Add WEBHOOK_SECRET env var for authenticating incoming Owncast webhooks
via a ?secret= query parameter. Requests with a missing or incorrect
secret are rejected with 401. If unset, all requests are accepted
(with a startup warning).
Also includes previously uncommitted work:
- IRC server password support (IRC_PASSWORD env var, PASS command)
- IRC username/ident field in config
- IRC_PASSWORD and SELinux volume flag in docker-compose.yml
Made-with: Cursor
When an OwnCast user sends "/me claps", the bridge now relays it as a
proper CTCP ACTION so IRC clients render it natively. The username is
bolded with mIRC \x02 for visual attribution.
Made-with: Cursor
CTCP ACTION messages (/me) were relayed with raw \x01 bytes, rendering
as boxed-X characters in OwnCast. Detect the ACTION pattern, extract the
body, and format it like traditional IRC clients. Also strip \x01 in
irc_format as a safety net for other CTCP leakage.
Made-with: Cursor
Add irc_format module that removes mIRC control codes (bold, color,
italic, underline, reverse, strikethrough, monospace, reset) before
forwarding to Owncast. Color codes with fg/bg digit params are
consumed correctly. Multi-byte UTF-8 (emoji, accented chars, CJK)
is preserved.
Made-with: Cursor
- Escape angle brackets around IRC username so Owncast doesn't swallow
them as HTML tags (<nick> instead of <nick>)
- Register a chat user via POST /api/chat/register to obtain an
accessToken, then pass it as a query param when connecting to /ws
(Owncast closes the WebSocket immediately without one)
- Cache the access token across reconnections; re-register only on
rejection
- Add ws_display_name config option (default "IRC Bridge")
- Fix echo suppression: record_sent and is_echo now both compare
raw body instead of mismatched formatted/raw values
Made-with: Cursor
