Skip to content

Instantly share code, notes, and snippets.

@oxguy3

oxguy3/coebot.tv notes - how to identify mods.md

Last active June 23, 2016 18:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save oxguy3/2a2be85895d41395b3d2c49b164c019a to your computer and use it in GitHub Desktop.
Save oxguy3/2a2be85895d41395b3d2c49b164c019a to your computer and use it in GitHub Desktop.
Download ZIP
scratch notes about how I'm going to detect who is/isn't a mod for the website's control panel
Raw
coebot.tv notes - how to identify mods.md

So I want to add a control panel to CoeBot. The big problem is that Twitch does not have a good API for finding out if some is/isn't a moderator. There's this TMI endpoint, but that will only list moderators who are currently in chat, which is not ideal.

Someone else with the same problem as me wrote a bit of PHP that actually logs into IRC, runs the "/mods" command, and parses Twitch's response to get the mod list. I think I'm gonna go ahead and use this code. However, the problem is that logging into IRC is very slow, so I have to very carefully limit how often I do that. If I do it too much, it will result in a) slow loading times and therefore b) a very exploitable DDoS vulnerability.

Here's my plan: by default, the website will assume that the logged-in user is not a moderator in any channel. If the user tries to go to the "settings" page, it'll have a message something like this:

This page is restricted to moderators and admins. If you are indeed a moderator, please click here to get access: [button]

When the user clicks that button, coebot.tv will do the IRC login and check that they are indeed a moderator. There will be a hard limit on this, where a single user will not be allowed to do this check more frequently than every, say, 5 minutes.

Once I know that user X is a moderator in channel Y, I'll store a record of this in our database, so that I can make the control panel visible to that user henceforth. At present, I have no intention of allowing moderators to see any private info, so I won't bother having coebot.tv regularly re-check with IRC. Only when the user attempts to actually do anything in the moderator panel will I re-check that the user is still a mod. I'll make the site require that the check has been run within the past two minutes. If it's been longer than two minutes, then we'll re-check with IRC.

I'm still super unhappy with this solution. DDoS potential aside, this will probably result in just plain slow loading times for moderator actions, which isn't a great user experience. Perhaps... most moderators using the control panel probably WILL be logged into chat simultaneously, so maybe I could use the TMI endpoint, and only fallback to IRC if they don't show up on TMI. Or maybe I could just force everyone to be logged into Twitch chat to use the control panel, and never fallback to IRC. Ughhhhh why can't Twitch just have an easy API for this??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment