From e7e9877c05d6b012d4259a834bc716317cfd94e6 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Wed, 3 Apr 2024 23:16:17 +0200 Subject: [PATCH] [core] Remove deprecated fallback token / token migration Signed-off-by: Knut Ahlers --- internal/service/access/access.go | 69 ++----------------------------- main.go | 8 +--- 2 files changed, 4 insertions(+), 73 deletions(-) diff --git a/internal/service/access/access.go b/internal/service/access/access.go index fd6269c..50e1a96 100644 --- a/internal/service/access/access.go +++ b/internal/service/access/access.go @@ -2,7 +2,7 @@ package access import ( - "context" + "fmt" "strings" "github.com/pkg/errors" @@ -29,8 +29,6 @@ type ( TwitchClient string TwitchClientSecret string - FallbackToken string // DEPRECATED - TokenUpdateHook func() } @@ -93,72 +91,11 @@ func (s Service) GetChannelPermissions(channel string) ([]string, error) { // bot user func (s Service) GetBotTwitchClient(cfg ClientConfig) (*twitch.Client, error) { botUsername, err := s.GetBotUsername() - switch { - case errors.Is(err, nil): - // This is fine, we have a username - return s.GetTwitchClientForChannel(botUsername, cfg) - - case errors.Is(err, database.ErrCoreMetaNotFound): - // The bot has no username stored, we try to auto-migrate below - - default: - return nil, errors.Wrap(err, "getting bot username from database") - } - - // Bot username is not set, either we're running from fallback token - // or did not yet execute the v3.5.0 migration - - var botAccessToken, botRefreshToken string - err = s.db.ReadEncryptedCoreMeta(coreMetaKeyBotToken, &botAccessToken) - switch { - case errors.Is(err, nil): - // This is fine, we do have a pre-v3.5.0 config, lets do the migration - - case errors.Is(err, database.ErrCoreMetaNotFound): - // We're don't have a stored pre-v3.5.0 token either, so we're - // running from the fallback token (which might be empty) - return twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, cfg.FallbackToken, ""), nil - - default: - return nil, errors.Wrap(err, "getting bot access token from database") - } - - if err = s.db.ReadEncryptedCoreMeta(coreMetaKeyBotRefreshToken, &botRefreshToken); err != nil { - return nil, errors.Wrap(err, "getting bot refresh token from database") - } - - // Now we do have (hopefully valid) tokens for the bot and therefore - // can determine who the bot is. That means we can set the username - // for later reference and afterwards delete the duplicated tokens. - - _, botUser, err := twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, botAccessToken, botRefreshToken).GetAuthorizedUser(context.Background()) if err != nil { - return nil, errors.Wrap(err, "validating stored access token") + return nil, fmt.Errorf("getting bot username: %w", err) } - if err = s.db.StoreCoreMeta(coreMetaKeyBotUsername, botUser); err != nil { - return nil, errors.Wrap(err, "setting bot username") - } - - if _, err = s.GetTwitchClientForChannel(botUser, cfg); errors.Is(err, gorm.ErrRecordNotFound) { - // There is no extended permission for that channel, we probably - // are in a state created by the v2 migrator. Lets just store the - // token without any permissions as we cannot know the permissions - // assigned to that token - if err = s.SetExtendedTwitchCredentials(botUser, botAccessToken, botRefreshToken, nil); err != nil { - return nil, errors.Wrap(err, "moving bot access token") - } - } - - if err = s.db.DeleteCoreMeta(coreMetaKeyBotToken); err != nil { - return nil, errors.Wrap(err, "deleting deprecated bot token") - } - - if err = s.db.DeleteCoreMeta(coreMetaKeyBotRefreshToken); err != nil { - return nil, errors.Wrap(err, "deleting deprecated bot refresh-token") - } - - return s.GetTwitchClientForChannel(botUser, cfg) + return s.GetTwitchClientForChannel(botUsername, cfg) } // GetTwitchClientForChannel returns a twitch.Client configured to act diff --git a/main.go b/main.go index 9aea2f2..83ee749 100644 --- a/main.go +++ b/main.go @@ -54,7 +54,6 @@ var ( StorageEncryptionPass string `flag:"storage-encryption-pass" default:"" description:"Passphrase to encrypt secrets inside storage (defaults to twitch-client:twitch-client-secret)"` TwitchClient string `flag:"twitch-client" default:"" description:"Client ID to act as"` TwitchClientSecret string `flag:"twitch-client-secret" default:"" description:"Secret for the Client ID"` - TwitchToken string `flag:"twitch-token" default:"" description:"OAuth token valid for client (fallback if no token was set in interface) -- DEPRECATED"` ValidateConfig bool `flag:"validate-config,v" default:"false" description:"Loads the config, logs any errors and quits with status 0 on success"` VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"` WaitForSelfcheck time.Duration `flag:"wait-for-selfcheck" default:"60s" description:"Maximum time to wait for the self-check to respond when behind load-balancers"` @@ -117,10 +116,6 @@ func initApp() error { }, ":") } - if cfg.TwitchToken != "" { - log.Warn("You are using the DEPRECATED --twitch-token flag / TWITCH_TOKEN env variable, please switch to web-based auth! - This flag will be removed in a later release!") - } - return nil } @@ -154,7 +149,6 @@ func main() { if twitchClient, err = accessService.GetBotTwitchClient(access.ClientConfig{ TwitchClient: cfg.TwitchClient, TwitchClientSecret: cfg.TwitchClientSecret, - FallbackToken: cfg.TwitchToken, TokenUpdateHook: func() { // make frontend reload its state as of token change frontendNotifyHooks.Ping(frontendNotifyTypeReload) @@ -163,7 +157,7 @@ func main() { if !errors.Is(err, access.ErrChannelNotAuthorized) { log.WithError(err).Fatal("initializing Twitch client") } - twitchClient = twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, cfg.TwitchToken, "") + twitchClient = twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, "", "") } twitchWatch := newTwitchWatcher()