Add validation schemas and improve texture handling

Introduces zod-based validation schemas for Minecraft and Mojang API endpoints. Refactors texture route to support hash-based file serving and removes the old static texture route. Updates database schema for player properties and adds an event to clean expired certificates. Improves ValidationError formatting, adjusts skin/cape URL construction, and adds SSRF protection for skin uploads.
2025-12-28 09:02:10 +01:00
parent 1fe46a03fd
commit 5cfadfd7ac
29 changed files with 490 additions and 24 deletions
--- a/schemas/mojangapi/minecraft/profile/lookup/bulk/byname.js
+++ b/schemas/mojangapi/minecraft/profile/lookup/bulk/byname.js
@@ -0,0 +1,18 @@
+const z = require("zod")
+
+module.exports = {
+    POST: {
+        headers: z.object({
+            "content-type": z.string()
+                .regex(/application\/json/i, { message: "Content-Type must be application/json" })
+        }),
+        body: z.array(z.string().trim().min(1))
+            .min(1, { message: "RequestPayload is an empty array." })
+            .max(10, { message: "RequestPayload has more than 10 elements." }),
+        error: {
+            code: 400,
+            error: "CONSTRAINT_VIOLATION",
+            errorMessage: "size must be between 1 and 10"
+        }
+    }
+}
--- a/schemas/mojangapi/profile/lookup/name/[username].js
+++ b/schemas/mojangapi/profile/lookup/name/[username].js
@@ -0,0 +1,13 @@
+const z = require("zod")
+
+module.exports = {
+    GET: {
+        params: z.object({
+            username: z.string().min(1, { message: "Username is required." })
+        }),
+        error: {
+            code: 404,
+            message: "Not Found"
+        }
+    }
+}
--- a/schemas/mojangapi/profiles/minecraft.js
+++ b/schemas/mojangapi/profiles/minecraft.js
@@ -0,0 +1,18 @@
+const z = require("zod")
+
+module.exports = {
+    POST: {
+        headers: z.object({
+            "content-type": z.string()
+                .regex(/application\/json/i, { message: "Content-Type must be application/json" })
+        }),
+        body: z.array(z.string().trim().min(1))
+            .min(1, { message: "RequestPayload is an empty array." })
+            .max(10, { message: "RequestPayload has more than 10 elements." }),
+        error: {
+            code: 400,
+            error: "CONSTRAINT_VIOLATION",
+            errorMessage: "size must be between 1 and 10"
+        }
+    }
+}
--- a/schemas/mojangapi/user/profiles/[uuid]/names.js
+++ b/schemas/mojangapi/user/profiles/[uuid]/names.js
@@ -0,0 +1,18 @@
+const z = require("zod")
+
+module.exports = {
+    GET: {
+        headers: z.object({
+            "content-type": z.string()
+                .regex(/application\/json/i, { message: "Content-Type must be application/json" })
+                .optional()
+        }),
+        params: z.object({
+            uuid: z.string().uuid({ message: "Invalid UUID format." })
+        }),
+        error: {
+            code: 204,
+            message: "No content"
+        }
+    }
+}
--- a/schemas/mojangapi/users/profiles/minecraft/[username].js
+++ b/schemas/mojangapi/users/profiles/minecraft/[username].js
@@ -0,0 +1,13 @@
+const z = require("zod")
+
+module.exports = {
+    GET: {
+        params: z.object({
+            username: z.string().min(1, { message: "Username is required." })
+        }),
+        error: {
+            code: 404,
+            message: "Not Found"
+        }
+    }
+}