feat: add admin/owner permission system

Hostmask-based admin controls with automatic IRCOP detection via WHO. Permission enforcement in the central dispatch path denies restricted commands to non-admins. Includes !whoami and !admins commands, marks load/reload/unload as admin-only. Also lands previously-implemented SASL PLAIN auth, token-bucket rate limiting, and CTCP VERSION/TIME/PING responses that were staged but uncommitted. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 02:24:56 +01:00
parent 36b21e2463
commit f96224afb1
9 changed files with 408 additions and 18 deletions
--- a/config/derp.toml.example
+++ b/config/derp.toml.example
@@ -6,11 +6,19 @@ nick = "derp"
 user = "derp"
 realname = "derp IRC bot"
 password = ""
+# sasl_user = "account"    # SASL PLAIN username (optional)
+# sasl_pass = "secret"     # SASL PLAIN password (optional)

 [bot]
 prefix = "!"
 channels = ["#test"]
 plugins_dir = "plugins"
+# rate_limit = 2.0         # Messages per second (default: 2.0)
+# rate_burst = 5           # Burst capacity (default: 5)
+# admins = [               # Hostmask patterns (fnmatch), IRCOPs auto-detected
+#     "*!~user@trusted.host",
+#     "ops!*@*.ops.net",
+# ]

 [logging]
 level = "info"