AstralTransRocketries/drasl
1
0
Fork 0
mirror of https://github.com/unmojang/drasl.git synced 2025-09-08 06:35:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
327 Commits 2 Branches 20 Tags
Commit Graph

87 Commits

Author SHA1 Message Date
Evan Goode
dbe1b4c9b2 fix tests 2025-07-26 12:31:22 -04:00
Evan Goode
38d533581b Initial i18n support 2025-07-26 12:31:22 -04:00
cat
5a0deebf89 Add CORS for texture routes 
Fixes #173

Signed-off-by: cat <cat@plan9.rocks>
 2025-06-22 22:04:14 -04:00
Evan Goode
21aca475d5 OIDC: increase allowed clock skew from 5s to 1m 
Other systems [1] allow a skew of 5 minutes, so 1 minute doesn't seem
unreasonable.

[1] https://blog.logto.io/troubleshooting-invalid-issued-at-time-error

For https://github.com/unmojang/drasl/issues/166
 2025-04-13 22:09:54 +00:00
Evan Goode
30ba03adf4 Implement GET /minecraft/profile/lookup/:id 
New route on api.minecraftservices.com, see
https://minecraft.wiki/w/Mojang_API#Query_player's_username
 2025-04-04 21:00:08 -04:00
Evan Goode
bf62ef54eb CachedGet: wait for lock on the URL, then check cache 2025-04-04 21:00:08 -04:00
Evan Goode
4ea506eae1 Look up fallback player ID using POST /profiles/minecraft 
authlib-injector specifies POST /profiles/minecraft as the only
available route for player name -> UUID, so we have to use it if we want
to support authlib-injector-compatible fallback API servers.
 2025-04-04 21:00:08 -04:00
Evan Goode
770ceededb Batch and rate-limit POST /profiles/minecraft to fallback API servers 
For https://github.com/unmojang/drasl/issues/112
 2025-04-04 21:00:08 -04:00
Evan Goode
4339886e8f Add /minecraft/profile/lookup/name/:playerName route 2025-04-04 21:00:08 -04:00
Evan Goode
9901aa8776 Deterministic OIDC provider display order 
Go map iteration order is (intentionally) random
 2025-03-29 19:14:57 -04:00
Evan Goode
a9b1531111 Fixups 2025-03-29 17:29:52 -04:00
Evan Goode
d7ffab2612 Update config examples and test them 2025-03-28 20:53:45 -04:00
Evan Goode
49ddfa6f7f Add back missing authlib-injector account routes 2025-03-23 20:27:27 -04:00
Evan Goode
5252317a53 Lots of API cleanup, link to Swagger API docs 2025-03-22 23:05:38 -04:00
Evan Goode
5c1f6c1cfa
Implement SSO via OIDC (#127) 
Resolves https://github.com/unmojang/drasl/issues/39

* Use __Host- cookie prefix instead of setting Domain

See https://stackoverflow.com/a/64735551

* Unlinking OIDC accounts

* AllowPasswordLogin, OIDC docs, cleanup

* YggdrasilError

* Migrate existing password users without login

* API query/create/delete user OIDC identities

* test APICreateOIDCIdentity

* test APIDeleteeOIDCIdentity

* API Create users with OIDC identities

* OIDC: PKCE

* Use YggdrasilError in authlib-injector routes

* OIDC: AllowChoosingPlayerName

* recipes.md: Update for OIDC and deprecated config options

* OIDC: fix APICreateUser without password, validate oidcIdentities

* OIDC: error at complete-registration if no preferred player name

* Proper error pages

* MC_ prefix for Minecraft Tokens
 2025-03-22 16:40:26 -04:00
IkyMax
09c9192cca
Authlib-Injector Skin API Support (#144) 
* Initial support for Authlib-Injector Upload API

   - Support for HMCL

* Added Skin endpoint

* Support for capes

* Support for DELETE

* Explicitly route authlib-injector URLs, don't rewrite

* Test authlib-injector texture upload/delete

---------

Co-authored-by: Evan Goode <mail@evangoo.de>
 2025-03-09 16:15:29 -04:00
хлифи
fbc8f9d45a
APIs for login and register (#136) 
* APIs for login and register

* return 403 instead of 423 if account is locked

* add login API route to ratelimiter

* APILogin remove browser token gen & return, give API token instead

* generalize login logic

* remove transient user handling

* remove APIRegisterChallenge due to unnecessary

* remove honeypot from APIRegister

* APIRegister remove browser token gen & return, give API token instead

* add register API route to ratelimiter

* add missing API godoc

* Clean up app.Login error handling

* Fix rate-limit errors for API routes

* Deduplicate APICreateUser and APIRegister

* Rate-limit all non-admin unsafe API requests

* APILogin test

* Make SetIsLocked write to the tx

* Add CORSAllowOrigins option

* Assert SetIsLocked without err variable

* Fix and test API rate limiting

---------

Co-authored-by: Evan Goode <mail@evangoo.de>
 2025-02-15 21:43:02 -05:00
хлифи
c16361c6bc
Add disabling frontend (#137) 
* Add disabling frontend

* fixes requested in review

* Document EnableWebFrontEnd in configuration.md
 2025-02-02 22:16:32 -05:00
Evan Goode
0865865cd3 Player API routes, API tests/fixes 2024-12-28 21:07:32 -05:00
Evan Goode
faec464a4e Most Front tests passing 2024-12-28 21:07:32 -05:00
Evan Goode
1a8d312797 Tests passing except Front 2024-12-28 21:07:32 -05:00
Evan Goode
738d80538f Make multiple profiles usable from web front end 2024-12-28 21:07:32 -05:00
Evan Goode
f58ce99eae Initial changes to support multiple players per user 2024-12-28 21:07:32 -05:00
Evan Goode
12b9618168 Fix extraneous 'Additional error while handling an error' 2024-08-29 18:38:48 -04:00
Evan Goode
d833185b2b Implement joinserver.jsp and checkserver.jsp 2024-08-29 18:38:48 -04:00
Evan Goode
f02e4370a5 Rework error handling 2024-08-15 12:33:59 -04:00
Evan Goode
140ec8bd2e Don't host swag docs 2024-08-15 12:33:59 -04:00
Evan Goode
db14f9340d APIGetChallengeSkin, cleanup 2024-08-15 12:33:59 -04:00
Evan Goode
65a5c5aff8 API Delete user 2024-08-15 12:33:59 -04:00
Evan Goode
8f1a87aa1a More API routes and refactoring 2024-08-15 12:33:59 -04:00
Evan Goode
7d8aef7737 APICreateUser 2024-08-15 12:33:59 -04:00
Evan Goode
f7ad78d8e9 refactor: CreateUser 2024-08-15 12:33:59 -04:00
Evan Goode
c70e266d57 Start implementing Drasl API 2024-08-15 12:33:59 -04:00
cat
3441839905 Add ApplicationName, use generic URLs in web UI 2024-08-15 12:33:59 -04:00
Evan Goode
d516e568c7 Copy /privileges route to /services/privileges 2024-07-28 23:05:53 -04:00
Daniel Burzmiński
9fbcdc5958 Add legacy endpoint for 1.16.5 and its derivates. 2024-07-28 23:05:53 -04:00
Evan Goode
d017879daa Add ValidPlayerNameRegex option 
By default, Drasl should check to make sure player names don't contain
special characters.

For https://github.com/unmojang/drasl/issues/73
 2024-05-23 16:57:38 -04:00
Evan Goode
72d3b1cd32 Add minecraft/profile/lookup/bulk/byname alias 
As of 23w42a, the "Usernames to UUIDs" endpoint, previously at POST
https://api.mojang.com/profiles/minecraft, has been moved to POST
https://api.minecraftservices.com/minecraft/profile/lookup/bulk/byname.

This patch adds an alias for the new endpoint. The old endpoint will
still work.

Related: https://github.com/yushijinhun/authlib-injector/issues/232
 2024-03-21 11:12:03 -04:00
Evan Goode
276f36c0e2 Default skins and capes, usage.md 
Resolves https://github.com/unmojang/drasl/issues/27
 2023-11-22 21:30:02 -05:00
Evan Goode
e8537ea54c OfflineSkins, also fix several skin issues 2023-11-10 20:19:07 -05:00
Evan Goode
a7679dce16 Log responses from fallback API servers 2023-09-18 20:29:43 -04:00
Evan Goode
f68e2308c0 Icon 2023-09-17 00:21:05 -04:00
Evan Goode
32242f1002 Make fallback API cache configurable 
Closes https://github.com/unmojang/drasl/issues/19
 2023-09-16 14:00:30 -04:00
Evan Goode
5908508fdd Fix 404s for web ui 2023-09-06 23:07:30 -04:00
Evan Goode
15559209ca Create config, state directories if they don't exist 
We might want to gate this behind a flag in build_config.go, the Docker
build will want this but maybe not other distributions.
 2023-09-03 17:51:20 -04:00
Evan Goode
d750dacdbb Config validation/cleaning, cleanup 2023-08-29 00:26:21 -04:00
Evan Goode
e1f0c3e7fe misc cleanup 2023-08-22 17:04:11 -04:00
Evan Goode
c5af033ca4 Fix AnonymousLogin, rename to TransientUsers 2023-08-20 02:15:04 +00:00
Evan Goode
3456e33085 Switch from 32-character hex accessTokens to JWTs 2023-08-20 02:15:04 +00:00
Evan Goode
fecd6e5daf Mostly cleanup, error handling, authlib-injector fixes 2023-07-28 16:33:45 -04:00