mirror of
https://github.com/Luzifer/twitch-bot.git
synced 2024-11-08 16:20:02 +00:00
477 lines
12 KiB
Go
477 lines
12 KiB
Go
package main
|
|
|
|
import (
|
|
_ "embed"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"path"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/gofrs/uuid/v3"
|
|
"github.com/pkg/errors"
|
|
"github.com/sirupsen/logrus"
|
|
"golang.org/x/crypto/argon2"
|
|
"golang.org/x/crypto/bcrypt"
|
|
"gopkg.in/irc.v4"
|
|
"gopkg.in/yaml.v3"
|
|
|
|
"github.com/Luzifer/go_helpers/v2/fieldcollection"
|
|
"github.com/Luzifer/go_helpers/v2/str"
|
|
"github.com/Luzifer/twitch-bot/v3/plugins"
|
|
)
|
|
|
|
const (
|
|
expectedMinConfigVersion = 2
|
|
rawLogDirPerm = 0o755
|
|
rawLogFilePerm = 0o644
|
|
)
|
|
|
|
var (
|
|
//go:embed default_config.yaml
|
|
defaultConfigurationYAML []byte
|
|
|
|
hashstructUUIDNamespace = uuid.Must(uuid.FromString("3a0ccc46-d3ba-46b5-ac07-27528c933174"))
|
|
|
|
errSaveNotRequired = errors.New("save not required")
|
|
)
|
|
|
|
type (
|
|
configAuthToken struct {
|
|
Hash string `json:"-" yaml:"hash"`
|
|
Modules []string `json:"modules" yaml:"modules"`
|
|
Name string `json:"name" yaml:"name"`
|
|
Token string `json:"token" yaml:"-"`
|
|
}
|
|
|
|
configFileVersioner struct {
|
|
ConfigVersion int64 `yaml:"config_version"`
|
|
}
|
|
|
|
configFile struct {
|
|
AuthTokens map[string]configAuthToken `yaml:"auth_tokens"`
|
|
AutoMessages []*autoMessage `yaml:"auto_messages"`
|
|
BotEditors []string `yaml:"bot_editors"`
|
|
Channels []string `yaml:"channels"`
|
|
GitTrackConfig bool `yaml:"git_track_config"`
|
|
HTTPListen string `yaml:"http_listen"`
|
|
PermitAllowModerator bool `yaml:"permit_allow_moderator"`
|
|
PermitTimeout time.Duration `yaml:"permit_timeout"`
|
|
RawLog string `yaml:"raw_log"`
|
|
ModuleConfig plugins.ModuleConfig `yaml:"module_config"`
|
|
Rules []*plugins.Rule `yaml:"rules"`
|
|
Variables map[string]interface{} `yaml:"variables"`
|
|
|
|
rawLogWriter io.WriteCloser
|
|
|
|
configFileVersioner `yaml:",inline"`
|
|
}
|
|
)
|
|
|
|
func newConfigFile() *configFile {
|
|
return &configFile{
|
|
AuthTokens: map[string]configAuthToken{},
|
|
PermitTimeout: time.Minute,
|
|
}
|
|
}
|
|
|
|
func loadConfig(filename string) error {
|
|
var (
|
|
configVersion = &configFileVersioner{}
|
|
err error
|
|
tmpConfig = newConfigFile()
|
|
)
|
|
|
|
if err = parseConfigFromYAML(filename, configVersion, false); err != nil {
|
|
return errors.Wrap(err, "parsing config version")
|
|
}
|
|
|
|
if configVersion.ConfigVersion < expectedMinConfigVersion {
|
|
return errors.Errorf("config version too old: %d < %d - Please have a look at the documentation", configVersion.ConfigVersion, expectedMinConfigVersion)
|
|
}
|
|
|
|
if err = parseConfigFromYAML(filename, tmpConfig, true); err != nil {
|
|
return errors.Wrap(err, "parsing config")
|
|
}
|
|
|
|
if err = tmpConfig.runLoadChecks(); err != nil {
|
|
return errors.Wrap(err, "running load-checks on config")
|
|
}
|
|
|
|
configLock.Lock()
|
|
defer configLock.Unlock()
|
|
|
|
tmpConfig.updateAutoMessagesFromConfig(config)
|
|
tmpConfig.fixDurations()
|
|
tmpConfig.fixMissingUUIDs()
|
|
if err = tmpConfig.fixTokenHashStorage(); err != nil {
|
|
return errors.Wrap(err, "applying token hash fixes")
|
|
}
|
|
|
|
switch {
|
|
case config != nil && config.RawLog == tmpConfig.RawLog:
|
|
tmpConfig.rawLogWriter = config.rawLogWriter
|
|
|
|
case tmpConfig.RawLog == "":
|
|
if err = config.CloseRawMessageWriter(); err != nil {
|
|
return errors.Wrap(err, "closing old raw log writer")
|
|
}
|
|
|
|
tmpConfig.rawLogWriter = writeNoOpCloser{io.Discard}
|
|
|
|
default:
|
|
if err = config.CloseRawMessageWriter(); err != nil {
|
|
return errors.Wrap(err, "closing old raw log writer")
|
|
}
|
|
if err = os.MkdirAll(path.Dir(tmpConfig.RawLog), rawLogDirPerm); err != nil {
|
|
return errors.Wrap(err, "creating directories for raw log")
|
|
}
|
|
if tmpConfig.rawLogWriter, err = os.OpenFile(tmpConfig.RawLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, rawLogFilePerm); err != nil {
|
|
return errors.Wrap(err, "opening raw log for appending")
|
|
}
|
|
}
|
|
|
|
config = tmpConfig
|
|
timerService.UpdatePermitTimeout(tmpConfig.PermitTimeout)
|
|
|
|
logrus.WithFields(logrus.Fields{
|
|
"auto_messages": len(config.AutoMessages),
|
|
"rules": len(config.Rules),
|
|
"channels": len(config.Channels),
|
|
}).Info("Config file (re)loaded")
|
|
|
|
// Notify listener config has changed
|
|
frontendNotifyHooks.Ping(frontendNotifyTypeReload)
|
|
|
|
return nil
|
|
}
|
|
|
|
func parseConfigFromYAML(filename string, obj interface{}, strict bool) error {
|
|
f, err := os.Open(filename) //#nosec:G304 // This is intended to open a variable file
|
|
if err != nil {
|
|
return errors.Wrap(err, "open config file")
|
|
}
|
|
defer func() {
|
|
if err := f.Close(); err != nil {
|
|
logrus.WithError(err).Error("closing config file (leaked fd)")
|
|
}
|
|
}()
|
|
|
|
decoder := yaml.NewDecoder(f)
|
|
decoder.KnownFields(strict)
|
|
|
|
return errors.Wrap(decoder.Decode(obj), "decode config file")
|
|
}
|
|
|
|
func patchConfig(filename, authorName, authorEmail, summary string, patcher func(*configFile) error) error {
|
|
var (
|
|
cfgFile = newConfigFile()
|
|
err error
|
|
)
|
|
|
|
if err = parseConfigFromYAML(filename, cfgFile, true); err != nil {
|
|
return errors.Wrap(err, "loading current config")
|
|
}
|
|
|
|
cfgFile.fixMissingUUIDs()
|
|
if err = cfgFile.fixTokenHashStorage(); err != nil {
|
|
return errors.Wrap(err, "applying token hash fixes")
|
|
}
|
|
|
|
err = patcher(cfgFile)
|
|
switch {
|
|
case errors.Is(err, nil):
|
|
// This is fine
|
|
|
|
case errors.Is(err, errSaveNotRequired):
|
|
// This is also fine but we don't need to save
|
|
return nil
|
|
|
|
default:
|
|
return errors.Wrap(err, "patching config")
|
|
}
|
|
|
|
if err = cfgFile.runLoadChecks(); err != nil {
|
|
return errors.Wrap(err, "checking config after patch")
|
|
}
|
|
|
|
return errors.Wrap(
|
|
writeConfigToYAML(filename, authorName, authorEmail, summary, cfgFile),
|
|
"replacing config",
|
|
)
|
|
}
|
|
|
|
func writeConfigToYAML(filename, authorName, authorEmail, summary string, obj *configFile) error {
|
|
tmpFile, err := os.CreateTemp(path.Dir(filename), "twitch-bot-*.yaml")
|
|
if err != nil {
|
|
return errors.Wrap(err, "opening tempfile")
|
|
}
|
|
tmpFileName := tmpFile.Name()
|
|
|
|
fmt.Fprintf(tmpFile, "# Automatically updated by %s using Config-Editor frontend, last update: %s\n", authorName, time.Now().Format(time.RFC3339))
|
|
|
|
if err = yaml.NewEncoder(tmpFile).Encode(obj); err != nil {
|
|
tmpFile.Close() //nolint:errcheck,gosec,revive
|
|
return errors.Wrap(err, "encoding config")
|
|
}
|
|
|
|
if err = tmpFile.Close(); err != nil {
|
|
return fmt.Errorf("closing temp config: %w", err)
|
|
}
|
|
|
|
if err = os.Rename(tmpFileName, filename); err != nil {
|
|
return errors.Wrap(err, "moving config to location")
|
|
}
|
|
|
|
if !obj.GitTrackConfig {
|
|
return nil
|
|
}
|
|
|
|
git := newGitHelper(path.Dir(filename))
|
|
if !git.HasRepo() {
|
|
logrus.Error("Instructed to track changes using Git, but config not in repo")
|
|
return nil
|
|
}
|
|
|
|
return errors.Wrap(
|
|
git.CommitChange(path.Base(filename), authorName, authorEmail, summary),
|
|
"committing config changes",
|
|
)
|
|
}
|
|
|
|
func writeDefaultConfigFile(filename string) error {
|
|
f, err := os.Create(filename) //#nosec:G304 // This is intended to open a variable file
|
|
if err != nil {
|
|
return errors.Wrap(err, "creating config file")
|
|
}
|
|
defer func() {
|
|
if err := f.Close(); err != nil {
|
|
logrus.WithError(err).Error("closing config file (leaked fd)")
|
|
}
|
|
}()
|
|
|
|
_, err = f.Write(defaultConfigurationYAML)
|
|
return errors.Wrap(err, "writing default config")
|
|
}
|
|
|
|
func (c configAuthToken) validate(token string) error {
|
|
switch {
|
|
case strings.HasPrefix(c.Hash, "$2a$"):
|
|
return errors.Wrap(
|
|
bcrypt.CompareHashAndPassword([]byte(c.Hash), []byte(token)),
|
|
"validating bcrypt",
|
|
)
|
|
|
|
case strings.HasPrefix(c.Hash, "$argon2id$"):
|
|
var (
|
|
flds = strings.Split(c.Hash, "$")
|
|
t, m uint32
|
|
p uint8
|
|
)
|
|
|
|
if _, err := fmt.Sscanf(flds[3], "m=%d,t=%d,p=%d", &m, &t, &p); err != nil {
|
|
return errors.Wrap(err, "scanning argon2id hash params")
|
|
}
|
|
|
|
salt, err := base64.RawStdEncoding.DecodeString(flds[4])
|
|
if err != nil {
|
|
return errors.Wrap(err, "decoding salt")
|
|
}
|
|
|
|
if flds[5] == base64.RawStdEncoding.EncodeToString(argon2.IDKey([]byte(token), salt, t, m, p, argonHashLen)) {
|
|
return nil
|
|
}
|
|
|
|
return errors.New("hash does not match")
|
|
|
|
default:
|
|
return errors.New("unknown hash format found")
|
|
}
|
|
}
|
|
|
|
func (c *configFile) CloseRawMessageWriter() (err error) {
|
|
if c == nil || c.rawLogWriter == nil {
|
|
return nil
|
|
}
|
|
|
|
if err = c.rawLogWriter.Close(); err != nil {
|
|
return fmt.Errorf("closing raw-log writer: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c configFile) GetMatchingRules(m *irc.Message, event *string, eventData *fieldcollection.FieldCollection) []*plugins.Rule {
|
|
configLock.RLock()
|
|
defer configLock.RUnlock()
|
|
|
|
var out []*plugins.Rule
|
|
|
|
for _, r := range c.Rules {
|
|
if r.Matches(m, event, timerService, formatMessage, twitchClient, eventData) {
|
|
out = append(out, r)
|
|
}
|
|
}
|
|
|
|
return out
|
|
}
|
|
|
|
func (c configFile) LogRawMessage(m *irc.Message) error {
|
|
_, err := fmt.Fprintln(c.rawLogWriter, m.String())
|
|
return errors.Wrap(err, "writing raw log message")
|
|
}
|
|
|
|
func (c *configFile) fixDurations() {
|
|
// General fields
|
|
c.PermitTimeout = c.fixedDuration(c.PermitTimeout)
|
|
|
|
// Fix rules
|
|
for _, r := range c.Rules {
|
|
r.ChannelCooldown = c.fixedDurationPtr(r.ChannelCooldown)
|
|
r.Cooldown = c.fixedDurationPtr(r.Cooldown)
|
|
r.UserCooldown = c.fixedDurationPtr(r.UserCooldown)
|
|
}
|
|
}
|
|
|
|
func (configFile) fixedDuration(d time.Duration) time.Duration {
|
|
if d > time.Second {
|
|
return d
|
|
}
|
|
return d * time.Second //nolint:durationcheck // Error is handled before
|
|
}
|
|
|
|
func (configFile) fixedDurationPtr(d *time.Duration) *time.Duration {
|
|
if d == nil || *d >= time.Second {
|
|
return d
|
|
}
|
|
fd := *d * time.Second //nolint:durationcheck // Error is handled before
|
|
return &fd
|
|
}
|
|
|
|
func (c *configFile) fixMissingUUIDs() {
|
|
for i := range c.AutoMessages {
|
|
if c.AutoMessages[i].UUID != "" {
|
|
continue
|
|
}
|
|
c.AutoMessages[i].UUID = uuid.NewV5(hashstructUUIDNamespace, c.AutoMessages[i].ID()).String()
|
|
}
|
|
|
|
for i := range c.Rules {
|
|
if c.Rules[i].UUID != "" {
|
|
continue
|
|
}
|
|
c.Rules[i].UUID = uuid.NewV5(hashstructUUIDNamespace, c.Rules[i].MatcherID()).String()
|
|
}
|
|
}
|
|
|
|
func (c *configFile) fixTokenHashStorage() (err error) {
|
|
for key := range c.AuthTokens {
|
|
auth := c.AuthTokens[key]
|
|
|
|
if strings.HasPrefix(auth.Hash, "$") {
|
|
continue
|
|
}
|
|
|
|
rawHash, err := hex.DecodeString(auth.Hash)
|
|
if err != nil {
|
|
return errors.Wrap(err, "reading hash")
|
|
}
|
|
|
|
auth.Hash = string(rawHash)
|
|
c.AuthTokens[key] = auth
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *configFile) runLoadChecks() (err error) {
|
|
if len(c.Channels) == 0 {
|
|
logrus.Warn("Loaded config with empty channel list")
|
|
}
|
|
|
|
if len(c.Rules) == 0 {
|
|
logrus.Warn("Loaded config with empty ruleset")
|
|
}
|
|
|
|
var seen []string
|
|
for _, r := range c.Rules {
|
|
if r.UUID != "" && str.StringInSlice(r.UUID, seen) {
|
|
return errors.New("duplicate rule UUIDs found")
|
|
}
|
|
seen = append(seen, r.UUID)
|
|
}
|
|
|
|
if err = c.validateRuleActions(); err != nil {
|
|
return errors.Wrap(err, "validating rule actions")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *configFile) updateAutoMessagesFromConfig(old *configFile) {
|
|
for idx, nam := range c.AutoMessages {
|
|
// By default assume last message to be sent now
|
|
// in order not to spam messages at startup
|
|
nam.lastMessageSent = time.Now()
|
|
|
|
if !nam.IsValid() {
|
|
logrus.WithField("index", idx).Warn("Auto-Message configuration is invalid and therefore disabled")
|
|
}
|
|
|
|
if old == nil {
|
|
// Initial config load, do not update timers
|
|
continue
|
|
}
|
|
|
|
for _, oam := range old.AutoMessages {
|
|
if nam.ID() != oam.ID() {
|
|
continue
|
|
}
|
|
|
|
// We disable the old message as executing it would
|
|
// mess up the constraints of the new message
|
|
oam.lock.Lock()
|
|
oam.disabled = true
|
|
|
|
nam.lastMessageSent = oam.lastMessageSent
|
|
nam.linesSinceLastMessage = oam.linesSinceLastMessage
|
|
oam.lock.Unlock()
|
|
}
|
|
}
|
|
}
|
|
|
|
func (c configFile) validateRuleActions() error {
|
|
var hasError bool
|
|
|
|
for _, r := range c.Rules {
|
|
logger := logrus.WithField("rule", r.MatcherID())
|
|
|
|
if err := r.Validate(validateTemplate); err != nil {
|
|
logger.WithError(err).Error("Rule reported invalid config")
|
|
hasError = true
|
|
}
|
|
|
|
for idx, a := range r.Actions {
|
|
actor, err := getActorByName(a.Type)
|
|
if err != nil {
|
|
logger.WithField("index", idx).WithError(err).Error("Cannot get actor by type")
|
|
hasError = true
|
|
continue
|
|
}
|
|
|
|
if err = actor.Validate(validateTemplate, a.Attributes); err != nil {
|
|
logger.WithField("index", idx).WithError(err).Error("Actor reported invalid config")
|
|
hasError = true
|
|
}
|
|
}
|
|
}
|
|
|
|
if hasError {
|
|
return errors.New("config validation reported errors, see log")
|
|
}
|
|
|
|
return nil
|
|
}
|