Disable authentication with Twitch token

aside of the `/login` endpoint for the editor

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2024-06-12 21:35:24 +02:00
parent 9a93463bea
commit 82dc4dd361
Signed by: luzifer
SSH key fingerprint: SHA256:/xtE5lCgiRDQr8SLxHMS92ZBlACmATUmF1crK16Ks4E
2 changed files with 0 additions and 42 deletions

View file

@ -1,14 +1,10 @@
package main package main
import ( import (
"context"
"net/http"
"time" "time"
"github.com/Luzifer/go_helpers/v2/str" "github.com/Luzifer/go_helpers/v2/str"
"github.com/Luzifer/twitch-bot/v3/internal/service/authcache" "github.com/Luzifer/twitch-bot/v3/internal/service/authcache"
"github.com/Luzifer/twitch-bot/v3/pkg/twitch"
"github.com/pkg/errors"
) )
const internalTokenAuthCacheExpiry = 5 * time.Minute const internalTokenAuthCacheExpiry = 5 * time.Minute
@ -41,40 +37,3 @@ func authBackendInternalEditorToken(token string) ([]string, time.Time, error) {
// Editors have full access: Return module "*" // Editors have full access: Return module "*"
return []string{"*"}, expiresAt, nil return []string{"*"}, expiresAt, nil
} }
func authBackendTwitchToken(token string) (modules []string, expiresAt time.Time, err error) {
tc := twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, token, "")
var httpError twitch.HTTPError
id, user, err := tc.GetAuthorizedUser(context.Background())
switch {
case err == nil:
// We got a valid user, continue check below
if !str.StringInSlice(user, config.BotEditors) && !str.StringInSlice(id, config.BotEditors) {
// That user is none of our editors: Deny access
return nil, time.Time{}, authcache.ErrUnauthorized
}
_, _, expiresAt, err = tc.GetTokenInfo(context.Background())
if err != nil {
return nil, time.Time{}, errors.Wrap(err, "getting token expiry")
}
// Editors have full access: Return module "*"
return []string{"*"}, expiresAt, nil
case errors.As(err, &httpError):
// We either got "forbidden" or we got another error
if httpError.Code == http.StatusUnauthorized {
// That token wasn't valid or not a Twitch token: Unauthorized
return nil, time.Time{}, authcache.ErrUnauthorized
}
return nil, time.Time{}, errors.Wrap(err, "validating Twitch token")
default:
// Something else went wrong
return nil, time.Time{}, errors.Wrap(err, "validating Twitch token")
}
}

View file

@ -140,7 +140,6 @@ func main() {
authService = authcache.New( authService = authcache.New(
authBackendInternalAppToken, authBackendInternalAppToken,
authBackendInternalEditorToken, authBackendInternalEditorToken,
authBackendTwitchToken,
) )
cronService = cron.New(cron.WithSeconds()) cronService = cron.New(cron.WithSeconds())