|
|
7ad02cb1b2
|
feat: implement email validation, CI/CD pipeline, migration history, and web templates
CI / lint (push) Failing after 21s
CI / build (push) Has been skipped
CI / test (push) Has been skipped
CI / docker (push) Has been skipped
Email validation:
- Replace @/. check with net/mail.ParseAddress on register
- Add size limit check (max 254 chars, RFC 5321)
CI/CD Pipeline:
- Add .gitea/workflows/ci.yml (lint → test → build → docker push)
- Registry: gitea.mrixs.me/Mrixs/MrixsCraft-server
- Push only on main branch
Database:
- Add migrations/002_migration_history.sql (tracking applied migrations)
- Add migrations/README.md (manual apply instructions)
Web Templates:
- Add base.html with Minecraft-themed layout (dark + green accent)
- Add index.html, login.html, register.html with POST forms
- Rewrite templates.go for data-driven rendering with pageData struct
- Fallback placeholder preserved when templates dir missing
|
2026-05-30 00:39:51 +03:00 |
|
|
|
d418ae2b54
|
fix: add panic recovery, rate limiting, timing-safe CI token
- Add Recovery middleware (catches panics, returns 500, logs stack trace)
- Add RateLimiter to middleware chain (30 req/min, burst 60 per IP)
- Fix CI token comparison with subtle.ConstantTimeCompare (timing attack)
- Middleware chain: Recovery → Logging → RateLimit → CORS → mux
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-05-29 21:08:01 +03:00 |
|
|
|
5fba2e78d5
|
feat: add Docker infrastructure, migrations, CI/CD client, session cleanup, tests
Docker & Deployment:
- Add Dockerfile (multi-stage, alpine, non-root)
- Add docker-compose.yml (caddy, backend, postgres, watchtower)
- Add Caddyfile (TLS, file_server, reverse proxy)
- Add .env.example
Database:
- Add migrations/001_init.sql (all tables + indexes)
CI/CD:
- Add cmd/ci-release/main.go (launcher binary upload tool)
Session management:
- Add internal/session/cleanup.go (background expired session cleanup)
- Integrate cleanup worker into main.go
Bug fixes:
- Fix launcherLatest download URL to include version segment
- Fix serveLauncherAsset path to match route pattern
- Add Content-Type detection from file extension in CAS serveFile
- Add empty-field validation in webLogin
- Format string fix in ci-release (%d → %s for resp.Status)
Tests:
- Add internal/auth/auth_test.go (8 tests)
- Add internal/cas/cas_test.go (7 tests)
- Add internal/session/cleanup_test.go (1 test)
- Add internal/api/api_test.go (5 tests)
- All tests passing, go vet clean
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-05-29 20:09:00 +03:00 |
|
|
|
e4fea937aa
|
feat: implement CAS module, middleware, utils, and templates
- CAS: GET /files/{hash} with immutable cache headers, launcher asset
serving, hash validation, StoreFile/VerifyAndStore helpers
- Middleware: CORS, request logging, per-IP token bucket rate limiter
- Utils: SHA1Bytes, SHA256Bytes, SHA1File, Unzip with zip-slip protection
- Templates: placeholder handler with html/template discovery
- Wire CAS routes and middleware chain (Logging → CORS) in main.go
|
2026-05-26 15:11:41 +03:00 |
|
|
|
2f07fbf379
|
feat: add admin handler (modpack CRUD, file upload, manifest, launcher release)
- modpack CRUD: GET/POST/PUT/DELETE /api/admin/modpacks
- file upload: POST /api/admin/modpacks/{slug}/upload — multipart, ZIP extraction, CAS storage
- manifest: POST /api/admin/modpacks/{slug}/manifest — scan instance dir, generate manifest.json
- launcher release: POST /api/admin/launcher/release — CI/CD endpoint, SHA-256 verify, DB registration
- auth middleware: Bearer token + admin role check + X-CI-Token for CI/CD
- zip-slip protection in file extraction
Co-Authored-By: OWL <noreply@anthropic.com>
|
2026-05-26 14:03:17 +03:00 |
|
|
|
475ff9bfa2
|
feat: add API handler (register, login, skin, launcher, servers, manifest)
- register: POST /api/web/register — create user with SHA-256 password hash
- login: POST /api/web/login — credentials check + session token
- uploadSkin: POST /api/web/profile/skin — PNG upload, SHA-1 CAS storage
- launcherLatest: GET /api/launcher/latest — latest launcher version + download URL
- serversList: GET /api/servers.json — active modpacks list
- instanceManifest: GET /api/instances/{slug}/manifest.json — modpack manifest
- serveSkin: GET /skins/{hash}.png — skin file serving with cache headers
- PathValue-based routing (Go 1.22+)
Co-Authored-By: OWL <noreply@anthropic.com>
|
2026-05-26 13:31:22 +03:00 |
|
|
|
aa7d3a8509
|
feat: add server foundation (config, database, auth, main)
- config: Load from env vars (SERVER_PORT, DATABASE_URL, JWT_SECRET, CAS_DIR, etc.)
- database: pgx/v5 connection pool, models (User, YggdrasilSession, Modpack, GlobalFile, LauncherRelease)
- auth: Yggdrasil endpoints (authenticate, refresh, validate) with SHA-256 password hashing, token rotation
- main: graceful shutdown, HTTP server on configured port
- go.mod: module gitea.mrixs.me/Mrixs/MrixsCraft-server, pgx/v5 dependency
Co-Authored-By: OWL <noreply@anthropic.com>
|
2026-05-26 13:03:21 +03:00 |
|
|
|
551c75a232
|
chore: initial project structure
|
2026-05-23 17:57:37 +03:00 |
|
