Add Minecraft services API routes and user service

Introduces new routes under /minecraftservices and /mojangapi for profile, skin, cape, blocklist, privileges, and certificate management. Adds a comprehensive userService module to handle user-related operations, and extends userRepository with methods for username changes, skin/cape management, blocking, and profile lookups. Refactors username availability logic into authService, updates error handling, and improves logger and utility functions. Also updates route handlers to use consistent return statements and enhances route registration logging.

routes/authserver/authenticate.js

@@ -11,7 +11,7 @@ const limiter = rateLimit({
     standardHeaders: true,
     legacyHeaders: false,
     handler: (req, res) => {
-        res.status(429).json({
+        return res.status(429).json({
             error: "TooManyRequestsException",
             errorMessage: "Too many login attempts, please try again later."
         })
@@ -29,7 +29,7 @@ router.post("/", limiter, async (req, res) => {
         })
 
         logger.log(`User authenticated: ${username}`, ["AUTH", "green"])
-        res.status(200).json(result.response)
+        return res.status(200).json(result.response)
     } catch (err) {
         if (err instanceof DefaultError) {
             throw new YggdrasilError( err.code, err.error || "ForbiddenOperationException", err.message, "Invalid credentials")

routes/authserver/invalidate.js

@@ -8,7 +8,7 @@ router.post("/", async (req, res) => {
     const { accessToken, clientToken } = req.body
     try {
         await authService.invalidate({ accessToken, clientToken })
-        res.sendStatus(204)
+        return res.sendStatus(204)
     } catch (err) {
         if (err instanceof DefaultError) {
             throw new YggdrasilError(err.code, err.error || "ForbiddenOperationException", err.message, "Invalid token.")

routes/authserver/refresh.js

@@ -16,9 +16,7 @@ router.post("/", async (req, res) => {
 
         const profileName = result.response.selectedProfile ? result.response.selectedProfile.name : "Unknown"
         logger.log(`Session refreshed for: ${profileName}`, ["AUTH", "green"])
-
-        res.status(200).json(result.response)
-
+        return res.status(200).json(result.response)
     } catch (err) {
         if (err instanceof DefaultError) {
             throw new YggdrasilError(err.code, err.error || "ForbiddenOperationException", err.message, "Invalid token.")

routes/authserver/signout.js

@@ -17,8 +17,7 @@ router.post("/", async (req, res) => {
         await authService.signout({ uuid: userUuid })
 
         logger.log(`User signed out globally: ${username}`, ["AUTH", "green"])
-        res.sendStatus(204)
-
+        return res.sendStatus(204)
     } catch (err) {
         if (err instanceof DefaultError) {
             throw new YggdrasilError(err.code === 403 ? 403 : 500, err.error || "ForbiddenOperationException", err.message || "Invalid credentials.", "Invalid credentials.")

routes/authserver/validate.js

@@ -8,7 +8,7 @@ router.post("/", async (req, res) => {
     const { accessToken, clientToken } = req.body
     try {
         await authService.validate({ accessToken, clientToken })
-        res.sendStatus(204)
+        return res.sendStatus(204)
     } catch (err) {
         if (err instanceof DefaultError) {
             throw new YggdrasilError(err.code, err.error || "ForbiddenOperationException", err.message, "Invalid token.")

routes/minecraftservices/minecraft/profile/capes/active.js

@@ -0,0 +1,26 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+
+router.delete("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization })
+    await userService.hideCape(player.user.uuid)
+    return res.status(200).send()
+})
+
+router.put("/", async (req, res) => {
+    const player = await authService.verifyAccessToken(req.headers.authorization)
+    
+    await userService.showCape(player.user.uuid, req.body.capeId)
+    const [skinsResult, capesResult] = await Promise.all([userService.getSkins(player.user.uuid), userService.getCapes(player.user.uuid)])
+
+    return res.status(200).json({
+        id: player.user.uuid.replace(/-/g, ""),
+        name: player.user.username,
+        skins: skinsResult.data || [],
+        capes: capesResult.data || []
+    })
+})
+
+module.exports = router

routes/minecraftservices/minecraft/profile/index.js

@@ -0,0 +1,18 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../services/userService")
+const authService = require("../../../../services/authService")
+
+router.get("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer ", "") })
+    const [skinsResult, capesResult] = await Promise.all([userService.getSkins(player.user.uuid), userService.getCapes(player.user.uuid)])
+
+    return res.status(200).json({
+        id: player.uuid.replace(/-/g, ""),
+        name: player.user.username,
+        skins: skinsResult.data || [],
+        capes: capesResult.data || []
+    })
+})
+
+module.exports = router

routes/minecraftservices/minecraft/profile/lookup/bulk/byname.js

@@ -0,0 +1,10 @@
+const express = require("express")
+const userService = require("../../../../../../services/userService")
+const router = express.Router()
+
+router.post("/", async (req, res) => {
+    const profiles = await userService.bulkLookup(req.body)
+    return res.status(200).json(profiles)
+})
+
+module.exports = router

routes/minecraftservices/minecraft/profile/lookup/name/[username].js

@@ -0,0 +1,27 @@
+const express = require("express")
+const utils = require("../../../../../../modules/utils")
+const userService = require("../../../../../../services/userService")
+const authService = require("../../../../../../services/authService")
+const { ServiceError } = require("../../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("", async (req, res) => {
+    const profile = await userService.getLegacyProfile(req.params.username)
+    const isUsernameOK = await authService.checkUsernameAvailability(newName)
+    const at = req.query.at
+    if (at != undefined && utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        const history = await userService.getNameUUIDs(parseInt(at))
+        return res.status(history.code).json(history.data)
+    } else {
+        throw new ServiceError(400, req.originalUrl, "IllegalArgumentException", "Invalid timestamp.")
+    }
+    if (isUsernameOK.status != "AVAILABLE") {
+        throw new ServiceError(400, req.originalUrl, "CONSTRAINT_VIOLATION", "Invalid username.")
+    }
+    if (!profile) {
+        return res.status(204).send()
+    }
+    return res.status(200).json(profile)
+})
+
+module.exports = router

routes/minecraftservices/minecraft/profile/name/[name].js

@@ -0,0 +1,44 @@
+const express = require("express")
+const authService = require("../../../../../services/authService")
+const { DefaultError, ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("/available", async (req, res) => {
+    try {
+        await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+        const isAvailable = await authService.checkUsernameAvailability(req.params.name)
+        return res.status(200).json({ status: isAvailable.status })
+    } catch (error) {
+        if (error instanceof DefaultError) {
+            throw new ServiceError(error.code, req.originalUrl, null, null, null)
+        }
+        throw error
+    }
+})
+
+router.put("/", async (req, res) => {
+    try {
+        const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+        const newName = req.params.name
+
+        await userService.changeUsername(player.uuid, newName)
+
+        const skinsResult = await userService.getSkins({ uuid: player.uuid })
+        const capesResult = await userService.getCapes({ uuid: player.uuid })
+
+        return res.status(200).json({
+            id: player.uuid.replace(/-/g, ""),
+            name: newName,
+            skins: skinsResult.data || [],
+            capes: capesResult.data || []
+        })
+
+    } catch (err) {
+        const mcStatus = err.code === 409 ? "DUPLICATE" : (err.code === 400 || err.code === 403) ? "NOT_ALLOWED" : null
+        const finalCode = (mcStatus === "DUPLICATE") ? 403 : (err.code || 500)
+        const errorType = mcStatus ? "FORBIDDEN" : (err.error || "Internal Server Error")
+        throw new ServiceError(finalCode, req.originalUrl, errorType, err.message, mcStatus ? { status: mcStatus } : null)
+    }
+})
+
+module.exports = router

routes/minecraftservices/minecraft/profile/namechange.js

@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../services/userService")
+const authService = require("../../../../services/authService")
+
+router.put("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer ", "") })
+    const nameChangeInformation = await userService.getPlayerNameChangeStatus(player.user.uuid)
+    return res.status(nameChangeInformation.code).json(nameChangeInformation.data)
+})
+
+module.exports = router

routes/minecraftservices/minecraft/profile/skins/active.js

@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+
+router.delete("/", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization })
+    await userService.resetSkin(player.user.uuid)
+    return res.status(200).send()
+})
+
+module.exports = router

routes/minecraftservices/player/attributes.js

@@ -0,0 +1,34 @@
+const express = require("express")
+const userService = require("../../../services/userService")
+const authService = require("../../../services/authService")
+const router = express.Router()
+
+router.get("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+router.post("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    await userService.updatePreferences(player.user.uuid, req.body)
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+module.exports = router

routes/minecraftservices/player/certificates.js

@@ -0,0 +1,12 @@
+const express = require("express")
+const userService = require("../../../services/userService")
+const authService = require("../../../services/authService")
+const router = express.Router()
+
+router.post("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+    const certificates = await userService.fetchOrGenerateCertificate(player.user.uuid)
+    return res.status(200).json(certificates.data)
+})
+
+module.exports = router

routes/minecraftservices/privacy/blocklist.js

@@ -0,0 +1,39 @@
+const express = require("express")
+const router = express.Router()
+const utils = require("../../../modules/utils") // Pour addDashesToUUID
+const authService = require("../../../services/authService")
+const userService = require("../../../services/userService")
+
+router.get("/", async (req, res, next) => {
+    const user = await authService.verifyUserFromHeader(req.headers.authorization)
+    const result = await userService.getBlockedUuids(user.uuid)
+    return res.status(200).json({ 
+        blockedProfiles: result.data || [] 
+    })
+})
+
+router.put("/:uuid", async (req, res, next) => {
+    const user = await authService.verifyUserFromHeader(req.headers.authorization)
+    const targetUuid = utils.addDashesToUUID(req.params.uuid)
+
+    await userService.blockPlayer(user.uuid, targetUuid)
+
+    const result = await userService.getBlockedUuids(user.uuid)
+    return res.status(200).json({ 
+        blockedProfiles: result.data || [] 
+    })
+})
+
+router.delete("/:uuid", async (req, res, next) => {
+    const user = await authService.verifyUserFromHeader(req.headers.authorization)
+    const targetUuid = utils.addDashesToUUID(req.params.uuid)
+
+    await userService.unblockPlayer(user.uuid, targetUuid)
+
+    const result = await userService.getBlockedUuids(user.uuid)
+    return res.status(200).json({ 
+        blockedProfiles: result.data || [] 
+    })
+})
+
+module.exports = router

routes/minecraftservices/privileges.js

@@ -0,0 +1,34 @@
+const express = require("express")
+const userService = require("../../services/userService")
+const authService = require("../../services/authService")
+const router = express.Router()
+
+router.get("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+router.post("", async (req, res) => {
+    const player = await authService.verifyAccessToken({ accessToken: req.headers.authorization.replace("Bearer", "").trim() })
+
+    await userService.updatePreferences(player.user.uuid, req.body)
+
+    const [preferencesResult, privilegesResult, banStatus] = await Promise.all([userService.getPreferences(player.user.uuid), userService.getPrivileges(player.user.uuid), userService.getPlayerBanStatus(player.user.uuid)])
+    return res.status(200).json({
+        privileges: privilegesResult.data,
+        ...preferencesResult.data,
+        banStatus: {
+            bannedScopes: banStatus.isBanned ? { MULTIPLAYER: banStatus.activeBan } : {}
+        }
+    })
+})
+
+module.exports = router

routes/minecraftservices/productvoucher.js

@@ -2,7 +2,7 @@ const express = require("express")
 const router = express.Router()
 
 router.get("/giftcode", (req, res) => {
-    res.status(404).json({
+    return res.status(404).json({
         path: "/productvoucher/giftcode",
         errorType: "NOT_FOUND",
         error: "NOT_FOUND",

routes/minecraftservices/publickeys.js

@@ -12,7 +12,7 @@ router.get("", (req, res) => {
             }
         ]
     }
-    res.status(200).json(publicKeys)
+    return res.status(200).json(publicKeys)
 })
 
 module.exports = router

routes/mojangapi/minecraft/profile/lookup/bulk/byname.js

@@ -0,0 +1,10 @@
+const express = require("express")
+const userService = require("../../../../../../services/userService")
+const router = express.Router()
+
+router.post("/", async (req, res) => {
+    const profiles = await userService.bulkLookup(req.body)
+    return res.status(200).json(profiles)
+})
+
+module.exports = router

routes/mojangapi/profile/lookup/name/[username].js

@@ -0,0 +1,28 @@
+const express = require("express")
+const utils = require("../../../../../modules/utils")
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+const { ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+
+router.get("", async (req, res) => {
+    const profile = await userService.getLegacyProfile(req.params.username)
+    const isUsernameOK = await authService.checkUsernameAvailability(newName)
+    const at = req.query.at
+    if (at != undefined && utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        const history = await userService.getNameUUIDs(parseInt(at))
+        return res.status(history.code).json(history.data)
+    } else {
+        throw new ServiceError(400, req.originalUrl, "IllegalArgumentException", "Invalid timestamp.")
+    }
+    if (isUsernameOK.status != "AVAILABLE") {
+        throw new ServiceError(400, req.originalUrl, "CONSTRAINT_VIOLATION", "Invalid username.")
+    }
+    if (!profile) {
+        return res.status(204).send()
+    }
+    return res.status(200).json(profile)
+})
+
+module.exports = router

routes/mojangapi/profiles/minecraft.js

@@ -0,0 +1,10 @@
+const express = require("express")
+const userService = require("../../../services/userService")
+const router = express.Router()
+
+router.post("/", async (req, res) => {
+    const profiles = await userService.bulkLookup(req.body)
+    return res.status(200).json(profiles)
+})
+
+module.exports = router

routes/mojangapi/user/profiles/[uuid]/names.js

@@ -0,0 +1,15 @@
+const express = require("express")
+const utils = require("../../../../../modules/utils")
+const userService = require("../../../../../services/userService")
+const { ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("/", async (req, res) => {
+    if (!utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        throw new ServiceError(404, req.originalUrl, "Not found", null, null)
+    }
+    const history = await userService.getPlayerUsernamesHistory(req.params.uuid)
+    return res.status(200).json(history)
+})
+
+module.exports = router

routes/mojangapi/users/profiles/minecraft/[username].js

@@ -0,0 +1,27 @@
+const express = require("express")
+const utils = require("../../../../../modules/utils")
+const userService = require("../../../../../services/userService")
+const authService = require("../../../../../services/authService")
+const { ServiceError } = require("../../../../../errors/errors")
+const router = express.Router({ mergeParams: true })
+
+router.get("", async (req, res) => {
+    const profile = await userService.getLegacyProfile(req.params.username)
+    const isUsernameOK = await authService.checkUsernameAvailability(newName)
+    const at = req.query.at
+    if (at != undefined && utils.isTrueFromDotEnv("SUPPORT_UUID_TO_NAME_HISTORY")) {
+        const history = await userService.getNameUUIDs(parseInt(at))
+        return res.status(history.code).json(history.data)
+    } else {
+        throw new ServiceError(400, req.originalUrl, "IllegalArgumentException", "Invalid timestamp.")
+    }
+    if (isUsernameOK.status != "AVAILABLE") {
+        throw new ServiceError(400, req.originalUrl, "CONSTRAINT_VIOLATION", "Invalid username.")
+    }
+    if (!profile) {
+        return res.status(204).send()
+    }
+    return res.status(200).json(profile)
+})
+
+module.exports = router