A microservice that implements an API for accessing a player's certificate.
Routes:
POST /certificates- analog of Mojang's Player Certificates API.GET /publickeys- returns the public key used to sign certificates. The response format is the same as there, but only includes theplayerCertificateKeyskey.GET /healthcheck- service's health check endpoint.
Env config params:
DEBUG- enable debug output. Defaultfalse.ACCOUNTS_URL- base url to the Accounts Ely.by deployment. Defaulthttps://account.ely.by.SIGNING_KEY- an RSA private key in PEM format, used to sign profiles certificates. Autogenerated when not specified. You can generate a new one by usingssh-keygen -t rsa -m pem -b 4096 -N ""command.DB_MYSQL_USER.DB_MYSQL_PASSWORD.DB_MYSQL_HOST.DB_MYSQL_PORT.DB_MYSQL_PROTOCOL.DB_REDIS_HOST.DB_REDIS_PORT.SENTRY_DSN.SENTRY_ENVIRONMENT.SENTRY_ENABLE_TRACING.SENTRY_TRACES_SAMPLE_RATE.
This is an Ely.by's internal service. If you want to use this implementation in your project, you should create a fork and make the changes required by your infrastructure.
Recommendations for adaptation:
- You will most likely need to change the implementation of the
AuthReaderinterface to match the structure of your tokens and their permissions. - We use MySQL because there is no user's UUID in Ely.by's JWT tokens. If your tokens contain them (Mojang's does), you can give up one of the databases.
- You may not necessarily need to store tokens in persistent storage (Redis in our case). If you give certificates a short lifetime, you can store them in memory.