Add validation schemas and improve texture handling

Introduces zod-based validation schemas for Minecraft and Mojang API endpoints. Refactors texture route to support hash-based file serving and removes the old static texture route. Updates database schema for player properties and adds an event to clean expired certificates. Improves ValidationError formatting, adjusts skin/cape URL construction, and adds SSRF protection for skin uploads.
2025-12-28 09:02:10 +01:00
parent 1fe46a03fd
commit 5cfadfd7ac
29 changed files with 490 additions and 24 deletions
--- a/schemas/minecraftservices/minecraft/profile/name/[name].js
+++ b/schemas/minecraftservices/minecraft/profile/name/[name].js
@@ -0,0 +1,22 @@
+const z = require("zod")
+
+const nameSchema = z.string()
+    .min(1)
+    .max(16)
+    .regex(/^[a-zA-Z0-9_]+$/, { message: "Name can only contain alphanumeric characters and underscores." });
+
+module.exports = {
+    PUT: {
+        headers: z.object({
+            "authorization": z.string().min(1, { message: "Authorization header is required." })
+        }),
+        params: z.object({
+            name: nameSchema
+        }),
+        error: {
+            code: 400,
+            error: "CONSTRAINT_VIOLATION",
+            errorMessage: "Invalid profile name"
+        }
+    }
+}
--- a/schemas/minecraftservices/minecraft/profile/name/[name]/available.js
+++ b/schemas/minecraftservices/minecraft/profile/name/[name]/available.js
@@ -0,0 +1,21 @@
+const z = require("zod")
+
+const nameSchema = z.string()
+    .min(1)
+    .max(16)
+    .regex(/^[a-zA-Z0-9_]+$/, { message: "Name can only contain alphanumeric characters and underscores." });
+
+module.exports = {
+    GET: {
+        headers: z.object({
+            "authorization": z.string().min(1, { message: "Authorization header is required." })
+        }),
+        params: z.object({
+            name: nameSchema
+        }),
+        error: {
+            code: 401,
+            message: "Unauthorized"
+        }
+    }
+}