nhcarrigan/hikari
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 2 Pull Requests 3 Actions Releases Activity

feat: add announcements on threads

Browse Source
This commit is contained in:
Naomi Carrigan
2025-12-23 19:02:08 -08:00
parent 9edf95078d
commit 0dba248370
8 changed files with 829 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/dev.env
+4 -1
View File
@@ -22,4 +22,7 @@ FACEBOOK_PAGE_ID="op://Environment Variables - Naomi/Hikari/facebook page id"
LINKEDIN_CLIENT_ID="op://Environment Variables - Naomi/Hikari/linkedin client id"
LINKEDIN_CLIENT_SECRET="op://Environment Variables - Naomi/Hikari/linkedin client secret"
MASTODON_INSTANCE_URL="op://Environment Variables - Naomi/Hikari/mastodon url"
MASTODON_ACCESS_TOKEN="op://Environment Variables - Naomi/Hikari/mastodon token"
MASTODON_ACCESS_TOKEN="op://Environment Variables - Naomi/Hikari/mastodon token"
THREADS_APP_ID="op://Environment Variables - Naomi/Hikari/threads app id"
THREADS_APP_SECRET="op://Environment Variables - Naomi/Hikari/threads app secret"
THREADS_ACCESS_TOKEN=
server/package.json
+2 -1
View File
@@ -11,7 +11,8 @@
"start": "op run --env-file=./prod.env -- node ./prod/index.js",
"test": "echo 'No tests yet' && exit 0",
"facebookAuth": "op run --env-file=./prod.env -- node facebookAuth.js",
"linkedinAuth": "op run --env-file=./prod.env -- node linkedinAuth.js"
"linkedinAuth": "op run --env-file=./prod.env -- node linkedinAuth.js",
"threadsAuth": "op run --env-file=./prod.env -- node threadsAuth.js"
},
"keywords": [],
"author": "",
server/prod.env
+4 -1
View File
@@ -22,4 +22,7 @@ FACEBOOK_PAGE_ID="op://Environment Variables - Naomi/Hikari/facebook page id"
LINKEDIN_CLIENT_ID="op://Environment Variables - Naomi/Hikari/linkedin client id"
LINKEDIN_CLIENT_SECRET="op://Environment Variables - Naomi/Hikari/linkedin client secret"
MASTODON_INSTANCE_URL="op://Environment Variables - Naomi/Hikari/mastodon url"
MASTODON_ACCESS_TOKEN="op://Environment Variables - Naomi/Hikari/mastodon token"
MASTODON_ACCESS_TOKEN="op://Environment Variables - Naomi/Hikari/mastodon token"
THREADS_APP_ID="op://Environment Variables - Naomi/Hikari/threads app id"
THREADS_APP_SECRET="op://Environment Variables - Naomi/Hikari/threads app secret"
THREADS_ACCESS_TOKEN=
server/src/config/announcements.ts
+20
View File
@@ -48,6 +48,15 @@ Platform-specific requirements:
- Do NOT include post numbers or thread indicators
- Mastodon supports markdown, so you can use basic formatting like **bold** and *italic*
**Threads:**
- Break content into a thread of individual posts
- Each post should be under 500 characters (Threads' limit)
- Posts should flow naturally from one to the next
- Use relevant hashtags (2-3 per post)
- Make the first post compelling to encourage thread reading
- Do NOT include post numbers or thread indicators
- Plain text format (no markdown)
**Facebook:**
- Plain text format (no markdown)
- Professional yet friendly tone
@@ -134,6 +143,16 @@ const announcementJsonSchema = {
required: [ "content", "title" ],
type: "object",
},
threads: {
description: "Array of individual Threads posts that form a thread. Each post should be under 500 characters and flow naturally from one to the next.",
items: {
description: "A single Threads post in the thread (max 500 characters, no post numbers or thread indicators)",
maxLength: 500,
type: "string",
},
minItems: 1,
type: "array",
},
twitter: {
description: "Array of individual Twitter posts that form a thread. Each post should be under 280 characters and flow naturally from one to the next.",
items: {
@@ -152,6 +171,7 @@ const announcementJsonSchema = {
"linkedin",
"mastodon",
"reddit",
"threads",
"twitter",
],
type: "object",
server/src/interfaces/announcementResponse.ts
+1
View File
@@ -21,5 +21,6 @@ export interface AnnouncementResponse {
content: string;
title: string;
};
threads: Array<string>;
twitter: Array<string>;
}
server/src/modules/announceOnThreads.ts
+190
View File
@@ -0,0 +1,190 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
import { isValidString } from "../utils/typeguards.js";
interface ThreadsErrorResponse {
error: {
message: string;
type: string;
code: number;
};
}
interface ThreadsSuccessResponse {
id: string;
}
type ThreadsResponse = ThreadsErrorResponse | ThreadsSuccessResponse;
/**
* Forwards an announcement to our Threads account.
* @param content - The main body of the announcement.
* @returns A message indicating the success or failure of the operation.
*/
// eslint-disable-next-line max-lines-per-function, max-statements, complexity -- This is a big function.
export const announceOnThreads = async(
content: Array<string>,
): Promise<string> => {
if (
process.env.THREADS_ACCESS_TOKEN === undefined
) {
return "Threads credentials are not set.";
}
const [ firstPost, ...restOfPosts ] = content;
const failedReplies: Array<string> = [];
if (firstPost === undefined) {
return "No posts to send to Threads.";
}
const accessToken = process.env.THREADS_ACCESS_TOKEN;
const apiUrl = `https://graph.threads.net/v1.0/me/threads`;
// Step 1: Create the first post
const firstPostParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
media_type: "TEXT",
text: firstPost,
});
const firstPostResponse = await fetch(
`${apiUrl}?${firstPostParameters.toString()}`,
{
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
},
).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof firstPostResponse === "string") {
return `Failed to send initial post to Threads. ${firstPostResponse}`;
}
if (!firstPostResponse.ok) {
const errorText = await firstPostResponse.text().catch(() => {
return firstPostResponse.statusText;
});
return `Failed to send initial post to Threads. Status: ${firstPostResponse.status.toString()} ${errorText}`;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- Fetch does not accept generics.
const firstPostData = await firstPostResponse.json() as ThreadsResponse;
if ("error" in firstPostData) {
return `Failed to send initial post to Threads. ${firstPostData.error.message}`;
}
if (!isValidString(firstPostData.id)) {
return `Failed to parse initial post ID from Threads. ${JSON.stringify(firstPostData)}`;
}
// Step 2: Publish the first post
const publishUrl = `https://graph.threads.net/v1.0/me/threads_publish`;
const publishParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
creation_id: firstPostData.id,
});
const publishResponse = await fetch(
`${publishUrl}?${publishParameters.toString()}`,
{
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
},
).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof publishResponse === "string") {
return `Failed to publish initial post to Threads. ${publishResponse}`;
}
if (!publishResponse.ok) {
const errorText = await publishResponse.text().catch(() => {
return publishResponse.statusText;
});
return `Failed to publish initial post to Threads. Status: ${publishResponse.status.toString()} ${errorText}`;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- Fetch does not accept generics.
const publishData = await publishResponse.json() as ThreadsSuccessResponse;
let parentThreadId = publishData.id;
// Step 3: Create replies for the rest of the posts
for (const post of restOfPosts) {
const replyParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
media_type: "TEXT",
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
reply_to_id: parentThreadId,
text: post,
});
// eslint-disable-next-line no-await-in-loop -- We need to do this sequentially.
const replyResponse = await fetch(
`${apiUrl}?${replyParameters.toString()}`,
{
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/x-www-form-urlencoded",
},
},
).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof replyResponse === "string") {
failedReplies.push(post);
continue;
}
if (!replyResponse.ok) {
failedReplies.push(post);
continue;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions, no-await-in-loop -- Fetch does not accept generics.
const replyData = await replyResponse.json() as ThreadsResponse;
if ("error" in replyData) {
failedReplies.push(post);
continue;
}
if (!isValidString(replyData.id)) {
failedReplies.push(post);
continue;
}
// Publish the reply
const replyPublishUrl = `https://graph.threads.net/v1.0/me/threads_publish`;
const replyPublishParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
creation_id: replyData.id,
});
// eslint-disable-next-line no-await-in-loop -- We need to do this sequentially.
const replyPublishResponse = await fetch(
`${replyPublishUrl}?${replyPublishParameters.toString()}`,
{
method: "POST",
},
).catch(() => {
return null;
});
if (replyPublishResponse?.ok !== true) {
failedReplies.push(post);
continue;
}
const replyPublishData
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions, no-await-in-loop -- Fetch does not accept generics.
= await replyPublishResponse.json() as ThreadsSuccessResponse;
parentThreadId = replyPublishData.id;
}
return `Successfully sent initial post to Threads. ${failedReplies.length > 0
? `Failed to send ${failedReplies.length.toString()} replies: ${failedReplies.join(", ")}`
: `All ${(content.length - 1).toString()} replies were sent successfully.`}`;
};
server/src/routes/announcement.ts
+4 -1
View File
@@ -11,6 +11,7 @@ import { announceOnDiscord } from "../modules/announceOnDiscord.js";
import { announceOnFacebook } from "../modules/announceOnFacebook.js";
import { announceOnMastodon } from "../modules/announceOnMastodon.js";
import { announceOnReddit } from "../modules/announceOnReddit.js";
import { announceOnThreads } from "../modules/announceOnThreads.js";
import { announceOnTwitter } from "../modules/announceOnTwitter.js";
import { generateAnnouncements } from "../modules/generateAnnouncements.js";
import { getIpFromRequest } from "../modules/getIpFromRequest.js";
@@ -94,6 +95,7 @@ export const announcementRoutes: FastifyPluginAsync = async(server) => {
facebook,
mastodon,
reddit,
threads,
twitter,
} = announcement.response;
const { title: discordTitle, content: discordContent } = discord;
@@ -121,9 +123,10 @@ export const announcementRoutes: FastifyPluginAsync = async(server) => {
const twitterPost = await announceOnTwitter(twitter);
const facebookPost = await announceOnFacebook(facebook);
const mastodonPost = await announceOnMastodon(mastodon);
const threadsPost = await announceOnThreads(threads);
return await reply.status(201).send({
cost: announcement.cost,
message: `Announcement processed. Discord: ${discordPost}, Reddit: ${redditPost}, Bluesky: ${blueskyPost}, Twitter: ${twitterPost}, Facebook: ${facebookPost}, Mastodon: ${mastodonPost}`,
message: `Announcement processed. Discord: ${discordPost}, Reddit: ${redditPost}, Bluesky: ${blueskyPost}, Twitter: ${twitterPost}, Facebook: ${facebookPost}, Mastodon: ${mastodonPost}, Threads: ${threadsPost}`,
rawPost: announcement.response,
});
},
server/threadsAuth.js
+604
View File
@@ -0,0 +1,604 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*
* Simple local server to authenticate with Threads (via Meta/Facebook) and obtain an Access Token.
* Run with: node threadsAuth.js
* Make sure to set THREADS_APP_ID and THREADS_APP_SECRET environment variables.
*
* Note: You need an Instagram Business Account linked to your Threads profile.
* The OAuth flow goes through Facebook's endpoints (Meta's unified platform) but uses
* Threads-specific app credentials.
*/
import http from "http";
import { URL } from "url";
const PORT = 3001; // Different port from Facebook auth
// Threads API requires HTTPS for OAuth redirects
// For local development, use ngrok: ngrok http 3001
// Then set THREADS_REDIRECT_URI to your ngrok HTTPS URL
const REDIRECT_URI =`https://local3001.nhcarrigan.com/callback`;
/**
* Creates the Threads OAuth authorization URL.
* Threads uses its own OAuth endpoint: threads.net/oauth/authorize
* @param {string} appId - The Threads App ID.
* @returns {string} The authorization URL.
*/
const getAuthUrl = (appId) => {
const params = new URLSearchParams({
client_id: appId,
redirect_uri: REDIRECT_URI,
scope: "threads_basic,threads_content_publish",
response_type: "code",
});
return `https://threads.net/oauth/authorize?${params.toString()}`;
};
/**
* Exchanges an authorization code for an access token.
* Threads uses its own token endpoint: graph.threads.net/oauth/access_token
* @param {string} code - The authorization code from Threads.
* @param {string} appId - The Threads App ID.
* @param {string} appSecret - The Threads App Secret.
* @returns {Promise<{access_token: string, user_id?: number}>} The access token response.
*/
const exchangeCodeForToken = async (code, appId, appSecret) => {
const params = new URLSearchParams({
client_id: appId,
client_secret: appSecret,
redirect_uri: REDIRECT_URI,
code: code,
grant_type: "authorization_code",
});
const response = await fetch(
`https://graph.threads.net/oauth/access_token`,
{
body: params,
method: "POST",
},
);
return await response.json();
};
/**
* Exchanges a short-lived token for a long-lived token.
* @param {string} shortLivedToken - The short-lived access token.
* @param {string} appId - The Threads App ID.
* @param {string} appSecret - The Threads App Secret.
* @returns {Promise<{access_token: string, expires_in?: number}>} The long-lived token response.
*/
const exchangeForLongLivedToken = async (shortLivedToken, appId, appSecret) => {
const params = new URLSearchParams({
grant_type: "fb_exchange_token",
client_id: appId,
client_secret: appSecret,
fb_exchange_token: shortLivedToken,
});
const response = await fetch(
`https://graph.facebook.com/v21.0/oauth/access_token?${params.toString()}`,
);
return await response.json();
};
/**
* Gets the user's Instagram Business Accounts.
* @param {string} accessToken - The user access token.
* @returns {Promise<Array>} Array of Instagram Business Accounts.
*/
const getInstagramAccounts = async (accessToken) => {
const response = await fetch(
`https://graph.facebook.com/v21.0/me/accounts?fields=instagram_business_account&access_token=${accessToken}`,
);
const data = await response.json();
const accounts = [];
if (data.data) {
for (const page of data.data) {
if (page.instagram_business_account) {
const igAccountResponse = await fetch(
`https://graph.facebook.com/v21.0/${page.instagram_business_account.id}?fields=id,username,threads_profile&access_token=${accessToken}`,
);
const igAccount = await igAccountResponse.json();
if (igAccount.threads_profile) {
accounts.push({
instagramAccountId: igAccount.id,
username: igAccount.username,
threadsProfileId: igAccount.threads_profile.id,
});
}
}
}
}
return accounts;
};
/**
* Sends an HTML response.
* @param {http.ServerResponse} res - The HTTP response object.
* @param {number} statusCode - The HTTP status code.
* @param {string} html - The HTML content to send.
*/
const sendHtml = (res, statusCode, html) => {
res.writeHead(statusCode, { "Content-Type": "text/html" });
res.end(html);
};
/**
* Sends a JSON response.
* @param {http.ServerResponse} res - The HTTP response object.
* @param {number} statusCode - The HTTP status code.
* @param {object} data - The JSON data to send.
*/
const sendJson = (res, statusCode, data) => {
res.writeHead(statusCode, { "Content-Type": "application/json" });
res.end(JSON.stringify(data, null, 2));
};
const appId = process.env.THREADS_APP_ID?.trim();
const appSecret = process.env.THREADS_APP_SECRET?.trim();
if (!appId || !appSecret) {
console.error(
"Error: THREADS_APP_ID and THREADS_APP_SECRET environment variables must be set.",
);
console.error(
"Example: THREADS_APP_ID=your_app_id THREADS_APP_SECRET=your_secret node threadsAuth.js",
);
process.exit(1);
}
// Validate App ID format (should be numeric)
if (!/^\d+$/.test(appId)) {
console.error(
`Error: THREADS_APP_ID does not appear to be valid. Got: "${appId}"`,
);
console.error(
"App ID should be a numeric string. Make sure you're using 'op run' to resolve 1Password references.",
);
console.error(
"Run: pnpm threadsAuth (or: op run --env-file=./prod.env -- node threadsAuth.js)",
);
process.exit(1);
}
const server = http.createServer(async (req, res) => {
const url = new URL(req.url, `http://localhost:${PORT}`);
// Root route - show auth link
if (url.pathname === "/") {
const authUrl = getAuthUrl(appId);
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Threads Token Generator</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
h1 {
color: #000;
margin-top: 0;
}
.button {
display: inline-block;
background: #000;
color: white;
padding: 12px 24px;
text-decoration: none;
border-radius: 6px;
font-weight: 600;
margin-top: 20px;
}
.button:hover {
background: #333;
}
.info {
background: #e3f2fd;
padding: 15px;
border-radius: 6px;
margin-top: 20px;
border-left: 4px solid #1877f2;
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
margin-top: 20px;
border-left: 4px solid #ff9800;
}
</style>
</head>
<body>
<div class="container">
<h1>πŸ” Threads Token Generator</h1>
<p>Click the button below to authenticate with Meta/Facebook and get your Threads Access Token.</p>
<a href="${authUrl}" class="button">Authenticate with Meta</a>
<div class="info">
<strong>Note:</strong> You need:
<ul>
<li>An Instagram Business Account</li>
<li>A Threads profile linked to that Instagram account</li>
<li>Admin access to a Facebook Page connected to your Instagram Business Account</li>
</ul>
</div>
<div class="warning">
<strong>⚠️ Important:</strong> Your Threads app must have:
<ul>
<li>Threads API product added</li>
<li><code>threads_basic</code> and <code>threads_content_publish</code> permissions approved</li>
<li>Valid OAuth Redirect URI: <code>${REDIRECT_URI}</code></li>
</ul>
</div>
${REDIRECT_URI.startsWith("http://") ? `
<div class="warning" style="background: #ffebee; border-left-color: #d32f2f;">
<strong>πŸ”’ HTTPS Required:</strong> Threads API requires HTTPS for OAuth redirects!
<ul>
<li>Install cloudflared: <code>brew install cloudflared</code> or download from <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/" target="_blank">cloudflare.com</a></li>
<li>Run: <code>cloudflared tunnel --url http://localhost:${PORT}</code></li>
<li>Copy the HTTPS URL (e.g., https://abc123.trycloudflare.com)</li>
<li>Set environment variable: <code>THREADS_REDIRECT_URI=https://abc123.trycloudflare.com/callback</code></li>
<li>Add the HTTPS URL to your Threads app's Valid OAuth Redirect URIs</li>
<li>Restart this server</li>
</ul>
</div>
` : ""}
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
}
// Callback route - handle OAuth callback
if (url.pathname === "/callback") {
// Threads appends #_ to the redirect URI - strip it from the URL
let code = url.searchParams.get("code");
const error = url.searchParams.get("error");
const errorReason = url.searchParams.get("error_reason");
const errorDescription = url.searchParams.get("error_description");
// Debug: Log the full callback URL to see what Threads is sending
console.log(`\nπŸ” Callback received:`);
console.log(` Full URL: ${url.href}`);
console.log(` Expected redirect URI: ${REDIRECT_URI}`);
console.log(` Error: ${error || "none"}`);
console.log(` Error reason: ${errorReason || "none"}`);
console.log(` Error description: ${errorDescription || "none"}\n`);
// If code is in the hash (after #_), extract it
if (!code && url.hash) {
const hashParams = new URLSearchParams(url.hash.substring(1));
code = hashParams.get("code");
}
if (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Authentication Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Authentication Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error}</p>
<p><strong>Error Reason:</strong> ${errorReason || "N/A"}</p>
<p><strong>Error Description:</strong> ${errorDescription || "N/A"}</p>
<p><strong>Full Callback URL:</strong> <code style="word-break: break-all;">${url.href}</code></p>
<p><strong>Expected Redirect URI:</strong> <code>${REDIRECT_URI}</code></p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 400, html);
}
if (!code) {
return sendHtml(
res,
400,
"<h1>Error</h1><p>No authorization code received.</p><a href='/'>Try again</a>",
);
}
try {
// Step 1: Exchange code for access token
const tokenResponse = await exchangeCodeForToken(code, appId, appSecret);
if (tokenResponse.error_type || tokenResponse.error_message) {
throw new Error(
tokenResponse.error_message || "Failed to exchange code for token",
);
}
if (!tokenResponse.access_token) {
throw new Error(
"No access token received. Response: " + JSON.stringify(tokenResponse),
);
}
const accessToken = tokenResponse.access_token;
const userId = tokenResponse.user_id;
// Step 2: Get Instagram Business Account ID
// The user_id from Threads token exchange is the Instagram Business Account ID
// We can also verify this by calling the Threads API
const accounts = [];
if (userId) {
// Try to get account info from Threads API
try {
const accountInfoResponse = await fetch(
`https://graph.threads.net/v1.0/${userId}?fields=id,username&access_token=${accessToken}`,
);
if (accountInfoResponse.ok) {
const accountInfo = await accountInfoResponse.json();
accounts.push({
instagramAccountId: userId.toString(),
username: accountInfo.username || "unknown",
threadsProfileId: userId.toString(), // Threads Profile ID is same as Instagram Business Account ID
});
} else {
// Fallback: use the user_id as Instagram Business Account ID
accounts.push({
instagramAccountId: userId.toString(),
username: "unknown",
threadsProfileId: userId.toString(),
});
}
} catch (err) {
// Fallback: use the user_id as Instagram Business Account ID
accounts.push({
instagramAccountId: userId.toString(),
username: "unknown",
threadsProfileId: userId.toString(),
});
}
}
if (accounts.length === 0) {
return sendHtml(
res,
200,
`
<!DOCTYPE html>
<html>
<head>
<title>No Threads Accounts Found</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
</style>
</head>
<body>
<div class="container">
<h1>⚠️ No Threads Accounts Found</h1>
<p>You don't have access to any Instagram Business Accounts with Threads profiles, or your Facebook Page isn't connected to an Instagram Business Account.</p>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`,
);
}
// Display results
const accountsHtml = accounts
.map(
(account) => `
<div style="background: #f5f5f5; padding: 15px; margin: 10px 0; border-radius: 6px;">
<h3>@${account.username}</h3>
<p><strong>Instagram Business Account ID:</strong> <code>${account.instagramAccountId}</code></p>
<p><strong>Threads Profile ID:</strong> <code>${account.threadsProfileId}</code></p>
<p><strong>Access Token:</strong></p>
<textarea readonly style="width: 100%; padding: 10px; font-family: monospace; border: 1px solid #ddd; border-radius: 4px; background: white;" rows="3">${accessToken}</textarea>
<p><strong>Note:</strong> Threads access tokens are short-lived. You may need to refresh them periodically.</p>
</div>
`,
)
.join("");
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Success! Your Threads Tokens</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 900px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.success {
background: #e8f5e9;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #4caf50;
margin-bottom: 20px;
}
h1 {
color: #4caf50;
margin-top: 0;
}
code {
background: #f5f5f5;
padding: 2px 6px;
border-radius: 3px;
font-family: 'Courier New', monospace;
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #ff9800;
margin-top: 20px;
}
</style>
</head>
<body>
<div class="container">
<h1>βœ… Success!</h1>
<div class="success">
<p><strong>Your Threads Access Tokens:</strong></p>
<p>Copy these values and add them to your environment variables.</p>
</div>
${accountsHtml}
<div class="warning">
<p><strong>⚠️ Important:</strong></p>
<ul>
<li>Store these tokens securely (like your other API credentials)</li>
<li>Add the access token to your environment variables as <code>THREADS_ACCESS_TOKEN</code></li>
<li>Add the Instagram Business Account ID as <code>THREADS_INSTAGRAM_ACCOUNT_ID</code></li>
<li>Add the Threads Profile ID as <code>THREADS_PROFILE_ID</code> (usually same as Instagram Account ID)</li>
<li>Threads tokens are short-lived and may need to be refreshed periodically</li>
</ul>
</div>
<p><a href="/">Start over</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
} catch (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error.message}</p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 500, html);
}
}
// 404
sendHtml(res, 404, "<h1>Not Found</h1><p><a href='/'>Go home</a></p>");
});
server.listen(PORT, () => {
console.log(`\nπŸš€ Threads Auth Server running at http://localhost:${PORT}`);
console.log(`\nπŸ“‹ Make sure you've set:`);
console.log(` - THREADS_APP_ID`);
console.log(` - THREADS_APP_SECRET`);
if (REDIRECT_URI.startsWith("http://")) {
console.log(`\nπŸ”’ HTTPS REQUIRED: Threads API requires HTTPS for OAuth redirects!`);
console.log(`\n Current redirect URI: ${REDIRECT_URI}`);
console.log(`\n To fix:`);
console.log(` 1. Install cloudflared: brew install cloudflared`);
console.log(` 2. Run: cloudflared tunnel --url http://localhost:${PORT}`);
console.log(` 3. Copy the HTTPS URL (e.g., https://abc123.trycloudflare.com)`);
console.log(` 4. Set: THREADS_REDIRECT_URI=https://abc123.trycloudflare.com/callback`);
console.log(` 5. Add the HTTPS URL to your Threads app's Valid OAuth Redirect URIs`);
console.log(` 6. Restart this server`);
} else {
console.log(`\nβœ… Using HTTPS redirect URI: ${REDIRECT_URI}`);
}
console.log(`\nπŸ”— Open http://localhost:${PORT} in your browser to start!`);
console.log(`\n⚠️ Make sure your Threads app has:`);
console.log(` - Threads API product added`);
console.log(` - threads_basic and threads_content_publish permissions`);
console.log(` - OAuth Redirect URI: ${REDIRECT_URI}`);
console.log(` - Client OAuth Login: ON`);
console.log(` - Web OAuth Login: ON`);
console.log(`\nπŸ’‘ Note: OAuth flow uses Threads-specific endpoints`);
console.log(`\nπŸ” Debug info:`);
console.log(` - Redirect URI: ${REDIRECT_URI}`);
console.log(` - URL-encoded: ${encodeURIComponent(REDIRECT_URI)}`);
console.log(` - Make sure this EXACTLY matches what's in your Threads app settings\n`);
});