nhcarrigan/hikari
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 2 Pull Requests 3 Actions Releases Activity

feat: more automated announcements (#8)
Node.js CI / CI (push) Successful in 44s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m25s
Details

Browse Source 
### Explanation

Makes my life so much easier.

### Issue

_No response_

### Attestations

- [x] I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/)
- [x] I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/).
- [x] My contribution complies with the [Contributor Covenant](https://docs.nhcarrigan.com/dev/covenant/).

### Dependencies

- [x] I have pinned the dependencies to a specific patch version.

### Style

- [x] I have run the linter and resolved any errors.
- [x] My pull request uses an appropriate title, matching the conventional commit standards.
- [x] My scope of feat/fix/chore/etc. correctly matches the nature of changes in my pull request.

### Tests

- [ ] My contribution adds new code, and I have added tests to cover it.
- [ ] My contribution modifies existing code, and I have updated the tests to reflect these changes.
- [ ] All new and existing tests pass locally with my changes.
- [ ] Code coverage remains at or above the configured threshold.

### Documentation

_No response_

### Versioning

Minor - My pull request introduces a new non-breaking feature.

Reviewed-on: #8
Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
This commit was merged in pull request #8.
This commit is contained in:
Naomi Carrigan
2026-01-08 18:07:28 -08:00
committed by Naomi Carrigan
parent e462c9472d
commit 922dee415a
25 changed files with 2553 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/dev.env
+24 -1
View File
@@ -2,4 +2,27 @@ LOG_TOKEN="op://Environment Variables - Naomi/Alert Server/api_auth"
MONGO_URI="op://Environment Variables - Naomi/Hikari/mongo_uri"
DISCORD_TOKEN="op://Environment Variables - Naomi/Hikari/discord_token"
FORUM_API_KEY="op://Environment Variables - Naomi/Hikari/discourse_key"
ANNOUNCEMENT_TOKEN="op://Environment Variables - Naomi/Hikari/announcement_token"
ANNOUNCEMENT_TOKEN="op://Environment Variables - Naomi/Hikari/announcement_token"
REDDIT_CLIENT_ID="op://Environment Variables - Naomi/Hikari/reddit_client_id"
REDDIT_CLIENT_SECRET="op://Environment Variables - Naomi/Hikari/reddit_client_secret"
REDDIT_PASSWORD="op://Environment Variables - Naomi/Hikari/reddit_password"
REDDIT_USERNAME="op://Environment Variables - Naomi/Hikari/reddit_username"
BSKY_APP_PASSWORD="op://Environment Variables - Naomi/Hikari/bsky_password"
ANTHROPIC_KEY="op://Environment Variables - Naomi/Hikari/anthropic_key"
TWITTER_TOKEN="op://Environment Variables - Naomi/Hikari/twitter_access_token"
TWITTER_SECRET="op://Environment Variables - Naomi/Hikari/twitter_access_secret"
TWITTER_CONSUMER_KEY="op://Environment Variables - Naomi/Hikari/twitter_consumer_key"
TWITTER_CONSUMER_SECRET="op://Environment Variables - Naomi/Hikari/twitter_consumer_secret"
TWITTER_BEARER_TOKEN="op://Environment Variables - Naomi/Hikari/twitter_bearer_token"
SANCTION_WEBHOOK="op://Environment Variables - Naomi/Hikari/sanction_webhook"
FACEBOOK_PAGE_TOKEN="op://Environment Variables - Naomi/Hikari/facebook page token"
FACEBOOK_APP_ID="op://Environment Variables - Naomi/Hikari/facebook app id"
FACEBOOK_APP_SECRET="op://Environment Variables - Naomi/Hikari/facebook app secret"
FACEBOOK_PAGE_ID="op://Environment Variables - Naomi/Hikari/facebook page id"
LINKEDIN_CLIENT_ID="op://Environment Variables - Naomi/Hikari/linkedin client id"
LINKEDIN_CLIENT_SECRET="op://Environment Variables - Naomi/Hikari/linkedin client secret"
MASTODON_INSTANCE_URL="op://Environment Variables - Naomi/Hikari/mastodon url"
MASTODON_ACCESS_TOKEN="op://Environment Variables - Naomi/Hikari/mastodon token"
THREADS_APP_ID="op://Environment Variables - Naomi/Hikari/threads app id"
THREADS_APP_SECRET="op://Environment Variables - Naomi/Hikari/threads app secret"
THREADS_ACCESS_TOKEN=
server/facebookAuth.js
+514
View File
@@ -0,0 +1,514 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*
* Simple local server to authenticate with Facebook and obtain a Page Access Token.
* Run with: node facebookAuth.js
* Make sure to set FACEBOOK_APP_ID and FACEBOOK_APP_SECRET environment variables.
*/
import http from "http";
import { URL } from "url";
const PORT = 3000;
const REDIRECT_URI = `http://localhost:${PORT}/callback`;
/**
* Creates the Facebook OAuth authorization URL.
* @param {string} appId - The Facebook App ID.
* @returns {string} The authorization URL.
*/
const getAuthUrl = (appId) => {
const params = new URLSearchParams({
client_id: appId,
redirect_uri: REDIRECT_URI,
scope: "pages_manage_posts,pages_show_list",
response_type: "code",
});
return `https://www.facebook.com/v21.0/dialog/oauth?${params.toString()}`;
};
/**
* Exchanges an authorization code for an access token.
* @param {string} code - The authorization code from Facebook.
* @param {string} appId - The Facebook App ID.
* @param {string} appSecret - The Facebook App Secret.
* @returns {Promise<{access_token: string, expires_in?: number}>} The access token response.
*/
const exchangeCodeForToken = async (code, appId, appSecret) => {
const params = new URLSearchParams({
client_id: appId,
client_secret: appSecret,
redirect_uri: REDIRECT_URI,
code: code,
});
const response = await fetch(
`https://graph.facebook.com/v21.0/oauth/access_token?${params.toString()}`,
);
return await response.json();
};
/**
* Exchanges a short-lived token for a long-lived token.
* @param {string} shortLivedToken - The short-lived access token.
* @param {string} appId - The Facebook App ID.
* @param {string} appSecret - The Facebook App Secret.
* @returns {Promise<{access_token: string, expires_in?: number}>} The long-lived token response.
*/
const exchangeForLongLivedToken = async (shortLivedToken, appId, appSecret) => {
const params = new URLSearchParams({
grant_type: "fb_exchange_token",
client_id: appId,
client_secret: appSecret,
fb_exchange_token: shortLivedToken,
});
const response = await fetch(
`https://graph.facebook.com/v21.0/oauth/access_token?${params.toString()}`,
);
return await response.json();
};
/**
* Gets the user's pages.
* @param {string} accessToken - The user access token.
* @returns {Promise<Array>} Array of pages the user manages.
*/
const getUserPages = async (accessToken) => {
const response = await fetch(
`https://graph.facebook.com/v21.0/me/accounts?access_token=${accessToken}`,
);
const data = await response.json();
return data.data || [];
};
/**
* Gets a Page Access Token for a specific page.
* @param {string} pageId - The page ID.
* @param {string} userAccessToken - The user access token.
* @returns {Promise<string>} The Page Access Token.
*/
const getPageAccessToken = async (pageId, userAccessToken) => {
const response = await fetch(
`https://graph.facebook.com/v21.0/${pageId}?fields=access_token&access_token=${userAccessToken}`,
);
const data = await response.json();
return data.access_token;
};
/**
* Exchanges a short-lived Page Access Token for a long-lived one.
* @param {string} pageAccessToken - The short-lived Page Access Token.
* @param {string} appId - The Facebook App ID.
* @param {string} appSecret - The Facebook App Secret.
* @returns {Promise<{access_token: string, expires_in?: number}>} The long-lived Page Access Token.
*/
const exchangePageTokenForLongLived = async (
pageAccessToken,
appId,
appSecret,
) => {
const params = new URLSearchParams({
grant_type: "fb_exchange_token",
client_id: appId,
client_secret: appSecret,
fb_exchange_token: pageAccessToken,
});
const response = await fetch(
`https://graph.facebook.com/v21.0/oauth/access_token?${params.toString()}`,
);
return await response.json();
};
/**
* Sends an HTML response.
* @param {http.ServerResponse} res - The HTTP response object.
* @param {number} statusCode - The HTTP status code.
* @param {string} html - The HTML content to send.
*/
const sendHtml = (res, statusCode, html) => {
res.writeHead(statusCode, { "Content-Type": "text/html" });
res.end(html);
};
/**
* Sends a JSON response.
* @param {http.ServerResponse} res - The HTTP response object.
* @param {number} statusCode - The HTTP status code.
* @param {object} data - The JSON data to send.
*/
const sendJson = (res, statusCode, data) => {
res.writeHead(statusCode, { "Content-Type": "application/json" });
res.end(JSON.stringify(data, null, 2));
};
const appId = process.env.FACEBOOK_APP_ID;
const appSecret = process.env.FACEBOOK_APP_SECRET;
if (!appId || !appSecret) {
console.error(
"Error: FACEBOOK_APP_ID and FACEBOOK_APP_SECRET environment variables must be set.",
);
console.error(
"Example: FACEBOOK_APP_ID=your_app_id FACEBOOK_APP_SECRET=your_secret node facebookAuth.js",
);
process.exit(1);
}
const server = http.createServer(async (req, res) => {
const url = new URL(req.url, `http://localhost:${PORT}`);
// Root route - show auth link
if (url.pathname === "/") {
const authUrl = getAuthUrl(appId);
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Facebook Page Token Generator</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
h1 {
color: #1877f2;
margin-top: 0;
}
.button {
display: inline-block;
background: #1877f2;
color: white;
padding: 12px 24px;
text-decoration: none;
border-radius: 6px;
font-weight: 600;
margin-top: 20px;
}
.button:hover {
background: #166fe5;
}
.info {
background: #e3f2fd;
padding: 15px;
border-radius: 6px;
margin-top: 20px;
border-left: 4px solid #1877f2;
}
</style>
</head>
<body>
<div class="container">
<h1>🔐 Facebook Page Token Generator</h1>
<p>Click the button below to authenticate with Facebook and get your Page Access Token.</p>
<a href="${authUrl}" class="button">Authenticate with Facebook</a>
<div class="info">
<strong>Note:</strong> Make sure you're an admin of the Facebook Page you want to post to.
</div>
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
}
// Callback route - handle OAuth callback
if (url.pathname === "/callback") {
const code = url.searchParams.get("code");
const error = url.searchParams.get("error");
if (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Authentication Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Authentication Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error}</p>
<p>${url.searchParams.get("error_description") || ""}</p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 400, html);
}
if (!code) {
return sendHtml(
res,
400,
"<h1>Error</h1><p>No authorization code received.</p><a href='/'>Try again</a>",
);
}
try {
// Step 1: Exchange code for short-lived user token
const tokenResponse = await exchangeCodeForToken(code, appId, appSecret);
if (tokenResponse.error) {
throw new Error(
tokenResponse.error.message || "Failed to exchange code for token",
);
}
const shortLivedUserToken = tokenResponse.access_token;
// Step 2: Exchange for long-lived user token
const longLivedUserTokenResponse = await exchangeForLongLivedToken(
shortLivedUserToken,
appId,
appSecret,
);
if (longLivedUserTokenResponse.error) {
throw new Error(
longLivedUserTokenResponse.error.message ||
"Failed to exchange for long-lived token",
);
}
const longLivedUserToken = longLivedUserTokenResponse.access_token;
// Step 3: Get user's pages
const pages = await getUserPages(longLivedUserToken);
if (pages.length === 0) {
return sendHtml(
res,
200,
`
<!DOCTYPE html>
<html>
<head>
<title>No Pages Found</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
</style>
</head>
<body>
<div class="container">
<h1>⚠️ No Pages Found</h1>
<p>You don't have access to any Facebook Pages, or you're not an admin of any pages.</p>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`,
);
}
// Step 4: Get Page Access Tokens and exchange for long-lived
const pageTokens = [];
for (const page of pages) {
const pageAccessToken = await getPageAccessToken(
page.id,
longLivedUserToken,
);
const longLivedPageTokenResponse = await exchangePageTokenForLongLived(
pageAccessToken,
appId,
appSecret,
);
if (!longLivedPageTokenResponse.error) {
pageTokens.push({
pageId: page.id,
pageName: page.name,
accessToken: longLivedPageTokenResponse.access_token,
expiresIn: longLivedPageTokenResponse.expires_in,
});
}
}
// Display results
const pagesHtml = pageTokens
.map(
(pt) => `
<div style="background: #f5f5f5; padding: 15px; margin: 10px 0; border-radius: 6px;">
<h3>${pt.pageName}</h3>
<p><strong>Page ID:</strong> <code>${pt.pageId}</code></p>
<p><strong>Access Token:</strong></p>
<textarea readonly style="width: 100%; padding: 10px; font-family: monospace; border: 1px solid #ddd; border-radius: 4px; background: white;" rows="3">${pt.accessToken}</textarea>
<p><strong>Expires in:</strong> ${pt.expiresIn ? `${Math.floor(pt.expiresIn / 86400)} days` : "Never (as long as admin access is maintained)"}</p>
</div>
`,
)
.join("");
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Success! Your Page Tokens</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 900px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.success {
background: #e8f5e9;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #4caf50;
margin-bottom: 20px;
}
h1 {
color: #4caf50;
margin-top: 0;
}
code {
background: #f5f5f5;
padding: 2px 6px;
border-radius: 3px;
font-family: 'Courier New', monospace;
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #ff9800;
margin-top: 20px;
}
</style>
</head>
<body>
<div class="container">
<h1>✅ Success!</h1>
<div class="success">
<p><strong>Your Page Access Tokens:</strong></p>
<p>Copy these tokens and add them to your environment variables. Use the Page Access Token for the page you want to post to.</p>
</div>
${pagesHtml}
<div class="warning">
<p><strong>⚠️ Important:</strong></p>
<ul>
<li>Store these tokens securely (like your other API credentials)</li>
<li>Page Access Tokens don't expire as long as you remain an admin</li>
<li>Add the token to your environment variables as <code>FACEBOOK_PAGE_ACCESS_TOKEN</code></li>
<li>You'll also need the Page ID as <code>FACEBOOK_PAGE_ID</code></li>
</ul>
</div>
<p><a href="/">Start over</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
} catch (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error.message}</p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 500, html);
}
}
// 404
sendHtml(res, 404, "<h1>Not Found</h1><p><a href='/'>Go home</a></p>");
});
server.listen(PORT, () => {
console.log(`\n🚀 Facebook Auth Server running at http://localhost:${PORT}`);
console.log(`\n📋 Make sure you've set:`);
console.log(` - FACEBOOK_APP_ID`);
console.log(` - FACEBOOK_APP_SECRET`);
console.log(`\n🔗 Open http://localhost:${PORT} in your browser to start!\n`);
});
server/linkedinAuth.js
+510
View File
@@ -0,0 +1,510 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*
* Simple local server to authenticate with LinkedIn and obtain a Company Page Access Token.
* Run with: node linkedinAuth.js
* Make sure to set LINKEDIN_CLIENT_ID and LINKEDIN_CLIENT_SECRET environment variables.
*/
import http from "http";
import { URL } from "url";
const PORT = 3001; // Different port from Facebook auth server
const REDIRECT_URI = `http://localhost:${PORT}/callback`;
/**
* Creates the LinkedIn OAuth authorization URL.
* @param {string} clientId - The LinkedIn Client ID.
* @returns {string} The authorization URL.
*/
const getAuthUrl = (clientId) => {
const params = new URLSearchParams({
client_id: clientId,
redirect_uri: REDIRECT_URI,
// LinkedIn requires OpenID Connect scopes as base, plus organization permission
scope: "openid profile email w_organization_social",
response_type: "code",
state: "linkedin-auth-state", // CSRF protection
});
return `https://www.linkedin.com/oauth/v2/authorization?${params.toString()}`;
};
/**
* Exchanges an authorization code for an access token.
* @param {string} code - The authorization code from LinkedIn.
* @param {string} clientId - The LinkedIn Client ID.
* @param {string} clientSecret - The LinkedIn Client Secret.
* @returns {Promise<{access_token: string, expires_in?: number}>} The access token response.
*/
const exchangeCodeForToken = async (code, clientId, clientSecret) => {
const params = new URLSearchParams({
grant_type: "authorization_code",
code: code,
redirect_uri: REDIRECT_URI,
client_id: clientId,
client_secret: clientSecret,
});
const response = await fetch("https://www.linkedin.com/oauth/v2/accessToken", {
body: params.toString(),
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
});
return await response.json();
};
/**
* Gets the authenticated user's profile information.
* @param {string} accessToken - The access token.
* @returns {Promise<object>} The user profile.
*/
const getUserProfile = async (accessToken) => {
const response = await fetch(
"https://api.linkedin.com/v2/userinfo",
{
headers: {
"Authorization": `Bearer ${accessToken}`,
},
},
);
return await response.json();
};
/**
* Gets the organizations/companies the user manages.
* @param {string} accessToken - The access token.
* @returns {Promise<Array>} Array of organizations.
*/
const getUserOrganizations = async (accessToken) => {
// First, get the user's profile to get their ID
const profile = await getUserProfile(accessToken);
if (!profile.sub) {
return [];
}
// Get organizations using the Organization API
// Note: This requires the organization to be associated with your app
const response = await fetch(
`https://api.linkedin.com/v2/organizationalEntityAcls?q=roleAssignee&role=ADMINISTRATOR&state=APPROVED`,
{
headers: {
"Authorization": `Bearer ${accessToken}`,
},
},
);
const data = await response.json();
if (data.elements && data.elements.length > 0) {
// Get organization details for each
const orgDetails = [];
for (const element of data.elements) {
const orgId = element.organizationalTarget?.split(":")[1];
if (orgId) {
try {
const orgResponse = await fetch(
`https://api.linkedin.com/v2/organizations/${orgId}`,
{
headers: {
"Authorization": `Bearer ${accessToken}`,
},
},
);
const orgData = await orgResponse.json();
orgDetails.push({
id: orgId,
name: orgData.localizedName || orgData.name || `Organization ${orgId}`,
accessToken: accessToken, // Same token works for organization
});
} catch (error) {
// Skip if we can't get org details
console.error(`Failed to get org details for ${orgId}:`, error);
}
}
}
return orgDetails;
}
return [];
};
/**
* Sends an HTML response.
* @param {http.ServerResponse} res - The HTTP response object.
* @param {number} statusCode - The HTTP status code.
* @param {string} html - The HTML content to send.
*/
const sendHtml = (res, statusCode, html) => {
res.writeHead(statusCode, { "Content-Type": "text/html" });
res.end(html);
};
const clientId = process.env.LINKEDIN_CLIENT_ID;
const clientSecret = process.env.LINKEDIN_CLIENT_SECRET;
if (!clientId || !clientSecret) {
console.error(
"Error: LINKEDIN_CLIENT_ID and LINKEDIN_CLIENT_SECRET environment variables must be set.",
);
console.error(
"Example: LINKEDIN_CLIENT_ID=your_client_id LINKEDIN_CLIENT_SECRET=your_secret node linkedinAuth.js",
);
process.exit(1);
}
const server = http.createServer(async (req, res) => {
const url = new URL(req.url, `http://localhost:${PORT}`);
// Root route - show auth link
if (url.pathname === "/") {
const authUrl = getAuthUrl(clientId);
const html = `
<!DOCTYPE html>
<html>
<head>
<title>LinkedIn Company Page Token Generator</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
h1 {
color: #0077b5;
margin-top: 0;
}
.button {
display: inline-block;
background: #0077b5;
color: white;
padding: 12px 24px;
text-decoration: none;
border-radius: 6px;
font-weight: 600;
margin-top: 20px;
}
.button:hover {
background: #006399;
}
.info {
background: #e3f2fd;
padding: 15px;
border-radius: 6px;
margin-top: 20px;
border-left: 4px solid #0077b5;
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
margin-top: 20px;
border-left: 4px solid #ff9800;
}
</style>
</head>
<body>
<div class="container">
<h1>🔐 LinkedIn Company Page Token Generator</h1>
<p>Click the button below to authenticate with LinkedIn and get your Company Page Access Token.</p>
<a href="${authUrl}" class="button">Authenticate with LinkedIn</a>
<div class="info">
<strong>Note:</strong> Make sure you're an administrator of the LinkedIn Company Page you want to post to.
</div>
<div class="warning">
<strong>⚠️ Important:</strong> Your LinkedIn app must be associated with the Company Page. This requires:
<ul>
<li>The Company Page super admin must approve the app association</li>
<li>Your app must have "Sign In with LinkedIn using OpenID Connect" enabled in Products</li>
<li>The w_organization_social permission requires App Review approval</li>
<li>Business verification may be required</li>
</ul>
<p><strong>Note:</strong> If you get an invalid_scope_error, make sure OpenID Connect is enabled in your app settings.</p>
</div>
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
}
// Callback route - handle OAuth callback
if (url.pathname === "/callback") {
const code = url.searchParams.get("code");
const error = url.searchParams.get("error");
const errorDescription = url.searchParams.get("error_description");
if (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Authentication Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Authentication Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error}</p>
<p>${errorDescription || ""}</p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 400, html);
}
if (!code) {
return sendHtml(
res,
400,
"<h1>Error</h1><p>No authorization code received.</p><a href='/'>Try again</a>",
);
}
try {
// Step 1: Exchange code for access token
const tokenResponse = await exchangeCodeForToken(code, clientId, clientSecret);
if (tokenResponse.error) {
throw new Error(
tokenResponse.error_description || tokenResponse.error || "Failed to exchange code for token",
);
}
const accessToken = tokenResponse.access_token;
const expiresIn = tokenResponse.expires_in;
// Step 2: Get user's organizations
const organizations = await getUserOrganizations(accessToken);
if (organizations.length === 0) {
return sendHtml(
res,
200,
`
<!DOCTYPE html>
<html>
<head>
<title>No Organizations Found</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #ff9800;
margin-top: 20px;
}
</style>
</head>
<body>
<div class="container">
<h1>⚠️ No Organizations Found</h1>
<p>You don't have administrator access to any LinkedIn Company Pages, or your app isn't associated with any pages.</p>
<div class="warning">
<p><strong>Troubleshooting:</strong></p>
<ul>
<li>Make sure you're an administrator of the Company Page</li>
<li>Ensure your LinkedIn app is associated with the Company Page (requires super admin approval)</li>
<li>Check that your app has been approved for the w_organization_social permission</li>
<li>Verify your app is in Live mode if required</li>
</ul>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`,
);
}
// Display results
const orgsHtml = organizations
.map(
(org) => `
<div style="background: #f5f5f5; padding: 15px; margin: 10px 0; border-radius: 6px;">
<h3>${org.name}</h3>
<p><strong>Organization ID:</strong> <code>${org.id}</code></p>
<p><strong>Access Token:</strong></p>
<textarea readonly style="width: 100%; padding: 10px; font-family: monospace; border: 1px solid #ddd; border-radius: 4px; background: white;" rows="3">${org.accessToken}</textarea>
<p><strong>Expires in:</strong> ${expiresIn ? `${Math.floor(expiresIn / 86400)} days` : "Check token expiration"}</p>
</div>
`,
)
.join("");
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Success! Your Organization Tokens</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 900px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.success {
background: #e8f5e9;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #4caf50;
margin-bottom: 20px;
}
h1 {
color: #4caf50;
margin-top: 0;
}
code {
background: #f5f5f5;
padding: 2px 6px;
border-radius: 3px;
font-family: 'Courier New', monospace;
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #ff9800;
margin-top: 20px;
}
</style>
</head>
<body>
<div class="container">
<h1>✅ Success!</h1>
<div class="success">
<p><strong>Your Organization Access Tokens:</strong></p>
<p>Copy these tokens and add them to your environment variables. Use the Access Token for the organization you want to post to.</p>
</div>
${orgsHtml}
<div class="warning">
<p><strong>⚠️ Important:</strong></p>
<ul>
<li>Store these tokens securely (like your other API credentials)</li>
<li>LinkedIn access tokens typically expire after 60 days</li>
<li>Add the token to your environment variables as <code>LINKEDIN_ACCESS_TOKEN</code></li>
<li>You'll also need the Organization ID as <code>LINKEDIN_ORG_ID</code></li>
<li>Make sure your app is associated with the Company Page before posting</li>
</ul>
</div>
<p><a href="/">Start over</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
} catch (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error.message}</p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 500, html);
}
}
// 404
sendHtml(res, 404, "<h1>Not Found</h1><p><a href='/'>Go home</a></p>");
});
server.listen(PORT, () => {
console.log(`\n🚀 LinkedIn Auth Server running at http://localhost:${PORT}`);
console.log(`\n📋 Make sure you've set:`);
console.log(` - LINKEDIN_CLIENT_ID`);
console.log(` - LINKEDIN_CLIENT_SECRET`);
console.log(`\n🔗 Open http://localhost:${PORT} in your browser to start!\n`);
});
server/package.json
+7 -4
View File
@@ -9,21 +9,24 @@
"dev": "NODE_ENV=dev op run --env-file=./dev.env -- tsx watch ./src/index.ts",
"build": "tsx ./getDocs.ts && tsc",
"start": "op run --env-file=./prod.env -- node ./prod/index.js",
"test": "echo 'No tests yet' && exit 0"
"test": "echo 'No tests yet' && exit 0",
"facebookAuth": "op run --env-file=./prod.env -- node facebookAuth.js",
"linkedinAuth": "op run --env-file=./prod.env -- node linkedinAuth.js",
"threadsAuth": "op run --env-file=./prod.env -- node threadsAuth.js"
},
"keywords": [],
"author": "",
"license": "ISC",
"packageManager": "pnpm@10.12.3",
"dependencies": {
"@anthropic-ai/sdk": "0.56.0",
"@atproto/api": "0.15.26",
"@anthropic-ai/sdk": "0.71.2",
"@atproto/api": "0.18.8",
"@fastify/cors": "11.0.1",
"@nhcarrigan/logger": "1.0.0",
"@prisma/client": "6.11.1",
"fastify": "5.4.0",
"gray-matter": "4.0.3",
"twitter-api-v2": "1.24.0"
"twitter-api-v2": "1.28.0"
},
"devDependencies": {
"@types/node": "24.0.10",
server/prod.env
+12 -1
View File
@@ -14,4 +14,15 @@ TWITTER_SECRET="op://Environment Variables - Naomi/Hikari/twitter_access_secret"
TWITTER_CONSUMER_KEY="op://Environment Variables - Naomi/Hikari/twitter_consumer_key"
TWITTER_CONSUMER_SECRET="op://Environment Variables - Naomi/Hikari/twitter_consumer_secret"
TWITTER_BEARER_TOKEN="op://Environment Variables - Naomi/Hikari/twitter_bearer_token"
SANCTION_WEBHOOK="op://Environment Variables - Naomi/Hikari/sanction_webhook"
SANCTION_WEBHOOK="op://Environment Variables - Naomi/Hikari/sanction_webhook"
FACEBOOK_PAGE_TOKEN="op://Environment Variables - Naomi/Hikari/facebook page token"
FACEBOOK_APP_ID="op://Environment Variables - Naomi/Hikari/facebook app id"
FACEBOOK_APP_SECRET="op://Environment Variables - Naomi/Hikari/facebook app secret"
FACEBOOK_PAGE_ID="op://Environment Variables - Naomi/Hikari/facebook page id"
LINKEDIN_CLIENT_ID="op://Environment Variables - Naomi/Hikari/linkedin client id"
LINKEDIN_CLIENT_SECRET="op://Environment Variables - Naomi/Hikari/linkedin client secret"
MASTODON_INSTANCE_URL="op://Environment Variables - Naomi/Hikari/mastodon url"
MASTODON_ACCESS_TOKEN="op://Environment Variables - Naomi/Hikari/mastodon token"
THREADS_APP_ID="op://Environment Variables - Naomi/Hikari/threads app id"
THREADS_APP_SECRET="op://Environment Variables - Naomi/Hikari/threads app secret"
THREADS_ACCESS_TOKEN=
server/src/config/announcements.ts
+98
View File
@@ -0,0 +1,98 @@
/**
* @copyright NHCarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
/* eslint-disable stylistic/max-len -- The JSON schema is going to get very long. */
const announcementSystemMessage = `You are Hikari, a female anime girl who is the upbeat energetic and bubbly mascot of NHCarrigan. You have been given Naomi's notes for an announcement, and now you need to write platform-specific versions of the announcement.
Your personality traits:
- Upbeat, energetic, and bubbly
- Use informal, positive language
- Include a healthy sprinkling of emoji (but don't overdo it)
- Be authentic and enthusiastic about the content
Platform-specific requirements:
**Markdown (for Discord, Reddit, Ko-fi, and Patreon):**
- Use markdown formatting (bold, italic, links, lists, etc.)
- Include engaging titles that capture attention
- Write full, detailed content that tells the complete story
- Do NOT use hashtags (these platforms don't use them effectively)
- Include clear calls to action
- The same content will be used for Discord, Reddit, Ko-fi, and Patreon, so make it work well for all these platforms
**Threaded (for Threads, Twitter, Bluesky, and Mastodon):**
- Break content into a thread of individual posts
- Each post should be under 280 characters (to work for Twitter's limit, which is the most restrictive)
- Posts should flow naturally from one to the next
- Use relevant hashtags (2-3 per post maximum)
- Make the first post compelling to encourage thread reading
- Do NOT include post numbers or thread indicators (e.g., "1/5" or "🧵")
- Plain text format (no markdown)
- The same thread will be used for Threads, Twitter, Bluesky, and Mastodon
**Plaintext (for LinkedIn, Facebook, and Peerlist):**
- Plain text format (no markdown)
- Professional yet friendly tone, conversational style suitable for a broader audience
- Include 3-5 relevant hashtags
- Keep it concise but informative
- The same content will be used for LinkedIn, Facebook, and Peerlist
**Universal requirements:**
- All announcements must include a call to action to donate (https://donate.nhcarrigan.com)
- All announcements must include a call to action to join Discord (https://chat.nhcarrigan.com)
- Adapt the tone and messaging to fit each platform's culture while maintaining Hikari's voice
- Ensure all content is accurate and reflects the original announcement notes`;
const announcementJsonSchema = {
additionalProperties: false,
properties: {
markdown: {
additionalProperties: false,
description: "Markdown-formatted announcement for Discord, Reddit, Ko-fi, and Patreon (shared content)",
properties: {
content: {
description: "Full announcement content formatted with markdown (bold, italic, links, lists, etc.). Should include calls to action for donating and joining Discord. Will be used for Discord, Reddit, Ko-fi, and Patreon.",
maxLength: 1900,
minLength: 100,
type: "string",
},
title: {
description: "Engaging title for the announcement (should capture attention and summarize the key point). Will be used for Discord, Reddit, Ko-fi, and Patreon.",
maxLength: 256,
minLength: 25,
type: "string",
},
},
required: [ "content", "title" ],
type: "object",
},
plaintext: {
description: "Plain text announcement for LinkedIn, Facebook, and Peerlist (shared content). Should be professional yet friendly, conversational style suitable for a broader audience. Include 3-5 relevant hashtags and calls to action for donating and joining Discord.",
maxLength: 1900,
minLength: 100,
type: "string",
},
threaded: {
description: "Array of individual posts that form a thread. Will be used for Threads, Twitter, Bluesky, and Mastodon. Each post should be under 280 characters (Twitter's limit) and flow naturally from one to the next.",
items: {
description: "A single post in the thread (max 280 characters, no post numbers or thread indicators)",
maxLength: 280,
type: "string",
},
minItems: 1,
type: "array",
},
},
required: [
"markdown",
"plaintext",
"threaded",
],
type: "object",
};
export { announcementSystemMessage, announcementJsonSchema };
server/src/interfaces/announcementResponse.ts
+18
View File
@@ -0,0 +1,18 @@
/**
* @copyright NHCarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
/**
* This should match the JSON schema for the announcement response.
* @see {@link announcementJsonSchema}
*/
export interface AnnouncementResponse {
markdown: {
content: string;
title: string;
};
plaintext: string;
threaded: Array<string>;
}
server/src/interfaces/announcementType.ts
+10
View File
@@ -0,0 +1,10 @@
/**
* @copyright NHCarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
/**
* This really only exists so we can do a type guard.
*/
export type AnnouncementType = "products" | "community" | "company";
server/src/modules/announceOnBluesky.ts
+42 -4
View File
@@ -11,12 +11,18 @@ import { AtpAgent } from "@atproto/api";
* @param content - The main body of the announcement.
* @returns A message indicating the success or failure of the operation.
*/
// eslint-disable-next-line max-lines-per-function, max-statements -- This is a big function.
export const announceOnBluesky = async(
content: string,
content: Array<string>,
): Promise<string> => {
if (process.env.BSKY_APP_PASSWORD === undefined) {
return "Bluesky credentials are not set.";
}
const [ firstPost, ...restOfPosts ] = content;
const failedReplies: Array<string> = [];
if (firstPost === undefined) {
return "No posts to send to Bluesky.";
}
const agent = new AtpAgent({
service: "https://bsky.social",
});
@@ -25,14 +31,46 @@ export const announceOnBluesky = async(
password: process.env.BSKY_APP_PASSWORD,
});
const blueskyRequest = await agent.post({
text: content,
text: firstPost,
}).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof blueskyRequest === "string") {
return `Failed to send message to Bluesky. ${blueskyRequest}`;
return `Failed to send initial post to Bluesky. ${blueskyRequest}`;
}
return "Successfully sent message to Bluesky.";
const rootUri = blueskyRequest.uri;
const rootCid = blueskyRequest.cid;
let parentUri = rootUri;
let parentCid = rootCid;
for (const post of restOfPosts) {
// eslint-disable-next-line no-await-in-loop -- We need to do this sequentially.
const blueskyResponse = await agent.post({
reply: {
parent: {
cid: parentCid,
uri: parentUri,
},
root: {
cid: rootCid,
uri: rootUri,
},
},
text: post,
}).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof blueskyResponse === "string") {
failedReplies.push(post);
continue;
}
parentUri = blueskyResponse.uri;
parentCid = blueskyResponse.cid;
}
return `Successfully sent initial post to Bluesky. ${failedReplies.length > 0
? `Failed to send ${failedReplies.length.toString()} replies: ${failedReplies.join(", ")}`
: `All ${(content.length - 1).toString()} replies were sent successfully.`}`;
};
server/src/modules/announceOnDiscord.ts
+15 -6
View File
@@ -5,14 +5,23 @@
*/
/* eslint-disable @typescript-eslint/naming-convention -- we are making raw API calls. */
const channelIds = {
import type { AnnouncementType } from "../interfaces/announcementType.js";
const channelIds: Record<AnnouncementType, string> = {
community: "1386105484313886820",
company: "1422472775695728661",
products: "1386105452881776661",
} as const;
const roleIds = {
};
const roleIds: Record<Exclude<AnnouncementType, "company">, string> = {
community: "1386107941224054895",
products: "1386107909699666121",
} as const;
};
const getAnnouncementPing = (type: AnnouncementType): string => {
return type === "company"
? "@everyone"
: `<@&${roleIds[type]}>`;
};
/**
* Forwards an announcement to our Discord server.
@@ -24,14 +33,14 @@ const roleIds = {
export const announceOnDiscord = async(
title: string,
content: string,
type: "products" | "community",
type: AnnouncementType,
): Promise<string> => {
const messageRequest = await fetch(
`https://discord.com/api/v10/channels/${channelIds[type]}/messages`,
{
body: JSON.stringify({
allowed_mentions: { parse: [ "users", "roles" ] },
content: `# ${title}\n\n${content}\n-# <@&${roleIds[type]}>`,
content: `# ${title}\n\n${content}\n-# ${getAnnouncementPing(type)}`,
}),
headers: {
"Authorization": `Bot ${process.env.DISCORD_TOKEN ?? ""}`,
server/src/modules/announceOnFacebook.ts
+81
View File
@@ -0,0 +1,81 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
interface FacebookErrorResponse {
error: {
code: number;
message: string;
type: string;
};
}
interface FacebookSuccessResponse {
id: string;
}
type FacebookResponse = FacebookErrorResponse | FacebookSuccessResponse;
/**
* Forwards an announcement to our Facebook Page.
* @param content - The main body of the announcement.
* @returns A message indicating the success or failure of the operation.
*/
export const announceOnFacebook = async(content: string): Promise<string> => {
if (
process.env.FACEBOOK_PAGE_TOKEN === undefined
|| process.env.FACEBOOK_PAGE_ID === undefined
) {
return "Facebook credentials are not set.";
}
if (content.trim().length === 0) {
return "No content to send to Facebook.";
}
const pageId = process.env.FACEBOOK_PAGE_ID;
const accessToken = process.env.FACEBOOK_PAGE_TOKEN;
try {
const response = await fetch(
`https://graph.facebook.com/v21.0/${pageId}/feed`,
{
body: new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- Facebook API requires snake_case.
access_token: accessToken,
message: content,
}),
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
},
);
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- Fetch does not accept generic.
const result = (await response.json()) as FacebookResponse;
if ("error" in result) {
const errorMessage = result.error.message === ""
? JSON.stringify(result.error)
: result.error.message;
return `Failed to send message to Facebook. ${errorMessage}`;
}
if ("id" in result) {
return `Successfully sent post to Facebook. Post ID: ${result.id}`;
}
return `Failed to send message to Facebook. Unexpected response: ${JSON.stringify(result)}`;
} catch (error: unknown) {
return `Failed to send message to Facebook. ${
error instanceof Error
? error.message
: String(error)
}`;
}
};
server/src/modules/announceOnMastodon.ts
+96
View File
@@ -0,0 +1,96 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
import { isValidString } from "../utils/typeguards.js";
/**
* Forwards an announcement to our Mastodon account.
* @param content - The main body of the announcement.
* @returns A message indicating the success or failure of the operation.
*/
// eslint-disable-next-line max-lines-per-function, max-statements, complexity -- This is a big function.
export const announceOnMastodon = async(
content: Array<string>,
): Promise<string> => {
if (
process.env.MASTODON_INSTANCE_URL === undefined
|| process.env.MASTODON_ACCESS_TOKEN === undefined
) {
return "Mastodon credentials are not set.";
}
const [ firstPost, ...restOfPosts ] = content;
const failedReplies: Array<string> = [];
if (firstPost === undefined) {
return "No posts to send to Mastodon.";
}
const instanceUrl = process.env.MASTODON_INSTANCE_URL.replace(/\/$/, "");
const accessToken = process.env.MASTODON_ACCESS_TOKEN;
const apiUrl = `${instanceUrl}/api/v1/statuses`;
const headers = {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Authorization": `Bearer ${accessToken}`,
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/json",
};
const firstPostResponse = await fetch(apiUrl, {
body: JSON.stringify({ status: firstPost }),
headers: headers,
method: "POST",
}).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof firstPostResponse === "string") {
return `Failed to send initial post to Mastodon. ${firstPostResponse}`;
}
if (!firstPostResponse.ok) {
const errorText = await firstPostResponse.text().catch(() => {
return firstPostResponse.statusText;
});
return `Failed to send initial post to Mastodon. Status: ${firstPostResponse.status.toString()} ${errorText}`;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- Fetch does not accept generics.
const firstPostData = await firstPostResponse.json() as { id?: string };
if (firstPostData.id === undefined) {
return `Failed to parse initial post ID from Mastodon. ${JSON.stringify(firstPostData)}`;
}
let inReplyToId = firstPostData.id;
for (const post of restOfPosts) {
// eslint-disable-next-line no-await-in-loop -- We need to do this sequentially.
const replyResponse = await fetch(apiUrl, {
body: JSON.stringify({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
in_reply_to_id: inReplyToId,
status: post,
}),
headers: headers,
method: "POST",
}).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof replyResponse === "string") {
failedReplies.push(post);
continue;
}
if (!replyResponse.ok) {
failedReplies.push(post);
continue;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions, no-await-in-loop -- Fetch does not accept generics.
const replyData = await replyResponse.json() as { id?: string };
if (isValidString(replyData.id)) {
inReplyToId = replyData.id;
continue;
}
failedReplies.push(post);
}
return `Successfully sent initial post to Mastodon. ${failedReplies.length > 0
? `Failed to send ${failedReplies.length.toString()} replies: ${failedReplies.join(", ")}`
: `All ${(content.length - 1).toString()} replies were sent successfully.`}`;
};
server/src/modules/announceOnReddit.ts
+5 -2
View File
@@ -6,8 +6,11 @@
/* eslint-disable @typescript-eslint/naming-convention -- we are making raw API calls. */
/* eslint-disable max-lines-per-function -- Big logic here. */
const flairIds = {
import type { AnnouncementType } from "../interfaces/announcementType.js";
const flairIds: Record<AnnouncementType, string> = {
community: "7a01a5a6-0f29-11ef-a0c4-c6fb085f7c8f",
company: "dd8057c0-9e30-11f0-b321-d683551dcb2b",
products: "335e57b6-083f-11ef-96b3-0202af2d9d99",
};
@@ -21,7 +24,7 @@ const flairIds = {
export const announceOnReddit = async(
title: string,
content: string,
type: "products" | "community",
type: AnnouncementType,
): Promise<string> => {
if (
process.env.REDDIT_CLIENT_ID === undefined
server/src/modules/announceOnThreads.ts
+190
View File
@@ -0,0 +1,190 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
import { isValidString } from "../utils/typeguards.js";
interface ThreadsErrorResponse {
error: {
message: string;
type: string;
code: number;
};
}
interface ThreadsSuccessResponse {
id: string;
}
type ThreadsResponse = ThreadsErrorResponse | ThreadsSuccessResponse;
/**
* Forwards an announcement to our Threads account.
* @param content - The main body of the announcement.
* @returns A message indicating the success or failure of the operation.
*/
// eslint-disable-next-line max-lines-per-function, max-statements, complexity -- This is a big function.
export const announceOnThreads = async(
content: Array<string>,
): Promise<string> => {
if (
process.env.THREADS_ACCESS_TOKEN === undefined
) {
return "Threads credentials are not set.";
}
const [ firstPost, ...restOfPosts ] = content;
const failedReplies: Array<string> = [];
if (firstPost === undefined) {
return "No posts to send to Threads.";
}
const accessToken = process.env.THREADS_ACCESS_TOKEN;
const apiUrl = `https://graph.threads.net/v1.0/me/threads`;
// Step 1: Create the first post
const firstPostParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
media_type: "TEXT",
text: firstPost,
});
const firstPostResponse = await fetch(
`${apiUrl}?${firstPostParameters.toString()}`,
{
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
},
).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof firstPostResponse === "string") {
return `Failed to send initial post to Threads. ${firstPostResponse}`;
}
if (!firstPostResponse.ok) {
const errorText = await firstPostResponse.text().catch(() => {
return firstPostResponse.statusText;
});
return `Failed to send initial post to Threads. Status: ${firstPostResponse.status.toString()} ${errorText}`;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- Fetch does not accept generics.
const firstPostData = await firstPostResponse.json() as ThreadsResponse;
if ("error" in firstPostData) {
return `Failed to send initial post to Threads. ${firstPostData.error.message}`;
}
if (!isValidString(firstPostData.id)) {
return `Failed to parse initial post ID from Threads. ${JSON.stringify(firstPostData)}`;
}
// Step 2: Publish the first post
const publishUrl = `https://graph.threads.net/v1.0/me/threads_publish`;
const publishParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
creation_id: firstPostData.id,
});
const publishResponse = await fetch(
`${publishUrl}?${publishParameters.toString()}`,
{
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
},
).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof publishResponse === "string") {
return `Failed to publish initial post to Threads. ${publishResponse}`;
}
if (!publishResponse.ok) {
const errorText = await publishResponse.text().catch(() => {
return publishResponse.statusText;
});
return `Failed to publish initial post to Threads. Status: ${publishResponse.status.toString()} ${errorText}`;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- Fetch does not accept generics.
const publishData = await publishResponse.json() as ThreadsSuccessResponse;
let parentThreadId = publishData.id;
// Step 3: Create replies for the rest of the posts
for (const post of restOfPosts) {
const replyParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
media_type: "TEXT",
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
reply_to_id: parentThreadId,
text: post,
});
// eslint-disable-next-line no-await-in-loop -- We need to do this sequentially.
const replyResponse = await fetch(
`${apiUrl}?${replyParameters.toString()}`,
{
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- HTTP header name.
"Content-Type": "application/x-www-form-urlencoded",
},
},
).catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof replyResponse === "string") {
failedReplies.push(post);
continue;
}
if (!replyResponse.ok) {
failedReplies.push(post);
continue;
}
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions, no-await-in-loop -- Fetch does not accept generics.
const replyData = await replyResponse.json() as ThreadsResponse;
if ("error" in replyData) {
failedReplies.push(post);
continue;
}
if (!isValidString(replyData.id)) {
failedReplies.push(post);
continue;
}
// Publish the reply
const replyPublishUrl = `https://graph.threads.net/v1.0/me/threads_publish`;
const replyPublishParameters = new URLSearchParams({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
access_token: accessToken,
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement.
creation_id: replyData.id,
});
// eslint-disable-next-line no-await-in-loop -- We need to do this sequentially.
const replyPublishResponse = await fetch(
`${replyPublishUrl}?${replyPublishParameters.toString()}`,
{
method: "POST",
},
).catch(() => {
return null;
});
if (replyPublishResponse?.ok !== true) {
failedReplies.push(post);
continue;
}
const replyPublishData
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions, no-await-in-loop -- Fetch does not accept generics.
= await replyPublishResponse.json() as ThreadsSuccessResponse;
parentThreadId = replyPublishData.id;
}
return `Successfully sent initial post to Threads. ${failedReplies.length > 0
? `Failed to send ${failedReplies.length.toString()} replies: ${failedReplies.join(", ")}`
: `All ${(content.length - 1).toString()} replies were sent successfully.`}`;
};
server/src/modules/announceOnTwitter.ts
+43 -24
View File
@@ -11,31 +11,50 @@ import { TwitterApi } from "twitter-api-v2";
* @param content - The main body of the announcement.
* @returns A message indicating the success or failure of the operation.
*/
export const announceOnTwitter = async(content: string): Promise<string> => {
if (
process.env.TWITTER_CONSUMER_KEY === undefined
export const announceOnTwitter
= async(content: Array<string>): Promise<string> => {
if (
process.env.TWITTER_CONSUMER_KEY === undefined
|| process.env.TWITTER_CONSUMER_SECRET === undefined
|| process.env.TWITTER_TOKEN === undefined
|| process.env.TWITTER_SECRET === undefined
) {
return "Twitter credentials are not set.";
}
const twitterClient = new TwitterApi({
accessSecret: process.env.TWITTER_SECRET,
accessToken: process.env.TWITTER_TOKEN,
appKey: process.env.TWITTER_CONSUMER_KEY,
appSecret: process.env.TWITTER_CONSUMER_SECRET,
});
) {
return "Twitter credentials are not set.";
}
const twitterClient = new TwitterApi({
accessSecret: process.env.TWITTER_SECRET,
accessToken: process.env.TWITTER_TOKEN,
appKey: process.env.TWITTER_CONSUMER_KEY,
appSecret: process.env.TWITTER_CONSUMER_SECRET,
});
const result = await twitterClient.v2.
tweet(content).
catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof result === "string") {
return `Failed to send message to Twitter. ${result}`;
}
return "Successfully sent message to Twitter.";
};
const [ firstPost, ...restOfPosts ] = content;
const failedReplies: Array<string> = [];
if (firstPost === undefined) {
return "No posts to send to Twitter.";
}
const result = await twitterClient.v2.
tweet(firstPost).
catch((error: unknown) => {
return error instanceof Error
? error.message
: String(error);
});
if (typeof result === "string") {
return `Failed to send message to Twitter. ${result}`;
}
let { id } = result.data;
for (const post of restOfPosts) {
// eslint-disable-next-line no-await-in-loop -- We need to do this sequentially.
const twitterResponse = await twitterClient.v2.reply(post, id);
if (typeof twitterResponse !== "string") {
const { id: replyId } = twitterResponse.data;
id = replyId;
continue;
}
failedReplies.push(post);
}
return `Successfully sent initial post to Twitter. ${failedReplies.length > 0
? `Failed to send ${failedReplies.length.toString()} replies: ${failedReplies.join(", ")}`
: `All ${(content.length - 1).toString()} replies were sent successfully.`}`;
};
server/src/modules/generateAnnouncements.ts
+63
View File
@@ -0,0 +1,63 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
// eslint-disable-next-line @typescript-eslint/naming-convention -- 'Tis a class.
import Anthropic from "@anthropic-ai/sdk";
import {
announcementJsonSchema,
announcementSystemMessage,
} from "../config/announcements.js";
import { getAiCost } from "../utils/getAiCost.js";
import type { AnnouncementResponse }
from "../interfaces/announcementResponse.js";
/**
* Generates announcements for all platforms using AI.
* @param content - The main body of the announcement.
* @returns The announcements for all platforms, or null if the request fails.
*/
export const generateAnnouncements = async(
content: string,
): Promise<{ cost: string; response: AnnouncementResponse } | null> => {
if (process.env.ANTHROPIC_KEY === undefined) {
return null;
}
const anthropic = new Anthropic({
apiKey: process.env.ANTHROPIC_KEY,
timeout: 5 * 60 * 1000,
});
const response = await anthropic.beta.messages.create({
betas: [ "structured-outputs-2025-11-13" ],
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement
max_tokens: 10_000,
messages: [
{
content: content,
role: "user",
},
],
model: "claude-opus-4-5-20251101",
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement
output_format: {
schema: announcementJsonSchema,
type: "json_schema",
},
system: announcementSystemMessage,
});
const { usage, content: responseContent } = response;
const text = responseContent.find((m) => {
return m.type === "text";
});
if (text?.text === undefined) {
return null;
}
return {
cost: getAiCost(usage),
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- Being lazy.
response: JSON.parse(text.text) as AnnouncementResponse,
};
};
server/src/modules/summarisePost.ts
-44
View File
@@ -1,44 +0,0 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
// eslint-disable-next-line @typescript-eslint/naming-convention -- 'Tis a class.
import Anthropic from "@anthropic-ai/sdk";
/**
* Summarises an announcement using AI, to condense the content for platforms like Bluesky and Twitter.
* @param title - The title of the announcement.
* @param content - The main body of the announcement.
* @returns A message indicating the success or failure of the operation.
*/
export const summarisePost = async(
title: string,
content: string,
): Promise<string | null> => {
if (process.env.ANTHROPIC_KEY === undefined) {
return null;
}
const anthropic = new Anthropic({
apiKey: process.env.ANTHROPIC_KEY,
timeout: 5 * 60 * 1000,
});
const response = await anthropic.messages.create({
// eslint-disable-next-line @typescript-eslint/naming-convention -- API requirement
max_tokens: 1000,
messages: [
{
content: `# ${title}\n\n${content}`,
role: "user",
},
],
model: "claude-4-sonnet-20250514",
// eslint-disable-next-line stylistic/max-len -- This is a long system message.
system: "Summarise the post the user provides into a concise message suitable for social media platforms like Bluesky and Twitter. The summary should be engaging and informative, capturing the essence of the announcement. You may use no more than 280 characters, and should include relevant hashtags if appropriate.",
});
const text = response.content.find((m) => {
return m.type === "text";
});
return text?.text ?? null;
};
server/src/routes/announcement.ts
+62 -44
View File
@@ -8,10 +8,14 @@ import { blockedIps } from "../cache/blockedIps.js";
import { database } from "../db/database.js";
import { announceOnBluesky } from "../modules/announceOnBluesky.js";
import { announceOnDiscord } from "../modules/announceOnDiscord.js";
import { announceOnFacebook } from "../modules/announceOnFacebook.js";
import { announceOnMastodon } from "../modules/announceOnMastodon.js";
import { announceOnReddit } from "../modules/announceOnReddit.js";
import { announceOnThreads } from "../modules/announceOnThreads.js";
import { announceOnTwitter } from "../modules/announceOnTwitter.js";
import { generateAnnouncements } from "../modules/generateAnnouncements.js";
import { getIpFromRequest } from "../modules/getIpFromRequest.js";
import { summarisePost } from "../modules/summarisePost.js";
import { isAnnouncementType, isValidString } from "../utils/typeguards.js";
import type { FastifyPluginAsync } from "fastify";
const oneDay = 24 * 60 * 60 * 1000;
@@ -30,21 +34,26 @@ export const announcementRoutes: FastifyPluginAsync = async(server) => {
},
take: 10,
});
return await reply.status(200).type("application/json").
send(announcements.map((announcement) => {
return {
content: announcement.content,
createdAt: announcement.createdAt,
title: announcement.title,
type: announcement.type,
};
}));
return await reply.
status(200).
type("application/json").
send(
announcements.map((announcement) => {
return {
content: announcement.content,
createdAt: announcement.createdAt,
title: announcement.title,
type: announcement.type,
};
}),
);
});
// eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify requires Body instead of body.
server.post<{ Body: { title: string; content: string; type: string } }>(
server.post<{ Body: { content: string; type: string } }>(
"/announcement",
// eslint-disable-next-line complexity -- This is a complex route, but it is necessary to validate the announcement.
// eslint-disable-next-line max-statements -- This is a long function.
async(request, reply) => {
const token = request.headers.authorization;
if (token === undefined || token !== process.env.ANNOUNCEMENT_TOKEN) {
@@ -59,53 +68,62 @@ export const announcementRoutes: FastifyPluginAsync = async(server) => {
});
}
const { title, content, type } = request.body;
if (
typeof title !== "string"
|| typeof content !== "string"
|| typeof type !== "string"
|| title.length === 0
|| content.length === 0
|| type.length === 0
) {
const { content, type } = request.body;
if (!isValidString(content) || !isValidString(type)) {
return await reply.status(400).send({
error: "Missing required fields.",
});
}
if (type !== "products" && type !== "community") {
if (!isAnnouncementType(type)) {
return await reply.status(400).send({
error:
"Invalid announcement type. Available types: products, community.",
error: `Invalid announcement type. Available types: products, community, company.`,
});
}
const announcement = await generateAnnouncements(content);
if (announcement === null) {
return await reply.status(201).send({
message: `Failed to generate announcements.`,
});
}
const {
markdown,
plaintext,
threaded,
} = announcement.response;
const { title: markdownTitle, content: markdownContent } = markdown;
await database.getInstance().announcements.create({
data: {
content,
title,
type,
content: markdownContent,
title: markdownTitle,
type: type,
},
});
const discord = await announceOnDiscord(title, content, type);
const reddit = await announceOnReddit(title, content, type);
const summary = await summarisePost(title, content);
if (summary === null) {
return await reply.status(201).send({
message: `Announcement processed. Discord: ${discord}, Reddit: ${reddit}, Bluesky: Skipped (AI summarisation failed), Twitter: Skipped (AI summarisation failed).`,
});
}
if (summary.length > 280) {
return await reply.status(201).send({
message: `Announcement processed. Discord: ${discord}, Reddit: ${reddit}, Bluesky: Skipped (AI summary too long), Twitter: Skipped (AI summary too long).`,
});
}
const bluesky = await announceOnBluesky(summary);
const twitter = await announceOnTwitter(summary);
const discordPost = await announceOnDiscord(
markdownTitle,
markdownContent,
type,
);
const redditPost = await announceOnReddit(
markdownTitle,
markdownContent,
type,
);
const blueskyPost = await announceOnBluesky(threaded);
const twitterPost = await announceOnTwitter(threaded);
const facebookPost = await announceOnFacebook(plaintext);
const threadsPost = await announceOnThreads(threaded);
const mastodonPost = await announceOnMastodon(threaded);
return await reply.status(201).send({
message: `Announcement processed. Discord: ${discord}, Reddit: ${reddit}, Bluesky: ${bluesky}, Twitter: ${twitter}`,
alert: `Please remember to manually post to: LinkedIn, Peerlist, Ko-fi, and Patreon.`,
cost: announcement.cost,
message: `Announcement processed. Discord: ${discordPost}, Reddit: ${redditPost}, Bluesky: ${blueskyPost}, Twitter: ${twitterPost}, Facebook: ${facebookPost}, Threads: ${threadsPost}, Mastodon: ${mastodonPost}`,
rawPost: announcement.response,
});
},
);
server/src/routes/sanction.ts
+1 -1
View File
@@ -8,7 +8,7 @@ import { blockedIps } from "../cache/blockedIps.js";
import { database } from "../db/database.js";
import { getIpFromRequest } from "../modules/getIpFromRequest.js";
import { getSanctionComponents } from "../modules/getSanctionComponents.js";
import { isValidString } from "../utils/isValidString.js";
import { isValidString } from "../utils/typeguards.js";
import type { FastifyPluginAsync } from "fastify";
const oneDay = 24 * 60 * 60 * 1000;
server/src/utils/getAiCost.ts
+31
View File
@@ -0,0 +1,31 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
import type { BetaUsage } from "@anthropic-ai/sdk/resources/beta.js";
/**
* Calculates the cost of an AI response.
* @param usage - The usage payload from Anthropic.
* @returns A description of the cost of the AI response.
*/
export const getAiCost = (usage: BetaUsage): string => {
const { input_tokens: inputTokens, output_tokens: outputTokens } = usage;
const costPerInputToken = 5 / 1_000_000;
const costPerOutputToken = 25 / 1_000_000;
const inputCost = inputTokens * costPerInputToken;
const outputCost = outputTokens * costPerOutputToken;
const totalCost = inputCost + outputCost;
return `Input cost: ${inputCost.toLocaleString("en-GB", {
currency: "USD",
style: "currency",
})} Output cost: ${outputCost.toLocaleString("en-GB", {
currency: "USD",
style: "currency",
})} Total cost: ${totalCost.toLocaleString("en-GB", {
currency: "USD",
style: "currency",
})}`;
};
server/src/utils/isValidString.ts
-14
View File
@@ -1,14 +0,0 @@
/**
* @copyright NHCarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
/**
* Checks that a nullable value is a string and has length.
* @param maybeString -- The nullable value to check.
* @returns True if it is a string.
*/
export const isValidString = (maybeString: unknown): maybeString is string => {
return typeof maybeString === "string" && maybeString.length > 0;
};
server/src/utils/typeguards.ts
+32
View File
@@ -0,0 +1,32 @@
/**
* @copyright NHCarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
import type { AnnouncementType } from "../interfaces/announcementType.js";
/**
* Checks if a string is a valid announcement type.
* @param maybeType - The string to check.
* @returns True if it is a valid announcement type.
*/
const isAnnouncementType
= (maybeType: string): maybeType is AnnouncementType => {
return [
"products",
"community",
"company",
].includes(maybeType);
};
/**
* Checks that a nullable value is a string and has length.
* @param maybeString -- The nullable value to check.
* @returns True if it is a string.
*/
const isValidString = (maybeString: unknown): maybeString is string => {
return typeof maybeString === "string" && maybeString.length > 0;
};
export { isAnnouncementType, isValidString };
server/threadsAuth.js
+604
View File
@@ -0,0 +1,604 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*
* Simple local server to authenticate with Threads (via Meta/Facebook) and obtain an Access Token.
* Run with: node threadsAuth.js
* Make sure to set THREADS_APP_ID and THREADS_APP_SECRET environment variables.
*
* Note: You need an Instagram Business Account linked to your Threads profile.
* The OAuth flow goes through Facebook's endpoints (Meta's unified platform) but uses
* Threads-specific app credentials.
*/
import http from "http";
import { URL } from "url";
const PORT = 3001; // Different port from Facebook auth
// Threads API requires HTTPS for OAuth redirects
// For local development, use ngrok: ngrok http 3001
// Then set THREADS_REDIRECT_URI to your ngrok HTTPS URL
const REDIRECT_URI =`https://local3001.nhcarrigan.com/callback`;
/**
* Creates the Threads OAuth authorization URL.
* Threads uses its own OAuth endpoint: threads.net/oauth/authorize
* @param {string} appId - The Threads App ID.
* @returns {string} The authorization URL.
*/
const getAuthUrl = (appId) => {
const params = new URLSearchParams({
client_id: appId,
redirect_uri: REDIRECT_URI,
scope: "threads_basic,threads_content_publish",
response_type: "code",
});
return `https://threads.net/oauth/authorize?${params.toString()}`;
};
/**
* Exchanges an authorization code for an access token.
* Threads uses its own token endpoint: graph.threads.net/oauth/access_token
* @param {string} code - The authorization code from Threads.
* @param {string} appId - The Threads App ID.
* @param {string} appSecret - The Threads App Secret.
* @returns {Promise<{access_token: string, user_id?: number}>} The access token response.
*/
const exchangeCodeForToken = async (code, appId, appSecret) => {
const params = new URLSearchParams({
client_id: appId,
client_secret: appSecret,
redirect_uri: REDIRECT_URI,
code: code,
grant_type: "authorization_code",
});
const response = await fetch(
`https://graph.threads.net/oauth/access_token`,
{
body: params,
method: "POST",
},
);
return await response.json();
};
/**
* Exchanges a short-lived token for a long-lived token.
* @param {string} shortLivedToken - The short-lived access token.
* @param {string} appId - The Threads App ID.
* @param {string} appSecret - The Threads App Secret.
* @returns {Promise<{access_token: string, expires_in?: number}>} The long-lived token response.
*/
const exchangeForLongLivedToken = async (shortLivedToken, appId, appSecret) => {
const params = new URLSearchParams({
grant_type: "fb_exchange_token",
client_id: appId,
client_secret: appSecret,
fb_exchange_token: shortLivedToken,
});
const response = await fetch(
`https://graph.facebook.com/v21.0/oauth/access_token?${params.toString()}`,
);
return await response.json();
};
/**
* Gets the user's Instagram Business Accounts.
* @param {string} accessToken - The user access token.
* @returns {Promise<Array>} Array of Instagram Business Accounts.
*/
const getInstagramAccounts = async (accessToken) => {
const response = await fetch(
`https://graph.facebook.com/v21.0/me/accounts?fields=instagram_business_account&access_token=${accessToken}`,
);
const data = await response.json();
const accounts = [];
if (data.data) {
for (const page of data.data) {
if (page.instagram_business_account) {
const igAccountResponse = await fetch(
`https://graph.facebook.com/v21.0/${page.instagram_business_account.id}?fields=id,username,threads_profile&access_token=${accessToken}`,
);
const igAccount = await igAccountResponse.json();
if (igAccount.threads_profile) {
accounts.push({
instagramAccountId: igAccount.id,
username: igAccount.username,
threadsProfileId: igAccount.threads_profile.id,
});
}
}
}
}
return accounts;
};
/**
* Sends an HTML response.
* @param {http.ServerResponse} res - The HTTP response object.
* @param {number} statusCode - The HTTP status code.
* @param {string} html - The HTML content to send.
*/
const sendHtml = (res, statusCode, html) => {
res.writeHead(statusCode, { "Content-Type": "text/html" });
res.end(html);
};
/**
* Sends a JSON response.
* @param {http.ServerResponse} res - The HTTP response object.
* @param {number} statusCode - The HTTP status code.
* @param {object} data - The JSON data to send.
*/
const sendJson = (res, statusCode, data) => {
res.writeHead(statusCode, { "Content-Type": "application/json" });
res.end(JSON.stringify(data, null, 2));
};
const appId = process.env.THREADS_APP_ID?.trim();
const appSecret = process.env.THREADS_APP_SECRET?.trim();
if (!appId || !appSecret) {
console.error(
"Error: THREADS_APP_ID and THREADS_APP_SECRET environment variables must be set.",
);
console.error(
"Example: THREADS_APP_ID=your_app_id THREADS_APP_SECRET=your_secret node threadsAuth.js",
);
process.exit(1);
}
// Validate App ID format (should be numeric)
if (!/^\d+$/.test(appId)) {
console.error(
`Error: THREADS_APP_ID does not appear to be valid. Got: "${appId}"`,
);
console.error(
"App ID should be a numeric string. Make sure you're using 'op run' to resolve 1Password references.",
);
console.error(
"Run: pnpm threadsAuth (or: op run --env-file=./prod.env -- node threadsAuth.js)",
);
process.exit(1);
}
const server = http.createServer(async (req, res) => {
const url = new URL(req.url, `http://localhost:${PORT}`);
// Root route - show auth link
if (url.pathname === "/") {
const authUrl = getAuthUrl(appId);
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Threads Token Generator</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
h1 {
color: #000;
margin-top: 0;
}
.button {
display: inline-block;
background: #000;
color: white;
padding: 12px 24px;
text-decoration: none;
border-radius: 6px;
font-weight: 600;
margin-top: 20px;
}
.button:hover {
background: #333;
}
.info {
background: #e3f2fd;
padding: 15px;
border-radius: 6px;
margin-top: 20px;
border-left: 4px solid #1877f2;
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
margin-top: 20px;
border-left: 4px solid #ff9800;
}
</style>
</head>
<body>
<div class="container">
<h1>🔐 Threads Token Generator</h1>
<p>Click the button below to authenticate with Meta/Facebook and get your Threads Access Token.</p>
<a href="${authUrl}" class="button">Authenticate with Meta</a>
<div class="info">
<strong>Note:</strong> You need:
<ul>
<li>An Instagram Business Account</li>
<li>A Threads profile linked to that Instagram account</li>
<li>Admin access to a Facebook Page connected to your Instagram Business Account</li>
</ul>
</div>
<div class="warning">
<strong>⚠️ Important:</strong> Your Threads app must have:
<ul>
<li>Threads API product added</li>
<li><code>threads_basic</code> and <code>threads_content_publish</code> permissions approved</li>
<li>Valid OAuth Redirect URI: <code>${REDIRECT_URI}</code></li>
</ul>
</div>
${REDIRECT_URI.startsWith("http://") ? `
<div class="warning" style="background: #ffebee; border-left-color: #d32f2f;">
<strong>🔒 HTTPS Required:</strong> Threads API requires HTTPS for OAuth redirects!
<ul>
<li>Install cloudflared: <code>brew install cloudflared</code> or download from <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/" target="_blank">cloudflare.com</a></li>
<li>Run: <code>cloudflared tunnel --url http://localhost:${PORT}</code></li>
<li>Copy the HTTPS URL (e.g., https://abc123.trycloudflare.com)</li>
<li>Set environment variable: <code>THREADS_REDIRECT_URI=https://abc123.trycloudflare.com/callback</code></li>
<li>Add the HTTPS URL to your Threads app's Valid OAuth Redirect URIs</li>
<li>Restart this server</li>
</ul>
</div>
` : ""}
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
}
// Callback route - handle OAuth callback
if (url.pathname === "/callback") {
// Threads appends #_ to the redirect URI - strip it from the URL
let code = url.searchParams.get("code");
const error = url.searchParams.get("error");
const errorReason = url.searchParams.get("error_reason");
const errorDescription = url.searchParams.get("error_description");
// Debug: Log the full callback URL to see what Threads is sending
console.log(`\n🔍 Callback received:`);
console.log(` Full URL: ${url.href}`);
console.log(` Expected redirect URI: ${REDIRECT_URI}`);
console.log(` Error: ${error || "none"}`);
console.log(` Error reason: ${errorReason || "none"}`);
console.log(` Error description: ${errorDescription || "none"}\n`);
// If code is in the hash (after #_), extract it
if (!code && url.hash) {
const hashParams = new URLSearchParams(url.hash.substring(1));
code = hashParams.get("code");
}
if (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Authentication Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Authentication Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error}</p>
<p><strong>Error Reason:</strong> ${errorReason || "N/A"}</p>
<p><strong>Error Description:</strong> ${errorDescription || "N/A"}</p>
<p><strong>Full Callback URL:</strong> <code style="word-break: break-all;">${url.href}</code></p>
<p><strong>Expected Redirect URI:</strong> <code>${REDIRECT_URI}</code></p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 400, html);
}
if (!code) {
return sendHtml(
res,
400,
"<h1>Error</h1><p>No authorization code received.</p><a href='/'>Try again</a>",
);
}
try {
// Step 1: Exchange code for access token
const tokenResponse = await exchangeCodeForToken(code, appId, appSecret);
if (tokenResponse.error_type || tokenResponse.error_message) {
throw new Error(
tokenResponse.error_message || "Failed to exchange code for token",
);
}
if (!tokenResponse.access_token) {
throw new Error(
"No access token received. Response: " + JSON.stringify(tokenResponse),
);
}
const accessToken = tokenResponse.access_token;
const userId = tokenResponse.user_id;
// Step 2: Get Instagram Business Account ID
// The user_id from Threads token exchange is the Instagram Business Account ID
// We can also verify this by calling the Threads API
const accounts = [];
if (userId) {
// Try to get account info from Threads API
try {
const accountInfoResponse = await fetch(
`https://graph.threads.net/v1.0/${userId}?fields=id,username&access_token=${accessToken}`,
);
if (accountInfoResponse.ok) {
const accountInfo = await accountInfoResponse.json();
accounts.push({
instagramAccountId: userId.toString(),
username: accountInfo.username || "unknown",
threadsProfileId: userId.toString(), // Threads Profile ID is same as Instagram Business Account ID
});
} else {
// Fallback: use the user_id as Instagram Business Account ID
accounts.push({
instagramAccountId: userId.toString(),
username: "unknown",
threadsProfileId: userId.toString(),
});
}
} catch (err) {
// Fallback: use the user_id as Instagram Business Account ID
accounts.push({
instagramAccountId: userId.toString(),
username: "unknown",
threadsProfileId: userId.toString(),
});
}
}
if (accounts.length === 0) {
return sendHtml(
res,
200,
`
<!DOCTYPE html>
<html>
<head>
<title>No Threads Accounts Found</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
</style>
</head>
<body>
<div class="container">
<h1>⚠️ No Threads Accounts Found</h1>
<p>You don't have access to any Instagram Business Accounts with Threads profiles, or your Facebook Page isn't connected to an Instagram Business Account.</p>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`,
);
}
// Display results
const accountsHtml = accounts
.map(
(account) => `
<div style="background: #f5f5f5; padding: 15px; margin: 10px 0; border-radius: 6px;">
<h3>@${account.username}</h3>
<p><strong>Instagram Business Account ID:</strong> <code>${account.instagramAccountId}</code></p>
<p><strong>Threads Profile ID:</strong> <code>${account.threadsProfileId}</code></p>
<p><strong>Access Token:</strong></p>
<textarea readonly style="width: 100%; padding: 10px; font-family: monospace; border: 1px solid #ddd; border-radius: 4px; background: white;" rows="3">${accessToken}</textarea>
<p><strong>Note:</strong> Threads access tokens are short-lived. You may need to refresh them periodically.</p>
</div>
`,
)
.join("");
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Success! Your Threads Tokens</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 900px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.success {
background: #e8f5e9;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #4caf50;
margin-bottom: 20px;
}
h1 {
color: #4caf50;
margin-top: 0;
}
code {
background: #f5f5f5;
padding: 2px 6px;
border-radius: 3px;
font-family: 'Courier New', monospace;
}
.warning {
background: #fff3e0;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #ff9800;
margin-top: 20px;
}
</style>
</head>
<body>
<div class="container">
<h1>✅ Success!</h1>
<div class="success">
<p><strong>Your Threads Access Tokens:</strong></p>
<p>Copy these values and add them to your environment variables.</p>
</div>
${accountsHtml}
<div class="warning">
<p><strong>⚠️ Important:</strong></p>
<ul>
<li>Store these tokens securely (like your other API credentials)</li>
<li>Add the access token to your environment variables as <code>THREADS_ACCESS_TOKEN</code></li>
<li>Add the Instagram Business Account ID as <code>THREADS_INSTAGRAM_ACCOUNT_ID</code></li>
<li>Add the Threads Profile ID as <code>THREADS_PROFILE_ID</code> (usually same as Instagram Account ID)</li>
<li>Threads tokens are short-lived and may need to be refreshed periodically</li>
</ul>
</div>
<p><a href="/">Start over</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 200, html);
} catch (error) {
const html = `
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 800px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.error {
color: #d32f2f;
background: #ffebee;
padding: 15px;
border-radius: 6px;
border-left: 4px solid #d32f2f;
}
</style>
</head>
<body>
<div class="container">
<h1>❌ Error</h1>
<div class="error">
<p><strong>Error:</strong> ${error.message}</p>
</div>
<p><a href="/">Try again</a></p>
</div>
</body>
</html>
`;
return sendHtml(res, 500, html);
}
}
// 404
sendHtml(res, 404, "<h1>Not Found</h1><p><a href='/'>Go home</a></p>");
});
server.listen(PORT, () => {
console.log(`\n🚀 Threads Auth Server running at http://localhost:${PORT}`);
console.log(`\n📋 Make sure you've set:`);
console.log(` - THREADS_APP_ID`);
console.log(` - THREADS_APP_SECRET`);
if (REDIRECT_URI.startsWith("http://")) {
console.log(`\n🔒 HTTPS REQUIRED: Threads API requires HTTPS for OAuth redirects!`);
console.log(`\n Current redirect URI: ${REDIRECT_URI}`);
console.log(`\n To fix:`);
console.log(` 1. Install cloudflared: brew install cloudflared`);
console.log(` 2. Run: cloudflared tunnel --url http://localhost:${PORT}`);
console.log(` 3. Copy the HTTPS URL (e.g., https://abc123.trycloudflare.com)`);
console.log(` 4. Set: THREADS_REDIRECT_URI=https://abc123.trycloudflare.com/callback`);
console.log(` 5. Add the HTTPS URL to your Threads app's Valid OAuth Redirect URIs`);
console.log(` 6. Restart this server`);
} else {
console.log(`\n✅ Using HTTPS redirect URI: ${REDIRECT_URI}`);
}
console.log(`\n🔗 Open http://localhost:${PORT} in your browser to start!`);
console.log(`\n⚠️ Make sure your Threads app has:`);
console.log(` - Threads API product added`);
console.log(` - threads_basic and threads_content_publish permissions`);
console.log(` - OAuth Redirect URI: ${REDIRECT_URI}`);
console.log(` - Client OAuth Login: ON`);
console.log(` - Web OAuth Login: ON`);
console.log(`\n💡 Note: OAuth flow uses Threads-specific endpoints`);
console.log(`\n🔍 Debug info:`);
console.log(` - Redirect URI: ${REDIRECT_URI}`);
console.log(` - URL-encoded: ${encodeURIComponent(REDIRECT_URI)}`);
console.log(` - Make sure this EXACTLY matches what's in your Threads app settings\n`);
});