Issues transitioning from localhost testing to SSL

whitegrimreaper · August 30, 2024, 7:05am

Hey all, another hopefully not repetitive question.

I have most of the functionality I want in the program I am writing, and I’ve done pretty extensive testing with localhost:3000 and the local twitch CLI, so I am trying to move to using SSL so I can actually get eventsub events from twitch, but I am running into issues when making that transition.

The listeners are basically identical other than the port and certs

func startTwitchListeners() {
	http.HandleFunc("/eventsub", eventSubHandler)
	http.ListenAndServe(":3000", nil)
}

func startSecureTwitchListeners() {
	http.HandleFunc("/eventsub", eventSubHandler)
    err := http.ListenAndServeTLS(":443", "certs/cert.pem", "certs/key.pem", nil)
    if err != nil {
        panic(err)
    }
}

But I don’t seem to get any EventSub notifications for events I’m subscribed to (i’m using channel point redemptions to test), and any testing I try to do with the CLI brings up errors (not sure if it’s supposed to work outside of localhost testing tbf)

twitch event trigger subscribe -f 57810555 -t 5678 -F https://actual_IP:443/eventsub -s password
Post "https://actual_IP:443/eventsub": EOF

Is this just an auth issue? I’ve tried following the auth code flow, replacing localhost:3000 with the actual IP and port, but when I get redirected I get a network access denied error.

Sorry if this is a dumb question (especially if it’s just an SSL or auth thing)

BarryCarlyon · August 30, 2024, 10:27am

EventSub Webhooks cannot sent to localhost, localhost to Twitch is Twitch not you.

You can’t get a supported SSL certification for an IP address, and SSL is on 443 to start with so :443 is not required

443 is likely not open on your home router and in some cases an ISP blocks/doesn’t allow 80/443 on their networks to be accessable.

And even then if you EBS server is running on 3000, you likely didn’t forward 443 to 3000.

You probably want NGROK or another reverse solution to make your localhost properly web accessable, Personally I use a SSH tunnel and have a real server SSL terminate.

I outline some options under Just one more thing under Twitch Extensions Part 5 – Dev Environment – Barry Carlyon

Nomrally a “local environment” you either need to setup you developer environement properly with SSL and a real domain and somesort of way to get it web accessable, or if never going to be web accessable you should be using websockets instead

whitegrimreaper · August 30, 2024, 6:17pm

This seems directly contradictory based on what the webhook API says, since I’ve been testing this locally for a while now and everything seems to work fine

So when I create an eventsub subscription with helix

resp, err := client.CreateEventSubSubscription(&helix.EventSubSubscription{
		Type: helix.EventSubTypeChannelFollow,
		Version: "2",
		Condition: helix.EventSubCondition{
			BroadcasterUserID: os.Getenv("BROADCASTER_ID"),
			ModeratorUserID: os.Getenv("BOT_ID"),
		},
		Transport: helix.EventSubTransport{
			Method: "webhook",
			Callback: "https://localhost:443",
			Secret: os.Getenv("EVENTSUB_SECRET"),
		},
	})

And then call that with a twitch API command and it works

twitch event trigger subscribe -f 57810555 -t 5678 -F http://localhost:3000/eventsub -s xxxxx
✔ Request Sent. Received Status Code: 200
✔ Server Said: ok
{"subscription":{"id":"xxxx","status":"enabled","type":"channel.subscribe","version":"1","condition":{"broadcaster_user_id":"5678"},"transport":{"method":"webhook","callback":"null"},"created_at":"2024-08-30T17:57:24.168707519Z","cost":0},"event":{"user_id":"57810555","user_login":"testFromUser","user_name":"testFromUser","broadcaster_user_id":"5678","broadcaster_user_login":"testBroadcaster","broadcaster_user_name":"testBroadcaster","tier":"1000","is_gift":false}}

and my program gets the notification

# my print statements
Got Sub event!
testFromUser subbed to testBroadcaster, and was it gift? false
User exists!
Does user exist? true

This isn’t the intended pattern?

I tried setting up NGROK and got some progress, after setting up eventsub with the code above and the callback set to the ngrok endpoint, I got some POST commands with verification pending after trying to start some eventsub subscriptions, what do I need to change to get the challenge verification working?

# callback line in the above helix subscription code
Callback: "https://my-temp-domain.ngrok-free.app",

# eventsub listener
func startTwitchListeners() {
	http.HandleFunc("/eventsub", eventSubHandler)
	http.ListenAndServe(":3000", nil)
}

# eventsub handler
func eventSubHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Printf("Got some sort of eventsub thing\n")
    body, err := io.ReadAll(r.Body)
    if err != nil {
        fmt.Printf("%s\n",err)
        return
    }
    defer r.Body.Close()
    // verify that the notification came from twitch using the secret.
    if !helix.VerifyEventSubNotification(os.Getenv("EVENTSUB_SECRET"), r.Header, string(body)) {
        fmt.Printf("no valid signature on subscription")
        return
    } else {
        fmt.Printf("verified signature for subscription\n")
    }
    var vals eventSubNotification
    err = json.NewDecoder(bytes.NewReader(body)).Decode(&vals)
    if err != nil {
        fmt.Printf("%d\n",err)
        return
    }
	// this line prints the whole notif if we wanna see it, but we probably don't every time
	// fmt.Printf("\n\n\n%+v\n\n\n",vals)
    // if there's a challenge in the request, 
    // respond with only the challenge to verify your eventsub.
    if vals.Challenge != "" {
        w.Write([]byte(vals.Challenge))
        return
    }

# 502 Bad Gateway error in NGROK inspect
{
    "subscription": {
        "id": "subscription-id",
        "status": "webhook_callback_verification_pending",
        "type": "channel.follow",
        "version": "2",
        "condition": {
            "broadcaster_user_id": "57810555",
            "moderator_user_id": "123645880"
        },
        "transport": {
            "method": "webhook",
            "callback": "https://my-temporary-domain.ngrok-free.app"
        },
        "created_at": "2024-08-30T18:02:44.454559311Z",
        "cost": 0
    },
    "challenge": "challenge"
}

BarryCarlyon · August 30, 2024, 6:33pm

Because you are using the cli on your computer to post to your computer and localhost to your computer is your computer.

That works only for testing but will not for live data as live data originates from twitch’s servers. Not your computer

As live data comes from twitch’s server. And localhost to twitch is twitch

Looks like you set your callback to the root of the ngrok domain. But your callback url is ngrok/eventsub. Ie your forgot to include the path in your subscription request

(Pardon any shortenings I’m posting from my phone)

whitegrimreaper · August 30, 2024, 6:46pm

I got it working! You were correct about the missing /eventsub, once I added it in I was able to get EventSub notifications for actual events finally

Thanks for the help!

system · September 29, 2024, 6:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.