    ipAddressMatcher "com.github.seancfoley:ipaddress:$ipAddressMatcherVersion"
 
     shadow "org.apache.commons:commons-text:$commonsTextVersion"
     shadow "org.apache.commons:commons-compress:$commonsCompressVersion"
@@ -62,9 +83,11 @@ dependencies {
         // json-simple has junit (a test dependency) compile scoped
         exclude group: "junit", module: "junit"
     }
+    implementation "org.jasypt:jasypt:$jasyptVersion:lite"
+
 
     // Swagger annotations
-    implementation "jakarta.ws.rs:jakarta.ws.rs-api:3.1.0"
+    implementation "jakarta.ws.rs:jakarta.ws.rs-api:4.0.0"
     implementation "io.swagger.core.v3:swagger-core-jakarta:$swaggerVersion"
     implementation "io.swagger.core.v3:swagger-jaxrs2-jakarta:$swaggerVersion"
 
@@ -72,12 +95,21 @@ dependencies {
     testArtifacts project(":extensions:adventure")
     testImplementation project(":extensions:adventure")
     testImplementation "com.google.code.gson:gson:$gsonVersion"
-    testImplementation "org.seleniumhq.selenium:selenium-java:4.7.2"
+    testImplementation "org.seleniumhq.selenium:selenium-java:$seleniumVersion"
     testImplementation "org.testcontainers:testcontainers:$testContainersVersion"
     testImplementation "org.testcontainers:junit-jupiter:$testContainersVersion"
     testImplementation "org.testcontainers:nginx:$testContainersVersion"
 }
 
+test {
+    environment "PLAN_TEST_NODE_STRING", "String"
+    environment "PLAN_TEST_NODE_BOOLEAN", "true"
+    environment "PLAN_TEST_NODE_INTEGER", "5"
+    environment "PLAN_TEST_NODE_DOUBLE", "0.5"
+    environment "PLAN_TEST_NODE_LONG", "9223372036854775807"
+    environment "PLAN_TEST_NODE_STRINGLIST", "- Test\n- Another"
+}
+
 task updateVersion(type: Copy) {
     from('src/main/resources') {
         include 'plugin.yml'
@@ -91,13 +123,14 @@ task updateVersion(type: Copy) {
 
 node {
     download = true
-    version = "16.14.2"
+    version = "20.9.0"
     nodeProjectDir = file("$rootDir/react/dashboard")
 }
 
 task yarnBundle(type: YarnTask) {
     inputs.files(fileTree("$rootDir/react/dashboard/src"))
     inputs.file("$rootDir/react/dashboard/package.json")
+    inputs.file("$rootDir/react/dashboard/vite.config.js")
 
     outputs.dir("$rootDir/react/dashboard/build")
 
@@ -105,9 +138,18 @@ task yarnBundle(type: YarnTask) {
     args = ['run', 'build']
 }
 
+task yarnStart(type: YarnTask) {
+    logging.captureStandardOutput LogLevel.INFO
+    inputs.file("$rootDir/react/dashboard/package.json")
+
+    dependsOn yarn_install
+    args = ['run', 'start']
+}
+
 task copyYarnBuildResults {
     inputs.files(fileTree("$rootDir/react/dashboard/build"))
     outputs.dir("$rootDir/common/build/resources/main/assets/plan/web")
+    outputs.dir("$rootDir/common/build/resources/test/assets/plan/web")
 
     dependsOn yarnBundle
     doLast {
@@ -116,6 +158,10 @@ task copyYarnBuildResults {
             from "$rootDir/react/dashboard/build"
             into "$rootDir/common/build/resources/main/assets/plan/web"
         }
+        copy {
+            into "$rootDir/common/build/resources/main/assets/plan/web"
+            into "$rootDir/common/build/resources/test/assets/plan/web"
+        }
     }
 }
 
@@ -196,10 +242,15 @@ artifacts {
 }
 
 processResources {
-    dependsOn copyYarnBuildResults
-    dependsOn determineAssetModifications
+    // Skips Yarn build on Jitpack since Jitpack doesn't offer gclib version compatible with Node 20
+    // Jitpack build is used mainly for java dependencies.
+    if (!project.hasProperty("isJitpack")) {
+        dependsOn copyYarnBuildResults
+        dependsOn determineAssetModifications
+    }
     dependsOn generateResourceForMySQLDriver
     dependsOn generateResourceForSQLiteDriver
+    dependsOn generateResourceForIpAddressMatcher
     dependsOn updateVersion
     duplicatesStrategy = DuplicatesStrategy.INCLUDE
     from 'build/sources/resources'

Plan/common/src/main/java/com/djrapitops/plan/ApiServices.java

@@ -0,0 +1,119 @@
+/*
+ *  This file is part of Player Analytics (Plan).
+ *
+ *  Plan is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License v3 as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Plan is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with Plan. If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.djrapitops.plan;
+
+import com.djrapitops.plan.component.ComponentSvc;
+import com.djrapitops.plan.delivery.web.ResolverSvc;
+import com.djrapitops.plan.delivery.web.ResourceSvc;
+import com.djrapitops.plan.extension.ExtensionSvc;
+import com.djrapitops.plan.query.QuerySvc;
+import com.djrapitops.plan.settings.ListenerSvc;
+import com.djrapitops.plan.settings.SchedulerSvc;
+import com.djrapitops.plan.settings.SettingsSvc;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+/**
+ * Breaks up {@link PlanSystem} to be a smaller class.
+ *
+ * @author AuroraLS3
+ */
+@Singleton
+public class ApiServices {
+
+    private final ComponentSvc componentService;
+    private final ResolverSvc resolverService;
+    private final ResourceSvc resourceService;
+    private final ExtensionSvc extensionService;
+    private final QuerySvc queryService;
+    private final ListenerSvc listenerService;
+    private final SettingsSvc settingsService;
+    private final SchedulerSvc schedulerService;
+
+    @Inject
+    public ApiServices(
+            ComponentSvc componentService,
+            ResolverSvc resolverService,
+            ResourceSvc resourceService,
+            ExtensionSvc extensionService,
+            QuerySvc queryService,
+            ListenerSvc listenerService,
+            SettingsSvc settingsService,
+            SchedulerSvc schedulerService
+    ) {
+        this.componentService = componentService;
+        this.resolverService = resolverService;
+        this.resourceService = resourceService;
+        this.extensionService = extensionService;
+        this.queryService = queryService;
+        this.listenerService = listenerService;
+        this.settingsService = settingsService;
+        this.schedulerService = schedulerService;
+    }
+
+    public void register() {
+        extensionService.register();
+        componentService.register();
+        resolverService.register();
+        resourceService.register();
+        listenerService.register();
+        settingsService.register();
+        schedulerService.register();
+        queryService.register();
+    }
+
+    public void registerExtensions() {
+        extensionService.registerExtensions();
+    }
+
+    public void disableExtensionDataUpdates() {
+        extensionService.disableUpdates();
+    }
+
+    public ComponentSvc getComponentService() {
+        return componentService;
+    }
+
+    public ResolverSvc getResolverService() {
+        return resolverService;
+    }
+
+    public ResourceSvc getResourceService() {
+        return resourceService;
+    }
+
+    public ExtensionSvc getExtensionService() {
+        return extensionService;
+    }
+
+    public QuerySvc getQueryService() {
+        return queryService;
+    }
+
+    public ListenerSvc getListenerService() {
+        return listenerService;
+    }
+
+    public SettingsSvc getSettingsService() {
+        return settingsService;
+    }
+
+    public SchedulerSvc getSchedulerService() {
+        return schedulerService;
+    }
+}

Plan/common/src/main/java/com/djrapitops/plan/PlanSystem.java

@@ -17,25 +17,17 @@
 package com.djrapitops.plan;
 
 import com.djrapitops.plan.api.PlanAPI;
-import com.djrapitops.plan.component.ComponentSvc;
 import com.djrapitops.plan.delivery.DeliveryUtilities;
 import com.djrapitops.plan.delivery.export.ExportSystem;
 import com.djrapitops.plan.delivery.formatting.Formatters;
-import com.djrapitops.plan.delivery.web.ResolverSvc;
-import com.djrapitops.plan.delivery.web.ResourceSvc;
 import com.djrapitops.plan.delivery.webserver.NonProxyWebserverDisableChecker;
 import com.djrapitops.plan.delivery.webserver.WebServerSystem;
-import com.djrapitops.plan.extension.ExtensionSvc;
 import com.djrapitops.plan.gathering.cache.CacheSystem;
 import com.djrapitops.plan.gathering.importing.ImportSystem;
 import com.djrapitops.plan.gathering.listeners.ListenerSystem;
 import com.djrapitops.plan.identification.ServerInfo;
 import com.djrapitops.plan.processing.Processing;
-import com.djrapitops.plan.query.QuerySvc;
 import com.djrapitops.plan.settings.ConfigSystem;
-import com.djrapitops.plan.settings.ListenerSvc;
-import com.djrapitops.plan.settings.SchedulerSvc;
-import com.djrapitops.plan.settings.SettingsSvc;
 import com.djrapitops.plan.settings.locale.LocaleSystem;
 import com.djrapitops.plan.storage.database.DBSystem;
 import com.djrapitops.plan.storage.file.PlanFiles;
@@ -77,14 +69,7 @@ public class PlanSystem implements SubSystem {
     private final ImportSystem importSystem;
     private final ExportSystem exportSystem;
     private final DeliveryUtilities deliveryUtilities;
-    private final ComponentSvc componentService;
-    private final ResolverSvc resolverService;
-    private final ResourceSvc resourceService;
-    private final ExtensionSvc extensionService;
-    private final QuerySvc queryService;
-    private final ListenerSvc listenerService;
-    private final SettingsSvc settingsService;
-    private final SchedulerSvc schedulerService;
+    private final ApiServices apiServices;
     private final PluginLogger logger;
     private final ErrorLogger errorLogger;
 
@@ -104,17 +89,10 @@ public class PlanSystem implements SubSystem {
             ImportSystem importSystem,
             ExportSystem exportSystem,
             DeliveryUtilities deliveryUtilities,
-            ComponentSvc componentService,
-            ResolverSvc resolverService,
-            ResourceSvc resourceService,
-            ExtensionSvc extensionService,
-            QuerySvc queryService,
-            ListenerSvc listenerService,
-            SettingsSvc settingsService,
-            SchedulerSvc schedulerService,
             PluginLogger logger,
             ErrorLogger errorLogger,
-            PlanAPI.PlanAPIHolder apiHolder
+            ApiServices apiServices, // API v5
+            @SuppressWarnings("deprecation") PlanAPI.PlanAPIHolder apiHolder // Deprecated PlanAPI, backwards compatibility
     ) {
         this.files = files;
         this.configSystem = configSystem;
@@ -130,16 +108,9 @@ public class PlanSystem implements SubSystem {
         this.importSystem = importSystem;
         this.exportSystem = exportSystem;
         this.deliveryUtilities = deliveryUtilities;
-        this.componentService = componentService;
-        this.resolverService = resolverService;
-        this.resourceService = resourceService;
-        this.extensionService = extensionService;
-        this.queryService = queryService;
-        this.listenerService = listenerService;
-        this.settingsService = settingsService;
-        this.schedulerService = schedulerService;
         this.logger = logger;
         this.errorLogger = errorLogger;
+        this.apiServices = apiServices;
 
         logger.info("§2");
         logger.info("§2           ██▌");
@@ -149,14 +120,6 @@ public class PlanSystem implements SubSystem {
         logger.info("§2");
     }
 
-    /**
-     * @deprecated Use {@link com.djrapitops.plan.delivery.webserver.Addresses} instead.
-     */
-    @Deprecated(since = "Addresses.java")
-    public String getMainAddress() {
-        return webServerSystem.getAddresses().getMainAddress().orElse(webServerSystem.getAddresses().getFallbackLocalhostAddress());
-    }
-
     /**
      * Enables only the systems that are required for {@link com.djrapitops.plan.commands.PlanCommand}.
      *
@@ -170,22 +133,15 @@ public class PlanSystem implements SubSystem {
      * Enables the rest of the systems that are not enabled in {@link #enableForCommands()}.
      */
     public void enableOtherThanCommands() {
-        extensionService.register();
-        componentService.register();
-        resolverService.register();
-        resourceService.register();
-        listenerService.register();
-        settingsService.register();
-        schedulerService.register();
-        queryService.register();
+        apiServices.register();
 
         enableSystems(
+                processing,
                 files,
                 localeSystem,
                 versionChecker,
                 databaseSystem,
                 webServerSystem,
-                processing,
                 serverInfo,
                 importSystem,
                 exportSystem,
@@ -197,11 +153,11 @@ public class PlanSystem implements SubSystem {
         // Disables Webserver if Proxy is detected in the database
         if (serverInfo.getServer().isNotProxy()) {
             processing.submitNonCritical(new NonProxyWebserverDisableChecker(
-                    configSystem.getConfig(), webServerSystem.getAddresses(), webServerSystem, logger, errorLogger
+                    configSystem.getConfig(), localeSystem.getLocale(), webServerSystem.getAddresses(), webServerSystem, logger, errorLogger
             ));
         }
 
-        extensionService.registerExtensions();
+        apiServices.registerExtensions();
         enabled = true;
 
         String javaVersion = System.getProperty("java.specification.version");
@@ -231,7 +187,7 @@ public class PlanSystem implements SubSystem {
         enabled = false;
         Formatters.clearSingleton();
 
-        extensionService.disableUpdates();
+        apiServices.disableExtensionDataUpdates();
 
         disableSystems(
                 taskSystem,
@@ -324,12 +280,8 @@ public class PlanSystem implements SubSystem {
         return enabled;
     }
 
-    public ExtensionSvc getExtensionService() {
-        return extensionService;
-    }
-
-    public ComponentSvc getComponentService() {
-        return componentService;
+    public ApiServices getApiServices() {
+        return apiServices;
     }
 
     public static long getServerEnableTime() {

Plan/common/src/main/java/com/djrapitops/plan/api/CommonAPI.java

@@ -43,7 +43,7 @@ import java.util.stream.Collectors;
  * PlanAPI extension for all implementations.
  *
  * @author AuroraLS3
- * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (https://github.com/plan-player-analytics/Plan/wiki/APIv5).
+ * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (<a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5">wiki</a>).
  */
 @Singleton
 @Deprecated(forRemoval = true, since = "5.0")

Plan/common/src/main/java/com/djrapitops/plan/api/PlanAPI.java

@@ -35,7 +35,7 @@ import java.util.UUID;
  * Interface for PlanAPI methods.
  *
  * @author AuroraLS3
- * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (https://github.com/plan-player-analytics/Plan/wiki/APIv5).
+ * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (<a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5">wiki</a>).
  */
 @Deprecated(since = "5.0")
 public interface PlanAPI {
@@ -65,7 +65,7 @@ public interface PlanAPI {
     }
 
     /**
-     * @deprecated PluginData API has been deprecated - see https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API for new API.
+     * @deprecated PluginData API has been deprecated - see <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">wiki</a> for new API.
      */
     @Deprecated
     void addPluginDataSource(PluginData pluginData);

Plan/common/src/main/java/com/djrapitops/plan/api/data/PlayerContainer.java

@@ -29,7 +29,7 @@ import java.util.Optional;
  * The Keys might change in the future, but the Optional API should help dealing with those cases.
  *
  * @author AuroraLS3
- * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (https://github.com/plan-player-analytics/Plan/wiki/APIv5).
+ * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (<a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5">wiki</a>).
  */
 @Deprecated(since = "5.0")
 public class PlayerContainer {

Plan/common/src/main/java/com/djrapitops/plan/api/data/ServerContainer.java

@@ -28,7 +28,7 @@ import java.util.Optional;
  * The Keys might change in the future, but the Optional API should help dealing with those cases.
  *
  * @author AuroraLS3
- * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (https://github.com/plan-player-analytics/Plan/wiki/APIv5).
+ * @deprecated Plan API v4 has been deprecated, use the APIv5 instead (<a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5">wiki</a>).
  */
 @Deprecated(forRemoval = true, since = "5.0")
 public class ServerContainer {

Plan/common/src/main/java/com/djrapitops/plan/commands/PlanCommand.java

@@ -20,10 +20,13 @@ import com.djrapitops.plan.commands.subcommands.*;
 import com.djrapitops.plan.commands.use.*;
 import com.djrapitops.plan.gathering.importing.ImportSystem;
 import com.djrapitops.plan.settings.Permissions;
+import com.djrapitops.plan.settings.config.PlanConfig;
+import com.djrapitops.plan.settings.config.paths.WebserverSettings;
 import com.djrapitops.plan.settings.locale.Locale;
 import com.djrapitops.plan.settings.locale.lang.DeepHelpLang;
 import com.djrapitops.plan.settings.locale.lang.HelpLang;
 import com.djrapitops.plan.storage.database.DBType;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import com.djrapitops.plan.utilities.logging.ErrorContext;
 import com.djrapitops.plan.utilities.logging.ErrorLogger;
 
@@ -50,6 +53,7 @@ public class PlanCommand {
     private final DataUtilityCommands dataUtilityCommands;
 
     private final Locale locale;
+    private final PlanConfig config;
     private final ImportSystem importSystem;
     private final ErrorLogger errorLogger;
 
@@ -68,6 +72,7 @@ public class PlanCommand {
             PluginStatusCommands statusCommands,
             DatabaseCommands databaseCommands,
             DataUtilityCommands dataUtilityCommands,
+            PlanConfig config,
             ErrorLogger errorLogger
     ) {
         this.commandName = commandName;
@@ -81,10 +86,11 @@ public class PlanCommand {
         this.statusCommands = statusCommands;
         this.databaseCommands = databaseCommands;
         this.dataUtilityCommands = dataUtilityCommands;
+        this.config = config;
         this.errorLogger = errorLogger;
     }
 
-    private void handleException(RuntimeException error, CMDSender sender, Arguments arguments) {
+    private void handleException(RuntimeException error, CMDSender sender, @Untrusted Arguments arguments) {
         if (error instanceof IllegalArgumentException) {
             sender.send("§c" + error.getMessage());
         } else {
@@ -109,6 +115,8 @@ public class PlanCommand {
                 .subcommand(unregisterCommand())
                 .subcommand(logoutCommand())
                 .subcommand(webUsersCommand())
+                .subcommand(groups())
+                .subcommand(setGroup())
 
                 .subcommand(acceptCommand())
                 .subcommand(cancelCommand())
@@ -131,14 +139,22 @@ public class PlanCommand {
         return command;
     }
 
-    public List<String> serverNames(CMDSender sender, Arguments arguments) {
-        String asString = arguments.concatenate(" ");
-        return tabCompleteCache.getMatchingServerIdentifiers(asString);
+    public List<String> serverNames(CMDSender sender, @Untrusted Arguments arguments) {
+        if (sender.hasPermission(Permissions.SERVER)) {
+            @Untrusted String asString = arguments.concatenate(" ");
+            return tabCompleteCache.getMatchingServerIdentifiers(asString);
+        }
+        return List.of();
     }
 
-    private List<String> playerNames(CMDSender sender, Arguments arguments) {
-        String asString = arguments.concatenate(" ");
-        return tabCompleteCache.getMatchingPlayerIdentifiers(asString);
+    private List<String> playerNames(CMDSender sender, @Untrusted Arguments arguments) {
+        if (sender.hasPermission(Permissions.PLAYER_OTHER)) {
+            @Untrusted String asString = arguments.concatenate(" ");
+            return tabCompleteCache.getMatchingPlayerIdentifiers(asString);
+        } else if (sender.hasPermission(Permissions.PLAYER_SELF)) {
+            return sender.getPlayerName().map(List::of).orElse(List.of());
+        }
+        return List.of();
     }
 
     private Subcommand serverCommand() {
@@ -219,6 +235,9 @@ public class PlanCommand {
     }
 
     private Subcommand registerCommand() {
+        if (config.isTrue(WebserverSettings.DISABLED_AUTHENTICATION) || config.isTrue(WebserverSettings.DISABLED_REGISTRATION)) {
+            return null;
+        }
         return Subcommand.builder()
                 .aliases("register")
                 .requirePermission(Permissions.REGISTER_SELF)
@@ -237,29 +256,32 @@ public class PlanCommand {
                 .optionalArgument(locale.getString(HelpLang.ARG_USERNAME), locale.getString(HelpLang.DESC_ARG_USERNAME))
                 .description(locale.getString(HelpLang.UNREGISTER))
                 .inDepthDescription(locale.getString(DeepHelpLang.UNREGISTER))
-                .onCommand((sender, arguments) -> registrationCommands.onUnregister(commandName, sender, arguments))
+                .onCommand(registrationCommands::onUnregister)
                 .onTabComplete(this::webUserNames)
                 .build();
     }
 
     private Subcommand logoutCommand() {
+        if (config.isTrue(WebserverSettings.DISABLED_AUTHENTICATION)) {
+            return null;
+        }
         return Subcommand.builder()
                 .aliases("logout")
                 .requirePermission(Permissions.LOGOUT_OTHER)
                 .requiredArgument(locale.getString(HelpLang.ARG_USERNAME), locale.getString(HelpLang.DESC_ARG_USERNAME))
                 .description(locale.getString(HelpLang.LOGOUT))
                 .inDepthDescription(locale.getString(DeepHelpLang.LOGOUT))
-                .onCommand(registrationCommands::onLogoutCommand)
+                .onArgsOnlyCommand(registrationCommands::onLogoutCommand)
                 .onTabComplete(this::webUserNames)
                 .build();
     }
 
-    private List<String> webUserNames(CMDSender sender, Arguments arguments) {
+    private List<String> webUserNames(CMDSender sender, @Untrusted Arguments arguments) {
         if (!sender.hasPermission(Permissions.UNREGISTER_OTHER)) {
             return Collections.emptyList();
         }
 
-        String username = arguments.concatenate(" ");
+        @Untrusted String username = arguments.concatenate(" ");
         return tabCompleteCache.getMatchingUserIdentifiers(username);
     }
 
@@ -347,7 +369,7 @@ public class PlanCommand {
                 .optionalArgument("--remove_offline", "Remove offline players if given")
                 .description(locale.getString(HelpLang.ONLINE_UUID_MIGRATION))
                 .inDepthDescription("Moves and combines offline uuid data to online uuids where possible. Leaves offline-only players to database.")
-                .onCommand((sender, arguments) -> databaseCommands.onOnlineConversion(commandName, sender, arguments))
+                .onCommand(databaseCommands::onOnlineConversion)
                 .build();
     }
 
@@ -357,7 +379,7 @@ public class PlanCommand {
                 .requirePermission(Permissions.DATA_CLEAR)
                 .requiredArgument(locale.getString(HelpLang.ARG_SERVER), locale.getString(HelpLang.DESC_ARG_SERVER_IDENTIFIER))
                 .description(locale.getString(HelpLang.JOIN_ADDRESS_REMOVAL))
-                .onCommand((sender, arguments) -> databaseCommands.onFixFabricJoinAddresses(commandName, sender, arguments))
+                .onCommand(databaseCommands::onFixFabricJoinAddresses)
                 .onTabComplete(this::serverNames)
                 .build();
     }
@@ -383,20 +405,23 @@ public class PlanCommand {
                 .optionalArgument(DB_ARG_OPTIONS, locale.getString(HelpLang.DESC_ARG_DB_RESTORE))
                 .description(locale.getString(HelpLang.DB_RESTORE))
                 .inDepthDescription(locale.getString(DeepHelpLang.DB_RESTORE))
-                .onCommand((sender, arguments) -> databaseCommands.onRestore(commandName, sender, arguments))
+                .onCommand(databaseCommands::onRestore)
                 .onTabComplete(this::getBackupFilenames)
                 .build();
     }
 
-    private List<String> getBackupFilenames(CMDSender sender, Arguments arguments) {
+    private List<String> getBackupFilenames(CMDSender sender, @Untrusted Arguments arguments) {
+        if (!sender.hasPermission(Permissions.DATA_RESTORE)) {
+            return List.of();
+        }
         if (arguments.get(1).isPresent()) {
             return DBType.names();
         }
-        Optional<String> firstArgument = arguments.get(0);
+        @Untrusted Optional<String> firstArgument = arguments.get(0);
         if (firstArgument.isEmpty()) {
             return tabCompleteCache.getMatchingBackupFilenames(null);
         }
-        String part = firstArgument.get();
+        @Untrusted String part = firstArgument.get();
         return tabCompleteCache.getMatchingBackupFilenames(part);
     }
 
@@ -408,7 +433,7 @@ public class PlanCommand {
                 .requiredArgument(DB_ARG_OPTIONS, locale.getString(HelpLang.DESC_ARG_DB_MOVE_TO))
                 .description(locale.getString(HelpLang.DB_MOVE))
                 .inDepthDescription(locale.getString(DeepHelpLang.DB_MOVE))
-                .onCommand((sender, arguments) -> databaseCommands.onMove(commandName, sender, arguments))
+                .onCommand(databaseCommands::onMove)
                 .onTabComplete((sender, arguments) -> DBType.names())
                 .build();
     }
@@ -433,7 +458,7 @@ public class PlanCommand {
                 .requiredArgument(DB_ARG_OPTIONS, locale.getString(HelpLang.DESC_ARG_DB_REMOVE))
                 .description(locale.getString(HelpLang.DB_CLEAR))
                 .inDepthDescription(locale.getString(DeepHelpLang.DB_CLEAR))
-                .onCommand((sender, arguments) -> databaseCommands.onClear(commandName, sender, arguments))
+                .onCommand(databaseCommands::onClear)
                 .onTabComplete((sender, arguments) ->
                         arguments.isEmpty() ? DBType.names() : Collections.emptyList()
                 ).build();
@@ -446,7 +471,7 @@ public class PlanCommand {
                 .requiredArgument(locale.getString(HelpLang.ARG_NAME_UUID), locale.getString(HelpLang.DESC_ARG_PLAYER_IDENTIFIER_REMOVE))
                 .description(locale.getString(HelpLang.DB_REMOVE))
                 .inDepthDescription(locale.getString(DeepHelpLang.DB_REMOVE))
-                .onCommand((sender, arguments) -> databaseCommands.onRemove(commandName, sender, arguments))
+                .onCommand(databaseCommands::onRemove)
                 .onTabComplete(this::playerNames)
                 .build();
     }
@@ -502,4 +527,39 @@ public class PlanCommand {
                 .onTabComplete(this::playerNames)
                 .build();
     }
+
+    private Subcommand setGroup() {
+        return Subcommand.builder()
+                .aliases("setgroup")
+                .requirePermission(Permissions.SET_GROUP)
+                .requiredArgument(locale.getString(HelpLang.ARG_USERNAME), locale.getString(HelpLang.DESC_ARG_USERNAME))
+                .requiredArgument(locale.getString(HelpLang.ARG_GROUP), locale.getString(HelpLang.DESC_ARG_GROUP))
+                .description(locale.getString(HelpLang.SET_GROUP))
+                .inDepthDescription(locale.getString(DeepHelpLang.SET_GROUP))
+                .onCommand(registrationCommands::onChangePermissionGroup)
+                .onTabComplete(this::webGroupTabComplete)
+                .build();
+    }
+
+    private List<String> webGroupTabComplete(CMDSender sender, @Untrusted Arguments arguments) {
+        if (!sender.hasPermission(Permissions.SET_GROUP)) {
+            return List.of();
+        }
+        Optional<String> groupArgument = arguments.get(1);
+        if (groupArgument.isPresent()) {
+            return tabCompleteCache.getMatchingWebGroupNames(groupArgument.get());
+        }
+        String usernameArgument = arguments.get(0).orElse(null);
+        return tabCompleteCache.getMatchingUserIdentifiers(usernameArgument);
+    }
+
+    private Subcommand groups() {
+        return Subcommand.builder()
+                .aliases("groups")
+                .requirePermission(Permissions.SET_GROUP)
+                .description(locale.getString(HelpLang.GROUPS))
+                .inDepthDescription(locale.getString(DeepHelpLang.GROUPS))
+                .onCommand(registrationCommands::onListWebGroups)
+                .build();
+    }
 }

Plan/common/src/main/java/com/djrapitops/plan/commands/TabCompleteCache.java

@@ -17,7 +17,6 @@
 package com.djrapitops.plan.commands;
 
 import com.djrapitops.plan.SubSystem;
-import com.djrapitops.plan.delivery.domain.auth.User;
 import com.djrapitops.plan.gathering.ServerSensor;
 import com.djrapitops.plan.identification.Server;
 import com.djrapitops.plan.identification.ServerUUID;
@@ -27,6 +26,7 @@ import com.djrapitops.plan.storage.database.queries.objects.ServerQueries;
 import com.djrapitops.plan.storage.database.queries.objects.UserIdentifierQueries;
 import com.djrapitops.plan.storage.database.queries.objects.WebUserQueries;
 import com.djrapitops.plan.storage.file.PlanFiles;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import org.jetbrains.annotations.NotNull;
 
 import javax.inject.Inject;
@@ -51,6 +51,7 @@ public class TabCompleteCache implements SubSystem {
     private final Set<String> serverIdentifiers;
     private final Set<String> userIdentifiers;
     private final Set<String> backupFileNames;
+    private final Set<String> webGroupIdentifiers;
 
     @Inject
     public TabCompleteCache(
@@ -67,6 +68,7 @@ public class TabCompleteCache implements SubSystem {
         serverIdentifiers = new HashSet<>();
         userIdentifiers = new HashSet<>();
         backupFileNames = new HashSet<>();
+        webGroupIdentifiers = new HashSet<>();
     }
 
     @Override
@@ -76,9 +78,14 @@ public class TabCompleteCache implements SubSystem {
             refreshServerIdentifiers();
             refreshUserIdentifiers();
             refreshBackupFileNames();
+            refreshWebGroupIdentifiers();
         });
     }
 
+    private void refreshWebGroupIdentifiers() {
+        webGroupIdentifiers.addAll(dbSystem.getDatabase().query(WebUserQueries.fetchGroupNames()));
+    }
+
     private void refreshServerIdentifiers() {
         Map<ServerUUID, Server> serverNames = dbSystem.getDatabase().query(ServerQueries.fetchPlanServerInformation());
         for (Map.Entry<ServerUUID, Server> server : serverNames.entrySet()) {
@@ -93,9 +100,7 @@ public class TabCompleteCache implements SubSystem {
     }
 
     private void refreshUserIdentifiers() {
-        dbSystem.getDatabase().query(WebUserQueries.fetchAllUsers()).stream()
-                .map(User::getUsername)
-                .forEach(userIdentifiers::add);
+        userIdentifiers.addAll(dbSystem.getDatabase().query(WebUserQueries.fetchAllUsernames()));
     }
 
     private void refreshBackupFileNames() {
@@ -115,25 +120,29 @@ public class TabCompleteCache implements SubSystem {
         backupFileNames.clear();
     }
 
-    public List<String> getMatchingServerIdentifiers(String searchFor) {
+    public List<String> getMatchingServerIdentifiers(@Untrusted String searchFor) {
         return findMatches(serverIdentifiers, searchFor);
     }
 
-    public List<String> getMatchingPlayerIdentifiers(String searchFor) {
+    public List<String> getMatchingPlayerIdentifiers(@Untrusted String searchFor) {
         playerIdentifiers.addAll(serverSensor.getOnlinePlayerNames());
         return findMatches(playerIdentifiers, searchFor);
     }
 
-    public List<String> getMatchingUserIdentifiers(String searchFor) {
+    public List<String> getMatchingUserIdentifiers(@Untrusted String searchFor) {
         return findMatches(userIdentifiers, searchFor);
     }
 
-    public List<String> getMatchingBackupFilenames(String searchFor) {
+    public List<String> getMatchingBackupFilenames(@Untrusted String searchFor) {
         return findMatches(backupFileNames, searchFor);
     }
 
+    public List<String> getMatchingWebGroupNames(@Untrusted String searchFor) {
+        return findMatches(webGroupIdentifiers, searchFor);
+    }
+
     @NotNull
-    List<String> findMatches(Collection<String> searchList, String searchFor) {
+    List<String> findMatches(Collection<String> searchList, @Untrusted String searchFor) {
         List<String> filtered = searchList.stream()
                 .filter(identifier -> searchFor == null || searchFor.isEmpty() || identifier.startsWith(searchFor))
                 .sorted(String.CASE_INSENSITIVE_ORDER)

Plan/common/src/main/java/com/djrapitops/plan/commands/subcommands/Confirmation.java

@@ -17,12 +17,15 @@
 package com.djrapitops.plan.commands.subcommands;
 
 import com.djrapitops.plan.commands.use.CMDSender;
+import com.djrapitops.plan.commands.use.ColorScheme;
+import com.djrapitops.plan.commands.use.MessageBuilder;
 import com.djrapitops.plan.settings.locale.Locale;
 import com.djrapitops.plan.settings.locale.lang.CommandLang;
 import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 
 import javax.inject.Inject;
+import javax.inject.Named;
 import javax.inject.Singleton;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Consumer;
@@ -31,20 +34,57 @@ import java.util.function.Consumer;
 public class Confirmation {
 
     private final Cache<CMDSender, Consumer<Boolean>> awaiting;
+
+    private final String mainCommand;
+    private final ColorScheme colors;
     private final Locale locale;
 
     @Inject
     public Confirmation(
+            @Named("mainCommandName") String mainCommand,
+            ColorScheme colors,
             Locale locale
     ) {
+        this.mainCommand = mainCommand;
+        this.colors = colors;
         this.locale = locale;
         awaiting = Caffeine.newBuilder()
                 .expireAfterWrite(5, TimeUnit.MINUTES)
                 .build();
     }
 
-    public void confirm(CMDSender sender, Consumer<Boolean> confirmation) {
+    private void sendConfirmOptionMessages(CMDSender sender, String prompt) {
+        MessageBuilder message = sender.buildMessage()
+                .addPart(colors.getMainColor() + prompt).newLine();
+        sendConfirmOptionMessages(sender, message);
+    }
+
+    private void sendConfirmOptionMessages(CMDSender sender, MessageBuilder message) {
+        if (sender.supportsChatEvents()) {
+            message
+                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM))
+                    .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
+                    .addPart(" ")
+                    .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
+                    .send();
+        } else {
+            message
+                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
+                    .addPart(" ")
+                    .addPart("§c/" + mainCommand + " cancel")
+                    .send();
+        }
+    }
+
+    public void confirm(CMDSender sender, String prompt, Consumer<Boolean> confirmation) {
         if (awaiting.getIfPresent(sender) != null) onCancel(sender);
+        sendConfirmOptionMessages(sender, prompt);
+        awaiting.put(sender, confirmation);
+    }
+
+    public void confirm(CMDSender sender, MessageBuilder message, Consumer<Boolean> confirmation) {
+        if (awaiting.getIfPresent(sender) != null) onCancel(sender);
+        sendConfirmOptionMessages(sender, message);
         awaiting.put(sender, confirmation);
     }
 

Plan/common/src/main/java/com/djrapitops/plan/commands/subcommands/DataUtilityCommands.java

@@ -29,6 +29,7 @@ import com.djrapitops.plan.delivery.formatting.Formatter;
 import com.djrapitops.plan.delivery.formatting.Formatters;
 import com.djrapitops.plan.exceptions.ExportException;
 import com.djrapitops.plan.gathering.domain.GeoInfo;
+import com.djrapitops.plan.gathering.domain.event.JoinAddress;
 import com.djrapitops.plan.gathering.importing.ImportSystem;
 import com.djrapitops.plan.gathering.importing.importers.Importer;
 import com.djrapitops.plan.identification.Identifiers;
@@ -42,10 +43,12 @@ import com.djrapitops.plan.settings.locale.Locale;
 import com.djrapitops.plan.settings.locale.lang.CommandLang;
 import com.djrapitops.plan.settings.locale.lang.GenericLang;
 import com.djrapitops.plan.settings.locale.lang.HelpLang;
+import com.djrapitops.plan.settings.locale.lang.HtmlLang;
 import com.djrapitops.plan.storage.database.DBSystem;
 import com.djrapitops.plan.storage.database.Database;
 import com.djrapitops.plan.storage.database.queries.containers.ContainerFetchQueries;
 import com.djrapitops.plan.storage.database.queries.objects.UserIdentifierQueries;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -95,8 +98,8 @@ public class DataUtilityCommands {
         }
     }
 
-    public void onExport(CMDSender sender, Arguments arguments) {
-        String exportKind = arguments.get(0)
+    public void onExport(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String exportKind = arguments.get(0)
                 .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_ACCEPTS_ARGUMENTS, locale.getString(HelpLang.ARG_EXPORT_KIND), "players, server_json")));
 
         ensureDatabaseIsOpen();
@@ -104,7 +107,7 @@ public class DataUtilityCommands {
         getExportFunction(exportKind).accept(sender);
     }
 
-    private Consumer<CMDSender> getExportFunction(String exportArg) {
+    private Consumer<CMDSender> getExportFunction(@Untrusted String exportArg) {
         if ("players".equals(exportArg)) {
             return this::exportPlayers;
         } else if ("server_json".endsWith(exportArg)) {
@@ -176,8 +179,8 @@ public class DataUtilityCommands {
         }
     }
 
-    public void onImport(CMDSender sender, Arguments arguments) {
-        String importKind = arguments.get(0)
+    public void onImport(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String importKind = arguments.get(0)
                 .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_ACCEPTS_ARGUMENTS, locale.getString(HelpLang.ARG_IMPORT_KIND), importSystem.getImporterNames().toString())));
 
         ensureDatabaseIsOpen();
@@ -185,7 +188,7 @@ public class DataUtilityCommands {
         findAndProcessImporter(sender, importKind);
     }
 
-    private void findAndProcessImporter(CMDSender sender, String importKind) {
+    private void findAndProcessImporter(CMDSender sender, @Untrusted String importKind) {
         Optional<Importer> foundImporter = importSystem.getImporter(importKind);
         if (foundImporter.isPresent()) {
             Importer importer = foundImporter.get();
@@ -199,8 +202,8 @@ public class DataUtilityCommands {
         }
     }
 
-    public void onSearch(CMDSender sender, Arguments arguments) {
-        String searchingFor = arguments.concatenate(" ");
+    public void onSearch(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String searchingFor = arguments.concatenate(" ");
         if (searchingFor.trim().isEmpty()) {
             throw new IllegalArgumentException(locale.getString(CommandLang.FAIL_EMPTY_SEARCH_STRING));
         }
@@ -221,8 +224,8 @@ public class DataUtilityCommands {
         sender.send(sender.getFormatter().table(asTableString.toString(), "::"));
     }
 
-    public void onInGame(CMDSender sender, Arguments arguments) {
-        String identifier = arguments.concatenate(" ");
+    public void onInGame(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String identifier = arguments.concatenate(" ");
         UUID playerUUID = identifiers.getPlayerUUID(identifier);
         UUID senderUUID = sender.getUUID().orElse(null);
         if (playerUUID == null) playerUUID = senderUUID;
@@ -257,12 +260,17 @@ public class DataUtilityCommands {
         Optional<GeoInfo> mostRecentGeoInfo = new GeoInfoMutator(geoInfo).mostRecent();
         String geolocation = mostRecentGeoInfo.isPresent() ? mostRecentGeoInfo.get().getGeolocation() : "-";
         SessionsMutator sessionsMutator = SessionsMutator.forContainer(player);
+        String latestJoinAddress = sessionsMutator.latestSession()
+                .flatMap(session -> session.getExtraData(JoinAddress.class))
+                .map(JoinAddress::getAddress)
+                .orElse("-");
 
         String table = locale.getString(CommandLang.HEADER_INSPECT, playerName) + '\n' +
                 locale.getString(CommandLang.INGAME_ACTIVITY_INDEX, activityIndex.getFormattedValue(formatters.decimals()), activityIndex.getGroup()) + '\n' +
                 locale.getString(CommandLang.INGAME_REGISTERED, timestamp.apply(() -> registered)) + '\n' +
                 locale.getString(CommandLang.INGAME_LAST_SEEN, timestamp.apply(() -> lastSeen)) + '\n' +
                 locale.getString(CommandLang.INGAME_GEOLOCATION, geolocation) + '\n' +
+                "  §2" + locale.getString(HtmlLang.LABEL_LABEL_JOIN_ADDRESS) + ": §f" + latestJoinAddress + '\n' +
                 locale.getString(CommandLang.INGAME_TIMES_KICKED, player.getValue(PlayerKeys.KICK_COUNT).orElse(0)) + '\n' +
                 '\n' +
                 locale.getString(CommandLang.INGAME_PLAYTIME, length.apply(sessionsMutator.toPlaytime())) + '\n' +

Plan/common/src/main/java/com/djrapitops/plan/commands/subcommands/DatabaseCommands.java

@@ -46,6 +46,7 @@ import com.djrapitops.plan.storage.database.transactions.Transaction;
 import com.djrapitops.plan.storage.database.transactions.commands.*;
 import com.djrapitops.plan.storage.database.transactions.patches.BadFabricJoinAddressValuePatch;
 import com.djrapitops.plan.storage.file.PlanFiles;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import com.djrapitops.plan.utilities.logging.ErrorContext;
 import com.djrapitops.plan.utilities.logging.ErrorLogger;
 import net.playeranalytics.plugin.player.UUIDFetcher;
@@ -61,6 +62,8 @@ import java.util.stream.Collectors;
 @Singleton
 public class DatabaseCommands {
 
+    private static final String SUPPORTED_DB_OPTIONS = "<MySQL/SQLite>";
+
     private final Locale locale;
     private final Confirmation confirmation;
     private final ColorScheme colors;
@@ -113,7 +116,7 @@ public class DatabaseCommands {
         this.processing = processing;
     }
 
-    public void onBackup(CMDSender sender, Arguments arguments) {
+    public void onBackup(CMDSender sender, @Untrusted Arguments arguments) {
         String dbName = arguments.get(0)
                 .orElse(dbSystem.getDatabase().getType().getName())
                 .toLowerCase();
@@ -129,7 +132,7 @@ public class DatabaseCommands {
         sender.send(locale.getString(CommandLang.PROGRESS_SUCCESS));
     }
 
-    public void performBackup(CMDSender sender, Arguments arguments, String dbName, Database fromDB) {
+    public void performBackup(CMDSender sender, @Untrusted Arguments arguments, String dbName, Database fromDB) {
         Database toDB = null;
         try {
             String timeStamp = timestamp.apply(System.currentTimeMillis());
@@ -150,8 +153,8 @@ public class DatabaseCommands {
         }
     }
 
-    public void onRestore(String mainCommand, CMDSender sender, Arguments arguments) {
-        String backupDbName = arguments.get(0)
+    public void onRestore(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String backupDbName = arguments.get(0)
                 .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_REQ_ARGS, 1, "<" + locale.getString(HelpLang.ARG_BACKUP_FILE) + ">")));
 
         boolean containsDBFileExtension = backupDbName.endsWith(".db");
@@ -177,24 +180,11 @@ public class DatabaseCommands {
 
         if (toDB.getState() != Database.State.OPEN) toDB.init();
 
-        if (sender.supportsChatEvents()) {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_OVERWRITE_DB, toDB.getType().getName(), backupDBFile.toPath().toString())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM))
-                    .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
-                    .addPart(" ")
-                    .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
-                    .send();
-        } else {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_OVERWRITE_DB, toDB.getType().getName(), backupDBFile.toPath().toString())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
-                    .addPart(" ")
-                    .addPart("§c/" + mainCommand + " cancel")
-                    .send();
-        }
+        String prompt = locale.getString(CommandLang.CONFIRM_OVERWRITE_DB,
+                toDB.getType().getName(),
+                backupDBFile.toPath().toString());
 
-        confirmation.confirm(sender, choice -> {
+        confirmation.confirm(sender, prompt, choice -> {
             if (Boolean.TRUE.equals(choice)) {
                 performRestore(sender, backupDBFile, toDB);
             } else {
@@ -219,35 +209,22 @@ public class DatabaseCommands {
         }
     }
 
-    public void onMove(String mainCommand, CMDSender sender, Arguments arguments) {
+    public void onMove(CMDSender sender, @Untrusted Arguments arguments) {
         DBType fromDB = arguments.get(0).flatMap(DBType::getForName)
-                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse("<MySQL/SQLite>"))));
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse(SUPPORTED_DB_OPTIONS))));
 
         DBType toDB = arguments.get(1).flatMap(DBType::getForName)
-                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse("<MySQL/SQLite>"))));
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse(SUPPORTED_DB_OPTIONS))));
 
         if (fromDB == toDB) {
             throw new IllegalArgumentException(locale.getString(CommandLang.FAIL_SAME_DB));
         }
 
-        if (sender.supportsChatEvents()) {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_OVERWRITE_DB, toDB.getName(), fromDB.getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM))
-                    .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
-                    .addPart(" ")
-                    .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
-                    .send();
-        } else {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_OVERWRITE_DB, toDB.getName(), fromDB.getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
-                    .addPart(" ")
-                    .addPart("§c/" + mainCommand + " cancel")
-                    .send();
-        }
+        String prompt = locale.getString(CommandLang.CONFIRM_OVERWRITE_DB,
+                toDB.getName(),
+                fromDB.getName());
 
-        confirmation.confirm(sender, choice -> {
+        confirmation.confirm(sender, prompt, choice -> {
             if (Boolean.TRUE.equals(choice)) {
                 performMove(sender, fromDB, toDB);
             } else {
@@ -282,28 +259,13 @@ public class DatabaseCommands {
     }
 
 
-    public void onClear(String mainCommand, CMDSender sender, Arguments arguments) {
+    public void onClear(CMDSender sender, @Untrusted Arguments arguments) {
         DBType fromDB = arguments.get(0).flatMap(DBType::getForName)
-                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse("<MySQL/SQLite>"))));
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse(SUPPORTED_DB_OPTIONS))));
 
-        if (sender.supportsChatEvents()) {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_CLEAR_DB, fromDB.getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM))
-                    .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
-                    .addPart(" ")
-                    .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
-                    .send();
-        } else {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_CLEAR_DB, fromDB.getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
-                    .addPart(" ")
-                    .addPart("§c/" + mainCommand + " cancel")
-                    .send();
-        }
+        String prompt = locale.getString(CommandLang.CONFIRM_CLEAR_DB, fromDB.getName());
 
-        confirmation.confirm(sender, choice -> {
+        confirmation.confirm(sender, prompt, choice -> {
             if (Boolean.TRUE.equals(choice)) {
                 performClear(sender, fromDB);
             } else {
@@ -335,8 +297,8 @@ public class DatabaseCommands {
         }
     }
 
-    public void onFixFabricJoinAddresses(String mainCommand, CMDSender sender, Arguments arguments) {
-        String identifier = arguments.concatenate(" ");
+    public void onFixFabricJoinAddresses(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String identifier = arguments.concatenate(" ");
         Optional<ServerUUID> serverUUID = identifiers.getServerUUID(identifier);
         if (serverUUID.isEmpty()) {
             throw new IllegalArgumentException(locale.getString(CommandLang.FAIL_SERVER_NOT_FOUND, identifier));
@@ -344,24 +306,9 @@ public class DatabaseCommands {
 
         Database database = dbSystem.getDatabase();
 
-        if (sender.supportsChatEvents()) {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_JOIN_ADDRESS_REMOVAL, identifier, database.getType().getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM))
-                    .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
-                    .addPart(" ")
-                    .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
-                    .send();
-        } else {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_JOIN_ADDRESS_REMOVAL, identifier, database.getType().getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
-                    .addPart(" ")
-                    .addPart("§c/" + mainCommand + " cancel")
-                    .send();
-        }
+        String prompt = locale.getString(CommandLang.CONFIRM_JOIN_ADDRESS_REMOVAL, identifier, database.getType().getName());
 
-        confirmation.confirm(sender, choice -> {
+        confirmation.confirm(sender, prompt, choice -> {
             if (Boolean.TRUE.equals(choice)) {
                 performJoinAddressRemoval(sender, serverUUID.get(), database);
             } else {
@@ -385,8 +332,8 @@ public class DatabaseCommands {
         }
     }
 
-    public void onRemove(String mainCommand, CMDSender sender, Arguments arguments) {
-        String identifier = arguments.concatenate(" ");
+    public void onRemove(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String identifier = arguments.concatenate(" ");
         UUID playerUUID = identifiers.getPlayerUUID(identifier);
         if (playerUUID == null) {
             throw new IllegalArgumentException(locale.getString(CommandLang.FAIL_PLAYER_NOT_FOUND, identifier));
@@ -394,24 +341,9 @@ public class DatabaseCommands {
 
         Database database = dbSystem.getDatabase();
 
-        if (sender.supportsChatEvents()) {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_REMOVE_PLAYER_DB, playerUUID, database.getType().getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM))
-                    .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
-                    .addPart(" ")
-                    .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
-                    .send();
-        } else {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_REMOVE_PLAYER_DB, playerUUID, database.getType().getName())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
-                    .addPart(" ")
-                    .addPart("§c/" + mainCommand + " cancel")
-                    .send();
-        }
+        String prompt = locale.getString(CommandLang.CONFIRM_REMOVE_PLAYER_DB, playerUUID, database.getType().getName());
 
-        confirmation.confirm(sender, choice -> {
+        confirmation.confirm(sender, prompt, choice -> {
             if (Boolean.TRUE.equals(choice)) {
                 performRemoval(sender, database, playerUUID);
             } else {
@@ -444,9 +376,9 @@ public class DatabaseCommands {
         }
     }
 
-    public void onUninstalled(CMDSender sender, Arguments arguments) {
+    public void onUninstalled(CMDSender sender, @Untrusted Arguments arguments) {
         ensureDatabaseIsOpen();
-        String identifier = arguments.concatenate(" ");
+        @Untrusted String identifier = arguments.concatenate(" ");
         Server server = dbSystem.getDatabase()
                 .query(ServerQueries.fetchServerMatchingIdentifier(identifier))
                 .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_SERVER_NOT_FOUND, identifier)));
@@ -460,9 +392,9 @@ public class DatabaseCommands {
         sender.send(locale.getString(CommandLang.DB_UNINSTALLED));
     }
 
-    public void onHotswap(CMDSender sender, Arguments arguments) {
+    public void onHotswap(CMDSender sender, @Untrusted Arguments arguments) {
         DBType toDB = arguments.get(0).flatMap(DBType::getForName)
-                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse("<MySQL/SQLite>"))));
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_INCORRECT_DB, arguments.get(0).orElse(SUPPORTED_DB_OPTIONS))));
 
         try {
             Database database = dbSystem.getActiveDatabaseByType(toDB);
@@ -482,7 +414,7 @@ public class DatabaseCommands {
         statusCommands.onReload(sender);
     }
 
-    public void onOnlineConversion(String mainCommand, CMDSender sender, Arguments arguments) {
+    public void onOnlineConversion(CMDSender sender, @Untrusted Arguments arguments) {
         boolean removeOfflinePlayers = arguments.get(0)
                 .map("--remove_offline"::equals)
                 .orElse(false);
@@ -491,7 +423,7 @@ public class DatabaseCommands {
             Map<UUID, BaseUser> baseUsersByUUID = dbSystem.getDatabase().query(BaseUserQueries.fetchAllBaseUsersByUUID());
             List<String> playerNames = baseUsersByUUID.values().stream().map(BaseUser::getName).collect(Collectors.toList());
             sender.send("Performing lookup for " + playerNames.size() + " uuids from Mojang..");
-            sender.send("Preparation estimated complete at: " + clock.apply(System.currentTimeMillis() + playerNames.size() * 100) + " (due to request rate limiting)");
+            sender.send("Preparation estimated complete at: " + clock.apply(System.currentTimeMillis() + playerNames.size() * 100L) + " (due to request rate limiting)");
             Map<String, UUID> onlineUUIDsOfPlayers = getUUIDViaUUIDFetcher(playerNames);
 
             if (onlineUUIDsOfPlayers.isEmpty()) {
@@ -514,9 +446,8 @@ public class DatabaseCommands {
                 if (actualUUID == null) {
                     offlineOnlyUsers++;
                     if (removeOfflinePlayers) transactions.add(new RemovePlayerTransaction(recordedUUID));
-                    continue;
                 }
-                if (recordedUUID == actualUUID) {
+                if (actualUUID == null || recordedUUID.equals(actualUUID)) {
                     continue;
                 }
                 BaseUser alreadyExistingProfile = baseUsersByUUID.get(actualUUID);
@@ -529,30 +460,16 @@ public class DatabaseCommands {
                 }
             }
 
-            MessageBuilder messageBuilder = sender.buildMessage()
+            MessageBuilder prompt = sender.buildMessage()
                     .addPart(colors.getMainColor() + "Moving to online-only UUIDs (irreversible):").newLine()
                     .addPart(colors.getSecondaryColor() + "  Total players in database: " + totalProfiles).newLine()
                     .addPart(colors.getSecondaryColor() + (removeOfflinePlayers ? "Removing (no online UUID): " : "  Offline only (no online UUID): ") + offlineOnlyUsers).newLine()
                     .addPart(colors.getSecondaryColor() + "  Moving to new UUID: " + move).newLine()
                     .addPart(colors.getSecondaryColor() + "  Combining offline and online profiles: " + combine).newLine()
                     .newLine()
-                    .addPart(colors.getSecondaryColor() + "  Estimated online UUID players in database after: " + (totalProfiles - combine - offlineOnlyUsers) + (removeOfflinePlayers ? "" : " (+" + offlineOnlyUsers + " offline)")).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM));
-            if (sender.supportsChatEvents()) {
-                messageBuilder
-                        .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
-                        .addPart(" ")
-                        .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
-                        .send();
-            } else {
-                messageBuilder
-                        .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
-                        .addPart(" ")
-                        .addPart("§c/" + mainCommand + " cancel")
-                        .send();
-            }
+                    .addPart(colors.getSecondaryColor() + "  Estimated online UUID players in database after: " + (totalProfiles - combine - offlineOnlyUsers) + (removeOfflinePlayers ? "" : " (+" + offlineOnlyUsers + " offline)")).newLine();
 
-            confirmation.confirm(sender, choice -> {
+            confirmation.confirm(sender, prompt, choice -> {
                 if (Boolean.TRUE.equals(choice)) {
                     transactions.forEach(dbSystem.getDatabase()::executeTransaction);
                     dbSystem.getDatabase().executeTransaction(new Transaction() {

Plan/common/src/main/java/com/djrapitops/plan/commands/subcommands/LinkCommands.java

@@ -33,6 +33,7 @@ import com.djrapitops.plan.storage.database.DBSystem;
 import com.djrapitops.plan.storage.database.Database;
 import com.djrapitops.plan.storage.database.queries.objects.ServerQueries;
 import com.djrapitops.plan.storage.database.queries.objects.WebUserQueries;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -92,9 +93,9 @@ public class LinkCommands {
      * @param sender    Sender of command.
      * @param arguments Given arguments.
      */
-    public void onServerCommand(CMDSender sender, Arguments arguments) {
+    public void onServerCommand(CMDSender sender, @Untrusted Arguments arguments) {
         Server server;
-        String identifier = arguments.concatenate(" ");
+        @Untrusted String identifier = arguments.concatenate(" ");
         if (arguments.isEmpty()) {
             server = serverInfo.getServer();
         } else {
@@ -104,7 +105,7 @@ public class LinkCommands {
                     .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_SERVER_NOT_FOUND, identifier)));
         }
 
-        String address = getAddress(sender) + "/server/" + Html.encodeToURL(server.getName());
+        String address = getAddress(sender) + "/server/" + Html.encodeToURL(server.getUuid().toString());
         sender.buildMessage()
                 .addPart(colors.getMainColor() + locale.getString(CommandLang.LINK_SERVER))
                 .apply(builder -> linkTo(builder, sender, address))
@@ -117,7 +118,7 @@ public class LinkCommands {
      * @param sender    Sender of command.
      * @param arguments Given arguments.
      */
-    public void onServersCommand(CMDSender sender, Arguments arguments) {
+    public void onServersCommand(CMDSender sender, @Untrusted Arguments arguments) {
         ensureDatabaseIsOpen();
         String m = colors.getMainColor();
         String s = colors.getSecondaryColor();
@@ -125,7 +126,7 @@ public class LinkCommands {
         String serversListed = dbSystem.getDatabase()
                 .query(ServerQueries.fetchPlanServerInformationCollection())
                 .stream().sorted()
-                .map(server -> m + server.getId().orElse(0) + "::" + t + server.getName() + "::" + s + server.getUuid() + "::" + s + server.getPlanVersion() + "\n")
+                .map(server -> m + server.getId().orElse(0) + "::" + t + server.getIdentifiableName() + "::" + s + server.getUuid() + "::" + s + server.getPlanVersion() + "\n")
                 .collect(StringBuilder::new, StringBuilder::append, StringBuilder::append)
                 .toString();
         sender.buildMessage()
@@ -148,8 +149,8 @@ public class LinkCommands {
      * @param sender    Sender of command.
      * @param arguments Given arguments.
      */
-    public void onPlayerCommand(CMDSender sender, Arguments arguments) {
-        String identifier = arguments.concatenate(" ");
+    public void onPlayerCommand(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String identifier = arguments.concatenate(" ");
         UUID playerUUID = identifiers.getPlayerUUID(identifier);
         UUID senderUUID = sender.getUUID().orElse(null);
         if (playerUUID == null) playerUUID = senderUUID;
@@ -174,7 +175,7 @@ public class LinkCommands {
      * @param sender    Sender of command
      * @param arguments Only present to fulfill Subcommand#onCommand requirements.
      */
-    public void onPlayersCommand(CMDSender sender, Arguments arguments) {
+    public void onPlayersCommand(CMDSender sender, @Untrusted Arguments arguments) {
         String address = getAddress(sender) + "/players";
         sender.buildMessage()
                 .addPart(colors.getMainColor() + locale.getString(CommandLang.LINK_PLAYERS))
@@ -188,13 +189,13 @@ public class LinkCommands {
      * @param sender    Sender of command
      * @param arguments Only present to fulfill Subcommand#onCommand requirements.
      */
-    public void onNetworkCommand(CMDSender sender, Arguments arguments) {
+    public void onNetworkCommand(CMDSender sender, @Untrusted Arguments arguments) {
         String address = getAddress(sender) + "/network";
         sender.buildMessage()
                 .addPart(colors.getMainColor() + locale.getString(CommandLang.LINK_NETWORK))
                 .apply(builder -> linkTo(builder, sender, address))
                 .send();
-        if (dbSystem.getDatabase().query(ServerQueries.fetchProxyServerInformation()).isEmpty()) {
+        if (dbSystem.getDatabase().query(ServerQueries.fetchProxyServers()).isEmpty()) {
             throw new IllegalArgumentException(locale.getString(CommandLang.NOTIFY_NO_NETWORK));
         }
     }
@@ -205,7 +206,7 @@ public class LinkCommands {
      * @param sender    Sender of command.
      * @param arguments Given arguments.
      */
-    public void onWebUsersCommand(CMDSender sender, Arguments arguments) {
+    public void onWebUsersCommand(CMDSender sender, @Untrusted Arguments arguments) {
         ensureDatabaseIsOpen();
         String m = colors.getMainColor();
         String s = colors.getSecondaryColor();
@@ -216,7 +217,7 @@ public class LinkCommands {
             sender.send(t + locale.getString(CommandLang.HEADER_WEB_USERS, 0));
         } else {
             String usersListed = users.stream().sorted()
-                    .map(user -> m + user.getUsername() + "::" + t + user.getLinkedTo() + "::" + s + user.getPermissionLevel() + "\n")
+                    .map(user -> m + user.getUsername() + "::" + t + user.getLinkedTo() + "::" + s + user.getPermissionGroup() + "\n")
                     .collect(StringBuilder::new, StringBuilder::append, StringBuilder::append)
                     .toString();
             sender.buildMessage()
@@ -227,8 +228,8 @@ public class LinkCommands {
         }
     }
 
-    public void onJson(CMDSender sender, Arguments arguments) {
-        String identifier = arguments.concatenate(" ");
+    public void onJson(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted String identifier = arguments.concatenate(" ");
         UUID playerUUID = identifiers.getPlayerUUID(identifier);
         UUID senderUUID = sender.getUUID().orElse(null);
         if (playerUUID == null) playerUUID = senderUUID;

Plan/common/src/main/java/com/djrapitops/plan/commands/subcommands/PluginStatusCommands.java

@@ -20,12 +20,14 @@ import com.djrapitops.plan.PlanPlugin;
 import com.djrapitops.plan.commands.use.Arguments;
 import com.djrapitops.plan.commands.use.CMDSender;
 import com.djrapitops.plan.gathering.listeners.Status;
+import com.djrapitops.plan.identification.ServerInfo;
 import com.djrapitops.plan.settings.locale.Locale;
 import com.djrapitops.plan.settings.locale.lang.CommandLang;
 import com.djrapitops.plan.settings.locale.lang.GenericLang;
 import com.djrapitops.plan.storage.database.DBSystem;
 import com.djrapitops.plan.storage.database.Database;
 import com.djrapitops.plan.storage.database.queries.objects.ServerQueries;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import com.djrapitops.plan.utilities.logging.ErrorContext;
 import com.djrapitops.plan.utilities.logging.ErrorLogger;
 import com.djrapitops.plan.version.VersionChecker;
@@ -33,7 +35,6 @@ import net.playeranalytics.plugin.PluginInformation;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
-import java.util.Optional;
 
 @Singleton
 public class PluginStatusCommands {
@@ -41,6 +42,7 @@ public class PluginStatusCommands {
     private final PlanPlugin plugin;
     private final PluginInformation pluginInformation;
     private final Locale locale;
+    private final ServerInfo serverInfo;
     private final DBSystem dbSystem;
     private final Status status;
     private final VersionChecker versionChecker;
@@ -51,6 +53,7 @@ public class PluginStatusCommands {
             PlanPlugin plugin,
             PluginInformation pluginInformation,
             Locale locale,
+            ServerInfo serverInfo,
             DBSystem dbSystem,
             Status status,
             VersionChecker versionChecker,
@@ -59,6 +62,7 @@ public class PluginStatusCommands {
         this.plugin = plugin;
         this.pluginInformation = pluginInformation;
         this.locale = locale;
+        this.serverInfo = serverInfo;
         this.dbSystem = dbSystem;
         this.status = status;
         this.versionChecker = versionChecker;
@@ -80,15 +84,15 @@ public class PluginStatusCommands {
         }, "Plan Reload Thread").start();
     }
 
-    public void onDisable(CMDSender sender, Arguments arguments) {
+    public void onDisable(CMDSender sender, @Untrusted Arguments arguments) {
         if (arguments.isEmpty()) {
             plugin.onDisable();
             sender.send(locale.getString(CommandLang.DISABLE_DISABLED));
             return;
         }
 
-        Optional<String> kickCountDisable = arguments.get(0).filter("kickcount"::equalsIgnoreCase);
-        if (kickCountDisable.isPresent()) {
+        boolean kickCountDisable = arguments.get(0).map("kickcount"::equalsIgnoreCase).orElse(false);
+        if (kickCountDisable) {
             status.setCountKicks(false);
             sender.send(locale.getString(CommandLang.FEATURE_DISABLED, "Kick Counting"));
         } else {
@@ -103,7 +107,7 @@ public class PluginStatusCommands {
         Database database = dbSystem.getDatabase();
 
         String updateAvailable = versionChecker.isNewVersionAvailable() ? yes : no;
-        String proxyAvailable = database.query(ServerQueries.fetchProxyServerInformation()).isPresent() ? yes : no;
+        String proxyAvailable = database.query(ServerQueries.fetchProxyServers()).isEmpty() ? no : yes;
 
 
         String[] messages = {
@@ -113,6 +117,7 @@ public class PluginStatusCommands {
                 locale.getString(CommandLang.INFO_UPDATE, updateAvailable),
                 locale.getString(CommandLang.INFO_DATABASE, database.getType().getName() + " (" + database.getState().name() + ")"),
                 locale.getString(CommandLang.INFO_PROXY_CONNECTION, proxyAvailable),
+                locale.getString(CommandLang.INFO_SERVER_UUID, serverInfo.getServerUUID()),
                 "",
                 ">"
         };

Plan/common/src/main/java/com/djrapitops/plan/commands/subcommands/RegistrationCommands.java

@@ -20,6 +20,7 @@ import com.djrapitops.plan.commands.use.Arguments;
 import com.djrapitops.plan.commands.use.CMDSender;
 import com.djrapitops.plan.commands.use.ColorScheme;
 import com.djrapitops.plan.delivery.domain.auth.User;
+import com.djrapitops.plan.delivery.domain.auth.WebPermission;
 import com.djrapitops.plan.delivery.webserver.auth.ActiveCookieStore;
 import com.djrapitops.plan.delivery.webserver.auth.FailReason;
 import com.djrapitops.plan.delivery.webserver.auth.RegistrationBin;
@@ -33,14 +34,14 @@ import com.djrapitops.plan.storage.database.Database;
 import com.djrapitops.plan.storage.database.queries.objects.WebUserQueries;
 import com.djrapitops.plan.storage.database.transactions.commands.RemoveWebUserTransaction;
 import com.djrapitops.plan.storage.database.transactions.commands.StoreWebUserTransaction;
-import com.djrapitops.plan.utilities.PassEncryptUtil;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import com.djrapitops.plan.utilities.logging.ErrorContext;
 import com.djrapitops.plan.utilities.logging.ErrorLogger;
 import net.playeranalytics.plugin.server.PluginLogger;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
-import java.util.Collections;
+import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.UUID;
@@ -87,7 +88,7 @@ public class RegistrationCommands {
         }
     }
 
-    public void onRegister(CMDSender sender, Arguments arguments) {
+    public void onRegister(CMDSender sender, @Untrusted Arguments arguments) {
         ensureDatabaseIsOpen();
         if (arguments.isEmpty()) {
             String address = linkCommands.getAddress(sender) + "/register";
@@ -96,63 +97,43 @@ public class RegistrationCommands {
                     .apply(builder -> linkCommands.linkTo(builder, sender, address))
                     .send();
         } else {
-            Optional<String> code = arguments.getAfter("--code");
+            @Untrusted Optional<String> code = arguments.getAfter("--code");
             if (code.isPresent()) {
-                registerUsingCode(sender, code.get());
+                registerUsingCode(sender, code.get(), arguments);
             } else {
-                registerUsingLegacy(sender, arguments);
+                sender.send(locale.getString(CommandLang.FAIL_REQ_ARGS, "--code", "/plan register --code 81cc5b17"));
             }
         }
     }
 
-    public void registerUsingCode(CMDSender sender, String code) {
+    public void registerUsingCode(CMDSender sender, @Untrusted String code, @Untrusted Arguments arguments) {
         UUID linkedToUUID = sender.getUUID().orElse(null);
-        Optional<User> user = RegistrationBin.register(code, linkedToUUID);
-        if (user.isPresent()) {
-            registerUser(user.get(), sender, getPermissionLevel(sender));
-        } else {
-            throw new IllegalArgumentException(locale.getString(FailReason.USER_INFORMATION_NOT_FOUND));
-        }
+        User user = RegistrationBin.register(code, linkedToUUID)
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(FailReason.USER_INFORMATION_NOT_FOUND)));
+        String permissionGroup = getPermissionGroup(sender, arguments)
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(FailReason.NO_PERMISSION_GROUP)));
+        user.setPermissionGroup(permissionGroup);
+        registerUser(user, sender);
     }
 
-    public void registerUsingLegacy(CMDSender sender, Arguments arguments) {
-        String password = arguments.get(0)
-                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_REQ_ARGS, 1, "<password>")));
-        String passwordHash = PassEncryptUtil.createHash(password);
-        int permissionLevel = arguments.getInteger(2)
-                .filter(arg -> sender.hasPermission(Permissions.REGISTER_OTHER)) // argument only allowed with register other permission
-                .orElseGet(() -> getPermissionLevel(sender));
-
-        Optional<UUID> senderUUID = sender.getUUID();
-        Optional<String> senderName = sender.getPlayerName();
-        if (senderUUID.isPresent() && senderName.isPresent()) {
-            String playerName = senderName.get();
-            UUID linkedToUUID = senderUUID.get();
-            String username = arguments.get(1).orElse(playerName);
-            registerUser(new User(username, playerName, linkedToUUID, passwordHash, permissionLevel, Collections.emptyList()), sender, permissionLevel);
-        } else {
-            String username = arguments.get(1)
-                    .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_REQ_ARGS, 3, "<password> <name> <level>")));
-            registerUser(new User(username, "console", null, passwordHash, permissionLevel, Collections.emptyList()), sender, permissionLevel);
+    private Optional<String> getPermissionGroup(CMDSender sender, @Untrusted Arguments arguments) {
+        List<String> groups = dbSystem.getDatabase().query(WebUserQueries.fetchGroupNames());
+        if (sender.isPlayer()) {
+            for (String group : groups) {
+                if (sender.hasPermission("plan.webgroup." + group)) {
+                    return Optional.of(group);
+                }
+            }
+        } else if (arguments.contains("superuser")) {
+            return dbSystem.getDatabase().query(WebUserQueries.fetchGroupNamesWithPermission(WebPermission.MANAGE_GROUPS.getPermission()))
+                    .stream().findFirst();
         }
+        return Optional.empty();
     }
 
-    private int getPermissionLevel(CMDSender sender) {
-        if (sender.hasPermission(Permissions.SERVER)) {
-            return 0;
-        }
-        if (sender.hasPermission(Permissions.PLAYER_OTHER)) {
-            return 1;
-        }
-        if (sender.hasPermission(Permissions.PLAYER_SELF)) {
-            return 2;
-        }
-        return 100;
-    }
-
-    private void registerUser(User user, CMDSender sender, int permissionLevel) {
+    private void registerUser(User user, CMDSender sender) {
         String username = user.getUsername();
-        user.setPermissionLevel(permissionLevel);
+
         try {
             Database database = dbSystem.getDatabase();
             boolean userExists = database.query(WebUserQueries.fetchUser(username)).isPresent();
@@ -162,21 +143,21 @@ public class RegistrationCommands {
                     .get(); // Wait for completion
 
             sender.send(locale.getString(CommandLang.WEB_USER_REGISTER_SUCCESS, username));
-            logger.info(locale.getString(CommandLang.WEB_USER_REGISTER_NOTIFY, username, permissionLevel));
+            logger.info(locale.getString(CommandLang.WEB_USER_REGISTER_NOTIFY, username, user.getPermissionGroup()));
         } catch (InterruptedException e) {
             Thread.currentThread().interrupt();
         } catch (DBOpException | ExecutionException e) {
-            errorLogger.warn(e, ErrorContext.builder().related(sender, user, permissionLevel).build());
+            errorLogger.warn(e, ErrorContext.builder().related(sender, user).build());
         }
     }
 
-    public void onUnregister(String mainCommand, CMDSender sender, Arguments arguments) {
-        Optional<String> givenUsername = arguments.get(0).filter(arg -> sender.hasPermission(Permissions.UNREGISTER_OTHER));
+    public void onUnregister(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted Optional<String> givenUsername = arguments.get(0).filter(arg -> sender.hasPermission(Permissions.UNREGISTER_OTHER));
 
         Database database = dbSystem.getDatabase();
         UUID playerUUID = sender.getUUID().orElse(null);
 
-        String username;
+        @Untrusted String username;
         if (givenUsername.isEmpty() && playerUUID != null) {
             username = database.query(WebUserQueries.fetchUser(playerUUID))
                     .map(User::getUsername)
@@ -194,24 +175,9 @@ public class RegistrationCommands {
             throw new IllegalArgumentException(locale.getString(CommandLang.USER_NOT_LINKED));
         }
 
-        if (sender.supportsChatEvents()) {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_UNREGISTER, user.getUsername(), user.getLinkedTo())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM))
-                    .addPart("§2§l[\u2714]").command("/" + mainCommand + " accept").hover(locale.getString(CommandLang.CONFIRM_ACCEPT))
-                    .addPart(" ")
-                    .addPart("§4§l[\u2718]").command("/" + mainCommand + " cancel").hover(locale.getString(CommandLang.CONFIRM_DENY))
-                    .send();
-        } else {
-            sender.buildMessage()
-                    .addPart(colors.getMainColor() + locale.getString(CommandLang.CONFIRM_UNREGISTER, user.getUsername(), user.getLinkedTo())).newLine()
-                    .addPart(colors.getTertiaryColor() + locale.getString(CommandLang.CONFIRM)).addPart("§a/" + mainCommand + " accept")
-                    .addPart(" ")
-                    .addPart("§c/" + mainCommand + " cancel")
-                    .send();
-        }
+        String prompt = locale.getString(CommandLang.CONFIRM_UNREGISTER, user.getUsername(), user.getLinkedTo());
 
-        confirmation.confirm(sender, choice -> {
+        confirmation.confirm(sender, prompt, choice -> {
             if (Boolean.TRUE.equals(choice)) {
                 try {
                     sender.send(colors.getMainColor() + locale.getString(CommandLang.UNREGISTER, user.getUsername()));
@@ -231,8 +197,8 @@ public class RegistrationCommands {
     }
 
 
-    public void onLogoutCommand(CMDSender sender, Arguments arguments) {
-        String loggingOut = arguments.get(0)
+    public void onLogoutCommand(@Untrusted Arguments arguments) {
+        @Untrusted String loggingOut = arguments.get(0)
                 .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_REQ_ONE_ARG, locale.getString(HelpLang.ARG_USERNAME) + "/*")));
 
         if ("*".equals(loggingOut)) {
@@ -241,4 +207,32 @@ public class RegistrationCommands {
             ActiveCookieStore.removeUserCookie(loggingOut);
         }
     }
+
+    public void onChangePermissionGroup(CMDSender sender, @Untrusted Arguments arguments) {
+        String username = arguments.get(0)
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_REQ_ARGS, locale.getString(HelpLang.ARG_USERNAME))));
+        String group = arguments.get(1)
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(CommandLang.FAIL_REQ_ARGS, locale.getString(HelpLang.ARG_GROUP))));
+
+        Database database = dbSystem.getDatabase();
+        User user = database.query(WebUserQueries.fetchUser(username))
+                .orElseThrow(() -> new IllegalArgumentException(locale.getString(FailReason.USER_DOES_NOT_EXIST)));
+
+        Optional<Integer> groupId = database.query(WebUserQueries.fetchGroupId(group));
+        if (groupId.isEmpty()) {
+            throw new IllegalArgumentException(locale.getString(FailReason.GROUP_DOES_NOT_EXIST));
+        }
+
+        user.setPermissionGroup(group);
+
+        database.executeTransaction(new StoreWebUserTransaction(user))
+                .thenRun(() -> sender.send(locale.getString(CommandLang.PROGRESS_SUCCESS)));
+    }
+
+    public void onListWebGroups(CMDSender sender) {
+        Database database = dbSystem.getDatabase();
+        List<String> groupNames = database.query(WebUserQueries.fetchGroupNames());
+
+        sender.send(String.join(", ", groupNames));
+    }
 }

Plan/common/src/main/java/com/djrapitops/plan/commands/use/Arguments.java

@@ -16,6 +16,7 @@
  */
 package com.djrapitops.plan.commands.use;
 
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.TextStringBuilder;
 
@@ -29,6 +30,7 @@ import java.util.Optional;
  *
  * @author AuroraLS3
  */
+@Untrusted
 public class Arguments {
 
     private final List<String> args;

Plan/common/src/main/java/com/djrapitops/plan/commands/use/CommandWithSubcommands.java

@@ -18,6 +18,7 @@ package com.djrapitops.plan.commands.use;
 
 import com.djrapitops.plan.settings.locale.Locale;
 import com.djrapitops.plan.settings.locale.lang.CommandLang;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 import com.djrapitops.plan.utilities.java.TriConsumer;
 
 import java.util.ArrayList;
@@ -54,7 +55,7 @@ public class CommandWithSubcommands extends Subcommand {
         return subcommands;
     }
 
-    public Optional<Subcommand> findSubCommand(Arguments arguments) {
+    public Optional<Subcommand> findSubCommand(@Untrusted Arguments arguments) {
         return arguments.get(0).flatMap(alias -> {
             for (Subcommand subcommand : subcommands) {
                 if (subcommand.getAliases().contains(alias)) {
@@ -65,7 +66,7 @@ public class CommandWithSubcommands extends Subcommand {
         });
     }
 
-    public void onHelp(CMDSender sender, Arguments arguments) {
+    public void onHelp(CMDSender sender, @Untrusted Arguments arguments) {
         List<Subcommand> hasPermissionFor = getPermittedSubcommands(sender);
         sender.buildMessage()
                 .addPart(locale.getString(CommandLang.HEADER_HELP, getPrimaryAlias()))
@@ -89,7 +90,7 @@ public class CommandWithSubcommands extends Subcommand {
                 .send();
     }
 
-    public void onCommand(CMDSender sender, Arguments arguments) {
+    public void onCommand(CMDSender sender, @Untrusted Arguments arguments) {
         if (sender.isMissingPermissionsFor(this)) {
             sender.send(locale.getString(CommandLang.FAIL_NO_PERMISSION) + " " + getRequiredPermissions());
             return;
@@ -101,10 +102,10 @@ public class CommandWithSubcommands extends Subcommand {
         }
     }
 
-    public void executeCommand(CMDSender sender, Arguments arguments) {
-        Optional<String> gotAlias = arguments.get(0);
+    public void executeCommand(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted Optional<String> gotAlias = arguments.get(0);
         if (gotAlias.isPresent()) {
-            String alias = gotAlias.get();
+            @Untrusted String alias = gotAlias.get();
             if ("help".equals(alias)) {
                 onHelp(sender, arguments);
                 return;
@@ -128,8 +129,8 @@ public class CommandWithSubcommands extends Subcommand {
         fallback.accept(sender, arguments);
     }
 
-    public List<String> onTabComplete(CMDSender sender, Arguments arguments) {
-        Optional<String> gotAlias = arguments.get(0);
+    public List<String> onTabComplete(CMDSender sender, @Untrusted Arguments arguments) {
+        @Untrusted Optional<String> gotAlias = arguments.get(0);
         List<String> options = new ArrayList<>();
         if (gotAlias.isPresent()) {
             subcommandsLoop:

Plan/common/src/main/java/com/djrapitops/plan/commands/use/SubcommandBuilder.java

@@ -54,6 +54,10 @@ public interface SubcommandBuilder {
         return onCommand((sender, arguments) -> executor.accept(sender));
     }
 
+    default SubcommandBuilder onArgsOnlyCommand(Consumer<Arguments> executor) {
+        return onCommand((sender, arguments) -> executor.accept(arguments));
+    }
+
     SubcommandBuilder onTabComplete(BiFunction<CMDSender, Arguments, List<String>> resolver);
 
     Subcommand build();

Plan/common/src/main/java/com/djrapitops/plan/component/ComponentSvc.java

@@ -31,9 +31,8 @@ public class ComponentSvc implements ComponentService {
 
     private ComponentConverter converter;
 
-    // This is required to inject
     @Inject
-    public ComponentSvc() {}
+    public ComponentSvc() {/* Dagger constructor */}
 
     @Override
     public String translateLegacy(String input, char inputCharacter, char outputCharacter) {

Plan/common/src/main/java/com/djrapitops/plan/data/element/AnalysisContainer.java

@@ -27,7 +27,7 @@ import java.util.UUID;
  * @author AuroraLS3
  * @see TableContainer
  * @see InspectContainer
- * @deprecated PluginData API has been deprecated - see https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API for new API.
+ * @deprecated PluginData API has been deprecated - see <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">wiki</a> for new API.
  */
 @Deprecated(since = "5.0")
 public final class AnalysisContainer extends InspectContainer {

Plan/common/src/main/java/com/djrapitops/plan/data/element/InspectContainer.java

@@ -27,7 +27,7 @@ import java.util.TreeMap;
  *
  * @author AuroraLS3
  * @see TableContainer
- * @deprecated PluginData API has been deprecated - see https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API for new API.
+ * @deprecated PluginData API has been deprecated - see <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">wiki</a> for new API.
  */
 @Deprecated(since = "5.0")
 public class InspectContainer {

Plan/common/src/main/java/com/djrapitops/plan/data/element/TableContainer.java

@@ -26,7 +26,7 @@ import java.util.List;
  * Container used for creating Html tables.
  *
  * @author AuroraLS3
- * @deprecated PluginData API has been deprecated - see https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API for new API.
+ * @deprecated PluginData API has been deprecated - see <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">wiki</a> for new API.
  */
 @Deprecated(since = "5.0")
 public class TableContainer {

Plan/common/src/main/java/com/djrapitops/plan/data/plugin/BanData.java

@@ -23,7 +23,7 @@ import java.util.UUID;
  * Interface for PluginData objects that affect Ban state of players.
  *
  * @author AuroraLS3
- * @deprecated PluginData API has been deprecated - see https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API for new API.
+ * @deprecated PluginData API has been deprecated - see <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">wiki</a> for new API.
  */
 @Deprecated(since = "5.0")
 public interface BanData {

Plan/common/src/main/java/com/djrapitops/plan/data/plugin/ContainerSize.java

@@ -20,7 +20,7 @@ package com.djrapitops.plan.data.plugin;
  * Enum class for PluginData to estimate the required width of the contained items.
  *
  * @author AuroraLS3
- * @deprecated PluginData API has been deprecated - see https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API for new API.
+ * @deprecated PluginData API has been deprecated - see <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">wiki</a> for new API.
  */
 @Deprecated
 public enum ContainerSize {

Plan/common/src/main/java/com/djrapitops/plan/data/plugin/PluginData.java

@@ -33,7 +33,7 @@ import java.util.UUID;
  * to register objects extending this class.
  *
  * @author AuroraLS3
- * @deprecated PluginData API has been deprecated - see https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API for new API.
+ * @deprecated PluginData API has been deprecated - see <a href="https://github.com/plan-player-analytics/Plan/wiki/APIv5---DataExtension-API">wiki</a> for new API.
  */
 @Deprecated(since = "5.0")
 public abstract class PluginData {

Plan/common/src/main/java/com/djrapitops/plan/delivery/DeliveryUtilities.java

@@ -18,6 +18,8 @@ package com.djrapitops.plan.delivery;
 
 import com.djrapitops.plan.delivery.formatting.Formatters;
 import com.djrapitops.plan.delivery.rendering.json.graphs.Graphs;
+import com.djrapitops.plan.delivery.webserver.Addresses;
+import com.djrapitops.plan.storage.file.PublicHtmlFiles;
 import dagger.Lazy;
 
 import javax.inject.Inject;
@@ -26,16 +28,26 @@ import javax.inject.Singleton;
 @Singleton
 public class DeliveryUtilities {
 
+    private final Lazy<Addresses> addresses;
     private final Lazy<Formatters> formatters;
     private final Lazy<Graphs> graphs;
+    private final Lazy<PublicHtmlFiles> publicHtmlFiles;
 
     @Inject
     public DeliveryUtilities(
+            Lazy<Addresses> addresses,
             Lazy<Formatters> formatters,
-            Lazy<Graphs> graphs
+            Lazy<Graphs> graphs,
+            Lazy<PublicHtmlFiles> publicHtmlFiles
     ) {
+        this.addresses = addresses;
         this.formatters = formatters;
         this.graphs = graphs;
+        this.publicHtmlFiles = publicHtmlFiles;
+    }
+
+    public Addresses getAddresses() {
+        return addresses.get();
     }
 
     public Formatters getFormatters() {
@@ -46,4 +58,8 @@ public class DeliveryUtilities {
         return graphs.get();
     }
 
+    public PublicHtmlFiles getPublicHtmlFiles() {
+        return publicHtmlFiles.get();
+    }
+
 }

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/DateObj.java

@@ -16,6 +16,8 @@
  */
 package com.djrapitops.plan.delivery.domain;
 
+import java.util.Objects;
+
 /**
  * Object that has a value tied to a date.
  *
@@ -39,4 +41,25 @@ public class DateObj<T> implements DateHolder {
     public T getValue() {
         return value;
     }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        DateObj<?> dateObj = (DateObj<?>) o;
+        return getDate() == dateObj.getDate() && Objects.equals(getValue(), dateObj.getValue());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getDate(), getValue());
+    }
+
+    @Override
+    public String toString() {
+        return "DateObj{" +
+                "date=" + date +
+                ", value=" + value +
+                '}';
+    }
 }

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/JoinAddressCount.java

@@ -28,7 +28,7 @@ import java.util.Objects;
  */
 public class JoinAddressCount implements Comparable<JoinAddressCount> {
 
-    private final int count;
+    private int count;
     private String joinAddress;
 
     public JoinAddressCount(Map.Entry<String, Integer> entry) {
@@ -52,6 +52,10 @@ public class JoinAddressCount implements Comparable<JoinAddressCount> {
         return count;
     }
 
+    public void setCount(int count) {
+        this.count = count;
+    }
+
     @Override
     public int compareTo(@NotNull JoinAddressCount other) {
         return String.CASE_INSENSITIVE_ORDER.compare(this.joinAddress, other.joinAddress);

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/Nickname.java

@@ -17,6 +17,7 @@
 package com.djrapitops.plan.delivery.domain;
 
 import com.djrapitops.plan.identification.ServerUUID;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 
 import java.util.Objects;
 
@@ -27,6 +28,7 @@ import java.util.Objects;
  */
 public class Nickname implements DateHolder {
 
+    @Untrusted
     private final String name;
     private final long date;
     private final ServerUUID serverUUID;
@@ -37,6 +39,7 @@ public class Nickname implements DateHolder {
         this.serverUUID = serverUUID;
     }
 
+    @Untrusted
     public String getName() {
         return name.length() <= 75 ? name : name.substring(0, 74);
     }

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/PluginHistoryMetadata.java

@@ -0,0 +1,77 @@
+/*
+ *  This file is part of Player Analytics (Plan).
+ *
+ *  Plan is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License v3 as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Plan is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with Plan. If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.djrapitops.plan.delivery.domain;
+
+import org.jetbrains.annotations.Nullable;
+
+import java.util.Objects;
+
+/**
+ * Represents plugin version history.
+ * <p>
+ * If version is null the plugin was uninstalled at that time.
+ *
+ * @author AuroraLS3
+ */
+public class PluginHistoryMetadata {
+
+    private final String name;
+    @Nullable
+    private final String version;
+    private final long modified;
+
+    public PluginHistoryMetadata(String name, @Nullable String version, long modified) {
+        this.name = name;
+        this.version = version;
+        this.modified = modified;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    @Nullable
+    public String getVersion() {
+        return version;
+    }
+
+    public long getModified() {
+        return modified;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        PluginHistoryMetadata that = (PluginHistoryMetadata) o;
+        return getModified() == that.getModified() && Objects.equals(getName(), that.getName()) && Objects.equals(getVersion(), that.getVersion());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getName(), getVersion(), getModified());
+    }
+
+    @Override
+    public String toString() {
+        return "PluginHistoryMetadata{" +
+                "name='" + name + '\'' +
+                ", version='" + version + '\'' +
+                ", modified=" + modified +
+                '}';
+    }
+}

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/RetentionData.java

@@ -0,0 +1,86 @@
+/*
+ *  This file is part of Player Analytics (Plan).
+ *
+ *  Plan is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License v3 as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Plan is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with Plan. If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.djrapitops.plan.delivery.domain;
+
+import java.util.Objects;
+import java.util.UUID;
+
+/**
+ * Represents data that can be used to calculate player retention for a specific player.
+ *
+ * @author AuroraLS3
+ */
+public class RetentionData {
+
+    private final UUID playerUUID;
+    private final long registerDate;
+    private final long lastSeenDate;
+    private final long playtime;
+    private final long timeDifference;
+
+    public RetentionData(UUID playerUUID, long registerDate, long lastSeenDate, long playtime) {
+        this.playerUUID = playerUUID;
+        this.registerDate = registerDate;
+        this.lastSeenDate = lastSeenDate;
+        this.playtime = playtime;
+        timeDifference = lastSeenDate - registerDate;
+    }
+
+    public UUID getPlayerUUID() {
+        return playerUUID;
+    }
+
+    public long getRegisterDate() {
+        return registerDate;
+    }
+
+    public long getLastSeenDate() {
+        return lastSeenDate;
+    }
+
+    public long getTimeDifference() {
+        return timeDifference;
+    }
+
+    public long getPlaytime() {
+        return playtime;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        RetentionData that = (RetentionData) o;
+        return getRegisterDate() == that.getRegisterDate() && getLastSeenDate() == that.getLastSeenDate() && getPlaytime() == that.getPlaytime() && getTimeDifference() == that.getTimeDifference() && Objects.equals(getPlayerUUID(), that.getPlayerUUID());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getPlayerUUID(), getRegisterDate(), getLastSeenDate(), getPlaytime(), getTimeDifference());
+    }
+
+    @Override
+    public String toString() {
+        return "RetentionData{" +
+                "playerUUID=" + playerUUID +
+                ", registerDate=" + registerDate +
+                ", lastSeenDate=" + lastSeenDate +
+                ", playtime=" + playtime +
+                ", timeDifference=" + timeDifference +
+                '}';
+    }
+}

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/TablePlayer.java

@@ -18,6 +18,7 @@ package com.djrapitops.plan.delivery.domain;
 
 import com.djrapitops.plan.delivery.domain.mutators.ActivityIndex;
 import com.djrapitops.plan.gathering.domain.BaseUser;
+import com.djrapitops.plan.gathering.domain.Ping;
 
 import java.util.Objects;
 import java.util.Optional;
@@ -38,6 +39,7 @@ public class TablePlayer implements Comparable<TablePlayer> {
     private Long registered;
     private Long lastSeen;
     private String geolocation;
+    private Ping ping;
 
     private boolean banned = false;
 
@@ -87,6 +89,10 @@ public class TablePlayer implements Comparable<TablePlayer> {
         return Optional.ofNullable(geolocation);
     }
 
+    public Ping getPing() {
+        return ping;
+    }
+
     public boolean isBanned() {
         return banned;
     }
@@ -111,12 +117,13 @@ public class TablePlayer implements Comparable<TablePlayer> {
                 lastSeen.equals(that.lastSeen) &&
                 name.equals(that.name) &&
                 activityIndex.equals(that.activityIndex) &&
-                geolocation.equals(that.geolocation);
+                geolocation.equals(that.geolocation) &&
+                ping.equals(that.ping);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(name, activityIndex, activePlaytime, sessionCount, registered, lastSeen, geolocation);
+        return Objects.hash(name, activityIndex, activePlaytime, sessionCount, registered, lastSeen, geolocation, ping);
     }
 
     @Override
@@ -130,6 +137,7 @@ public class TablePlayer implements Comparable<TablePlayer> {
                 ", registered=" + registered +
                 ", lastSeen=" + lastSeen +
                 ", geolocation='" + geolocation + '\'' +
+                ", ping='" + ping + '\'' +
                 ", banned=" + banned +
                 '}';
     }
@@ -190,6 +198,11 @@ public class TablePlayer implements Comparable<TablePlayer> {
             return this;
         }
 
+        public Builder ping(Ping ping) {
+            player.ping = ping;
+            return this;
+        }
+
         public TablePlayer build() {
             return player;
         }

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/WebUser.java

@@ -1,93 +0,0 @@
-/*
- *  This file is part of Player Analytics (Plan).
- *
- *  Plan is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License v3 as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  Plan is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with Plan. If not, see <https://www.gnu.org/licenses/>.
- */
-package com.djrapitops.plan.delivery.domain;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-
-/**
- * Object containing webserver security user information.
- *
- * @author AuroraLS3
- * @deprecated Use {@link com.djrapitops.plan.delivery.domain.auth.User} instead
- * TODO Rewrite Authentication stuff
- */
-@Deprecated(since = "2022-02-12, User.java")
-public class WebUser {
-
-    private final String username;
-    private final String saltedPassHash;
-    private final int permLevel;
-
-    public WebUser(String username, String saltedPassHash, int permLevel) {
-        this.username = username;
-        this.saltedPassHash = saltedPassHash;
-        this.permLevel = permLevel;
-    }
-
-    public static List<String> getPermissionsForLevel(int level) {
-        List<String> permissions = new ArrayList<>();
-        if (level <= 0) {
-            permissions.add("page.network");
-            permissions.add("page.server");
-            permissions.add("page.debug");
-            // TODO Add JSON Permissions
-        }
-        if (level <= 1) {
-            permissions.add("page.players");
-            permissions.add("page.player.other");
-        }
-        if (level <= 2) {
-            permissions.add("page.player.self");
-        }
-        return permissions;
-    }
-
-    public String getSaltedPassHash() {
-        return saltedPassHash;
-    }
-
-    public int getPermLevel() {
-        return permLevel;
-    }
-
-    public String getName() {
-        return username;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        WebUser webUser = (WebUser) o;
-        return permLevel == webUser.permLevel &&
-                Objects.equals(username, webUser.username) &&
-                Objects.equals(saltedPassHash, webUser.saltedPassHash);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(username, saltedPassHash, permLevel);
-    }
-
-    public com.djrapitops.plan.delivery.web.resolver.request.WebUser toNewWebUser() {
-        return new com.djrapitops.plan.delivery.web.resolver.request.WebUser(
-                username, getPermissionsForLevel(permLevel).toArray(new String[0])
-        );
-    }
-}

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/auth/Group.java

@@ -0,0 +1,59 @@
+/*
+ *  This file is part of Player Analytics (Plan).
+ *
+ *  Plan is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License v3 as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Plan is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with Plan. If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.djrapitops.plan.delivery.domain.auth;
+
+import java.util.Objects;
+
+/**
+ * Represents Plan web permission group without permissions or users.
+ * <p>
+ * This object is used instead of a String in case more attributes are added in the future.
+ *
+ * @author AuroraLS3
+ */
+public class Group {
+
+    private final String name;
+
+    public Group(String name) {
+        this.name = name;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Group group = (Group) o;
+        return Objects.equals(getName(), group.getName());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getName());
+    }
+
+    @Override
+    public String toString() {
+        return "WebGroup{" +
+                "name='" + name + '\'' +
+                '}';
+    }
+}

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/auth/GroupList.java

@@ -0,0 +1,58 @@
+/*
+ *  This file is part of Player Analytics (Plan).
+ *
+ *  Plan is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License v3 as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Plan is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with Plan. If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.djrapitops.plan.delivery.domain.auth;
+
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Represents Plan web permission group listing without associated permissions.
+ *
+ * @author AuroraLS3
+ */
+public class GroupList {
+
+    private final List<Group> groups;
+
+    public GroupList(List<Group> groups) {
+        this.groups = groups;
+    }
+
+    public List<Group> getGroups() {
+        return groups;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        GroupList that = (GroupList) o;
+        return Objects.equals(getGroups(), that.getGroups());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getGroups());
+    }
+
+    @Override
+    public String toString() {
+        return "WebGroupList{" +
+                "groups=" + groups +
+                '}';
+    }
+}

Plan/common/src/main/java/com/djrapitops/plan/delivery/domain/auth/User.java

@@ -18,6 +18,7 @@ package com.djrapitops.plan.delivery.domain.auth;
 
 import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
 import com.djrapitops.plan.utilities.PassEncryptUtil;
+import com.djrapitops.plan.utilities.dev.Untrusted;
 
 import java.util.Collection;
 import java.util.Objects;
@@ -30,23 +31,24 @@ import java.util.UUID;
  */
 public class User implements Comparable<User> {
 
+    @Untrusted
     private final String username;
     private final String linkedTo;
     private final UUID linkedToUUID; // null for 'console'
     private final String passwordHash;
-    private int permissionLevel;
+    private String permissionGroup;
     private final Collection<String> permissions;
 
-    public User(String username, String linkedTo, UUID linkedToUUID, String passwordHash, int permissionLevel, Collection<String> permissions) {
+    public User(@Untrusted String username, String linkedTo, UUID linkedToUUID, String passwordHash, String permissionGroup, Collection<String> permissions) {
         this.username = username;
         this.linkedTo = linkedTo;
         this.linkedToUUID = linkedToUUID;
         this.passwordHash = passwordHash;
-        this.permissionLevel = permissionLevel;
+        this.permissionGroup = permissionGroup;
         this.permissions = permissions;
     }
 
-    public boolean doesPasswordMatch(String password) {
+    public boolean doesPasswordMatch(@Untrusted String password) {
         return PassEncryptUtil.verifyPassword(password, passwordHash);
     }
 
@@ -54,6 +56,7 @@ public class User implements Comparable<User> {
         return new WebUser(linkedTo, linkedToUUID, username, permissions);
     }
 
+    @Untrusted
     public String getUsername() {
         return username;
     }
@@ -70,20 +73,16 @@ public class User implements Comparable<User> {
         return passwordHash;
     }
 
-    /**
-     * @deprecated Permission list should be used instead.
-     */
-    @Deprecated(since = "2022-05-04", forRemoval = true)
-    public int getPermissionLevel() {
-        return permissionLevel;
+    public String getPermissionGroup() {
+        return permissionGroup;
     }
 
-    /**
-     * @deprecated Permission list should be used instead.
-     */
-    @Deprecated(since = "2022-05-04", forRemoval = true)
-    public void setPermissionLevel(int permissionLevel) {
-        this.permissionLevel = permissionLevel;
+    public void setPermissionGroup(String permissionGroup) {
+        this.permissionGroup = permissionGroup;
+    }
+
+    public Collection<String> getPermissions() {
+        return permissions;
     }
 
     @Override
@@ -93,7 +92,7 @@ public class User implements Comparable<User> {
                 ", linkedTo='" + linkedTo + '\'' +
                 ", linkedToUUID=" + linkedToUUID +
                 ", passwordHash='" + passwordHash + '\'' +
-                ", permissionLevel=" + permissionLevel +
+                ", permissionGroup=" + permissionGroup +
                 ", permissions=" + permissions +
                 '}';
     }
@@ -103,22 +102,22 @@ public class User implements Comparable<User> {
         if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
         User user = (User) o;
-        return permissionLevel == user.permissionLevel &&
-                Objects.equals(username, user.username) &&
+        return Objects.equals(username, user.username) &&
                 Objects.equals(linkedTo, user.linkedTo) &&
                 Objects.equals(linkedToUUID, user.linkedToUUID) &&
                 Objects.equals(passwordHash, user.passwordHash) &&
+                Objects.equals(permissionGroup, user.permissionGroup) &&
                 Objects.equals(permissions, user.permissions);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(username, linkedTo, linkedToUUID, passwordHash, permissionLevel, permissions);
+        return Objects.hash(username, linkedTo, linkedToUUID, passwordHash, permissionGroup, permissions);
     }
 
     @Override
     public int compareTo(User other) {
-        int comparison = Integer.compare(this.permissionLevel, other.permissionLevel);
+        int comparison = String.CASE_INSENSITIVE_ORDER.compare(this.permissionGroup, other.permissionGroup);
         if (comparison == 0) comparison = String.CASE_INSENSITIVE_ORDER.compare(this.username, other.username);
         return comparison;
     }