twitch-bot/botEditor.go
Knut Ahlers 246bb2811d
[core] Improve EventSub API request design
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2021-12-24 19:59:20 +01:00

45 lines
1.2 KiB
Go

package main
import (
"net/http"
"github.com/pkg/errors"
"github.com/Luzifer/go_helpers/v2/str"
"github.com/Luzifer/twitch-bot/twitch"
)
func getAuthorizationFromRequest(r *http.Request) (string, *twitch.Client, error) {
token := r.Header.Get("Authorization")
if token == "" {
return "", nil, errors.New("no authorization provided")
}
tc := twitch.New(cfg.TwitchClient, cfg.TwitchClientSecret, token)
user, err := tc.GetAuthorizedUsername()
return user, tc, errors.Wrap(err, "getting authorized user")
}
func botEditorAuthMiddleware(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user, tc, err := getAuthorizationFromRequest(r)
if err != nil {
http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusForbidden)
return
}
id, err := tc.GetIDForUsername(user)
if err != nil {
http.Error(w, errors.Wrap(err, "getting ID for authorized user").Error(), http.StatusForbidden)
return
}
if !str.StringInSlice(user, config.BotEditors) && !str.StringInSlice(id, config.BotEditors) {
http.Error(w, "user is not authorized", http.StatusForbidden)
return
}
h.ServeHTTP(w, r)
})
}