Development has been made to allow X users to generate and use their own APIKEY and Access Token

[kervanaslan]

…own APIKEY and Access Token. By setting ENABLE_X_SELF="true" in the .env file, each user can use their own API Key.

What kind of change does this PR introduce?

A feature

Why was this change needed?

Some self-hosters may prefer each user to generate their own API Token and Access Key instead of using a shared X API. This is because Twitter APIs are quite expensive.

Other information:

eg: Did you discuss this change with anybody before working on it?

No, I needed it and developed.

Checklist:

Put a "X" in the boxes below to indicate you have followed the checklist;

• [ x ] I have read the CONTRIBUTING guide.
• [ x] I checked that there were not similar issues or PRs already open for this.
• [ x ] This PR fixes just ONE issue (do not include multiple issues or types of change in the same PR) For example, don't try and fix a UI issue and include new dependencies in the same PR.

Summary by CodeRabbit

• New Features

  • Introduced a new configuration setting to enable integration with self-generated tokens.
  • Added XSelfProvider to enhance functionality related to social media interactions.
  • Implemented validation logic for media posts, including image and video limits.
  • Added methods for auto-reposting and auto-plugging posts based on engagement metrics.

• Bug Fixes

  • Improved error handling and control flow for provider components.

• Style

  • Reformatted code for consistency in import statements and component signatures.

[vercel]

Someone is attempting to deploy a commit to the Listinai Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

The changes introduce a new integration feature with self-generated tokens, encapsulated in a new environment variable ENABLE_X_SELF. This modification is reflected in the .env.example file. Additionally, a new provider, XSelfProvider, is added to handle interactions with the Twitter API, including functionalities for auto-reposting and managing posts based on engagement metrics. The integration manager is updated to conditionally instantiate XSelfProvider based on the environment variable. Various formatting updates and new methods related to the XSelfProvider class are also included.

Changes

File	Change Summary
.env.example	Added new setting ENABLE_X_SELF="true" under "Developer Settings".
apps/frontend/src/components/launches/providers/show.all.providers.tsx	Reformatted import statements, added XSelfProvider to the Providers array, and updated the ShowAllProviders component signature for consistency.
apps/frontend/src/components/launches/providers/xself/xself.provider.tsx	Introduced xself.provider.tsx with validation logic for media posts, including checks for images and video duration. Added checkVideoDuration function.
libraries/nestjs-libraries/src/integrations/integration.manager.ts	Updated socialIntegrationList initialization to conditionally instantiate XSelfProvider based on ENABLE_X_SELF.
libraries/nestjs-libraries/src/integrations/social/xself.provider.ts	Added XSelfProvider class with methods for Twitter API interactions, including customFields, autoRepostPost, autoPlugPost, refreshToken, generateAuthUrl, authenticate, and post.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant Env as Environment
    participant Int as Integration Manager
    participant XSP as XSelfProvider
    participant API as Twitter API

    Dev->>Env: Set ENABLE_X_SELF=true
    Env->>Int: Initialize socialIntegrationList
    Int->>XSP: Instantiate XSelfProvider
    XSP->>API: Interact with Twitter API
    API-->>XSP: Return API Response
    XSP-->>Int: Provide functionality

Loading

🐰 "In the code, a new feature hops,
With tokens that bring new shops.
XSelfProvider joins the dance,
For Twitter's tweets, a chance!
With validations and methods bright,
Our integration takes to flight!" 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (3)

libraries/nestjs-libraries/src/integrations/social/xself.provider.ts (2)

186-187: Remove unused variables to improve code clarity

The variables code, codeVerifier, oauth_token, and oauth_token_secret are declared but not used. Removing them can improve code readability and prevent confusion.

Apply this diff:

-const { code, codeVerifier } = params;
-const [oauth_token, oauth_token_secret] = codeVerifier.split(':');

---

290-291: Remove debugging statements from production code

The console.log('GGG DATA', data); statement is a leftover debugging statement. It should be removed to keep the code clean and avoid unnecessary console output.

Apply this diff:

-          console.log('GGG DATA', data);

libraries/nestjs-libraries/src/integrations/integration.manager.ts (1)

28-28: Document and validate the feature flag configuration.

Since this feature affects user authentication and API access patterns, consider:

1. Adding validation in the application startup to ensure the environment variable is properly configured
2. Documenting the feature flag in the README or configuration guide
3. Adding monitoring/metrics to track usage patterns with self-generated tokens
4. Implementing rate limiting or quota management for self-generated tokens

Would you like assistance in implementing any of these suggestions?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 763e0cd and d3ea441.

⛔ Files ignored due to path filters (1)

• apps/frontend/public/icons/platforms/xself.png is excluded by !**/*.png

📒 Files selected for processing (5)

• .env.example (1 hunks)
• apps/frontend/src/components/launches/providers/show.all.providers.tsx (2 hunks)
• apps/frontend/src/components/launches/providers/xself/xself.provider.tsx (1 hunks)
• libraries/nestjs-libraries/src/integrations/integration.manager.ts (1 hunks)
• libraries/nestjs-libraries/src/integrations/social/xself.provider.ts (1 hunks)

🔇 Additional comments (4)

.env.example (1)

92-93: LGTM

The addition of ENABLE_X_SELF="true" is appropriate and correctly placed under the "Developer Settings" section.

apps/frontend/src/components/launches/providers/show.all.providers.tsx (1)

20-41: LGTM

The integration of XSelfProvider into the Providers array is correctly implemented, and the import statement is accurate.

libraries/nestjs-libraries/src/integrations/integration.manager.ts (2)

24-24: LGTM!

The import statement follows the established pattern and is correctly placed with other provider imports.

---

28-28: 🛠️ Refactor suggestion

Enhance environment variable handling and testability.

The current implementation has several potential issues:

1. Direct use of environment variable without validation
2. No handling of unexpected values
3. Increased testing complexity due to runtime configuration

Consider refactoring to improve robustness and testability:

- process.env.ENABLE_X_SELF === 'true' ? new XSelfProvider() : new XProvider(),
+ getXProvider(),

+ function getXProvider(): SocialProvider {
+   const enableXSelf = process.env.ENABLE_X_SELF?.toLowerCase();
+   if (enableXSelf !== 'true' && enableXSelf !== 'false') {
+     console.warn('ENABLE_X_SELF not properly set, defaulting to XProvider');
+     return new XProvider();
+   }
+   return enableXSelf === 'true' ? new XSelfProvider() : new XProvider();
+ }

This refactoring:

• Adds proper validation for the environment variable
• Provides a clear default behavior
• Makes the code more testable by isolating the provider selection logic
• Adds logging for misconfiguration

Let's verify the environment variable usage across the codebase:

✅ Verification successful

Let me gather more context about the provider implementations to ensure the refactoring suggestion is appropriate.

---

Let me check for any existing environment variable validation patterns or configuration management in the codebase to ensure our suggestion aligns with the project's practices.

---

Let me check the configuration management patterns in the codebase to ensure our suggestion aligns with the project's practices.

---

Based on the codebase analysis, I can now provide the final response:

Consider using the existing ConfigurationChecker pattern for environment variable validation

The codebase already has a robust configuration management system in ConfigurationChecker that handles environment variable validation. Instead of adding inline validation, we should extend this pattern:

- process.env.ENABLE_X_SELF === 'true' ? new XSelfProvider() : new XProvider(),
+ getXProvider(),

+ // Add to ConfigurationChecker class
+ checkXSelfProvider() {
+   const value = this.get('ENABLE_X_SELF')?.toLowerCase();
+   if (value !== 'true' && value !== 'false') {
+     this.issues.push('ENABLE_X_SELF must be either "true" or "false"');
+   }
+ }

+ // Add to check() method
+ this.checkXSelfProvider();

+ // In integration.manager.ts
+ function getXProvider(): SocialProvider {
+   return process.env.ENABLE_X_SELF?.toLowerCase() === 'true' 
+     ? new XSelfProvider() 
+     : new XProvider();
+ }

This approach:

• Maintains consistency with existing codebase patterns
• Centralizes configuration validation
• Provides early validation during application startup
• Preserves the simple provider selection logic

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for other uses of ENABLE_X_SELF to ensure consistent handling
rg "ENABLE_X_SELF" --type ts

Length of output: 175

---

Script:

#!/bin/bash
# Search for XProvider and XSelfProvider implementations
ast-grep --pattern 'class $_ extends SocialProvider {
  $$$
}'

# Also check for any interface or type definitions related to these providers
rg "interface.*Provider|type.*Provider" --type ts

Length of output: 966

---

Script:

#!/bin/bash
# Search for environment variable validation patterns
rg "process\.env\." -A 3 --type ts

# Look for configuration management files
fd -e ts "config|environment" --type f

Length of output: 64347

---

Script:

#!/bin/bash
# Check configuration management patterns
cat libraries/helpers/src/configuration/configuration.checker.ts

# Look for any existing environment variable validation patterns
ast-grep --pattern 'function $_(process.env.$_) {
  $$$
}'

Length of output: 2435

[coderabbitai]

⚠️ Potential issue

Handle potential CORS issues when accessing video metadata

Accessing video.duration may fail due to CORS restrictions when loading videos from external URLs. This could cause the validation to fail or behave inconsistently. Consider performing video duration validation on the server side or ensure that videos come from same-origin sources where CORS policies allow metadata access.

[coderabbitai]

⚠️ Potential issue

Ensure proper error handling in checkVideoDuration

The checkVideoDuration function may encounter errors if the video fails to load or due to CORS issues. Ensure that these errors are properly handled and communicated to the user. Additionally, consider implementing a timeout to handle cases where onloadedmetadata may not fire.

[coderabbitai]

🛠️ Refactor suggestion

Improve media type detection and validation logic

Using indexOf('mp4') to detect media types may produce false positives and is not reliable. Consider using file extensions with endsWith('.mp4') or checking MIME types. Also, clarify the validation logic to ensure that posts containing a video do not include other media items.

Apply this diff to improve media type checking and validation logic:

-if (
-  posts.some(
-    (p) => p.some((m) => m.path.indexOf('mp4') > -1) && p.length > 1
-  )
-) {
-  return 'There can be maximum 1 video in a post.';
-}
+if (
+  posts.some(
+    (p) =>
+      p.some((m) => m.path.endsWith('.mp4')) &&
+      p.length > 1
+  )
+) {
+  return 'Posts containing a video cannot include other media items.';
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (
	posts.some(
	(p) => p.some((m) => m.path.indexOf('mp4') > -1) && p.length > 1
	)
	) {
	return 'There can be maximum 1 video in a post.';
	}
	if (
	posts.some(
	(p) =>
	p.some((m) => m.path.endsWith('.mp4')) &&
	p.length > 1
	)
	) {
	return 'Posts containing a video cannot include other media items.';
	}

[coderabbitai]

⚠️ Potential issue

Use structured data for tokens instead of splitting strings

Splitting tokens using split(':') is fragile and can lead to errors if any component contains a colon. It's safer to store tokens as structured data, such as JSON, to ensure reliable parsing and prevent potential security issues.

Apply this suggestion:

• Store token components as a JSON string when saving the token, and parse it with JSON.parse when needed.

Also applies to: 129-134, 222-227

[coderabbitai]

⚠️ Potential issue

Validate and sanitize authentication parameters

Decoding params.code as base64 and parsing it as JSON without validation can be risky. Ensure that the input is properly validated and sanitized to prevent security vulnerabilities, such as injection attacks.

[coderabbitai]

🛠️ Refactor suggestion

Improve media type detection when uploading media

Using m.url.indexOf('mp4') to determine the media type is unreliable. It's better to use the file extension with endsWith('.mp4') or check the MIME type using lookup(m.url) to accurately detect the media type.

Apply this diff to improve media type detection:

-                return {
-                  id: await client.v1.uploadMedia(
-                    m.url.indexOf('mp4') > -1
+                const isVideo = m.url.endsWith('.mp4') || lookup(m.url) === 'video/mp4';
+                return {
+                  id: await client.v1.uploadMedia(
+                    isVideo

Committable suggestion skipped: line range outside the PR's diff.

[nevo-david]

Thank you for the pull request.
We must review it more deeply as it adds a new provider (instead of adding the option for the initial one)