Skip to content

Latest commit

 

History

History
33 lines (27 loc) · 1.81 KB

README.md

File metadata and controls

33 lines (27 loc) · 1.81 KB

Profilecerts

A microservice that implements an API for accessing a player's certificate.

Routes:

  • POST /certificates - analog of Mojang's Player Certificates API.
  • GET /publickeys - returns the public key used to sign certificates. The response format is the same as there, but only includes the playerCertificateKeys key.
  • GET /healthcheck - service's health check endpoint.

Env config params:

  • DEBUG - enable debug output. Default false.
  • ACCOUNTS_URL - base url to the Accounts Ely.by deployment. Default https://account.ely.by.
  • SIGNING_KEY - an RSA private key in PEM format, used to sign profiles certificates. Autogenerated when not specified. You can generate a new one by using ssh-keygen -t rsa -m pem -b 4096 -N "" command.
  • DB_MYSQL_USER.
  • DB_MYSQL_PASSWORD.
  • DB_MYSQL_HOST.
  • DB_MYSQL_PORT.
  • DB_MYSQL_PROTOCOL.
  • DB_REDIS_HOST.
  • DB_REDIS_PORT.
  • SENTRY_DSN.
  • SENTRY_ENVIRONMENT.
  • SENTRY_ENABLE_TRACING.
  • SENTRY_TRACES_SAMPLE_RATE.

Development

This is an Ely.by's internal service. If you want to use this implementation in your project, you should create a fork and make the changes required by your infrastructure.

Recommendations for adaptation:

  • You will most likely need to change the implementation of the AuthReader interface to match the structure of your tokens and their permissions.
  • We use MySQL because there is no user's UUID in Ely.by's JWT tokens. If your tokens contain them (Mojang's does), you can give up one of the databases.
  • You may not necessarily need to store tokens in persistent storage (Redis in our case). If you give certificates a short lifetime, you can store them in memory.