chore(api): reorganize web assets and codegen types+handlers

webserver/handlers/admin.go

@@ -0,0 +1,306 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/owncast/owncast/controllers"
+	"github.com/owncast/owncast/controllers/admin"
+	"github.com/owncast/owncast/webserver/handlers/generated"
+	"github.com/owncast/owncast/webserver/router/middleware"
+)
+
+func (*ServerInterfaceImpl) StatusAdmin(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.Status)(w, r)
+}
+
+func (*ServerInterfaceImpl) StatusAdminOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.Status)(w, r)
+}
+
+func (*ServerInterfaceImpl) DisconnectInboundConnection(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DisconnectInboundConnection)(w, r)
+}
+
+func (*ServerInterfaceImpl) DisconnectInboundConnectionOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DisconnectInboundConnection)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetServerConfig(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetServerConfig)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetServerConfigOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetServerConfig)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetViewersOverTime(w http.ResponseWriter, r *http.Request, params generated.GetViewersOverTimeParams) {
+	middleware.RequireAdminAuth(admin.GetViewersOverTime)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetViewersOverTimeOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetViewersOverTime)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetActiveViewers(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetActiveViewers)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetActiveViewersOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetActiveViewers)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetHardwareStats(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetHardwareStats)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetHardwareStatsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetHardwareStats)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetConnectedChatClients(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetConnectedChatClients)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetConnectedChatClientsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetConnectedChatClients)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetChatMessagesAdmin(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetChatMessages)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetChatMessagesAdminOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetChatMessages)(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateMessageVisibilityAdmin(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UpdateMessageVisibility)(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateMessageVisibilityAdminOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UpdateMessageVisibility)(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateUserEnabledAdmin(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UpdateUserEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateUserEnabledAdminOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UpdateUserEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetDisabledUsers(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetDisabledUsers)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetDisabledUsersOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetDisabledUsers)(w, r)
+}
+
+func (*ServerInterfaceImpl) BanIPAddress(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.BanIPAddress)(w, r)
+}
+
+func (*ServerInterfaceImpl) BanIPAddressOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.BanIPAddress)(w, r)
+}
+
+func (*ServerInterfaceImpl) UnbanIPAddress(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UnBanIPAddress)(w, r)
+}
+
+func (*ServerInterfaceImpl) UnbanIPAddressOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UnBanIPAddress)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetIPAddressBans(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetIPAddressBans)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetIPAddressBansOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetIPAddressBans)(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateUserModerator(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UpdateUserModerator)(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateUserModeratorOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UpdateUserModerator)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetModerators(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetModerators)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetModeratorsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetModerators)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetLogs(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetLogs)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetLogsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetLogs)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetWarnings(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetWarnings)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetWarningsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetWarnings)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetFollowersAdmin(w http.ResponseWriter, r *http.Request, params generated.GetFollowersAdminParams) {
+	middleware.RequireAdminAuth(middleware.HandlePagination(controllers.GetFollowers))(w, r)
+}
+
+func (*ServerInterfaceImpl) GetFollowersAdminOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(middleware.HandlePagination(controllers.GetFollowers))(w, r)
+}
+
+func (*ServerInterfaceImpl) GetPendingFollowRequests(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetPendingFollowRequests)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetPendingFollowRequestsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetPendingFollowRequests)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetBlockedAndRejectedFollowers(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetBlockedAndRejectedFollowers)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetBlockedAndRejectedFollowersOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetBlockedAndRejectedFollowers)(w, r)
+}
+
+func (*ServerInterfaceImpl) ApproveFollower(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.ApproveFollower)(w, r)
+}
+
+func (*ServerInterfaceImpl) ApproveFollowerOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.ApproveFollower)(w, r)
+}
+
+func (*ServerInterfaceImpl) UploadCustomEmoji(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UploadCustomEmoji)(w, r)
+}
+
+func (*ServerInterfaceImpl) UploadCustomEmojiOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.UploadCustomEmoji)(w, r)
+}
+
+func (*ServerInterfaceImpl) DeleteCustomEmoji(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DeleteCustomEmoji)(w, r)
+}
+
+func (*ServerInterfaceImpl) DeleteCustomEmojiOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DeleteCustomEmoji)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetWebhooks(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetWebhooks)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetWebhooksOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetWebhooks)(w, r)
+}
+
+func (*ServerInterfaceImpl) DeleteWebhook(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DeleteWebhook)(w, r)
+}
+
+func (*ServerInterfaceImpl) DeleteWebhookOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DeleteWebhook)(w, r)
+}
+
+func (*ServerInterfaceImpl) CreateWebhook(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.CreateWebhook)(w, r)
+}
+
+func (*ServerInterfaceImpl) CreateWebhookOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.CreateWebhook)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetExternalAPIUsers(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetExternalAPIUsers)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetExternalAPIUsersOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetExternalAPIUsers)(w, r)
+}
+
+func (*ServerInterfaceImpl) DeleteExternalAPIUser(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DeleteExternalAPIUser)(w, r)
+}
+
+func (*ServerInterfaceImpl) DeleteExternalAPIUserOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.DeleteExternalAPIUser)(w, r)
+}
+
+func (*ServerInterfaceImpl) CreateExternalAPIUser(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.CreateExternalAPIUser)(w, r)
+}
+
+func (*ServerInterfaceImpl) CreateExternalAPIUserOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.CreateExternalAPIUser)(w, r)
+}
+
+func (*ServerInterfaceImpl) AutoUpdateOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.AutoUpdateOptions)(w, r)
+}
+
+func (*ServerInterfaceImpl) AutoUpdateOptionsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.AutoUpdateOptions)(w, r)
+}
+
+func (*ServerInterfaceImpl) AutoUpdateStart(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.AutoUpdateStart)(w, r)
+}
+
+func (*ServerInterfaceImpl) AutoUpdateStartOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.AutoUpdateStart)(w, r)
+}
+
+func (*ServerInterfaceImpl) AutoUpdateForceQuit(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.AutoUpdateForceQuit)(w, r)
+}
+
+func (*ServerInterfaceImpl) AutoUpdateForceQuitOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.AutoUpdateForceQuit)(w, r)
+}
+
+func (*ServerInterfaceImpl) ResetYPRegistration(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.ResetYPRegistration)(w, r)
+}
+
+func (*ServerInterfaceImpl) ResetYPRegistrationOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.ResetYPRegistration)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetVideoPlaybackMetrics(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetVideoPlaybackMetrics)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetVideoPlaybackMetricsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.GetVideoPlaybackMetrics)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendFederatedMessage(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SendFederatedMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendFederatedMessageOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SendFederatedMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetFederatedActions(w http.ResponseWriter, r *http.Request, params generated.GetFederatedActionsParams) {
+	middleware.RequireAdminAuth(middleware.HandlePagination(admin.GetFederatedActions))(w, r)
+}
+
+func (*ServerInterfaceImpl) GetFederatedActionsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(middleware.HandlePagination(admin.GetFederatedActions))(w, r)
+}

webserver/handlers/auth.go

@@ -0,0 +1,34 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/owncast/owncast/controllers/auth/fediverse"
+	"github.com/owncast/owncast/controllers/auth/indieauth"
+	"github.com/owncast/owncast/webserver/handlers/generated"
+	"github.com/owncast/owncast/webserver/router/middleware"
+)
+
+func (*ServerInterfaceImpl) StartIndieAuthFlow(w http.ResponseWriter, r *http.Request, params generated.StartIndieAuthFlowParams) {
+	middleware.RequireUserAccessToken(indieauth.StartAuthFlow)(w, r)
+}
+
+func (*ServerInterfaceImpl) HandleIndieAuthRedirect(w http.ResponseWriter, r *http.Request, params generated.HandleIndieAuthRedirectParams) {
+	indieauth.HandleRedirect(w, r)
+}
+
+func (*ServerInterfaceImpl) HandleIndieAuthEndpointGet(w http.ResponseWriter, r *http.Request, params generated.HandleIndieAuthEndpointGetParams) {
+	middleware.RequireAdminAuth(indieauth.HandleAuthEndpointGet)(w, r)
+}
+
+func (*ServerInterfaceImpl) HandleIndieAuthEndpointPost(w http.ResponseWriter, r *http.Request) {
+	indieauth.HandleAuthEndpointPost(w, r)
+}
+
+func (*ServerInterfaceImpl) RegisterFediverseOTPRequest(w http.ResponseWriter, r *http.Request, params generated.RegisterFediverseOTPRequestParams) {
+	middleware.RequireUserAccessToken(fediverse.RegisterFediverseOTPRequest)(w, r)
+}
+
+func (*ServerInterfaceImpl) VerifyFediverseOTPRequest(w http.ResponseWriter, r *http.Request) {
+	fediverse.VerifyFediverseOTPRequest(w, r)
+}

webserver/handlers/config.go

@@ -0,0 +1,368 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/owncast/owncast/controllers/admin"
+	"github.com/owncast/owncast/webserver/router/middleware"
+)
+
+func (*ServerInterfaceImpl) SetAdminPassword(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetAdminPassword)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetAdminPasswordOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetAdminPassword)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamKeys(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamKeys)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamKeysOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamKeys)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetExtraPageContent(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetExtraPageContent)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetExtraPageContentOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetExtraPageContent)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamTitle(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamTitle)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamTitleOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamTitle)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerName(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerName)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerNameOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerName)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerSummary(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerSummary)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerSummaryOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerSummary)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomOfflineMessage(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomOfflineMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomOfflineMessageOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomOfflineMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerWelcomeMessage(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerWelcomeMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerWelcomeMessageOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerWelcomeMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatDisabled(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatDisabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatDisabledOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatDisabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatJoinMessagesEnabled(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatJoinMessagesEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatJoinMessagesEnabledOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatJoinMessagesEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetEnableEstablishedChatUserMode(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetEnableEstablishedChatUserMode)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetEnableEstablishedChatUserModeOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetEnableEstablishedChatUserMode)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetForbiddenUsernameList(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetForbiddenUsernameList)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetForbiddenUsernameListOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetForbiddenUsernameList)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetSuggestedUsernameList(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetSuggestedUsernameList)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetSuggestedUsernameListOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetSuggestedUsernameList)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatSpamProtectionEnabled(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatSpamProtectionEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatSpamProtectionEnabledOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatSpamProtectionEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatSlurFilterEnabled(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatSlurFilterEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetChatSlurFilterEnabledOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetChatSlurFilterEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetVideoCodec(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetVideoCodec)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetVideoCodecOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetVideoCodec)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamLatencyLevel(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamLatencyLevel)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamLatencyLevelOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamLatencyLevel)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamOutputVariants(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamOutputVariants)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetStreamOutputVariantsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetStreamOutputVariants)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomColorVariableValues(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomColorVariableValues)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomColorVariableValuesOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomColorVariableValues)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetLogo(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetLogo)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetLogoOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetLogo)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetTags(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetTags)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetTagsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetTags)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFfmpegPath(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFfmpegPath)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFfmpegPathOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFfmpegPath)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetWebServerPort(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetWebServerPort)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetWebServerPortOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetWebServerPort)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetWebServerIP(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetWebServerIP)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetWebServerIPOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetWebServerIP)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetRTMPServerPort(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetRTMPServerPort)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetRTMPServerPortOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetRTMPServerPort)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetSocketHostOverride(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetSocketHostOverride)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetSocketHostOverrideOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetSocketHostOverride)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetVideoServingEndpoint(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetVideoServingEndpoint)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetVideoServingEndpointOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetVideoServingEndpoint)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetNSFW(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetNSFW)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetNSFWOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetNSFW)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetDirectoryEnabled(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetDirectoryEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetDirectoryEnabledOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetDirectoryEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetSocialHandles(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetSocialHandles)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetSocialHandlesOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetSocialHandles)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetS3Configuration(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetS3Configuration)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetS3ConfigurationOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetS3Configuration)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerURL(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerURL)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetServerURLOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetServerURL)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetExternalActions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetExternalActions)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetExternalActionsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetExternalActions)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomStyles(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomStyles)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomStylesOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomStyles)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomJavascript(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomJavascript)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetCustomJavascriptOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetCustomJavascript)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetHideViewerCount(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetHideViewerCount)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetHideViewerCountOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetHideViewerCount)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetDisableSearchIndexing(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetDisableSearchIndexing)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetDisableSearchIndexingOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetDisableSearchIndexing)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationEnabled(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationEnabledOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationActivityPrivate(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationActivityPrivate)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationActivityPrivateOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationActivityPrivate)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationShowEngagement(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationShowEngagement)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationShowEngagementOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationShowEngagement)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationUsername(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationUsername)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationUsernameOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationUsername)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationGoLiveMessage(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationGoLiveMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationGoLiveMessageOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationGoLiveMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationBlockDomains(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationBlockDomains)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetFederationBlockDomainsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetFederationBlockDomains)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetDiscordNotificationConfiguration(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetDiscordNotificationConfiguration)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetDiscordNotificationConfigurationOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetDiscordNotificationConfiguration)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetBrowserNotificationConfiguration(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetBrowserNotificationConfiguration)(w, r)
+}
+
+func (*ServerInterfaceImpl) SetBrowserNotificationConfigurationOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireAdminAuth(admin.SetBrowserNotificationConfiguration)(w, r)
+}

webserver/handlers/handler.go

@@ -0,0 +1,89 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/owncast/owncast/controllers"
+	"github.com/owncast/owncast/controllers/admin"
+	"github.com/owncast/owncast/webserver/handlers/generated"
+	"github.com/owncast/owncast/webserver/router/middleware"
+
+	"github.com/owncast/owncast/yp"
+)
+
+type ServerInterfaceImpl struct{}
+
+// ensure ServerInterfaceImpl implements ServerInterface.
+var _ generated.ServerInterface = &ServerInterfaceImpl{}
+
+func New() *ServerInterfaceImpl {
+	return &ServerInterfaceImpl{}
+}
+
+func (s *ServerInterfaceImpl) Handler() http.Handler {
+	return generated.Handler(s)
+}
+
+func (*ServerInterfaceImpl) GetStatus(w http.ResponseWriter, r *http.Request) {
+	controllers.GetStatus(w, r)
+}
+
+func (*ServerInterfaceImpl) GetCustomEmojiList(w http.ResponseWriter, r *http.Request) {
+	controllers.GetCustomEmojiList(w, r)
+}
+
+func (*ServerInterfaceImpl) GetChatMessages(w http.ResponseWriter, r *http.Request, params generated.GetChatMessagesParams) {
+	middleware.RequireUserAccessToken(controllers.GetChatMessages)(w, r)
+}
+
+func (*ServerInterfaceImpl) RegisterAnonymousChatUser(w http.ResponseWriter, r *http.Request, params generated.RegisterAnonymousChatUserParams) {
+	controllers.RegisterAnonymousChatUser(w, r)
+}
+
+func (*ServerInterfaceImpl) RegisterAnonymousChatUserOptions(w http.ResponseWriter, r *http.Request) {
+	controllers.RegisterAnonymousChatUser(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateMessageVisibility(w http.ResponseWriter, r *http.Request, params generated.UpdateMessageVisibilityParams) {
+	middleware.RequireUserModerationScopeAccesstoken(admin.UpdateMessageVisibility)(w, r)
+}
+
+func (*ServerInterfaceImpl) UpdateUserEnabled(w http.ResponseWriter, r *http.Request, params generated.UpdateUserEnabledParams) {
+	middleware.RequireUserModerationScopeAccesstoken(admin.UpdateUserEnabled)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetWebConfig(w http.ResponseWriter, r *http.Request) {
+	controllers.GetWebConfig(w, r)
+}
+
+func (*ServerInterfaceImpl) GetYPResponse(w http.ResponseWriter, r *http.Request) {
+	yp.GetYPResponse(w, r)
+}
+
+func (*ServerInterfaceImpl) GetAllSocialPlatforms(w http.ResponseWriter, r *http.Request) {
+	controllers.GetAllSocialPlatforms(w, r)
+}
+
+func (*ServerInterfaceImpl) GetVideoStreamOutputVariants(w http.ResponseWriter, r *http.Request) {
+	controllers.GetVideoStreamOutputVariants(w, r)
+}
+
+func (*ServerInterfaceImpl) Ping(w http.ResponseWriter, r *http.Request) {
+	controllers.Ping(w, r)
+}
+
+func (*ServerInterfaceImpl) RemoteFollow(w http.ResponseWriter, r *http.Request) {
+	controllers.RemoteFollow(w, r)
+}
+
+func (*ServerInterfaceImpl) GetFollowers(w http.ResponseWriter, r *http.Request, params generated.GetFollowersParams) {
+	middleware.HandlePagination(controllers.GetFollowers)(w, r)
+}
+
+func (*ServerInterfaceImpl) ReportPlaybackMetrics(w http.ResponseWriter, r *http.Request) {
+	controllers.ReportPlaybackMetrics(w, r)
+}
+
+func (*ServerInterfaceImpl) RegisterForLiveNotifications(w http.ResponseWriter, r *http.Request, params generated.RegisterForLiveNotificationsParams) {
+	middleware.RequireUserAccessToken(controllers.RegisterForLiveNotifications)(w, r)
+}

webserver/handlers/integrations.go

@@ -0,0 +1,120 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/owncast/owncast/controllers"
+	"github.com/owncast/owncast/controllers/admin"
+	"github.com/owncast/owncast/models"
+	"github.com/owncast/owncast/webserver/router/middleware"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+)
+
+func (*ServerInterfaceImpl) SendSystemMessage(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendSystemMessages, admin.SendSystemMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendSystemMessageOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendSystemMessages, admin.SendSystemMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendSystemMessageToConnectedClient(w http.ResponseWriter, r *http.Request, clientId int) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendSystemMessages, admin.SendSystemMessageToConnectedClient)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendSystemMessageToConnectedClientOptions(w http.ResponseWriter, r *http.Request, clientId int) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendSystemMessages, admin.SendSystemMessageToConnectedClient)(w, r)
+}
+
+// Deprecated.
+func (*ServerInterfaceImpl) SendUserMessage(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendChatMessages, admin.SendUserMessage)(w, r)
+}
+
+// Deprecated.
+func (*ServerInterfaceImpl) SendUserMessageOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendChatMessages, admin.SendUserMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendIntegrationChatMessage(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendChatMessages, admin.SendIntegrationChatMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendIntegrationChatMessageOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendChatMessages, admin.SendIntegrationChatMessage)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendChatAction(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendSystemMessages, admin.SendChatAction)(w, r)
+}
+
+func (*ServerInterfaceImpl) SendChatActionOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeCanSendSystemMessages, admin.SendChatAction)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalUpdateMessageVisibility(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, admin.ExternalUpdateMessageVisibility)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalUpdateMessageVisibilityOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, admin.ExternalUpdateMessageVisibility)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalSetStreamTitle(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, admin.ExternalSetStreamTitle)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalSetStreamTitleOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, admin.ExternalSetStreamTitle)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalGetChatMessages(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, controllers.ExternalGetChatMessages)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalGetChatMessagesOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, controllers.ExternalGetChatMessages)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalGetConnectedChatClients(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, admin.ExternalGetConnectedChatClients)(w, r)
+}
+
+func (*ServerInterfaceImpl) ExternalGetConnectedChatClientsOptions(w http.ResponseWriter, r *http.Request) {
+	middleware.RequireExternalAPIAccessToken(models.ScopeHasAdminAccess, admin.ExternalGetConnectedChatClients)(w, r)
+}
+
+func (*ServerInterfaceImpl) GetPrometheusAPI(w http.ResponseWriter, r *http.Request) {
+	// might need to bring this out of the codegen
+	middleware.RequireAdminAuth(func(w http.ResponseWriter, r *http.Request) {
+		promhttp.Handler()
+	})(w, r)
+}
+
+func (*ServerInterfaceImpl) PostPrometheusAPI(w http.ResponseWriter, r *http.Request) {
+	// might need to bring this out of the codegen
+	middleware.RequireAdminAuth(func(w http.ResponseWriter, r *http.Request) {
+		promhttp.Handler()
+	})(w, r)
+}
+
+func (*ServerInterfaceImpl) PutPrometheusAPI(w http.ResponseWriter, r *http.Request) {
+	// might need to bring this out of the codegen
+	middleware.RequireAdminAuth(func(w http.ResponseWriter, r *http.Request) {
+		promhttp.Handler()
+	})(w, r)
+}
+
+func (*ServerInterfaceImpl) DeletePrometheusAPI(w http.ResponseWriter, r *http.Request) {
+	// might need to bring this out of the codegen
+	middleware.RequireAdminAuth(func(w http.ResponseWriter, r *http.Request) {
+		promhttp.Handler()
+	})(w, r)
+}
+
+func (*ServerInterfaceImpl) OptionsPrometheusAPI(w http.ResponseWriter, r *http.Request) {
+	// might need to bring this out of the codegen
+	middleware.RequireAdminAuth(func(w http.ResponseWriter, r *http.Request) {
+		promhttp.Handler()
+	})(w, r)
+}

webserver/handlers/moderation.go

@@ -0,0 +1,13 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/owncast/owncast/controllers/moderation"
+	"github.com/owncast/owncast/webserver/handlers/generated"
+	"github.com/owncast/owncast/webserver/router/middleware"
+)
+
+func (*ServerInterfaceImpl) GetUserDetails(w http.ResponseWriter, r *http.Request, userId string, params generated.GetUserDetailsParams) {
+	middleware.RequireUserModerationScopeAccesstoken(moderation.GetUserDetails)(w, r)
+}

webserver/router/middleware/activityPub.go

@@ -0,0 +1,48 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/owncast/owncast/core/data"
+	"github.com/owncast/owncast/utils"
+)
+
+// RequireActivityPubOrRedirect will validate the requested content types and
+// redirect to the main Owncast page if it doesn't match.
+func RequireActivityPubOrRedirect(handler http.HandlerFunc) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !data.GetFederationEnabled() {
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			return
+		}
+
+		handleAccepted := func() {
+			handler(w, r)
+		}
+
+		acceptedContentTypes := []string{"application/json", "application/json+ld", "application/activity+json", `application/ld+json; profile="https://www.w3.org/ns/activitystreams"`}
+		var accept []string
+		for _, a := range r.Header.Values("Accept") {
+			accept = append(accept, strings.Split(a, ",")...)
+		}
+
+		for _, singleType := range accept {
+			if _, accepted := utils.FindInSlice(acceptedContentTypes, strings.TrimSpace(singleType)); accepted {
+				handleAccepted()
+				return
+			}
+		}
+
+		contentTypeString := r.Header.Get("Content-Type")
+		contentTypes := strings.Split(contentTypeString, ",")
+		for _, singleType := range contentTypes {
+			if _, accepted := utils.FindInSlice(acceptedContentTypes, strings.TrimSpace(singleType)); accepted {
+				handleAccepted()
+				return
+			}
+		}
+
+		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
+	})
+}

webserver/router/middleware/auth.go

@@ -0,0 +1,156 @@
+package middleware
+
+import (
+	"crypto/subtle"
+	"net/http"
+	"strings"
+
+	"github.com/owncast/owncast/core/data"
+	"github.com/owncast/owncast/models"
+	"github.com/owncast/owncast/persistence/userrepository"
+	"github.com/owncast/owncast/utils"
+	log "github.com/sirupsen/logrus"
+)
+
+// ExternalAccessTokenHandlerFunc is a function that is called after validing access.
+type ExternalAccessTokenHandlerFunc func(models.ExternalAPIUser, http.ResponseWriter, *http.Request)
+
+// UserAccessTokenHandlerFunc is a function that is called after validing user access.
+type UserAccessTokenHandlerFunc func(models.User, http.ResponseWriter, *http.Request)
+
+// RequireAdminAuth wraps a handler requiring HTTP basic auth for it using the given
+// the stream key as the password and and a hardcoded "admin" for username.
+func RequireAdminAuth(handler http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		username := "admin"
+		password := data.GetAdminPassword()
+		realm := "Owncast Authenticated Request"
+
+		// Alow CORS only for localhost:3000 to support Owncast development.
+		validAdminHost := "http://localhost:3000"
+		w.Header().Set("Access-Control-Allow-Origin", validAdminHost)
+		w.Header().Set("Access-Control-Allow-Credentials", "true")
+		w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization")
+
+		// For request needing CORS, send a 204.
+		if r.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusNoContent)
+			return
+		}
+
+		user, pass, ok := r.BasicAuth()
+
+		// Failed
+		if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || utils.ComparseHash(password, pass) != nil {
+			w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
+			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Debugln("Failed admin authentication")
+			return
+		}
+
+		handler(w, r)
+	}
+}
+
+func accessDenied(w http.ResponseWriter) {
+	w.WriteHeader(http.StatusUnauthorized) //nolint
+	w.Write([]byte("unauthorized"))        //nolint
+}
+
+// RequireExternalAPIAccessToken will validate a 3rd party access token.
+func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHandlerFunc) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// We should accept 3rd party preflight OPTIONS requests.
+		if r.Method == "OPTIONS" {
+			// All OPTIONS requests should have a wildcard CORS header.
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.WriteHeader(http.StatusNoContent)
+			return
+		}
+
+		authHeader := r.Header.Get("Authorization")
+		token := ""
+		if strings.HasPrefix(strings.ToLower(authHeader), "bearer ") {
+			token = authHeader[len("bearer "):]
+		}
+
+		if token == "" {
+			log.Warnln("invalid access token")
+			accessDenied(w)
+			return
+		}
+
+		userRepository := userrepository.Get()
+
+		integration, err := userRepository.GetExternalAPIUserForAccessTokenAndScope(token, scope)
+		if integration == nil || err != nil {
+			accessDenied(w)
+			return
+		}
+
+		// All auth'ed 3rd party requests should have a wildcard CORS header.
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+
+		handler(*integration, w, r)
+
+		if err := userRepository.SetExternalAPIUserAccessTokenAsUsed(token); err != nil {
+			log.Debugln("token not found when updating last_used timestamp")
+		}
+	})
+}
+
+// RequireUserAccessToken will validate a provided user's access token and make sure the associated user is enabled.
+// Not to be used for validating 3rd party access.
+func RequireUserAccessToken(handler UserAccessTokenHandlerFunc) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		accessToken := r.URL.Query().Get("accessToken")
+		if accessToken == "" {
+			accessDenied(w)
+			return
+		}
+
+		ipAddress := utils.GetIPAddressFromRequest(r)
+		// Check if this client's IP address is banned.
+		if blocked, err := data.IsIPAddressBanned(ipAddress); blocked {
+			log.Debugln("Client ip address has been blocked. Rejecting.")
+			accessDenied(w)
+			return
+		} else if err != nil {
+			log.Errorln("error determining if IP address is blocked: ", err)
+		}
+
+		userRepository := userrepository.Get()
+
+		// A user is required to use the websocket
+		user := userRepository.GetUserByToken(accessToken)
+		if user == nil || !user.IsEnabled() {
+			accessDenied(w)
+			return
+		}
+
+		handler(*user, w, r)
+	})
+}
+
+// RequireUserModerationScopeAccesstoken will validate a provided user's access token and make sure the associated user is enabled
+// and has "MODERATOR" scope assigned to the user.
+func RequireUserModerationScopeAccesstoken(handler http.HandlerFunc) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		accessToken := r.URL.Query().Get("accessToken")
+		if accessToken == "" {
+			accessDenied(w)
+			return
+		}
+
+		userRepository := userrepository.Get()
+
+		// A user is required to use the websocket
+		user := userRepository.GetUserByToken(accessToken)
+		if user == nil || !user.IsEnabled() || !user.IsModerator() {
+			accessDenied(w)
+			return
+		}
+
+		handler(w, r)
+	})
+}

webserver/router/middleware/caching.go

@@ -0,0 +1,24 @@
+package middleware
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/owncast/owncast/utils"
+)
+
+// DisableCache writes the disable cache header on the responses.
+func DisableCache(w http.ResponseWriter) {
+	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+	w.Header().Set("Expires", "Thu, 1 Jan 1970 00:00:00 GMT")
+}
+
+func setCacheSeconds(seconds int, w http.ResponseWriter) {
+	secondsStr := strconv.Itoa(seconds)
+	w.Header().Set("Cache-Control", "public, max-age="+secondsStr)
+}
+
+// SetCachingHeaders will set the cache control header of a response.
+func SetCachingHeaders(w http.ResponseWriter, r *http.Request) {
+	setCacheSeconds(utils.GetCacheDurationSecondsForPath(r.URL.Path), w)
+}

webserver/router/middleware/cors.go

@@ -0,0 +1,10 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+// EnableCors enables the CORS header on the responses.
+func EnableCors(w http.ResponseWriter) {
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+}

webserver/router/middleware/headers.go

@@ -0,0 +1,17 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+// SetHeaders will set our global headers for web resources.
+func SetHeaders(w http.ResponseWriter, nonce string) {
+	// Content security policy
+	csp := []string{
+		fmt.Sprintf("script-src '%s' 'self'", nonce),
+		"worker-src 'self' blob:", // No single quotes around blob:
+	}
+	w.Header().Set("Content-Security-Policy", strings.Join(csp, "; "))
+}

webserver/router/middleware/pagination.go

@@ -0,0 +1,39 @@
+package middleware
+
+import (
+	"net/http"
+	"strconv"
+)
+
+// PaginatedHandlerFunc is a handler for endpoints that require pagination.
+type PaginatedHandlerFunc func(int, int, http.ResponseWriter, *http.Request)
+
+// HandlePagination is a middleware handler that pulls pagination values
+// and passes them along.
+func HandlePagination(handler PaginatedHandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// Default 50 items per page
+		limitString := r.URL.Query().Get("limit")
+		if limitString == "" {
+			limitString = "50"
+		}
+		limit, err := strconv.Atoi(limitString)
+		if err != nil {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		// Default first page 0
+		offsetString := r.URL.Query().Get("offset")
+		if offsetString == "" {
+			offsetString = "0"
+		}
+		offset, err := strconv.Atoi(offsetString)
+		if err != nil {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		handler(offset, limit, w, r)
+	}
+}

webserver/router/router.go

@@ -0,0 +1,144 @@
+package router
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/CAFxX/httpcompression"
+	"github.com/go-chi/chi/v5"
+	chiMW "github.com/go-chi/chi/v5/middleware"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
+
+	"github.com/owncast/owncast/activitypub"
+	apControllers "github.com/owncast/owncast/activitypub/controllers"
+	"github.com/owncast/owncast/config"
+	"github.com/owncast/owncast/controllers"
+	"github.com/owncast/owncast/core/chat"
+	"github.com/owncast/owncast/core/data"
+	"github.com/owncast/owncast/webserver/handlers"
+	"github.com/owncast/owncast/webserver/router/middleware"
+)
+
+// Start starts the router for the http, ws, and rtmp.
+func Start(enableVerboseLogging bool) error {
+	// @behlers New Router
+	r := chi.NewRouter()
+
+	// Middlewares
+	if enableVerboseLogging {
+		r.Use(chiMW.RequestLogger(&chiMW.DefaultLogFormatter{Logger: log.StandardLogger(), NoColor: true}))
+	}
+	r.Use(chiMW.Recoverer)
+
+	addStaticFileEndpoints(r)
+
+	// websocket
+	r.HandleFunc("/ws", chat.HandleClientConnection)
+
+	// serve files
+	fs := http.FileServer(http.Dir(config.PublicFilesPath))
+	r.Handle("/public/*", http.StripPrefix("/public/", fs))
+
+	// Return HLS video
+	r.HandleFunc("/hls/*", controllers.HandleHLSRequest)
+
+	// The admin web app.
+	r.HandleFunc("/admin/*", middleware.RequireAdminAuth(controllers.IndexHandler))
+
+	// Single ActivityPub Actor
+	r.HandleFunc("/federation/user/*", middleware.RequireActivityPubOrRedirect(apControllers.ActorHandler))
+
+	// Single AP object
+	r.HandleFunc("/federation/*", middleware.RequireActivityPubOrRedirect(apControllers.ObjectHandler))
+
+	// The primary web app.
+	r.HandleFunc("/*", controllers.IndexHandler)
+
+	// mount the api
+	r.Mount("/api/", handlers.New().Handler())
+
+	// ActivityPub has its own router
+	activitypub.Start(data.GetDatastore())
+
+	// Create a custom mux handler to intercept the /debug/vars endpoint.
+	// This is a hack because Prometheus enables this endpoint by default
+	// due to its use of expvar and we do not want this exposed.
+	h2s := &http2.Server{}
+	http2Handler := h2c.NewHandler(r, h2s)
+	m := http.NewServeMux()
+
+	m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/debug/vars" {
+			w.WriteHeader(http.StatusNotFound)
+			return
+		} else if r.URL.Path == "/embed/chat/" || r.URL.Path == "/embed/chat" {
+			// Redirect /embed/chat
+			http.Redirect(w, r, "/embed/chat/readonly", http.StatusTemporaryRedirect)
+		} else {
+			http2Handler.ServeHTTP(w, r)
+		}
+	})
+
+	port := config.WebServerPort
+	ip := config.WebServerIP
+
+	compress, _ := httpcompression.DefaultAdapter() // Use the default configuration
+	server := &http.Server{
+		Addr:              fmt.Sprintf("%s:%d", ip, port),
+		ReadHeaderTimeout: 4 * time.Second,
+		Handler:           compress(m),
+	}
+
+	if ip != "0.0.0.0" {
+		log.Infof("Web server is listening at %s:%d.", ip, port)
+	} else {
+		log.Infof("Web server is listening on port %d.", port)
+	}
+	log.Infoln("Configure this server by visiting /admin.")
+
+	return server.ListenAndServe()
+}
+
+func addStaticFileEndpoints(r chi.Router) {
+	// Images
+	r.HandleFunc("/thumbnail.jpg", controllers.GetThumbnail)
+	r.HandleFunc("/preview.gif", controllers.GetPreview)
+	r.HandleFunc("/logo", controllers.GetLogo)
+	// return a logo that's compatible with external social networks
+	r.HandleFunc("/logo/external", controllers.GetCompatibleLogo)
+
+	// Custom Javascript
+	r.HandleFunc("/customjavascript", controllers.ServeCustomJavascript)
+
+	// robots.txt
+	r.HandleFunc("/robots.txt", controllers.GetRobotsDotTxt)
+
+	// Return a single emoji image.
+	emojiDir := config.EmojiDir
+	if !strings.HasSuffix(emojiDir, "*") {
+		emojiDir += "*"
+	}
+	r.HandleFunc(emojiDir, controllers.GetCustomEmojiImage)
+
+	// WebFinger
+	r.HandleFunc("/.well-known/webfinger", apControllers.WebfingerHandler)
+
+	// Host Metadata
+	r.HandleFunc("/.well-known/host-meta", apControllers.HostMetaController)
+
+	// Nodeinfo v1
+	r.HandleFunc("/.well-known/nodeinfo", apControllers.NodeInfoController)
+
+	// x-nodeinfo v2
+	r.HandleFunc("/.well-known/x-nodeinfo2", apControllers.XNodeInfo2Controller)
+
+	// Nodeinfo v2
+	r.HandleFunc("/nodeinfo/2.0", apControllers.NodeInfoV2Controller)
+
+	// Instance details
+	r.HandleFunc("/api/v1/instance", apControllers.InstanceV1Controller)
+}