Issue: Discord Integration is great, but there is a small command auditing loophole that could become a problem in the future.
You can specify which channels can accept individual custom commands (Chat, Whisper, or Discord) but you can't make this designation for DeepBot's default commands (!add, !remove, etc).
Before Discord Integration this was not a major issue as you could always log into Twitch on your bot account and audit the whisper history to see who triggered which default commands.
However, with Discord Integration, there are two issues preventing a streamer from auditing use of default commands:
1) You can't log into Discord as your bot account to review any received DMs.
2) A user can trigger a command in Discord and then delete their message, and there is no record to the server owner of who triggered the command.
These two issues can be solved with @savelog@ for custom commands, but we can't add logging like this for default commands. If one of my level 2 mods has his Discord account hacked and he proceeds to !add points to a large number of users, I may be able to revert it but I won't have any record of who did it.
Possible Solutions: Here are a few ideas to fix this.
- Add an option in Master Settings to disable Discord interaction (Channel & DM) for all DeepBot default commands.
- If a custom command exists with the same alias as a default command, run the custom command and ignore the default command. (Allows us to recreate !add or !remove with a @savelog@ appended for auditing)
- Include information in the DeepBot chatlogs for commands invoked in Discord or Discord DM.
- Add a module for customizing DeepBot default commands
- Remove the distinction between default & custom commands. Pre-populate existing default commands under the Commands module with a new group "Default" and allow users to customize, enable, or disable any of them.
Thank you!
