fix(mc): ONLINE_MODE=true — authlib-injector needs online handshake for skins
online-mode=false made the server skip the online-auth handshake entirely, so authlib-injector never validated sessions against Drasl: players got offline-hash UUIDs and no skin textures (everyone Steve). authlib-injector's whole purpose is to redirect the *online* handshake from Mojang to Drasl, so online-mode must be true; only the 1.21+ secure profile stays off (ENFORCE_SECURE_PROFILE=false + Drasl SignPublicKeys=false). Correct the conflation in CLAUDE.md and plan/05-minecraft.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -58,8 +58,13 @@ services:
|
||||
USE_AIKAR_FLAGS: "TRUE"
|
||||
JVM_XX_OPTS: "-XX:+UseG1GC"
|
||||
|
||||
# ── Auth: offline mode + authlib-injector pointing at Drasl ─
|
||||
ONLINE_MODE: "FALSE"
|
||||
# ── Auth: ONLINE mode validated against Drasl via authlib-injector ─
|
||||
# MUST be true: authlib-injector redirects the normal online-auth
|
||||
# handshake from Mojang to Drasl. online-mode=false skips the handshake
|
||||
# entirely -> offline UUIDs, no session validation, NO SKINS for anyone.
|
||||
# Secure-profile is the part that must stay off on 1.21+ (see
|
||||
# ENFORCE_SECURE_PROFILE + Drasl SignPublicKeys=false), NOT online-mode.
|
||||
ONLINE_MODE: "TRUE"
|
||||
# Resolves over mcnet to caddy (alias auth.${BASE_DOMAIN}) -> drasl.
|
||||
JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=https://auth.${BASE_DOMAIN}/authlib-injector"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user