mirror of
https://github.com/Luzifer/twitch-bot.git
synced 2024-11-08 16:20:02 +00:00
Disable authentication with Twitch token
aside of the `/login` endpoint for the editor Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
802fb56e2a
commit
b90d9b3228
SSH key fingerprint:
SHA256:/xtE5lCgiRDQr8SLxHMS92ZBlACmATUmF1crK16Ks4E
2 changed files with 0 additions and 42 deletions
|
|
@ -1,14 +1,10 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/Luzifer/go_helpers/v2/str"
|
||||
"github.com/Luzifer/twitch-bot/v3/internal/service/authcache"
|
||||
"github.com/Luzifer/twitch-bot/v3/pkg/twitch"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
const internalTokenAuthCacheExpiry = 5 * time.Minute
|
||||
|
|
@ -41,40 +37,3 @@ func authBackendInternalEditorToken(token string) ([]string, time.Time, error) {
|
|||
// Editors have full access: Return module "*"
|
||||
return []string{"*"}, expiresAt, nil
|
||||
}
|
||||
|
||||
func authBackendTwitchToken(token string) (modules []string, expiresAt time.Time, err error) {
|
||||
tc := twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, token, "")
|
||||
|
||||
var httpError twitch.HTTPError
|
||||
|
||||
id, user, err := tc.GetAuthorizedUser(context.Background())
|
||||
switch {
|
||||
case err == nil:
|
||||
// We got a valid user, continue check below
|
||||
if !str.StringInSlice(user, config.BotEditors) && !str.StringInSlice(id, config.BotEditors) {
|
||||
// That user is none of our editors: Deny access
|
||||
return nil, time.Time{}, authcache.ErrUnauthorized
|
||||
}
|
||||
|
||||
_, _, expiresAt, err = tc.GetTokenInfo(context.Background())
|
||||
if err != nil {
|
||||
return nil, time.Time{}, errors.Wrap(err, "getting token expiry")
|
||||
}
|
||||
|
||||
// Editors have full access: Return module "*"
|
||||
return []string{"*"}, expiresAt, nil
|
||||
|
||||
case errors.As(err, &httpError):
|
||||
// We either got "forbidden" or we got another error
|
||||
if httpError.Code == http.StatusUnauthorized {
|
||||
// That token wasn't valid or not a Twitch token: Unauthorized
|
||||
return nil, time.Time{}, authcache.ErrUnauthorized
|
||||
}
|
||||
|
||||
return nil, time.Time{}, errors.Wrap(err, "validating Twitch token")
|
||||
|
||||
default:
|
||||
// Something else went wrong
|
||||
return nil, time.Time{}, errors.Wrap(err, "validating Twitch token")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
1
main.go
1
main.go
|
|
@ -140,7 +140,6 @@ func main() {
|
|||
authService = authcache.New(
|
||||
authBackendInternalAppToken,
|
||||
authBackendInternalEditorToken,
|
||||
authBackendTwitchToken,
|
||||
)
|
||||
|
||||
cronService = cron.New(cron.WithSeconds())
|
||||
|
|
|
|||
Loading…
Reference in a new issue