Add WEBHOOK_SECRET env var for authenticating incoming Owncast webhooks
via a ?secret= query parameter. Requests with a missing or incorrect
secret are rejected with 401. If unset, all requests are accepted
(with a startup warning).
Also includes previously uncommitted work:
- IRC server password support (IRC_PASSWORD env var, PASS command)
- IRC username/ident field in config
- IRC_PASSWORD and SELinux volume flag in docker-compose.yml
Made-with: Cursor
- Escape angle brackets around IRC username so Owncast doesn't swallow
them as HTML tags (<nick> instead of <nick>)
- Register a chat user via POST /api/chat/register to obtain an
accessToken, then pass it as a query param when connecting to /ws
(Owncast closes the WebSocket immediately without one)
- Cache the access token across reconnections; re-register only on
rejection
- Add ws_display_name config option (default "IRC Bridge")
- Fix echo suppression: record_sent and is_echo now both compare
raw body instead of mismatched formatted/raw values
Made-with: Cursor
