Initial project structure and core files

Add base project files including environment example, license, README, .gitignore, error classes, ESLint config, database modules, texture assets, repositories, routes, schemas, services, and server entry point. This establishes the foundational structure for a Yggdrasil-compatible REST API with modular error handling, database setup, and route organization.
2026-01-05 04:42:39 +01:00
commit 587146d322
112 changed files with 8540 additions and 0 deletions
--- a/routes/admin/ban/index.js
+++ b/routes/admin/ban/index.js
@@ -0,0 +1,32 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.get("/:uuid", adminService.hasPermission("PLAYER_BAN_STATUS"), async (req, res) => {
+    const banStatus = await userService.getPlayerBanStatus(req.params.uuid)
+    return res.status(200).json(banStatus)
+})
+
+router.get("/:uuid/actions", adminService.hasPermission("PLAYER_ACTIONS_LIST"), async (req, res) => {
+    const playerActions = await userService.getPlayerActions(req.params.uuid)
+    return res.status(200).json(playerActions)
+})
+
+router.get("/:uuid/history", adminService.hasPermission("PLAYER_BAN_HISTORY"), async (req, res) => {
+    const banHistory = await userService.getPlayerBans(req.params.uuid)
+    return res.status(200).json(banHistory)
+})
+
+router.put("/:uuid", adminService.hasPermission("PLAYER_BAN"), async (req, res) => {
+    const { reasonKey, reasonMessage, expires } = req.body
+    const ban = await userService.banUser(req.params.uuid, { reasonKey, reasonMessage, expires })
+    return res.status(200).json(ban)
+})
+
+router.delete("/:uuid", adminService.hasPermission("PLAYER_UNBAN"), async (req, res) => {
+    const ban = await userService.unbanUser(req.params.uuid)
+    return res.status(200).json(ban)
+})
+
+module.exports = router
--- a/routes/admin/cosmetics/capes.js
+++ b/routes/admin/cosmetics/capes.js
@@ -0,0 +1,20 @@
+const express = require("express")
+const path = require("node:path")
+const multer = require("multer")
+const router = express.Router() 
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+const upload = multer({ dest: path.join(process.cwd(), "data/temp/") })
+
+router.post("/upload", adminService.hasPermission("UPLOAD_CAPE"), upload.single("file"), async (req, res) => {
+    const result = await adminService.uploadCape(req.file, req.body.alias)
+    res.status(201).json(result)
+})
+
+router.delete("/:hash", adminService.hasPermission("DELETE_CAPES"), async (req, res) => {
+    const result = await userService.deleteGlobalCape(req.params.hash)
+    res.status(200).json(result)
+})
+
+module.exports = router
--- a/routes/admin/index.js
+++ b/routes/admin/index.js
@@ -0,0 +1,4 @@
+const express = require("express")
+const router = express.Router() 
+
+module.exports = router
--- a/routes/admin/players/password.js
+++ b/routes/admin/players/password.js
@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.patch("/:uuid", adminService.hasPermission("CHANGE_PLAYER_PASSWORD"), async (req, res) => {
+    const { newPassword } = req.body
+    const result = await userService.changePassword(req.params.uuid, newPassword)
+    return res.status(200).json(result)
+})
+
+module.exports = router
--- a/routes/admin/players/textures.js
+++ b/routes/admin/players/textures.js
@@ -0,0 +1,23 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.delete("/skin/:uuid", adminService.hasPermission("RESET_PLAYER_SKIN"), async (req, res) => {
+    const result = await userService.resetSkin(req.params.uuid)
+    return res.status(200).json(result)
+})
+
+router.put("/cape/:uuid/:hash", adminService.hasPermission("GRANT_PLAYER_CAPE"), async (req, res) => {
+    const { uuid, hash } = req.params
+    const result = await userService.grantCape(uuid, hash)
+    return res.status(200).json(result)
+})
+
+router.delete("/cape/:uuid/:hash", adminService.hasPermission("REMOVE_PLAYER_CAPE"), async (req, res) => {
+    const { uuid, hash } = req.params
+    const result = await userService.removeCape(uuid, hash)
+    return res.status(200).json(result)
+})
+
+module.exports = router
--- a/routes/admin/players/username.js
+++ b/routes/admin/players/username.js
@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.patch("/:uuid", adminService.hasPermission("CHANGE_PLAYER_USERNAME"), async (req, res) => {
+    const { newUsername } = req.body
+    const result = await userService.changeUsername(req.params.uuid, newUsername)
+    return res.status(200).json(result)
+})
+
+module.exports = router
--- a/routes/api/minecraft/profile/lookup/bulk/byname.js
+++ b/routes/api/minecraft/profile/lookup/bulk/byname.js
@@ -0,0 +1,10 @@
+const express = require("express")
+const userService = require("../../../../../../services/userService")
+const router = express.Router()
+
+router.post("/", async (req, res) => {
+    const profiles = await userService.bulkLookup(req.body)
+    return res.status(200).json(profiles)
+})
+
+module.exports = router
--- a/routes/api/profile/lookup/name/[username].js
+++ b/routes/api/profile/lookup/name/[username].js
@@ -0,0 +1,28 @@
+const express = require("express")
+const utils = require("../../../../../modules/utils")
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+const { ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+
+router.get("", async (req, res) => {
+    const profile = await userService.getLegacyProfile(req.params.username)
+    const isUsernameOK = await authService.checkUsernameAvailability(newName)
+    const at = req.query.at
+    if (at != undefined && utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        const history = await userService.getNameUUIDs(parseInt(at))
+        return res.status(history.code).json(history.data)
+    } else {
+        throw new ServiceError(400, req.originalUrl, "IllegalArgumentException", "Invalid timestamp.")
+    }
+    if (isUsernameOK.status != "AVAILABLE") {
+        throw new ServiceError(400, req.originalUrl, "CONSTRAINT_VIOLATION", "Invalid username.")
+    }
+    if (!profile) {
+        return res.status(204).send()
+    }
+    return res.status(200).json(profile)
+})
+
+module.exports = router
--- a/routes/api/profiles/minecraft.js
+++ b/routes/api/profiles/minecraft.js
@@ -0,0 +1,10 @@
+const express = require("express")
+const userService = require("../../../services/userService")
+const router = express.Router()
+
+router.post("/", async (req, res) => {
+    const profiles = await userService.bulkLookup(req.body)
+    return res.status(200).json(profiles)
+})
+
+module.exports = router
--- a/routes/api/user/profiles/[uuid]/names.js
+++ b/routes/api/user/profiles/[uuid]/names.js
@@ -0,0 +1,15 @@
+const express = require("express")
+const utils = require("../../../../../modules/utils")
+const userService = require("../../../../../services/userService")
+const { ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("/", async (req, res) => {
+    if (!utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        throw new ServiceError(404, req.originalUrl, "Not found", null, null)
+    }
+    const history = await userService.getPlayerUsernamesHistory(req.params.uuid)
+    return res.status(200).json(history)
+})
+
+module.exports = router
--- a/routes/api/users/profiles/minecraft/[username].js
+++ b/routes/api/users/profiles/minecraft/[username].js
@@ -0,0 +1,27 @@
+const express = require("express")
+const utils = require("../../../../../modules/utils")
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+const { ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("", async (req, res) => {
+    const profile = await userService.getLegacyProfile(req.params.username)
+    const isUsernameOK = await authService.checkUsernameAvailability(newName)
+    const at = req.query.at
+    if (at != undefined && utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        const history = await userService.getNameUUIDs(parseInt(at))
+        return res.status(history.code).json(history.data)
+    } else {
+        throw new ServiceError(400, req.originalUrl, "IllegalArgumentException", "Invalid timestamp.")
+    }
+    if (isUsernameOK.status != "AVAILABLE") {
+        throw new ServiceError(400, req.originalUrl, "CONSTRAINT_VIOLATION", "Invalid username.")
+    }
+    if (!profile) {
+        return res.status(204).send()
+    }
+    return res.status(200).json(profile)
+})
+
+module.exports = router
--- a/routes/authserver/authenticate.js
+++ b/routes/authserver/authenticate.js
@@ -0,0 +1,41 @@
+const express = require("express")
+const router = express.Router()
+const { YggdrasilError } = require("../../errors/errors")
+const rateLimit = require("express-rate-limit")
+const authService = require("../../services/authService")
+const logger = require("../../modules/logger")
+
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000,
+    max: 20,
+    standardHeaders: true,
+    legacyHeaders: false,
+    handler: (req, res) => {
+        return res.status(429).json({
+            error: "TooManyRequestsException",
+            errorMessage: "Too many login attempts, please try again later."
+        })
+    }
+})
+
+router.post("/", limiter, async (req, res) => {
+    const { username, password, clientToken, requestUser } = req.body
+    try {
+        const result = await authService.authenticate({ 
+            identifier: username, 
+            password, 
+            clientToken, 
+            requireUser: requestUser || false 
+        })
+
+        logger.log(`User authenticated: ${username}`, ["AUTH", "green"])
+        return res.status(200).json(result.response)
+    } catch (err) {
+        if (err instanceof DefaultError) {
+            throw new YggdrasilError( err.code, err.error || "ForbiddenOperationException", err.message, "Invalid credentials")
+        }
+        throw err
+    }
+})
+
+module.exports = router
--- a/routes/authserver/invalidate.js
+++ b/routes/authserver/invalidate.js
@@ -0,0 +1,20 @@
+const express = require("express")
+const router = express.Router()
+const authService = require("../../services/authService")
+const YggdrasilError = require("../../errors/YggdrasilError")
+const { DefaultError } = require("../../errors/errors")
+
+router.post("/", async (req, res) => {
+    const { accessToken, clientToken } = req.body
+    try {
+        await authService.invalidate({ accessToken, clientToken })
+        return res.sendStatus(204)
+    } catch (err) {
+        if (err instanceof DefaultError) {
+            throw new YggdrasilError(err.code, err.error || "ForbiddenOperationException", err.message, "Invalid token.")
+        }
+        throw err
+    }
+})
+
+module.exports = router
--- a/routes/authserver/refresh.js
+++ b/routes/authserver/refresh.js
@@ -0,0 +1,28 @@
+const express = require("express")
+const router = express.Router()
+const authService = require("../../services/authService")
+const logger = require("../../modules/logger")
+const { DefaultError, YggdrasilError } = require("../../errors/errors")
+
+router.post("/", async (req, res) => {
+    const { accessToken, clientToken, requestUser } = req.body
+
+    try {
+        const result = await authService.refreshToken({ 
+            clientToken, 
+            previousAccessToken: accessToken, 
+            requireUser: requestUser || false 
+        })
+
+        const profileName = result.response.selectedProfile ? result.response.selectedProfile.name : "Unknown"
+        logger.log(`Session refreshed for: ${profileName}`, ["AUTH", "green"])
+        return res.status(200).json(result.response)
+    } catch (err) {
+        if (err instanceof DefaultError) {
+            throw new YggdrasilError(err.code, err.error || "ForbiddenOperationException", err.message, "Invalid token.")
+        }
+        throw err
+    }
+})
+
+module.exports = router
--- a/routes/authserver/signout.js
+++ b/routes/authserver/signout.js
@@ -0,0 +1,29 @@
+const express = require("express")
+const router = express.Router()
+const authService = require("../../services/authService")
+const logger = require("../../modules/logger")
+const { DefaultError, YggdrasilError } = require("../../errors/errors")
+
+router.post("/", async (req, res) => {
+    const { username, password } = req.body
+    try {
+        const authResult = await authService.authenticate({ 
+            identifier: username, 
+            password, 
+            requireUser: false 
+        })
+
+        const userUuid = authResult.response.selectedProfile.id
+        await authService.signout({ uuid: userUuid })
+
+        logger.log(`User signed out globally: ${username}`, ["AUTH", "green"])
+        return res.sendStatus(204)
+    } catch (err) {
+        if (err instanceof DefaultError) {
+            throw new YggdrasilError(err.code === 403 ? 403 : 500, err.error || "ForbiddenOperationException", err.message || "Invalid credentials.", "Invalid credentials.")
+        }
+        throw err
+    }
+})
+
+module.exports = router
--- a/routes/authserver/validate.js
+++ b/routes/authserver/validate.js
@@ -0,0 +1,20 @@
+const express = require("express")
+const router = express.Router()
+const authService = require("../../services/authService")
+const YggdrasilError = require("../../errors/YggdrasilError")
+const { DefaultError } = require("../../errors/errors")
+
+router.post("/", async (req, res) => {
+    const { accessToken, clientToken } = req.body
+    try {
+        await authService.validate({ accessToken, clientToken })
+        return res.sendStatus(204)
+    } catch (err) {
+        if (err instanceof DefaultError) {
+            throw new YggdrasilError(err.code, err.error || "ForbiddenOperationException", err.message, "Invalid token.")
+        }
+        throw err
+    }
+})
+
+module.exports = router
--- a/routes/index.js
+++ b/routes/index.js
@@ -0,0 +1,17 @@
+const express = require("express")
+const router = express.Router()
+const utils = require("../modules/utils")
+const serverService = require("../services/serverService")
+
+if (utils.isTrueFromDotEnv("SUPPORT_AUTHLIB_INJECTOR")) {
+    router.get("/", (req, res) => {
+        const hostname = req.hostname
+        const metadata = serverService.getServerMetadata(hostname)
+        res.header("X-Authlib-Injector-Date", new Date().toISOString())
+        return res.status(200).json(metadata)
+    })
+} else {
+    router.get("/", (req, res, next) => next())
+}
+
+module.exports = router
--- a/routes/legacy/MinecraftCloaks/[username].js
+++ b/routes/legacy/MinecraftCloaks/[username].js
@@ -0,0 +1,10 @@
+const express = require("express")
+const router = express.Router({ mergeParams: true })
+const sessionsService = require("../../../services/sessionsService")
+
+router.get("", async (req, res) => {
+    const cape = await sessionsService.getActiveCape({ username: req.params.username.replace(".png", "") })
+    return res.redirect(`/textures${cape.data.url}`)
+})
+
+module.exports = router
--- a/routes/legacy/MinecraftSkins/[username].js
+++ b/routes/legacy/MinecraftSkins/[username].js
@@ -0,0 +1,10 @@
+const express = require("express")
+const router = express.Router({ mergeParams: true })
+const sessionsService = require("../../../services/sessionsService")
+
+router.get("", async (req, res) => {
+    const cape = await sessionsService.getActiveSkin({ username: req.params.username.replace(".png", "") })
+    return res.redirect(`/textures${cape.data.url}`)
+})
+
+module.exports = router
--- a/routes/legacy/checkserver.js
+++ b/routes/legacy/checkserver.js
@@ -0,0 +1,24 @@
+const express = require("express")
+const router = express.Router()
+const sessionsService = require("../../services/sessionsService")
+
+router.get("/", async (req, res) => {
+    const { user, serverId } = req.query
+    try {
+        const result = await sessionsService.hasJoinedServer({ 
+            username: user, 
+            serverId, 
+            ip: null 
+        })
+
+        if (result.code === 200) {
+            return res.send("YES")
+        } else {
+            return res.send("NO")
+        }
+    } catch (err) {
+        return res.send("NO")
+    }
+})
+
+module.exports = router
--- a/routes/legacy/cloaks/[username].js
+++ b/routes/legacy/cloaks/[username].js
@@ -0,0 +1,10 @@
+const express = require("express")
+const router = express.Router({ mergeParams: true })
+const sessionsService = require("../../../services/sessionsService")
+
+router.get("", async (req, res) => {
+    const cape = await sessionsService.getActiveCape({ username: req.params.username.replace(".png", "") })
+    return res.redirect(`/textures${cape.data.url}`)
+})
+
+module.exports = router
--- a/routes/legacy/joinserver.js
+++ b/routes/legacy/joinserver.js
@@ -0,0 +1,26 @@
+const express = require("express")
+const router = express.Router()
+const sessionsService = require("../../services/sessionsService")
+const logger = require("../../modules/logger")
+
+router.get("/", async (req, res) => {
+    const { user, sessionId, serverId } = req.query
+    const clientIp = req.ip || req.connection.remoteAddress
+
+    try {
+        await sessionsService.joinLegacyServer({ 
+            name: user, 
+            sessionId, 
+            serverId,
+            ip: clientIp 
+        })
+
+        logger.log(`Legacy Join: ${user} -> ${serverId}`, ["AUTH", "green"])
+        return res.send("OK")
+
+    } catch (err) {
+        return res.send("Bad login")
+    }
+})
+
+module.exports = router
--- a/routes/legacy/login.js
+++ b/routes/legacy/login.js
@@ -0,0 +1,36 @@
+const express = require("express")
+const router = express.Router()
+const crypto = require("crypto")
+const authService = require("../../services/authService")
+const sessionsService = require("../../services/sessionsService")
+const logger = require("../../modules/logger")
+
+router.all("/", async (req, res) => {
+    const { user, password } = { ...req.query, ...req.body }
+
+    try {
+        const result = await authService.authenticate({ 
+            identifier: user, 
+            password, 
+            clientToken: "",
+            requireUser: false 
+        })
+
+        const profile = result.response.selectedProfile
+        const sessionId = crypto.randomBytes(16).toString("hex")
+
+        await sessionsService.registerLegacySession({ 
+            uuid: profile.id, 
+            sessionId 
+        })
+
+        logger.log(`Legacy Login: ${user}`, ["AUTH", "green"])
+
+        const timestamp = Date.now()
+        return res.send(`${timestamp}:deprecated:${profile.name}:${sessionId}:${profile.id}`)
+    } catch (err) {
+        return res.send("Bad login")
+    }
+})
+
+module.exports = router
--- a/routes/legacy/skins/[username].js
+++ b/routes/legacy/skins/[username].js
@@ -0,0 +1,10 @@
+const express = require("express")
+const router = express.Router({ mergeParams: true })
+const sessionsService = require("../../../services/sessionsService")
+
+router.get("", async (req, res) => {
+    const cape = await sessionsService.getActiveSkin({ username: req.params.username.replace(".png", "") })
+    return res.redirect(`/textures${cape.data.url}`)
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/capes/active.js
+++ b/routes/minecraftservices/minecraft/profile/capes/active.js
@@ -0,0 +1,26 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+
+router.delete("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+    await userService.hideCape(player.user.uuid)
+    return res.status(200).send()
+})
+
+router.put("/", async (req, res) => {
+    const player = await authService.verifyAccessToken(req.headers.authorization)
+    
+    await userService.showCape(player.user.uuid, req.body.capeId)
+    const [skinsResult, capesResult] = await Promise.all([userService.getSkins(player.user.uuid), userService.getCapes(player.user.uuid)])
+
+    return res.status(200).json({
+        id: player.user.uuid.replace(/-/g, ""),
+        name: player.user.username,
+        skins: skinsResult.data || [],
+        capes: capesResult.data || []
+    })
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/index.js
+++ b/routes/minecraftservices/minecraft/profile/index.js
@@ -0,0 +1,18 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../services/userService")
+const authService = require("../../../../services/authService")
+
+router.get("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer ", "") })
+    const [skinsResult, capesResult] = await Promise.all([userService.getSkins(player.user.uuid), userService.getCapes(player.user.uuid)])
+
+    return res.status(200).json({
+        id: player.uuid.replace(/-/g, ""),
+        name: player.user.username,
+        skins: skinsResult.data || [],
+        capes: capesResult.data || []
+    })
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/lookup/bulk/byname.js
+++ b/routes/minecraftservices/minecraft/profile/lookup/bulk/byname.js
@@ -0,0 +1,10 @@
+const express = require("express")
+const userService = require("../../../../../../services/userService")
+const router = express.Router()
+
+router.post("/", async (req, res) => {
+    const profiles = await userService.bulkLookup(req.body)
+    return res.status(200).json(profiles)
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/lookup/name/[username].js
+++ b/routes/minecraftservices/minecraft/profile/lookup/name/[username].js
@@ -0,0 +1,27 @@
+const express = require("express")
+const utils = require("../../../../../../modules/utils")
+const userService = require("../../../../../../services/userService")
+const authService = require("../../../../../../services/authService")
+const { ServiceError } = require("../../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("", async (req, res) => {
+    const profile = await userService.getLegacyProfile(req.params.username)
+    const isUsernameOK = await authService.checkUsernameAvailability(newName)
+    const at = req.query.at
+    if (at != undefined && utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        const history = await userService.getNameUUIDs(parseInt(at))
+        return res.status(history.code).json(history.data)
+    } else {
+        throw new ServiceError(400, req.originalUrl, "IllegalArgumentException", "Invalid timestamp.")
+    }
+    if (isUsernameOK.status != "AVAILABLE") {
+        throw new ServiceError(400, req.originalUrl, "CONSTRAINT_VIOLATION", "Invalid username.")
+    }
+    if (!profile) {
+        return res.status(204).send()
+    }
+    return res.status(200).json(profile)
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/name/[name].js
+++ b/routes/minecraftservices/minecraft/profile/name/[name].js
@@ -0,0 +1,44 @@
+const express = require("express")
+const authService = require("../../../../../services/authService")
+const { DefaultError, ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("/available", async (req, res) => {
+    try {
+        await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+        const isAvailable = await authService.checkUsernameAvailability(req.params.name)
+        return res.status(200).json({ status: isAvailable.status })
+    } catch (error) {
+        if (error instanceof DefaultError) {
+            throw new ServiceError(error.code, req.originalUrl, null, null, null)
+        }
+        throw error
+    }
+})
+
+router.put("/", async (req, res) => {
+    try {
+        const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+        const newName = req.params.name
+
+        await userService.changeUsername(player.uuid, newName)
+
+        const skinsResult = await userService.getSkins({ uuid: player.uuid })
+        const capesResult = await userService.getCapes({ uuid: player.uuid })
+
+        return res.status(200).json({
+            id: player.uuid.replace(/-/g, ""),
+            name: newName,
+            skins: skinsResult.data || [],
+            capes: capesResult.data || []
+        })
+
+    } catch (err) {
+        const mcStatus = err.code === 409 ? "DUPLICATE" : (err.code === 400 || err.code === 403) ? "NOT_ALLOWED" : null
+        const finalCode = (mcStatus === "DUPLICATE") ? 403 : (err.code || 500)
+        const errorType = mcStatus ? "FORBIDDEN" : (err.error || "Internal Server Error")
+        throw new ServiceError(finalCode, req.originalUrl, errorType, err.message, mcStatus ? { status: mcStatus } : null)
+    }
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/namechange.js
+++ b/routes/minecraftservices/minecraft/profile/namechange.js
@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../services/userService")
+const authService = require("../../../../services/authService")
+
+router.get("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer ", "") })
+    const nameChangeInformation = await userService.getPlayerNameChangeStatus(player.user.uuid)
+    return res.status(nameChangeInformation.code).json(nameChangeInformation.data)
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/skins/active.js
+++ b/routes/minecraftservices/minecraft/profile/skins/active.js
@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+
+router.delete("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+    await userService.resetSkin(player.user.uuid)
+    return res.status(200).send()
+})
+
+module.exports = router
--- a/routes/minecraftservices/minecraft/profile/skins/index.js
+++ b/routes/minecraftservices/minecraft/profile/skins/index.js
@@ -0,0 +1,77 @@
+const fs = require("node:fs")
+const path = require("node:path")
+const express = require("express")
+const router = express.Router()
+const multer = require("multer")
+const rateLimit = require("express-rate-limit")
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+const { DefaultError } = require("../../../../../errors/errors")
+
+const TEMP_DIR = path.join(process.cwd(), "data", "temp")
+
+if (!fs.existsSync(TEMP_DIR)) {
+    fs.mkdirSync(TEMP_DIR, { recursive: true })
+}
+
+const upload = multer({
+    dest: TEMP_DIR,
+    limits: { fileSize: 2 * 1024 * 1024 }
+})
+
+const uploadLimiter = rateLimit({
+    windowMs: 60 * 1000,
+    max: 20,
+    standardHeaders: true,
+    legacyHeaders: false,
+    validate: {
+        ip: false
+    },
+    keyGenerator: (req) => {
+        rateLimit.ipKeyGenerator()
+        return req.headers.authorization || req.ip
+    },
+    handler: (req, res, next, options) => {
+        throw new DefaultError(429, "Too many requests. Please try again later.")
+    }
+})
+
+
+router.post("/", uploadLimiter, async (req, res, next) => {
+        if (req.is('application/json')) {
+        try {            
+            const token = req.headers.authorization.replace("Bearer ", "").trim()
+            const player = await authService.verifyAccessToken({ accessToken: token })
+
+            await userService.uploadSkinFromUrl(player.user.uuid, req.body.url, req.body.variant)
+
+            return res.status(200).send()
+        } catch (err) {
+            return next(err)
+        }
+    } 
+    
+    else {
+        upload.single("file")(req, res, async (err) => {
+            if (err) return next(err)
+            try {
+                if (!req.headers.authorization) {
+                    if (req.file) await fs.promises.unlink(req.file.path).catch(() => {})
+                    throw new DefaultError(401, "Missing Authorization Header")
+                }
+
+                const token = req.headers.authorization.replace("Bearer ", "").trim()
+                const player = await authService.verifyAccessToken({ accessToken: token })
+
+                await userService.uploadSkin(player.user.uuid, req.file, req.body.variant)
+
+                return res.status(200).send()
+            } catch (error) {
+                if (req.file) await fs.promises.unlink(req.file.path).catch(() => {})
+                return next(error)
+            }
+        })
+    }
+})
+
+module.exports = router
--- a/routes/minecraftservices/player/attributes.js
+++ b/routes/minecraftservices/player/attributes.js
@@ -0,0 +1,34 @@
+const express = require("express")
+const userService = require("../../../services/userService")
+const authService = require("../../../services/authService")
+const router = express.Router()
+
+router.get("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+router.post("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    await userService.updatePreferences(player.user.uuid, req.body)
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+module.exports = router
--- a/routes/minecraftservices/player/certificates.js
+++ b/routes/minecraftservices/player/certificates.js
@@ -0,0 +1,12 @@
+const express = require("express")
+const userService = require("../../../services/userService")
+const authService = require("../../../services/authService")
+const router = express.Router()
+
+router.post("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+    const certificates = await userService.fetchOrGenerateCertificate(player.user.uuid)
+    return res.status(200).json(certificates.data)
+})
+
+module.exports = router
--- a/routes/minecraftservices/privacy/blocklist.js
+++ b/routes/minecraftservices/privacy/blocklist.js
@@ -0,0 +1,39 @@
+const express = require("express")
+const router = express.Router()
+const utils = require("../../../modules/utils") // Pour addDashesToUUID
+const authService = require("../../../services/authService")
+const userService = require("../../../services/userService")
+
+router.get("/", async (req, res, next) => {
+    const user = await authService.verifyUserFromHeader(req.headers.authorization)
+    const result = await userService.getBlockedUuids(user.uuid)
+    return res.status(200).json({ 
+        blockedProfiles: result.data || [] 
+    })
+})
+
+router.put("/:uuid", async (req, res, next) => {
+    const user = await authService.verifyUserFromHeader(req.headers.authorization)
+    const targetUuid = utils.addDashesToUUID(req.params.uuid)
+
+    await userService.blockPlayer(user.uuid, targetUuid)
+
+    const result = await userService.getBlockedUuids(user.uuid)
+    return res.status(200).json({ 
+        blockedProfiles: result.data || [] 
+    })
+})
+
+router.delete("/:uuid", async (req, res, next) => {
+    const user = await authService.verifyUserFromHeader(req.headers.authorization)
+    const targetUuid = utils.addDashesToUUID(req.params.uuid)
+
+    await userService.unblockPlayer(user.uuid, targetUuid)
+
+    const result = await userService.getBlockedUuids(user.uuid)
+    return res.status(200).json({ 
+        blockedProfiles: result.data || [] 
+    })
+})
+
+module.exports = router
--- a/routes/minecraftservices/privileges.js
+++ b/routes/minecraftservices/privileges.js
@@ -0,0 +1,34 @@
+const express = require("express")
+const userService = require("../../services/userService")
+const authService = require("../../services/authService")
+const router = express.Router()
+
+router.get("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+router.post("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    await userService.updatePreferences(player.user.uuid, req.body)
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+module.exports = router
--- a/routes/minecraftservices/productvoucher.js
+++ b/routes/minecraftservices/productvoucher.js
@@ -0,0 +1,14 @@
+const express = require("express")
+const router = express.Router()
+
+router.get("/giftcode", (req, res) => {
+    return res.status(404).json({
+        path: "/productvoucher/giftcode",
+        errorType: "NOT_FOUND",
+        error: "NOT_FOUND",
+        errorMessage: "The server has not found anything matching the request URI",
+        developerMessage: "The server has not found anything matching the request URI"
+    })
+})
+
+module.exports = router
--- a/routes/minecraftservices/publickeys.js
+++ b/routes/minecraftservices/publickeys.js
@@ -0,0 +1,18 @@
+const express = require("express")
+const router = express.Router()
+const certificatesManager = require("../../modules/certificatesManager")
+
+router.get("", (req, res) => {
+    const keys = certificatesManager.getKeys()
+    const publicKeys = {}
+    for (const key in keys) {
+        publicKeys[key] = [
+            {
+                publicKey: certificatesManager.extractKeyFromPem(keys[key].public)
+            }
+        ]
+    }
+    return res.status(200).json(publicKeys)
+})
+
+module.exports = router
--- a/routes/register.js
+++ b/routes/register.js
@@ -0,0 +1,44 @@
+const express = require("express")
+const router = express.Router()
+const utils = require("../modules/utils") 
+const logger = require("../modules/logger") 
+const authService = require("../services/authService")
+const adminService = require("../services/adminService")
+
+if (utils.isTrueFromDotEnv("SUPPORT_REGISTER")) {
+    router.post("/", adminService.hasPermission("REGISTER_USER"), async (req, res) => {
+        const { username, password, email, registrationCountry, preferredLanguage } = req.body
+        const clientIp = req.headers["x-forwarded-for"] || req.connection.remoteAddress
+
+        const result = await authService.registerUser({
+            username, 
+            password, 
+            email, 
+            registrationCountry, 
+            preferredLanguage,
+            clientIp
+        })
+
+        logger.log(`New user registered: ${username}`, ["Web", "yellow", "AUTH", "green"])
+        return res.status(200).json(result)
+    })
+} else {
+    router.post("/", async (req, res) => {
+        const { username, password, email, registrationCountry, preferredLanguage } = req.body
+        const clientIp = req.headers["x-forwarded-for"] || req.connection.remoteAddress
+
+        const result = await authService.registerUser({
+            username, 
+            password, 
+            email, 
+            registrationCountry, 
+            preferredLanguage,
+            clientIp
+        })
+
+        logger.log(`New user registered: ${username}`, ["Web", "yellow", "AUTH", "green"])
+        return res.status(200).json(result)
+    })
+}
+
+module.exports = router
--- a/routes/sessionserver/blockedservers.js
+++ b/routes/sessionserver/blockedservers.js
@@ -0,0 +1,18 @@
+const express = require("express")
+const router = express.Router()
+const sessionsService = require("../../services/sessionsService")
+const { DefaultError } = require("../../errors/errors")
+
+router.get("", async (req, res) => {
+    const serviceResult = await sessionsService.getBlockedServers()
+    if (serviceResult instanceof DefaultError) {
+        return res.status(200).send("")
+    }
+    const finalList = []
+    for (const server of serviceResult.blockedServers) {
+        finalList.push(server.sha1)
+    }
+    return res.status(200).send(finalList.join("\r\n"))
+})
+
+module.exports = router
--- a/routes/sessionserver/session/minecraft/hasJoined.js
+++ b/routes/sessionserver/session/minecraft/hasJoined.js
@@ -0,0 +1,24 @@
+const express = require("express")
+const router = express.Router()
+const sessionsService = require("../../../../services/sessionsService")
+const logger = require("../../../../modules/logger")
+const { YggdrasilError, DefaultError } = require("../../../../errors/errors")
+
+router.get("/", async (req, res) => {
+    const { username, serverId, ip } = req.query
+    try {
+        const result = await sessionsService.hasJoinedServer({ username, serverId, ip })
+        if (result.code === 200) {
+            logger.log(`Server join verified for: ${username}`, ["SESSION", "green"])
+            return res.status(200).json(result.data)
+        }
+        return res.status(204).end()
+    } catch (err) {
+        if (err instanceof DefaultError) {
+            throw new YggdrasilError(err.code, err.error || "InternalServerError", err.message, err.cause)
+        }
+        throw err
+    }
+})
+
+module.exports = router
--- a/routes/sessionserver/session/minecraft/join.js
+++ b/routes/sessionserver/session/minecraft/join.js
@@ -0,0 +1,66 @@
+const path = require("path")
+const express = require("express")
+const router = express.Router()
+const utils = require("../../../../modules/utils")
+const authService = require("../../../../services/authService")
+const sessionsService = require("../../../../services/sessionsService")
+const userRepository = require("../../../../repositories/userRepository")
+const logger = require("../../../../modules/logger")
+const { SessionError, DefaultError } = require("../../../../errors/errors")
+
+router.post("/", async (req, res) => {
+    const { accessToken, selectedProfile, serverId } = req.body
+
+    try {
+        const verificationResult = await authService.verifyAccessToken({ accessToken })
+        const tokenUuid = verificationResult.user.uuid
+        const requestedProfile = utils.addDashesToUUID(selectedProfile)
+
+        if (tokenUuid !== requestedProfile) {
+            throw new SessionError(403, "Forbidden", "You cannot join with a profile that is not yours.", req.originalUrl)
+        }
+
+        const bansResult = await userRepository.getPlayerBans(tokenUuid)
+        if (bansResult.code === 200 && bansResult.bans && bansResult.bans.length > 0) {
+            const activeBan = bansResult.bans[0]
+            throw new SessionError(
+                403, 
+                "UserBannedException", 
+                activeBan.reasonMessage || "You are banned from multiplayer.", 
+                req.originalUrl
+            )
+        }
+
+        try {
+            const privsResult = await userRepository.getPlayerPrivileges(tokenUuid)
+            if (privsResult.code === 200 && privsResult.data) {
+                if (!privsResult.data.multiplayerServer) {
+                    throw new SessionError(403, "InsufficientPrivilegesException", "Multiplayer is disabled for your account.", req.originalUrl)
+                }
+            }
+        } catch (privError) {
+            if (privError instanceof DefaultError && privError.code !== 404) throw privError
+        }
+        const ip = req.headers["x-forwarded-for"] || req.socket.remoteAddress
+        await sessionsService.joinServer({ 
+            clientToken: verificationResult.session.clientToken, 
+            accessToken, 
+            selectedProfile: requestedProfile, 
+            serverId, 
+            ip 
+        })
+        logger.log(`Server join success: ${verificationResult.user.username}`, ["SESSION", "green"])
+        return res.status(204).end()
+    } catch (err) {
+        console.log(err)
+        if (err instanceof SessionError) throw err
+        if (err instanceof DefaultError) {
+            const statusCode = err.code === 401 ? 403 : (err.code || 500)
+            const errorName = "Forbidden" 
+            throw new SessionError(statusCode, errorName, err.message, req.originalUrl)
+        }
+        throw new SessionError(500, "Forbidden", "Internal Server Error", req.originalUrl)
+    }
+})
+
+module.exports = router
--- a/routes/sessionserver/session/minecraft/profile/[uuid].js
+++ b/routes/sessionserver/session/minecraft/profile/[uuid].js
@@ -0,0 +1,29 @@
+const express = require("express")
+const router = express.Router({ mergeParams: true })
+const sessionsService = require("../../../../../services/sessionsService")
+const { SessionError, DefaultError } = require("../../../../../errors/errors")
+
+router.get("", async (req, res) => {
+    const { uuid } = req.params
+    const { unsigned } = req.query
+    const isUnsigned = (unsigned == undefined || unsigned == "true") ? true : false
+
+    try {
+        const result = await sessionsService.getProfile({ 
+            uuid: uuid,
+            unsigned: isUnsigned 
+        })
+        if (result.code === 200) {
+            return res.status(200).json(result.data)
+        }
+        if (result.code === 204) {
+            throw new SessionError(404, undefined, "Not a valid UUID", req.originalUrl)
+        }
+        throw new DefaultError(500, undefined, "Unknown error", req.originalUrl)
+    } catch (err) {
+        const errorMessage = err.message || "Not a valid UUID"
+        throw new SessionError(400, undefined, errorMessage, req.originalUrl)
+    }
+})
+
+module.exports = router
--- a/routes/textures/texture/[hash].js
+++ b/routes/textures/texture/[hash].js
@@ -0,0 +1,22 @@
+const express = require("express")
+const router = express.Router({ mergeParams: true })
+const path = require("node:path")
+const fs = require("node:fs")
+const { DefaultError } = require("../../../errors/errors")
+
+const TEXTURES_DIR = path.join(process.cwd(), "data", "textures")
+
+router.get("/", async (req, res, next) => {
+    try {
+        const hash = req.params.hash
+        const filePath = path.join(TEXTURES_DIR, hash)
+        if (!fs.existsSync(filePath)) {
+            throw new DefaultError(404, "Texture not found")
+        }
+        res.sendFile(filePath)
+    } catch (err) {
+        return next(err)
+    }
+})
+
+module.exports = router