uebliche

Appearance

Changelog

[2026.01.27-a678514] - Health DB status

Added

  • Include MongoDB ping status and latency in /health responses.

[2026.01.27-40665b8] - Service token verify

Fixed

  • Accept service JWTs in /v1/auth/verify for build.moe sign-in flows.

[2026.01.27-afe1246] - Build.moe random endpoints

Added

  • Add /v1/head/random and /v1/banner/random for build.moe random picks.
  • Add BUILD_MOE_BANNERS_COLLECTION to configure the banner collection name.

[2026.01.26-6c4c161] - Discord docs build fix

Fixed

  • Escape Discord command placeholders in the docs to avoid VitePress parsing errors.

[2026.01.26-b353eb3] - Auth token verify

Added

  • Add /auth/verify and /v1/auth/verify to validate API JWTs and return minimal claims for build.moe.

[2026.01.26-19110a4] - Service exchange errors

Changed

  • Allow super admins to list all services instead of only owned ones.

Fixed

  • Show a friendly HTML error page for failed /v1/auth/service/exchange requests.
  • Fix service consent upserts to avoid duplicate key errors.
  • Fix service token issuance when consent documents store legacy user IDs.

[2026.01.26-872cb3b] - Service auth exchange

Added

  • Add /v1/auth/service/exchange to start service consent flows from a redirect URL.
  • Add /v1/auth/service/token to issue service-scoped JWTs after consent.

Fixed

  • Include legacy string ownerId values when listing services.

[2026.01.25-0000000] - Discord heads lookup

Changed

  • Resolve Discord /head lookups against the local MongoDB heads collection instead of build.moe HTTP requests.
  • Split /head into search-only and /randomhead for random results.

Added

  • Add /v1/discord/build-moe/commands to register build.moe bot slash commands globally.

Added

  • Allow overriding the Mongo database and collection used for head lookups.

[2026.01.25-00f7712] - Discord interactions

Added

  • Add /v1/discord/interaction to process Discord slash-command payloads (including /head and /docs).

[2026.01.25-e0e2ee8] - Connect extensions

Added

  • Add Connect extension catalog endpoints plus per-server extension registrations and actions.
  • Add source scoping for Connect settings and settings history endpoints.
  • Add server template and temporary instance metadata for Connect servers.

[2026.01.25-819be00] - Connect settings schema

Added

  • Store optional settings schemas for Connect servers and return them with settings payloads.

[2026.01.24-89bacaf] - Launcher options sync

Added

  • Add /v1/profile/minecraft-options to sync launcher Minecraft options via the public API.

[2026.01.24-89bacaf] - Profile share admin listing

Added

  • Add /v1/admin/profile-shares to list launcher profile shares with author info.

[2026.01.24-a3a67a6] - Games templates and catalog

Added

  • Add template management endpoints (/v1/games/templates, /v1/games/templates/{id}).
  • Add collaborator updates for templates (/v1/games/templates/{id}/collaborators).
  • Add public games catalog endpoint (/v1/games/catalog).
  • Add minigame network binding and publish endpoints (/v1/games/minigames/{id}, /v1/games/minigames/{id}/publish).
  • Add leaderboard creation + delete endpoints (/v1/games/leaderboards, /v1/games/leaderboards/{id}).

[2026.01.24-5e01e97] - Games live stream

Added

  • Add /v1/games/live websocket stream for games dashboard snapshots.

[2026.01.22-36711c3] - Default roles

Changed

  • Apply default roles automatically during permission checks (without assigning user roles).

[2026.01.22-07cd76c] - Connect host join

Added

  • Add connect network join tokens plus the /v1/connect/networks/join endpoint. (api 07cd76c)
  • Add /v1/connect/hosts for listing agent hosts. (api 07cd76c)

[2026.01.22-01f0640] - Dash user administration

Added

  • Add admin user lookup and detail endpoints (/v1/admin/users/lookup, /v1/admin/users/{userId}).
  • Add a dashboard user management view with scope filtering, role assignment, and explicit permission edits.

[2026.01.22-0000000] - Sanitize internal errors

Fixed

  • Stop returning raw database error messages in API responses; errors are logged server-side.
  • Allow user role lookups to decode legacy UUID shapes when loading admin role assignments.
  • Prefer Cloudflare client IP headers so public API logs and requests use real user IPs.

Added

  • Add /v1/ip to return the caller IP as plain text.
  • Include uptimeSeconds in /health responses.

[2026.01.21-0000000] - User last-seen tracking

Fixed

  • Update lastSeenAt for authenticated users on every API request, including region tracking.

[2026.01.19-6725742] - 2026-01-19 - Auth user bootstrap

Changed

  • Create missing user records during Minecraft join verification and Microsoft sign-in.

Fixed

  • Repair public API builds by correcting startup module wiring and tracing layer typing.

[2026.01.19] - 2026-01-19

Added

  • Add /v1/profile/settings endpoints so users can read and update profile settings (including friend request privacy).

Changed

  • Block friend request creation when the recipient has disabled allowFriendRequests.

[2026.01.18] - 2026-01-18

Changed

  • Switch Minecraft session auth to a join/hasJoined handshake with short-lived join tokens so clients keep Minecraft access tokens local.

Added

  • Add /v1/auth/session/minecraft/join and /v1/auth/session/minecraft/verify for Mojang join-based auth.
  • Add /v1/profile/auth/sessions so users can inspect recent auth sessions.

Removed

  • Remove /v1/auth/session/minecraft/access from the public API.

Fixed

  • Populate personal totem upload authors from the authenticated user when missing.

[2026.01.17] - 2026-01-17

Added

  • Add /v1/connect/servers/{serverId}/claim-key so Connect servers can request fresh claim keys.

[2026.01.16] - 2026-01-16

Changed

  • Rename the docs path from /public-api/ to /api/ and update section links.
  • Point the live tryout at https://uebliche.info/api and store tokens in local storage.

[2026.01.15] - 2026-01-15

Added

  • Add /v1/auth/session/exchange to mint API tokens from the uebliche_token cookie (SSO for build.moe/dash).
  • Add build.moe redirect support for Microsoft sign-in via MICROSOFT_BUILD_MOE_REDIRECT.
  • Seed the permissions catalog on startup so service consent can reference known nodes.
  • Add role CRUD and user role assignment endpoints under /v1/admin/roles.
  • Add connect network endpoints (/v1/connect/networks) so users can create and list Connect networks.
  • Add Connect server claim and assignment endpoints (/v1/connect/servers, /v1/connect/servers/claim, /v1/connect/servers/{serverId}).
  • Add network domain claim/verification endpoints (/v1/connect/networks/{networkId}/domains).

Changed

  • Replace Connect network shared keys with single-use server claim keys returned by server registration.
  • Remove Connect network claiming; servers are claimed first and assigned to networks in Dash.

[2026.01.13] - 2026-01-13

Added

  • Mirror the personal totem endpoints under /v1/api/profile/... so legacy clients (like TotemMod) can still select and fetch models.
  • Capture 5xx errors and panics in Sentry when SENTRY_DSN is set, tagging each report with the active build and region metadata.

Changed

  • Omit empty gallery item fields (for example rating, author, timestamps, and zero counts) to shrink /v1/profile/personal-totem/gallery payloads.
  • Include itemModelUrl on gallery items so clients can preview each model without extra roundtrips.
  • Remove cdn.baseUrl from gallery responses to avoid leaking public entrypoints.
  • Trim the model endpoint response to the minimal fields needed for model fetches (no duplicate URLs or filenames).
  • Return public CDN URLs from the model endpoint (no presigned links).
  • Extend issued auth JWTs to a 30-day lifetime.
  • Ensure personal totem selection can upsert a minimal user record when none exists to avoid 500s.
  • Avoid deserialization errors when selecting gallery models with legacy author id formats.

Fixed

  • Let /v1/profile/personal-totem/model/{itemModelId} return gallery models when PERSONAL_TOTEM_PUBLIC_API is enabled so each totem entry renders its own preview in the mod gallery.
  • Normalize itemModelPublicUrl so it no longer exposes the totem-models/ storage prefix and instead uses clean https://totem.uebliche.net/{modelId}.json URLs.
  • New uploads store itemModel objects without the totem-models/ prefix, so Mongo and the public URL share a simple {modelId}.json path.
  • Ensure personal totem uploads set public-read ACLs when the public API or public endpoint is enabled, so CDN fetches do not 403.

[2026.01.12] - 2026-01-12

Fixed

  • Serialize connect command/settings payload data to BSON for MongoDB updates.
  • Send connect settings WebSocket payloads using UTF-8 text frames.
  • Include Connect-managed servers in /v1/profile/servers responses (including tag=uebliche).

[2026.01.11] - 2026-01-11

Changed

  • Drop user UUIDs from personal totem S3 storage keys (now totem-models/<modelId>.<ext>).
  • Allow duplicate personal totem uploads while reusing existing storage objects.
  • Skip request logging for /health probes.
  • Default Microsoft OAuth scopes to XboxLive.signin offline_access.
  • Make ANSI log coloring configurable via LOG_ANSI / LOG_NO_COLOR / NO_COLOR (off by default unless LOG_ANSI is set).
  • Allow Microsoft dashboard logins to request a custom redirect URL (limited to localhost/uebliche.net).
  • Allow connect settings WebSocket clients to pass the dash JWT via ?token=.

Added

  • Add optional per-model ratings (rating.content, rating.age) and author metadata (author.id, author.name, author.description) to personal totem uploads and responses.
  • Add a personal totem gallery endpoint with limit/sort ordering and selection counts.
  • Add Microsoft OAuth login endpoints for dashboard sessions.
  • Add /v1/profile/self and /v1/profile/servers for dashboard profile metadata and owned server lists.
  • Add admin permission endpoints to list and edit user permission grants.
  • Add /v1/connect/servers/register for automatic server registration and network grouping.

Removed

  • Remove legacy user_id fallbacks for personal totem history and uploads.

[2026.01.10] - 2026-01-10

Added

  • Add request/response logging for every public API call via an HTTP trace layer.
  • Add a local deploy helper script for the public API.

Changed

  • Require Minecraft access tokens for /v1/auth/session/minecraft/access (remove dev auth fallback).
  • Document public API deploys against the unauthenticated registry.

Fixed

  • Create missing user records on first personal totem upload when using Minecraft tokens.
  • Match compact (no-hyphen) userId formats when loading personal totem history.
  • Reuse existing personal totem storage objects to avoid 1:1 duplicate uploads.
  • Block duplicate personal totem uploads per user with a dedupe key.

[2026.01.09] - 2026-01-09

Added

  • Added /health to expose region and build metadata.
  • Added an auth page for /v1/auth/session/minecraft/access.

Removed

  • Removed the regions and MongoDB pages from the API docs.

[2026.01.08] - 2026-01-08

Changed

  • Track homeRegion for users and tag friends/favorites for shard-friendly routing.

Added

  • Documented region deployment and home region tracking.
  • Added MongoDB sharding deployment notes.

[2026.01.07] - 2026-01-07

Added

  • Documented the friends API endpoints.