Compare commits
1 Commits
dev
...
4e9b01ce1f
| Author | SHA1 | Date | |
|---|---|---|---|
4e9b01ce1f
|
@@ -15,14 +15,8 @@ jobs:
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Pre Setup NodeJS
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '18.x'
|
||||
- name: For act to work
|
||||
run: npm -g install yarn
|
||||
- name: Setup NodeJS
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: '18.x'
|
||||
cache: 'yarn'
|
||||
@@ -30,8 +24,6 @@ jobs:
|
||||
- name: Build Frontend
|
||||
run: |
|
||||
make assets
|
||||
rm -rf /host/${{ gitea.workspace }} && mkdir -p /host/${{ gitea.workspace }}
|
||||
cp -a . /host/${{ gitea.workspace }}/
|
||||
- name: Build Yggdrasil Server
|
||||
uses: crazy-max/ghaction-xgo@v2
|
||||
with:
|
||||
@@ -39,18 +31,36 @@ jobs:
|
||||
go_version: 1.24
|
||||
dest: build
|
||||
prefix: yggdrasil
|
||||
targets: linux/amd64,linux/arm64
|
||||
targets: windows/amd64,linux/amd64,linux/arm64,darwin/amd64,darwin/arm64
|
||||
v: true
|
||||
x: false
|
||||
race: false
|
||||
ldflags: -s -w -buildid=
|
||||
tags: nomsgpack sqlite mysql
|
||||
trimpath: true
|
||||
- name: Store Back Binaries
|
||||
|
||||
- name: Create ZIP archive
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
run: |
|
||||
cp -a /host/${{ gitea.workspace }}/build/. build
|
||||
cp -rv ./config_example.ini ./assets ./build/ || exit 1
|
||||
pushd build || exit 1
|
||||
ls -1 yggdrasil-* | while read LINE; do
|
||||
PREFIX="${LINE%.*}"
|
||||
SUFFIX="$(echo "$LINE" | grep -osE '\.\w+' || printf '')"
|
||||
cp -v "$LINE" "yggdrasil$SUFFIX"
|
||||
FILE="../$PREFIX.zip"
|
||||
zip -9v "$FILE" "yggdrasil$SUFFIX" *.ini assets
|
||||
DGST="$FILE.dgst"
|
||||
openssl dgst -md5 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
|
||||
openssl dgst -sha1 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
|
||||
openssl dgst -sha256 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
|
||||
openssl dgst -sha512 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
|
||||
done
|
||||
popd || exit 1
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
- name: Login to Docker Registry
|
||||
@@ -61,8 +71,9 @@ jobs:
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v3
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: docker.sunxinao.cn/gardel/yggdrasil-go:latest
|
||||
tags: docker.sunxinao.cn/gardel/yggdrasil-go:latest, docker.sunxinao.cn/gardel/yggdrasil-go:${{ github.ref_name }}
|
||||
|
||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@@ -52,7 +52,7 @@ jobs:
|
||||
SUFFIX="$(echo "$LINE" | grep -osE '\.\w+' || printf '')"
|
||||
cp -v "$LINE" "yggdrasil$SUFFIX"
|
||||
FILE="../$PREFIX.zip"
|
||||
zip -9rv "$FILE" "yggdrasil$SUFFIX" *.ini assets
|
||||
zip -9v "$FILE" "yggdrasil$SUFFIX" *.ini assets
|
||||
DGST="$FILE.dgst"
|
||||
openssl dgst -md5 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
|
||||
openssl dgst -sha1 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
FROM debian:12-slim
|
||||
FROM alpine:latest
|
||||
|
||||
LABEL maintainer="Gardel <sunxinao@hotmail.com>"
|
||||
LABEL "Description"="Go Yggdrasil Server"
|
||||
|
||||
RUN apt-get update && apt-get install -y ca-certificates
|
||||
RUN update-ca-certificates
|
||||
ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
RUN mkdir -p /app
|
||||
|
||||
@@ -62,9 +62,8 @@ type HomeRouter interface {
|
||||
}
|
||||
|
||||
type homeRouterImpl struct {
|
||||
serverMeta ServerMeta
|
||||
myPubKey KeyPair
|
||||
cachedPubKey *PublicKeys
|
||||
serverMeta ServerMeta
|
||||
myPubKey KeyPair
|
||||
}
|
||||
|
||||
func NewHomeRouter(meta *ServerMeta) HomeRouter {
|
||||
@@ -82,10 +81,6 @@ func (h *homeRouterImpl) Home(c *gin.Context) {
|
||||
}
|
||||
|
||||
func (h *homeRouterImpl) PublicKeys(c *gin.Context) {
|
||||
if h.cachedPubKey != nil {
|
||||
c.JSON(http.StatusOK, h.cachedPubKey)
|
||||
return
|
||||
}
|
||||
publicKeys := PublicKeys{}
|
||||
err := util.GetObject("https://api.minecraftservices.com/publickeys", &publicKeys)
|
||||
if err != nil {
|
||||
@@ -95,5 +90,4 @@ func (h *homeRouterImpl) PublicKeys(c *gin.Context) {
|
||||
publicKeys.ProfilePropertyKeys = append(publicKeys.ProfilePropertyKeys, h.myPubKey)
|
||||
publicKeys.PlayerCertificateKeys = append(publicKeys.PlayerCertificateKeys, h.myPubKey)
|
||||
c.JSON(http.StatusOK, publicKeys)
|
||||
h.cachedPubKey = &publicKeys
|
||||
}
|
||||
|
||||
@@ -118,7 +118,7 @@ func (u *userServiceImpl) Register(username, password, profileName, ip string) (
|
||||
} else if _, err := mojangUsernameToUUID(profileName); err == nil {
|
||||
return nil, util.NewForbiddenOperationError("profileName duplicate")
|
||||
}
|
||||
matched, err := regexp.MatchString("^\\w+@(\\w){2,}((\\.\\w+)+)$", username)
|
||||
matched, err := regexp.MatchString("^(\\w){3,}(\\.\\w+)*@(\\w){2,}((\\.\\w+)+)$", username)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -394,35 +394,29 @@ func (u *userServiceImpl) QueryProfile(profileId uuid.UUID, unsigned bool, textu
|
||||
|
||||
func (u *userServiceImpl) ProfileKey(accessToken string) (resp *ProfileKeyResponse, err error) {
|
||||
token, ok := u.tokenService.GetToken(accessToken)
|
||||
var profileId uuid.UUID
|
||||
if ok && token.GetAvailableLevel() == model.Valid {
|
||||
profileId = token.SelectedProfile.Id
|
||||
resp = new(ProfileKeyResponse)
|
||||
now := time.Now().UTC()
|
||||
resp.RefreshedAfter = now
|
||||
resp.ExpiresAt = now.Add(time.Hour * 24 * 90)
|
||||
keyPair, err := u.getProfileKey(token.SelectedProfile.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp.KeyPair = keyPair
|
||||
signStr := fmt.Sprintf("%d%s", resp.ExpiresAt.UnixMilli(), keyPair.PublicKey)
|
||||
sign, err := util.Sign(signStr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp.PublicKeySignature = sign
|
||||
resp.PublicKeySignatureV2 = sign
|
||||
} else {
|
||||
id, _, err := util.ParseOfficialToken(accessToken)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
profileId, err = util.ToUUID(id)
|
||||
err = util.PostForString("https://api.minecraftservices.com/player/certificates", accessToken, []byte(""), resp)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
resp = new(ProfileKeyResponse)
|
||||
now := time.Now().UTC()
|
||||
resp.RefreshedAfter = now
|
||||
resp.ExpiresAt = now.Add(90 * 24 * time.Hour)
|
||||
keyPair, err := u.getProfileKey(profileId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp.KeyPair = keyPair
|
||||
signStr := fmt.Sprintf("%d%s", resp.ExpiresAt.UnixMilli(), keyPair.PublicKey)
|
||||
sign, err := util.Sign(signStr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp.PublicKeySignature = sign
|
||||
resp.PublicKeySignatureV2 = sign
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -1,75 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2025. Gardel <sunxinao@hotmail.com> and contributors
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type officialTokenPayload struct {
|
||||
Xuid string `json:"xuid"`
|
||||
Agg string `json:"agg"`
|
||||
Sub string `json:"sub"`
|
||||
Auth string `json:"auth"`
|
||||
Ns string `json:"ns"`
|
||||
Roles []interface{} `json:"roles"`
|
||||
Iss string `json:"iss"`
|
||||
Flags []string `json:"flags"`
|
||||
Profiles struct {
|
||||
Mc string `json:"mc"`
|
||||
} `json:"profiles"`
|
||||
Platform string `json:"platform"`
|
||||
Pfd []struct {
|
||||
Type string `json:"type"`
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
} `json:"pfd"`
|
||||
Nbf int `json:"nbf"`
|
||||
Exp int `json:"exp"`
|
||||
Iat int `json:"iat"`
|
||||
}
|
||||
|
||||
func ParseOfficialToken(token string) (id, name string, err error) {
|
||||
firstDot := strings.IndexRune(token, '.')
|
||||
if firstDot == -1 {
|
||||
return id, name, errors.New("invalid token")
|
||||
}
|
||||
secondDot := 1 + firstDot + strings.IndexRune(token[firstDot+1:], '.')
|
||||
if secondDot == -1 {
|
||||
return id, name, errors.New("invalid token")
|
||||
}
|
||||
jsonBase64 := token[firstDot+1 : secondDot]
|
||||
jsonDecoded, err := base64.RawURLEncoding.DecodeString(jsonBase64)
|
||||
if err != nil {
|
||||
return id, name, err
|
||||
}
|
||||
payload := officialTokenPayload{}
|
||||
err = json.Unmarshal(jsonDecoded, &payload)
|
||||
if err != nil {
|
||||
return id, name, err
|
||||
}
|
||||
if payload.Pfd == nil || len(payload.Pfd) == 0 {
|
||||
return id, name, errors.New("invalid token")
|
||||
}
|
||||
id = payload.Pfd[0].Id
|
||||
name = payload.Pfd[0].Name
|
||||
return id, name, nil
|
||||
}
|
||||
Reference in New Issue
Block a user