tuitbot-core 0.1.47

Core library for Tuitbot autonomous X growth assistant
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280

//! Reqwest-based X API v2 HTTP client implementation.
//!
//! Provides `XApiHttpClient` which implements the `XApiClient` trait
//! using reqwest for HTTP requests with proper error mapping and
//! rate limit header parsing.

mod trait_impl;

#[cfg(test)]
mod tests;

use std::sync::Arc;
use tokio::sync::RwLock;

use crate::error::XApiError;
use crate::safety::redact::redact_secrets;
use crate::storage::{self, DbPool};

use super::types::{RateLimitInfo, XApiErrorResponse};

/// Default X API v2 base URL.
const DEFAULT_BASE_URL: &str = "https://api.x.com/2";

/// Default X API v1.1 media upload base URL.
const DEFAULT_UPLOAD_BASE_URL: &str = "https://upload.twitter.com/1.1";

/// Standard tweet fields requested on every query.
pub(crate) const TWEET_FIELDS: &str = "public_metrics,created_at,author_id,conversation_id";

/// Standard expansions requested on every query.
pub(crate) const EXPANSIONS: &str = "author_id";

/// Standard user fields requested on every query.
pub(crate) const USER_FIELDS: &str =
    "username,name,public_metrics,profile_image_url,description,location,url";

/// HTTP client for the X API v2.
///
/// Uses reqwest with Bearer token authentication. The access token
/// is stored behind an `Arc<RwLock>` so the token manager can
/// update it transparently after a refresh.
pub struct XApiHttpClient {
    pub(crate) client: reqwest::Client,
    pub(crate) base_url: String,
    pub(crate) upload_base_url: String,
    pub(crate) access_token: Arc<RwLock<String>>,
    pool: Arc<RwLock<Option<DbPool>>>,
}

impl XApiHttpClient {
    /// Create a new X API HTTP client with the given access token.
    pub fn new(access_token: String) -> Self {
        Self {
            client: reqwest::Client::new(),
            base_url: DEFAULT_BASE_URL.to_string(),
            upload_base_url: DEFAULT_UPLOAD_BASE_URL.to_string(),
            access_token: Arc::new(RwLock::new(access_token)),
            pool: Arc::new(RwLock::new(None)),
        }
    }

    /// Create a new client with a custom base URL (for testing with wiremock).
    pub fn with_base_url(access_token: String, base_url: String) -> Self {
        let upload_base_url = base_url.clone();
        Self {
            client: reqwest::Client::new(),
            base_url,
            upload_base_url,
            access_token: Arc::new(RwLock::new(access_token)),
            pool: Arc::new(RwLock::new(None)),
        }
    }

    /// Set the database pool for usage tracking.
    ///
    /// Called after DB initialization to enable fire-and-forget recording
    /// of every X API call.
    pub async fn set_pool(&self, pool: DbPool) {
        let mut lock = self.pool.write().await;
        *lock = Some(pool);
    }

    /// Get a shared reference to the access token lock for token manager integration.
    pub fn access_token_lock(&self) -> Arc<RwLock<String>> {
        self.access_token.clone()
    }

    /// Update the access token (used by token manager after refresh).
    pub async fn set_access_token(&self, token: String) {
        let mut lock = self.access_token.write().await;
        *lock = token;
    }

    /// Parse rate limit headers from an X API response.
    pub(crate) fn parse_rate_limit_headers(headers: &reqwest::header::HeaderMap) -> RateLimitInfo {
        let remaining = headers
            .get("x-rate-limit-remaining")
            .and_then(|v| v.to_str().ok())
            .and_then(|v| v.parse::<u64>().ok());

        let reset_at = headers
            .get("x-rate-limit-reset")
            .and_then(|v| v.to_str().ok())
            .and_then(|v| v.parse::<u64>().ok());

        RateLimitInfo {
            remaining,
            reset_at,
        }
    }

    /// Map an HTTP error response to a typed `XApiError`.
    pub(crate) async fn map_error_response(response: reqwest::Response) -> XApiError {
        let status = response.status().as_u16();
        let rate_info = Self::parse_rate_limit_headers(response.headers());

        let raw_body = response.text().await.unwrap_or_default();
        let error_detail = serde_json::from_str::<XApiErrorResponse>(&raw_body).ok();
        let body = redact_secrets(&raw_body);

        let message = error_detail
            .as_ref()
            .and_then(|e| e.detail.clone())
            .unwrap_or_else(|| body.clone());
        let message = redact_secrets(&message);

        match status {
            429 => {
                let retry_after = rate_info.reset_at.and_then(|reset| {
                    let now = chrono::Utc::now().timestamp() as u64;
                    reset.checked_sub(now)
                });
                XApiError::RateLimited { retry_after }
            }
            401 => XApiError::AuthExpired,
            403 if Self::is_scope_insufficient_message(&message) => {
                XApiError::ScopeInsufficient { message }
            }
            403 => XApiError::Forbidden { message },
            _ => XApiError::ApiError { status, message },
        }
    }

    fn is_scope_insufficient_message(message: &str) -> bool {
        let normalized = message.to_ascii_lowercase();
        normalized.contains("scope")
            && (normalized.contains("insufficient")
                || normalized.contains("missing")
                || normalized.contains("not granted")
                || normalized.contains("required"))
    }

    /// Record an API call in the usage tracking table (fire-and-forget).
    pub(crate) fn record_usage(&self, path: &str, method: &str, status_code: u16) {
        let pool_lock = self.pool.clone();
        let endpoint = path.to_string();
        let http_method = method.to_string();
        let cost = storage::x_api_usage::estimate_cost(&endpoint, &http_method);
        // Only record successful calls for cost (failed requests don't incur charges per X docs).
        let final_cost = if status_code < 400 { cost } else { 0.0 };
        tokio::spawn(async move {
            if let Some(pool) = pool_lock.read().await.as_ref() {
                if let Err(e) = storage::x_api_usage::insert_x_api_usage(
                    pool,
                    &endpoint,
                    &http_method,
                    status_code as i32,
                    final_cost,
                )
                .await
                {
                    tracing::warn!(error = %e, "Failed to record X API usage");
                }
            }
        });
    }

    /// Send a GET request and handle common error patterns.
    pub(crate) async fn get(
        &self,
        path: &str,
        query: &[(&str, &str)],
    ) -> Result<reqwest::Response, XApiError> {
        let token = self.access_token.read().await;
        let url = format!("{}{}", self.base_url, path);

        let response = self
            .client
            .get(&url)
            .bearer_auth(&*token)
            .query(query)
            .send()
            .await
            .map_err(|e| XApiError::Network { source: e })?;

        let status_code = response.status().as_u16();
        let rate_info = Self::parse_rate_limit_headers(response.headers());
        tracing::debug!(
            path,
            remaining = ?rate_info.remaining,
            reset_at = ?rate_info.reset_at,
            "X API response"
        );

        self.record_usage(path, "GET", status_code);

        if response.status().is_success() {
            Ok(response)
        } else {
            Err(Self::map_error_response(response).await)
        }
    }

    /// Send a DELETE request and handle common error patterns.
    pub(crate) async fn delete(&self, path: &str) -> Result<reqwest::Response, XApiError> {
        let token = self.access_token.read().await;
        let url = format!("{}{}", self.base_url, path);

        let response = self
            .client
            .delete(&url)
            .bearer_auth(&*token)
            .send()
            .await
            .map_err(|e| XApiError::Network { source: e })?;

        let status_code = response.status().as_u16();
        let rate_info = Self::parse_rate_limit_headers(response.headers());
        tracing::debug!(
            path,
            remaining = ?rate_info.remaining,
            reset_at = ?rate_info.reset_at,
            "X API response"
        );

        self.record_usage(path, "DELETE", status_code);

        if response.status().is_success() {
            Ok(response)
        } else {
            Err(Self::map_error_response(response).await)
        }
    }

    /// Send a POST request with JSON body and handle common error patterns.
    pub(crate) async fn post_json<T: serde::Serialize>(
        &self,
        path: &str,
        body: &T,
    ) -> Result<reqwest::Response, XApiError> {
        let token = self.access_token.read().await;
        let url = format!("{}{}", self.base_url, path);

        let response = self
            .client
            .post(&url)
            .bearer_auth(&*token)
            .json(body)
            .send()
            .await
            .map_err(|e| XApiError::Network { source: e })?;

        let status_code = response.status().as_u16();
        let rate_info = Self::parse_rate_limit_headers(response.headers());
        tracing::debug!(
            path,
            remaining = ?rate_info.remaining,
            reset_at = ?rate_info.reset_at,
            "X API response"
        );

        self.record_usage(path, "POST", status_code);

        if response.status().is_success() {
            Ok(response)
        } else {
            Err(Self::map_error_response(response).await)
        }
    }
}