feat: add Docker infrastructure, migrations, CI/CD client, session cleanup, tests

Docker & Deployment: - Add Dockerfile (multi-stage, alpine, non-root) - Add docker-compose.yml (caddy, backend, postgres, watchtower) - Add Caddyfile (TLS, file_server, reverse proxy) - Add .env.example Database: - Add migrations/001_init.sql (all tables + indexes) CI/CD: - Add cmd/ci-release/main.go (launcher binary upload tool) Session management: - Add internal/session/cleanup.go (background expired session cleanup) - Integrate cleanup worker into main.go Bug fixes: - Fix launcherLatest download URL to include version segment - Fix serveLauncherAsset path to match route pattern - Add Content-Type detection from file extension in CAS serveFile - Add empty-field validation in webLogin - Format string fix in ci-release (%d → %s for resp.Status) Tests: - Add internal/auth/auth_test.go (8 tests) - Add internal/cas/cas_test.go (7 tests) - Add internal/session/cleanup_test.go (1 test) - Add internal/api/api_test.go (5 tests) - All tests passing, go vet clean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-29 20:09:00 +03:00
parent 81c42e1a9a
commit 5fba2e78d5
14 changed files with 986 additions and 4 deletions
--- a/57
+++ b/57
@@ -0,0 +1,57 @@
+# Caddyfile — MrixsCraft reverse proxy + static file serving.
+# TLS is automatic. Adjust domain names to your actual domains.
+
+# ── CDN: CAS files (immutable, long cache) ────────────────────
+
+cdn.mrixs.me {
+    root * /var/www/cdn/files
+
+    # CAS files — content-addressed, never change.
+    handle /files/* {
+        file_server {
+            hide .htaccess
+        }
+        header Cache-Control "public, max-age=31536000, immutable"
+    }
+
+    # Skins — shorter cache so players see changes.
+    handle /skins/* {
+        file_server {
+            hide .htaccess
+        }
+        header Cache-Control "public, max-age=3600"
+    }
+}
+
+# ── API + Yggdrasil ───────────────────────────────────────────
+
+minecraft.mrixs.me {
+    # Yggdrasil authentication (launcher + game client).
+    handle /authserver/* {
+        reverse_proxy backend:8080
+    }
+
+    handle /sessionserver/* {
+        reverse_proxy backend:8080
+    }
+
+    # Public API (launcher + website).
+    handle /api/* {
+        reverse_proxy backend:8080
+    }
+
+    # Skin serving.
+    handle /skins/* {
+        reverse_proxy backend:8080
+    }
+
+    # CAS file serving (fallback if not served by CDN domain).
+    handle /files/* {
+        reverse_proxy backend:8080
+    }
+
+    # Everything else — frontend / templates.
+    handle {
+        reverse_proxy backend:8080
+    }
+}