Add validation schemas and improve texture handling

Introduces zod-based validation schemas for Minecraft and Mojang API endpoints. Refactors texture route to support hash-based file serving and removes the old static texture route. Updates database schema for player properties and adds an event to clean expired certificates. Improves ValidationError formatting, adjusts skin/cape URL construction, and adds SSRF protection for skin uploads.
2025-12-28 09:02:10 +01:00
parent 1fe46a03fd
commit 5cfadfd7ac
29 changed files with 490 additions and 24 deletions
--- a/routes/minecraftservices/minecraft/profile/namechange.js
+++ b/routes/minecraftservices/minecraft/profile/namechange.js
@@ -3,7 +3,7 @@ const router = express.Router()
 const userService = require("../../../../services/userService")
 const authService = require("../../../../services/authService")

-router.put("/", async (req, res) => {
+router.get("/", async (req, res) => {
    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer ", "") })
    const nameChangeInformation = await userService.getPlayerNameChangeStatus(player.user.uuid)
    return res.status(nameChangeInformation.code).json(nameChangeInformation.data)
--- a/routes/minecraftservices/minecraft/profile/skins/index.js
+++ b/routes/minecraftservices/minecraft/profile/skins/index.js
@@ -1,3 +1,5 @@
+const fs = require("node:fs")
+const path = require("node:path")
 const express = require("express")
 const router = express.Router()
 const multer = require("multer")
@@ -22,7 +24,11 @@ const uploadLimiter = rateLimit({
    max: 20,
    standardHeaders: true,
    legacyHeaders: false,
+    validate: {
+        ip: false
+    },
    keyGenerator: (req) => {
+        rateLimit.ipKeyGenerator()
        return req.headers.authorization || req.ip
    },
    handler: (req, res, next, options) => {