Vladimir Zagainov
75ea7c70c2
Details:
• HTML endpoints (/, /profile, /admin, /login, /register):
- Authenticate via HTTP-only cookie named 'token'
- Handlers in internal/templates/templates.go check cookie validity
- /admin endpoint additionally checks for role='admin'
- Unauthenticated users redirected to /login
- Non-admin users accessing /admin get HTTP 403 Forbidden
• API endpoints (/api/*):
- Authenticate via Bearer token in Authorization header only
- Handlers in internal/api/api.go use authenticateRequest() function
- Function extracts token from 'Authorization: Bearer <token>' header
- Validates token against yggdrasil_sessions table
- No cookie checking for API endpoints (launcher compatibility)
• Web login (/api/web/login):
- Sets HTTP-only cookie 'token' for browser storage
- Returns JSON with token, UUID, username for JS localStorage
- Maintains backward compatibility with existing JavaScript
• JavaScript in HTML pages:
- Gets token from localStorage (set by login response)
- Sets Authorization: Bearer <token> header for API fetch calls
- Updated admin.html and profile.js to include token in headers
This separation ensures:
• HTML endpoints work automatically with browser cookies
• API endpoints work with browsers (via JS) and launchers (Bearer tokens)
• Security sensitive actions require proper role validation
• Clean separation of concerns between document and API interfaces
MrixsCraft Server
Minecraft серверная часть на Go (net/http + PostgreSQL).
Сборка
go build -o mrixscraft-server ./cmd/server
Запуск
export SERVER_PORT=8080
export DATABASE_URL="postgres://user:pass@localhost:5432/mrixscraft"
go run ./cmd/server
Переменные окружения
| Переменная | Описание | По умолчанию |
|---|---|---|
SERVER_PORT |
Порт HTTP-сервера | 8080 |
DATABASE_URL |
DSN PostgreSQL | — |