Add cookie-based authentication support

Fixes #1303

src/apiutils.nim

@@ -28,12 +28,12 @@ proc getOauthHeader(url, oauthToken, oauthTokenSecret: string): string =
 
   return getOauth1RequestHeader(params)["authorization"]
 
-proc genHeaders*(url, oauthToken, oauthTokenSecret: string): HttpHeaders =
+proc getCookieHeader(authToken, ct0: string): string =
-  let header = getOauthHeader(url, oauthToken, oauthTokenSecret)
+  "auth_token=" & authToken & "; ct0=" & ct0
 
+proc genHeaders*(session: Session, url: string): HttpHeaders =
   result = newHttpHeaders({
     "connection": "keep-alive",
-    "authorization": header,
     "content-type": "application/json",
     "x-twitter-active-user": "yes",
     "authority": "api.x.com",
@@ -43,18 +43,32 @@ proc genHeaders*(url, oauthToken, oauthTokenSecret: string): HttpHeaders =
     "DNT": "1"
   })
 
+  case session.kind
+  of SessionKind.oauth:
+    result["authorization"] = getOauthHeader(url, session.oauthToken, session.oauthSecret)
+  of SessionKind.cookie:
+    result["cookie"] = getCookieHeader(session.authToken, session.ct0)
+    result["x-csrf-token"] = session.ct0
+    result["x-twitter-auth-type"] = "OAuth2Session"
+
 template fetchImpl(result, fetchBody) {.dirty.} =
   once:
     pool = HttpPool()
 
   var session = await getSession(api)
-  if session.oauthToken.len == 0:
+  case session.kind
-    echo "[sessions] Empty oauth token, session: ", session.id
+  of SessionKind.oauth:
-    raise rateLimitError()
+    if session.oauthToken.len == 0:
+      echo "[sessions] Empty oauth token, session: ", session.id
+      raise rateLimitError()
+  of SessionKind.cookie:
+    if session.authToken.len == 0 or session.ct0.len == 0:
+      echo "[sessions] Empty cookie credentials, session: ", session.id
+      raise rateLimitError()
 
   try:
     var resp: AsyncResponse
-    pool.use(genHeaders($url, session.oauthToken, session.oauthSecret)):
+    pool.use(genHeaders(session, $url)):
       template getContent =
         resp = await c.get($url)
         result = await resp.body

src/experimental/parser/session.nim

@@ -1,15 +1,27 @@
 import std/strutils
 import jsony
 import ../types/session
-from ../../types import Session
+from ../../types import Session, SessionKind
 
 proc parseSession*(raw: string): Session =
-  let 
+  let session = raw.fromJson(RawSession)
-    session = raw.fromJson(RawSession)
+  let kind = if session.kind == "": "oauth" else: session.kind
-    id = session.oauthToken[0 ..< session.oauthToken.find('-')]
 
-  result = Session(
+  case kind
-    id: parseBiggestInt(id),
+  of "oauth":
-    oauthToken: session.oauthToken,
+    let id = session.oauthToken[0 ..< session.oauthToken.find('-')]
-    oauthSecret: session.oauthTokenSecret
+    result = Session(
-  )
+      kind: SessionKind.oauth,
+      id: parseBiggestInt(id),
+      oauthToken: session.oauthToken,
+      oauthSecret: session.oauthTokenSecret
+    )
+  of "cookie":
+    result = Session(
+      kind: SessionKind.cookie,
+      id: 999,
+      authToken: session.authToken,
+      ct0: session.ct0
+    )
+  else:
+    raise newException(ValueError, "Unknown session kind: " & kind)

src/experimental/types/session.nim

@@ -1,4 +1,7 @@
 type
   RawSession* = object
+    kind*: string
     oauthToken*: string
     oauthTokenSecret*: string
+    authToken*: string
+    ct0*: string

src/types.nim

@@ -31,14 +31,23 @@ type
     remaining*: int
     reset*: int
 
+  SessionKind* = enum
+    oauth
+    cookie
+
   Session* = ref object
     id*: int64
-    oauthToken*: string
-    oauthSecret*: string
     pending*: int
     limited*: bool
     limitedAt*: int
     apis*: Table[Api, RateLimit]
+    case kind*: SessionKind
+    of oauth:
+      oauthToken*: string
+      oauthSecret*: string
+    of cookie:
+      authToken*: string
+      ct0*: string
 
   Error* = enum
     null = 0