drop support for usernames

Mojang has disabled their legacy skins API: https://twitter.com/MojangSupport/status/964511258601865216 With their API rate limits, it's now practially impossible for us to support usernames. Fixes #142. The default parameter allows using: - UUID - URL - MHF_Alex - MHF_Steve - Alex - Steve Contrary to UUIDs, using alex/steve doesn't redirect and instead provides the skin from a locally stored file.
2026-05-06 11:00:39 +02:00 · 2018-02-16 18:01:41 +01:00
parent a187fb26d4
commit dff58c66e7
11 changed files with 176 additions and 582 deletions
--- a/lib/helpers.js
+++ b/lib/helpers.js
@@ -8,7 +8,7 @@ var path = require("path");
 var fs = require("fs");

 // 0098cb60-fa8e-427c-b299-793cbd302c9a
-var valid_user_id = /^([0-9a-f-A-F-]{32,36}|[a-zA-Z0-9_]{1,16})$/; // uuid|username
+var valid_user_id = /^[0-9a-f-A-F-]{32,36}$/; // uuid
 var hash_pattern = /[0-9a-f]+$/;

 // gets the hash from the textures.minecraft.net +url+
@@ -22,10 +22,7 @@ function get_hash(url) {
 // callback: error, skin hash, slim
 function store_skin(rid, userId, profile, cache_details, callback) {
  networking.get_skin_info(rid, userId, profile, function(err, url, slim) {
-    if (!err && userId.length > 16) {
-      // updating username with model info from uuid details
-      cache.set_slim(rid, profile.name, slim);
-    } else {
+    if (err) {
      slim = cache_details ? cache_details.slim : undefined;
    }

@@ -161,7 +158,6 @@ function resume(userId, type, err, hash, slim) {
 // image type should be called back on
 // callback: error, image hash, slim
 function store_images(rid, userId, cache_details, type, callback) {
-  var is_uuid = userId.length > 16;
  if (requests[type]["!" + userId]) {
    logging.debug(rid, "adding to request queue");
    push_request(userId, type, callback);
@@ -169,8 +165,8 @@ function store_images(rid, userId, cache_details, type, callback) {
    // add request to the queue
    push_request(userId, type, callback);

-    networking.get_profile(rid, (is_uuid ? userId : null), function(err, profile) {
-      if (err || (is_uuid && !profile)) {
+    networking.get_profile(rid, userId, function(err, profile) {
+      if (err || !profile) {
        // error or uuid without profile
        if (!err && !profile) {
          // no error, but uuid without profile
@@ -212,8 +208,8 @@ function store_images(rid, userId, cache_details, type, callback) {

 var exp = {};

-// returns true if the +userId+ is a valid userId or username
-// the userId may be not exist, however
+// returns true if the +userId+ is a valid userId
+// the UUID might not exist, however
 exp.id_valid = function(userId) {
  return valid_user_id.test(userId);
 };
--- a/lib/networking.js
+++ b/lib/networking.js
@@ -6,29 +6,10 @@ var skins = require("./skins");
 require("./object-patch");

 var session_url = "https://sessionserver.mojang.com/session/minecraft/profile/";
-var skins_url = "https://skins.minecraft.net/MinecraftSkins/";
-var capes_url = "https://skins.minecraft.net/MinecraftCloaks/";
 var textures_url = "http://textures.minecraft.net/texture/";
-var mojang_urls = [skins_url, capes_url];

 var exp = {};

-// helper method that calls `get_username_url` or `get_uuid_info` based on the +usedId+
-// +userId+ is used for usernames, while +profile+ is used for UUIDs
-// callback: error, url, slim
-function get_info(rid, userId, profile, type, callback) {
-  if (userId.length <= 16) {
-    // username
-    exp.get_username_url(rid, userId, type, function(err, url) {
-      callback(err, url || null, undefined);
-    });
-  } else {
-    exp.get_uuid_info(profile, type, function(url, slim) {
-      callback(null, url || null, slim);
-    });
-  }
-}
-
 // performs a GET request to the +url+
 // +options+ object includes these options:
 //   encoding (string), default is to return a buffer
@@ -103,24 +84,6 @@ exp.get_from = function(rid, url, callback) {
  });
 };

-// make a request to skins.miencraft.net
-// the skin url is taken from the HTTP redirect
-// type reference is above
-exp.get_username_url = function(rid, name, type, callback) {
-  type = Number(type === "CAPE");
-  exp.get_from(rid, mojang_urls[type] + name + ".png", function(body, response, err) {
-    if (!err) {
-      if (response) {
-        callback(err, response.statusCode === 404 ? null : response.headers.location);
-      } else {
-        callback(err, null);
-      }
-    } else {
-      callback(err, null);
-    }
-  });
-};
-
 // gets the URL for a skin/cape from the profile
 // +type+ "SKIN" or "CAPE", specifies which to retrieve
 // callback: url, slim
@@ -139,43 +102,39 @@ exp.get_uuid_info = function(profile, type, callback) {
    slim = Object.get(profile, "textures.SKIN.metadata.model") === "slim";
  }

-  callback(url || null, !!slim);
+  callback(null, url || null, !!slim);
 };

 // make a request to sessionserver for +uuid+
 // callback: error, profile
 exp.get_profile = function(rid, uuid, callback) {
-  if (!uuid) {
-    callback(null, null);
-  } else {
-    exp.get_from_options(rid, session_url + uuid, { encoding: "utf8" }, function(body, response, err) {
-      try {
-        body = body ? JSON.parse(body) : null;
-        callback(err || null, body);
-      } catch(e) {
-        if (e instanceof SyntaxError) {
-          logging.warn(rid, "Failed to parse JSON", e);
-          logging.debug(rid, body);
-          callback(err || null, null);
-        } else {
-          throw e;
-        }
+  exp.get_from_options(rid, session_url + uuid, { encoding: "utf8" }, function(body, response, err) {
+    try {
+      body = body ? JSON.parse(body) : null;
+      callback(err || null, body);
+    } catch(e) {
+      if (e instanceof SyntaxError) {
+        logging.warn(rid, "Failed to parse JSON", e);
+        logging.debug(rid, body);
+        callback(err || null, null);
+      } else {
+        throw e;
      }
-    });
-  }
+    }
+  });
 };

 // get the skin URL and type for +userId+
 // +profile+ is used if +userId+ is a uuid
 // callback: error, url, slim
 exp.get_skin_info = function(rid, userId, profile, callback) {
-  get_info(rid, userId, profile, "SKIN", callback);
+  exp.get_uuid_info(profile, "SKIN", callback);
 };

 // get the cape URL for +userId+
 // +profile+ is used if +userId+ is a uuid
 exp.get_cape_url = function(rid, userId, profile, callback) {
-  get_info(rid, userId, profile, "CAPE", callback);
+  exp.get_uuid_info(profile, "CAPE", callback);
 };

 // download the +tex_hash+ image from the texture server
--- a/lib/public/javascript/crafatar.js
+++ b/lib/public/javascript/crafatar.js
@@ -1,4 +1,4 @@
-var valid_user_id = /^([0-9a-f-A-F-]{32,36}|[a-zA-Z0-9_]{1,16})$/; // uuid|username
+var valid_user_id = /^[0-9a-f-A-F-]{32,36}$/; // uuid
 var xhr = new XMLHttpRequest();

 xhr.onload = function() {
@@ -9,24 +9,14 @@ xhr.onload = function() {
    status[key] = elem[key];
  });

-  var textures = status["textures.minecraft.net"] !== "green";
-  var session = status["sessionserver.mojang.com"] !== "green";
-  var skins = status["skins.minecraft.net"] !== "green";
-  var error = null;
+  var textures_err = status["textures.minecraft.net"] !== "green";
+  var session_err = status["sessionserver.mojang.com"] !== "green";

-  if (textures || session && skins) {
-    error = "all";
-  } else if (skins) {
-    error = "username";
-  } else if (session) {
-    error = "UUID";
-  }
-
-  if (error) {
+  if (textures_err || session_err) {
    var warn = document.createElement("div");
    warn.setAttribute("class", "alert alert-warning");
    warn.setAttribute("role", "alert");
-    warn.innerHTML = "<h5>Mojang issues</h5> Mojang's servers are having trouble <i>right now</i>, this may affect <b>" + error + "</b> requests at Crafatar. <small><a href=\"https://help.mojang.com\" target=\"_blank\">check status</a>";
+    warn.innerHTML = "<h5>Mojang issues</h5> Mojang's servers are having trouble <i>right now</i>, this may affect requests at Crafatar. <small><a href=\"https://help.mojang.com\" target=\"_blank\">check status</a>";
    document.querySelector("#alerts").appendChild(warn);
  }
 };
--- a/lib/routes/avatars.js
+++ b/lib/routes/avatars.js
@@ -79,7 +79,7 @@ module.exports = function(req, callback) {
  } else if (!helpers.id_valid(userId)) {
    callback({
      status: -2,
-      body: "Invalid UserID",
+      body: "Invalid UUID",
    });
    return;
  }
--- a/lib/routes/capes.js
+++ b/lib/routes/capes.js
@@ -20,7 +20,7 @@ module.exports = function(req, callback) {
  if (!helpers.id_valid(userId)) {
    callback({
      status: -2,
-      body: "Invalid UserID"
+      body: "Invalid UUID"
    });
    return;
  }
--- a/lib/routes/renders.js
+++ b/lib/routes/renders.js
@@ -94,7 +94,7 @@ module.exports = function(req, callback) {
  } else if (!helpers.id_valid(userId)) {
    callback({
      status: -2,
-      body: "Invalid UserID"
+      body: "Invalid UUID"
    });
    return;
  }
--- a/lib/routes/skins.js
+++ b/lib/routes/skins.js
@@ -78,7 +78,7 @@ module.exports = function(req, callback) {
  if (!helpers.id_valid(userId)) {
    callback({
      status: -2,
-      body: "Invalid UserID"
+      body: "Invalid UUID"
    });
    return;
  }
--- a/lib/skins.js
+++ b/lib/skins.js
@@ -128,26 +128,17 @@ exp.resize_img = function(inname, size, callback) {

 // returns "mhf_alex" or "mhf_steve" calculated by the +uuid+
 exp.default_skin = function(uuid) {
-  if (uuid.length <= 16) {
-    if (uuid.toLowerCase() === "mhf_alex") {
-      return uuid;
-    } else {
-      // we can't get the skin type by username
-      return "mhf_steve";
-    }
-  } else {
-    // great thanks to Minecrell for research into Minecraft and Java's UUID hashing!
-    // https://git.io/xJpV
-    // MC uses `uuid.hashCode() & 1` for alex
-    // that can be compacted to counting the LSBs of every 4th byte in the UUID
-    // an odd sum means alex, an even sum means steve
-    // XOR-ing all the LSBs gives us 1 for alex and 0 for steve
-    var lsbs_even = parseInt(uuid[ 7], 16) ^
-                    parseInt(uuid[15], 16) ^
-                    parseInt(uuid[23], 16) ^
-                    parseInt(uuid[31], 16);
-    return lsbs_even ? "mhf_alex" : "mhf_steve";
-  }
+  // great thanks to Minecrell for research into Minecraft and Java's UUID hashing!
+  // https://git.io/xJpV
+  // MC uses `uuid.hashCode() & 1` for alex
+  // that can be compacted to counting the LSBs of every 4th byte in the UUID
+  // an odd sum means alex, an even sum means steve
+  // XOR-ing all the LSBs gives us 1 for alex and 0 for steve
+  var lsbs_even = parseInt(uuid[ 7], 16) ^
+                  parseInt(uuid[15], 16) ^
+                  parseInt(uuid[23], 16) ^
+                  parseInt(uuid[31], 16);
+  return lsbs_even ? "mhf_alex" : "mhf_steve";
 };

 // helper method for opening a skin file from +skinpath+
--- a/lib/views/index.html.ejs
+++ b/lib/views/index.html.ejs
@@ -4,7 +4,7 @@
  <title>Crafatar – A blazing fast API for Minecraft faces!</title>
  <meta charset="utf-8">
  <link rel="icon" sizes="16x16" type="image/png" href="/favicon.png">
-  <%# FIXME: Use CDN %><link rel="stylesheet" href="/stylesheets/bootstrap.min.css">
+  <link rel="stylesheet" href="/stylesheets/bootstrap.min.css">
  <link rel="stylesheet" href="/stylesheets/style.css">
  <meta name="description" content="A blazing fast API for Minecraft faces with support for avatars, skins, and 3D renders!">
  <meta name="keywords" content="minecraft, avatar, renders, skins, uuid">
@@ -62,10 +62,9 @@
      <section id="documentation">
        <div id="alerts">
          <div class="alert alert-danger" role="alert">
-            <h5>Usernames are deprecated!</h5>
-            You should only use usernames for <i>testing</i>.<br>
-            Updates are slower, some features are not available, and it may <strong>break anytime</strong>!<br>
-            <i>We strongly advise you to use UUIDs instead of usernames.</i> <small><a href="#meta-usernames">more info</a></small>
+            <h5>Usernames are no longer supported!</h5>
+            Please use UUIDs.
+            <small><a href="#meta-usernames">more info</a></small>
          </div>
        </div>

@@ -74,7 +73,7 @@
          <form id="tryit" action="#">
            <div class="row">
              <div class="col-md-11">
-                <input id="tryname" type="text" placeholder="Enter valid username or UUID">
+                <input id="tryname" type="text" placeholder="Enter valid UUID">
              </div>
              <div class="col-md-1">
                <input type="submit" value="Go!">
@@ -167,7 +166,6 @@
        <section id="meta">
          <h2><a href="#meta">Meta</a></h2>
          <p>
-            In the examples above, you can generally use usernames instead of <mark class="green">uuid</mark>. However, apart from the special cases <code><a href="/renders/body/0?default=MHF_Steve" target="_blank">MHF_Steve</a></code> and <code><a href="/renders/body/0?default=MHF_Alex" target="_blank">MHF_Alex</a></code> this is discouraged as explained below.<br>
            You can append <code>.png</code> or any other file extension to the URL path if you like to, but all images are PNG.
          </p>

@@ -193,8 +191,8 @@
              <li><b>scale</b>: The scale factor for renders. <code><%= config.renders.min_scale %> - <%= config.renders.max_scale %></code>
              <li><b>overlay</b>: Apply the <span title="Also known as 'hat' or 'jacket' or 'helm'">overlay</span> to the avatar. Presence of this parameter implies <code>true</code>. This option was previously known as <code>helm</code>.
              <li>
-                <b>default</b>: The fallback to be used when the requested image cannot be served. You can use a <span title="Make sure to properly percent-encode this!">custom URL</span> or any <mark class="green">uuid</mark>.<br>
-                The option defaults to either <code>MHF_Steve</code> or <code>MHF_Alex</code>, depending on the requested UUID. All usernames default to <code>MHF_Steve</code>.
+                <b>default</b>: The fallback to be used when the requested image cannot be served. You can use a <span title="Make sure to properly percent-encode this!">custom URL</span>, any <mark class="green">uuid</mark>, or <code>MHF_Steve</code>/<code>MHF_Alex</code>.<br>
+                The option defaults to either <code>MHF_Steve</code> or <code>MHF_Alex</code>, depending on Minecraft's default for the requested UUID.
            </ul>
          </section>

@@ -207,13 +205,9 @@
          <section id="meta-usernames">
            <h3><a href="#meta-usernames">About Usernames</a></h3>
            <p>
-              We <strong>strongly</strong> advise you to use UUIDs instead of usernames! UUIDs never change while usernames do.<br>
-              Looking up players by username has officially been deprecated by Mojang ever since UUIDs were introduced.<br>
-              Crafatar uses a legacy <span title="Mojang interface we get data from">API</span> which updates very slowly to retrieve skins for usernames.<br>
-              Skins come without any details, including whether a player uses the Alex or Steve skin model.<br>
-              Additionally, Mojang has stated that this legacy interface may be disabled anytime, causing all requests to fail.
+              By <a href="https://twitter.com/MojangSupport/status/964511258601865216" target="_blank">disabling</a> a legacy API in 2018, Mojang has made it practically impossible for Crafatar to support usernames. Please use UUIDs instead!
            </p>
-            <p>Malformed usernames are rejected.</p>
+            <p>All usernames are rejected.</p>
          </section>

          <section id="meta-caching">