Add user-agent to guest_token request (#1359 )

Fix the checkmark position (#1347 )
Co-authored-by: yav <796176@protonmail.com>
2026-01-31 07:42:51 -05:00 · 2026-01-29 17:27:41 +01:00 · 2025-12-24 02:22:20 -05:00 · 2025-12-08 04:05:08 -05:00 · 2025-12-06 05:15:01 +01:00 · 2025-12-06 05:00:34 +01:00
12 changed files with 45 additions and 10 deletions
--- a/nitter.example.conf
+++ b/nitter.example.conf
@@ -26,7 +26,9 @@ enableRSS = true  # set this to false to disable RSS feeds
 enableDebug = false  # enable request logs and debug endpoints (/.sessions)
 proxy = ""  # http/https url, SOCKS proxies are not supported
 proxyAuth = ""
+apiProxy = "" # nitter-proxy host, e.g. localhost:7000
 disableTid = false # enable this if cookie-based auth is failing
+maxConcurrentReqs = 2 # max requests at a time per session to avoid race conditions

 # Change default preferences here, see src/prefs_impl.nim for a complete list
 [Preferences]
--- a/src/apiutils.nim
+++ b/src/apiutils.nim
@@ -13,10 +13,17 @@ const
 var 
  pool: HttpPool
  disableTid: bool
+  apiProxy: string

 proc setDisableTid*(disable: bool) =
  disableTid = disable

+proc setApiProxy*(url: string) =
+  if url.len > 0:
+    apiProxy = url.strip(chars={'/'}) & "/"
+    if "http" notin apiProxy:
+      apiProxy = "http://" & apiProxy
+
 proc toUrl(req: ApiReq; sessionKind: SessionKind): Uri =
  case sessionKind
  of oauth:  
@@ -56,7 +63,8 @@ proc genHeaders*(session: Session, url: Uri): Future[HttpHeaders] {.async.} =
    "origin": "https://x.com",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
    "x-twitter-active-user": "yes",
-    "x-twitter-client-language": "en"
+    "x-twitter-client-language": "en",
+    "priority": "u=1, i"
  })

  case session.kind
@@ -66,6 +74,12 @@ proc genHeaders*(session: Session, url: Uri): Future[HttpHeaders] {.async.} =
    result["x-twitter-auth-type"] = "OAuth2Session"
    result["x-csrf-token"] = session.ct0
    result["cookie"] = getCookieHeader(session.authToken, session.ct0)
+    result["sec-ch-ua"] = """"Google Chrome";v="142", "Chromium";v="142", "Not A(Brand";v="24""""
+    result["sec-ch-ua-mobile"] = "?0"
+    result["sec-ch-ua-platform"] = "Windows"
+    result["sec-fetch-dest"] = "empty"
+    result["sec-fetch-mode"] = "cors"
+    result["sec-fetch-site"] = "same-site"
    if disableTid:
      result["authorization"] = bearerToken2
    else:
@@ -92,7 +106,11 @@ template fetchImpl(result, fetchBody) {.dirty.} =
    var resp: AsyncResponse
    pool.use(await genHeaders(session, url)):
      template getContent =
-        resp = await c.get($url)
+        # TODO: this is a temporary simple implementation
+        if apiProxy.len > 0:
+          resp = await c.get(($url).replace("https://", apiProxy))
+        else:
+          resp = await c.get($url)
        result = await resp.body

      getContent()
--- a/src/auth.nim
+++ b/src/auth.nim
@@ -3,14 +3,17 @@ import std/[asyncdispatch, times, json, random, strutils, tables, packedsets, os
 import types, consts
 import experimental/parser/session

-# max requests at a time per session to avoid race conditions
-const
-  maxConcurrentReqs = 2
-  hourInSeconds = 60 * 60
+const hourInSeconds = 60 * 60

 var
  sessionPool: seq[Session]
  enableLogging = false
+  # max requests at a time per session to avoid race conditions
+  maxConcurrentReqs = 2
+
+proc setMaxConcurrentReqs*(reqs: int) =
+  if reqs > 0:
+    maxConcurrentReqs = reqs

 template log(str: varargs[string, `$`]) =
  echo "[sessions] ", str.join("")
--- a/src/config.nim
+++ b/src/config.nim
@@ -41,7 +41,9 @@ proc getConfig*(path: string): (Config, parseCfg.Config) =
    enableDebug: cfg.get("Config", "enableDebug", false),
    proxy: cfg.get("Config", "proxy", ""),
    proxyAuth: cfg.get("Config", "proxyAuth", ""),
-    disableTid: cfg.get("Config", "disableTid", false)
+    apiProxy: cfg.get("Config", "apiProxy", ""),
+    disableTid: cfg.get("Config", "disableTid", false),
+    maxConcurrentReqs: cfg.get("Config", "maxConcurrentReqs", 2)
  )

  return (conf, cfg)
--- a/src/nitter.nim
+++ b/src/nitter.nim
@@ -37,7 +37,9 @@ setHmacKey(cfg.hmacKey)
 setProxyEncoding(cfg.base64Media)
 setMaxHttpConns(cfg.httpMaxConns)
 setHttpProxy(cfg.proxy, cfg.proxyAuth)
+setApiProxy(cfg.apiProxy)
 setDisableTid(cfg.disableTid)
+setMaxConcurrentReqs(cfg.maxConcurrentReqs)
 initAboutPage(cfg.staticDir)

 waitFor initRedisPool(cfg)
--- a/src/routes/timeline.nim
+++ b/src/routes/timeline.nim
@@ -114,7 +114,7 @@ proc createTimelineRouter*(cfg: Config) =
    get "/@name/?@tab?/?":
      cond '.' notin @"name"
      cond @"name" notin ["pic", "gif", "video", "search", "settings", "login", "intent", "i"]
-      cond @"name".allCharsInSet({'a'..'z', 'A'..'Z', '0'..'9', '_'})
+      cond @"name".allCharsInSet({'a'..'z', 'A'..'Z', '0'..'9', '_', ','})
      cond @"tab" in ["with_replies", "media", "search", ""]
      let
        prefs = cookiePrefs()
--- a/src/types.nim
+++ b/src/types.nim
@@ -275,7 +275,9 @@ type
    enableDebug*: bool
    proxy*: string
    proxyAuth*: string
+    apiProxy*: string
    disableTid*: bool
+    maxConcurrentReqs*: int

    rssCacheTime*: int
    listCacheTime*: int
--- a/src/views/profile.nim
+++ b/src/views/profile.nim
@@ -26,6 +26,7 @@ proc renderUserCard*(user: User; prefs: Prefs): VNode =

      tdiv(class="profile-card-tabs-name"):
        linkUser(user, class="profile-card-fullname")
+        verifiedIcon(user)
        linkUser(user, class="profile-card-username")

    tdiv(class="profile-card-extra"):
--- a/src/views/renderutils.nim
+++ b/src/views/renderutils.nim
@@ -42,7 +42,6 @@ proc linkUser*(user: User, class=""): VNode =
  buildHtml(a(href=href, class=class, title=nameText)):
    text nameText
    if isName:
-      verifiedIcon(user)
      if user.protected:
        text " "
        icon "lock", title="Protected account"
--- a/src/views/timeline.nim
+++ b/src/views/timeline.nim
@@ -66,6 +66,7 @@ proc renderUser(user: User; prefs: Prefs): VNode =
        tdiv(class="tweet-name-row"):
          tdiv(class="fullname-and-username"):
            linkUser(user, class="fullname")
+            verifiedIcon(user)
        linkUser(user, class="username")

      tdiv(class="tweet-content media-body", dir="auto"):
--- a/src/views/tweet.nim
+++ b/src/views/tweet.nim
@@ -31,6 +31,7 @@ proc renderHeader(tweet: Tweet; retweet: string; pinned: bool; prefs: Prefs): VN
      tdiv(class="tweet-name-row"):
        tdiv(class="fullname-and-username"):
          linkUser(tweet.user, class="fullname")
+          verifiedIcon(tweet.user)
          linkUser(tweet.user, class="username")

        span(class="tweet-date"):
@@ -235,6 +236,7 @@ proc renderQuote(quote: Tweet; prefs: Prefs; path: string): VNode =
      tdiv(class="fullname-and-username"):
        renderMiniAvatar(quote.user, prefs)
        linkUser(quote.user, class="fullname")
+        verifiedIcon(quote.user)
        linkUser(quote.user, class="username")

      span(class="tweet-date"):
--- a/tools/get_session.py
+++ b/tools/get_session.py
@@ -21,7 +21,10 @@ def auth(username, password, otp_secret):

    guest_token = requests.post(
        "https://api.twitter.com/1.1/guest/activate.json",
-        headers={'Authorization': bearer_token}
+        headers={
+            'Authorization': bearer_token,
+             "User-Agent": "TwitterAndroid/10.21.0-release.0 (310210000-r-0) ONEPLUS+A3010/9"
+        }
    ).json().get('guest_token')

    if not guest_token:
Author	SHA1	Message	Date
cmj	a45227b883	Add user-agent to guest_token request (#1359 )	2026-01-29 17:27:41 +01:00
yav	a92e79ebc3	Fix the checkmark position (#1347 ) Co-authored-by: yav <796176@protonmail.com>	2025-12-24 02:22:20 -05:00
jackyzy823	baeaf685d3	Make maxConcurrentReqs configurable (#1341 )	2025-12-08 04:05:08 -05:00
Zed	51b54852dc	Add preliminary support for nitter-proxy	2025-12-06 05:15:01 +01:00
Zed	663f5a52e1	Improve headers	2025-12-06 05:00:34 +01:00
Zed	17fc2628f9	Minor fix	2025-11-30 18:07:27 +01:00
Zed	e741385828	Allow , in username to support multiple users Fixes #1329	2025-11-30 18:06:22 +01:00