Mrixs/MrixsCraft-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43 Commits 1 Branch 0 Tags
master
Commit Graph

6 Commits

Author SHA1 Message Date
Vladimir Zagainov
4efcc770ac fix: format all Go files with gofmt
All checks were successful
CI / lint (push) Successful in 9m54s
Details
CI / test (push) Successful in 10m19s
Details
CI / build (push) Successful in 9m58s
Details
CI / docker (push) Has been skipped
Details 
- Fix alignment in struct fields (sessionProfileResponse, textureInfo, Handler)
- Align struct field values in internal/templates/templates.go, internal/api/api.go
 2026-05-30 20:00:54 +03:00
Vladimir Zagainov
e1cc999ea8 refactor: deduplicate sha1Hex/writeJSON/writeError into pkg/utils 
- admin.go: replace local sha1Hex, sha256Hex, writeJSON, writeError with pkg/utils equivalents
- auth.go: replace local writeJSON with utils.WriteJSON; rewrite writeError as thin wrapper
- cas.go: remove local sha1Hex and unused writeJSON; use utils.SHA1Bytes
- pkg/utils.go: add WriteJSON, WriteError; reorder imports
 2026-05-29 23:53:33 +03:00
Vladimir Zagainov
d418ae2b54 fix: add panic recovery, rate limiting, timing-safe CI token 
- Add Recovery middleware (catches panics, returns 500, logs stack trace)
- Add RateLimiter to middleware chain (30 req/min, burst 60 per IP)
- Fix CI token comparison with subtle.ConstantTimeCompare (timing attack)
- Middleware chain: Recovery → Logging → RateLimit → CORS → mux

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-05-29 21:08:01 +03:00
Vladimir Zagainov
01cce981c5 feat: implement skins/capes, profile endpoints, session server 
Skins & capes:
- Fix uploadSkin auth: Bearer token instead of user_id form hack
- Add POST /api/web/profile/cape (upload cape)
- Add DELETE /api/web/profile/skin and DELETE /api/web/profile/cape
- Validate skin PNG dimensions (64x32, 64x64, 128x128, 128x64)
- Add size limits: 1 MB for skins, 2 MB for capes
- Add basic email validation on register

Profile & session server:
- Add GET /api/web/profile/{uuid} — public profile with skin/cape hashes
- Add GET /sessionserver/session/minecraft/profile/{uuid} — Mojang-compatible
  texture response for game client
- Add POST /authserver/invalidate and POST /authserver/signout
- Export VerifyPassword and ExtractBearer from auth package
- Remove duplicate verifyPassword from api.go
- Add PlayerTextures model to database.go
 2026-05-27 11:45:33 +03:00
Vladimir Zagainov
2f07fbf379 feat: add admin handler (modpack CRUD, file upload, manifest, launcher release) 
- modpack CRUD: GET/POST/PUT/DELETE /api/admin/modpacks
- file upload: POST /api/admin/modpacks/{slug}/upload — multipart, ZIP extraction, CAS storage
- manifest: POST /api/admin/modpacks/{slug}/manifest — scan instance dir, generate manifest.json
- launcher release: POST /api/admin/launcher/release — CI/CD endpoint, SHA-256 verify, DB registration
- auth middleware: Bearer token + admin role check + X-CI-Token for CI/CD
- zip-slip protection in file extraction

Co-Authored-By: OWL <noreply@anthropic.com>
 2026-05-26 14:03:17 +03:00
Vladimir Zagainov
551c75a232 chore: initial project structure 2026-05-23 17:57:37 +03:00