[core] Remove deprecated fallback token / token migration

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2024-04-03 23:16:17 +02:00
parent a49a1844ba
commit e7e9877c05
Signed by: luzifer
SSH key fingerprint: SHA256:/xtE5lCgiRDQr8SLxHMS92ZBlACmATUmF1crK16Ks4E
2 changed files with 4 additions and 73 deletions

View file

@ -2,7 +2,7 @@
package access
import (
"context"
"fmt"
"strings"
"github.com/pkg/errors"
@ -29,8 +29,6 @@ type (
TwitchClient string
TwitchClientSecret string
FallbackToken string // DEPRECATED
TokenUpdateHook func()
}
@ -93,72 +91,11 @@ func (s Service) GetChannelPermissions(channel string) ([]string, error) {
// bot user
func (s Service) GetBotTwitchClient(cfg ClientConfig) (*twitch.Client, error) {
botUsername, err := s.GetBotUsername()
switch {
case errors.Is(err, nil):
// This is fine, we have a username
return s.GetTwitchClientForChannel(botUsername, cfg)
case errors.Is(err, database.ErrCoreMetaNotFound):
// The bot has no username stored, we try to auto-migrate below
default:
return nil, errors.Wrap(err, "getting bot username from database")
}
// Bot username is not set, either we're running from fallback token
// or did not yet execute the v3.5.0 migration
var botAccessToken, botRefreshToken string
err = s.db.ReadEncryptedCoreMeta(coreMetaKeyBotToken, &botAccessToken)
switch {
case errors.Is(err, nil):
// This is fine, we do have a pre-v3.5.0 config, lets do the migration
case errors.Is(err, database.ErrCoreMetaNotFound):
// We're don't have a stored pre-v3.5.0 token either, so we're
// running from the fallback token (which might be empty)
return twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, cfg.FallbackToken, ""), nil
default:
return nil, errors.Wrap(err, "getting bot access token from database")
}
if err = s.db.ReadEncryptedCoreMeta(coreMetaKeyBotRefreshToken, &botRefreshToken); err != nil {
return nil, errors.Wrap(err, "getting bot refresh token from database")
}
// Now we do have (hopefully valid) tokens for the bot and therefore
// can determine who the bot is. That means we can set the username
// for later reference and afterwards delete the duplicated tokens.
_, botUser, err := twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, botAccessToken, botRefreshToken).GetAuthorizedUser(context.Background())
if err != nil {
return nil, errors.Wrap(err, "validating stored access token")
return nil, fmt.Errorf("getting bot username: %w", err)
}
if err = s.db.StoreCoreMeta(coreMetaKeyBotUsername, botUser); err != nil {
return nil, errors.Wrap(err, "setting bot username")
}
if _, err = s.GetTwitchClientForChannel(botUser, cfg); errors.Is(err, gorm.ErrRecordNotFound) {
// There is no extended permission for that channel, we probably
// are in a state created by the v2 migrator. Lets just store the
// token without any permissions as we cannot know the permissions
// assigned to that token
if err = s.SetExtendedTwitchCredentials(botUser, botAccessToken, botRefreshToken, nil); err != nil {
return nil, errors.Wrap(err, "moving bot access token")
}
}
if err = s.db.DeleteCoreMeta(coreMetaKeyBotToken); err != nil {
return nil, errors.Wrap(err, "deleting deprecated bot token")
}
if err = s.db.DeleteCoreMeta(coreMetaKeyBotRefreshToken); err != nil {
return nil, errors.Wrap(err, "deleting deprecated bot refresh-token")
}
return s.GetTwitchClientForChannel(botUser, cfg)
return s.GetTwitchClientForChannel(botUsername, cfg)
}
// GetTwitchClientForChannel returns a twitch.Client configured to act

View file

@ -54,7 +54,6 @@ var (
StorageEncryptionPass string `flag:"storage-encryption-pass" default:"" description:"Passphrase to encrypt secrets inside storage (defaults to twitch-client:twitch-client-secret)"`
TwitchClient string `flag:"twitch-client" default:"" description:"Client ID to act as"`
TwitchClientSecret string `flag:"twitch-client-secret" default:"" description:"Secret for the Client ID"`
TwitchToken string `flag:"twitch-token" default:"" description:"OAuth token valid for client (fallback if no token was set in interface) -- DEPRECATED"`
ValidateConfig bool `flag:"validate-config,v" default:"false" description:"Loads the config, logs any errors and quits with status 0 on success"`
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
WaitForSelfcheck time.Duration `flag:"wait-for-selfcheck" default:"60s" description:"Maximum time to wait for the self-check to respond when behind load-balancers"`
@ -117,10 +116,6 @@ func initApp() error {
}, ":")
}
if cfg.TwitchToken != "" {
log.Warn("You are using the DEPRECATED --twitch-token flag / TWITCH_TOKEN env variable, please switch to web-based auth! - This flag will be removed in a later release!")
}
return nil
}
@ -154,7 +149,6 @@ func main() {
if twitchClient, err = accessService.GetBotTwitchClient(access.ClientConfig{
TwitchClient: cfg.TwitchClient,
TwitchClientSecret: cfg.TwitchClientSecret,
FallbackToken: cfg.TwitchToken,
TokenUpdateHook: func() {
// make frontend reload its state as of token change
frontendNotifyHooks.Ping(frontendNotifyTypeReload)
@ -163,7 +157,7 @@ func main() {
if !errors.Is(err, access.ErrChannelNotAuthorized) {
log.WithError(err).Fatal("initializing Twitch client")
}
twitchClient = twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, cfg.TwitchToken, "")
twitchClient = twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, "", "")
}
twitchWatch := newTwitchWatcher()