feat: 添加 gitea 构建脚本

.gitea/workflows/build.yaml

@@ -29,26 +29,41 @@ jobs:
           cache-dependency-path: frontend
       - name: Build Frontend
         run: |
+          mkdir build
           make assets
-          rm -rf /host/${{ gitea.workspace }} && mkdir -p /host/${{ gitea.workspace }}
-          cp -a . /host/${{ gitea.workspace }}/
       - name: Build Yggdrasil Server
         uses: crazy-max/ghaction-xgo@v2
         with:
           xgo_version: latest
           go_version: 1.24
-          dest: build
+          dest: "${{ gitea.workspace }}/build"
           prefix: yggdrasil
-          targets: linux/amd64,linux/arm64
+          targets: windows/amd64,linux/amd64,linux/arm64,darwin/amd64,darwin/arm64
           v: true
           x: false
           race: false
           ldflags: -s -w -buildid=
           tags: nomsgpack sqlite mysql
           trimpath: true
-      - name: Store Back Binaries
+
+      - name: Create ZIP archive
         run: |
-          cp -a /host/${{ gitea.workspace }}/build/. build
+          cp -rv ./config_example.ini ./assets ./build/ || exit 1
+          pushd build || exit 1
+          ls -1 yggdrasil-* | while read LINE; do
+          PREFIX="${LINE%.*}"
+          SUFFIX="$(echo "$LINE" | grep -osE '\.\w+' || printf '')"
+          cp -v "$LINE" "yggdrasil$SUFFIX"
+          FILE="../$PREFIX.zip"
+          zip -9rv "$FILE" "yggdrasil$SUFFIX" *.ini assets
+          DGST="$FILE.dgst"
+          openssl dgst -md5    "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
+          openssl dgst -sha1   "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
+          openssl dgst -sha256 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
+          openssl dgst -sha512 "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
+          done
+          popd || exit 1
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx

Dockerfile

@@ -1,10 +1,8 @@
-FROM debian:12-slim
+FROM alpine:latest
 
 LABEL maintainer="Gardel <sunxinao@hotmail.com>"
 LABEL "Description"="Go Yggdrasil Server"
 
-RUN apt-get update && apt-get install -y ca-certificates
-RUN update-ca-certificates
 ARG TARGETOS
 ARG TARGETARCH
 RUN mkdir -p /app

router/home_router.go

@@ -62,9 +62,8 @@ type HomeRouter interface {
 }
 
 type homeRouterImpl struct {
-	serverMeta   ServerMeta
+	serverMeta ServerMeta
-	myPubKey     KeyPair
+	myPubKey   KeyPair
-	cachedPubKey *PublicKeys
 }
 
 func NewHomeRouter(meta *ServerMeta) HomeRouter {
@@ -82,10 +81,6 @@ func (h *homeRouterImpl) Home(c *gin.Context) {
 }
 
 func (h *homeRouterImpl) PublicKeys(c *gin.Context) {
-	if h.cachedPubKey != nil {
-		c.JSON(http.StatusOK, h.cachedPubKey)
-		return
-	}
 	publicKeys := PublicKeys{}
 	err := util.GetObject("https://api.minecraftservices.com/publickeys", &publicKeys)
 	if err != nil {
@@ -95,5 +90,4 @@ func (h *homeRouterImpl) PublicKeys(c *gin.Context) {
 	publicKeys.ProfilePropertyKeys = append(publicKeys.ProfilePropertyKeys, h.myPubKey)
 	publicKeys.PlayerCertificateKeys = append(publicKeys.PlayerCertificateKeys, h.myPubKey)
 	c.JSON(http.StatusOK, publicKeys)
-	h.cachedPubKey = &publicKeys
 }

service/user_service.go

@@ -118,7 +118,7 @@ func (u *userServiceImpl) Register(username, password, profileName, ip string) (
 	} else if _, err := mojangUsernameToUUID(profileName); err == nil {
 		return nil, util.NewForbiddenOperationError("profileName duplicate")
 	}
-	matched, err := regexp.MatchString("^\\w+@(\\w){2,}((\\.\\w+)+)$", username)
+	matched, err := regexp.MatchString("^(\\w){3,}(\\.\\w+)*@(\\w){2,}((\\.\\w+)+)$", username)
 	if err != nil {
 		return nil, err
 	}
@@ -394,35 +394,29 @@ func (u *userServiceImpl) QueryProfile(profileId uuid.UUID, unsigned bool, textu
 
 func (u *userServiceImpl) ProfileKey(accessToken string) (resp *ProfileKeyResponse, err error) {
 	token, ok := u.tokenService.GetToken(accessToken)
-	var profileId uuid.UUID
 	if ok && token.GetAvailableLevel() == model.Valid {
-		profileId = token.SelectedProfile.Id
+		resp = new(ProfileKeyResponse)
+		now := time.Now().UTC()
+		resp.RefreshedAfter = now
+		resp.ExpiresAt = now.Add(10 * time.Minute)
+		keyPair, err := u.getProfileKey(token.SelectedProfile.Id)
+		if err != nil {
+			return nil, err
+		}
+		resp.KeyPair = keyPair
+		signStr := fmt.Sprintf("%d%s", resp.ExpiresAt.UnixMilli(), keyPair.PublicKey)
+		sign, err := util.Sign(signStr)
+		if err != nil {
+			return nil, err
+		}
+		resp.PublicKeySignature = sign
+		resp.PublicKeySignatureV2 = sign
 	} else {
-		id, _, err := util.ParseOfficialToken(accessToken)
+		err = util.PostForString("https://api.minecraftservices.com/player/certificates", accessToken, []byte(""), resp)
-		if err != nil {
-			return nil, err
-		}
-		profileId, err = util.ToUUID(id)
 		if err != nil {
 			return nil, err
 		}
 	}
-	resp = new(ProfileKeyResponse)
-	now := time.Now().UTC()
-	resp.RefreshedAfter = now
-	resp.ExpiresAt = now.Add(90 * 24 * time.Hour)
-	keyPair, err := u.getProfileKey(profileId)
-	if err != nil {
-		return nil, err
-	}
-	resp.KeyPair = keyPair
-	signStr := fmt.Sprintf("%d%s", resp.ExpiresAt.UnixMilli(), keyPair.PublicKey)
-	sign, err := util.Sign(signStr)
-	if err != nil {
-		return nil, err
-	}
-	resp.PublicKeySignature = sign
-	resp.PublicKeySignatureV2 = sign
 	return resp, nil
 }
 

util/token_utils.go

@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2025. Gardel <sunxinao@hotmail.com> and contributors
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package util
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"strings"
-)
-
-type officialTokenPayload struct {
-	Xuid     string        `json:"xuid"`
-	Agg      string        `json:"agg"`
-	Sub      string        `json:"sub"`
-	Auth     string        `json:"auth"`
-	Ns       string        `json:"ns"`
-	Roles    []interface{} `json:"roles"`
-	Iss      string        `json:"iss"`
-	Flags    []string      `json:"flags"`
-	Profiles struct {
-		Mc string `json:"mc"`
-	} `json:"profiles"`
-	Platform string `json:"platform"`
-	Pfd      []struct {
-		Type string `json:"type"`
-		Id   string `json:"id"`
-		Name string `json:"name"`
-	} `json:"pfd"`
-	Nbf int `json:"nbf"`
-	Exp int `json:"exp"`
-	Iat int `json:"iat"`
-}
-
-func ParseOfficialToken(token string) (id, name string, err error) {
-	firstDot := strings.IndexRune(token, '.')
-	if firstDot == -1 {
-		return id, name, errors.New("invalid token")
-	}
-	secondDot := 1 + firstDot + strings.IndexRune(token[firstDot+1:], '.')
-	if secondDot == -1 {
-		return id, name, errors.New("invalid token")
-	}
-	jsonBase64 := token[firstDot+1 : secondDot]
-	jsonDecoded, err := base64.RawURLEncoding.DecodeString(jsonBase64)
-	if err != nil {
-		return id, name, err
-	}
-	payload := officialTokenPayload{}
-	err = json.Unmarshal(jsonDecoded, &payload)
-	if err != nil {
-		return id, name, err
-	}
-	if payload.Pfd == nil || len(payload.Pfd) == 0 {
-		return id, name, errors.New("invalid token")
-	}
-	id = payload.Pfd[0].Id
-	name = payload.Pfd[0].Name
-	return id, name, nil
-}