A secure Flask-based backend API that powers a Chrome extension for sharing and accessing Twitter/X feeds among users. Built with enterprise-grade security, comprehensive error handling, and scalable architecture.
- Secure Authentication: JWT-based auth with bcrypt password hashing
- Feed Sharing: Share your Twitter feed with specific users
- Tweet Fetching: Asynchronous tweet retrieval with media support
- Cookie Management: Secure storage of X.com authentication cookies
- Caching System: 1-hour tweet caching for improved performance
- Database Pooling: PostgreSQL connection pooling for scalability
- Comprehensive Logging: Detailed logging for monitoring and debugging
- CORS Support: Full Chrome extension compatibility
- Backend: Flask (Python)
- Database: PostgreSQL with psycopg3
- Authentication: JWT tokens with bcrypt
- Twitter API: twikit library
- Async Processing: asyncio with ThreadPoolExecutor
- Security: Input validation, XSS protection, rate limiting
- Python 3.8+
- PostgreSQL 12+
- X.com account cookies (for tweet fetching)
- Connect your GitHub repository to Render
- Set environment variables in Render dashboard
- Deploy with automatic builds
python server.py
POST /api/register- Register new userPOST /api/login- User loginPOST /api/logout- User logoutGET /api/verify- Verify JWT token
GET /api/user/profile- Get user profileDELETE /api/user/delete- Delete user account
POST /api/share-feed- Share feed with another userGET /api/shared-users- Get users you've shared withGET /api/fetch-users- Get users who shared with youDELETE /api/unshare-feed/<username>- Revoke feed access
POST /api/save-cookies- Save X.com cookiesPOST /api/fetch-feed/<username>- Fetch tweets from shared feed
GET /health- Health check endpointPOST /api/cleanup-expired-tweets- Clean expired cache
- Password Security: Bcrypt hashing with salt rounds
- JWT Tokens: Secure token-based authentication
- Input Validation: Comprehensive input sanitization
- Database Security: Parameterized queries prevent SQL injection
- CORS Configuration: Secure cross-origin resource sharing
- Error Handling: Detailed error logging without information leakage
-- Users table users (id, username, password_hash, email, created_at, last_login, is_active) -- Feed sharing relationships feed_shares (owner_id, shared_with_id, created_at) feed_fetches (user_id, fetch_from_id, created_at) -- Cookie storage user_cookies (user_id, cookies, updated_at) -- Tweet caching user_tweets (user_id, fetched_from_id, tweets_data, fetched_at, expires_at)
DATABASE_URL: PostgreSQL connection stringSECRET_KEY: JWT signing secretPORT: Server port (default: 5000)
The API is designed to work with a Chrome extension that:
- Captures X.com cookies
- Sends authentication requests
- Manages feed sharing
- Displays fetched tweets
- Connection Pooling: Efficient database connections
- Async Processing: Non-blocking tweet fetching
- Caching System: 1-hour tweet cache reduces API calls
- Thread Pool: Concurrent request handling
- Automatic Cleanup: Expired data removal
- Custom exception classes for different error types
- Comprehensive logging with rotation
- Graceful degradation for external API failures
- Database retry logic with exponential backoff
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is for educational purposes. Ensure compliance with Twitter's Terms of Service and applicable laws when using this software.
For issues and questions:
- Check the GitHub Issues page
- Review the API documentation
- Check application logs for error details
Note: This backend requires a corresponding Chrome extension frontend to function as intended.