search

hbang / libcephei

Useful functions for tweak developers
https://hbang.github.io/libcephei
Other
205 stars 33 forks source link

HBTwitterCell should probably allow or enforce user ID instead of handle #44

Closed 0cyn closed 3 years ago

0cyn commented 4 years ago

Due to a common trend of impersonation via handle, and people changing handles in general, it might be best to use User ID instead of twitter handle for PFP downloading and twitter links

0cyn commented 4 years ago

Link via userid https://stackoverflow.com/a/56924385

ID grabber https://codeofaninja.com/tools/find-twitter-id/

kirb commented 4 years ago

Hm, it’s a good idea. There used to be hardcoded logic to rewrite the old hbangws user to hashbang, after all…

https://twitter.com/intent/user?user_id=783214 should do the trick for this, it’s a documented feature and is supported by Twitter’s app links, nicely falling back to the mobile site. I’ll probably just drop support for the Twitter client url schemes at this point (do people actually use them any more?).

Not sure how to push devs to switch to user ids rather than usernames. I can’t stop usernames from being used, and there isn’t really a good place to put deprecation warnings that doesn’t needlessly interrupt the user. Logging to syslog will just get missed because of the useless flood of other messages in there. Plus to avoid an unnecessary API call, the username will still need to be provided for displaying in the subtitle.

Profile images is another problem, since the trick we’re using currently only works with usernames, but it looks like Twitter API v2 will allow me to do this in a legit way without having to first authenticate the user. 300 API calls per hour 15 mins seems like enough.

kirb commented 3 years ago

Implemented in 1.16. Wrote 300+ lines, not sure if it was worth it? Oh well, getting profile pics with the API is still safer long-term than doing the whole private method sketchy thing we were doing before.

Fun fact: The API method supports up to 300 requests per 15 minutes. I’ve been occasionally checking the application/rate_limit_status.json endpoint and haven’t seen it dip below about 250. I threw in 4 days of disk caching for API responses + profile pics, in addition to bulk requesting (e.g. if you throw a few dozen Twitter cells on a screen) to keep frequent calls down. Seems to do the job.