[core] Remove deprecated fallback token / token migration

Signed-off-by: Knut Ahlers <knut@ahlers.me>

internal/service/access/access.go

@@ -2,7 +2,7 @@
 package access
 
 import (
-	"context"
+	"fmt"
 	"strings"
 
 	"github.com/pkg/errors"
@@ -29,8 +29,6 @@ type (
 		TwitchClient       string
 		TwitchClientSecret string
 
-		FallbackToken string // DEPRECATED
-
 		TokenUpdateHook func()
 	}
 
@@ -93,72 +91,11 @@ func (s Service) GetChannelPermissions(channel string) ([]string, error) {
 // bot user
 func (s Service) GetBotTwitchClient(cfg ClientConfig) (*twitch.Client, error) {
 	botUsername, err := s.GetBotUsername()
-	switch {
-	case errors.Is(err, nil):
-		// This is fine, we have a username
-		return s.GetTwitchClientForChannel(botUsername, cfg)
-
-	case errors.Is(err, database.ErrCoreMetaNotFound):
-		// The bot has no username stored, we try to auto-migrate below
-
-	default:
-		return nil, errors.Wrap(err, "getting bot username from database")
-	}
-
-	// Bot username is not set, either we're running from fallback token
-	// or did not yet execute the v3.5.0 migration
-
-	var botAccessToken, botRefreshToken string
-	err = s.db.ReadEncryptedCoreMeta(coreMetaKeyBotToken, &botAccessToken)
-	switch {
-	case errors.Is(err, nil):
-		// This is fine, we do have a pre-v3.5.0 config, lets do the migration
-
-	case errors.Is(err, database.ErrCoreMetaNotFound):
-		// We're don't have a stored pre-v3.5.0 token either, so we're
-		// running from the fallback token (which might be empty)
-		return twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, cfg.FallbackToken, ""), nil
-
-	default:
-		return nil, errors.Wrap(err, "getting bot access token from database")
-	}
-
-	if err = s.db.ReadEncryptedCoreMeta(coreMetaKeyBotRefreshToken, &botRefreshToken); err != nil {
-		return nil, errors.Wrap(err, "getting bot refresh token from database")
-	}
-
-	// Now we do have (hopefully valid) tokens for the bot and therefore
-	// can determine who the bot is. That means we can set the username
-	// for later reference and afterwards delete the duplicated tokens.
-
-	_, botUser, err := twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, botAccessToken, botRefreshToken).GetAuthorizedUser(context.Background())
 	if err != nil {
-		return nil, errors.Wrap(err, "validating stored access token")
+		return nil, fmt.Errorf("getting bot username: %w", err)
 	}
 
-	if err = s.db.StoreCoreMeta(coreMetaKeyBotUsername, botUser); err != nil {
+	return s.GetTwitchClientForChannel(botUsername, cfg)
-		return nil, errors.Wrap(err, "setting bot username")
-	}
-
-	if _, err = s.GetTwitchClientForChannel(botUser, cfg); errors.Is(err, gorm.ErrRecordNotFound) {
-		// There is no extended permission for that channel, we probably
-		// are in a state created by the v2 migrator. Lets just store the
-		// token without any permissions as we cannot know the permissions
-		// assigned to that token
-		if err = s.SetExtendedTwitchCredentials(botUser, botAccessToken, botRefreshToken, nil); err != nil {
-			return nil, errors.Wrap(err, "moving bot access token")
-		}
-	}
-
-	if err = s.db.DeleteCoreMeta(coreMetaKeyBotToken); err != nil {
-		return nil, errors.Wrap(err, "deleting deprecated bot token")
-	}
-
-	if err = s.db.DeleteCoreMeta(coreMetaKeyBotRefreshToken); err != nil {
-		return nil, errors.Wrap(err, "deleting deprecated bot refresh-token")
-	}
-
-	return s.GetTwitchClientForChannel(botUser, cfg)
 }
 
 // GetTwitchClientForChannel returns a twitch.Client configured to act

main.go

@@ -54,7 +54,6 @@ var (
 		StorageEncryptionPass string        `flag:"storage-encryption-pass" default:"" description:"Passphrase to encrypt secrets inside storage (defaults to twitch-client:twitch-client-secret)"`
 		TwitchClient          string        `flag:"twitch-client" default:"" description:"Client ID to act as"`
 		TwitchClientSecret    string        `flag:"twitch-client-secret" default:"" description:"Secret for the Client ID"`
-		TwitchToken           string        `flag:"twitch-token" default:"" description:"OAuth token valid for client (fallback if no token was set in interface) -- DEPRECATED"`
 		ValidateConfig        bool          `flag:"validate-config,v" default:"false" description:"Loads the config, logs any errors and quits with status 0 on success"`
 		VersionAndExit        bool          `flag:"version" default:"false" description:"Prints current version and exits"`
 		WaitForSelfcheck      time.Duration `flag:"wait-for-selfcheck" default:"60s" description:"Maximum time to wait for the self-check to respond when behind load-balancers"`
@@ -117,10 +116,6 @@ func initApp() error {
 		}, ":")
 	}
 
-	if cfg.TwitchToken != "" {
-		log.Warn("You are using the DEPRECATED --twitch-token flag / TWITCH_TOKEN env variable, please switch to web-based auth! - This flag will be removed in a later release!")
-	}
-
 	return nil
 }
 
@@ -154,7 +149,6 @@ func main() {
 	if twitchClient, err = accessService.GetBotTwitchClient(access.ClientConfig{
 		TwitchClient:       cfg.TwitchClient,
 		TwitchClientSecret: cfg.TwitchClientSecret,
-		FallbackToken:      cfg.TwitchToken,
 		TokenUpdateHook: func() {
 			// make frontend reload its state as of token change
 			frontendNotifyHooks.Ping(frontendNotifyTypeReload)
@@ -163,7 +157,7 @@ func main() {
 		if !errors.Is(err, access.ErrChannelNotAuthorized) {
 			log.WithError(err).Fatal("initializing Twitch client")
 		}
-		twitchClient = twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, cfg.TwitchToken, "")
+		twitchClient = twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, "", "")
 	}
 
 	twitchWatch := newTwitchWatcher()