.buildpacks

@@ -0,0 +1,2 @@
+https://github.com/mojodna/heroku-buildpack-cairo.git
+https://github.com/heroku/heroku-buildpack-nodejs.git

.dockerignore

@@ -1,6 +0,0 @@
-.*
-*.md
-Dockerfile
-LICENSE
-images/
-node_modules/

.editorconfig

@@ -0,0 +1,21 @@
+# We use EditorConfig to standardize settings between contributors
+# See http://editorconfig.org for more info and plugin downloads
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = false
+trim_trailing_whitespace = true
+
+[*.{js, json, yml}]
+indent_style = space
+indent_size = 2
+charset = utf-8
+
+[*.md]
+trim_trailing_whitespace = false
+
+[.gitignore]
+# echo "filename" >> .gitignorre
+insert_final_newline = true

.travis.yml

@@ -0,0 +1,24 @@
+language: node_js
+node_js:
+  - 12.16.1
+sudo: false
+addons:
+  apt:
+    sources:
+    - ubuntu-toolchain-r-test
+    packages:
+    - libcairo2-dev
+    - libjpeg8-dev
+    - libpango1.0-dev
+    - libgif-dev
+    - build-essential
+    - g++-4.8
+script:
+  - npm run-script test-travis
+env:
+  - TRAVIS=true CXX=g++-4.8
+services:
+  - redis-server
+cache:
+  directories:
+    - node_modules

Dockerfile

@@ -1,35 +1,47 @@
-FROM node:12-alpine AS builder
+FROM node:12-alpine
 
-RUN apk --no-cache add git python3 build-base redis cairo-dev pango-dev jpeg-dev giflib-dev
+ARG AVATAR_MIN
+ARG AVATAR_MAX
+ARG AVATAR_DEFAULT
+ARG RENDER_MIN
+ARG RENDER_MAX
+ARG RENDER_DEFAULT
+ARG FACE_DIR
+ARG HELM_DIR
+ARG SKIN_DIR
+ARG RENDER_DIR
+ARG CAPE_DIR
+ARG CACHE_LOCAL
+ARG CACHE_BROWSER
+ARG EPHEMERAL_STORAGE
+ARG REDIS_URL
+ARG PORT
+ARG BIND
+ARG EXTERNAL_HTTP_TIMEOUT
+ARG DEBUG
+ARG LOG_TIME
+ARG SPONSOR_SIDE
+ARG TOP_RIGHT
 
-RUN adduser -D app
+ENV NODE_ENV production
-USER app
+
+RUN apk --no-cache --virtual .build-deps add git python build-base
+RUN apk --no-cache --virtual .canvas-deps add cairo-dev pango-dev jpeg-dev giflib-dev
+
+RUN mkdir -p /crafatar/images/faces
+RUN mkdir -p /crafatar/images/helms
+RUN mkdir -p /crafatar/images/skins
+RUN mkdir -p /crafatar/images/renders
+RUN mkdir -p /crafatar/images/capes
+
+VOLUME /crafatar/images
+
+COPY package.json www.js config.js crafatar/
+COPY lib/ crafatar/lib/
+
+WORKDIR /crafatar
 
-COPY --chown=app package.json package-lock.json /home/app/crafatar/
-WORKDIR /home/app/crafatar
 RUN npm install
 
-COPY --chown=app . .
-RUN mkdir -p images/faces images/helms images/skins images/renders images/capes
-
-ARG VERBOSE_TEST
-ARG DEBUG
-RUN nohup redis-server & npm test
-
-
-FROM node:12-alpine
-RUN apk --no-cache add cairo pango jpeg giflib
-RUN adduser -D app
-USER app
-RUN mkdir /home/app/crafatar
-WORKDIR /home/app/crafatar
-RUN mkdir -p images/faces images/helms images/skins images/renders images/capes
-
-COPY --chown=app --from=builder /home/app/crafatar/node_modules/ node_modules/
-COPY --chown=app package.json www.js config.js ./
-COPY --chown=app lib/ lib/
-
-VOLUME /home/app/crafatar/images
-ENV NODE_ENV production
-ENTRYPOINT ["npm", "start"]
 EXPOSE 3000
+ENTRYPOINT npm start

Procfile

@@ -0,0 +1 @@
+web: npm start

README.md

@@ -34,14 +34,6 @@ Please [visit the website](https://crafatar.com) for details.
 
 # Installation
 
-## Docker
-
-```sh
-docker network create crafatar
-docker run --net crafatar -d --name redis redis
-docker run --net crafatar -v crafatar-images:/home/app/crafatar/images -e REDIS_URL=redis://redis -p 3000:3000 crafatar/crafatar
-```
-
 ## Manual
 
 - Install [nodejs](https://nodejs.org/) 12 (LTS)
@@ -52,6 +44,15 @@ docker run --net crafatar -v crafatar-images:/home/app/crafatar/images -e REDIS_
 
 Crafatar is now available at http://0.0.0.0:3000.
 
+## Docker
+
+```sh
+docker pull crafatar/crafatar
+docker network create crafatar
+docker run --net crafatar -d --name redis redis
+docker run --net crafatar -v crafatar-images:/crafatar/images -e REDIS_URL=redis://redis -p 3000:3000 crafatar/crafatar
+```
+
 ## Configration / Environment variables
 
 See the `config.js` file.

app.json

@@ -0,0 +1,30 @@
+{
+    "name": "Crafatar",
+    "description": "A blazing fast API for Minecraft faces!",
+    "repository": "https://github.com/crafatar/crafatar",
+    "keywords": [
+        "node",
+        "minecraft",
+        "avatar",
+        "redis"
+    ],
+    "website": "https://crafatar.com/",
+    "env": {
+        "EPHEMERAL_STORAGE": {
+            "description": "Set to true if your storage is gone after deploying",
+            "required": false,
+            "value": true
+        }
+    },
+    "addons": [
+        "rediscloud"
+    ],
+    "buildpacks": [
+        {
+            "url": "https://github.com/mojodna/heroku-buildpack-cairo.git"
+        },
+        {
+            "url": "https://github.com/heroku/heroku-buildpack-nodejs.git"
+        }
+    ]
+}

config.js

@@ -54,16 +54,12 @@ var config = {
     log_time: process.env.LOG_TIME === "true",
     // rate limit per second for outgoing requests to the Mojang session server
     // requests exceeding this limit are skipped and considered failed
-    sessions_rate_limit: parseInt(process.env.SESSIONS_RATE_LIMIT)
+    sessions_rate_limit: parseInt(process.env.SESSIONS_RATE_LIMIT) || Infinity
   },
   sponsor: {
     sidebar: process.env.SPONSOR_SIDE,
     top_right: process.env.SPONSOR_TOP_RIGHT
   },
-  endpoints: {
-    textures_url: process.env.TEXTURES_ENDPOINT || "https://textures.minecraft.net/texture/",
-    session_url: process.env.SESSION_ENDPOINT || "https://sessionserver.mojang.com/session/minecraft/profile/"
-  }
 };
 
 module.exports = config;

lib/helpers.js

@@ -7,8 +7,8 @@ var skins = require("./skins");
 var path = require("path");
 var fs = require("fs");
 
-// 0098cb60fa8e427cb299793cbd302c9a
+// 0098cb60-fa8e-427c-b299-793cbd302c9a
-var valid_user_id = /^[0-9a-fA-F]{32}$/; // uuid
+var valid_user_id = /^[0-9a-fA-F\-]{32,36}$/; // uuid
 var hash_pattern = /[0-9a-f]+$/;
 
 // gets the hash from the textures.minecraft.net +url+
@@ -122,14 +122,6 @@ var requests = {
   cape: {}
 };
 
-var loginterval = setInterval(function(){
-  var skinreqs = Object.keys(requests.skin).length;
-  var capereqs = Object.keys(requests.cape).length;
-  if (skinreqs || capereqs) {
-    logging.log("Currently waiting for " + skinreqs + " skin requests and " + capereqs + " cape requests.");
-  }
-}, 1000);
-
 // add a request for +userId+ and +type+ to the queue
 function push_request(userId, type, callback) {
   // avoid special properties (e.g. 'constructor')
@@ -251,7 +243,7 @@ exp.get_image_hash = function(rid, userId, type, callback) {
             // an error occured, but we have a cached hash
             // (e.g. Mojang servers not reachable, using outdated hash)
 
-            // bump the TTL after hitting the rate limit
+            // when hitting the rate limit, let's pretend the request succeeded and bump the TTL
             var ratelimited = store_err.code === "RATELIMIT";
             cache.update_timestamp(rid, userId, !ratelimited, function(err2) {
               callback(err2 || store_err, 4, cache_details && cached_hash, slim);
@@ -332,7 +324,7 @@ function get_type(overlay, body) {
 }
 
 // handles creations of 3D renders
-// callback: error, status, skin hash, image buffer
+// callback: error, skin hash, image buffer
 exp.get_render = function(rid, userId, scale, overlay, body, callback) {
   exp.get_skin(rid, userId, function(err, skin_hash, status, img, slim) {
     if (!skin_hash) {
@@ -358,7 +350,7 @@ exp.get_render = function(rid, userId, scale, overlay, body, callback) {
             callback(null, 0, skin_hash, null);
           } else {
             fs.writeFile(renderpath, drawn_img, "binary", function(write_err) {
-              callback(write_err, status, skin_hash, drawn_img);
+              callback(write_err, 2, skin_hash, drawn_img);
             });
           }
         });
@@ -395,8 +387,4 @@ exp.get_cape = function(rid, userId, callback) {
   });
 };
 
-exp.stoplog = function() {
-  clearInterval(loginterval);
-}
-
 module.exports = exp;

lib/networking.js

@@ -5,8 +5,8 @@ var skins = require("./skins");
 var http = require("http");
 require("./object-patch");
 
-var session_url = config.endpoints.session_url;
+var session_url = "https://sessionserver.mojang.com/session/minecraft/profile/";
-var textures_url = config.endpoints.textures_url;
+var textures_url = "https://textures.minecraft.net/texture/";
 
 // count requests made to session_url in the last 1000ms
 var session_requests = [];
@@ -23,7 +23,7 @@ function req_count() {
   }
 }
 
-// deletes all entries in session_requests, should be called every 1000ms
+// deletes all entries in session_requests older than a second
 exp.resetCounter = function() {
   var count = req_count();
   if (count) {
@@ -41,10 +41,10 @@ exp.resetCounter = function() {
 // callback: the body, response,
 // and error buffer. get_from helper method is available
 exp.get_from_options = function(rid, url, options, callback) {
-  var is_session_req = config.server.sessions_rate_limit && url.startsWith(session_url);
+  var session_req = url.startsWith(session_url);
 
   // This is to prevent being blocked by CloudFront for exceeding the rate limit
-  if (is_session_req && req_count() >= config.server.sessions_rate_limit) {
+  if (session_req && req_count() >= config.server.sessions_rate_limit) {
     var e = new Error("Skipped, rate limit exceeded");
     e.name = "HTTP";
     e.code = "RATELIMIT";
@@ -54,7 +54,7 @@ exp.get_from_options = function(rid, url, options, callback) {
 
     callback(null, response, e);
   } else {
-    is_session_req && session_requests.push(Date.now());
+    session_req && session_requests.push(Date.now());
     request.get({
       url: url,
       headers: {

lib/public/javascript/crafatar.js

@@ -1,4 +1,5 @@
 var valid_user_id = /^[0-9a-f-A-F-]{32,36}$/; // uuid
+var xhr = new XMLHttpRequest();
 
 var quotes = [
   ["Crafatar is the best at what it does.", "Shotbow Network", "https://twitter.com/ShotbowNetwork/status/565201303555829762"],
@@ -36,18 +37,25 @@ function changeQuote() {
   current_quote = (current_quote + 1) % quotes.length;
 }
 
-fetch('https://mc-heads.net/json/mc_status').then(r => r.json()).then(data => {
+xhr.onload = function() {
-  var textures_err = data.report.skins.status !== "up";
+  var response = JSON.parse(xhr.responseText);
-  var session_err = data.report.session.status !== "up";
+  var status = {};
+  response.map(function(elem) {
+    var key = Object.keys(elem)[0];
+    status[key] = elem[key];
+  });
+
+  var textures_err = status["textures.minecraft.net"] !== "green";
+  var session_err = status["sessionserver.mojang.com"] !== "green";
 
   if (textures_err || session_err) {
     var warn = document.createElement("div");
     warn.setAttribute("class", "alert alert-warning");
     warn.setAttribute("role", "alert");
-    warn.innerHTML = "<h5>Mojang issues</h5> Mojang's servers are having trouble <i>right now</i>, this may affect requests at Crafatar. <small><a href=\"https://mc-heads.net/mcstatus\" target=\"_blank\">check status</a>";
+    warn.innerHTML = "<h5>Mojang issues</h5> Mojang's servers are having trouble <i>right now</i>, this may affect requests at Crafatar. <small><a href=\"https://help.mojang.com\" target=\"_blank\">check status</a>";
     document.querySelector("#alerts").appendChild(warn);
   }
-});
+};
 
 document.addEventListener("DOMContentLoaded", function(event) {
   var avatars = document.querySelector("#avatar-wrapper");
@@ -74,4 +82,7 @@ document.addEventListener("DOMContentLoaded", function(event) {
       images[j].src = images[j].dataset.src.replace("$", value);
     }
   };
+
+  xhr.open("GET", "https://status.mojang.com/check", true);
+  xhr.send();
 });

lib/routes/avatars.js

@@ -14,10 +14,12 @@ function handle_default(img_status, userId, size, def, req, err, callback) {
   if (defname !== "steve" && defname !== "mhf_steve" && defname !== "alex" && defname !== "mhf_alex") {
     if (helpers.id_valid(def)) {
       // clean up the old URL to match new image
-      req.url.searchParams.delete('default');
+      var parsed = req.url;
-      req.url.path_list[1] = def;
+      delete parsed.query.default;
-      req.url.pathname = req.url.path_list.join('/');
+      delete parsed.search;
-      var newUrl = req.url.toString();
+      parsed.path_list[1] = def;
+      parsed.pathname = "/" + parsed.path_list.join("/");
+      var newUrl = url.format(parsed);
       callback({
         status: img_status,
         redirect: newUrl,
@@ -51,9 +53,9 @@ function handle_default(img_status, userId, size, def, req, err, callback) {
 // GET avatar request
 module.exports = function(req, callback) {
   var userId = (req.url.path_list[1] || "").split(".")[0];
-  var size = parseInt(req.url.searchParams.get("size")) || config.avatars.default_size;
+  var size = parseInt(req.url.query.size) || config.avatars.default_size;
-  var def = req.url.searchParams.get("default");
+  var def = req.url.query.default;
-  var overlay = req.url.searchParams.has("overlay") || req.url.searchParams.has("helm");
+  var overlay = Object.prototype.hasOwnProperty.call(req.url.query, "overlay") || Object.prototype.hasOwnProperty.call(req.url.query, "helm");
 
   // check for extra paths
   if (req.url.path_list.length > 2) {
@@ -65,9 +67,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
-
   // Prevent app from crashing/freezing
   if (size < config.avatars.min_size || size > config.avatars.max_size) {
     // "Unprocessable Entity", valid request, but semantically erroneous:
@@ -85,6 +84,9 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
+
   try {
     helpers.get_avatar(req.id, userId, overlay, size, function(err, status, image, hash) {
       if (err) {

lib/routes/capes.js

@@ -4,7 +4,7 @@ var cache = require("../cache");
 // GET cape request
 module.exports = function(req, callback) {
   var userId = (req.url.path_list[1] || "").split(".")[0];
-  var def = req.url.searchParams.get('default');
+  var def = req.url.query.default;
   var rid = req.id;
 
   // check for extra paths
@@ -17,8 +17,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
   if (!helpers.id_valid(userId)) {
     callback({
       status: -2,
@@ -27,6 +25,9 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
+
   try {
     helpers.get_cape(rid, userId, function(err, hash, status, image) {
       if (err) {

lib/routes/renders.js

@@ -17,10 +17,12 @@ function handle_default(rid, scale, overlay, body, img_status, userId, size, def
   if (defname !== "steve" && defname !== "mhf_steve" && defname !== "alex" && defname !== "mhf_alex") {
     if (helpers.id_valid(def)) {
       // clean up the old URL to match new image
-      req.url.searchParams.delete('default');
+      var parsed = req.url;
-      req.url.path_list[2] = def;
+      delete parsed.query.default;
-      req.url.pathname = req.url.path_list.join('/');
+      delete parsed.search;
-      var newUrl = req.url.toString();
+      parsed.path_list[2] = def;
+      parsed.pathname = "/" + parsed.path_list.join("/");
+      var newUrl = url.format(parsed);
       callback({
         status: img_status,
         redirect: newUrl,
@@ -60,9 +62,9 @@ module.exports = function(req, callback) {
   var rid = req.id;
   var body = raw_type === "body";
   var userId = (req.url.path_list[2] || "").split(".")[0];
-  var def = req.url.searchParams.get("default");
+  var def = req.url.query.default;
-  var scale = parseInt(req.url.searchParams.get("scale")) || config.renders.default_scale;
+  var scale = parseInt(req.url.query.scale) || config.renders.default_scale;
-  var overlay = req.url.searchParams.has("overlay") || req.url.searchParams.has("helm");
+  var overlay = Object.prototype.hasOwnProperty.call(req.url.query, "overlay") || Object.prototype.hasOwnProperty.call(req.url.query, "helm");
 
   // check for extra paths
   if (req.url.path_list.length > 3) {
@@ -83,9 +85,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
-
   if (scale < config.renders.min_scale || scale > config.renders.max_scale) {
     callback({
       status: -2,
@@ -100,6 +99,9 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
+
   try {
     helpers.get_render(rid, userId, scale, overlay, body, function(err, status, hash, image) {
       if (err) {

lib/routes/skins.js

@@ -14,10 +14,12 @@ function handle_default(img_status, userId, def, req, err, callback) {
   if (defname !== "steve" && defname !== "mhf_steve" && defname !== "alex" && defname !== "mhf_alex") {
     if (helpers.id_valid(def)) {
       // clean up the old URL to match new image
-      req.url.searchParams.delete('default');
+      var parsed = req.url;
-      req.url.path_list[1] = def;
+      delete parsed.query.default;
-      req.url.pathname = req.url.path_list.join('/');
+      delete parsed.search;
-      var newUrl = req.url.toString();
+      parsed.path_list[1] = def;
+      parsed.pathname = "/" + parsed.path_list.join("/");
+      var newUrl = url.format(parsed);
       callback({
         status: img_status,
         redirect: newUrl,
@@ -60,7 +62,7 @@ function handle_default(img_status, userId, def, req, err, callback) {
 // GET skin request
 module.exports = function(req, callback) {
   var userId = (req.url.path_list[1] || "").split(".")[0];
-  var def = req.url.searchParams.get("default");
+  var def = req.url.query.default;
   var rid = req.id;
 
   // check for extra paths
@@ -73,8 +75,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
   if (!helpers.id_valid(userId)) {
     callback({
       status: -2,
@@ -83,6 +83,9 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
+
   try {
     helpers.get_skin(rid, userId, function(err, hash, status, image, slim) {
       if (err) {

lib/server.js

@@ -1,7 +1,6 @@
 #!/usr/bin/env node
 var querystring = require("querystring");
 var response = require("./response");
-var helpers = require("./helpers.js");
 var toobusy = require("toobusy-js");
 var logging = require("./logging");
 var config = require("../config");
@@ -22,9 +21,7 @@ var routes = {
 
 // serves assets from lib/public
 function asset_request(req, callback) {
-  const filename = path.join(__dirname, "public", ...req.url.path_list);
+  var filename = path.join(__dirname, "public", req.url.path_list.join("/"));
-  const relative = path.relative(path.join(__dirname, "public"), filename);
-  if (relative && !relative.startsWith('..') && !path.isAbsolute(relative)) {
   fs.access(filename, function(fs_err) {
     if (!fs_err) {
       fs.readFile(filename, function(err, data) {
@@ -42,13 +39,6 @@ function asset_request(req, callback) {
       });
     }
   });
-  } else {
-    callback({
-      body: "Forbidden",
-      status: -2,
-      code: 403,
-    });
-  }
 }
 
 // generates a 12 character random string
@@ -56,18 +46,26 @@ function request_id() {
   return Math.random().toString(36).substring(2, 14);
 }
 
-// splits decoded URL path into an Array
+// splits a URL path into an Array
+// the path is resolved and decoded
 function path_list(pathname) {
+  // remove double and trailing slashes
+  pathname = pathname.replace(/\/\/+/g, "/").replace(/(.)\/$/, "$1");
   var list = pathname.split("/");
   list.shift();
+  for (var i = 0; i < list.length; i++) {
+    // URL decode
+    list[i] = querystring.unescape(list[i]);
+  }
   return list;
 }
 
 // handles the +req+ by routing to the request to the appropriate module
 function requestHandler(req, res) {
-  req.url = new URL(decodeURI(req.url), 'http://' + req.headers.host);
+  req.url = url.parse(req.url, true);
-  req.url.pathname = path.resolve('/', req.url.pathname);
+  req.url.query = req.url.query || {};
   req.url.path_list = path_list(req.url.pathname);
+
   req.id = request_id();
   req.start = Date.now();
 
@@ -168,7 +166,6 @@ exp.boot = function(callback) {
 
 // Close the server
 exp.close = function(callback) {
-  helpers.stoplog();
   server.close(callback);
 };
 

lib/views/index.html.ejs

@@ -76,7 +76,7 @@
               </div>
             </div>
           </form>
-          <p>You can use <a rel="nofollow" target="_blank" href="https://minecraftuuid.com">minecraftuuid.com</a> to find the UUID of a username.</p>
+          <p>You can use <a rel="nofollow" target="_blank" href="https://mcuuid.net">mcuuid.net</a> to find the UUID of a username.</p>
         </section>
 
         <section id="avatars">

package.json

@@ -1,25 +1,29 @@
 {
   "name": "crafatar",
-  "version": "2.1.5",
+  "version": "2.1.3",
   "private": true,
   "scripts": {
     "start": "node www.js",
-    "test": "mocha"
+    "test": "mocha",
+    "test-travis": "istanbul cover ./node_modules/mocha/bin/_mocha --report lcovonly -- -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage"
   },
   "engines": {
     "node": "12.16.1"
   },
   "dependencies": {
-    "@randy.tarampi/lwip": "^1.3.1",
+    "@randy.tarampi/lwip": "^1.1.0",
     "canvas": "^2.6.1",
     "crc": "^3.8.0",
-    "ejs": "^3.1.5",
+    "ejs": "^3.0.1",
-    "mime": "^2.4.6",
+    "mime": "^2.4.4",
     "redis": "^3.0.2",
     "request": "^2.88.2",
     "toobusy-js": "^0.5.1"
   },
   "devDependencies": {
-    "mocha": "^7.2.0"
+    "coveralls": "^3.0.11",
+    "istanbul": "^0.4.5",
+    "mocha": "^7.1.1",
+    "mocha-lcov-reporter": "^1.3.0"
   }
 }

test/bulk.sh

@@ -1,55 +1,36 @@
 #!/usr/bin/env bash
 
-hostname="crafatar.com"
 async="true"
-random="false"
 interval="0.1"
-
+if [ "$1" = "-s" ]; then
-usage() {
+  async=""
-  echo "Usage: $0 [-s | -r | -i <interval> | -h <hostname>]... <host uri>" >&2
+  shift
-  exit 1
+elif [ "$1" = "-i" ]; then
-}
+  interval="$2"
-
+  shift 2
-get_ids() {
-  local shuf
-  if [ "$random" = "true" ]; then
-    while true; do uuid -v 4; done
-  else
-    # `brew install coreutils` on OS X for gshuf
-    shuf=$(command -v shuf gshuf)
-    # randomize ids
-    $shuf < uuids.txt
 fi
-}
+host="$1"
+shift
+if [ -z "$host" ] || [ ! -z "$@" ]; then
+  echo "Usage: $0 [-s | -i <interval>] <host uri>"
+  exit 1
+fi
+
+# insert newline after uuids
+ids="$(cat 'uuids.txt')"
+# `brew install coreutils` on OS X
+ids="$(shuf <<< "$ids" 2>/dev/null || gshuf <<< "$ids")"
 
 bulk() {
-  trap return INT # return from this function on Ctrl+C
+  trap return INT
-  get_ids | while read id; do
+  echo "$ids" | while read id; do
-    if [ "$async" = "false" ]; then
+    if [ -z "$async" ]; then
-      curl -H "Host: $hostname" -sSL -o /dev/null -w "%{url_effective} %{http_code} %{time_total}s\\n" -- "$host/avatars/$id?overlay"
+      curl -sSL -o /dev/null -w "%{url_effective} %{http_code} %{time_total}s\\n" -- "$host/avatars/$id?overlay"
     else
-      curl -H "Host: $hostname" -sSL -o /dev/null -w "%{url_effective} %{http_code} %{time_total}s\\n" -- "$host/avatars/$id?overlay" &
+      curl -sSL -o /dev/null -w "%{url_effective} %{http_code} %{time_total}s\\n" -- "$host/avatars/$id?overlay" &
       sleep "$interval"
     fi
   done
 }
 
-while [ $# != 0 ]; do
-  case "$1" in
-    -s)
-      async="false";;
-    -r)
-      random="true";;
-    -i)
-      interval="$2"
-      shift;;
-    *)
-      [ -n "$host" ] && usage
-      host="$1";;
-  esac
-  shift
-done
-
-[ -z "$host" ] && usage
-
 time bulk

test/test.js

@@ -3,7 +3,7 @@
 
 // no spam
 var logging = require("../lib/logging");
-if (process.env.VERBOSE_TEST !== "true") {
+if (process.env.VERBOSE_TEST !== "true" && process.env.TRAVIS !== "true") {
   logging.log = logging.debug = logging.warn = logging.error = function() {};
 }
 
@@ -88,8 +88,8 @@ describe("Crafatar", function() {
       assert.strictEqual(helpers.id_valid("1DCEF164FF0A47F2B9A691385C774EE7"), true);
       done();
     });
-    it("dashed uuid is not valid", function(done) {
+    it("dashed uuid is valid", function(done) {
-      assert.strictEqual(helpers.id_valid("0098cb60-fa8e-427c-b299-793cbd302c9a"), false);
+      assert.strictEqual(helpers.id_valid("0098cb60-fa8e-427c-b299-793cbd302c9a"), true);
       done();
     });
     it("username is invalid", function(done) {
@@ -158,7 +158,7 @@ describe("Crafatar", function() {
     it("should time out on skin download", function(done) {
       var original_timeout = config.http_timeout;
       config.server.http_timeout = 1;
-      networking.get_from(rid(), config.endpoints.textures_url + "477be35554684c28bdeee4cf11c591d3c88afb77e0b98da893fd7bc318c65184", function(body, res, error) {
+      networking.get_from(rid(), "http://textures.minecraft.net/texture/477be35554684c28bdeee4cf11c591d3c88afb77e0b98da893fd7bc318c65184", function(body, res, error) {
         assert.notStrictEqual(["ETIMEDOUT", "ESOCKETTIMEDOUT"].indexOf(error.code), -1);
         config.server.http_timeout = original_timeout;
         done();
@@ -166,7 +166,7 @@ describe("Crafatar", function() {
     });
     it("should not find the skin", function(done) {
       assert.doesNotThrow(function() {
-        networking.get_from(rid(), config.endpoints.textures_url + "this-does-not-exist", function(img, response, err) {
+        networking.get_from(rid(), "http://textures.minecraft.net/texture/this-does-not-exist", function(img, response, err) {
           assert.strictEqual(err, null); // no error here, but it shouldn't throw exceptions
           done();
         });
@@ -298,24 +298,20 @@ describe("Crafatar", function() {
     var server_tests = {
       "avatar with existing uuid": {
         url: "http://localhost:3000/avatars/853c80ef3c3749fdaa49938b674adae6?size=16",
-        crc32: [4264176600],
+        crc32: [3337292777],
-      },
-      "avatar with existing dashed uuid": {
-        url: "http://localhost:3000/avatars/853c80ef-3c37-49fd-aa49938b674adae6?size=16",
-        crc32: [4264176600],
       },
       "avatar with non-existent uuid": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16",
-        crc32: [3348154329],
+        crc32: [2416827277, 1243826040],
       },
       "avatar with non-existent uuid defaulting to mhf_alex": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16&default=mhf_alex",
-        crc32: [73899130],
+        crc32: [862751081, 809395677],
       },
       "avatar with non-existent uuid defaulting to uuid": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16&default=853c80ef3c3749fdaa49938b674adae6",
         crc32: [0],
-        redirect: "http://localhost:3000/avatars/853c80ef3c3749fdaa49938b674adae6?size=16",
+        redirect: "/avatars/853c80ef3c3749fdaa49938b674adae6?size=16",
       },
       "avatar with non-existent uuid defaulting to url": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16&default=http%3A%2F%2Fexample.com%2FCaseSensitive",
@@ -324,20 +320,20 @@ describe("Crafatar", function() {
       },
       "overlay avatar with existing uuid": {
         url: "http://localhost:3000/avatars/853c80ef3c3749fdaa49938b674adae6?size=16&overlay",
-        crc32: [575355728],
+        crc32: [1710265722],
       },
       "overlay avatar with non-existent uuid": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16&overlay",
-        crc32: [3348154329],
+        crc32: [2416827277, 1243826040],
       },
       "overlay avatar with non-existent uuid defaulting to mhf_alex": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16&overlay&default=mhf_alex",
-        crc32: [73899130],
+        crc32: [862751081, 809395677],
       },
       "overlay avatar with non-existent uuid defaulting to uuid": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16&default=853c80ef3c3749fdaa49938b674adae6",
         crc32: [0],
-        redirect: "http://localhost:3000/avatars/853c80ef3c3749fdaa49938b674adae6?size=16",
+        redirect: "/avatars/853c80ef3c3749fdaa49938b674adae6?size=16",
       },
       "overlay avatar with non-existent uuid defaulting to url": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16&overlay&default=http%3A%2F%2Fexample.com%2FCaseSensitive",
@@ -346,7 +342,7 @@ describe("Crafatar", function() {
       },
       "cape with existing uuid": {
         url: "http://localhost:3000/capes/853c80ef3c3749fdaa49938b674adae6",
-        crc32: [985789174, 2099310578],
+        crc32: [2556702429],
       },
       "cape with non-existent uuid": {
         url: "http://localhost:3000/capes/00000000000000000000000000000000",
@@ -359,20 +355,20 @@ describe("Crafatar", function() {
       },
       "skin with existing uuid": {
         url: "http://localhost:3000/skins/853c80ef3c3749fdaa49938b674adae6",
-        crc32: [1759176487],
+        crc32: [26500336],
       },
       "skin with non-existent uuid": {
         url: "http://localhost:3000/skins/00000000000000000000000000000000",
-        crc32: [1853029228],
+        crc32: [981937087],
       },
       "skin with non-existent uuid defaulting to mhf_alex": {
         url: "http://localhost:3000/skins/00000000000000000000000000000000?default=mhf_alex",
-        crc32: [427506205],
+        crc32: [2298915739],
       },
       "skin with non-existent uuid defaulting to uuid": {
         url: "http://localhost:3000/skins/00000000000000000000000000000000?size=16&default=853c80ef3c3749fdaa49938b674adae6",
         crc32: [0],
-        redirect: "http://localhost:3000/skins/853c80ef3c3749fdaa49938b674adae6?size=16",
+        redirect: "/skins/853c80ef3c3749fdaa49938b674adae6?size=16",
       },
       "skin with non-existent uuid defaulting to url": {
         url: "http://localhost:3000/skins/00000000000000000000000000000000?default=http%3A%2F%2Fexample.com%2FCaseSensitive",
@@ -394,7 +390,7 @@ describe("Crafatar", function() {
       "head render with non-existent uuid defaulting to uuid": {
         url: "http://localhost:3000/renders/head/00000000000000000000000000000000?scale=2&default=853c80ef3c3749fdaa49938b674adae6",
         crc32: [0],
-        redirect: "http://localhost:3000/renders/head/853c80ef3c3749fdaa49938b674adae6?scale=2",
+        redirect: "/renders/head/853c80ef3c3749fdaa49938b674adae6?scale=2",
       },
       "head render with non-existent uuid defaulting to url": {
         url: "http://localhost:3000/renders/head/00000000000000000000000000000000?scale=2&default=http%3A%2F%2Fexample.com%2FCaseSensitive",
@@ -416,7 +412,7 @@ describe("Crafatar", function() {
       "overlay head with non-existent uuid defaulting to uuid": {
         url: "http://localhost:3000/renders/head/00000000000000000000000000000000?scale=2&overlay&default=853c80ef3c3749fdaa49938b674adae6",
         crc32: [0],
-        redirect: "http://localhost:3000/renders/head/853c80ef3c3749fdaa49938b674adae6?scale=2&overlay=",
+        redirect: "/renders/head/853c80ef3c3749fdaa49938b674adae6?scale=2&overlay=",
       },
       "overlay head render with non-existent uuid defaulting to url": {
         url: "http://localhost:3000/renders/head/00000000000000000000000000000000?scale=2&overlay&default=http%3A%2F%2Fexample.com%2FCaseSensitive",
@@ -425,7 +421,7 @@ describe("Crafatar", function() {
       },
       "body render with existing uuid": {
         url: "http://localhost:3000/renders/body/853c80ef3c3749fdaa49938b674adae6?scale=2",
-        crc32: [1144887125],
+        crc32: [2745192436],
       },
       "body render with non-existent uuid": {
         url: "http://localhost:3000/renders/body/00000000000000000000000000000000?scale=2",
@@ -433,12 +429,12 @@ describe("Crafatar", function() {
       },
       "body render with non-existent uuid defaulting to mhf_alex": {
         url: "http://localhost:3000/renders/body/00000000000000000000000000000000?scale=2&default=mhf_alex",
-        crc32: [4280894468],
+        crc32: [1255106465],
       },
       "body render with non-existent uuid defaulting to uuid": {
         url: "http://localhost:3000/renders/body/00000000000000000000000000000000?scale=2&default=853c80ef3c3749fdaa49938b674adae6",
         crc32: [0],
-        redirect: "http://localhost:3000/renders/body/853c80ef3c3749fdaa49938b674adae6?scale=2",
+        redirect: "/renders/body/853c80ef3c3749fdaa49938b674adae6?scale=2",
       },
       "body render with non-existent uuid defaulting to url": {
         url: "http://localhost:3000/renders/body/00000000000000000000000000000000?scale=2&default=http%3A%2F%2Fexample.com%2FCaseSensitive",
@@ -447,7 +443,7 @@ describe("Crafatar", function() {
       },
       "overlay body render with existing uuid": {
         url: "http://localhost:3000/renders/body/853c80ef3c3749fdaa49938b674adae6?scale=2&overlay",
-        crc32: [1107696668],
+        crc32: [2441671793],
       },
       "overlay body render with non-existent uuid": {
         url: "http://localhost:3000/renders/body/00000000000000000000000000000000?scale=2&overlay",
@@ -455,7 +451,7 @@ describe("Crafatar", function() {
       },
       "overlay body render with non-existent uuid defaulting to mhf_alex": {
         url: "http://localhost:3000/renders/body/00000000000000000000000000000000?scale=2&overlay&default=mhf_alex",
-        crc32: [4280894468],
+        crc32: [1255106465],
       },
       "overlay body render with non-existent uuid defaulting to url": {
         url: "http://localhost:3000/renders/body/00000000000000000000000000000000?scale=2&overlay&default=http%3A%2F%2Fexample.com%2FCaseSensitive",
@@ -539,7 +535,7 @@ describe("Crafatar", function() {
     });
 
     it("should return a 422 (invalid render type)", function(done) {
-      request.get("http://localhost:3000/renders/invalid/2d5aa9cdaeb049189930461fc9b91cc5", function(error, res, body) {
+      request.get("http://localhost:3000/renders/invalid/Jake_0", function(error, res, body) {
         assert.ifError(error);
         assert.strictEqual(res.statusCode, 422);
         done();
@@ -568,30 +564,6 @@ describe("Crafatar", function() {
         });
       }(loc));
     }
-
-    it("should return /public resources", function(done) {
-      request.get("http://localhost:3000/javascript/crafatar.js", function(error, res, body) {
-        assert.ifError(error);
-        assert.strictEqual(res.statusCode, 200);
-        done();
-      });
-    });
-
-    it("should not allow path traversal on /public", function(done) {
-      request.get("http://localhost:3000/../server.js", function(error, res, body) {
-        assert.ifError(error);
-        assert.strictEqual(res.statusCode, 404);
-        done();
-      });
-    });
-
-    it("should not allow encoded path traversal on /public", function(done) {
-      request.get("http://localhost:3000/%2E%2E/server.js", function(error, res, body) {
-        assert.ifError(error);
-        assert.strictEqual(res.statusCode, 404);
-        done();
-      });
-    });
   });
 
   // we have to make sure that we test both a 32x64 and 64x64 skin
@@ -612,7 +584,7 @@ describe("Crafatar", function() {
 
   describe("Networking: Cape", function() {
     it("should not fail (guaranteed cape)", function(done) {
-      helpers.get_cape(rid(), "61699b2ed3274a019f1e0ea8c3f06bc6", function(err, hash, status, img) {
+      helpers.get_cape(rid(), "Dinnerbone", function(err, hash, status, img) {
         assert.strictEqual(err, null);
         done();
       });
@@ -621,13 +593,13 @@ describe("Crafatar", function() {
       before(function() {
         cache.get_redis().flushall();
       });
-      helpers.get_cape(rid(), "61699b2ed3274a019f1e0ea8c3f06bc6", function(err, hash, status, img) {
+      helpers.get_cape(rid(), "Dinnerbone", function(err, hash, status, img) {
         assert.strictEqual(err, null);
         done();
       });
     });
     it("should not be found", function(done) {
-      helpers.get_cape(rid(), "2d5aa9cdaeb049189930461fc9b91cc5", function(err, hash, status, img) {
+      helpers.get_cape(rid(), "Jake_0", function(err, hash, status, img) {
         assert.ifError(err);
         assert.strictEqual(img, null);
         done();
@@ -637,7 +609,7 @@ describe("Crafatar", function() {
 
   describe("Networking: Skin", function() {
     it("should not fail", function(done) {
-      helpers.get_cape(rid(), "2d5aa9cdaeb049189930461fc9b91cc5", function(err, hash, status, img) {
+      helpers.get_cape(rid(), "Jake_0", function(err, hash, status, img) {
         assert.strictEqual(err, null);
         done();
       });
@@ -646,7 +618,7 @@ describe("Crafatar", function() {
       before(function() {
         cache.get_redis().flushall();
       });
-      helpers.get_cape(rid(), "2d5aa9cdaeb049189930461fc9b91cc5", function(err, hash, status, img) {
+      helpers.get_cape(rid(), "Jake_0", function(err, hash, status, img) {
         assert.strictEqual(err, null);
         done();
       });
@@ -714,16 +686,15 @@ describe("Crafatar", function() {
       cache.get_redis().flushall();
     });
 
-    // Mojang has changed its rate limiting, so we no longer expect to hit the rate limit
+    it("uuid SHOULD be rate limited", function(done) {
-    // it("uuid SHOULD be rate limited", function(done) {
+      networking.get_profile(rid(), uuid, function() {
-    //   networking.get_profile(rid(), uuid, function() {
+        networking.get_profile(rid(), uuid, function(err, profile) {
-    //     networking.get_profile(rid(), uuid, function(err, profile) {
+          assert.strictEqual(err.toString(), "HTTP: 429");
-    //       assert.strictEqual(err.toString(), "HTTP: 429");
+          assert.strictEqual(profile, null);
-    //       assert.strictEqual(profile, null);
+          done();
-    //       done();
+        });
-    //     });
+      });
-    //   });
+    });
-    // });
 
     it("CloudFront rate limit is handled", function(done) {
       var original_rate_limit = config.server.sessions_rate_limit;