Team-TAU / tau

TAU- Twitch API Unifier, a containerized relay/proxy to unify the WebHook- and WebSocket-based real-time Twitch APIs under a single (local) WebSocket connection.
MIT License
154 stars 39 forks source link

Provide Twitch Helix API passthrough #47

Closed FiniteSingularity closed 3 years ago

FiniteSingularity commented 3 years ago

Along side the EventSub and PubSub realtime APIs is Twitch's Helix REST API. TAU itself requires calling several Helix endpoints, and the OAuth2 tokens used for EventSub and PubSub can also be given scopes for Helix. Using a django rest framework ViewSet, we can provide a direct passthrough to all Twitch Helix endpoints. This can be accomplished by providing a local helix endpoint: http://localhost/api/v1/helix/ connected to a view. We will then process all url segments after .../helix/ as inputs, that then make a call to the corresponding helix endpoint. The returned data (or error) will then be passed back to the client. We will also need to provide a settings panel, where the TAU user can specify additional scopes to be added to their OAuth token. This will give a single-token, local passthrough of the twitch helix API, where TAU creates, manages, and updates the necessary OAuth token and scopes.

FiniteSingularity commented 3 years ago

I now have this working in a fork. Works extremely well. My thought is to split the api endpoints up by source. e.g.:

/api/tau/v1/... 
/api/twitch/helix/...

That way, if we eventually integrate things like streamlabs or streamelements APIs for things like donations and merch, we could just add those API passthroughs:

/api/streamlabs/...
/api/streamemelents/...

The next step will be to create a control panel, where the user can specify the scopes they want to add to their token. Currently the twitch passthrough only allows get/read endpoints, but it would be great to get post/put endpoints working as well.

FiniteSingularity commented 3 years ago

A couple of thoughts on token/scope management after doing some digging:

  1. Unfortunately, it doesn't appear that the helix api is discoverable. There is no way that I have found to get a list of all available endpoints and scopes, other than digging through the documentation.
  2. A few endpoints require App Access Tokens, rather than User OAuth2 Access tokens. These are the EventSub endpoints (create, delete, and get), Get all stream tags endpoint, and Get webhook subscriptions endpoint.
  3. There are a few game/drop related endpoints that require both App Access and OAuth2, but these endpoints are specifically for game devs, who have contractual agreements with Twitch (for doing things like drops, or changing the cover art used for a particular game). I don't think we need to worry about these, but if some huge game developer with a contract with Twitch wants to use TAU, please let me know, and we can work on this ;)
  4. Helix seems to be under somewhat active development these days, and there are new endpoints and required scopes, coming online fairly regularly. Thus we need a way to easily add new endpoints/requested scopes to TAU.

Thus, I am proposing the following:

  1. Add a helix_endpoints.json file that contains helix endpoints, their http method, required token type, and scope. e.g.:
    [
    {
     "description": "Get Channel Information",
     "endpoint": "channels",
     "method": "GET",
     "token_type": "OAuth",
     "required_scope": null,
     "reference_url": "https://dev.twitch.tv/docs/api/reference#get-channel-information"
    },
    {
     "description": "Modify Channel Information",
     "endpoint": "channels",
     "method": "PATCH",
     "token_type": "OAuth",
     "required_scope": "channel:manage:broadcast",
     "reference_url": "https://dev.twitch.tv/docs/api/reference#modify-channel-information"
    },
    ...
    {
     "description": "Get EventSub Subscriptions",
     "endpoint": "eventsub/subscriptions",
     "method": "GET",
     "token_type": "App Access Token",
     "required_scope": null,
     "reference_url": "https://dev.twitch.tv/docs/api/reference#get-eventsub-subscriptions"
    },
    ...
    ]
  2. Add two new models to TAU, helix_endpoint and helix_endpoint_scope. helix_endpoint will contain all of the information from the json file for each endpoint, and helix_endpoint_scope will have each possible scope, with an active boolean. This will allow users to turn on scopes that they wish to use when they hit the helix endpoints.
  3. Add a new settings panel where users have the option to toggle scopes off/on. Each scope listed, will also indicate the endpoints that require it, with a link to the twitch API docs (reference_url) for more info.
  4. Create a management command to be run after collectstatic, and check to see if any new endpoints/scopes have been added, and if so, add them.
jaspermayone commented 3 years ago

I think that makes a lot of sense. Seems like a smart way to do it.

FiniteSingularity commented 3 years ago

Added with PR #56 .