nitter/src/apiutils.nim

# SPDX-License-Identifier: AGPL-3.0-only
import httpclient, asyncdispatch, options, strutils, uri, times, math, tables
import jsony, packedjson, zippy, oauth1
import types, auth, consts, parserutils, http_pool
import experimental/types/common

const
  rlRemaining = "x-rate-limit-remaining"
  rlReset = "x-rate-limit-reset"

var pool: HttpPool

proc getOauthHeader(url, oauthToken, oauthTokenSecret: string): string =
  let
    encodedUrl = url.replace(",", "%2C").replace("+", "%20")
    params = OAuth1Parameters(
      consumerKey: consumerKey,
      signatureMethod: "HMAC-SHA1",
      timestamp: $int(round(epochTime())),
      nonce: "0",
      isIncludeVersionToHeader: true,
      token: oauthToken
    )
    signature = getSignature(HttpGet, encodedUrl, "", params, consumerSecret, oauthTokenSecret)

  params.signature = percentEncode(signature)

  return getOauth1RequestHeader(params)["authorization"]

proc genHeaders*(url, oauthToken, oauthTokenSecret: string): HttpHeaders =
  let header = getOauthHeader(url, oauthToken, oauthTokenSecret)

  result = newHttpHeaders({
    "connection": "keep-alive",
    "authorization": header,
    "content-type": "application/json",
    "x-twitter-active-user": "yes",
    "authority": "api.x.com",
    "accept-encoding": "gzip",
    "accept-language": "en-US,en;q=0.9",
    "accept": "*/*",
    "DNT": "1"
  })

template fetchImpl(result, fetchBody) {.dirty.} =
  once:
    pool = HttpPool()

  var session = await getSession(api)
  if session.oauthToken.len == 0:
    echo "[sessions] Empty oauth token, session: ", session.id
    raise rateLimitError()

  try:
    var resp: AsyncResponse
    pool.use(genHeaders($url, session.oauthToken, session.oauthSecret)):
      template getContent =
        resp = await c.get($url)
        result = await resp.body

      getContent()

      if resp.status == $Http503:
        badClient = true
        raise newException(BadClientError, "Bad client")

    if resp.headers.hasKey(rlRemaining):
      let
        remaining = parseInt(resp.headers[rlRemaining])
        reset = parseInt(resp.headers[rlReset])
      session.setRateLimit(api, remaining, reset)

    if result.len > 0:
      if resp.headers.getOrDefault("content-encoding") == "gzip":
        result = uncompress(result, dfGzip)

      if result.startsWith("{\"errors"):
        let errors = result.fromJson(Errors)
        echo "Fetch error, API: ", api, ", errors: ", errors
        if errors in {expiredToken, badToken, locked}:
          invalidate(session)
          raise rateLimitError()
        elif errors in {rateLimited}:
          # rate limit hit, resets after 24 hours
          setLimited(session, api)
          raise rateLimitError()
      elif result.startsWith("429 Too Many Requests"):
        echo "[sessions] 429 error, API: ", api, ", session: ", session.id
        session.apis[api].remaining = 0
        # rate limit hit, resets after the 15 minute window
        raise rateLimitError()

    fetchBody

    if resp.status == $Http400:
      echo "ERROR 400, ", api, ": ", result
      raise newException(InternalError, $url)
  except InternalError as e:
    raise e
  except BadClientError as e:
    raise e
  except OSError as e:
    raise e
  except Exception as e:
    let id = if session.isNil: "null" else: $session.id
    echo "error: ", e.name, ", msg: ", e.msg, ", sessionId: ", id, ", url: ", url
    raise rateLimitError()
  finally:
    release(session)

template retry(bod) =
  try:
    bod
  except RateLimitError:
    echo "[sessions] Rate limited, retrying ", api, " request..."
    bod

proc fetch*(url: Uri; api: Api): Future[JsonNode] {.async.} =
  retry:
    var body: string
    fetchImpl body:
      if body.startsWith('{') or body.startsWith('['):
        result = parseJson(body)
      else:
        echo resp.status, ": ", body, " --- url: ", url
        result = newJNull()

      let error = result.getError
      if error != null:
        echo "Fetch error, API: ", api, ", error: ", error
        if error in {expiredToken, badToken, locked}:
          invalidate(session)
          raise rateLimitError()

proc fetchRaw*(url: Uri; api: Api): Future[string] {.async.} =
  retry:
    fetchImpl result:
      if not (result.startsWith('{') or result.startsWith('[')):
        echo resp.status, ": ", result, " --- url: ", url
        result.setLen(0)
Add license headers Closes #413 2021-12-27 01:37:38 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`
Track rate limits, reset after 24 hours 2023-08-20 09:56:42 +00:00			`import httpclient, asyncdispatch, options, strutils, uri, times, math, tables`
Replace tokens with guest accounts, swap endpoints 2023-08-18 22:25:14 +00:00			`import jsony, packedjson, zippy, oauth1`
Replace /.tokens with /.health and /.accounts 2023-10-31 12:04:32 +00:00			`import types, auth, consts, parserutils, http_pool`
Simplify new error handling 2022-01-16 17:28:40 +00:00			`import experimental/types/common`
Refactor fetch helper, fix list pagination 2020-06-15 14:40:27 +00:00
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`const`
			`rlRemaining = "x-rate-limit-remaining"`
			`rlReset = "x-rate-limit-reset"`
In with the new 2020-06-01 00:16:24 +00:00
More cleanup 2022-01-02 10:21:03 +00:00			`var pool: HttpPool`
Add http pool to reduce connection overhead 2020-11-07 20:31:03 +00:00
Replace tokens with guest accounts, swap endpoints 2023-08-18 22:25:14 +00:00			`proc getOauthHeader(url, oauthToken, oauthTokenSecret: string): string =`
			`let`
			`encodedUrl = url.replace(",", "%2C").replace("+", "%20")`
			`params = OAuth1Parameters(`
			`consumerKey: consumerKey,`
			`signatureMethod: "HMAC-SHA1",`
			`timestamp: $int(round(epochTime())),`
			`nonce: "0",`
			`isIncludeVersionToHeader: true,`
			`token: oauthToken`
			`)`
			`signature = getSignature(HttpGet, encodedUrl, "", params, consumerSecret, oauthTokenSecret)`

			`params.signature = percentEncode(signature)`

			`return getOauth1RequestHeader(params)["authorization"]`

			`proc genHeaders*(url, oauthToken, oauthTokenSecret: string): HttpHeaders =`
			`let header = getOauthHeader(url, oauthToken, oauthTokenSecret)`

In with the new 2020-06-01 00:16:24 +00:00			`result = newHttpHeaders({`
Add http pool to reduce connection overhead 2020-11-07 20:31:03 +00:00			`"connection": "keep-alive",`
Replace tokens with guest accounts, swap endpoints 2023-08-18 22:25:14 +00:00			`"authorization": header,`
In with the new 2020-06-01 00:16:24 +00:00			`"content-type": "application/json",`
			`"x-twitter-active-user": "yes",`
Update authority header 2025-02-04 23:40:19 +00:00			`"authority": "api.x.com",`
Use gzip for API calls to lower bandwidth and RAM 2021-12-26 05:49:27 +00:00			`"accept-encoding": "gzip",`
In with the new 2020-06-01 00:16:24 +00:00			`"accept-language": "en-US,en;q=0.9",`
			`"accept": "/",`
Refactor fetch helper, fix list pagination 2020-06-15 14:40:27 +00:00			`"DNT": "1"`
In with the new 2020-06-01 00:16:24 +00:00			`})`

Add experimental user parser 2022-01-16 05:00:11 +00:00			`template fetchImpl(result, fetchBody) {.dirty.} =`
Add http pool to reduce connection overhead 2020-11-07 20:31:03 +00:00			`once:`
			`pool = HttpPool()`

Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`var session = await getSession(api)`
			`if session.oauthToken.len == 0:`
			`echo "[sessions] Empty oauth token, session: ", session.id`
Show error page when rate limited 2021-01-07 21:31:29 +00:00			`raise rateLimitError()`
In with the new 2020-06-01 00:16:24 +00:00
			`try:`
Simplify bad http client pruning 2022-01-23 01:29:03 +00:00			`var resp: AsyncResponse`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`pool.use(genHeaders($url, session.oauthToken, session.oauthSecret)):`
Retry intermittent 401 Unauthorized requests 2022-09-21 03:47:16 +00:00			`template getContent =`
			`resp = await c.get($url)`
			`result = await resp.body`
Temporary fix to Twitter's global timeline error 2022-01-21 08:17:18 +00:00
Retry intermittent 401 Unauthorized requests 2022-09-21 03:47:16 +00:00			`getContent()`

GraphQL timeline (#812) * Update deps * Replace profile timeline with GraphQL endpoint * Update GraphQL endpoint versions * Use GraphQL for profile media tab * Fix UserByRestId request * Improve routing, fixes #814 * Fix token pool JSON * Deduplicate GraphQL timeline endpoints * Update list endpoints * Use GraphQL for list tweets * Remove debug leftover * Replace old pinned tweet endpoint with GraphQL * Validate tweet ID * Minor token handling fix * Hide US-only commerce cards * Update config example * Remove http pool and gzip from token pool * Support tombstoned tweets in threads * Retry GraphQL timeout errors * Remove unnecessary 401 retry * Remove broken timeout retry * Update karax, use new bool attribute feature * Update card test * Fix odd edgecase with broken retweets * Replace search endpoints, switch Bearer token * Only parse user search if it's a list * Fix quoted tweet crash * Fix empty search query handling * Fix invalid user search errors again 2023-04-21 12:41:30 +00:00			`if resp.status == $Http503:`
			`badClient = true`
			`raise newException(BadClientError, "Bad client")`
Make gzip handling more robust 2021-12-30 00:39:00 +00:00
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`if resp.headers.hasKey(rlRemaining):`
			`let`
			`remaining = parseInt(resp.headers[rlRemaining])`
			`reset = parseInt(resp.headers[rlReset])`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`session.setRateLimit(api, remaining, reset)`
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00
Add experimental user parser 2022-01-16 05:00:11 +00:00			`if result.len > 0:`
Make gzip handling more robust 2021-12-30 00:39:00 +00:00			`if resp.headers.getOrDefault("content-encoding") == "gzip":`
Add experimental user parser 2022-01-16 05:00:11 +00:00			`result = uncompress(result, dfGzip)`
Refactor fetch helper, fix list pagination 2020-06-15 14:40:27 +00:00
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`if result.startsWith("{\"errors"):`
			`let errors = result.fromJson(Errors)`
Capture "account locked" API error 2025-02-04 23:35:39 +00:00			`echo "Fetch error, API: ", api, ", errors: ", errors`
			`if errors in {expiredToken, badToken, locked}:`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`invalidate(session)`
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`raise rateLimitError()`
			`elif errors in {rateLimited}:`
			`# rate limit hit, resets after 24 hours`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`setLimited(session, api)`
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`raise rateLimitError()`
			`elif result.startsWith("429 Too Many Requests"):`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`echo "[sessions] 429 error, API: ", api, ", session: ", session.id`
			`session.apis[api].remaining = 0`
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`# rate limit hit, resets after the 15 minute window`
			`raise rateLimitError()`
In with the new 2020-06-01 00:16:24 +00:00
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`fetchBody`
Improve API error handling 2021-12-28 04:41:41 +00:00
			`if resp.status == $Http400:`
Capture "account locked" API error 2025-02-04 23:35:39 +00:00			`echo "ERROR 400, ", api, ": ", result`
Improve API error handling 2021-12-28 04:41:41 +00:00			`raise newException(InternalError, $url)`
			`except InternalError as e:`
			`raise e`
GraphQL timeline (#812) * Update deps * Replace profile timeline with GraphQL endpoint * Update GraphQL endpoint versions * Use GraphQL for profile media tab * Fix UserByRestId request * Improve routing, fixes #814 * Fix token pool JSON * Deduplicate GraphQL timeline endpoints * Update list endpoints * Use GraphQL for list tweets * Remove debug leftover * Replace old pinned tweet endpoint with GraphQL * Validate tweet ID * Minor token handling fix * Hide US-only commerce cards * Update config example * Remove http pool and gzip from token pool * Support tombstoned tweets in threads * Retry GraphQL timeout errors * Remove unnecessary 401 retry * Remove broken timeout retry * Update karax, use new bool attribute feature * Update card test * Fix odd edgecase with broken retweets * Replace search endpoints, switch Bearer token * Only parse user search if it's a list * Fix quoted tweet crash * Fix empty search query handling * Fix invalid user search errors again 2023-04-21 12:41:30 +00:00			`except BadClientError as e:`
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`raise e`
			`except OSError as e:`
GraphQL timeline (#812) * Update deps * Replace profile timeline with GraphQL endpoint * Update GraphQL endpoint versions * Use GraphQL for profile media tab * Fix UserByRestId request * Improve routing, fixes #814 * Fix token pool JSON * Deduplicate GraphQL timeline endpoints * Update list endpoints * Use GraphQL for list tweets * Remove debug leftover * Replace old pinned tweet endpoint with GraphQL * Validate tweet ID * Minor token handling fix * Hide US-only commerce cards * Update config example * Remove http pool and gzip from token pool * Support tombstoned tweets in threads * Retry GraphQL timeout errors * Remove unnecessary 401 retry * Remove broken timeout retry * Update karax, use new bool attribute feature * Update card test * Fix odd edgecase with broken retweets * Replace search endpoints, switch Bearer token * Only parse user search if it's a list * Fix quoted tweet crash * Fix empty search query handling * Fix invalid user search errors again 2023-04-21 12:41:30 +00:00			`raise e`
Temporary (?) fix for false rate limits 2021-01-18 06:47:51 +00:00			`except Exception as e:`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`let id = if session.isNil: "null" else: $session.id`
			`echo "error: ", e.name, ", msg: ", e.msg, ", sessionId: ", id, ", url: ", url`
Show error page when rate limited 2021-01-07 21:31:29 +00:00			`raise rateLimitError()`
Improve rate limit handling, minor refactor 2023-08-30 01:04:22 +00:00			`finally:`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`release(session)`
Add experimental user parser 2022-01-16 05:00:11 +00:00
Retry rate limited requests with different account 2023-09-02 06:15:58 +00:00			`template retry(bod) =`
			`try:`
			`bod`
			`except RateLimitError:`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`echo "[sessions] Rate limited, retrying ", api, " request..."`
Retry rate limited requests with different account 2023-09-02 06:15:58 +00:00			`bod`
Add experimental user parser 2022-01-16 05:00:11 +00:00
Retry rate limited requests with different account 2023-09-02 06:15:58 +00:00			`proc fetch*(url: Uri; api: Api): Future[JsonNode] {.async.} =`
			`retry:`
			`var body: string`
			`fetchImpl body:`
			`if body.startsWith('{') or body.startsWith('['):`
			`result = parseJson(body)`
			`else:`
			`echo resp.status, ": ", body, " --- url: ", url`
			`result = newJNull()`

			`let error = result.getError`
Skip null fetch errors 2025-02-05 02:49:17 +00:00			`if error != null:`
			`echo "Fetch error, API: ", api, ", error: ", error`
			`if error in {expiredToken, badToken, locked}:`
Rename accounts/guest accounts to sessions The new file loaded by default is now ./sessions.jsonl JSONL is also required, .json support dropped. 2025-02-05 03:09:36 +00:00			`invalidate(session)`
Skip null fetch errors 2025-02-05 02:49:17 +00:00			`raise rateLimitError()`
Add experimental user parser 2022-01-16 05:00:11 +00:00
			`proc fetchRaw*(url: Uri; api: Api): Future[string] {.async.} =`
Retry rate limited requests with different account 2023-09-02 06:15:58 +00:00			`retry:`
			`fetchImpl result:`
			`if not (result.startsWith('{') or result.startsWith('[')):`
			`echo resp.status, ": ", result, " --- url: ", url`
			`result.setLen(0)`