Add validation schemas and improve texture handling

Introduces zod-based validation schemas for Minecraft and Mojang API endpoints. Refactors texture route to support hash-based file serving and removes the old static texture route. Updates database schema for player properties and adds an event to clean expired certificates. Improves ValidationError formatting, adjusts skin/cape URL construction, and adds SSRF protection for skin uploads.

schemas/minecraftservices/player/attributes.js

@@ -0,0 +1,29 @@
+const z = require("zod")
+
+module.exports = {
+    GET: {
+        headers: z.object({
+            "authorization": z.string().min(1, { message: "Authorization header is required." })
+        }),
+        error: {
+            code: 401,
+            message: "Unauthorized"
+        }
+    },
+    POST: {
+        headers: z.object({
+            "content-type": z.string()
+                .regex(/application\/json/i, { message: "Content-Type must be application/json" }),
+            "authorization": z.string().min(1, { message: "Authorization header is required." })
+        }),
+        body: z.object({
+            profanityFilterPreferences: z.object({
+                profanityFilterOn: z.boolean({ required_error: "profanityFilterOn is required" })
+            })
+        }),
+        error: {
+            code: 400,
+            message: "Invalid attributes format."
+        }
+    }
+}

schemas/minecraftservices/player/certificates.js

@@ -0,0 +1,13 @@
+const z = require("zod")
+
+module.exports = {
+    POST: {
+        headers: z.object({
+            "authorization": z.string().min(1, { message: "Authorization header is required." })
+        }),
+        error: {
+            code: 401,
+            message: "Unauthorized"
+        }
+    }
+}