Merge commit from fork

* Require read, read:statuses or read:notifications scope to access streaming APIs

* Add additional tests for scope-based channel access

We were missing tests in the affirmative for subscribing to the user:notification channel, this adds them

streaming/index.js

@@ -78,17 +78,6 @@ const parseJSON = (json, req) => {
   }
 };
 
-const PUBLIC_CHANNELS = [
-  'public',
-  'public:media',
-  'public:local',
-  'public:local:media',
-  'public:remote',
-  'public:remote:media',
-  'hashtag',
-  'hashtag:local',
-];
-
 // Used for priming the counters/gauges for the various metrics that are
 // per-channel
 const CHANNEL_NAMES = [
@@ -97,7 +86,14 @@ const CHANNEL_NAMES = [
   'user:notification',
   'list',
   'direct',
-  ...PUBLIC_CHANNELS
+  'public',
+  'public:media',
+  'public:local',
+  'public:local:media',
+  'public:remote',
+  'public:remote:media',
+  'hashtag',
+  'hashtag:local',
 ];
 
 const startServer = async () => {
@@ -434,12 +430,6 @@ const startServer = async () => {
   const checkScopes = (req, logger, channelName) => new Promise((resolve, reject) => {
     logger.debug(`Checking OAuth scopes for ${channelName}`);
 
-    // When accessing public channels, no scopes are needed
-    if (channelName && PUBLIC_CHANNELS.includes(channelName)) {
-      resolve();
-      return;
-    }
-
     // The `read` scope has the highest priority, if the token has it
     // then it can access all streams
     const requiredScopes = ['read'];