* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* don't redirect unless a URL is present
avoids redirecting to `undefined` if there was an error
* improve error message if owncast server URL isn't set
* fix IndieAuth PKCE implementation
use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding
* return real profile data for IndieAuth response
* check the code verifier in the IndieAuth server
* Linting
* Add new chat settings modal anad split up indieauth ui
* Remove logging error
* Update the IndieAuth modal UI. For #1273
* Add IndieAuth repsonse error checking
* Disable IndieAuth client if server URL is not set.
* Add explicit error messages for specific error types
* Fix bad logic
* Return OAuth-keyed error responses for indieauth server
* Display IndieAuth error in plain text with link to return to main page
* Remove redundant check
* Add additional detail to error
* Hide IndieAuth details behind disclosure details
* Break out migration into two steps because some people have been runing dev in production
* Add auth option to user dropdown
Co-authored-by: Aaron Parecki <aaron@parecki.com>
* add public func to lookup a ChatClient by its clientId
* add facility to send a system message directly to a user
* add clientId field to UserEvent
* implement simple http endpoint to send a message to a user
* let mux handle new directSystemMessageToUser endpoint
* add ClientId to UserEvents across the codebase
* render body of system-message to client
* add clientId to Chat-Message
* add tests showing how url-parsing should work
* add simple rest endpoint helpers for parameter-parsing and easy routing
* use newly added rest-endpoint helper to rout to Client-Messaging controller
* use safe "ReadRestUrlParameter" to parse ClientId
* remove empty HandleFunc in router
* set Header directly to prevent built-in (platform-dependent) canonicalization to kick in
* fix typo in "Parameter" message
* remove debug-logging of HTTP headers in REST-helpers
* convert to uint32 to prevent overruns when converting to wraptype uint later on
* resolve linter-ouchies
* resolve linter potential nil-deref warning
* document the SendSystemMessageToClient endpoint in swaggerdoc
* remove clientId assignment causing potential nil dereference in userDisabledEvent-case
as the clientId isn't relevant here anyway
* make findClientById private, so its not accessible outside of core/chat
* remove redundant string type hint
* Update PR based on linter requirements
Co-authored-by: Raffael Rehberger <raffael@rtrace.io>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Expand the linters and types of warnings to improve consistency and safety
* Fail lint workflow if there are errors
* golint has been replaced by revive
* Hand-pick some of the default exclude list
* Ignore error when trying to delete preview gif
* Ignore linter warning opening playlist path
* Rename user field Id -> ID
* A bunch of renames to address linter warnings
* Rename ChatClient -> Client per linter suggestion best practice
* Rename ChatServer -> Server per linter suggestion best practice
* More linter warning fixes
* Add missing comments to all exported functions and properties
* First pass at chat user registration and validation
* Disable chat if the user is disabled/blocked or the server hits max connections
* Handle dropping sockets if chat is disabled
* Fix origin in automated chat test
* Work for updated chat moderation
* Chat message markdown rendering and fix tests
* Put /api/chat behind a chat user access token. Closes#1085
* Reject blocked username changes
* More WIP moderation
* Defer configuring chat until we know if it is enabled. Closes#1135
* chat user blocking. Closes#1096
* Add tests around user access for #1096
* Add external integration chat message API + update integration auth middleware to pass along integration name. Closes#1092
* Delete old chat messages from db as to not hold on to excessive data. Closes#1152
* Add schema migration for messages. Closes#1155
* Commit updated API documentation
* Add chat load test
* Shared db mutex and db optimizations
* Simplify past display name handling
* Use a new test db for each test run
* Wire up the external messages actions + add tests for them
* Move access tokens to be actual users
* Run message pruning at launch + fix comparison
* Do not return API users in disabled users response
* Fix incorrect highlighting. Closes#1160
* Consolidate user table statements
* Set the max process connection limit to 70% of maximum
* Fix wrong old display name being returned in name change event
* Delete the old chat server files
* Wire back up the webhooks
* Remove unused
* Invalidate user cache on changes
* Do not send rendered body as RawBody
* Some cleanup
* Standardize names for external API users to ExternalAPIUser
* Do not log token
* Checkout branch when building admin for testing
* Bundle in dev admin for testing
* Some cleanup
* Cleanup js logs
* Cleanup and standardize event names
* Clean up some logging
* Update API spec. Closes#1133
* Commit updated API documentation
* Change paths to be better named
* Commit updated API documentation
* Update admin bundle
* Fix duplicate event name
* Rename scope var
* Update admin bundle
* Move connected clients controller into admin package
* Fix collecting usernames for autocomplete purposes
* No longer generate username when it is empty
* Sort clients and users by timestamp
* Move file to admin controller package
* Swap, so the comments stay correct
Co-authored-by: Jannik <jannik@outlook.com>
* Use explicit type alias
Co-authored-by: Jannik <jannik@outlook.com>
* Remove commented code.
Co-authored-by: Jannik <jannik@outlook.com>
* Cleanup test
* Remove some extra logging
* Add some clarity
* Update dev instance of admin for testing
* Consolidate lines
Co-authored-by: Jannik <jannik@outlook.com>
* Remove commented unused vars
Co-authored-by: Jannik <jannik@outlook.com>
* Until needed do not return IP address with client list
* Fix typo of wrong var
* Typo led to a bad test. Fix typo and fix test.
* Guard against the socket reconnecting on error if previously set to shutdown
* Do not log access tokens
* Return success message on enable/disable user
* Clean up some inactionable error messages. Sent ban message. Sort banned users.
* fix styling for when chat is completely disabled
* Unused
* guard against nil clients
* Update dev admin bundle
* Do not unhide messages when unblocking user just to be safe. Send removal action from the controller
* Add convinience function for getting active connections for a single user
* Lock db on these mutations
* Cleanup force disconnect using GetClientsForUser and capture client reference explicitly
* No longer re-showing banned user messages for safety. Removing this test.
* Remove no longer needed comment
* Tweaks to forbidden username handling.
- Standardize naming to not use "block" but "forbidden" instead.
- Pass array over the wire instead of string.
- Add API test
- Fix default list incorrectly being appended to custom list.
* Logging cleanup
* Update dev admin bundle
* Add an artificial delay in order to visually see message being hidden when testing
* Remove the user cache as it is a premature optimization
* When connected to chat let the user know their current user details to sync the username in the UI
* On connected send current display name back to client.
- Move name change out of chat component.
- Add additional event type constants.
* Fix broken workflow due to typo
* Troubleshoot workflow
* Bump htm from 3.0.4 to 3.1.0 in /build/javascript (#1181)
* Bump htm from 3.0.4 to 3.1.0 in /build/javascript
Bumps [htm](https://github.com/developit/htm) from 3.0.4 to 3.1.0.
- [Release notes](https://github.com/developit/htm/releases)
- [Commits](https://github.com/developit/htm/compare/3.0.4...3.1.0)
---
updated-dependencies:
- dependency-name: htm
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Run npm run build and update libraries
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Commit updated Javascript packages
* Re-send current user info when a rejected name change takes place
* All socket writes should be through the send chan and not directly
* Seed the random generator
* Add keys and indexes to users table
* a util to generate consistent emoji markup
* console clean up
* mod tidy
* Commit updated API documentation
* Handle the max payload size of a socket message.
- Only close socket if x2 greater than the max size.
- Send the user a message if a message is too large.
- Surface the max size in bytes in the config.
* Update admin bundle
* Force all events to be sent in their own socket message and do not concatinate in a single message
* Update chat embed to register for access token
* Use a different access token for embed chat
* Update the chat message bubble background color to be bolder
* add base tag to open links in new window, closes#1220
* Support text input of :emoji: in chat (#1190)
* Initial implementation of emoji injection
* fix bookkeeping with multiple emoji
* make the emoji lookup case-insensitive
* try another solution for Caretposition
* add title to emojis
minor refactoring
* bind moji injection to InputKeyUp
* simplify the code
replace all found emojis
* inject emoji if the modifer is released earlier
* more efficient emoji tag search
* use json emoji.emoji as url
* use createEmojiMarkup()
* move emojify() to chat.js
* emojify on paste
* cleanup emoji titles in paste
* update inputText in InputKeyup
* mark emoji titles with 2*zwnj
this way paste cleanup will not interfere with text which include zwnj
* emoji should not change the inputText
* Do not show join messages when chat is offline. Closes#1224
- Show stream starting/ending messages in chat.
- When stream starts show everyone the welcome message.
* Force scrolling chat to bottom after history is populated regardless of scroll position. Closes https://github.com/owncast/owncast/issues/1222
* use maxSocketPayloadSize to calculate total bytes of message payload (#1221)
* utilize maxSocketPayloadSize from config; update chatInput to calculate based on that value instead of text value; remove usage of inputText for counting
* add a buffer to account for entire websocket payload for message char counting; trim nbsp;'s from ends of messages when calculating count
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
Co-authored-by: Owncast <owncast@owncast.online>
Co-authored-by: Jannik <jannik@outlook.com>
Co-authored-by: Ginger Wong <omqmail@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Meisam <39205857+MFTabriz@users.noreply.github.com>
