feat: 添加 gitea 构建脚本

.gitea/workflows/build.yaml

@@ -0,0 +1,68 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - dev
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    env:
+      CGO_ENABLED: 1
+    steps:
+      - name: Checkout codebase
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Pre Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18.x'
+      - name: For act to work
+        run: npm -g install yarn
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18.x'
+          cache: 'yarn'
+          cache-dependency-path: frontend
+      - name: Build Frontend
+        run: |
+          make assets
+          rm -rf /host/${{ gitea.workspace }} && mkdir -p /host/${{ gitea.workspace }}
+          cp -a . /host/${{ gitea.workspace }}/
+      - name: Build Yggdrasil Server
+        uses: crazy-max/ghaction-xgo@v2
+        with:
+          xgo_version: latest
+          go_version: 1.24
+          dest: build
+          prefix: yggdrasil
+          targets: linux/amd64,linux/arm64
+          v: true
+          x: false
+          race: false
+          ldflags: -s -w -buildid=
+          tags: nomsgpack sqlite mysql
+          trimpath: true
+      - name: Store Back Binaries
+        run: |
+          cp -a /host/${{ gitea.workspace }}/build/. build
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: docker.sunxinao.cn
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: docker.sunxinao.cn/gardel/yggdrasil-go:latest

.github/workflows/release.yml

@@ -31,7 +31,7 @@ jobs:
         uses: crazy-max/ghaction-xgo@v2
         with:
           xgo_version: latest
-          go_version: 1.19
+          go_version: 1.24
           dest: build
           prefix: yggdrasil
           targets: windows/amd64,linux/amd64,linux/arm64,darwin/amd64,darwin/arm64
@@ -45,14 +45,14 @@ jobs:
       - name: Create ZIP archive
         if: startsWith(github.ref, 'refs/tags/')
         run: |
-          cp -v ./config_example.ini ./build || exit 1
+          cp -rv ./config_example.ini ./assets ./build/ || exit 1
           pushd build || exit 1
           ls -1 yggdrasil-* | while read LINE; do
           PREFIX="${LINE%.*}"
           SUFFIX="$(echo "$LINE" | grep -osE '\.\w+' || printf '')"
           cp -v "$LINE" "yggdrasil$SUFFIX"
           FILE="../$PREFIX.zip"
-          zip -9v "$FILE" "yggdrasil$SUFFIX" *.ini
+          zip -9rv "$FILE" "yggdrasil$SUFFIX" *.ini assets
           DGST="$FILE.dgst"
           openssl dgst -md5    "$FILE" | sed 's/([^)]*)//g' >>"$DGST"
           openssl dgst -sha1   "$FILE" | sed 's/([^)]*)//g' >>"$DGST"

Dockerfile

@@ -1,8 +1,10 @@
-FROM alpine:latest
+FROM debian:12-slim
 
 LABEL maintainer="Gardel <sunxinao@hotmail.com>"
 LABEL "Description"="Go Yggdrasil Server"
 
+RUN apt-get update && apt-get install -y ca-certificates
+RUN update-ca-certificates
 ARG TARGETOS
 ARG TARGETARCH
 RUN mkdir -p /app
@@ -10,6 +12,7 @@ COPY "build/yggdrasil-${TARGETOS}-${TARGETARCH}" /app/yggdrasil
 
 EXPOSE 8080
 VOLUME /app/data
+COPY assets /app/data/assets/
 
 WORKDIR /app/data
 ENTRYPOINT ["/app/yggdrasil"]

Makefile

@@ -10,7 +10,7 @@ PACKAGE_NAME = yggdrasil.tar.gz
 
 default: $(BINARY)
 
-$(BINARY):
+$(BINARY):assets
 	$(GO_BUILD) -tags='nomsgpack,sqlite,mysql' -o $(BINARY)
 
 get:
@@ -23,7 +23,7 @@ assets:
 	cp -r frontend/dist/. assets/
 
 package:$(BINARY)
-	tar -zcf $(PACKAGE_NAME) $(BINARY) config_example.ini
+	tar -zcf $(PACKAGE_NAME) $(BINARY) config_example.ini assets
 
 clean:
 	-$(GO_CLEAN)

README.md

@@ -16,6 +16,12 @@
 
 禁止其他违反 [EULA](https://account.mojang.com/documents/minecraft_eula) 的行为。
 
+## 准备
+
++ 运行 Linux, Windows 或 MacOS 的主机
++ SMTP 服务器和账号用于发送密码找回邮件
++ MySQL 数据库（如果使用 sqlite 则不需要）
+
 ## 用法
 
 下载或编译得到可执行文件并运行，将会自动生成所需的配置文件和数据库文件。
@@ -33,3 +39,11 @@
 ```shell
 docker run -d --name yggdrasil-go -v $(pwd)/data:/app/data -p 8080:8080 gardel/yggdrasil-go:latest
 ```
+
+## 计划
+
+- [x] 支持密码重置
+- [ ] 支持不同的数据库如 PostgreSQL 等
+- [ ] 添加选项以支持完全离线模式（不检查 Mojang 接口）
+- [ ] 添加选项以禁用邮箱验证
+- [ ] 令牌持久化防止升级和重启时令牌生效

config_example.ini

@@ -37,3 +37,127 @@ private_key_file = private.pem
 
 ;公钥存储路径
 public_key_file  = public.pem
+
+[smtp]
+; 发件服务器地址
+smtp_server             = localhost
+
+; 发件服务器端口
+smtp_port               = 25
+
+; 服务器使用 SSL (StartTLS 填否)
+smtp_ssl                = false
+
+; 发件人
+email_from              = Go Yggdrasil Server <mc@example.com>
+
+; 服务器认证用户名
+smtp_user               = mc@example.com
+
+; 服务器认证密码
+smtp_password           = 123456
+
+; 邮件标题前缀
+title_prefix            = [A Mojang Yggdrasil Server]
+
+; 注册邮件模板
+register_template       = """<!DOCTYPE html>
+    <html>
+    <head>
+        <meta charset="UTF-8">
+        <style>
+            .email-container {
+                font-family: Arial, sans-serif;
+                padding: 10px;
+                border: 1px solid #ccc;
+                border-radius: 5px;
+            }
+            .email-header {
+                font-weight: bold;
+                color: #333;
+                margin-bottom: 10px;
+            }
+            .email-body {
+                margin-bottom: 20px;
+                color: #555;
+            }
+            .email-footer {
+                font-style: italic;
+                color: #777;
+            }
+            .reset-link {
+                background-color: #007bff;
+                color: white;
+                text-decoration: none;
+                padding: 10px 15px;
+                border-radius: 3px;
+            }
+        </style>
+    </head>
+    <body>
+    <div class="email-container">
+        <div class="email-header">验证邮箱地址</div>
+        <div class="email-body">
+            你好！你刚才在 A Mojang Yggdrasil Server 申请创建账户。如果你没有发起请求，请忽视此邮件。
+            <br><br>
+            若要继续，请点击下面的链接进行安全验证：
+            <br><br>
+            <a href="http://localhost:8080/profile/#emailVerifyToken={{.AccessToken}}" class="reset-link">安全验证</a>
+            <pre>http://localhost:8080/profile/#emailVerifyToken={{.AccessToken}}</pre>
+        </div>
+        <div class="email-footer">如果链接无法点击，请复制并粘贴到浏览器地址栏中访问。</div>
+    </div>
+    </body>
+    </html>
+    """
+
+; 重置密码邮件模板
+reset_password_template = """<!DOCTYPE html>
+    <html>
+    <head>
+        <meta charset="UTF-8">
+        <style>
+            .email-container {
+                font-family: Arial, sans-serif;
+                padding: 10px;
+                border: 1px solid #ccc;
+                border-radius: 5px;
+            }
+            .email-header {
+                font-weight: bold;
+                color: #333;
+                margin-bottom: 10px;
+            }
+            .email-body {
+                margin-bottom: 20px;
+                color: #555;
+            }
+            .email-footer {
+                font-style: italic;
+                color: #777;
+            }
+            .reset-link {
+                background-color: #007bff;
+                color: white;
+                text-decoration: none;
+                padding: 10px 15px;
+                border-radius: 3px;
+            }
+        </style>
+    </head>
+    <body>
+    <div class="email-container">
+        <div class="email-header">密码重置</div>
+        <div class="email-body">
+            你好！有人请求重置你的 A Mojang Yggdrasil Server 账户密码。如果你没有发起请求，请忽视此邮件。
+            <br><br>
+            若要继续，请点击下面的链接进行安全验证：
+            <br><br>
+            <a href="http://localhost:8080/profile/resetPassword#passwordResetToken={{.AccessToken}}" class="reset-link">重置密码</a>
+            <pre>http://localhost:8080/profile/resetPassword#passwordResetToken={{.AccessToken}}</pre>
+        </div>
+        <div class="email-footer">如果链接无法点击，请复制并粘贴到浏览器地址栏中访问。</div>
+    </div>
+    </body>
+    </html>
+    """

frontend/package.json

@@ -9,30 +9,30 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@emotion/react": "^11.10.5",
+    "@emotion/react": "^11.14.0",
-    "@emotion/styled": "^11.10.5",
+    "@emotion/styled": "^11.14.0",
-    "@fontsource/roboto": "^4.5.8",
+    "@fontsource/roboto": "^5.2.5",
-    "@mui/icons-material": "^5.11.0",
+    "@mui/icons-material": "^7.0.1",
-    "@mui/material": "^5.11.6",
+    "@mui/material": "^7.0.1",
-    "@react-three/drei": "^9.56.12",
+    "@react-three/drei": "^10.0.5",
-    "@react-three/fiber": "^8.10.1",
+    "@react-three/fiber": "^9.1.0",
-    "@react-three/postprocessing": "^2.7.0",
+    "@react-three/postprocessing": "^3.0.4",
-    "axios": "^1.2.6",
+    "axios": "^1.8.4",
-    "notistack": "^2.0.8",
+    "notistack": "^3.0.2",
-    "postprocessing": "^6.29.3",
+    "postprocessing": "^6.37.2",
-    "react": "^18.2.0",
+    "react": "^19.1.0",
-    "react-dom": "^18.2.0",
+    "react-dom": "^19.1.0",
-    "react-hook-form": "^7.43.0",
+    "react-hook-form": "^7.55.0",
-    "three": "^0.148.0",
+    "three": "^0.175.0",
-    "three-stdlib": "^2.21.8"
+    "three-stdlib": "^2.35.14"
   },
   "devDependencies": {
-    "@types/react": "^18.0.26",
+    "@types/react": "^19.0.12",
-    "@types/react-dom": "^18.0.9",
+    "@types/react-dom": "^19.0.4",
-    "@types/three": "^0.148.0",
+    "@types/three": "^0.175.0",
-    "@vitejs/plugin-react": "^3.0.0",
+    "@vitejs/plugin-react": "^4.3.4",
-    "typescript": "^4.9.3",
+    "typescript": "^5.8.2",
-    "vite": "^4.0.0",
+    "vite": "^6.2.3",
-    "vite-plugin-mock-dev-server": "^0.3.16"
+    "vite-plugin-mock-dev-server": "^1.8.4"
   }
 }

frontend/src/app.tsx

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2023-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -18,6 +18,7 @@
 import React from 'react';
 import './app.css';
 import Login from './login';
+import PasswordReset from './reset';
 import {Container} from '@mui/material';
 import {AppState} from './types';
 import User from './user';
@@ -29,12 +30,13 @@ function App() {
     const [appData, setAppData] = React.useState(() => {
         const saved = localStorage.getItem('appData');
         return (saved ? JSON.parse(saved) : {
-            login: false,
+            login: 'register',
             accessToken: '',
             tokenValid: false,
             loginTime: 0,
             profileName: '',
-            uuid: ''
+            uuid: '',
+            passwordReset: false
         }) as AppState;
     });
 
@@ -95,11 +97,52 @@ function App() {
         });
     }
 
+    const path = window.location.pathname;
+    const hash = window.location.hash;
+    if (hash && hash.length > 1) {
+        const params = new URLSearchParams(hash.substring(1));
+        if (params.has('emailVerifyToken')) {
+            const token = params.get('emailVerifyToken');
+            axios.get('/authserver/verifyEmail?access_token=' + token)
+                .then(() => {
+                    window.location.replace('/profile/')
+                    enqueueSnackbar('邮箱验证通过', {variant: 'success'});
+                })
+                .catch(e => {
+                    const response = e.response;
+                    if (response && response.status >= 400 && response.status < 500) {
+                        let errorMessage = response.data.errorMessage ?? response.data;
+                        enqueueSnackbar('邮箱验证失败: ' + errorMessage, {variant: 'error'});
+                    } else {
+                        enqueueSnackbar('网络错误:' + e.message, {variant: 'error'});
+                    }
+                });
+        }
+    }
+    if (path === '/profile/resetPassword' || path === '/resetPassword') {
+        appData.passwordReset = true;
+        // setAppData(appData);
+    }
+
+    if (appData.tokenValid) {
         return (
             <Container maxWidth={'lg'}>
-            {appData.tokenValid ? <User appData={appData} setAppData={setAppData}/> : <Login appData={appData} setAppData={setAppData}/>}
+                <User appData={appData} setAppData={setAppData}/>
             </Container>
         );
+    } else if (appData.passwordReset) {
+        return (
+            <Container maxWidth={'lg'}>
+                <PasswordReset appData={appData} setAppData={setAppData}/>
+            </Container>
+        )
+    } else {
+        return (
+            <Container maxWidth={'lg'}>
+                <Login appData={appData} setAppData={setAppData}/>
+            </Container>
+        );
+    }
 }
 
 export default App;

frontend/src/login.tsx

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2023-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -48,9 +48,29 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
     const {enqueueSnackbar} = useSnackbar();
     const {register, handleSubmit, formState: {errors}} = useForm<Inputs>();
     const [submitting, setSubmitting] = React.useState(false);
+    const [submitText, setSubmitText] = React.useState('提交');
+    React.useEffect(() => {
+        if (submitting) {
+            return
+        }
+        switch (appData.login) {
+            case 'login':
+                setSubmitText('登录');
+                break;
+            case 'register':
+                setSubmitText('注册');
+                break;
+            case 'reset':
+                setSubmitText('重置');
+                break;
+            default:
+                setSubmitText('提交');
+                break;
+        }
+    }, [appData, submitting])
     const onSubmit: SubmitHandler<Inputs> = data => {
-        setSubmitting(true)
+        setSubmitting(true);
-        if (appData.login) {
+        if (appData.login === 'login') {
             axios.post('/authserver/authenticate', {
                 username: data.username,
                 password: data.password
@@ -80,7 +100,7 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
                     }
                 })
                 .finally(() => setSubmitting(false))
-        } else {
+        } else if (appData.login === 'register') {
             axios.post('/authserver/register', {
                 username: data.username,
                 password: data.password,
@@ -90,7 +110,7 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
                     let data = response.data
                     if (data && data.id) {
                         enqueueSnackbar("注册成功，uuid:" + data.id, {variant: 'success'});
-                        setLogin(true)
+                        setLogin('login')
                     } else {
                         enqueueSnackbar(data && data.errorMessage ? "注册失败: " + data.errorMessage: "注册失败", {variant: 'error'});
                     }
@@ -98,7 +118,7 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
                 .catch(e => {
                     const response = e.response;
                     if (response && response.data) {
-                        let errorMessage = response.data.errorMessage;
+                        let errorMessage = response.data.errorMessage ?? response.data;
                         let message =  "注册失败: " + errorMessage;
                         if (errorMessage === "profileName exist") {
                             message = "注册失败: 角色名已存在";
@@ -111,6 +131,38 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
                     }
                 })
                 .finally(() => setSubmitting(false))
+        } else if (appData.login === 'reset') {
+            const countdown = {
+                timeout: 60,
+            }
+            setSubmitText(`${countdown.timeout}`);
+            const timer = setInterval(() => {
+                countdown.timeout = countdown.timeout - 1;
+                if (countdown.timeout <= 0) {
+                    clearInterval(timer);
+                    setSubmitting(false);
+                    return
+                }
+                setSubmitting(true);
+                setSubmitText(`${countdown.timeout}`);
+            }, 1000);
+            axios.post('/authserver/sendEmail', {
+                email: data.username,
+                emailType: "resetPassword"
+            })
+                .then(() => {
+                    enqueueSnackbar("重置链接发送成功，请检查垃圾邮箱", {variant: 'success'});
+                })
+                .catch(e => {
+                    const response = e.response;
+                    if (response && response.data) {
+                        let errorMessage = response.data.errorMessage ?? response.data;
+                        enqueueSnackbar("发送失败: " + errorMessage, {variant: 'error'});
+                    } else {
+                        enqueueSnackbar('网络错误:' + e.message, {variant: 'error'});
+                    }
+                    countdown.timeout = 0;
+                });
         }
     };
 
@@ -122,7 +174,7 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
         event.preventDefault();
     };
 
-    const setLogin = (login: boolean) => setAppData((oldData: AppState) => {
+    const setLogin = (login: string) => setAppData((oldData: AppState) => {
         return {
             ...oldData,
             login
@@ -146,19 +198,21 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
                             required
                             error={errors.username && true}
                             type='email'
-                            inputProps={{
+                            slotProps={{
+                                htmlInput: {
                                     ...register('username', {required: true})
+                                }
                             }}
                         />
                     </div>
-                    <Collapse in={!appData.login} className='profileName'>
+                    <Collapse in={appData.login === 'register'} className='profileName'>
-                        <FormControl fullWidth variant="filled" required={!appData.login} error={errors.profileName && true}>
+                        <FormControl fullWidth variant="filled" required={appData.login === 'register'} error={errors.profileName && true}>
                             <InputLabel htmlFor="profileName-input">角色名</InputLabel>
                             <FilledInput
                                 id="profileName-input"
                                 name="profileName"
-                                required={!appData.login}
+                                required={appData.login === 'register'}
-                                inputProps={appData.login ? {} : {
+                                inputProps={appData.login !== 'register' ? {} : {
                                     minLength: '2', maxLength: 16,
                                     ...register('profileName', {required: true, minLength: 2, pattern: /^[a-zA-Z0-9_]{1,16}$/, maxLength: 16})
                                 }}
@@ -166,13 +220,13 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
                             <FocusedShowHelperText id="profileName-input-helper-text">字母，数字或下划线</FocusedShowHelperText>
                         </FormControl>
                     </Collapse>
-                    <div className='password'>
+                    <Collapse in={appData.login !== 'reset'} className='password'>
-                        <FormControl fullWidth variant="filled" required error={errors.password && true}>
+                        <FormControl fullWidth variant="filled" required={appData.login !== 'reset'} error={errors.password && true}>
                             <InputLabel htmlFor="password-input">密码</InputLabel>
                             <FilledInput
                                 id="password-input"
                                 name="password"
-                                required
+                                required={appData.login !== 'reset'}
                                 type={showPassword ? 'text' : 'password'}
                                 endAdornment={
                                     <InputAdornment position="end">
@@ -185,17 +239,19 @@ function Login(props: { appData: AppState, setAppData: React.Dispatch<React.SetS
                                         </IconButton>
                                     </InputAdornment>
                                 }
-                                inputProps={{
+                                inputProps={appData.login === 'reset' ? {} : {
                                     minLength: '6',
                                     ...register('password', {required: true, minLength: 6})
                                 }}
                             />
-                            <FocusedShowHelperText id="password-input-helper-text">警告: 暂无重置密码接口，请妥善保管密码</FocusedShowHelperText>
+                            <FocusedShowHelperText id="password-input-helper-text">请妥善保管密码</FocusedShowHelperText>
                         </FormControl>
-                    </div>
+                    </Collapse>
                     <div className='button-container'>
-                        <Button variant='contained' onClick={() => setLogin(!appData.login)} disabled={submitting}>{appData.login ? '注册' : '已有帐号登录'}</Button>
+                        {appData.login !== 'reset' && <Button variant='contained' onClick={() => setLogin('reset')}>忘记密码</Button>}
-                        <Button variant='contained' type='submit' disabled={submitting}>{appData.login ? '登录' : '注册'}</Button>
+                        {appData.login !== 'login' && <Button variant='contained' onClick={() => setLogin('login')}>已有账号登录</Button>}
+                        {appData.login !== 'register' && <Button variant='contained' onClick={() => setLogin('register')}>注册</Button>}
+                        <Button variant='contained' type='submit' disabled={submitting}>{submitText}</Button>
                     </div>
                 </Box>
             </Paper>

frontend/src/reset.css

@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2023-2025. Gardel <sunxinao@hotmail.com> and contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+.header {
+    text-align: center;
+}
+
+.reset-card {
+    padding: 14px 24px;
+    margin: auto;
+}
+
+.username,
+.password {
+    display: block;
+    width: 87%;
+    margin: 20px auto;
+}
+
+.button-container {
+    display: flex;
+    justify-content: flex-end;
+    width: 87%;
+    margin: auto;
+}
+
+.button-container button {
+    margin: 3px;
+}

frontend/src/reset.tsx

@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2023-2025. Gardel <sunxinao@hotmail.com> and contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import React from 'react';
+import Button from '@mui/material/Button';
+import {
+    Box,
+    Container,
+    FilledInput,
+    FormControl,
+    IconButton,
+    InputAdornment,
+    InputLabel,
+    Paper,
+    TextField
+} from '@mui/material';
+import {Visibility, VisibilityOff} from '@mui/icons-material';
+import {AppState} from './types';
+import './reset.css';
+import {SubmitHandler, useForm} from 'react-hook-form';
+import axios from 'axios';
+import {useSnackbar} from 'notistack';
+
+type Inputs = {
+    username: string,
+    profileName: string,
+    password: string
+};
+
+function PasswordReset(props: { appData: AppState, setAppData: React.Dispatch<React.SetStateAction<AppState>> }) {
+    const {appData, setAppData} = props;
+    const {enqueueSnackbar} = useSnackbar();
+    const {register, handleSubmit, formState: {errors}} = useForm<Inputs>();
+    const [submitting, setSubmitting] = React.useState(false);
+    const onSubmit: SubmitHandler<Inputs> = data => {
+        setSubmitting(true);
+        const hash = window.location.hash;
+        if (!hash) {
+            setSubmitting(false);
+            enqueueSnackbar('链接失效，请重新打开', {variant: 'error'});
+            return;
+        }
+        const params = new URLSearchParams(hash.substring(1));
+        axios.post('/authserver/resetPassword', {
+            email: data.username,
+            password: data.password,
+            accessToken: params.get('passwordResetToken'),
+        })
+            .then(() => {
+                toLogin();
+                window.location.replace('/profile/')
+                enqueueSnackbar("重置成功", {variant: 'success'});
+            })
+            .catch(e => {
+                const response = e.response;
+                if (response && response.status >= 400 && response.status < 500) {
+                    let errorMessage = response.data.errorMessage ?? response.data;
+                    enqueueSnackbar('重置失败: ' + errorMessage, {variant: 'error'});
+                } else {
+                    enqueueSnackbar('网络错误:' + e.message, {variant: 'error'});
+                }
+            })
+            .finally(() => setSubmitting(false))
+    };
+
+    const [showPassword, setShowPassword] = React.useState(false);
+
+    const handleClickShowPassword = () => setShowPassword((show) => !show);
+
+    const handleMouseDownPassword = (event: React.MouseEvent<HTMLButtonElement>) => {
+        event.preventDefault();
+    };
+
+    const toLogin = () => {
+        setAppData({
+            ...appData,
+            passwordReset: false
+        });
+    }
+
+    return (
+        <Container maxWidth={'sm'}>
+            <Paper className={'reset-card'}>
+                <section className="header">
+                    <h1>简陋重置密码页</h1>
+                </section>
+                <Box component="form" autoComplete="off" onSubmit={handleSubmit(onSubmit)}>
+                    <div className='username'>
+                        <TextField
+                            id="username-input"
+                            name='username'
+                            fullWidth
+                            label="邮箱"
+                            variant="filled"
+                            required
+                            error={errors.username && true}
+                            type='email'
+                            slotProps={{
+                                htmlInput: {
+                                    ...register('username', {required: true})
+                                }
+                            }}
+                        />
+                    </div>
+                    <div className='password'>
+                        <FormControl fullWidth variant="filled" required error={errors.password && true}>
+                            <InputLabel htmlFor="password-input">新密码</InputLabel>
+                            <FilledInput
+                                id="password-input"
+                                name="password"
+                                required
+                                type={showPassword ? 'text' : 'password'}
+                                endAdornment={
+                                    <InputAdornment position="end">
+                                        <IconButton
+                                            aria-label="显示密码"
+                                            onClick={handleClickShowPassword}
+                                            onMouseDown={handleMouseDownPassword}
+                                            edge="end">
+                                            {showPassword ? <VisibilityOff/> : <Visibility/>}
+                                        </IconButton>
+                                    </InputAdornment>
+                                }
+                                inputProps={{
+                                    minLength: '6',
+                                    ...register('password', {required: true, minLength: 6})
+                                }}
+                            />
+                        </FormControl>
+                    </div>
+                    <div className='button-container'>
+                        <Button variant='contained' onClick={toLogin}>登录</Button>
+                        <Button variant='contained' type='submit' disabled={submitting}>重置</Button>
+                    </div>
+                </Box>
+            </Paper>
+        </Container>
+    );
+}
+
+export default PasswordReset;

frontend/src/skinrender/skin-render.tsx

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2023-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -21,7 +21,7 @@ import {Canvas, RootState, useFrame, useLoader} from '@react-three/fiber';
 import React from 'react';
 import createPlayerModel from './utils';
 import {OrbitControls} from '@react-three/drei';
-import {EffectComposer, Vignette, SMAA, SSAO, SSR} from '@react-three/postprocessing';
+import {EffectComposer, SSAO} from '@react-three/postprocessing';
 import {BlendFunction} from 'postprocessing';
 
 function PlayerModel(props: { skinUrl: string, capeUrl?: string, slim?: boolean }) {
@@ -84,7 +84,7 @@ function SkinRender(props: { skinUrl: string, capeUrl?: string, slim?: boolean }
                         rangeFalloff={0.1}
                         luminanceInfluence={0.9}
                         radius={20}
-                        scale={0.5}
+                        resolutionScale={0.5}
                         bias={0.5}
                     />
                 </EffectComposer>

frontend/src/skinrender/utils.ts

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2023-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -99,7 +99,7 @@ function createCube(texture: THREE.Texture, width: number, height: number, depth
 }
 
 
-export default function createPlayerModel(skinTexture: THREE.Texture, capeTexture: THREE.Texture | null | undefined, v: number, slim: boolean = false, capeType?: string): THREE.Object3D<THREE.Event> {
+export default function createPlayerModel(skinTexture: THREE.Texture, capeTexture: THREE.Texture | null | undefined, v: number, slim: boolean = false, capeType?: string): THREE.Object3D<THREE.Object3DEventMap> {
     let headGroup = new THREE.Object3D();
     headGroup.name = 'headGroup';
     headGroup.position.x = 0;

frontend/src/types.d.ts

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2023-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -16,10 +16,11 @@
  */
 
 export type AppState = {
-    login: boolean
+    login: string
     accessToken: string
     tokenValid: boolean
     loginTime: number
     profileName: string
     uuid: string
+    passwordReset: boolean
 }

go.mod

@@ -1,40 +1,51 @@
 module yggdrasil-go
 
-go 1.17
+go 1.24
 
 require (
-	github.com/gin-contrib/cors v1.4.0
+	github.com/gin-contrib/cors v1.7.4
-	github.com/gin-gonic/gin v1.8.1
+	github.com/gin-gonic/gin v1.10.0
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.6.0
-	github.com/hashicorp/golang-lru v0.5.4
+	github.com/hashicorp/golang-lru v1.0.2
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
+	golang.org/x/crypto v0.36.0
-	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9
+	golang.org/x/time v0.11.0
 	gopkg.in/ini.v1 v1.67.0
-	gorm.io/driver/mysql v1.3.6
+	gorm.io/driver/mysql v1.5.7
-	gorm.io/driver/sqlite v1.3.6
+	gorm.io/driver/sqlite v1.5.7
-	gorm.io/gorm v1.23.9
+	gorm.io/gorm v1.25.12
 )
 
 require (
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/bytedance/sonic v1.13.2 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/bytedance/sonic/loader v0.2.4 // indirect
-	github.com/go-playground/validator/v10 v10.11.1 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
-	github.com/go-sql-driver/mysql v1.6.0 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/goccy/go-json v0.9.11 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gin-contrib/sse v1.0.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.26.0 // indirect
+	github.com/go-sql-driver/mysql v1.9.1 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/mattn/go-sqlite3 v1.14.15 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-sqlite3 v1.14.24 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
-	github.com/ugorji/go/codec v1.2.7 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
-	golang.org/x/sys v0.0.0-20220915200043-7b5979e65e41 // indirect
+	github.com/wneessen/go-mail v0.6.2 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/arch v0.15.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,35 +1,70 @@
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
+github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
+github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
+github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/gin-contrib/cors v1.4.0 h1:oJ6gwtUl3lqV0WEIwM/LxPF1QZ5qe2lGWdY2+bz7y0g=
 github.com/gin-contrib/cors v1.4.0/go.mod h1:bs9pNM0x/UsmHPBWT2xZz9ROh8xYjYkiURUfmBoMlcs=
+github.com/gin-contrib/cors v1.7.4 h1:/fC6/wk7rCRtqKqki8lLr2Xq+hnV49aXDLIuSek9g4k=
+github.com/gin-contrib/cors v1.7.4/go.mod h1:vGc/APSgLMlQfEJV5NAzkrAHb0C8DetL3K6QZuvGii0=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
+github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
 github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
 github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
+github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
 github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
 github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
 github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k=
+github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-sql-driver/mysql v1.9.1 h1:FrjNGn/BsJQjVRuSa8CBrM5BWA9BWoXXat3KrtSb/iI=
+github.com/go-sql-driver/mysql v1.9.1/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
 github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
+github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
@@ -37,6 +72,10 @@ github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
@@ -47,12 +86,18 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
+github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -61,6 +106,8 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
 github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -69,48 +116,130 @@ github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUA
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.2.7 h1:qYhyWUUd6WbiM+C6JZAUkIJt/1WrjzNHY9+KCIjVqTo=
 github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
 github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
 github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
+github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/wneessen/go-mail v0.6.2 h1:c6V7c8D2mz868z9WJ+8zDKtUyLfZ1++uAZmo2GRFji8=
+github.com/wneessen/go-mail v0.6.2/go.mod h1:L/PYjPK3/2ZlNb2/FjEBIn9n1rUWjW+Toy531oVmeb4=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/arch v0.15.0 h1:QtOrQd0bTUnhNVNndMpLHNWrDmYzZ2KDqSrEymqInZw=
+golang.org/x/arch v0.15.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220909164309-bea034e7d591 h1:D0B/7al0LLrVC8aWF4+oxpv/m8bc7ViFfVS8/gXGdqI=
 golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220915200043-7b5979e65e41 h1:ohgcoMbSofXygzo6AD2I1kz3BFmW1QArPYTtwEM3UXc=
 golang.org/x/sys v0.0.0-20220915200043-7b5979e65e41/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
@@ -126,9 +255,17 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/mysql v1.3.6 h1:BhX1Y/RyALb+T9bZ3t07wLnPZBukt+IRkMn8UZSNbGM=
 gorm.io/driver/mysql v1.3.6/go.mod h1:sSIebwZAVPiT+27jK9HIwvsqOGKx3YMPmrA3mBJR10c=
+gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
+gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
 gorm.io/driver/sqlite v1.3.6 h1:Fi8xNYCUplOqWiPa3/GuCeowRNBRGTf62DEmhMDHeQQ=
 gorm.io/driver/sqlite v1.3.6/go.mod h1:Sg1/pvnKtbQ7jLXxfZa+jSHvoX8hoZA8cn4xllOMTgE=
+gorm.io/driver/sqlite v1.5.7 h1:8NvsrhP0ifM7LX9G4zPB97NwovUakUxc+2V2uuf3Z1I=
+gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4=
 gorm.io/gorm v1.23.4/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
 gorm.io/gorm v1.23.8/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
 gorm.io/gorm v1.23.9 h1:NSHG021i+MCznokeXR3udGaNyFyBQJW8MbjrJMVCfGw=
 gorm.io/gorm v1.23.9/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
+gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
+gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

main.go

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022-2023. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -22,27 +22,24 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
-	"embed"
 	"encoding/pem"
 	"errors"
 	"github.com/gin-gonic/gin"
 	"gopkg.in/ini.v1"
 	"gorm.io/gorm"
-	"io/fs"
 	"log"
 	"net/http"
 	"os"
 	"os/signal"
+	"strings"
 	"syscall"
 	"time"
 	"yggdrasil-go/model"
 	"yggdrasil-go/router"
+	"yggdrasil-go/service"
 	"yggdrasil-go/util"
 )
 
-//go:embed assets/*
-var f embed.FS
-
 type MetaCfg struct {
 	ServerName            string   `ini:"server_name"`
 	ImplementationName    string   `ini:"implementation_name"`
@@ -56,6 +53,18 @@ type ServerCfg struct {
 	TrustedProxies []string `ini:"trusted_proxies"`
 }
 
+type SmtpCfg struct {
+	SmtpServer            string `ini:"smtp_server"`
+	SmtpPort              int    `ini:"smtp_port"`
+	SmtpSsl               bool   `ini:"smtp_ssl"`
+	EmailFrom             string `ini:"email_from"`
+	SmtpUser              string `ini:"smtp_user"`
+	SmtpPassword          string `ini:"smtp_password"`
+	TitlePrefix           string `ini:"title_prefix"`
+	RegisterTemplate      string `ini:"register_template"`
+	ResetPasswordTemplate string `ini:"reset_password_template"`
+}
+
 func main() {
 	configFilePath := "config.ini"
 	cfg, err := ini.LooseLoad(configFilePath)
@@ -97,12 +106,25 @@ func main() {
 	if err != nil {
 		log.Fatal("无法读取配置文件", err)
 	}
+	smtpCfg := SmtpCfg{
+		SmtpServer:            "localhost",
+		SmtpPort:              25,
+		SmtpSsl:               false,
+		EmailFrom:             "Go Yggdrasil Server <mc@example.com>",
+		SmtpUser:              "mc@example.com",
+		SmtpPassword:          "123456",
+		TitlePrefix:           "[A Mojang Yggdrasil Server]",
+		RegisterTemplate:      "请访问下面的链接进行验证: <pre>" + meta.SkinRootUrl + "/profile/#emailVerifyToken={{.AccessToken}}</pre>",
+		ResetPasswordTemplate: "请访问下面的链接进行密码重置: <pre>" + meta.SkinRootUrl + "/profile/resetPassword#passwordResetToken={{.AccessToken}}</pre>",
+	}
+	err = cfg.Section("smtp").MapTo(&smtpCfg)
 	_, err = os.Stat(configFilePath)
 	if err != nil && os.IsNotExist(err) {
 		log.Println("配置文件不存在，已使用默认配置")
 		_ = cfg.Section("meta").ReflectFrom(&meta)
 		_ = cfg.Section("database").ReflectFrom(&dbCfg)
 		_ = cfg.Section("server").ReflectFrom(&serverCfg)
+		_ = cfg.Section("smtp").ReflectFrom(&smtpCfg)
 		err = cfg.SaveToIndent(configFilePath, " ")
 		if err != nil {
 			log.Println("警告: 无法保存配置文件", err)
@@ -129,6 +151,7 @@ func main() {
 	serverMeta.Meta.ImplementationVersion = meta.ImplementationVersion
 	serverMeta.Meta.FeatureNoMojangNamespace = true
 	serverMeta.Meta.FeatureEnableProfileKey = true
+	serverMeta.Meta.FeatureEnableMojangAntiFeatures = true
 	serverMeta.Meta.Links.Homepage = meta.SkinRootUrl + "/profile/"
 	serverMeta.Meta.Links.Register = meta.SkinRootUrl + "/profile/"
 	serverMeta.SkinDomains = meta.SkinDomains
@@ -138,12 +161,24 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	router.InitRouters(r, db, &serverMeta, meta.SkinRootUrl)
+	smtpConfig := service.SmtpConfig{
-	assetsFs, err := fs.Sub(f, "assets")
+		SmtpServer:            smtpCfg.SmtpServer,
-	if err != nil {
+		SmtpPort:              smtpCfg.SmtpPort,
-		log.Fatal(err)
+		SmtpSsl:               smtpCfg.SmtpSsl,
+		EmailFrom:             smtpCfg.EmailFrom,
+		SmtpUser:              smtpCfg.SmtpUser,
+		SmtpPassword:          smtpCfg.SmtpPassword,
+		TitlePrefix:           smtpCfg.TitlePrefix,
+		RegisterTemplate:      smtpCfg.RegisterTemplate,
+		ResetPasswordTemplate: smtpCfg.ResetPasswordTemplate,
 	}
-	r.StaticFS("/profile", http.FS(assetsFs))
+	router.InitRouters(r, db, &serverMeta, &smtpConfig, meta.SkinRootUrl)
+	r.Static("/profile", "assets")
+	r.NoRoute(func(c *gin.Context) {
+		if strings.HasPrefix(c.Request.URL.Path, "/profile/") {
+			c.File("assets/index.html")
+		}
+	})
 	srv := &http.Server{
 		Addr:    serverCfg.ServerAddress,
 		Handler: r,

model/reg_token.go

@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2025. Gardel <sunxinao@hotmail.com> and contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package model
+
+import (
+	"time"
+	"yggdrasil-go/util"
+)
+
+type RegToken struct {
+	createAt    int64
+	AccessToken string
+	Email       string
+}
+
+func NewRegToken(email string) (this RegToken) {
+	this.Email = email
+	this.AccessToken = util.RandomUUID()
+	this.createAt = time.Now().UnixMilli()
+	return this
+}
+
+func (t *RegToken) IsValid() bool {
+	d := time.Now().Sub(time.UnixMilli(t.createAt))
+	return d < 10*time.Minute
+}

model/user.go

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -30,6 +30,7 @@ type User struct {
 	UpdatedAt          time.Time
 	Email              string   `gorm:"size:64;uniqueIndex:email_idx"`
 	Password           string   `gorm:"size:255"`
+	EmailVerified      bool     `gorm:"default:false"`
 	ProfileName        string   `gorm:"size:64;uniqueIndex:profile_name_idx"`
 	ProfileModelType   string   `gorm:"size:8;default:STEVE"`
 	SerializedTextures string   `gorm:"type:TEXT NULL"`

router/home_router.go

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -18,8 +18,11 @@
 package router
 
 import (
+	"encoding/base64"
+	"encoding/pem"
 	"github.com/gin-gonic/gin"
 	"net/http"
+	"yggdrasil-go/util"
 )
 
 type MetaInfo struct {
@@ -34,6 +37,7 @@ type MetaInfo struct {
 	FeatureLegacySkinApi            bool `json:"feature.legacy_skin_api,omitempty"`
 	FeatureNoMojangNamespace        bool `json:"feature.no_mojang_namespace,omitempty"`
 	FeatureEnableProfileKey         bool `json:"feature.enable_profile_key,omitempty"`
+	FeatureEnableMojangAntiFeatures bool `json:"feature.enable_mojang_anti_features,omitempty"`
 }
 
 type ServerMeta struct {
@@ -42,17 +46,32 @@ type ServerMeta struct {
 	SignaturePublickey string   `json:"signaturePublickey"`
 }
 
+type KeyPair struct {
+	PrivateKey string `json:"privateKey,omitempty"`
+	PublicKey  string `json:"publicKey,omitempty"`
+}
+
+type PublicKeys struct {
+	ProfilePropertyKeys   []KeyPair `json:"profilePropertyKeys,omitempty"`
+	PlayerCertificateKeys []KeyPair `json:"playerCertificateKeys,omitempty"`
+}
+
 type HomeRouter interface {
 	Home(c *gin.Context)
+	PublicKeys(c *gin.Context)
 }
 
 type homeRouterImpl struct {
 	serverMeta   ServerMeta
+	myPubKey     KeyPair
+	cachedPubKey *PublicKeys
 }
 
 func NewHomeRouter(meta *ServerMeta) HomeRouter {
+	signaturePubKey, _ := pem.Decode([]byte(meta.SignaturePublickey))
 	homeRouter := homeRouterImpl{
 		serverMeta: *meta,
+		myPubKey:   KeyPair{PublicKey: base64.StdEncoding.EncodeToString(signaturePubKey.Bytes)},
 	}
 	return &homeRouter
 }
@@ -61,3 +80,20 @@ func NewHomeRouter(meta *ServerMeta) HomeRouter {
 func (h *homeRouterImpl) Home(c *gin.Context) {
 	c.JSON(http.StatusOK, h.serverMeta)
 }
+
+func (h *homeRouterImpl) PublicKeys(c *gin.Context) {
+	if h.cachedPubKey != nil {
+		c.JSON(http.StatusOK, h.cachedPubKey)
+		return
+	}
+	publicKeys := PublicKeys{}
+	err := util.GetObject("https://api.minecraftservices.com/publickeys", &publicKeys)
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	publicKeys.ProfilePropertyKeys = append(publicKeys.ProfilePropertyKeys, h.myPubKey)
+	publicKeys.PlayerCertificateKeys = append(publicKeys.PlayerCertificateKeys, h.myPubKey)
+	c.JSON(http.StatusOK, publicKeys)
+	h.cachedPubKey = &publicKeys
+}

router/init.go

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -25,7 +25,7 @@ import (
 	"yggdrasil-go/service"
 )
 
-func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl string) {
+func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, smtpCfg *service.SmtpConfig, skinRootUrl string) {
 	router.Use(cors.New(cors.Config{
 		AllowAllOrigins:  true,
 		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "HEAD"},
@@ -36,7 +36,8 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl
 	}))
 
 	tokenService := service.NewTokenService()
-	userService := service.NewUserService(tokenService, db)
+	regTokenService := service.NewRegTokenService(smtpCfg)
+	userService := service.NewUserService(tokenService, regTokenService, db)
 	sessionService := service.NewSessionService(tokenService)
 	textureService := service.NewTextureService(tokenService, db)
 	homeRouter := NewHomeRouter(meta)
@@ -46,6 +47,7 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl
 
 	router.GET("/", homeRouter.Home)
 	router.HEAD("/", homeRouter.Home)
+	router.GET("/yggdrasil", homeRouter.Home)
 	authserver := router.Group("/authserver")
 	{
 		authserver.POST("/register", userRouter.Register)
@@ -55,6 +57,9 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl
 		authserver.POST("/validate", userRouter.Validate)
 		authserver.POST("/invalidate", userRouter.Invalidate)
 		authserver.POST("/signout", userRouter.Signout)
+		authserver.POST("/sendEmail", userRouter.SendEmail)
+		authserver.GET("/verifyEmail", userRouter.VerifyEmail)
+		authserver.POST("/resetPassword", userRouter.ResetPassword)
 	}
 	router.GET("/users/profiles/minecraft/:username", userRouter.UsernameToUUID)
 	sessionserver := router.Group("/sessionserver/session/minecraft")
@@ -72,5 +77,14 @@ func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl
 		api.DELETE("/user/profile/:uuid/:textureType", textureRouter.DeleteTexture)
 		api.GET("/users/profiles/minecraft/:username", userRouter.UsernameToUUID)
 	}
-	router.POST("/minecraftservices/player/certificates", userRouter.ProfileKey)
+	minecraftservices := router.Group("/minecraftservices")
+	{
+		minecraftservices.GET("/player/attributes", userRouter.PlayerAttributes)
+		minecraftservices.GET("/privacy/blocklist", userRouter.PlayerBlockList)
+		minecraftservices.POST("/player/certificates", userRouter.ProfileKey)
+		minecraftservices.GET("/publickeys", homeRouter.PublicKeys)
+		minecraftservices.GET("/minecraft/profile/lookup/:uuid", userRouter.UUIDToUUID)
+		minecraftservices.GET("/minecraft/profile/lookup/name/:username", userRouter.UsernameToUUID)
+		minecraftservices.POST("/minecraft/profile/lookup/bulk/byname", userRouter.QueryUUIDs)
+	}
 }

router/user_router.go

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -35,9 +35,15 @@ type UserRouter interface {
 	Invalidate(c *gin.Context)
 	Signout(c *gin.Context)
 	UsernameToUUID(c *gin.Context)
+	UUIDToUUID(c *gin.Context)
 	QueryUUIDs(c *gin.Context)
 	QueryProfile(c *gin.Context)
+	PlayerAttributes(c *gin.Context)
+	PlayerBlockList(c *gin.Context)
 	ProfileKey(c *gin.Context)
+	SendEmail(c *gin.Context)
+	VerifyEmail(c *gin.Context)
+	ResetPassword(c *gin.Context)
 }
 
 type userRouterImpl struct {
@@ -109,6 +115,17 @@ type SignoutRequest struct {
 	Password string `json:"password" binding:"required"`
 }
 
+type SendEmailRequest struct {
+	Email     string `json:"email" binding:"required,email"`
+	EmailType string `json:"emailType" binding:"required"`
+}
+
+type PasswordResetRequest struct {
+	Email       string `json:"email" binding:"required,email"`
+	Password    string `json:"password" binding:"required"`
+	AccessToken string `json:"accessToken" binding:"required"`
+}
+
 func (u *userRouterImpl) Register(c *gin.Context) {
 	request := RegRequest{}
 	err := c.ShouldBindJSON(&request)
@@ -116,7 +133,7 @@ func (u *userRouterImpl) Register(c *gin.Context) {
 		c.AbortWithStatusJSON(http.StatusForbidden, util.NewForbiddenOperationError(err.Error()))
 		return
 	}
-	response, err := u.userService.Register(request.Username, request.Password, request.ProfileName)
+	response, err := u.userService.Register(request.Username, request.Password, request.ProfileName, c.ClientIP())
 	if err != nil {
 		util.HandleError(c, err)
 		return
@@ -228,6 +245,25 @@ func (u *userRouterImpl) UsernameToUUID(c *gin.Context) {
 	}
 }
 
+func (u *userRouterImpl) UUIDToUUID(c *gin.Context) {
+	profileIdStr := c.Param("uuid")
+	profileId, err := util.ToUUID(profileIdStr)
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusBadRequest, util.NewIllegalArgumentError(err.Error()))
+		return
+	}
+	response, err := u.userService.UUIDToUUID(profileId)
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	if response != nil {
+		c.JSON(http.StatusOK, response)
+	} else {
+		c.Status(http.StatusNoContent)
+	}
+}
+
 func (u *userRouterImpl) QueryUUIDs(c *gin.Context) {
 	var request []string
 	err := c.ShouldBindJSON(&request)
@@ -265,6 +301,27 @@ func (u *userRouterImpl) QueryProfile(c *gin.Context) {
 	c.JSON(http.StatusOK, response)
 }
 
+func (u *userRouterImpl) PlayerAttributes(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{
+		"privileges": gin.H{
+			"onlineChat":        true,
+			"multiplayerServer": true,
+			"multiplayerRealms": false,
+			"telemetry":         false,
+			"optionalTelemetry": false,
+		},
+		"profanityFilterPreferences": gin.H{
+			"profanityFilterOn": false,
+		},
+	})
+}
+
+func (u *userRouterImpl) PlayerBlockList(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{
+		"blockedProfiles": []string{},
+	})
+}
+
 func (u *userRouterImpl) ProfileKey(c *gin.Context) {
 	bearerToken := c.GetHeader("Authorization")
 	if len(bearerToken) < 8 {
@@ -279,3 +336,54 @@ func (u *userRouterImpl) ProfileKey(c *gin.Context) {
 	}
 	c.JSON(http.StatusOK, response)
 }
+
+func (u *userRouterImpl) SendEmail(c *gin.Context) {
+	var request SendEmailRequest
+	err := c.ShouldBindJSON(&request)
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusForbidden, util.NewForbiddenOperationError(err.Error()))
+		return
+	}
+	var tokenType service.RegTokenType
+	switch request.EmailType {
+	case "register":
+		tokenType = service.RegisterToken
+	case "resetPassword":
+		tokenType = service.ResetPasswordToken
+	}
+	err = u.userService.SendEmail(request.Email, tokenType, c.ClientIP())
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	c.Status(http.StatusNoContent)
+}
+
+func (u *userRouterImpl) VerifyEmail(c *gin.Context) {
+	token, ok := c.GetQuery("access_token")
+	if !ok {
+		c.AbortWithStatusJSON(http.StatusBadRequest, util.NewIllegalArgumentError("access_token is required"))
+		return
+	}
+	err := u.userService.VerifyEmail(token)
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	c.Status(http.StatusNoContent)
+}
+
+func (u *userRouterImpl) ResetPassword(c *gin.Context) {
+	var request PasswordResetRequest
+	err := c.ShouldBindJSON(&request)
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusForbidden, util.NewForbiddenOperationError(err.Error()))
+		return
+	}
+	err = u.userService.ResetPassword(request.Email, request.Password, request.AccessToken)
+	if err != nil {
+		util.HandleError(c, err)
+		return
+	}
+	c.Status(http.StatusNoContent)
+}

service/reg_token_service.go

@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2025. Gardel <sunxinao@hotmail.com> and contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package service
+
+import (
+	"bytes"
+	"fmt"
+	lru "github.com/hashicorp/golang-lru"
+	"github.com/wneessen/go-mail"
+	"text/template"
+	"yggdrasil-go/model"
+	"yggdrasil-go/util"
+)
+
+type RegTokenService interface {
+	SendTokenEmail(tokenType RegTokenType, email string) error
+	VerifyToken(accessToken string) (string, error)
+}
+
+type RegTokenType uint
+
+const (
+	RegisterToken RegTokenType = iota
+	ResetPasswordToken
+)
+
+type SmtpConfig struct {
+	SmtpServer            string
+	SmtpPort              int
+	SmtpSsl               bool
+	EmailFrom             string
+	SmtpUser              string
+	SmtpPassword          string
+	TitlePrefix           string
+	RegisterTemplate      string
+	ResetPasswordTemplate string
+}
+
+type regTokenServiceImpl struct {
+	tokenCache            *lru.Cache
+	smtpServer            string
+	smtpPort              int
+	smtpSsl               bool
+	smtpUser              string
+	smtpPassword          string
+	emailFrom             string
+	titlePrefix           string
+	registerTemplate      *template.Template
+	resetPasswordTemplate *template.Template
+}
+
+func NewRegTokenService(smtpCfg *SmtpConfig) RegTokenService {
+	cache, _ := lru.New(10000000)
+	impl := &regTokenServiceImpl{
+		tokenCache:            cache,
+		smtpServer:            smtpCfg.SmtpServer,
+		smtpPort:              smtpCfg.SmtpPort,
+		smtpSsl:               smtpCfg.SmtpSsl,
+		smtpUser:              smtpCfg.SmtpUser,
+		smtpPassword:          smtpCfg.SmtpPassword,
+		emailFrom:             smtpCfg.EmailFrom,
+		titlePrefix:           smtpCfg.TitlePrefix,
+		registerTemplate:      template.Must(template.New("register").Parse(smtpCfg.RegisterTemplate)),
+		resetPasswordTemplate: template.Must(template.New("resetPassword").Parse(smtpCfg.ResetPasswordTemplate)),
+	}
+	return impl
+}
+
+func (r *regTokenServiceImpl) SendTokenEmail(tokenType RegTokenType, email string) error {
+	token := model.NewRegToken(email)
+	r.tokenCache.Add(token.AccessToken, token)
+
+	var subject, body string
+	buf := bytes.Buffer{}
+	switch tokenType {
+	case RegisterToken:
+		subject = fmt.Sprintf("%s 注册验证码", r.titlePrefix)
+		if err := r.registerTemplate.Execute(&buf, token); err != nil {
+			return fmt.Errorf("execute registerTemplate error: %v", err)
+		}
+		body = buf.String()
+	case ResetPasswordToken:
+		subject = fmt.Sprintf("%s 重置密码验证码", r.titlePrefix)
+		if err := r.resetPasswordTemplate.Execute(&buf, token); err != nil {
+			return fmt.Errorf("execute resetPasswordTemplate error: %v", err)
+		}
+		body = buf.String()
+	default:
+		return fmt.Errorf("unknown token type")
+	}
+
+	message := mail.NewMsg()
+	if err := message.From(r.emailFrom); err != nil {
+		return fmt.Errorf("failed to set From address: %s", err)
+	}
+	if err := message.To(email); err != nil {
+		return fmt.Errorf("failed to set To address: %s", err)
+	}
+	message.Subject(subject)
+	message.SetBodyString(mail.TypeTextHTML, body)
+	client, err := mail.NewClient(r.smtpServer, mail.WithPort(r.smtpPort), mail.WithSMTPAuth(mail.SMTPAuthPlain),
+		mail.WithUsername(r.smtpUser), mail.WithPassword(r.smtpPassword))
+	if err != nil {
+		return fmt.Errorf("failed to create mail client: %s", err)
+	}
+	if r.smtpSsl {
+		client.SetSSL(true)
+	}
+	if err := client.DialAndSend(message); err != nil {
+		return fmt.Errorf("failed to send mail: %s", err)
+	}
+	return nil
+}
+
+func (r *regTokenServiceImpl) VerifyToken(accessToken string) (string, error) {
+	token, ok := r.tokenCache.Get(accessToken)
+	if !ok {
+		return "", util.NewIllegalArgumentError(util.MessageInvalidToken)
+	}
+
+	if regToken, ok := token.(model.RegToken); ok {
+		if regToken.IsValid() {
+			r.tokenCache.Remove(accessToken)
+			return regToken.Email, nil
+		}
+	}
+
+	return "", util.NewIllegalArgumentError("wrong access token or email")
+}

service/user_service.go

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022. Gardel <sunxinao@hotmail.com> and contributors
+ * Copyright (C) 2022-2025. Gardel <sunxinao@hotmail.com> and contributors
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -39,7 +39,7 @@ import (
 )
 
 type UserService interface {
-	Register(username string, password string, profileName string) (*model.UserResponse, error)
+	Register(username, password, profileName, ip string) (*model.UserResponse, error)
 	Login(username string, password string, clientToken *string, requestUser bool) (*LoginResponse, error)
 	ChangeProfile(accessToken string, clientToken *string, changeTo string) error
 	Refresh(accessToken string, clientToken *string, requestUser bool, selectedProfile *model.ProfileResponse) (*LoginResponse, error)
@@ -47,9 +47,13 @@ type UserService interface {
 	Invalidate(accessToken string) error
 	Signout(username string, password string) error
 	UsernameToUUID(username string) (*model.ProfileResponse, error)
+	UUIDToUUID(profileId uuid.UUID) (*model.ProfileResponse, error)
 	QueryUUIDs(usernames []string) ([]model.ProfileResponse, error)
 	QueryProfile(profileId uuid.UUID, unsigned bool, textureBaseUrl string) (map[string]interface{}, error)
 	ProfileKey(accessToken string) (*ProfileKeyResponse, error)
+	SendEmail(email string, tokenType RegTokenType, ip string) error
+	VerifyEmail(accessToken string) error
+	ResetPassword(email string, password string, accessToken string) error
 }
 
 type LoginResponse struct {
@@ -75,18 +79,20 @@ type ProfileKeyPair struct {
 
 type userServiceImpl struct {
 	tokenService    TokenService
+	regTokenService RegTokenService
 	db              *gorm.DB
 	limitLruCache   *lru.Cache
 	profileKeyCache *lru.Cache
 	keyPairCh       chan ProfileKeyPair
 }
 
-func NewUserService(tokenService TokenService, db *gorm.DB) UserService {
+func NewUserService(tokenService TokenService, regTokenService RegTokenService, db *gorm.DB) UserService {
 	cache0, _ := lru.New(10000)
 	cache1, _ := lru.New(10000)
 	ch := make(chan ProfileKeyPair, 100)
 	userService := userServiceImpl{
 		tokenService:    tokenService,
+		regTokenService: regTokenService,
 		db:              db,
 		limitLruCache:   cache0,
 		profileKeyCache: cache1,
@@ -96,7 +102,7 @@ func NewUserService(tokenService TokenService, db *gorm.DB) UserService {
 	return &userService
 }
 
-func (u *userServiceImpl) Register(username string, password string, profileName string) (*model.UserResponse, error) {
+func (u *userServiceImpl) Register(username, password, profileName, ip string) (*model.UserResponse, error) {
 	var count int64
 	if err := u.db.Table("users").Where("email = ?", username).Count(&count).Error; err != nil {
 		return nil, err
@@ -112,7 +118,7 @@ func (u *userServiceImpl) Register(username string, password string, profileName
 	} else if _, err := mojangUsernameToUUID(profileName); err == nil {
 		return nil, util.NewForbiddenOperationError("profileName duplicate")
 	}
-	matched, err := regexp.MatchString("^(\\w){3,}(\\.\\w+)*@(\\w){2,}((\\.\\w+)+)$", username)
+	matched, err := regexp.MatchString("^\\w+@(\\w){2,}((\\.\\w+)+)$", username)
 	if err != nil {
 		return nil, err
 	}
@@ -134,6 +140,7 @@ func (u *userServiceImpl) Register(username string, password string, profileName
 	if err := u.db.Create(&user).Error; err != nil {
 		return nil, err
 	}
+	_ = u.SendEmail(user.Email, RegisterToken, ip)
 	response := user.ToResponse()
 	return &response, nil
 }
@@ -155,6 +162,9 @@ func (u *userServiceImpl) Login(username string, password string, clientToken *s
 	user := model.User{}
 	if err := u.db.Where("email = ?", username).First(&user).Error; err == nil {
 		if bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) == nil {
+			if !user.EmailVerified {
+				return nil, util.NewForbiddenOperationError("Email not verified")
+			}
 			var useClientToken string
 			if clientToken == nil || *clientToken == "" {
 				useClientToken = util.RandomUUID()
@@ -252,56 +262,24 @@ func (u *userServiceImpl) Refresh(accessToken string, clientToken *string, reque
 		}
 		return &response, nil
 	} else {
-		data := map[string]interface{}{
+		return nil, util.NewForbiddenOperationError(util.MessageInvalidToken)
-			"accessToken":     accessToken,
-			"clientToken":     clientToken,
-			"requestUser":     requestUser,
-			"selectedProfile": selectedProfile,
-		}
-		loginResponse := LoginResponse{}
-		err := util.PostObject("https://authserver.mojang.com/refresh", data, &loginResponse)
-		if err != nil {
-			return nil, err
-		} else {
-			return &loginResponse, nil
-		}
 	}
 }
 
 func (u *userServiceImpl) Validate(accessToken string, clientToken *string) error {
-	if len(accessToken) <= 36 {
+	if len(accessToken) <= 36 && u.tokenService.VerifyToken(accessToken, clientToken) == model.Valid {
-		if u.tokenService.VerifyToken(accessToken, clientToken) != model.Valid {
+		return nil
+	} else {
 		return util.NewForbiddenOperationError(util.MessageInvalidToken)
-		} else {
-			return nil
-		}
-	} else {
-		data := map[string]interface{}{
-			"accessToken": accessToken,
-			"clientToken": clientToken,
-		}
-		err := util.PostObjectForError("https://authserver.mojang.com/validate", data)
-		if err != nil {
-			return err
-		} else {
-			return nil
-		}
 	}
 }
 
 func (u *userServiceImpl) Invalidate(accessToken string) error {
 	if len(accessToken) <= 36 {
 		u.tokenService.RemoveAccessToken(accessToken)
-	} else {
-		data := map[string]interface{}{
-			"accessToken": accessToken,
-		}
-		err := util.PostObjectForError("https://authserver.mojang.com/invalidate", data)
-		if err != nil {
-			return err
-		}
-	}
 		return nil
+	}
+	return util.NewForbiddenOperationError(util.MessageInvalidToken)
 }
 
 func (u *userServiceImpl) Signout(username string, password string) error {
@@ -317,21 +295,9 @@ func (u *userServiceImpl) Signout(username string, password string) error {
 		if bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) == nil {
 			u.tokenService.RemoveAll(user.ID)
 			return nil
-		} else {
+		}
+	}
 	return util.NewForbiddenOperationError(util.MessageInvalidCredentials)
-		}
-	} else {
-		data := map[string]interface{}{
-			"username": username,
-			"password": password,
-		}
-		err := util.PostObjectForError("https://authserver.mojang.com/signout", data)
-		if err != nil {
-			return err
-		} else {
-			return nil
-		}
-	}
 }
 
 func (u *userServiceImpl) UsernameToUUID(username string) (*model.ProfileResponse, error) {
@@ -351,6 +317,23 @@ func (u *userServiceImpl) UsernameToUUID(username string) (*model.ProfileRespons
 	}
 }
 
+func (u *userServiceImpl) UUIDToUUID(profileId uuid.UUID) (*model.ProfileResponse, error) {
+	user := model.User{}
+	if result := u.db.First(&user, profileId); result.Error == nil {
+		return &model.ProfileResponse{
+			Name: user.ProfileName,
+			Id:   util.UnsignedString(user.ID),
+		}, nil
+	} else {
+		response, err := mojangUUIDToUUID(util.UnsignedString(profileId))
+		if err != nil {
+			return nil, nil
+		} else {
+			return &response, nil
+		}
+	}
+}
+
 func (u *userServiceImpl) QueryUUIDs(usernames []string) ([]model.ProfileResponse, error) {
 	var users []model.User
 	var names []string
@@ -359,13 +342,27 @@ func (u *userServiceImpl) QueryUUIDs(usernames []string) ([]model.ProfileRespons
 	} else {
 		names = usernames
 	}
-	var responses = make([]model.ProfileResponse, 0)
+	responses := make([]model.ProfileResponse, 0)
+	notFoundUsers := make([]string, 0)
+	foundUsernames := make(map[string]bool)
 	if err := u.db.Table("users").Where("profile_name in ?", names).Find(&users).Error; err == nil {
 		for _, user := range users {
 			responses = append(responses, model.ProfileResponse{
 				Name: user.ProfileName,
 				Id:   util.UnsignedString(user.ID),
 			})
+			foundUsernames[user.ProfileName] = true
+		}
+		for _, name := range names {
+			if !foundUsernames[name] {
+				notFoundUsers = append(notFoundUsers, name)
+			}
+		}
+	}
+	if len(notFoundUsers) > 0 {
+		mojangResponses, _ := mojangUsernamesToUUIDs(notFoundUsers)
+		for _, resp := range mojangResponses {
+			responses = append(responses, resp)
 		}
 	}
 	return responses, nil
@@ -397,12 +394,24 @@ func (u *userServiceImpl) QueryProfile(profileId uuid.UUID, unsigned bool, textu
 
 func (u *userServiceImpl) ProfileKey(accessToken string) (resp *ProfileKeyResponse, err error) {
 	token, ok := u.tokenService.GetToken(accessToken)
+	var profileId uuid.UUID
 	if ok && token.GetAvailableLevel() == model.Valid {
+		profileId = token.SelectedProfile.Id
+	} else {
+		id, _, err := util.ParseOfficialToken(accessToken)
+		if err != nil {
+			return nil, err
+		}
+		profileId, err = util.ToUUID(id)
+		if err != nil {
+			return nil, err
+		}
+	}
 	resp = new(ProfileKeyResponse)
 	now := time.Now().UTC()
 	resp.RefreshedAfter = now
-		resp.ExpiresAt = now.Add(time.Hour * 24 * 90)
+	resp.ExpiresAt = now.Add(90 * 24 * time.Hour)
-		keyPair, err := u.getProfileKey(token.SelectedProfile.Id)
+	keyPair, err := u.getProfileKey(profileId)
 	if err != nil {
 		return nil, err
 	}
@@ -414,15 +423,69 @@ func (u *userServiceImpl) ProfileKey(accessToken string) (resp *ProfileKeyRespon
 	}
 	resp.PublicKeySignature = sign
 	resp.PublicKeySignatureV2 = sign
-	} else {
-		err = util.PostForString("https://api.minecraftservices.com/player/certificates", accessToken, []byte(""), resp)
-		if err != nil {
-			return nil, err
-		}
-	}
 	return resp, nil
 }
 
+func (u *userServiceImpl) SendEmail(email string, tokenType RegTokenType, ip string) error {
+	if !u.allowEmail("ip:"+ip) || !u.allowEmail("email:"+email) {
+		return util.YggdrasilError{
+			Status:       http.StatusTooManyRequests,
+			ErrorCode:    "ForbiddenOperationException",
+			ErrorMessage: "Forbidden",
+		}
+	}
+	var count int64
+	if err := u.db.Table("users").Where("email = ?", email).Count(&count).Error; err != nil {
+		return util.NewIllegalArgumentError(err.Error())
+	}
+	if count == 0 {
+		return util.NewForbiddenOperationError("user not found")
+	}
+	return u.regTokenService.SendTokenEmail(tokenType, email)
+}
+
+func (u *userServiceImpl) VerifyEmail(accessToken string) error {
+	email, err := u.regTokenService.VerifyToken(accessToken)
+	if err != nil {
+		return err
+	}
+
+	user := model.User{}
+	err = u.db.Where("email = ?", email).First(&user).Error
+	if err != nil {
+		return util.NewIllegalArgumentError("user not found")
+	}
+
+	user.EmailVerified = true
+	return u.db.Model(&user).Update("email_verified", user.EmailVerified).Error
+}
+
+func (u *userServiceImpl) ResetPassword(email string, password string, accessToken string) error {
+	user := model.User{}
+	err := u.db.Where("email = ?", email).First(&user).Error
+	if err != nil {
+		return util.NewIllegalArgumentError("user not found")
+	}
+	tokenEmail, err := u.regTokenService.VerifyToken(accessToken)
+	if err != nil {
+		return err
+	}
+	if tokenEmail != email {
+		return util.NewIllegalArgumentError("email invalid")
+	}
+
+	if len(password) < 6 {
+		return util.NewIllegalArgumentError("bad format(password longer than 5)")
+	}
+	hashedPass, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	user.Password = string(hashedPass)
+	user.EmailVerified = true
+	return u.db.Model(&user).Updates(model.User{
+		EmailVerified: user.EmailVerified,
+		Password:      user.Password,
+	}).Error
+}
+
 func (u *userServiceImpl) allowUser(username string) bool {
 	if value, ok := u.limitLruCache.Get(username); ok {
 		if limiter, ok := value.(*rate.Limiter); ok {
@@ -437,6 +500,20 @@ func (u *userServiceImpl) allowUser(username string) bool {
 	return true
 }
 
+func (u *userServiceImpl) allowEmail(key string) bool {
+	if value, ok := u.limitLruCache.Get(key); ok {
+		if limiter, ok := value.(*rate.Limiter); ok {
+			return limiter.Allow()
+		} else {
+			u.limitLruCache.Remove(key)
+		}
+	} else {
+		limiter := rate.NewLimiter(0.02, 1)
+		u.limitLruCache.Add(key, limiter)
+	}
+	return true
+}
+
 func (u *userServiceImpl) getProfileKey(profileId uuid.UUID) (*ProfileKeyPair, error) {
 	if value, ok := u.profileKeyCache.Get(profileId); ok {
 		if keyPair, ok := value.(*ProfileKeyPair); ok {
@@ -483,7 +560,7 @@ func (u *userServiceImpl) genKeyPair() {
 
 func mojangUsernameToUUID(username string) (model.ProfileResponse, error) {
 	response := model.ProfileResponse{}
-	reqUrl := fmt.Sprintf("https://api.mojang.com/users/profiles/minecraft/%s", url.PathEscape(username))
+	reqUrl := fmt.Sprintf("https://api.minecraftservices.com/minecraft/profile/lookup/name/%s", url.PathEscape(username))
 	err := util.GetObject(reqUrl, &response)
 	if err != nil {
 		return response, err
@@ -491,3 +568,24 @@ func mojangUsernameToUUID(username string) (model.ProfileResponse, error) {
 		return response, nil
 	}
 }
+
+func mojangUUIDToUUID(uid string) (model.ProfileResponse, error) {
+	response := model.ProfileResponse{}
+	reqUrl := fmt.Sprintf("https://api.minecraftservices.com/minecraft/profile/lookup/%s", uid)
+	err := util.GetObject(reqUrl, &response)
+	if err != nil {
+		return response, err
+	} else {
+		return response, nil
+	}
+}
+
+func mojangUsernamesToUUIDs(username []string) ([]model.ProfileResponse, error) {
+	response := make([]model.ProfileResponse, 0)
+	err := util.PostObject("https://api.minecraftservices.com/minecraft/profile/lookup/bulk/byname", username, &response)
+	if err != nil {
+		return response, err
+	} else {
+		return response, nil
+	}
+}

util/token_utils.go

@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2025. Gardel <sunxinao@hotmail.com> and contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package util
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"strings"
+)
+
+type officialTokenPayload struct {
+	Xuid     string        `json:"xuid"`
+	Agg      string        `json:"agg"`
+	Sub      string        `json:"sub"`
+	Auth     string        `json:"auth"`
+	Ns       string        `json:"ns"`
+	Roles    []interface{} `json:"roles"`
+	Iss      string        `json:"iss"`
+	Flags    []string      `json:"flags"`
+	Profiles struct {
+		Mc string `json:"mc"`
+	} `json:"profiles"`
+	Platform string `json:"platform"`
+	Pfd      []struct {
+		Type string `json:"type"`
+		Id   string `json:"id"`
+		Name string `json:"name"`
+	} `json:"pfd"`
+	Nbf int `json:"nbf"`
+	Exp int `json:"exp"`
+	Iat int `json:"iat"`
+}
+
+func ParseOfficialToken(token string) (id, name string, err error) {
+	firstDot := strings.IndexRune(token, '.')
+	if firstDot == -1 {
+		return id, name, errors.New("invalid token")
+	}
+	secondDot := 1 + firstDot + strings.IndexRune(token[firstDot+1:], '.')
+	if secondDot == -1 {
+		return id, name, errors.New("invalid token")
+	}
+	jsonBase64 := token[firstDot+1 : secondDot]
+	jsonDecoded, err := base64.RawURLEncoding.DecodeString(jsonBase64)
+	if err != nil {
+		return id, name, err
+	}
+	payload := officialTokenPayload{}
+	err = json.Unmarshal(jsonDecoded, &payload)
+	if err != nil {
+		return id, name, err
+	}
+	if payload.Pfd == nil || len(payload.Pfd) == 0 {
+		return id, name, errors.New("invalid token")
+	}
+	id = payload.Pfd[0].Id
+	name = payload.Pfd[0].Name
+	return id, name, nil
+}