AstralTransRocketries/drasl
1
0
Fork 0
mirror of https://github.com/unmojang/drasl.git synced 2025-08-03 10:56:06 -04:00
Code Issues Packages Projects Releases Wiki Activity

Release notes for 3.0.0

Browse Source
This commit is contained in:
Evan Goode 2025-03-22 18:51:33 -04:00
parent 8ccb3babeb
commit 1f4b46b11a
5 changed files with 42 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -1,5 +1,8 @@
# ![Drasl icon](doc/icon.png) Drasl
> [!IMPORTANT]
> [Release notes for Drasl 3.0.0](doc/release-notes.md)
Drasl is an alternative API server for Minecraft that handles authentication, skins, and capes.
You can use it to host Minecraft servers that are completely independent from Mojang's infrastructure.
It's designed to be easy to host yourself, but a "reference instance" is hosted at [https://drasl.unmojang.org](https://drasl.unmojang.org) which currently requires a Minecraft account to register.
@ -33,6 +36,7 @@ There are many reasons to host your own API server instead of using Mojang's. Yo
- Easy to host: a single Go binary plus a few static assets, no runtime dependencies. See [doc/installation.md](doc/installation.md).
- Highly configurable
- Fast, minimalist, and highly-accessible web interface. JavaScript is used only for cosmetic effects and is not required.
- Optional: link with one or more [OpenID Connect](https://openid.net/developers/how-connect-works/) providers
- Optional: allow multiple players per user (see [MaxPlayerCount](doc/configuration.md))
- Optional: proxy requests to fallback API servers (see [FallbackAPIServers](doc/configuration.md))
- You can configure your Minecraft server to accept users logged in with either a Mojang account or a Drasl account.
@ -70,7 +74,7 @@ See [doc/usage.md](doc/usage.md) for post-installation instructions and guidance
## API
Drasl has its own API for managing users and invitations, but consider it in a beta state. v1 of this API is likely to be deprecated quickly. Documentation is [here](https://doc.drasl.unmojang.org).
Drasl has its own API for managing users, players, and invitations. Documentation is [here](https://doc.drasl.unmojang.org).
Drasl implements the Mojang API, documented here on [The Minecraft Wiki](https://minecraft.wiki):
@ -86,7 +90,7 @@ Drasl also implements (almost all of) the authlib-injector API at `/authlib-inje
If using Nix (with flakes), simply run `nix build`.
Otherwise, install build dependencies. Go 1.21 or later is required:
Otherwise, install build dependencies. Go 1.23 or later is required:
```
sudo apt install make golang gcc nodejs npm # Debian

2
doc/configuration.md
View File

@ -109,7 +109,7 @@ Other available options:
- Note: Minecraft 1.19 and earlier can only validate player public keys against Mojang's public key, not ours, so you should use `enforce-secure-profile=false` on versions earlier than 1.20.
- `TokenStaleSec`: number of seconds after which an access token will go "stale". A stale token needs to be refreshed before it can be used to log in to a Minecraft server. By default, `TokenStaleSec` is set to `0`, meaning tokens will never go stale, and you should never see an error in-game like "Failed to login: Invalid session (Try restarting your game)". To have tokens go stale after one day, for example, set this option to `86400`. Integer. Default value: `0`.
- `TokenExpireSec`: number of seconds after which an access token will expire. An expired token can neither be refreshed nor be used to log in to a Minecraft server. By default, `TokenExpireSec` is set to `0`, meaning tokens will never expire, and you should never have to log in again to your launcher if you've been away for a while. The security risks of non-expiring JWTs are actually quite mild; an attacker would still need access to a client's system to steal a token. But if you're concerned about security, you might, for example, set this option to `604800` to have tokens expire after one week. Integer. Default value: `0`.
- `AllowPasswordLogin`: Allow registration and login with passwords. Disable to force users to register via OIDC (see `[[OIDCProvider]]`). If disabled, users must use Minecraft Tokens to log in to Minecraft launchers. If this option is disabled after being previously enabled, password accounts will still have the option to link an OIDC provider to their account. Boolean. Default value: `true`.
- `AllowPasswordLogin`: Allow registration and login with passwords. Disable to force users to register via OIDC (see `[[RegistrationOIDC]]`). If disabled, users must use Minecraft Tokens to log in to Minecraft launchers. If this option is disabled after being previously enabled, password accounts will still have the option to link an OIDC provider to their account. Boolean. Default value: `true`.
- `AllowChangingPlayerName`: Allow users to change their "player name" after their account has already been created. Could be useful in conjunction with `RegistrationExistingPlayer` if you want to make users register from an existing (e.g. Mojang) account but you want them to be able to choose a new player name. Admins can change the name of any player regardless of this setting. Boolean. Default value: `true`.
- `AllowSkins`: Allow users to upload skins. You may want to disable this option if you want to rely exclusively on `ForwardSkins`, e.g. to fully support Vanilla clients. Admins can set skins regardless of this setting. Boolean. Default value: `true`.
- `AllowCapes`: Allow users to upload capes. Admins can set capes regardless of this setting. Boolean. Default value: `true`.

29
doc/release-notes.md Normal file
View File

@ -0,0 +1,29 @@
# Release notes
## Drasl 3.0.0
Major changes:
- Allow multiple players per user (`DefaultMaxPlayerCount`)
- Support for login and registration via OpenID Connect (`[[RegistrationOIDC]]`)
- Major database schema changes, hence Drasl will now (by default) back up the database when upgrading to a new database version (`PreMigrationBackups`).
- Drasl API version incremented to v2
- Minimum Go version increased from 1.19 to 1.23 due to new dependencies
New configuration options:
- `AllowPasswordLogin`: Allow registration and login with passwords. Disable to force users to register via OIDC (see `[[RegistrationOIDC]]`). If disabled, users must use Minecraft Tokens to log in to Minecraft launchers. If this option is disabled after being previously enabled, password accounts will still have the option to link an OIDC provider to their account. Boolean. Default value: `true`.
- `DefaultMaxPlayerCount`: Number of players each user is allowed to own by default. Admins can increase or decrease each user's individual limit. Use `-1` to allow creating an unlimited number of players. Integer. Default value: `1`.
- `CORSAllowOrigins`: List of origins that may access Drasl API routes. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. Necessary for allowing browsers to access the Drasl API. Set to `["*"]` to allow all origins. Array of strings. Example value: `["https://front-end.example.com"]`. Default value: `[]`.
- `EnableWebFrontEnd`: Whether to enable the web UI. Boolean. Default value: `true`.
- `PreMigrationBackups`: Back up the database to `/path/to/StateDirectory/drasl.X.YYYY-mm-ddTHH-MM-SSZ.db` (where `X` is the old database version) before migrating to a new database version. Boolean. Default value: `true`.
- `[[RegistrationOIDC]]`: Allow users to register via [OpenID Connect](https://openid.net/developers/how-connect-works) as well as link their existing Drasl account to OIDC providers. Compatible with both `[RegistrationNewPlayer]` and `[RegistrationExistingPlayer]`. If a user account is linked to one or more OIDC providers, **they will no longer be able to log in to the Drasl web UI or Minecraft using their Drasl password**. For the Drasl web UI, they will have to log in via OIDC. For Minecraft, they will have to use the "Minecraft Token" shown on their user page. Use `$BaseURL/web/oidc-callback/$Name` as the OIDC redirect URI when registering Drasl with your OIDC identity provider, where `$BaseURL` is your Drasl `BaseURL` and `$Name` is the `Name` of the `[[RegistrationOIDC]]` provider. For example, `https://drasl.example.com/web/oidc-callback/Kanidm`.
Moved configuration options:
- `RegistrationNewPlayer.AllowChoosingUUID` moved to `CreateNewPlayer.AllowChoosingUUID`
- `RegistrationExistingPlayer.Nickname` moved to `ImportExistingPlayer.Nickname`
- `RegistrationExistingPlayer.AccountURL` moved to `ImportExistingPlayer.AccountURL`
- `RegistrationExistingPlayer.SessionURL` moved to `ImportExistingPlayer.SessionURL`
- `RegistrationExistingPlayer.SetSkinURL` moved to `ImportExistingPlayer.SetSkinURL`
- `RegistrationExistingPlayer.RequireSkinVerification` moved to `ImportExistingPlayer.RequireSkinVerification`

2
go.mod
View File

@ -1,6 +1,6 @@
module unmojang.org/drasl
go 1.21
go 1.23
require (
github.com/BurntSushi/toml v1.3.2

10
view/root.tmpl
View File

@ -22,12 +22,11 @@
{{ $dividerNeeded = true }}
{{ end }}
{{ if $dividerNeeded }}
<div class="divider">or</div>
{{ $dividerNeeded = false }}
{{ end }}
{{ if .App.Config.AllowPasswordLogin }}
{{ if $dividerNeeded }}
<div class="divider">or</div>
{{ $dividerNeeded = false }}
{{ end }}
<form action="{{ .App.FrontEndURL }}/web/login" method="post">
<input type="text" name="username" placeholder="Username" required />
<input hidden name="returnUrl" value="{{ .URL }}" />
@ -41,6 +40,7 @@
/>
<input type="submit" value="Log in" />
</form>
{{ $dividerNeeded = true }}
{{ end }}
<h3>Configuring your client</h3>