nitter/src/tokens.nim

# SPDX-License-Identifier: AGPL-3.0-only
import asyncdispatch, httpclient, times, sequtils, json, random
import strutils, tables
import zippy
import types, consts, http_pool

const
  maxConcurrentReqs = 5  # max requests at a time per token, to avoid race conditions
  maxLastUse = 1.hours   # if a token is unused for 60 minutes, it expires
  maxAge = 2.hours + 55.minutes  # tokens expire after 3 hours
  failDelay = initDuration(minutes=30)

var
  clientPool: HttpPool
  tokenPool: seq[Token]
  lastFailed: Time

proc getPoolJson*(): JsonNode =
  var
    list = newJObject()
    totalReqs = 0
    totalPending = 0
    reqsPerApi: Table[string, int]

  for token in tokenPool:
    totalPending.inc(token.pending)
    list[token.tok] = %*{
      "apis": newJObject(),
      "pending": token.pending,
      "init": $token.init,
      "lastUse": $token.lastUse
    }

    for api in token.apis.keys:
      list[token.tok]["apis"][$api] = %token.apis[api]

      let
        maxReqs =
          case api
          of Api.listMembers, Api.listBySlug, Api.list, Api.userRestId: 500
          of Api.timeline: 187
          else: 180
        reqs = maxReqs - token.apis[api].remaining

      reqsPerApi[$api] = reqsPerApi.getOrDefault($api, 0) + reqs
      totalReqs.inc(reqs)

  return %*{
    "amount": tokenPool.len,
    "requests": totalReqs,
    "pending": totalPending,
    "apis": reqsPerApi,
    "tokens": list
  }

proc rateLimitError*(): ref RateLimitError =
  newException(RateLimitError, "rate limited")

proc fetchToken(): Future[Token] {.async.} =
  if getTime() - lastFailed < failDelay:
    raise rateLimitError()

  let headers = newHttpHeaders({
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
    "accept-encoding": "gzip",
    "accept-language": "en-US,en;q=0.5",
    "connection": "keep-alive",
    "authorization": auth
  })

  try:
    let
      resp = clientPool.use(headers): await c.postContent(activate)
      tokNode = parseJson(uncompress(resp))["guest_token"]
      tok = tokNode.getStr($(tokNode.getInt))
      time = getTime()

    return Token(tok: tok, init: time, lastUse: time)
  except Exception as e:
    lastFailed = getTime()
    echo "fetching token failed: ", e.msg

proc expired(token: Token): bool =
  let time = getTime()
  token.init < time - maxAge or token.lastUse < time - maxLastUse

proc isLimited(token: Token; api: Api): bool =
  if token.isNil or token.expired:
    return true

  if api in token.apis:
    let limit = token.apis[api]
    return (limit.remaining <= 10 and limit.reset > epochTime().int)
  else:
    return false

proc isReady(token: Token; api: Api): bool =
  not (token.isNil or token.pending > maxConcurrentReqs or token.isLimited(api))

proc release*(token: Token; used=false; invalid=false) =
  if token.isNil: return
  if invalid or token.expired:
    let idx = tokenPool.find(token)
    if idx > -1: tokenPool.delete(idx)
  elif used:
    dec token.pending
    token.lastUse = getTime()

proc getToken*(api: Api): Future[Token] {.async.} =
  for i in 0 ..< tokenPool.len:
    if result.isReady(api): break
    release(result)
    result = tokenPool.sample()

  if not result.isReady(api):
    release(result)
    result = await fetchToken()
    tokenPool.add result

  if not result.isNil:
    inc result.pending
  else:
    raise rateLimitError()

proc setRateLimit*(token: Token; api: Api; remaining, reset: int) =
  # avoid undefined behavior in race conditions
  if api in token.apis:
    let limit = token.apis[api]
    if limit.reset >= reset and limit.remaining < remaining:
      return

  token.apis[api] = RateLimit(remaining: remaining, reset: reset)

proc poolTokens*(amount: int) {.async.} =
  var futs: seq[Future[Token]]
  for i in 0 ..< amount:
    futs.add fetchToken()

  for token in futs:
    var newToken: Token

    try: newToken = await token
    except: discard

    if not newToken.isNil:
      tokenPool.add newToken

proc initTokenPool*(cfg: Config) {.async.} =
  clientPool = HttpPool()

  while true:
    if tokenPool.countIt(not it.isLimited(Api.timeline)) < cfg.minTokens:
      await poolTokens(min(4, cfg.minTokens - tokenPool.len))
    await sleepAsync(2000)
Add license headers Closes #413 2021-12-27 01:37:38 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`import asyncdispatch, httpclient, times, sequtils, json, random`
			`import strutils, tables`
Use gzip for API calls to lower bandwidth and RAM 2021-12-26 05:49:27 +00:00			`import zippy`
Remove user agents 2022-01-17 03:13:27 +00:00			`import types, consts, http_pool`
In with the new 2020-06-01 00:16:24 +00:00
Temporary (?) fix for false rate limits 2021-01-18 06:47:51 +00:00			`const`
Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`maxConcurrentReqs = 5 # max requests at a time per token, to avoid race conditions`
			`maxLastUse = 1.hours # if a token is unused for 60 minutes, it expires`
Set tokens to expire 5 minutes early Prevents occasional usage of tokens the very second they expire 2022-01-16 16:56:45 +00:00			`maxAge = 2.hours + 55.minutes # tokens expire after 3 hours`
Temporary (?) fix for false rate limits 2021-01-18 06:47:51 +00:00			`failDelay = initDuration(minutes=30)`

Add temporary token fail safe 2020-07-09 07:18:14 +00:00			`var`
More cleanup 2022-01-02 10:21:03 +00:00			`clientPool: HttpPool`
			`tokenPool: seq[Token]`
Add temporary token fail safe 2020-07-09 07:18:14 +00:00			`lastFailed: Time`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00
Add more info to /.tokens endpoint 2022-01-05 23:42:18 +00:00			`proc getPoolJson*(): JsonNode =`
			`var`
			`list = newJObject()`
			`totalReqs = 0`
			`totalPending = 0`
			`reqsPerApi: Table[string, int]`

Add /.tokens debug endpoint to see token pool 2022-01-05 21:49:16 +00:00			`for token in tokenPool:`
Add more info to /.tokens endpoint 2022-01-05 23:42:18 +00:00			`totalPending.inc(token.pending)`
Add /.tokens debug endpoint to see token pool 2022-01-05 21:49:16 +00:00			`list[token.tok] = %*{`
			`"apis": newJObject(),`
Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`"pending": token.pending,`
Add /.tokens debug endpoint to see token pool 2022-01-05 21:49:16 +00:00			`"init": $token.init,`
			`"lastUse": $token.lastUse`
			`}`

			`for api in token.apis.keys:`
Use int for token reset instead of Time 2022-01-05 23:19:09 +00:00			`list[token.tok]["apis"][$api] = %token.apis[api]`
Add more info to /.tokens endpoint 2022-01-05 23:42:18 +00:00
			`let`
			`maxReqs =`
			`case api`
Set listMembers max remaining to 500 2022-01-24 11:29:03 +00:00			`of Api.listMembers, Api.listBySlug, Api.list, Api.userRestId: 500`
Add more info to /.tokens endpoint 2022-01-05 23:42:18 +00:00			`of Api.timeline: 187`
			`else: 180`
			`reqs = maxReqs - token.apis[api].remaining`

			`reqsPerApi[$api] = reqsPerApi.getOrDefault($api, 0) + reqs`
			`totalReqs.inc(reqs)`

			`return %*{`
			`"amount": tokenPool.len,`
			`"requests": totalReqs,`
			`"pending": totalPending,`
			`"apis": reqsPerApi,`
			`"tokens": list`
			`}`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00
			`proc rateLimitError*(): ref RateLimitError =`
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`newException(RateLimitError, "rate limited")`
In with the new 2020-06-01 00:16:24 +00:00
			`proc fetchToken(): Future[Token] {.async.} =`
Temporary (?) fix for false rate limits 2021-01-18 06:47:51 +00:00			`if getTime() - lastFailed < failDelay:`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00			`raise rateLimitError()`
Add temporary token fail safe 2020-07-09 07:18:14 +00:00
Add http pool to reduce connection overhead 2020-11-07 20:31:03 +00:00			`let headers = newHttpHeaders({`
			`"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8",`
Use gzip for API calls to lower bandwidth and RAM 2021-12-26 05:49:27 +00:00			`"accept-encoding": "gzip",`
Add http pool to reduce connection overhead 2020-11-07 20:31:03 +00:00			`"accept-language": "en-US,en;q=0.5",`
			`"connection": "keep-alive",`
			`"authorization": auth`
			`})`
In with the new 2020-06-01 00:16:24 +00:00
Fix crash on token fetch failure 2020-06-02 18:37:55 +00:00			`try:`
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`let`
			`resp = clientPool.use(headers): await c.postContent(activate)`
			`tokNode = parseJson(uncompress(resp))["guest_token"]`
			`tok = tokNode.getStr($(tokNode.getInt))`
			`time = getTime()`
In with the new 2020-06-01 00:16:24 +00:00
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`return Token(tok: tok, init: time, lastUse: time)`
Use old API endpoint to fetch tokens 2020-06-24 13:02:34 +00:00			`except Exception as e:`
Add temporary token fail safe 2020-07-09 07:18:14 +00:00			`lastFailed = getTime()`
Show error page when rate limited 2021-01-07 21:31:29 +00:00			`echo "fetching token failed: ", e.msg`
In with the new 2020-06-01 00:16:24 +00:00
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`proc expired(token: Token): bool =`
Temporary fix to prevent early token expiry 2020-06-19 07:45:24 +00:00			`let time = getTime()`
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`token.init < time - maxAge or token.lastUse < time - maxLastUse`
In with the new 2020-06-01 00:16:24 +00:00
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`proc isLimited(token: Token; api: Api): bool =`
			`if token.isNil or token.expired:`
			`return true`

			`if api in token.apis:`
			`let limit = token.apis[api]`
Use int for token reset instead of Time 2022-01-05 23:19:09 +00:00			`return (limit.remaining <= 10 and limit.reset > epochTime().int)`
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`else:`
			`return false`
In with the new 2020-06-01 00:16:24 +00:00
Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`proc isReady(token: Token; api: Api): bool =`
			`not (token.isNil or token.pending > maxConcurrentReqs or token.isLimited(api))`

			`proc release*(token: Token; used=false; invalid=false) =`
			`if token.isNil: return`
			`if invalid or token.expired:`
Temporary (?) fix for false rate limits 2021-01-18 06:47:51 +00:00			`let idx = tokenPool.find(token)`
			`if idx > -1: tokenPool.delete(idx)`
Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`elif used:`
			`dec token.pending`
			`token.lastUse = getTime()`
In with the new 2020-06-01 00:16:24 +00:00
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`proc getToken*(api: Api): Future[Token] {.async.} =`
In with the new 2020-06-01 00:16:24 +00:00			`for i in 0 ..< tokenPool.len:`
Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`if result.isReady(api): break`
Temporary (?) fix for false rate limits 2021-01-18 06:47:51 +00:00			`release(result)`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00			`result = tokenPool.sample()`
In with the new 2020-06-01 00:16:24 +00:00
Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`if not result.isReady(api):`
Temporary (?) fix for false rate limits 2021-01-18 06:47:51 +00:00			`release(result)`
In with the new 2020-06-01 00:16:24 +00:00			`result = await fetchToken()`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00			`tokenPool.add result`

Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`if not result.isNil:`
			`inc result.pending`
			`else:`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00			`raise rateLimitError()`

Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`proc setRateLimit*(token: Token; api: Api; remaining, reset: int) =`
Track pending token requests to limit concurrency 2022-01-05 22:38:46 +00:00			`# avoid undefined behavior in race conditions`
			`if api in token.apis:`
			`let limit = token.apis[api]`
			`if limit.reset >= reset and limit.remaining < remaining:`
			`return`

			`token.apis[api] = RateLimit(remaining: remaining, reset: reset)`
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00
In with the new 2020-06-01 00:16:24 +00:00			`proc poolTokens*(amount: int) {.async.} =`
			`var futs: seq[Future[Token]]`
			`for i in 0 ..< amount:`
			`futs.add fetchToken()`

			`for token in futs:`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00			`var newToken: Token`

			`try: newToken = await token`
			`except: discard`

Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`if not newToken.isNil:`
Improve token pool to prevent rate limits 2021-01-13 13:32:26 +00:00			`tokenPool.add newToken`
In with the new 2020-06-01 00:16:24 +00:00
			`proc initTokenPool*(cfg: Config) {.async.} =`
Add http pool to reduce connection overhead 2020-11-07 20:31:03 +00:00			`clientPool = HttpPool()`

In with the new 2020-06-01 00:16:24 +00:00			`while true:`
Track token rate limits per endpoint 2022-01-05 21:48:45 +00:00			`if tokenPool.countIt(not it.isLimited(Api.timeline)) < cfg.minTokens:`
More aggressive token strategy to combat bursts 2020-06-01 11:54:45 +00:00			`await poolTokens(min(4, cfg.minTokens - tokenPool.len))`
			`await sleepAsync(2000)`