feat: add yggdrasil metadata endpoint and support authlib-injector

cmd/server/main.go

@@ -75,7 +75,7 @@ func main() {
 
 	// --- Инициализация хендлеров ---
 	userHandler := &api.UserHandler{Service: userService}
-	authHandler := &api.AuthHandler{Service: authService}
+	authHandler := &api.AuthHandler{Service: authService, ProfileService: profileService, Domain: domain}
 	profileHandler := &api.ProfileHandler{Service: profileService}
 	serverHandler := &api.ServerHandler{Repo: serverRepo}
 	launcherHandler := &api.LauncherHandler{ModpackRepo: modpackRepo}
@@ -129,6 +129,31 @@ func main() {
 		r.Get("/profile/{uuid}", profileHandler.GetProfile)
 	})
 
+	// --- Yggdrasil API (for authlib-injector) ---
+	r.Route("/api/yggdrasil", func(r chi.Router) {
+		r.Get("/", authHandler.GetMetadata)
+
+		r.Route("/authserver", func(r chi.Router) {
+			r.Post("/authenticate", authHandler.Authenticate)
+			r.Post("/invalidate", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusNoContent) })
+			r.Post("/validate", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusNoContent) })
+			r.Post("/signout", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusNoContent) })
+			r.Post("/refresh", func(w http.ResponseWriter, r *http.Request) {
+				// Fallback for refresh - return 400 or implement real refresh
+				http.Error(w, "Not implemented", http.StatusForbidden)
+			})
+		})
+
+		r.Route("/sessionserver/session/minecraft", func(r chi.Router) {
+			r.Post("/join", authHandler.Join)
+			r.Get("/hasJoined", func(w http.ResponseWriter, r *http.Request) {
+				// Legacy hasJoined endpoint if needed, but modern mostly uses join/check
+				w.WriteHeader(http.StatusNoContent)
+			})
+			r.Get("/profile/{uuid}", profileHandler.GetProfile)
+		})
+	})
+
 	// --- Защищенные роуты ---
 	r.Group(func(r chi.Router) {
 		r.Use(api.AuthMiddleware)