Forem: freerave The latest articles on Forem by freerave (@freerave). https://forem.com/freerave https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3563889%2F6ecf3060-63f8-46f1-9869-b61412ef894c.png Forem: freerave https://forem.com/freerave en The Hotfix Chronicles: What Broke After the Nexus Release and How I Fixed It (v1.5.2 & v1.5.3) freerave Fri, 17 Apr 2026 12:46:26 +0000 https://forem.com/freerave/the-hotfix-chronicles-what-broke-after-the-nexus-release-and-how-i-fixed-it-v152-v153-46o2 https://forem.com/freerave/the-hotfix-chronicles-what-broke-after-the-nexus-release-and-how-i-fixed-it-v152-v153-46o2 <h2> I promised I'd fix it. Here's exactly what broke in DotGhostBoard after v1.5.1 — PyInstaller frozen environments, insecure /tmp update paths, missing UI assets, and a polkit regression — and how each one was resolved. </h2> <blockquote> <p>This is a follow-up to <a href="https://dev.to/freerave/engineering-the-nexus-release-how-i-built-secure-e2ee-network-sync-into-a-linux-clipboard-manager-3ocd">Engineering the Nexus Release</a>. At the end of that article I wrote: <em>"Stay tuned for v2.0.0 Cerberus."</em> Before Cerberus ships, there's something I owe you — the full post-mortem on what broke in production immediately after that release.</p> </blockquote> <p>Check out the v1.5.3 highlight reel to see the new Live Terminal and Network Sync in action:</p> <p> <iframe src="https://www.youtube.com/embed/vqDU_tnvLy0"> </iframe> </p> <h2> What Happened After v1.5.1 Shipped </h2> <p>The Nexus architecture held. mDNS discovery worked. E2EE pairing worked. The sync engine worked.</p> <p>What didn't work: <strong>the UI didn't load on any bundled build.</strong></p> <p>Users who downloaded the <code>.AppImage</code> or <code>.deb</code> were greeted with a white window. No stylesheet. No dark theme. Just a blank Qt frame. The app was running — but blind.</p> <p>That was the beginning of the <code>v1.5.2 → v1.5.3</code> hotfix sprint.</p> <h2> Bug 1 — The White Window (PyInstaller Frozen Environment) </h2> <h3> Root Cause </h3> <p>When PyInstaller bundles an app, it doesn't just copy files — it extracts them into a temporary directory at runtime called <code>sys._MEIPASS</code>. The problem is that code like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ Breaks in bundled builds </span><span class="n">base</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">dirname</span><span class="p">(</span><span class="n">__file__</span><span class="p">)</span> <span class="n">qss_path</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">base</span><span class="p">,</span> <span class="sh">"</span><span class="s">ui</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ghost.qss</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>...works perfectly when you run <code>python main.py</code> from source, because <code>__file__</code> points to the project root. But inside a frozen <code>.AppImage</code>, <code>__file__</code> resolves to a virtual path inside the bundle — and <code>ghost.qss</code> is nowhere near it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Source mode: __file__ → /home/user/DotGhostBoard/core/app.py ✅ Frozen mode: __file__ → /tmp/_MEI3xk9/core/app.py ✅ ghost.qss → ??? ❌ </code></pre> </div> <p>The UI stylesheet <code>ghost.qss</code> simply couldn't be found. Qt silently fell back to its default theme. White window.</p> <h3> The Fix: <code>resource_path</code> Bridge </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># core/paths.py </span><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">sys</span> <span class="k">def</span> <span class="nf">_base_dir</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Detect whether we</span><span class="sh">'</span><span class="s">re running from source or a PyInstaller bundle. In frozen mode, all assets are extracted to sys._MEIPASS at runtime. </span><span class="sh">"""</span> <span class="k">if</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">sys</span><span class="p">,</span> <span class="sh">"</span><span class="s">frozen</span><span class="sh">"</span><span class="p">,</span> <span class="bp">False</span><span class="p">)</span> <span class="ow">and</span> <span class="nf">hasattr</span><span class="p">(</span><span class="n">sys</span><span class="p">,</span> <span class="sh">"</span><span class="s">_MEIPASS</span><span class="sh">"</span><span class="p">):</span> <span class="k">return</span> <span class="n">sys</span><span class="p">.</span><span class="n">_MEIPASS</span> <span class="c1"># PyInstaller extraction folder </span> <span class="k">return</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">dirname</span><span class="p">(</span> <span class="c1"># two levels up from core/paths.py </span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">dirname</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">abspath</span><span class="p">(</span><span class="n">__file__</span><span class="p">))</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">resource_path</span><span class="p">(</span><span class="o">*</span><span class="n">parts</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Build an absolute path to any bundled asset, regardless of runtime mode. Usage: resource_path(</span><span class="sh">"</span><span class="s">ui</span><span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="s">ghost.qss</span><span class="sh">"</span><span class="s">) → /tmp/_MEIxxxx/ui/ghost.qss resource_path(</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="s">icon.png</span><span class="sh">"</span><span class="s">) → /home/user/Project/data/icon.png </span><span class="sh">"""</span> <span class="k">return</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nf">_base_dir</span><span class="p">(),</span> <span class="o">*</span><span class="n">parts</span><span class="p">)</span> </code></pre> </div> <p>Decision flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> App requests: resource_path("ui", "ghost.qss") │ is_frozen? / \ Yes No │ │ sys._MEIPASS Project Root │ │ /tmp/_MEIxxxx/ui/ghost.qss /home/user/.../ui/ghost.qss </code></pre> </div> <p>Every asset reference in the codebase was updated to go through <code>resource_path()</code>. The white window was gone.</p> <h3> The CI Side of This Bug </h3> <p>But wait — local builds worked. CI builds didn't. Why?</p> <p>Because the PyInstaller command in the workflow was missing the <code>--add-data</code> directive for the UI directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># ❌ v1.5.1 — ghost.qss never made it into the bundle</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">pyinstaller --noconsole --onedir \</span> <span class="s">--add-data "data:data" \</span> <span class="s">--hidden-import "PyQt6.sip" \</span> <span class="s">--name dotghostboard main.py</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># ✅ v1.5.3 — explicitly map the UI directory</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">pyinstaller --noconsole --onedir \</span> <span class="s">--add-data "data:data" \</span> <span class="s">--add-data "ui/ghost.qss:ui" \ # ← this line was the missing piece</span> <span class="s">--hidden-import "PyQt6.sip" \</span> <span class="s">--hidden-import "cryptography" \</span> <span class="s">--hidden-import "cryptography.hazmat.primitives.asymmetric.x25519" \</span> <span class="s">--hidden-import "cryptography.hazmat.primitives.ciphers.aead" \</span> <span class="s">--name dotghostboard main.py</span> </code></pre> </div> <p>The <code>--add-data</code> syntax is <code>"source:dest"</code> — it maps the source path on the build machine to the relative path inside <code>_MEIPASS</code>. Without it, PyInstaller doesn't know the file exists and silently skips it.</p> <blockquote> <p><strong>The deceptive part:</strong> local <code>pyinstaller</code> builds work because <code>pyinstaller</code> finds <code>ui/ghost.qss</code> relative to the working directory. The GitHub Actions runner has a clean checkout with the same structure — but without explicit <code>--add-data</code>, the file is excluded from the bundle spec. Same command, different behavior depending on how PyInstaller resolves paths in its analysis phase.</p> </blockquote> <p>You can verify any <code>.deb</code> build has the file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dpkg <span class="nt">-c</span> dotghostboard_1.5.3_amd64.deb | <span class="nb">grep </span>ui/ <span class="c"># Expected: ... _internal/ui/ghost.qss</span> </code></pre> </div> <h2> Bug 2 — Insecure Update Download Path </h2> <p>In <code>v1.5.1</code>, the in-app "Download Update" feature used <code>/tmp/</code> as the staging area:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ v1.5.1 </span><span class="n">download_path</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">/tmp/dotghostboard_</span><span class="si">{</span><span class="n">version</span><span class="si">}</span><span class="s">_amd64.deb</span><span class="sh">"</span> </code></pre> </div> <p><code>/tmp/</code> is world-readable, world-writable, and wiped on reboot. For a one-time download that's fine. For a security tool that downloads and installs packages — it's a TOCTOU (Time-Of-Check to Time-Of-Use) attack surface. An attacker with local access could replace the <code>.deb</code> between download and installation.</p> <h3> The Fix: User-Specific Sandbox </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ✅ v1.5.2+ </span><span class="kn">import</span> <span class="n">os</span> <span class="k">def</span> <span class="nf">get_update_staging_dir</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Returns a user-specific, restricted directory for staging update packages. Created with mode 0o700 — only the owning user can read or write. </span><span class="sh">"""</span> <span class="n">path</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">expanduser</span><span class="p">(</span><span class="sh">"</span><span class="s">~</span><span class="sh">"</span><span class="p">),</span> <span class="sh">"</span><span class="s">.local</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">share</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">dotghostboard</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">updates</span><span class="sh">"</span> <span class="p">)</span> <span class="n">os</span><span class="p">.</span><span class="nf">makedirs</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="n">mode</span><span class="o">=</span><span class="mo">0o700</span><span class="p">,</span> <span class="n">exist_ok</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="n">path</span> <span class="n">SAFE_PATH</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nf">get_update_staging_dir</span><span class="p">(),</span> <span class="sa">f</span><span class="sh">"</span><span class="s">dotghostboard_</span><span class="si">{</span><span class="n">version</span><span class="si">}</span><span class="s">_amd64.deb</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>v1.5.1</th> <th>v1.5.2+</th> </tr> </thead> <tbody> <tr> <td>Download path</td> <td><code>/tmp/</code></td> <td><code>~/.local/share/dotghostboard/updates/</code></td> </tr> <tr> <td>Readable by other users</td> <td>Yes</td> <td>No (<code>0o700</code>)</td> </tr> <tr> <td>Survives reboot</td> <td>No</td> <td>Yes</td> </tr> <tr> <td>Integrity check</td> <td>None</td> <td>SHA-256 (v1.5.3)</td> </tr> </tbody> </table></div> <h3> The Kamikaze Installer </h3> <p>The install script itself also needed hardening. After <code>dpkg -i</code> finishes, no artifacts should remain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="c"># dotghostboard_install.sh — self-destructs after use</span> <span class="nv">SAFE_PATH</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> dpkg <span class="nt">-i</span> <span class="s2">"</span><span class="nv">$SAFE_PATH</span><span class="s2">"</span> <span class="c"># Install the package</span> <span class="nb">rm</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$SAFE_PATH</span><span class="s2">"</span> <span class="c"># Wipe the .deb from disk</span> <span class="nb">rm</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$0</span><span class="s2">"</span> <span class="c"># Wipe this script itself</span> </code></pre> </div> <p>Nothing lingers. No old <code>.deb</code> sitting in a directory. No script to be re-executed.</p> <h2> Bug 3 — Polkit SUID Regression on Kali </h2> <p>Kali Linux (and some hardened Arch setups) occasionally strip or reset the SUID bit on <code>/usr/bin/pkexec</code> after system updates. This caused the in-app "Download &amp; Install" button to fail silently — <code>pkexec</code> would return a permission error, and the UI would just hang.</p> <p>The fix was embedded directly in the package's <code>postinst</code> script — it runs as <code>root</code> immediately after <code>dpkg -i</code> completes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="c"># DEBIAN/postinst</span> <span class="nb">set</span> <span class="nt">-e</span> fix_pkexec<span class="o">()</span> <span class="o">{</span> <span class="nv">PKEXEC</span><span class="o">=</span><span class="s2">"/usr/bin/pkexec"</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$PKEXEC</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nv">CURRENT_PERMS</span><span class="o">=</span><span class="si">$(</span><span class="nb">stat</span> <span class="nt">-c</span> <span class="s2">"%a"</span> <span class="s2">"</span><span class="nv">$PKEXEC</span><span class="s2">"</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$CURRENT_PERMS</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"4755"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"dotghostboard: repairing pkexec SUID bit (</span><span class="nv">$CURRENT_PERMS</span><span class="s2"> → 4755)"</span> <span class="nb">chmod </span>4755 <span class="s2">"</span><span class="nv">$PKEXEC</span><span class="s2">"</span> <span class="k">fi fi</span> <span class="o">}</span> <span class="k">case</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="k">in </span>configure<span class="p">)</span> fix_pkexec <span class="p">;;</span> <span class="k">esac</span> <span class="nb">exit </span>0 </code></pre> </div> <p>Logic flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go"> dpkg -i dotghostboard_1.5.3_amd64.deb │ └── postinst runs as root │ /usr/bin/pkexec exists? │ current perms == 4755? / \ Yes No │ │ Skip chmod 4755 │ "Download &amp; Install" works </span></code></pre> </div> <p>This is controversial — touching SUID bits in a <code>postinst</code> script is aggressive. But the alternative is users filing issues that are impossible to debug remotely, or writing a setup guide that says "run <code>chmod 4755 /usr/bin/pkexec</code> after installing." The autorepair is the lesser evil.</p> <h2> Feature: Live Terminal Log (v1.5.3) </h2> <p>While fixing the above bugs, I replaced the old "Please Wait..." dialog during updates with a live terminal stream. It felt wrong to show a spinner while <code>dpkg</code> was doing real work with real output.</p> <h3> Architecture </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ui/update_log_screen.py </span><span class="kn">from</span> <span class="n">PyQt6.QtCore</span> <span class="kn">import</span> <span class="n">QThread</span><span class="p">,</span> <span class="n">pyqtSignal</span> <span class="kn">import</span> <span class="n">subprocess</span> <span class="k">class</span> <span class="nc">InstallWorker</span><span class="p">(</span><span class="n">QThread</span><span class="p">):</span> <span class="n">log_line</span> <span class="o">=</span> <span class="nf">pyqtSignal</span><span class="p">(</span><span class="nb">str</span><span class="p">)</span> <span class="c1"># emitted for every line of dpkg output </span> <span class="n">finished</span> <span class="o">=</span> <span class="nf">pyqtSignal</span><span class="p">(</span><span class="nb">int</span><span class="p">)</span> <span class="c1"># exit code </span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">script_path</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">script_path</span> <span class="o">=</span> <span class="n">script_path</span> <span class="k">def</span> <span class="nf">run</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">process</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="nc">Popen</span><span class="p">(</span> <span class="p">[</span><span class="sh">"</span><span class="s">bash</span><span class="sh">"</span><span class="p">,</span> <span class="n">self</span><span class="p">.</span><span class="n">script_path</span><span class="p">],</span> <span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="p">.</span><span class="n">PIPE</span><span class="p">,</span> <span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="p">.</span><span class="n">STDOUT</span><span class="p">,</span> <span class="c1"># merge stderr into stdout </span> <span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">bufsize</span><span class="o">=</span><span class="mi">1</span> <span class="c1"># line-buffered </span> <span class="p">)</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="n">process</span><span class="p">.</span><span class="n">stdout</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">log_line</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="n">line</span><span class="p">.</span><span class="nf">rstrip</span><span class="p">())</span> <span class="n">process</span><span class="p">.</span><span class="nf">wait</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">finished</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="n">process</span><span class="p">.</span><span class="n">returncode</span><span class="p">)</span> </code></pre> </div> <p>On the UI side:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Color mapping — Regex-based, no AI required </span><span class="kn">import</span> <span class="n">re</span> <span class="kn">from</span> <span class="n">PyQt6.QtGui</span> <span class="kn">import</span> <span class="n">QColor</span> <span class="n">COLOR_MAP</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span><span class="n">re</span><span class="p">.</span><span class="nf">compile</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">\berror\b</span><span class="sh">'</span><span class="p">,</span> <span class="n">re</span><span class="p">.</span><span class="n">I</span><span class="p">),</span> <span class="sh">"</span><span class="s">#FF5555</span><span class="sh">"</span><span class="p">),</span> <span class="c1"># red </span> <span class="p">(</span><span class="n">re</span><span class="p">.</span><span class="nf">compile</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">\bwarning\b</span><span class="sh">'</span><span class="p">,</span> <span class="n">re</span><span class="p">.</span><span class="n">I</span><span class="p">),</span> <span class="sh">"</span><span class="s">#FFB86C</span><span class="sh">"</span><span class="p">),</span> <span class="c1"># amber </span> <span class="p">(</span><span class="n">re</span><span class="p">.</span><span class="nf">compile</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">\bSetting up\b|\bProcessing\b</span><span class="sh">'</span><span class="p">),</span> <span class="sh">"</span><span class="s">#50FA7B</span><span class="sh">"</span><span class="p">),</span> <span class="c1"># green </span> <span class="p">(</span><span class="n">re</span><span class="p">.</span><span class="nf">compile</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">^--</span><span class="sh">'</span><span class="p">),</span> <span class="sh">"</span><span class="s">#8BE9FD</span><span class="sh">"</span><span class="p">),</span> <span class="c1"># cyan for steps </span><span class="p">]</span> <span class="k">def</span> <span class="nf">colorize</span><span class="p">(</span><span class="n">line</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">for</span> <span class="n">pattern</span><span class="p">,</span> <span class="n">color</span> <span class="ow">in</span> <span class="n">COLOR_MAP</span><span class="p">:</span> <span class="k">if</span> <span class="n">pattern</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="n">line</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">'</span><span class="s">&lt;span style=</span><span class="sh">"</span><span class="s">color:</span><span class="si">{</span><span class="n">color</span><span class="si">}</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">line</span><span class="si">}</span><span class="s">&lt;/span&gt;</span><span class="sh">'</span> <span class="k">return</span> <span class="n">line</span> <span class="c1"># default — white </span> <span class="k">def</span> <span class="nf">on_log_line</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">line</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">log_box</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="nf">colorize</span><span class="p">(</span><span class="n">line</span><span class="p">))</span> <span class="c1"># Auto-scroll to bottom </span> <span class="n">sb</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">log_box</span><span class="p">.</span><span class="nf">verticalScrollBar</span><span class="p">()</span> <span class="n">sb</span><span class="p">.</span><span class="nf">setValue</span><span class="p">(</span><span class="n">sb</span><span class="p">.</span><span class="nf">maximum</span><span class="p">())</span> </code></pre> </div> <p>The blinking cursor is driven by a <code>QTimer</code> — no threads, no complexity:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">self</span><span class="p">.</span><span class="n">_cursor_visible</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">self</span><span class="p">.</span><span class="n">_cursor_timer</span> <span class="o">=</span> <span class="nc">QTimer</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">_cursor_timer</span><span class="p">.</span><span class="n">timeout</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">_blink_cursor</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">_cursor_timer</span><span class="p">.</span><span class="nf">start</span><span class="p">(</span><span class="mi">500</span><span class="p">)</span> <span class="c1"># 500ms interval </span> <span class="k">def</span> <span class="nf">_blink_cursor</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_cursor_visible</span> <span class="o">=</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="n">_cursor_visible</span> <span class="n">self</span><span class="p">.</span><span class="n">cursor_label</span><span class="p">.</span><span class="nf">setText</span><span class="p">(</span><span class="sh">"</span><span class="s">█</span><span class="sh">"</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">_cursor_visible</span> <span class="k">else</span> <span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> Verification Checklist </h2> <p>For any future hotfix, these three commands confirm the build is clean:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Confirm ghost.qss is inside the bundle</span> dpkg <span class="nt">-c</span> dotghostboard_1.5.3_amd64.deb | <span class="nb">grep </span>ui/ <span class="c"># Expected: ./opt/dotghostboard/_internal/ui/ghost.qss</span> <span class="c"># 2. Verify SUID bit post-install</span> <span class="nb">ls</span> <span class="nt">-l</span> /usr/bin/pkexec <span class="c"># Expected: -rwsr-xr-x (the 's' in position 4 is the SUID bit)</span> <span class="c"># 3. Test resource_path in frozen mode (AppImage)</span> ./DotGhostBoard-1.5.3-x86_64.AppImage <span class="nt">--debug-paths</span> <span class="c"># Should print resolved paths for ghost.qss and icon_256.png</span> </code></pre> </div> <h2> What I Learned </h2> <p><strong>PyInstaller's <code>--add-data</code> is not optional for anything outside <code>data/</code>.</strong> If your app loads a file at runtime that isn't in the directory you passed to <code>--add-data</code>, it won't be in the bundle. PyInstaller doesn't warn you. The app just crashes or falls back silently. Map every resource directory explicitly.</p> <p><strong><code>sys._MEIPASS</code> is the only reliable truth in a frozen environment.</strong> Don't use <code>__file__</code>, don't use <code>os.getcwd()</code>, don't use relative paths. <code>_MEIPASS</code> is where PyInstaller extracted everything — it's the only path you can trust.</p> <p><strong><code>/tmp/</code> is fine for scratch. It's not fine for security-sensitive staging.</strong> The threat model for a clipboard manager that stores secrets is different from a text editor. The update pipeline needed to match that model.</p> <p><strong>Local builds working ≠ CI builds working.</strong> The <code>ghost.qss</code> bug existed for the entire <code>v1.5.x</code> series in bundled form because nobody had tested a clean AppImage build from the CI artifact — only local PyInstaller runs. Add artifact smoke testing to your release checklist.</p> <h2> What's Next — v2.0.0 Cerberus </h2> <p>The hotfix series is closed. v1.5.3 is stable.</p> <p>Next up is <strong>Cerberus</strong> — the Zero-Knowledge Password Vault. The AES-256 foundation from v1.4.0 (Eclipse) is already in place. The design is locked:</p> <ul> <li>Isolated <code>vault.db</code> — separate file, separate connection, locked when idle</li> <li>Pattern-based secret detection — JWT, AWS keys (<code>AKIA...</code>), GitHub tokens (<code>ghp_...</code>), high-entropy hex — shape-based, not keyword-based</li> <li>Auto-clear: wipes clipboard 30 seconds after a Vault paste</li> <li>Paranoia Mode: suspends all DB writes on demand</li> </ul> <p>The core principle of Cerberus: a 1500-word article that contains the word "password" doesn't trigger detection. A 40-character base64 string with high Shannon entropy does.</p> <h2> Download </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>Link</th> </tr> </thead> <tbody> <tr> <td>📦 GitHub Release (AppImage + DEB + GPG sigs)</td> <td><a href="https://github.com/kareem2099/DotGhostBoard/releases/tag/v1.5.3" rel="noopener noreferrer">v1.5.3</a></td> </tr> <tr> <td>🖥️ OpenDesktop</td> <td><a href="https://www.opendesktop.org/p/2353623/" rel="noopener noreferrer">DotGhostBoard</a></td> </tr> <tr> <td>💻 Source</td> <td><a href="https://github.com/kareem2099/DotGhostBoard" rel="noopener noreferrer">kareem2099/DotGhostBoard</a></td> </tr> </tbody> </table></div> <p><em>DotSuite — built for the shadows</em> 👻</p> python linux devops playwright We Hit 2,500 in 15 Days — And I Want to Make Every Dev Lazier (Productively) freerave Thu, 16 Apr 2026 18:15:34 +0000 https://forem.com/freerave/we-hit-2500-in-15-days-and-i-want-to-make-every-dev-lazier-productively-39a3 https://forem.com/freerave/we-hit-2500-in-15-days-and-i-want-to-make-every-dev-lazier-productively-39a3 <p>I set a goal at the start of April: <strong>reach 2,500 followers on dev.to by April 30th.</strong></p> <p>We hit <strong>2,631 by April 15th.</strong></p> <p>Half the month. So before I sprint to the next goal, I want to stop, look back, and say a real thank you — not the generic "thanks for the support 🙏" kind. The honest kind.</p> <h2> What you actually did </h2> <p>You read the articles. You left comments that pushed me to think harder. You shared the DotShare posts and the Reddit API deep-dives with people who needed them. Some of you went through the <a href="https://kareem2099.github.io/dotuniverse/" rel="noopener noreferrer">dotUniverse</a> terminal, found the Easter eggs, and DMed me screenshots. That made my week every single time.</p> <p>You didn't just follow — you engaged. That's the difference.</p> <h2> The honest confession: I'm lazy. That's why I built 20+ tools. </h2> <p>Here's the real origin story of the entire DotSuite ecosystem.</p> <p>I didn't build these tools because I'm a passionate open-source hero. I built them because I kept running into tasks I did not want to do manually ever again.</p> <ul> <li> <strong>DotShare</strong> — because I wasn't opening 8 browser tabs every time I wanted to post something</li> <li> <strong>dotenvy</strong> — because I forgot my <code>.env</code> variables once and lost two hours of debugging</li> <li> <strong>DotGhostBoard</strong> — because my clipboard was an absolute disaster</li> <li> <strong>dotcommand</strong> — because I kept forgetting terminal commands <em>that I wrote myself</em> </li> <li> <strong>DotScramble</strong> — because blurring faces manually in screenshots is soul-crushing</li> <li> <strong>CodeTune</strong> — because I needed prayer times and Quran without leaving VS Code</li> <li> <strong>dotsense</strong> — because I genuinely couldn't tell when I was burning out until it was too late</li> </ul> <p>The pattern is obvious. Every tool exists because past-me was too lazy to keep doing something the hard way.</p> <p><strong>Laziness, scaled properly, is just engineering.</strong></p> <h2> The full arsenal — everything built so far </h2> <p>Here's every tool in the DotSuite ecosystem, in case you missed any:</p> <h3> VS Code Extensions </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>What it does</th> <th>Downloads</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/kareem2099/DotShare" rel="noopener noreferrer"><strong>DotShare</strong></a></td> <td>Post to 9 platforms (LinkedIn, X, Reddit, Bluesky, Telegram, Facebook, Discord, dev.to, medium) with AI content creation via Gemini, GPT-4 &amp; Claude</td> <td>1,979+</td> </tr> <tr> <td><a href="https://github.com/kareem2099/dotenvy" rel="noopener noreferrer"><strong>dotenvy</strong></a></td> <td>Environment manager with Git branch auto-switching, AI secret detection (35-feature ML model), Doppler sync &amp; encrypted backups</td> <td>1,130+</td> </tr> <tr> <td><a href="https://github.com/kareem2099/dotcommand" rel="noopener noreferrer"><strong>dotcommand</strong></a></td> <td>Intelligent command manager, ML suggestions, 180+ prepared commands, analytics dashboard</td> <td>909+</td> </tr> <tr> <td><a href="https://github.com/kareem2099/codetune" rel="noopener noreferrer"><strong>CodeTune</strong></a></td> <td>Islamic dev environment — Quran player (15+ reciters), prayer times, focus mode, Dhikr counters</td> <td>899+</td> </tr> <tr> <td><a href="https://github.com/kareem2099/DotFetch" rel="noopener noreferrer"><strong>DotFetch</strong></a></td> <td>Professional HTTP client with .env support, collections, cURL import/export</td> <td>692+</td> </tr> <tr> <td><a href="https://github.com/kareem2099/DotReadme" rel="noopener noreferrer"><strong>DotReadme</strong></a></td> <td>README optimizer — quality audit (A+ to F), badge inserter, TOC generator, AI enhancement (BYOK)</td> <td>515+</td> </tr> <tr> <td><a href="https://github.com/kareem2099/dotsense" rel="noopener noreferrer"><strong>dotsense</strong></a></td> <td>AI developer wellness — ML mood detection, burnout prevention, peak performance analytics</td> <td>129+</td> </tr> <tr> <td><a href="https://github.com/kareem2099/dotconvert" rel="noopener noreferrer"><strong>dotconvert</strong></a></td> <td>Data converter — Base64, XML↔JSON, CSV↔JSON (Marketplace listing coming soon)</td> <td>—</td> </tr> </tbody> </table></div> <p><strong>Total VS Code downloads across Marketplace + Open VSX: 6,253+</strong></p> <h3> CLI Tools </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>What it does</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/kareem2099/DotGhostBoard" rel="noopener noreferrer"><strong>DotGhostBoard</strong></a></td> <td>Linux clipboard manager — AES-256 encryption, tag system, thumbnail previews, master password lock</td> </tr> <tr> <td><a href="https://github.com/kareem2099/DotScramble" rel="noopener noreferrer"><strong>DotScramble</strong></a></td> <td>Image privacy studio — face/license plate detection, 8 blur effects, batch processing, RTL Arabic support</td> </tr> </tbody> </table></div> <h3> Telegram Bots </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>What it does</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/kareem2099/DotDownloader" rel="noopener noreferrer"><strong>DotDownloader</strong></a></td> <td>Multi-platform media downloader — Instagram, TikTok, YouTube, Reddit, Spotify &amp; more. Referral system + premium tiers</td> </tr> <tr> <td><a href="https://github.com/kareem2099/DotFormate" rel="noopener noreferrer"><strong>DotFormate</strong></a></td> <td>File format conversion — PDF, DOCX, PPTX, images, OCR. PayPal integration + R2 cloud storage</td> </tr> <tr> <td><a href="https://github.com/kareem2099/dotshare-auth-server" rel="noopener noreferrer"><strong>DotShare-Auth-Server</strong></a></td> <td>Secure OAuth toolkit — magic link auth, LinkedIn &amp; Reddit &amp; X &amp; Facebook OAuth, session management</td> </tr> </tbody> </table></div> <h3> Mobile Apps </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>What it does</th> </tr> </thead> <tbody> <tr> <td><a href="https://play.google.com/store/apps/details?id=com.freerave.dotreminder" rel="noopener noreferrer"><strong>DotReminder</strong></a></td> <td>Android reminder app — AI assistant (Gemini 2.5 Flash), location-based reminders, biometric auth, 2FA</td> </tr> <tr> <td><a href="https://play.google.com/store/apps/details?id=com.freerave.dotshredzilla" rel="noopener noreferrer"><strong>DOTShredzilla</strong></a></td> <td>Workout tracker — offline-first, Firebase-synced, Kotlin + Jetpack Compose</td> </tr> <tr> <td><a href="https://github.com/kareem2099/DotBurn" rel="noopener noreferrer"><strong>DotBurn</strong></a></td> <td>Gym and calorie system management</td> </tr> </tbody> </table></div> <h3> Premium / Private </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>What it does</th> </tr> </thead> <tbody> <tr> <td> <strong>dotctl</strong> <em>(invite only)</em> </td> <td>Advanced traffic control for network security experts — ARP spoofing, bandwidth limiting, DPI &amp; ML traffic analysis</td> </tr> </tbody> </table></div> <h3> Coming Soon </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>What it does</th> </tr> </thead> <tbody> <tr> <td><strong>DotTransfer</strong></td> <td>Transfer files between workspaces directly inside VS Code</td> </tr> <tr> <td><a href="https://github.com/kareem2099/dotsuite" rel="noopener noreferrer"><strong>dotsuite</strong></a></td> <td>Portfolio &amp; distribution platform — Next.js 16, multi-language (EN/AR/FR/DE/RU), GitHub webhooks, product reviews</td> </tr> </tbody> </table></div> <h2> Where the April challenge stands right now </h2> <p>dev.to was the first goal to fall. Here's the full scoreboard:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Platform</th> <th>Now</th> <th>Goal</th> <th>Progress</th> </tr> </thead> <tbody> <tr> <td>📝 dev.to</td> <td><strong>2,631</strong></td> <td>2,500</td> <td>✅ <strong>DONE</strong> </td> </tr> <tr> <td>💼 LinkedIn</td> <td>396</td> <td>500</td> <td>79%</td> </tr> <tr> <td>🎵 TikTok</td> <td>33</td> <td>100</td> <td>33%</td> </tr> <tr> <td>▶️ YouTube</td> <td>29</td> <td>100</td> <td>29%</td> </tr> <tr> <td>✍️ Medium</td> <td>2</td> <td>50</td> <td>4%</td> </tr> <tr> <td>📘 Facebook</td> <td>13</td> <td>50</td> <td>26%</td> </tr> <tr> <td>📸 Instagram</td> <td>7</td> <td>50</td> <td>14%</td> </tr> <tr> <td>𝕏 X / Twitter</td> <td>16</td> <td>500</td> <td>3%</td> </tr> <tr> <td>🦋 Bluesky</td> <td>11</td> <td>50</td> <td>22%</td> </tr> </tbody> </table></div> <p>Some of these are painful to look at. X at 3% is basically a comedy sketch. But the scoreboard stays public. That's the whole point.</p> <h2> What's shipping next </h2> <ul> <li> <strong>DotShare v3.2</strong> — Reddit media uploads are almost stable. The S3 presigned pipeline is wired. The last debug session was brutal and I wrote every painful detail <a href="https://dev.to/freerave/dotshare-v31-toast-engine-race-condition-fix-and-surviving-reddits-s3-upload-pipeline-5f9i">here</a>.</li> <li> <strong>dotenvy</strong> — The LLM layer for environment/config management deserves a proper release article. The architecture is the interesting part.</li> <li> <strong>dotUniverse Terminal 2.0</strong> — Piping support, SSH simulation, VIM-lite. Q2 target.</li> <li> <strong>dotsuite</strong> — The full portfolio platform goes live this year.</li> </ul> <h2> The part that actually matters </h2> <p>I'm self-taught. I'm building all of this from a small city in Egypt, mostly at night, mostly alone. No team, no VC funding, no algorithm boost.</p> <p>Every follow, reaction, and comment is a real person who decided this was worth their time.</p> <p><strong>2,631 of you did that. I don't take it lightly.</strong></p> <p>The next target is 3,000. Based on the current trajectory, I give it two weeks. Let's find out.</p> <h2> Try the tools </h2> <ul> <li> <strong>Live portfolio:</strong> <a href="https://kareem2099.github.io/dotuniverse/" rel="noopener noreferrer">https://kareem2099.github.io/dotuniverse/</a> </li> <li> <strong>GitHub:</strong> <a href="https://github.com/kareem2099" rel="noopener noreferrer">https://github.com/kareem2099</a> </li> <li> <strong>All tools:</strong> open the terminal on dotUniverse and type <code>ls ~/tools</code> </li> </ul> <p><em>My message to every developer reading this: be productively lazy. Automate the annoying thing. Build the tool. Then build the tool that builds the tool. That's how 20+ projects happen.</em></p> <p><em>Built with caffeine and the stubborn belief that open-source from Egypt can reach the whole internet.</em></p> <p>— Kareem / FreeRave 🦥</p> webdev opensource career productivity Engineering the Nexus Release: How I Built Secure E2EE Network Sync into a Linux Clipboard Manager (v1.5.1) freerave Wed, 15 Apr 2026 20:28:57 +0000 https://forem.com/freerave/engineering-the-nexus-release-how-i-built-secure-e2ee-network-sync-into-a-linux-clipboard-manager-3ocd https://forem.com/freerave/engineering-the-nexus-release-how-i-built-secure-e2ee-network-sync-into-a-linux-clipboard-manager-3ocd <h2> A deep dive into the architecture behind DotGhostBoard v1.5.0 — zero-config mDNS discovery, X25519 ECDH pairing, AES-256-GCM sync, rate limiting, and PyQt6 threading — all without a central server. </h2> <blockquote> <p><strong>DotGhostBoard</strong> is a privacy-first clipboard manager for Linux, built under the <a href="https://github.com/kareem2099" rel="noopener noreferrer">DotSuite</a> umbrella. No telemetry. No Electron. No cloud. Pure PyQt6 + SQLite.</p> <p>📦 <a href="https://github.com/kareem2099/DotGhostBoard/releases/tag/v1.5.1" rel="noopener noreferrer">GitHub Release v1.5.1</a> · 🖥️ <a href="https://www.opendesktop.org/p/2353623/" rel="noopener noreferrer">OpenDesktop</a></p> </blockquote> <h2> Why This Was Hard </h2> <p>Building a clipboard manager is trivial. Building one that <strong>syncs securely across devices on a local network without a central server, without trusting the network, and without ever sending data to the cloud</strong> — that's a different problem.</p> <p>With <code>v1.5.0 (Nexus)</code>, I rebuilt the core architecture from scratch to solve exactly that. Here's what the final system looks like before we dive into each layer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ┌─────────────────────────────────────────────────────────────┐ │ LOCAL NETWORK (LAN) │ │ │ │ ┌──────────────┐ mDNS Discovery ┌──────────────┐ │ │ │ Device A │ ◄──────────────────► │ Device B │ │ │ │ (Arch) │ │ (Kali) │ │ │ │ │ X25519 Handshake │ │ │ │ │ ghostboard │ ──── PIN + ECDH ───► │ ghostboard │ │ │ │ │ │ │ │ │ │ HTTPServer │ ◄── AES-256-GCM ──── │ HTTPServer │ │ │ │ :PORT │ /api/sync E2EE │ :PORT │ │ │ └──────┬───────┘ └──────┬───────┘ │ │ │ │ │ │ ghost.db ghost.db │ │ (trusted_peers) (trusted_peers) │ └─────────────────────────────────────────────────────────────┘ </code></pre> </div> <p>Three layers. Each one independently secure. Let's break them down.</p> <h2> Layer 1 — Zero-Config Device Discovery (mDNS) </h2> <p>The first UX problem: how do devices find each other without the user typing an IP address?</p> <p><strong>Answer: mDNS via <code>zeroconf</code>.</strong> Every device broadcasts itself on the LAN under a custom service type <code>_dotghost._tcp.local.</code>. Other instances listen and populate the UI automatically.</p> <p>Because the app runs on <strong>PyQt6</strong>, the discovery engine lives in its own <code>QThread</code> — blocking network I/O never touches the main thread:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># core/network_discovery.py </span><span class="kn">import</span> <span class="n">socket</span> <span class="kn">from</span> <span class="n">zeroconf</span> <span class="kn">import</span> <span class="n">ServiceBrowser</span><span class="p">,</span> <span class="n">Zeroconf</span><span class="p">,</span> <span class="n">ServiceInfo</span><span class="p">,</span> <span class="n">IPVersion</span> <span class="kn">from</span> <span class="n">PyQt6.QtCore</span> <span class="kn">import</span> <span class="n">pyqtSignal</span><span class="p">,</span> <span class="n">QThread</span> <span class="n">_SERVICE_TYPE</span> <span class="o">=</span> <span class="sh">"</span><span class="s">_dotghost._tcp.local.</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">DotGhostDiscovery</span><span class="p">(</span><span class="n">QThread</span><span class="p">):</span> <span class="n">peer_found</span> <span class="o">=</span> <span class="nf">pyqtSignal</span><span class="p">(</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">,</span> <span class="nb">int</span><span class="p">)</span> <span class="c1"># node_id, name, ip, port </span> <span class="n">peer_lost</span> <span class="o">=</span> <span class="nf">pyqtSignal</span><span class="p">(</span><span class="nb">str</span><span class="p">)</span> <span class="c1"># node_id </span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">node_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">device_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">port</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">node_id</span> <span class="o">=</span> <span class="n">node_id</span> <span class="n">self</span><span class="p">.</span><span class="n">device_name</span> <span class="o">=</span> <span class="n">device_name</span> <span class="n">self</span><span class="p">.</span><span class="n">port</span> <span class="o">=</span> <span class="n">port</span> <span class="n">self</span><span class="p">.</span><span class="n">zeroconf</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">def</span> <span class="nf">run</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">zeroconf</span> <span class="o">=</span> <span class="nc">Zeroconf</span><span class="p">(</span><span class="n">ip_version</span><span class="o">=</span><span class="n">IPVersion</span><span class="p">.</span><span class="n">V4Only</span><span class="p">)</span> <span class="n">properties</span> <span class="o">=</span> <span class="p">{</span> <span class="sa">b</span><span class="sh">'</span><span class="s">node_id</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">node_id</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="sh">'</span><span class="s">utf-8</span><span class="sh">'</span><span class="p">),</span> <span class="sa">b</span><span class="sh">'</span><span class="s">device_name</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">device_name</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="sh">'</span><span class="s">utf-8</span><span class="sh">'</span><span class="p">),</span> <span class="sa">b</span><span class="sh">'</span><span class="s">version</span><span class="sh">'</span><span class="p">:</span> <span class="sa">b</span><span class="sh">'</span><span class="s">1</span><span class="sh">'</span><span class="p">,</span> <span class="p">}</span> <span class="n">instance_name</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">node_id</span><span class="si">}</span><span class="s">.</span><span class="si">{</span><span class="n">_SERVICE_TYPE</span><span class="si">}</span><span class="sh">"</span> <span class="n">self</span><span class="p">.</span><span class="n">info</span> <span class="o">=</span> <span class="nc">ServiceInfo</span><span class="p">(</span> <span class="n">type_</span><span class="o">=</span><span class="n">_SERVICE_TYPE</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="n">instance_name</span><span class="p">,</span> <span class="n">addresses</span><span class="o">=</span><span class="p">[</span><span class="n">socket</span><span class="p">.</span><span class="nf">inet_aton</span><span class="p">(</span><span class="nf">get_local_ip</span><span class="p">())],</span> <span class="n">port</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">port</span><span class="p">,</span> <span class="n">properties</span><span class="o">=</span><span class="n">properties</span><span class="p">,</span> <span class="n">server</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">node_id</span><span class="si">}</span><span class="s">.local.</span><span class="sh">"</span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">zeroconf</span><span class="p">.</span><span class="nf">register_service</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">info</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">browser</span> <span class="o">=</span> <span class="nc">ServiceBrowser</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">zeroconf</span><span class="p">,</span> <span class="n">_SERVICE_TYPE</span><span class="p">,</span> <span class="n">self</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">exec</span><span class="p">()</span> <span class="c1"># Qt event loop keeps the thread alive </span> <span class="c1"># ── zeroconf callbacks ────────────────────────────────────── </span> <span class="k">def</span> <span class="nf">add_service</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">zc</span><span class="p">:</span> <span class="n">Zeroconf</span><span class="p">,</span> <span class="n">type_</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">info</span> <span class="o">=</span> <span class="n">zc</span><span class="p">.</span><span class="nf">get_service_info</span><span class="p">(</span><span class="n">type_</span><span class="p">,</span> <span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">info</span><span class="p">:</span> <span class="k">return</span> <span class="n">props</span> <span class="o">=</span> <span class="n">info</span><span class="p">.</span><span class="n">properties</span> <span class="n">node_id</span> <span class="o">=</span> <span class="n">props</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">b</span><span class="sh">'</span><span class="s">node_id</span><span class="sh">'</span><span class="p">,</span> <span class="sa">b</span><span class="sh">''</span><span class="p">).</span><span class="nf">decode</span><span class="p">()</span> <span class="n">dev_name</span> <span class="o">=</span> <span class="n">props</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">b</span><span class="sh">'</span><span class="s">device_name</span><span class="sh">'</span><span class="p">,</span> <span class="sa">b</span><span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">).</span><span class="nf">decode</span><span class="p">()</span> <span class="k">if</span> <span class="n">node_id</span> <span class="o">==</span> <span class="n">self</span><span class="p">.</span><span class="n">node_id</span><span class="p">:</span> <span class="c1"># skip self </span> <span class="k">return</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">socket</span><span class="p">.</span><span class="nf">inet_ntoa</span><span class="p">(</span><span class="n">info</span><span class="p">.</span><span class="n">addresses</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="n">self</span><span class="p">.</span><span class="n">peer_found</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="n">node_id</span><span class="p">,</span> <span class="n">dev_name</span><span class="p">,</span> <span class="n">ip</span><span class="p">,</span> <span class="n">info</span><span class="p">.</span><span class="n">port</span><span class="p">)</span> <span class="k">def</span> <span class="nf">remove_service</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">zc</span><span class="p">:</span> <span class="n">Zeroconf</span><span class="p">,</span> <span class="n">type_</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">node_id</span> <span class="o">=</span> <span class="n">name</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">.</span><span class="si">{</span><span class="n">_SERVICE_TYPE</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">peer_lost</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="n">node_id</span><span class="p">)</span> <span class="k">def</span> <span class="nf">stop</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">zeroconf</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">zeroconf</span><span class="p">.</span><span class="nf">unregister_service</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">info</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">zeroconf</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">quit</span><span class="p">()</span> </code></pre> </div> <blockquote> <p><strong>Why <code>QThread</code> and not <code>threading.Thread</code>?</strong><br> <code>peer_found</code> and <code>peer_lost</code> are <code>pyqtSignal</code>s. They cross the thread boundary safely into the main UI thread via Qt's queued connection mechanism. Using a raw Python thread here would cause a race condition against the UI.</p> </blockquote> <h2> Layer 2 — Secure Device Pairing (X25519 + PBKDF2 + AES-GCM) </h2> <p>Finding a peer is one thing. <strong>Trusting it is another.</strong></p> <p>A local network isn't inherently safe — public Wi-Fi, ARP spoofing, a compromised router. The pairing protocol defends against all of it with a three-phase handshake:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Device A Device B │ │ │ 1. Generate ephemeral X25519 key │ │ 2. Derive wrap key from PIN+salt │ │ 3. Encrypt pubkey → send ─────────►│ │ │ 4. Decrypt pubkey with PIN+salt │ │ 5. Generate ephemeral X25519 key │◄──────────────── send encrypted ────│ 6. Derive shared secret (ECDH) │ │ 7. Encrypt own pubkey → send │ 8. Derive shared secret (ECDH) │ │ 9. Discard ephemeral keys │ 9. Discard ephemeral keys │ │ │ Shared Secret stored in DB │ </code></pre> </div> <p>The PIN is a 6-digit out-of-band value shown on both screens — a human-verified channel that breaks any MITM attempt. Even if an attacker intercepts the traffic, they can't decrypt the public keys without the PIN.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># core/pairing.py </span><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.primitives</span> <span class="kn">import</span> <span class="n">hashes</span><span class="p">,</span> <span class="n">serialization</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.primitives.asymmetric</span> <span class="kn">import</span> <span class="n">x25519</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.primitives.kdf.pbkdf2</span> <span class="kn">import</span> <span class="n">PBKDF2HMAC</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.primitives.ciphers.aead</span> <span class="kn">import</span> <span class="n">AESGCM</span> <span class="n">_KDF_ITERATIONS</span> <span class="o">=</span> <span class="mi">100_000</span> <span class="c1"># OWASP minimum for PBKDF2-SHA256 </span> <span class="k">def</span> <span class="nf">derive_handshake_key</span><span class="p">(</span><span class="n">pin</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">salt</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bytes</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Derive a 256-bit wrapping key from a 6-digit PIN + dynamic salt. The salt is generated fresh per-pairing session and sent in plaintext — its job is to prevent precomputed PIN dictionaries, not to be secret. </span><span class="sh">"""</span> <span class="n">kdf</span> <span class="o">=</span> <span class="nc">PBKDF2HMAC</span><span class="p">(</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">hashes</span><span class="p">.</span><span class="nc">SHA256</span><span class="p">(),</span> <span class="n">length</span><span class="o">=</span><span class="mi">32</span><span class="p">,</span> <span class="n">salt</span><span class="o">=</span><span class="n">salt</span><span class="p">,</span> <span class="n">iterations</span><span class="o">=</span><span class="n">_KDF_ITERATIONS</span><span class="p">,</span> <span class="p">)</span> <span class="k">return</span> <span class="n">kdf</span><span class="p">.</span><span class="nf">derive</span><span class="p">(</span><span class="n">pin</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">))</span> <span class="k">def</span> <span class="nf">generate_pairing_keys</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="nb">tuple</span><span class="p">[</span><span class="n">x25519</span><span class="p">.</span><span class="n">X25519PrivateKey</span><span class="p">,</span> <span class="nb">bytes</span><span class="p">]:</span> <span class="sh">"""</span><span class="s"> Generate a fresh ephemeral X25519 key pair. These keys live only for the duration of the handshake. </span><span class="sh">"""</span> <span class="n">private_key</span> <span class="o">=</span> <span class="n">x25519</span><span class="p">.</span><span class="n">X25519PrivateKey</span><span class="p">.</span><span class="nf">generate</span><span class="p">()</span> <span class="n">public_key_bytes</span> <span class="o">=</span> <span class="n">private_key</span><span class="p">.</span><span class="nf">public_key</span><span class="p">().</span><span class="nf">public_bytes</span><span class="p">(</span> <span class="n">encoding</span><span class="o">=</span><span class="n">serialization</span><span class="p">.</span><span class="n">Encoding</span><span class="p">.</span><span class="n">Raw</span><span class="p">,</span> <span class="nb">format</span><span class="o">=</span><span class="n">serialization</span><span class="p">.</span><span class="n">PublicFormat</span><span class="p">.</span><span class="n">Raw</span> <span class="p">)</span> <span class="k">return</span> <span class="n">private_key</span><span class="p">,</span> <span class="n">public_key_bytes</span> <span class="k">def</span> <span class="nf">encrypt_pairing_payload</span><span class="p">(</span><span class="n">public_key_bytes</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">,</span> <span class="n">handshake_key</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Encrypt the public key using the PIN-derived wrapping key. Layout: [ 12 bytes nonce | ciphertext + 16 byte GCM tag ] </span><span class="sh">"""</span> <span class="n">aesgcm</span> <span class="o">=</span> <span class="nc">AESGCM</span><span class="p">(</span><span class="n">handshake_key</span><span class="p">)</span> <span class="n">nonce</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">urandom</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">ciphertext</span> <span class="o">=</span> <span class="n">aesgcm</span><span class="p">.</span><span class="nf">encrypt</span><span class="p">(</span><span class="n">nonce</span><span class="p">,</span> <span class="n">public_key_bytes</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="k">return</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">nonce</span> <span class="o">+</span> <span class="n">ciphertext</span><span class="p">).</span><span class="nf">decode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">decrypt_pairing_payload</span><span class="p">(</span><span class="n">payload</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">handshake_key</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bytes</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Reverse of encrypt_pairing_payload. Raises InvalidTag on wrong PIN.</span><span class="sh">"""</span> <span class="n">raw</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> <span class="n">nonce</span><span class="p">,</span> <span class="n">ciphertext</span> <span class="o">=</span> <span class="n">raw</span><span class="p">[:</span><span class="mi">12</span><span class="p">],</span> <span class="n">raw</span><span class="p">[</span><span class="mi">12</span><span class="p">:]</span> <span class="n">aesgcm</span> <span class="o">=</span> <span class="nc">AESGCM</span><span class="p">(</span><span class="n">handshake_key</span><span class="p">)</span> <span class="k">return</span> <span class="n">aesgcm</span><span class="p">.</span><span class="nf">decrypt</span><span class="p">(</span><span class="n">nonce</span><span class="p">,</span> <span class="n">ciphertext</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="k">def</span> <span class="nf">derive_shared_secret</span><span class="p">(</span> <span class="n">private_key</span><span class="p">:</span> <span class="n">x25519</span><span class="p">.</span><span class="n">X25519PrivateKey</span><span class="p">,</span> <span class="n">peer_public_key_bytes</span><span class="p">:</span> <span class="nb">bytes</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bytes</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Complete the ECDH exchange. The result is a raw 32-byte shared secret. Both sides arrive at the same value without it ever being transmitted. </span><span class="sh">"""</span> <span class="n">peer_public_key</span> <span class="o">=</span> <span class="n">x25519</span><span class="p">.</span><span class="n">X25519PublicKey</span><span class="p">.</span><span class="nf">from_public_bytes</span><span class="p">(</span><span class="n">peer_public_key_bytes</span><span class="p">)</span> <span class="k">return</span> <span class="n">private_key</span><span class="p">.</span><span class="nf">exchange</span><span class="p">(</span><span class="n">peer_public_key</span><span class="p">)</span> </code></pre> </div> <blockquote> <p><strong>Why X25519 over RSA or classic ECDH on P-256?</strong><br> X25519 is faster, has a smaller key size (32 bytes), is immune to invalid-curve attacks by design, and is the default in TLS 1.3. It's the right choice for a constrained local protocol.</p> </blockquote> <p>Once the handshake completes, the shared secret is stored in <code>ghost.db</code> and the ephemeral private keys are immediately garbage-collected.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Storage schema for trusted peers </span><span class="sh">"""</span><span class="s"> CREATE TABLE trusted_peers ( id INTEGER PRIMARY KEY AUTOINCREMENT, node_id TEXT UNIQUE NOT NULL, device_name TEXT NOT NULL, shared_secret BLOB NOT NULL, -- raw 32 bytes from ECDH paired_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); </span><span class="sh">"""</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2qq42mc6fkqdntwhx50r.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2qq42mc6fkqdntwhx50r.gif" alt="Handshake in action: Secure X25519 key exchange using a simple 6-digit PIN" width="800" height="450"></a></p> <h2> Layer 3 — The Local REST API, Rate Limiting &amp; Thread-Safe UI </h2> <p>With discovery and pairing solved, the actual sync transport is a minimal <code>HTTPServer</code> running in a background thread. It's bound to <code>0.0.0.0</code> but protected by two hard gates:</p> <p><strong>Gate 1 — Peer Identity:</strong> every <code>/api/sync</code> request must carry a <code>node_id</code> that maps to a stored trusted peer. Unknown nodes get a <code>403</code> immediately.</p> <p><strong>Gate 2 — E2EE Payload:</strong> even if someone spoofs a <code>node_id</code>, they can't forge a valid AES-GCM ciphertext without the shared secret. Wrong key = <code>InvalidTag</code> exception = instant drop.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># core/api_server.py </span><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">urllib.parse</span> <span class="kn">from</span> <span class="n">collections</span> <span class="kn">import</span> <span class="n">defaultdict</span> <span class="kn">from</span> <span class="n">http.server</span> <span class="kn">import</span> <span class="n">BaseHTTPRequestHandler</span><span class="p">,</span> <span class="n">HTTPServer</span> <span class="kn">from</span> <span class="n">threading</span> <span class="kn">import</span> <span class="n">Lock</span> <span class="k">class</span> <span class="nc">_RateLimiter</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Sliding window rate limiter — 3 pairing attempts per 60s per IP.</span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">max_attempts</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">3</span><span class="p">,</span> <span class="n">window</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">60</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_attempts</span> <span class="o">=</span> <span class="nf">defaultdict</span><span class="p">(</span><span class="nb">list</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">_lock</span> <span class="o">=</span> <span class="nc">Lock</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nb">max</span> <span class="o">=</span> <span class="n">max_attempts</span> <span class="n">self</span><span class="p">.</span><span class="n">window</span> <span class="o">=</span> <span class="n">window</span> <span class="k">def</span> <span class="nf">is_allowed</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ip</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="n">now</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">with</span> <span class="n">self</span><span class="p">.</span><span class="n">_lock</span><span class="p">:</span> <span class="c1"># drop timestamps outside the window </span> <span class="n">self</span><span class="p">.</span><span class="n">_attempts</span><span class="p">[</span><span class="n">ip</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span> <span class="n">t</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">_attempts</span><span class="p">[</span><span class="n">ip</span><span class="p">]</span> <span class="k">if</span> <span class="n">now</span> <span class="o">-</span> <span class="n">t</span> <span class="o">&lt;</span> <span class="n">self</span><span class="p">.</span><span class="n">window</span> <span class="p">]</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">_attempts</span><span class="p">[</span><span class="n">ip</span><span class="p">])</span> <span class="o">&gt;=</span> <span class="n">self</span><span class="p">.</span><span class="nb">max</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">self</span><span class="p">.</span><span class="n">_attempts</span><span class="p">[</span><span class="n">ip</span><span class="p">].</span><span class="nf">append</span><span class="p">(</span><span class="n">now</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="n">_rate_limiter</span> <span class="o">=</span> <span class="nf">_RateLimiter</span><span class="p">()</span> <span class="k">class</span> <span class="nc">GhostAPIHandler</span><span class="p">(</span><span class="n">BaseHTTPRequestHandler</span><span class="p">):</span> <span class="k">def</span> <span class="nf">log_message</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">format</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># silence default HTTP logs </span> <span class="k">def</span> <span class="nf">_send_response</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">code</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">body</span><span class="p">:</span> <span class="nb">dict</span><span class="p">):</span> <span class="n">payload</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">body</span><span class="p">).</span><span class="nf">encode</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">send_response</span><span class="p">(</span><span class="n">code</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">send_header</span><span class="p">(</span><span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">send_header</span><span class="p">(</span><span class="sh">"</span><span class="s">Content-Length</span><span class="sh">"</span><span class="p">,</span> <span class="nf">str</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">payload</span><span class="p">)))</span> <span class="n">self</span><span class="p">.</span><span class="nf">end_headers</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">wfile</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> <span class="k">def</span> <span class="nf">do_POST</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">parsed</span> <span class="o">=</span> <span class="n">urllib</span><span class="p">.</span><span class="n">parse</span><span class="p">.</span><span class="nf">urlparse</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">path</span><span class="p">)</span> <span class="n">client_ip</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">client_address</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="c1"># ── /api/pair — pairing PIN exchange ────────────────────── </span> <span class="k">if</span> <span class="n">parsed</span><span class="p">.</span><span class="n">path</span> <span class="o">==</span> <span class="sh">'</span><span class="s">/api/pair</span><span class="sh">'</span><span class="p">:</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">_rate_limiter</span><span class="p">.</span><span class="nf">is_allowed</span><span class="p">(</span><span class="n">client_ip</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">_send_response</span><span class="p">(</span><span class="mi">429</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Too many pairing attempts. Try again later.</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="c1"># ... PIN verification and key exchange logic </span> <span class="n">self</span><span class="p">.</span><span class="nf">_send_response</span><span class="p">(</span><span class="mi">200</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">paired</span><span class="sh">"</span><span class="p">})</span> <span class="k">return</span> <span class="c1"># ── /api/sync — incoming E2EE clipboard item ─────────────── </span> <span class="k">if</span> <span class="n">parsed</span><span class="p">.</span><span class="n">path</span> <span class="o">==</span> <span class="sh">'</span><span class="s">/api/sync</span><span class="sh">'</span><span class="p">:</span> <span class="n">body</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">rfile</span><span class="p">.</span><span class="nf">read</span><span class="p">(</span><span class="nf">int</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">Content-Length</span><span class="sh">'</span><span class="p">,</span> <span class="mi">0</span><span class="p">)))</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">body</span><span class="p">)</span> <span class="n">peer_node_id</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">node_id</span><span class="sh">"</span><span class="p">)</span> <span class="n">peer</span> <span class="o">=</span> <span class="n">storage</span><span class="p">.</span><span class="nf">get_trusted_peer</span><span class="p">(</span><span class="n">peer_node_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">peer</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">_send_response</span><span class="p">(</span><span class="mi">403</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Untrusted peer</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="k">try</span><span class="p">:</span> <span class="n">plaintext</span> <span class="o">=</span> <span class="nf">decrypt_from_peer</span><span class="p">(</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">payload</span><span class="sh">"</span><span class="p">),</span> <span class="n">peer</span><span class="p">[</span><span class="sh">"</span><span class="s">shared_secret</span><span class="sh">"</span><span class="p">]</span> <span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="c1"># Wrong key or tampered payload — silent drop </span> <span class="n">self</span><span class="p">.</span><span class="nf">_send_response</span><span class="p">(</span><span class="mi">403</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Decryption failed</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="n">item_id</span> <span class="o">=</span> <span class="n">storage</span><span class="p">.</span><span class="nf">add_item</span><span class="p">(</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="n">plaintext</span><span class="p">)</span> <span class="c1"># Cross-thread UI update via Qt signal — safe from any thread </span> <span class="n">self</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">qthread_parent</span><span class="p">.</span><span class="n">sync_received</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="n">item_id</span><span class="p">,</span> <span class="n">plaintext</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">_send_response</span><span class="p">(</span><span class="mi">201</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">synced</span><span class="sh">"</span><span class="p">})</span> </code></pre> </div> <blockquote> <p><strong>Why <code>HTTPServer</code> over WebSockets or raw TCP?</strong><br> HTTP gives request/response semantics for free, works through most firewalls, and is trivially testable with <code>curl</code>. The overhead is negligible for clipboard payloads. When v3.x arrives, the transport will be upgraded to WebRTC for true NAT-piercing P2P.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1j647dsat4iwk921o6us.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1j647dsat4iwk921o6us.gif" alt="The Nexus Update Notifier: Keeping all nodes aligned with the latest security patches" width="800" height="450"></a></p> <h2> The Full Sync Flow — End to End </h2> <p>Here's what happens when you copy something on Device A and it appears on Device B:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Device A (sender) Device B (receiver) ───────────────── ──────────────────── 1. User copies text 2. ClipboardMonitor detects change 3. Encrypt with shared_secret [ AES-256-GCM | random 12-byte nonce ] 4. POST /api/sync ──────────────────────► 5. GhostAPIHandler.do_POST() { 6. Lookup peer by node_id "node_id": "abc123", 7. Decrypt with shared_secret "payload": "&lt;base64 ciphertext&gt;" 8. storage.add_item() } 9. sync_received.emit() 10. UI updates in main thread ◄──────────────── 201 { "status": "synced" } </code></pre> </div> <p>Zero plaintext on the wire. Zero server in the middle. Zero cloud.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcn51seo7d8hwjoy4eyw0.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcn51seo7d8hwjoy4eyw0.gif" alt="Zero-Trust Sync: Clipboard data moving securely across the LAN with zero plaintext exposure" width="800" height="450"></a></p> <h2> Securing the Build: GPG-Signed Releases </h2> <p>A secure app with an unsigned binary is still a supply chain risk. Every release artifact — both the <code>.AppImage</code> and the <code>.deb</code> — is GPG-signed in CI and verified before upload.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .github/workflows/build-all.yml (signing steps)</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Sign AppImage (GPG)</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --import --batch --yes</span> <span class="s">gpg --batch --yes --pinentry-mode loopback \</span> <span class="s">--passphrase "${{ secrets.GPG_PASSPHRASE }}" \</span> <span class="s">--detach-sign --armor \</span> <span class="s">DotGhostBoard-*.AppImage</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Verify AppImage signature</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">gpg --verify DotGhostBoard-*.AppImage.asc DotGhostBoard-*.AppImage</span> <span class="s">echo "✅ AppImage signature verified"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Sign DEB Package (GPG)</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --import --batch --yes</span> <span class="s">dpkg-sig --sign builder \</span> <span class="s">-k "${{ secrets.GPG_KEY_ID }}" \</span> <span class="s">--gpg-options "--passphrase ${{ secrets.GPG_PASSPHRASE }} --pinentry-mode loopback --batch --yes" \</span> <span class="s">dotghostboard_*.deb</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Generate SHA256 checksums</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cd out &amp;&amp; sha256sum * &gt; SHA256SUMS.txt</span> </code></pre> </div> <p>Users can verify any release with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Verify AppImage</span> gpg <span class="nt">--verify</span> DotGhostBoard-1.5.1-x86_64.AppImage.asc <span class="se">\</span> DotGhostBoard-1.5.1-x86_64.AppImage <span class="c"># Verify DEB</span> dpkg-sig <span class="nt">--verify</span> dotghostboard_1.5.1_amd64.deb <span class="c"># Verify checksum</span> <span class="nb">sha256sum</span> <span class="nt">-c</span> SHA256SUMS.txt </code></pre> </div> <h2> Lessons Learned </h2> <p><strong>mDNS is fragile on some Linux setups.</strong> If <code>avahi-daemon</code> is running and competing for port 5353, <code>zeroconf</code> will fail silently. Detect the conflict early and surface it in the UI — don't leave the user with an empty peers list and no explanation.</p> <p><strong>PyInstaller and <code>cryptography</code> need explicit hidden imports.</strong> The <code>cryptography</code> package uses dynamic loading for its backend. Without <code>--hidden-import cryptography.hazmat.primitives.asymmetric.x25519</code> and the <code>aead</code> module, the AppImage crashes at runtime with a clean <code>ImportError</code> that's impossible to debug without knowing where to look.</p> <p><strong><code>dpkg-sig</code> hangs in CI without <code>--pinentry-mode loopback</code>.</strong> It silently waits for a terminal that doesn't exist. Always pass the full GPG options explicitly in non-interactive environments.</p> <p><strong>Rate limiting shared state needs a lock.</strong> The sliding window dict is accessed from multiple HTTP handler threads simultaneously. Without a <code>threading.Lock</code>, you get a race condition under concurrent pairing attempts that's near-impossible to reproduce locally.</p> <h2> What's Next — v2.0.0 Cerberus </h2> <p>The next release is <strong>Cerberus</strong> — a Zero-Knowledge Password Vault. The AES-256 infrastructure from v1.4.0 (Eclipse) already lays the foundation. What's coming on top:</p> <ul> <li>A fully isolated <code>vault.db</code> (separate file, separate connection, locked when not in use)</li> <li>Pattern-based secret detection using Regex — JWT, AWS keys, GitHub tokens, high-entropy hex strings — <strong>not</strong> keyword matching</li> <li>Auto-clear: wipes the clipboard 30 seconds after a Vault paste</li> <li>Paranoia Mode: a toggle that suspends all DB writes temporarily</li> </ul> <p>The core design decision in Cerberus: detection happens at the <strong>shape</strong> of a string, not its meaning. A 1500-word article that mentions "password" doesn't trigger anything. A 40-character base64 string with high Shannon entropy does.</p> <h2> Download &amp; Source </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>Link</th> </tr> </thead> <tbody> <tr> <td>📦 GitHub Release (AppImage + DEB + GPG sigs)</td> <td><a href="https://github.com/kareem2099/DotGhostBoard/releases/tag/v1.5.1" rel="noopener noreferrer">v1.5.1</a></td> </tr> <tr> <td>🖥️ OpenDesktop</td> <td><a href="https://www.opendesktop.org/p/2353623/" rel="noopener noreferrer">DotGhostBoard</a></td> </tr> <tr> <td>💻 Source Code</td> <td><a href="https://github.com/kareem2099/DotGhostBoard" rel="noopener noreferrer">kareem2099/DotGhostBoard</a></td> </tr> </tbody> </table></div> <p>If you find a security issue, please reach out directly before opening a public issue.</p> <p>⚠️ A Note on the current DEB Release (v1.5.1)<br> Being transparent with the community is a core value of DotSuite.</p> <p>Known Issue: In the current .deb release, some users might notice the UI defaulting to Light Mode on specific GTK-based distros (like Kali). Additionally, the update helper might trigger a Polkit permission error due to setuid restrictions in the /tmp/ directory.</p> <p>The Fix: I am already working on v1.5.2, which migrates the update path to ~/.local/state/ and forces the Fusion style engine to ensure a consistent Dark Mode experience. The fix will be live tomorrow.</p> <p>Stay tuned, and thanks for the support!</p> <p><em>DotSuite — built for the shadows</em> 👻</p> python security cryptography linux DotShare v3.1 — Toast Engine, Race Condition Fix, and Surviving Reddit's S3 Upload Pipeline freerave Mon, 13 Apr 2026 10:19:46 +0000 https://forem.com/freerave/dotshare-v31-toast-engine-race-condition-fix-and-surviving-reddits-s3-upload-pipeline-d8b https://forem.com/freerave/dotshare-v31-toast-engine-race-condition-fix-and-surviving-reddits-s3-upload-pipeline-d8b <h2> Full technical breakdown of v3.1 'The Polish Pass' — a custom WebView toast system, global loading states, per-platform character limits, and the two bugs that took the longest to kill. </h2> <p>v3.0 added the platforms. v3.1 made them feel like they belonged.</p> <p>"The Polish Pass" is the kind of release that's invisible when it works and infuriating when it doesn't. No new platforms. No headline features. Just: notifications that don't hijack your screen, buttons that tell you something is happening, character counters that actually enforce limits — and two bugs that were quietly breaking things since the beginning.</p> <p>This is the full technical breakdown.</p> <h2> What's in v3.1 </h2> <ul> <li>Custom WebView toast notification engine (replaces VS Code popups)</li> <li>Global loading states on all async actions</li> <li>Per-platform character limit validation with visual feedback</li> <li>Glassmorphism UI pass</li> <li> <strong>The Disappearing Preview race condition</strong> — fixed</li> <li> <strong>Reddit's S3 native image upload pipeline</strong> — fixed</li> <li>Reddit field name synchronization between frontend and backend</li> <li>Unused variable cleanup for ESLint compliance</li> </ul> <h2> 1. The Toast Notification Engine </h2> <p>Before v3.1, every status update used <code>vscode.window.showInformationMessage()</code> — a popup in the VS Code notification center that requires manual dismissal and breaks your flow. For an extension designed to keep you in the editor, it was wrong.</p> <p>The replacement is a custom toast system that lives entirely inside the WebView.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flbwuopoy85mkx4rpm2u5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flbwuopoy85mkx4rpm2u5.png" alt="DotShare toast notifications showing success, error, warning, and info states with animated progress bars"></a></p> <h3> HTML Container </h3> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- media/webview/platform-post.html --&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"toast-container"</span> <span class="na">aria-live=</span><span class="s">"polite"</span> <span class="na">aria-atomic=</span><span class="s">"false"</span><span class="nt">&gt;&lt;/div&gt;</span> </code></pre> </div> <p>One container, fixed to the bottom-right of the WebView. Toasts mount and remove themselves.</p> <h3> The Toast Function </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// media/webview/app.ts</span> <span class="kd">type</span> <span class="nx">ToastType</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">warning</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">info</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">TOAST_ICONS</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="nx">ToastType</span><span class="p">,</span> <span class="kr">string</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="dl">'</span><span class="s1">✓</span><span class="dl">'</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">✕</span><span class="dl">'</span><span class="p">,</span> <span class="na">warning</span><span class="p">:</span> <span class="dl">'</span><span class="s1">⚠</span><span class="dl">'</span><span class="p">,</span> <span class="na">info</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ℹ</span><span class="dl">'</span><span class="p">,</span> <span class="p">};</span> <span class="kd">function</span> <span class="nf">escHtml</span><span class="p">(</span><span class="nx">str</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">str</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/&amp;/g</span><span class="p">,</span> <span class="dl">'</span><span class="s1">&amp;amp;</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/&lt;/g</span><span class="p">,</span> <span class="dl">'</span><span class="s1">&amp;lt;</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/&gt;/g</span><span class="p">,</span> <span class="dl">'</span><span class="s1">&amp;gt;</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/"/g</span><span class="p">,</span> <span class="dl">'</span><span class="s1">&amp;quot;</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">toast</span><span class="p">(</span> <span class="nx">msg</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="kd">type</span><span class="p">:</span> <span class="nx">ToastType</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">info</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ms</span><span class="p">:</span> <span class="kr">number</span> <span class="o">=</span> <span class="mi">5000</span> <span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">container</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">toast-container</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">container</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">el</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">div</span><span class="dl">'</span><span class="p">);</span> <span class="nx">el</span><span class="p">.</span><span class="nx">className</span> <span class="o">=</span> <span class="s2">`toast toast-</span><span class="p">${</span><span class="kd">type</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="nx">el</span><span class="p">.</span><span class="nf">setAttribute</span><span class="p">(</span><span class="dl">'</span><span class="s1">role</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">alert</span><span class="dl">'</span><span class="p">);</span> <span class="nx">el</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nf">setProperty</span><span class="p">(</span><span class="dl">'</span><span class="s1">--toast-duration</span><span class="dl">'</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">ms</span><span class="p">}</span><span class="s2">ms`</span><span class="p">);</span> <span class="nx">el</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="s2">` &lt;span class="toast-icon"&gt;</span><span class="p">${</span><span class="nx">TOAST_ICONS</span><span class="p">[</span><span class="kd">type</span><span class="p">]}</span><span class="s2">&lt;/span&gt; &lt;span class="toast-message"&gt;</span><span class="p">${</span><span class="nf">escHtml</span><span class="p">(</span><span class="nx">msg</span><span class="p">)}</span><span class="s2">&lt;/span&gt; &lt;div class="toast-progress"&gt;&lt;/div&gt; `</span><span class="p">;</span> <span class="nx">container</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">el</span><span class="p">);</span> <span class="c1">// Trigger enter animation on next paint</span> <span class="nf">requestAnimationFrame</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">el</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="dl">'</span><span class="s1">toast-visible</span><span class="dl">'</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="nx">ms</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">el</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="dl">'</span><span class="s1">toast-visible</span><span class="dl">'</span><span class="p">);</span> <span class="nx">el</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="dl">'</span><span class="s1">toast-exit</span><span class="dl">'</span><span class="p">);</span> <span class="nx">el</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">transitionend</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">el</span><span class="p">.</span><span class="nf">remove</span><span class="p">(),</span> <span class="p">{</span> <span class="na">once</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">},</span> <span class="nx">ms</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> CSS </h3> <div class="highlight js-code-highlight"> <pre class="highlight css"><code><span class="c">/* media/webview/style.css */</span> <span class="nf">#toast-container</span> <span class="p">{</span> <span class="nl">position</span><span class="p">:</span> <span class="nb">fixed</span><span class="p">;</span> <span class="nl">bottom</span><span class="p">:</span> <span class="m">1.5rem</span><span class="p">;</span> <span class="nl">right</span><span class="p">:</span> <span class="m">1.5rem</span><span class="p">;</span> <span class="nl">display</span><span class="p">:</span> <span class="n">flex</span><span class="p">;</span> <span class="nl">flex-direction</span><span class="p">:</span> <span class="n">column</span><span class="p">;</span> <span class="py">gap</span><span class="p">:</span> <span class="m">8px</span><span class="p">;</span> <span class="nl">z-index</span><span class="p">:</span> <span class="m">9999</span><span class="p">;</span> <span class="nl">pointer-events</span><span class="p">:</span> <span class="nb">none</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.toast</span> <span class="p">{</span> <span class="nl">display</span><span class="p">:</span> <span class="n">flex</span><span class="p">;</span> <span class="nl">align-items</span><span class="p">:</span> <span class="nb">center</span><span class="p">;</span> <span class="py">gap</span><span class="p">:</span> <span class="m">10px</span><span class="p">;</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">12px</span> <span class="m">16px</span><span class="p">;</span> <span class="nl">border-radius</span><span class="p">:</span> <span class="m">8px</span><span class="p">;</span> <span class="nl">font-size</span><span class="p">:</span> <span class="m">13px</span><span class="p">;</span> <span class="nl">min-width</span><span class="p">:</span> <span class="m">260px</span><span class="p">;</span> <span class="nl">max-width</span><span class="p">:</span> <span class="m">380px</span><span class="p">;</span> <span class="nl">position</span><span class="p">:</span> <span class="nb">relative</span><span class="p">;</span> <span class="nl">overflow</span><span class="p">:</span> <span class="nb">hidden</span><span class="p">;</span> <span class="nl">pointer-events</span><span class="p">:</span> <span class="n">all</span><span class="p">;</span> <span class="nl">opacity</span><span class="p">:</span> <span class="m">0</span><span class="p">;</span> <span class="nl">transform</span><span class="p">:</span> <span class="n">translateX</span><span class="p">(</span><span class="m">20px</span><span class="p">);</span> <span class="nl">transition</span><span class="p">:</span> <span class="n">opacity</span> <span class="m">0.2s</span> <span class="n">ease</span><span class="p">,</span> <span class="n">transform</span> <span class="m">0.2s</span> <span class="n">ease</span><span class="p">;</span> <span class="py">backdrop-filter</span><span class="p">:</span> <span class="n">blur</span><span class="p">(</span><span class="m">8px</span><span class="p">);</span> <span class="nl">-webkit-backdrop-filter</span><span class="p">:</span> <span class="n">blur</span><span class="p">(</span><span class="m">8px</span><span class="p">);</span> <span class="p">}</span> <span class="nc">.toast-visible</span> <span class="p">{</span> <span class="nl">opacity</span><span class="p">:</span> <span class="m">1</span><span class="p">;</span> <span class="nl">transform</span><span class="p">:</span> <span class="n">translateX</span><span class="p">(</span><span class="m">0</span><span class="p">);</span> <span class="p">}</span> <span class="nc">.toast-exit</span> <span class="p">{</span> <span class="nl">opacity</span><span class="p">:</span> <span class="m">0</span><span class="p">;</span> <span class="nl">transform</span><span class="p">:</span> <span class="n">translateX</span><span class="p">(</span><span class="m">20px</span><span class="p">);</span> <span class="p">}</span> <span class="nc">.toast-success</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="n">rgba</span><span class="p">(</span><span class="m">29</span><span class="p">,</span><span class="m">158</span><span class="p">,</span><span class="m">117</span><span class="p">,</span><span class="m">0.15</span><span class="p">);</span> <span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="n">rgba</span><span class="p">(</span><span class="m">29</span><span class="p">,</span><span class="m">158</span><span class="p">,</span><span class="m">117</span><span class="p">,</span><span class="m">0.4</span><span class="p">);</span> <span class="nl">color</span><span class="p">:</span> <span class="m">#4ade80</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.toast-error</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="n">rgba</span><span class="p">(</span><span class="m">239</span><span class="p">,</span><span class="m">68</span><span class="p">,</span><span class="m">68</span><span class="p">,</span><span class="m">0.15</span><span class="p">);</span> <span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="n">rgba</span><span class="p">(</span><span class="m">239</span><span class="p">,</span><span class="m">68</span><span class="p">,</span><span class="m">68</span><span class="p">,</span><span class="m">0.4</span><span class="p">);</span> <span class="nl">color</span><span class="p">:</span> <span class="m">#f87171</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.toast-warning</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="n">rgba</span><span class="p">(</span><span class="m">245</span><span class="p">,</span><span class="m">158</span><span class="p">,</span><span class="m">11</span><span class="p">,</span><span class="m">0.15</span><span class="p">);</span> <span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="n">rgba</span><span class="p">(</span><span class="m">245</span><span class="p">,</span><span class="m">158</span><span class="p">,</span><span class="m">11</span><span class="p">,</span><span class="m">0.4</span><span class="p">);</span> <span class="nl">color</span><span class="p">:</span> <span class="m">#fbbf24</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.toast-info</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="n">rgba</span><span class="p">(</span><span class="m">59</span><span class="p">,</span><span class="m">130</span><span class="p">,</span><span class="m">246</span><span class="p">,</span><span class="m">0.15</span><span class="p">);</span> <span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="n">rgba</span><span class="p">(</span><span class="m">59</span><span class="p">,</span><span class="m">130</span><span class="p">,</span><span class="m">246</span><span class="p">,</span><span class="m">0.4</span><span class="p">);</span> <span class="nl">color</span><span class="p">:</span> <span class="m">#60a5fa</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.toast-progress</span> <span class="p">{</span> <span class="nl">position</span><span class="p">:</span> <span class="nb">absolute</span><span class="p">;</span> <span class="nl">bottom</span><span class="p">:</span> <span class="m">0</span><span class="p">;</span> <span class="nl">left</span><span class="p">:</span> <span class="m">0</span><span class="p">;</span> <span class="nl">height</span><span class="p">:</span> <span class="m">2px</span><span class="p">;</span> <span class="nl">width</span><span class="p">:</span> <span class="m">100%</span><span class="p">;</span> <span class="nl">background</span><span class="p">:</span> <span class="n">currentColor</span><span class="p">;</span> <span class="nl">opacity</span><span class="p">:</span> <span class="m">0.4</span><span class="p">;</span> <span class="nl">animation</span><span class="p">:</span> <span class="n">toast-shrink</span> <span class="n">var</span><span class="p">(</span><span class="n">--toast-duration</span><span class="p">,</span> <span class="m">5000ms</span><span class="p">)</span> <span class="n">linear</span> <span class="n">forwards</span><span class="p">;</span> <span class="p">}</span> <span class="k">@keyframes</span> <span class="n">toast-shrink</span> <span class="p">{</span> <span class="nt">from</span> <span class="p">{</span> <span class="nl">width</span><span class="p">:</span> <span class="m">100%</span><span class="p">;</span> <span class="p">}</span> <span class="nt">to</span> <span class="p">{</span> <span class="nl">width</span><span class="p">:</span> <span class="m">0%</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> 2. Global Loading States </h2> <p>Every async button now disables itself and shows a spinner during the operation. Prevents double-submissions. Makes it obvious something is happening.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// media/webview/app.ts</span> <span class="kd">function</span> <span class="nf">setLoading</span><span class="p">(</span><span class="nx">btn</span><span class="p">:</span> <span class="nx">HTMLButtonElement</span><span class="p">,</span> <span class="nx">loading</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">label</span><span class="p">?:</span> <span class="kr">string</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">loading</span><span class="p">)</span> <span class="p">{</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">dataset</span><span class="p">.</span><span class="nx">originalText</span> <span class="o">=</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">=</span> <span class="nx">label</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">⏳ Working…</span><span class="dl">'</span><span class="p">;</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">disabled</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-loading</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">=</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">dataset</span><span class="p">.</span><span class="nx">originalText</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">Share</span><span class="dl">'</span><span class="p">;</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">disabled</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-loading</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// On click — enter loading state</span> <span class="nx">btnShare</span><span class="p">?.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">click</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">btnShare</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="nf">setLoading</span><span class="p">(</span><span class="nx">btnShare</span><span class="p">,</span> <span class="kc">true</span><span class="p">,</span> <span class="dl">'</span><span class="s1">⏳ Sharing…</span><span class="dl">'</span><span class="p">);</span> <span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">share</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">platform</span><span class="p">:</span> <span class="nx">activeCommandPlatform</span><span class="p">,</span> <span class="na">post</span><span class="p">:</span> <span class="nx">textarea</span><span class="p">?.</span><span class="nx">value</span><span class="p">.</span><span class="nf">trim</span><span class="p">(),</span> <span class="na">mediaFilePaths</span><span class="p">:</span> <span class="nx">activeMediaPaths</span><span class="p">,</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">// On complete — exit loading state</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">shareComplete</span><span class="dl">'</span><span class="p">:</span> <span class="k">if </span><span class="p">(</span><span class="nx">btnShare</span><span class="p">)</span> <span class="nf">setLoading</span><span class="p">(</span><span class="nx">btnShare</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="nf">resetAllComposers</span><span class="p">();</span> <span class="nf">toast</span><span class="p">(</span><span class="dl">'</span><span class="s1">Shared successfully!</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="c1">// On error — also exit loading so user can retry</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">status</span><span class="dl">'</span><span class="p">:</span> <span class="k">if </span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">btnShare</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="nx">btnShare</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="nf">toast</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">status</span> <span class="o">??</span> <span class="dl">''</span><span class="p">),</span> <span class="nx">msg</span><span class="p">.</span><span class="kd">type</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">info</span><span class="dl">'</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> </code></pre> </div> <h2> 3. Character Limit Validation </h2> <p><code>MAX_CHARS</code> existed before v3.1 but was never wired to the UI. This release connects it to both the counter display and the share button state.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9p29pc5hrwx4u0q8q9r9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9p29pc5hrwx4u0q8q9r9.png" alt="Character counter at 240/280 for X showing warning color, and over-limit state with red counter and disabled share button"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// media/webview/app.ts</span> <span class="kd">const</span> <span class="nx">MAX_CHARS</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="kr">number</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="na">x</span><span class="p">:</span> <span class="mi">280</span><span class="p">,</span> <span class="na">bluesky</span><span class="p">:</span> <span class="mi">300</span><span class="p">,</span> <span class="na">linkedin</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">telegram</span><span class="p">:</span> <span class="mi">4096</span><span class="p">,</span> <span class="na">facebook</span><span class="p">:</span> <span class="mi">63206</span><span class="p">,</span> <span class="na">discord</span><span class="p">:</span> <span class="mi">2000</span><span class="p">,</span> <span class="na">reddit</span><span class="p">:</span> <span class="mi">40000</span><span class="p">,</span> <span class="na">devto</span><span class="p">:</span> <span class="mi">100000</span><span class="p">,</span> <span class="na">medium</span><span class="p">:</span> <span class="mi">100000</span><span class="p">,</span> <span class="p">};</span> <span class="kd">function</span> <span class="nf">updateCharCounter</span><span class="p">():</span> <span class="k">void</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">textarea</span> <span class="o">||</span> <span class="o">!</span><span class="nx">counter</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">len</span> <span class="o">=</span> <span class="nx">textarea</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">platform</span> <span class="o">=</span> <span class="nx">activeCommandPlatform</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">max</span> <span class="o">=</span> <span class="nx">MAX_CHARS</span><span class="p">[</span><span class="nx">platform</span><span class="p">]</span> <span class="o">??</span> <span class="kc">null</span><span class="p">;</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">=</span> <span class="nx">max</span> <span class="p">?</span> <span class="s2">`</span><span class="p">${</span><span class="nx">len</span><span class="p">}</span><span class="s2"> / </span><span class="p">${</span><span class="nx">max</span><span class="p">}</span><span class="s2">`</span> <span class="p">:</span> <span class="nc">String</span><span class="p">(</span><span class="nx">len</span><span class="p">);</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">className</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">compose-counter</span><span class="dl">'</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">max</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">len</span> <span class="o">&gt;</span> <span class="nx">max</span><span class="p">)</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="dl">'</span><span class="s1">counter-error</span><span class="dl">'</span><span class="p">);</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">len</span> <span class="o">&gt;</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">(</span><span class="nx">max</span> <span class="o">*</span> <span class="mf">0.8</span><span class="p">))</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="dl">'</span><span class="s1">counter-warn</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">updateShareBtn</span><span class="p">():</span> <span class="k">void</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">btnShare</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">empty</span> <span class="o">=</span> <span class="o">!</span><span class="nx">textarea</span><span class="p">?.</span><span class="nx">value</span><span class="p">.</span><span class="nf">trim</span><span class="p">().</span><span class="nx">length</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">platform</span> <span class="o">=</span> <span class="nx">activeCommandPlatform</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">max</span> <span class="o">=</span> <span class="nx">MAX_CHARS</span><span class="p">[</span><span class="nx">platform</span><span class="p">]</span> <span class="o">??</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">over</span> <span class="o">=</span> <span class="nx">max</span> <span class="p">?</span> <span class="p">(</span><span class="nx">textarea</span><span class="p">?.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">??</span> <span class="mi">0</span><span class="p">)</span> <span class="o">&gt;</span> <span class="nx">max</span> <span class="p">:</span> <span class="kc">false</span><span class="p">;</span> <span class="nx">btnShare</span><span class="p">.</span><span class="nx">disabled</span> <span class="o">=</span> <span class="nx">empty</span> <span class="o">||</span> <span class="nx">over</span><span class="p">;</span> <span class="p">}</span> <span class="nx">textarea</span><span class="p">?.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">input</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">updateCharCounter</span><span class="p">();</span> <span class="nf">updateShareBtn</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight css"><code><span class="nc">.compose-counter</span> <span class="p">{</span> <span class="nl">color</span><span class="p">:</span> <span class="n">var</span><span class="p">(</span><span class="n">--vscode-descriptionForeground</span><span class="p">);</span> <span class="nl">font-size</span><span class="p">:</span> <span class="m">12px</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.compose-counter.counter-warn</span> <span class="p">{</span> <span class="nl">color</span><span class="p">:</span> <span class="m">#f59e0b</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.compose-counter.counter-error</span> <span class="p">{</span> <span class="nl">color</span><span class="p">:</span> <span class="m">#ef4444</span><span class="p">;</span> <span class="nl">font-weight</span><span class="p">:</span> <span class="m">600</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> 4. The Glassmorphism UI Pass </h2> <p>Cards and modals now use <code>backdrop-filter: blur</code> with semi-transparent fills. Depth without visual weight.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight css"><code><span class="nc">.composer-card</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="n">rgba</span><span class="p">(</span><span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">0.04</span><span class="p">);</span> <span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="n">rgba</span><span class="p">(</span><span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">0.08</span><span class="p">);</span> <span class="nl">border-radius</span><span class="p">:</span> <span class="m">12px</span><span class="p">;</span> <span class="py">backdrop-filter</span><span class="p">:</span> <span class="n">blur</span><span class="p">(</span><span class="m">8px</span><span class="p">);</span> <span class="nl">-webkit-backdrop-filter</span><span class="p">:</span> <span class="n">blur</span><span class="p">(</span><span class="m">8px</span><span class="p">);</span> <span class="nl">transition</span><span class="p">:</span> <span class="n">border-color</span> <span class="m">0.2s</span> <span class="n">ease</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.composer-card</span><span class="nd">:hover</span> <span class="p">{</span> <span class="nl">border-color</span><span class="p">:</span> <span class="n">rgba</span><span class="p">(</span><span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">0.14</span><span class="p">);</span> <span class="p">}</span> <span class="nc">.modal-content</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="n">rgba</span><span class="p">(</span><span class="m">30</span><span class="p">,</span> <span class="m">30</span><span class="p">,</span> <span class="m">40</span><span class="p">,</span> <span class="m">0.92</span><span class="p">);</span> <span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="n">rgba</span><span class="p">(</span><span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">255</span><span class="p">,</span> <span class="m">0.1</span><span class="p">);</span> <span class="nl">border-radius</span><span class="p">:</span> <span class="m">14px</span><span class="p">;</span> <span class="py">backdrop-filter</span><span class="p">:</span> <span class="n">blur</span><span class="p">(</span><span class="m">12px</span><span class="p">);</span> <span class="nl">-webkit-backdrop-filter</span><span class="p">:</span> <span class="n">blur</span><span class="p">(</span><span class="m">12px</span><span class="p">);</span> <span class="nl">animation</span><span class="p">:</span> <span class="n">modal-enter</span> <span class="m">0.2s</span> <span class="n">cubic-bezier</span><span class="p">(</span><span class="m">0.34</span><span class="p">,</span> <span class="m">1.56</span><span class="p">,</span> <span class="m">0.64</span><span class="p">,</span> <span class="m">1</span><span class="p">);</span> <span class="p">}</span> <span class="k">@keyframes</span> <span class="n">modal-enter</span> <span class="p">{</span> <span class="nt">from</span> <span class="p">{</span> <span class="nl">opacity</span><span class="p">:</span> <span class="m">0</span><span class="p">;</span> <span class="nl">transform</span><span class="p">:</span> <span class="n">scale</span><span class="p">(</span><span class="m">0.95</span><span class="p">)</span> <span class="n">translateY</span><span class="p">(</span><span class="m">8px</span><span class="p">);</span> <span class="p">}</span> <span class="nt">to</span> <span class="p">{</span> <span class="nl">opacity</span><span class="p">:</span> <span class="m">1</span><span class="p">;</span> <span class="nl">transform</span><span class="p">:</span> <span class="n">scale</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="n">translateY</span><span class="p">(</span><span class="m">0</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> 5. The Disappearing Preview Race Condition </h2> <p>This was the most subtle bug. And it was hiding in plain sight.</p> <h3> The Symptom </h3> <p>Attach a file → preview appears → preview vanishes 500ms later. Every time.</p> <h3> The Root Cause </h3> <p>When a file uploaded successfully, the backend sent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">command:</span><span class="w"> </span><span class="err">'status'</span><span class="p">,</span><span class="w"> </span><span class="err">type:</span><span class="w"> </span><span class="err">'success'</span><span class="p">,</span><span class="w"> </span><span class="err">status:</span><span class="w"> </span><span class="err">'File</span><span class="w"> </span><span class="err">uploaded</span><span class="w"> </span><span class="err">successfully'</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The WebView message handler treated <em>every</em> success the same way:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ BEFORE — nuked everything on any success message</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">status</span><span class="dl">'</span><span class="p">:</span> <span class="k">if </span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nf">resetAllComposers</span><span class="p">();</span> <span class="c1">// cleared activeMediaPaths + removed preview DOM</span> <span class="p">}</span> <span class="nf">toast</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="nx">msg</span><span class="p">.</span><span class="kd">type</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> </code></pre> </div> <p><code>resetAllComposers()</code> was designed for one thing: clean up after a post is fully shared. But it was firing on file uploads, auto-saves, and every other intermediate success too.</p> <h3> The Fix </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ✅ AFTER — terminal vs intermediate distinction</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">status</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="nf">toast</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">status</span> <span class="o">??</span> <span class="dl">''</span><span class="p">),</span> <span class="nx">msg</span><span class="p">.</span><span class="kd">type</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">info</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="kd">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">text</span> <span class="o">=</span> <span class="nc">String</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">status</span> <span class="o">??</span> <span class="dl">''</span><span class="p">).</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">isTerminal</span> <span class="o">=</span> <span class="nx">text</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">shared</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">text</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">published</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">text</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">complete</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">isIntermediate</span> <span class="o">=</span> <span class="nx">text</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">upload</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">text</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">saved</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">text</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">processing</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">isTerminal</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">isIntermediate</span><span class="p">)</span> <span class="p">{</span> <span class="nf">resetAllComposers</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>The rule going forward:</strong> <code>resetAllComposers()</code> is terminal-only. Intermediate feedback goes to <code>toast()</code> and targeted DOM updates — never a full reset.</p> <h2> 6. Reddit's S3 Upload Pipeline </h2> <p>This was the hardest fix in v3.1. Reddit's native image upload doesn't use a standard multipart POST endpoint. It routes through Amazon S3, and the sequence has enough specific requirements that every step has its own failure mode.</p> <h3> The Full Flow </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /api/media/asset.json → receive S3 upload URL + signed fields POST to S3 URL (FormData) → upload the file bytes POST /api/submit → create the Reddit post with asset URL </code></pre> </div> <h3> Step 1 — Get S3 Credentials </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/platforms/reddit.ts</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getS3UploadUrl</span><span class="p">(</span> <span class="nx">accessToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">filePath</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">mimeType</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">uploadUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">fields</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="kr">string</span><span class="o">&gt;</span><span class="p">;</span> <span class="nl">assetUrl</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="dl">'</span><span class="s1">https://oauth.reddit.com/api/media/asset.json</span><span class="dl">'</span><span class="p">,</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="na">filepath</span><span class="p">:</span> <span class="nx">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="nx">filePath</span><span class="p">),</span> <span class="na">mimetype</span><span class="p">:</span> <span class="nx">mimeType</span><span class="p">,</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">accessToken</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">User-Agent</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DotShare/3.1</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">uploadUrl</span> <span class="o">=</span> <span class="s2">`https:</span><span class="p">${</span><span class="nx">res</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">args</span><span class="p">.</span><span class="nx">action</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="c1">// Reddit returns fields as [{name, value}] array — convert to object</span> <span class="kd">const</span> <span class="na">fields</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="kr">string</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{};</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">f</span> <span class="k">of</span> <span class="nx">res</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">args</span><span class="p">.</span><span class="nx">fields</span><span class="p">)</span> <span class="p">{</span> <span class="nx">fields</span><span class="p">[</span><span class="nx">f</span><span class="p">.</span><span class="nx">name</span><span class="p">]</span> <span class="o">=</span> <span class="nx">f</span><span class="p">.</span><span class="nx">value</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">uploadUrl</span><span class="p">,</span> <span class="nx">fields</span><span class="p">,</span> <span class="na">assetUrl</span><span class="p">:</span> <span class="s2">`https://i.redd.it/</span><span class="p">${</span><span class="nx">res</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">asset</span><span class="p">.</span><span class="nx">asset_id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h3> Step 2 — Upload to S3 </h3> <p>Two traps here. Field order in FormData matters — S3 requires all fields before the file. And S3 requires <code>Content-Length</code> explicitly — axios doesn't set it automatically for <code>FormData</code> in Node.js.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">uploadToS3</span><span class="p">(</span> <span class="nx">uploadUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">fields</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="kr">string</span><span class="o">&gt;</span><span class="p">,</span> <span class="nx">filePath</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">mimeType</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">fileBuffer</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">fs</span><span class="p">.</span><span class="nx">promises</span><span class="p">.</span><span class="nf">readFile</span><span class="p">(</span><span class="nx">filePath</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">formData</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FormData</span><span class="p">();</span> <span class="c1">// All fields MUST come before the file — S3 policy</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="p">[</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">]</span> <span class="k">of</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">entries</span><span class="p">(</span><span class="nx">fields</span><span class="p">))</span> <span class="p">{</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">);</span> <span class="p">}</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span> <span class="dl">'</span><span class="s1">file</span><span class="dl">'</span><span class="p">,</span> <span class="k">new</span> <span class="nc">Blob</span><span class="p">([</span><span class="nx">fileBuffer</span><span class="p">],</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">mimeType</span> <span class="p">}),</span> <span class="nx">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="nx">filePath</span><span class="p">)</span> <span class="p">);</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">uploadUrl</span><span class="p">,</span> <span class="nx">formData</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Length</span><span class="dl">'</span><span class="p">:</span> <span class="nx">fileBuffer</span><span class="p">.</span><span class="nx">byteLength</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="p">},</span> <span class="na">maxBodyLength</span><span class="p">:</span> <span class="kc">Infinity</span><span class="p">,</span> <span class="na">maxContentLength</span><span class="p">:</span> <span class="kc">Infinity</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h3> Step 3 — Submit the Post </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">submitRedditImagePost</span><span class="p">(</span> <span class="nx">accessToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">subreddit</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">assetUrl</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="dl">'</span><span class="s1">https://oauth.reddit.com/api/submit</span><span class="dl">'</span><span class="p">,</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="na">sr</span><span class="p">:</span> <span class="nx">subreddit</span><span class="p">,</span> <span class="na">kind</span><span class="p">:</span> <span class="dl">'</span><span class="s1">image</span><span class="dl">'</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="nx">title</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="nx">assetUrl</span><span class="p">,</span> <span class="c1">// use asset URL, NOT the CDN URL</span> <span class="na">resubmit</span><span class="p">:</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span><span class="p">,</span> <span class="na">api_type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">json</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">accessToken</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">User-Agent</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">DotShare/3.1</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">postUrl</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">json</span><span class="p">?.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">url</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">postUrl</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">errors</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">json</span><span class="p">?.</span><span class="nx">errors</span><span class="p">;</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span> <span class="nx">errors</span><span class="p">?.</span><span class="nx">length</span> <span class="p">?</span> <span class="s2">`Reddit: </span><span class="p">${</span><span class="nx">errors</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="mi">1</span><span class="p">]}</span><span class="s2">`</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Reddit: no post URL in response</span><span class="dl">'</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">postUrl</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>The three traps summarized:</strong></p> <ol> <li>FormData field order — fields before file or S3 returns 403</li> <li>Missing <code>Content-Length</code> — AWS returns 400, message says "malformed body"</li> <li>CDN URL vs asset URL — <code>i.redd.it/ID</code> is unpopulated at submit time, use the S3 action URL</li> </ol> <h2> 7. Reddit Field Name Sync </h2> <p>Found this while fixing the S3 pipeline. The WebView was sending field names the backend didn't recognize — and the post text wasn't being sent at all.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ BEFORE</span> <span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">shareToReddit</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">subreddit</span><span class="p">:</span> <span class="nf">val</span><span class="p">(</span><span class="dl">'</span><span class="s1">redditSubreddit</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// ❌ handler expects 'redditSubreddit'</span> <span class="na">title</span><span class="p">:</span> <span class="nf">val</span><span class="p">(</span><span class="dl">'</span><span class="s1">redditTitle</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// ❌ handler expects 'redditTitle'</span> <span class="na">flair</span><span class="p">:</span> <span class="p">...,</span> <span class="c1">// ❌ handler expects 'redditFlairId'</span> <span class="na">postType</span><span class="p">:</span> <span class="p">...,</span> <span class="c1">// ❌ handler expects 'redditPostType'</span> <span class="c1">// ❌ 'post' (the text) missing entirely</span> <span class="p">});</span> <span class="c1">// ✅ AFTER</span> <span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">shareToReddit</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">post</span><span class="p">:</span> <span class="nx">textarea</span><span class="p">?.</span><span class="nx">value</span><span class="p">.</span><span class="nf">trim</span><span class="p">()</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="na">redditSubreddit</span><span class="p">:</span> <span class="nf">val</span><span class="p">(</span><span class="dl">'</span><span class="s1">redditSubreddit</span><span class="dl">'</span><span class="p">),</span> <span class="na">redditTitle</span><span class="p">:</span> <span class="nf">val</span><span class="p">(</span><span class="dl">'</span><span class="s1">redditTitle</span><span class="dl">'</span><span class="p">),</span> <span class="na">redditFlairId</span><span class="p">:</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLSelectElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">redditFlair</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="na">redditPostType</span><span class="p">:</span> <span class="nb">document</span><span class="p">.</span><span class="nx">querySelector</span><span class="o">&lt;</span><span class="nx">HTMLInputElement</span><span class="o">&gt;</span><span class="p">(</span> <span class="dl">'</span><span class="s1">input[name="redditPostType"]:checked</span><span class="dl">'</span> <span class="p">)?.</span><span class="nx">value</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">self</span><span class="dl">'</span><span class="p">,</span> <span class="na">redditSpoiler</span><span class="p">:</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLInputElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">redditSpoiler</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">checked</span> <span class="o">??</span> <span class="kc">false</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <h2> 8. Unused Variable Cleanup </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ BEFORE</span> <span class="kd">const</span> <span class="nx">btnShare</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLButtonElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-share</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">btnGenerate</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLButtonElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-generate-ai</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">btnSchedule</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLButtonElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-schedule</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// never used → ESLint error</span> <span class="kd">const</span> <span class="nx">btnMedia</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLButtonElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-attach-media</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// ✅ AFTER</span> <span class="kd">const</span> <span class="nx">btnShare</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLButtonElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-share</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">btnGenerate</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLButtonElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-generate-ai</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">btnMedia</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLButtonElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">btn-attach-media</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Scheduling stays in the HTML as a disabled "Coming Soon" button — listener is commented out pending v3.2.</p> <h2> v3.1 Summary </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>Before</th> <th>After</th> </tr> </thead> <tbody> <tr> <td>Status feedback</td> <td>VS Code popups</td> <td>Inline toast engine</td> </tr> <tr> <td>File preview</td> <td>Disappears on upload</td> <td>Stable ✅</td> </tr> <tr> <td>Character limits</td> <td>Display only</td> <td>Enforced + visual feedback</td> </tr> <tr> <td>Reddit images</td> <td>Broken (S3 errors)</td> <td>Full pipeline working ✅</td> </tr> <tr> <td>Reddit fields</td> <td>Mismatched</td> <td>Synchronized ✅</td> </tr> <tr> <td>ESLint</td> <td>1 unused var warning</td> <td>0 warnings ✅</td> </tr> </tbody> </table></div> <h3> See It in Action </h3> <p><strong>LinkedIn posting demo:</strong><br> <iframe src="https://www.youtube.com/embed/cHPtzNBK9ZY"> </iframe> </p> <p><strong>Telegram posting demo:</strong><br> <iframe src="https://www.youtube.com/embed/XpqMji5FPtI"> </iframe> </p> <p><strong>Bluesky posting demo:</strong><br> <iframe src="https://www.youtube.com/embed/R3ZJqlyOZbM"> </iframe> </p> <h2> Install DotShare </h2> <p><a href="https://marketplace.visualstudio.com/items?itemName=FreeRave.dotshare" rel="noopener noreferrer">VS Code Marketplace</a></p> <p><a href="https://open-vsx.org/extension/freerave/dotshare" rel="noopener noreferrer">Open VSX (VSCodium / Gitpod</a></p> <p><a href="https://github.com/kareem2099/DotShare" rel="noopener noreferrer">GitHub — star, fork, contribute</a></p> <p>v3.2 "The Media Expansion" — up to 4 images per post, per-thumbnail previews, JIT compression, secure WebView URIs — breakdown coming next.</p> vscode typescript debugging webdev DotShare v3.0 — I Turned My VS Code Extension Into a Full Publishing Suite (Dev.to + Medium Inside) freerave Sun, 12 Apr 2026 19:37:13 +0000 https://forem.com/freerave/dotshare-v30-i-turned-my-vs-code-extension-into-a-full-publishing-suite-devto-medium-inside-15fe https://forem.com/freerave/dotshare-v30-i-turned-my-vs-code-extension-into-a-full-publishing-suite-devto-medium-inside-15fe <h2> A deep technical dive into DotShare v3.0 — the Publishing Suite update that added Dev.to &amp; Medium integrations, a YAML frontmatter parser, platform-first navigation, and a unified PostExecutor architecture. All from inside VS Code. </h2> <h2> I Built a VS Code Extension That Posts to Dev.to, Medium &amp; 7 Social Platforms — Here's How v3.0 Works </h2> <blockquote> <p><strong>TL;DR</strong> — DotShare v3.0 "The Publishing Suite" transforms the extension from a social poster into a full publishing platform. This post is a deep technical walkthrough of the architecture decisions, the blog API integrations, and the tricky edge cases that took the most time to solve.</p> </blockquote> <h2> 🧠 The Problem I Was Solving </h2> <p>Every time I shipped a new feature, I'd write a commit message, then write a Dev.to draft, then rephrase it for LinkedIn, then trim it for Twitter, then reformat it for Medium. Four context switches. Four text editors. Thirty minutes of overhead before my actual audience saw anything.</p> <p>I'm a VS Code developer. I live in this editor. So I built <strong>DotShare</strong> — an extension that lets me write once, then distribute everywhere. v1 and v2 handled social platforms. <strong>v3.0 adds Dev.to and Medium</strong>, and rearchitects the whole thing into something I'm finally proud of.</p> <p>Let me walk you through exactly how I built it.</p> <h2> 🗺️ The Big Picture: What Changed in v3.0 </h2> <p>Before v3.0, DotShare had one mental model: <strong>a short post goes to social media.</strong> The UI reflected that — a single textarea, a platform grid, a share button.</p> <p>v3.0 breaks that assumption. Now there are two distinct workflows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────────────────────────────────────────┐ │ DotShare v3.0 Workspace │ ├──────────────────────┬───────────────────────────┤ │ SOCIAL WORKSPACE │ BLOG WORKSPACE │ │ │ │ │ • Single post │ • Title + Tags │ │ • Thread composer │ • Markdown body │ │ • 280–25K chars │ • Canonical URL │ │ • Image attach │ • Cover image URL │ │ │ • Draft/Publish toggle │ │ Platforms: │ │ │ X, LinkedIn, │ Platforms: │ │ Bluesky, Reddit, │ Dev.to, Medium │ │ Facebook, Discord, │ │ │ Telegram │ │ └──────────────────────┴───────────────────────────┘ </code></pre> </div> <p>The key architectural move was making <strong>platform selection drive the UI</strong>, not the other way around. Let me show you how that works.</p> <h2> 🏗️ Architecture: <code>platform-config.ts</code> as Single Source of Truth </h2> <p>The old code had workspace logic scattered everywhere — HTML conditionals, JS checks, handler guards. I replaced all of it with one file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/platforms/platform-config.ts</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">WorkspaceType</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">social</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">blog</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">thread</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">AuthType</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">oauth</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">apikey</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">bearer</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">bot</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">PlatformConfig</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">icon</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">workspaceType</span><span class="p">:</span> <span class="nx">WorkspaceType</span><span class="p">;</span> <span class="nl">maxChars</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// null = no limit</span> <span class="nl">supportsThreads</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">supportsMedia</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">supportsScheduling</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">charCountMethod</span><span class="p">:</span> <span class="dl">'</span><span class="s1">standard</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">twitter</span><span class="dl">'</span><span class="p">;</span> <span class="nl">authType</span><span class="p">:</span> <span class="nx">AuthType</span><span class="p">;</span> <span class="nl">color</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">PLATFORM_CONFIGS</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">PlatformConfig</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="na">x</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">X (Twitter)</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">𝕏</span><span class="dl">'</span><span class="p">,</span> <span class="na">workspaceType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">social</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxChars</span><span class="p">:</span> <span class="mi">280</span><span class="p">,</span> <span class="na">supportsThreads</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">supportsMedia</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">supportsScheduling</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">charCountMethod</span><span class="p">:</span> <span class="dl">'</span><span class="s1">twitter</span><span class="dl">'</span><span class="p">,</span> <span class="na">authType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">oauth</span><span class="dl">'</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#000000</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">devto</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">devto</span><span class="dl">'</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Dev.to</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">👨‍💻</span><span class="dl">'</span><span class="p">,</span> <span class="na">workspaceType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">blog</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxChars</span><span class="p">:</span> <span class="mi">100000</span><span class="p">,</span> <span class="na">supportsThreads</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">supportsMedia</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// API doesn't support file uploads</span> <span class="na">supportsScheduling</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">charCountMethod</span><span class="p">:</span> <span class="dl">'</span><span class="s1">standard</span><span class="dl">'</span><span class="p">,</span> <span class="na">authType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">apikey</span><span class="dl">'</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#0a0a0a</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">medium</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">medium</span><span class="dl">'</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Medium</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Ⓜ️</span><span class="dl">'</span><span class="p">,</span> <span class="na">workspaceType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">blog</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxChars</span><span class="p">:</span> <span class="mi">100000</span><span class="p">,</span> <span class="na">supportsThreads</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">supportsMedia</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">supportsScheduling</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">charCountMethod</span><span class="p">:</span> <span class="dl">'</span><span class="s1">standard</span><span class="dl">'</span><span class="p">,</span> <span class="na">authType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">bearer</span><span class="dl">'</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#00ab6c</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="c1">// ... linkedin, bluesky, reddit, etc.</span> <span class="p">};</span> </code></pre> </div> <p>Now when the user clicks a platform icon in the sidebar, one function handles everything:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// media/webview/app.ts</span> <span class="kd">function</span> <span class="nf">switchPlatform</span><span class="p">(</span><span class="nx">platformId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="nx">PLATFORM_CONFIGS</span><span class="p">[</span><span class="nx">platformId</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">config</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="nx">activeCommandPlatform</span> <span class="o">=</span> <span class="nx">platformId</span><span class="p">;</span> <span class="c1">// Workspace switching — driven entirely by config</span> <span class="kd">const</span> <span class="nx">workspace</span> <span class="o">=</span> <span class="nx">config</span><span class="p">.</span><span class="nx">workspaceType</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelectorAll</span><span class="p">(</span><span class="dl">'</span><span class="s1">.workspace</span><span class="dl">'</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">el</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="p">(</span><span class="nx">el</span> <span class="k">as</span> <span class="nx">HTMLElement</span><span class="p">).</span><span class="nx">style</span><span class="p">.</span><span class="nx">display</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">none</span><span class="dl">'</span><span class="p">;</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">target</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="s2">`workspace-</span><span class="p">${</span><span class="nx">workspace</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">target</span><span class="p">)</span> <span class="nx">target</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">display</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">flex</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Update platform header</span> <span class="nf">updatePlatformHeader</span><span class="p">(</span><span class="nx">config</span><span class="p">);</span> <span class="c1">// Refresh character counter with new limits</span> <span class="nf">updateCharCounter</span><span class="p">();</span> <span class="nf">updateShareBtn</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>No more scattered <code>if (platform === 'devto')</code> checks in 12 different places.</p> <h2> 📝 The Blog Publish Page: Loading Your Active <code>.md</code> File </h2> <p>This was the feature I was most excited to build. The idea: you're editing a <code>CHANGELOG.md</code> or a <code>blog-post.md</code> in VS Code. Hit a button. The publish form fills itself.</p> <h3> Backend: Reading the Active Editor </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/handlers/MessageHandler.ts</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">loadActiveFile</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">editor</span> <span class="o">=</span> <span class="nx">vscode</span><span class="p">.</span><span class="nb">window</span><span class="p">.</span><span class="nx">activeTextEditor</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">editor</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">No active editor found</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="nx">editor</span><span class="p">.</span><span class="nb">document</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">languageId</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">markdown</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">Active file is not a Markdown file</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">warning</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">content</span> <span class="o">=</span> <span class="nx">doc</span><span class="p">.</span><span class="nf">getText</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">filePath</span> <span class="o">=</span> <span class="nx">doc</span><span class="p">.</span><span class="nx">uri</span><span class="p">.</span><span class="nx">fsPath</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">fileName</span> <span class="o">=</span> <span class="nx">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="nx">filePath</span><span class="p">,</span> <span class="dl">'</span><span class="s1">.md</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Parse frontmatter and send back to WebView</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="nf">parseFrontmatter</span><span class="p">(</span><span class="nx">content</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">webview</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">command</span><span class="p">:</span> <span class="dl">'</span><span class="s1">activeFileLoaded</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">parsed</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="na">frontmatter</span><span class="p">:</span> <span class="nx">parsed</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="nx">fileName</span><span class="p">,</span> <span class="p">});</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> The YAML Frontmatter Parser </h3> <p>Dev.to and Medium both use YAML frontmatter. I built a parser that extracts the fields I care about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/utils/frontmatterParser.ts</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">FrontMatter</span> <span class="p">{</span> <span class="nl">title</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">description</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">tags</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">cover_image</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">canonical_url</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">series</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">published</span><span class="p">?:</span> <span class="nx">boolean</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">unlisted</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ParsedDocument</span> <span class="p">{</span> <span class="nl">data</span><span class="p">:</span> <span class="nx">FrontMatter</span><span class="p">;</span> <span class="nl">body</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">FRONTMATTER_REGEX</span> <span class="o">=</span> <span class="sr">/^---</span><span class="se">\r?\n([\s\S]</span><span class="sr">*</span><span class="se">?)\r?\n</span><span class="sr">---</span><span class="se">\r?\n([\s\S]</span><span class="sr">*</span><span class="se">)</span><span class="sr">$/</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">parseFrontmatter</span><span class="p">(</span><span class="nx">raw</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">ParsedDocument</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">match</span> <span class="o">=</span> <span class="nx">raw</span><span class="p">.</span><span class="nf">match</span><span class="p">(</span><span class="nx">FRONTMATTER_REGEX</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">match</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">raw</span> <span class="p">};</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">yamlBlock</span> <span class="o">=</span> <span class="nx">match</span><span class="p">[</span><span class="mi">1</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">match</span><span class="p">[</span><span class="mi">2</span><span class="p">];</span> <span class="c1">// Minimal YAML parser — handles the fields we care about</span> <span class="kd">const</span> <span class="nx">data</span><span class="p">:</span> <span class="nx">FrontMatter</span> <span class="o">=</span> <span class="p">{};</span> <span class="kd">const</span> <span class="nx">lines</span> <span class="o">=</span> <span class="nx">yamlBlock</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n</span><span class="dl">'</span><span class="p">);</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">line</span> <span class="k">of</span> <span class="nx">lines</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">colonIdx</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">indexOf</span><span class="p">(</span><span class="dl">'</span><span class="s1">:</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">colonIdx</span> <span class="o">===</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="k">continue</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">colonIdx</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">value</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="nx">colonIdx</span> <span class="o">+</span> <span class="mi">1</span><span class="p">).</span><span class="nf">trim</span><span class="p">().</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/^</span><span class="se">[</span><span class="sr">'"</span><span class="se">]</span><span class="sr">|</span><span class="se">[</span><span class="sr">'"</span><span class="se">]</span><span class="sr">$/g</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="k">switch </span><span class="p">(</span><span class="nx">key</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">title</span><span class="dl">'</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">title</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">description</span><span class="dl">'</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">description</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">cover_image</span><span class="dl">'</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">cover_image</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">canonical_url</span><span class="dl">'</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">canonical_url</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">series</span><span class="dl">'</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">series</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">published</span><span class="dl">'</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">published</span> <span class="o">=</span> <span class="nx">value</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span> <span class="p">?</span> <span class="kc">true</span> <span class="p">:</span> <span class="nx">value</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">false</span><span class="dl">'</span> <span class="p">?</span> <span class="kc">false</span> <span class="p">:</span> <span class="nx">value</span> <span class="k">as</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">unlisted</span><span class="dl">'</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">tags</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// Handle both "tags: [a, b]" and multi-line "tags:\n - a"</span> <span class="k">if </span><span class="p">(</span><span class="nx">value</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">[</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">data</span><span class="p">.</span><span class="nx">tags</span> <span class="o">=</span> <span class="nx">value</span> <span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">[\[\]]</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">''</span><span class="p">)</span> <span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">t</span> <span class="o">=&gt;</span> <span class="nx">t</span><span class="p">.</span><span class="nf">trim</span><span class="p">())</span> <span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nb">Boolean</span><span class="p">);</span> <span class="p">}</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="nx">body</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>When the WebView receives the <code>activeFileLoaded</code> message, it populates the form:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// media/webview/app.ts</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">activeFileLoaded</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">content</span><span class="p">,</span> <span class="nx">frontmatter</span><span class="p">,</span> <span class="nx">fileName</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">msg</span><span class="p">;</span> <span class="c1">// Populate body</span> <span class="kd">const</span> <span class="nx">bodyEditor</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLTextAreaElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">blog-body</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">bodyEditor</span><span class="p">)</span> <span class="nx">bodyEditor</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">content</span><span class="p">;</span> <span class="c1">// Populate frontmatter fields if present</span> <span class="k">if </span><span class="p">(</span><span class="nx">frontmatter</span><span class="p">.</span><span class="nx">title</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">titleEl</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLInputElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">blog-title</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">titleEl</span><span class="p">)</span> <span class="nx">titleEl</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">title</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">frontmatter</span><span class="p">.</span><span class="nx">tags</span><span class="p">?.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">tags</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">tag</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">addTagChip</span><span class="p">(</span><span class="nx">tag</span><span class="p">));</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">frontmatter</span><span class="p">.</span><span class="nx">canonical_url</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">canonicalEl</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLInputElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">blog-canonical</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">canonicalEl</span><span class="p">)</span> <span class="nx">canonicalEl</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">canonical_url</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">frontmatter</span><span class="p">.</span><span class="nx">cover_image</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">coverEl</span> <span class="o">=</span> <span class="kd">get</span><span class="o">&lt;</span><span class="nx">HTMLInputElement</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">blog-cover</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">coverEl</span><span class="p">)</span> <span class="nx">coverEl</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">cover_image</span><span class="p">;</span> <span class="p">}</span> <span class="nf">toast</span><span class="p">(</span><span class="s2">`Loaded: </span><span class="p">${</span><span class="nx">fileName</span><span class="p">}</span><span class="s2">.md`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> 🔌 Dev.to API Integration </h2> <p>Dev.to's API is clean and well-documented. Here's the full integration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/platforms/devto.ts</span> <span class="k">import</span> <span class="nx">axios</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">axios</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">logger</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../utils/logger</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">DevToArticle</span> <span class="p">{</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">body_markdown</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">published</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">tags</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="c1">// max 4 tags</span> <span class="nl">description</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">cover_image</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// must be a public URL</span> <span class="nl">canonical_url</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">series</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">DevToResponse</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">url</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">published</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">shareToDevTo</span><span class="p">(</span> <span class="nx">apiKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">article</span><span class="p">:</span> <span class="nx">DevToArticle</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">DevToResponse</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Dev.to enforces a 4-tag maximum</span> <span class="kd">const</span> <span class="nx">sanitizedTags</span> <span class="o">=</span> <span class="p">(</span><span class="nx">article</span><span class="p">.</span><span class="nx">tags</span> <span class="o">??</span> <span class="p">[])</span> <span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">4</span><span class="p">)</span> <span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">t</span> <span class="o">=&gt;</span> <span class="nx">t</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">[^</span><span class="sr">a-z0-9</span><span class="se">]</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">''</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">article</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">article</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">body_markdown</span><span class="p">:</span> <span class="nx">article</span><span class="p">.</span><span class="nx">body_markdown</span><span class="p">,</span> <span class="na">published</span><span class="p">:</span> <span class="nx">article</span><span class="p">.</span><span class="nx">published</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="nx">sanitizedTags</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="nx">article</span><span class="p">.</span><span class="nx">description</span><span class="p">,</span> <span class="na">cover_image</span><span class="p">:</span> <span class="nx">article</span><span class="p">.</span><span class="nx">cover_image</span> <span class="o">??</span> <span class="kc">null</span><span class="p">,</span> <span class="na">canonical_url</span><span class="p">:</span> <span class="nx">article</span><span class="p">.</span><span class="nx">canonical_url</span> <span class="o">??</span> <span class="kc">null</span><span class="p">,</span> <span class="na">series</span><span class="p">:</span> <span class="nx">article</span><span class="p">.</span><span class="nx">series</span> <span class="o">??</span> <span class="kc">null</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nx">post</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">article</span><span class="p">:</span> <span class="nx">DevToResponse</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">(</span> <span class="dl">'</span><span class="s1">https://dev.to/api/articles</span><span class="dl">'</span><span class="p">,</span> <span class="nx">payload</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">api-key</span><span class="dl">'</span><span class="p">:</span> <span class="nx">apiKey</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="s2">`[Dev.to] Published: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">article</span><span class="p">.</span><span class="nx">url</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">article</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="na">err</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">axios</span><span class="p">.</span><span class="nf">isAxiosError</span><span class="p">(</span><span class="nx">err</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">status</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">status</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">detail</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">error</span> <span class="o">??</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">422</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Validation error — usually malformed tags or missing title</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Dev.to validation error: </span><span class="p">${</span><span class="nx">detail</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Dev.to API key is invalid or expired</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> The Image Policy Problem </h3> <p>Dev.to's API does <strong>not</strong> support file uploads. If you try to POST a local file as a cover image, it just silently drops it. I spent two hours debugging this before reading the docs carefully.</p> <p>My solution: detect local file paths and warn the user instead of silently failing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/handlers/PostHandler.ts</span> <span class="k">private</span> <span class="nf">validateBlogMedia</span><span class="p">(</span><span class="nx">article</span><span class="p">:</span> <span class="nx">DevToArticle</span><span class="p">,</span> <span class="nx">platform</span><span class="p">:</span> <span class="dl">'</span><span class="s1">devto</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">medium</span><span class="dl">'</span><span class="p">):</span> <span class="nx">DevToArticle</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">cover_image</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">article</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">cover_image</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">cover_image</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">http</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Local file path — not supported</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span> <span class="s2">`[</span><span class="p">${</span><span class="nx">platform</span><span class="p">}</span><span class="s2">] Local cover image "</span><span class="p">${</span><span class="nx">cover_image</span><span class="p">}</span><span class="s2">" skipped. `</span> <span class="o">+</span> <span class="s2">`</span><span class="p">${</span><span class="nx">platform</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">devto</span><span class="dl">'</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Dev.to</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Medium</span><span class="dl">'</span><span class="p">}</span><span class="s2"> only accepts public URLs. `</span> <span class="o">+</span> <span class="s2">`Consider uploading to Cloudinary, GitHub, or Imgur first.`</span> <span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">article</span><span class="p">,</span> <span class="na">cover_image</span><span class="p">:</span> <span class="kc">undefined</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">article</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Ⓜ️ Medium API Integration </h2> <p>Medium's API is older and has a few quirks worth documenting.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/platforms/medium.ts</span> <span class="k">import</span> <span class="nx">axios</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">axios</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">MediumPublishStatus</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">unlisted</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">MediumContentFormat</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">markdown</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">html</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">MediumPost</span> <span class="p">{</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">contentFormat</span><span class="p">:</span> <span class="nx">MediumContentFormat</span><span class="p">;</span> <span class="nl">content</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">tags</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="c1">// max 5 tags</span> <span class="nl">canonicalUrl</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">publishStatus</span><span class="p">?:</span> <span class="nx">MediumPublishStatus</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Medium's API uses "published" but their enum value is "public" — this trips people up</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">normalizeMediumPublishStatus</span><span class="p">(</span> <span class="nx">status</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="nx">boolean</span> <span class="o">|</span> <span class="kc">undefined</span> <span class="p">):</span> <span class="nx">MediumPublishStatus</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">status</span> <span class="o">===</span> <span class="kc">true</span> <span class="o">||</span> <span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">published</span><span class="dl">'</span> <span class="o">||</span> <span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">unlisted</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">unlisted</span><span class="dl">'</span><span class="p">;</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// safe default</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">shareToMedium</span><span class="p">(</span> <span class="nx">bearerToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">post</span><span class="p">:</span> <span class="nx">MediumPost</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">url</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Step 1: get the authenticated user's ID</span> <span class="kd">const</span> <span class="nx">userResp</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://api.medium.com/v1/me</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">bearerToken</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="na">userId</span><span class="p">:</span> <span class="kr">string</span> <span class="o">=</span> <span class="nx">userResp</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">sanitizedTags</span> <span class="o">=</span> <span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">tags</span> <span class="o">??</span> <span class="p">[]).</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">5</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">contentFormat</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">contentFormat</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">content</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="nx">sanitizedTags</span><span class="p">,</span> <span class="na">canonicalUrl</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">canonicalUrl</span><span class="p">,</span> <span class="na">publishStatus</span><span class="p">:</span> <span class="nf">normalizeMediumPublishStatus</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">publishStatus</span><span class="p">),</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="s2">`https://api.medium.com/v1/users/</span><span class="p">${</span><span class="nx">userId</span><span class="p">}</span><span class="s2">/posts`</span><span class="p">,</span> <span class="nx">payload</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">bearerToken</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">url</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>The <code>published</code> → <code>public</code> gotcha</strong>: Medium's publish status enum uses <code>"public"</code>, not <code>"published"</code>. YAML frontmatter typically has <code>published: true</code>. If you pass that string directly to the API, Medium silently defaults to draft. The <code>normalizeMediumPublishStatus()</code> function handles all the variants.</p> <h2> ⚡ The <code>PostExecutor</code>: Decoupling from VS Code UI </h2> <p>Before v3.0, all posting logic lived inside <code>PostHandler.ts</code>, which was tightly coupled to the VS Code extension host. This made it impossible to use the same logic from the scheduler running in the background.</p> <p>v3.0 introduces <code>PostExecutor</code> — a clean execution engine with no VS Code dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/services/PostExecutor.ts</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">ExecutorCallbacks</span> <span class="p">{</span> <span class="nl">onProgress</span><span class="p">?:</span> <span class="p">(</span><span class="nx">platform</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">onSuccess</span><span class="p">?:</span> <span class="p">(</span><span class="nx">platform</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">url</span><span class="p">?:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">onError</span><span class="p">?:</span> <span class="p">(</span><span class="nx">platform</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">error</span><span class="p">:</span> <span class="nb">Error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">PostExecutor</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">credentials</span><span class="p">:</span> <span class="nx">CredentialProvider</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">history</span><span class="p">:</span> <span class="nx">HistoryService</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="k">async</span> <span class="nf">executeBlogPost</span><span class="p">(</span> <span class="nx">post</span><span class="p">:</span> <span class="nx">BlogPost</span><span class="p">,</span> <span class="nx">targets</span><span class="p">:</span> <span class="nx">PublishTarget</span><span class="p">[],</span> <span class="nx">callbacks</span><span class="p">:</span> <span class="nx">ExecutorCallbacks</span> <span class="o">=</span> <span class="p">{}</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">PublishResult</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="na">results</span><span class="p">:</span> <span class="nx">PublishResult</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">target</span> <span class="k">of</span> <span class="nx">targets</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onProgress</span><span class="p">?.(</span><span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="s2">`Publishing to </span><span class="p">${</span><span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">}</span><span class="s2">...`</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">url</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">undefined</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">target</span><span class="p">.</span><span class="nx">platform</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">devto</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">apiKey</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nf">getDevToApiKey</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">shareToDevTo</span><span class="p">(</span><span class="nx">apiKey</span><span class="p">,</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">body_markdown</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="na">published</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">publishStatus</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">description</span><span class="p">,</span> <span class="na">cover_image</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">coverImage</span><span class="p">,</span> <span class="na">canonical_url</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">canonicalUrl</span><span class="p">,</span> <span class="na">series</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">series</span><span class="p">,</span> <span class="p">});</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">url</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">target</span><span class="p">.</span><span class="nx">platform</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">medium</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nf">getMediumToken</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">shareToMedium</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">contentFormat</span><span class="p">:</span> <span class="dl">'</span><span class="s1">markdown</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="na">canonicalUrl</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">canonicalUrl</span><span class="p">,</span> <span class="na">publishStatus</span><span class="p">:</span> <span class="nf">normalizeMediumPublishStatus</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">publishStatus</span><span class="p">),</span> <span class="p">});</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">url</span><span class="p">;</span> <span class="p">}</span> <span class="nx">results</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">platform</span><span class="p">:</span> <span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="nx">url</span> <span class="p">});</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onSuccess</span><span class="p">?.(</span><span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="nx">url</span><span class="p">);</span> <span class="c1">// Log to history</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">history</span><span class="p">.</span><span class="nf">addEntry</span><span class="p">({</span> <span class="na">platform</span><span class="p">:</span> <span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="nx">url</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="na">err</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">error</span> <span class="o">=</span> <span class="nx">err</span> <span class="k">instanceof</span> <span class="nb">Error</span> <span class="p">?</span> <span class="nx">err</span> <span class="p">:</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="nx">err</span><span class="p">));</span> <span class="nx">results</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">platform</span><span class="p">:</span> <span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">});</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onError</span><span class="p">?.(</span><span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">history</span><span class="p">.</span><span class="nf">addEntry</span><span class="p">({</span> <span class="na">platform</span><span class="p">:</span> <span class="nx">target</span><span class="p">.</span><span class="nx">platform</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">results</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now <code>PostHandler</code> just wires VS Code messages to the executor:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/handlers/PostHandler.ts (simplified)</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">shareToBlogs</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">post</span><span class="p">:</span> <span class="nx">BlogPost</span> <span class="o">=</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="na">tags</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">tags</span> <span class="o">??</span> <span class="p">[],</span> <span class="na">publishStatus</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">publishStatus</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span><span class="p">,</span> <span class="na">canonicalUrl</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">canonicalUrl</span><span class="p">,</span> <span class="na">coverImage</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">coverImage</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">description</span><span class="p">,</span> <span class="na">series</span><span class="p">:</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">series</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">targets</span><span class="p">:</span> <span class="nx">PublishTarget</span><span class="p">[]</span> <span class="o">=</span> <span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">platforms</span> <span class="k">as</span> <span class="kr">string</span><span class="p">[]).</span><span class="nf">map</span><span class="p">(</span><span class="nx">p</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">platform</span><span class="p">:</span> <span class="nx">p</span><span class="p">,</span> <span class="p">}));</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">executor</span><span class="p">.</span><span class="nf">executeBlogPost</span><span class="p">(</span><span class="nx">post</span><span class="p">,</span> <span class="nx">targets</span><span class="p">,</span> <span class="p">{</span> <span class="na">onProgress</span><span class="p">:</span> <span class="p">(</span><span class="nx">platform</span><span class="p">,</span> <span class="nx">message</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendStatus</span><span class="p">(</span><span class="nx">message</span><span class="p">,</span> <span class="dl">'</span><span class="s1">info</span><span class="dl">'</span><span class="p">);</span> <span class="p">},</span> <span class="na">onSuccess</span><span class="p">:</span> <span class="p">(</span><span class="nx">platform</span><span class="p">,</span> <span class="nx">url</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendStatus</span><span class="p">(</span><span class="s2">`✅ Published to </span><span class="p">${</span><span class="nx">platform</span><span class="p">}${</span><span class="nx">url</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">: </span><span class="dl">'</span> <span class="o">+</span> <span class="nx">url</span> <span class="p">:</span> <span class="dl">''</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">);</span> <span class="p">},</span> <span class="na">onError</span><span class="p">:</span> <span class="p">(</span><span class="nx">platform</span><span class="p">,</span> <span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendStatus</span><span class="p">(</span><span class="s2">`❌ </span><span class="p">${</span><span class="nx">platform</span><span class="p">}</span><span class="s2"> failed: </span><span class="p">${</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">);</span> <span class="p">},</span> <span class="p">});</span> <span class="k">this</span><span class="p">.</span><span class="nx">webview</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">command</span><span class="p">:</span> <span class="dl">'</span><span class="s1">shareComplete</span><span class="dl">'</span> <span class="p">});</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> 🔑 <code>CredentialProvider</code>: The <code>resolve()</code> Refactor </h2> <p>Every credential-getter used to look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ BEFORE — repeated in every method</span> <span class="k">async</span> <span class="nf">getDevToApiKey</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">credentialsGetter</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">creds</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">credentialsGetter</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nx">creds</span><span class="p">.</span><span class="nx">devtoApiKey</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">key</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Dev.to API key not configured</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">key</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">secretStorage</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">dotshare.devto.apiKey</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">key</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Dev.to API key not configured</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">key</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The <code>resolve()</code> refactor eliminates the duplication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ✅ AFTER</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">CredentialProvider</span> <span class="p">{</span> <span class="k">private</span> <span class="k">async</span> <span class="nf">resolve</span><span class="p">(</span> <span class="nx">secretKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">errorMessage</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">value</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">credentialsGetter</span> <span class="p">?</span> <span class="p">(</span><span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">credentialsGetter</span><span class="p">())[</span><span class="nx">secretKey</span> <span class="k">as</span> <span class="kr">keyof</span> <span class="nx">Credentials</span><span class="p">]</span> <span class="p">:</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">secretStorage</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s2">`dotshare.</span><span class="p">${</span><span class="nx">secretKey</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">value</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="nx">errorMessage</span><span class="p">);</span> <span class="k">return</span> <span class="nx">value</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">getDevToApiKey</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">'</span><span class="s1">devto.apiKey</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Dev.to API key not configured. Go to Settings → Dev.to.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">getMediumToken</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">'</span><span class="s1">medium.token</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Medium integration token not configured.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">getRedditSubreddit</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">'</span><span class="s1">reddit.subreddit</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Target subreddit not configured.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> 🐛 The Bugs That Took the Most Time </h2> <h3> 1. The Twitter URL Count Bug </h3> <p>Twitter counts URLs as exactly 23 characters, regardless of length. My original implementation used <code>Math.min(url.length, 23)</code>, which was wrong — a 10-character URL would count as 10, not 23.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ Wrong</span> <span class="kd">const</span> <span class="nx">urlChars</span> <span class="o">=</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">min</span><span class="p">(</span><span class="nx">url</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="mi">23</span><span class="p">);</span> <span class="c1">// ✅ Correct — Twitter always counts URLs as exactly 23 chars</span> <span class="kd">const</span> <span class="nx">urlChars</span> <span class="o">=</span> <span class="mi">23</span><span class="p">;</span> </code></pre> </div> <p>One character of difference. Caused character counters to be wrong for posts with URLs.</p> <h3> 2. Reddit's Hardcoded Subreddit </h3> <p>There was a <code>subreddit: 'test'</code> string buried in <code>PostHandler.ts</code> from early development. Reddit posts were going to r/test in production. Found it in a code review.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ Found this in production</span> <span class="kd">const</span> <span class="nx">subreddit</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// ✅ Fixed</span> <span class="kd">const</span> <span class="nx">subreddit</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nf">getRedditSubreddit</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">subreddit</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Configure your target subreddit in DotShare settings.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <code>PostHandler</code> Reading Stale History Instead of the Current Message </h3> <p><code>handleShareToX()</code> was calling <code>historyService.getLastPost()</code> instead of reading <code>message.post</code>. This meant editing a post and resharing would sometimes send the previous version.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ Reading from history</span> <span class="kd">const</span> <span class="nx">content</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">historyService</span><span class="p">.</span><span class="nf">getLastPost</span><span class="p">();</span> <span class="c1">// ✅ Reading from the actual incoming message</span> <span class="kd">const</span> <span class="nx">content</span> <span class="o">=</span> <span class="nx">message</span><span class="p">.</span><span class="nx">post</span><span class="p">;</span> </code></pre> </div> <h2> 📊 v3.0 by the Numbers </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>v2.4</th> <th>v3.0</th> <th>Change</th> </tr> </thead> <tbody> <tr> <td>Platforms supported</td> <td>7</td> <td>9</td> <td>+2</td> </tr> <tr> <td>Lines in <code>PostHandler.ts</code> </td> <td>~800</td> <td>~320</td> <td>−60%</td> </tr> <tr> <td>Files in <code>src/</code> </td> <td>14</td> <td>23</td> <td>+9 new</td> </tr> <tr> <td>TypeScript errors</td> <td>0</td> <td>0</td> <td>✅</td> </tr> <tr> <td>ESLint violations</td> <td>0</td> <td>0</td> <td>✅</td> </tr> <tr> <td>New types in <code>types.ts</code> </td> <td>—</td> <td>14</td> <td>+14</td> </tr> </tbody> </table></div> <h2> 🚀 What's Next: v3.1 &amp; v3.2 </h2> <p>v3.0 is the foundation. The next two releases focus on:</p> <ul> <li> <strong>v3.1 "The Polish Pass"</strong> — Toast notification engine, glassmorphism UI, character limit validation, and fixing a nasty media preview race condition</li> <li> <strong>v3.2 "The Media Expansion"</strong> — Multi-image support (up to 4 images), per-thumbnail previews, and JIT image compression</li> </ul> <p>I'll be writing deep dives on both.</p> <h2> 🔗 Links </h2> <ul> <li> <strong>GitHub</strong>: <a href="https://github.com/kareem2099/DotShare" rel="noopener noreferrer">github.com/kareem2099/DotShare</a> </li> <li> <strong>VS Code Marketplace</strong>: <a href="https://marketplace.visualstudio.com/items?itemName=FreeRave.dotshare" rel="noopener noreferrer">https://marketplace.visualstudio.com/items?itemName=FreeRave.dotshare</a> </li> <li> <strong>Open VSX (VSCodium / Gitpod)</strong>: <a href="https://open-vsx.org/extension/freerave/dotshare" rel="noopener noreferrer">https://open-vsx.org/extension/freerave/dotshare</a> </li> <li> <strong>Install via CLI</strong>: <code>code --install-extension freerave.dotshare</code> </li> <li> <strong>Support the project</strong>: <a href="https://www.buymeacoffee.com/freerave" rel="noopener noreferrer">buymeacoffee.com/freerave</a> </li> </ul> <p>If you're building in public or maintaining an open source project, give DotShare a try. I'd love to hear how you use it — drop a comment below 👇</p> <p><em>Built with TypeScript, VS Code Extension API, and a lot of coffee.</em></p> vscode typescript devtools productivity I Got Badges 1, 2, and 4 on DEV.to — Badge #3 Is Currently in Witness Protection freerave Sun, 12 Apr 2026 10:23:45 +0000 https://forem.com/freerave/i-got-badges-1-2-and-4-on-devto-badge-3-is-currently-in-witness-protection-he4 https://forem.com/freerave/i-got-badges-1-2-and-4-on-devto-badge-3-is-currently-in-witness-protection-he4 <p>I debug production systems for fun.</p> <p>I've traced memory leaks at 2am. I've stared into the void of a segfault and the void stared back. I once spent 6 hours chasing a bug that turned out to be a missing semicolon — and I <em>still</em> consider that a good day.</p> <p>Nothing prepared me for this.</p> <p>I opened my DEV.to profile expecting the warm dopamine hit of a clean badge row. Instead, I got:</p> <p><strong>🏆 1</strong><br> <strong>🏆 2</strong><br> <strong>👻 (??)</strong><br> <strong>🏆 4</strong></p> <p>I did what any reasonable developer does in a crisis. I refreshed the page.</p> <p>Still gone.</p> <p>I cleared the cache. Hard refreshed. Opened incognito. Checked on my phone. Filed a mental ticket titled <em>"skill issue or cosmic injustice?"</em> and assigned it P0.</p> <h2> The Investigation Begins </h2> <p>My first theory: <strong>off-by-one error.</strong> Classic. DEV.to's badge system probably starts counting from 0 internally and someone forgot to add 1. Badge #3 is actually badge #2 in the database. This is someone's fault and I will find them.</p> <p>My second theory: <strong>race condition.</strong> I publish a lot. Maybe two badge triggers fired simultaneously, they fought over a mutex, one lost, and badge #3 died in the conflict. A silent casualty of concurrency.</p> <p>My third theory: <strong>the badge ghosted me.</strong> Sometimes people just leave. It's not about you.</p> <h2> The Actual Answer (Anticlimactic) </h2> <p>DEV.to counts streaks by <strong>calendar weeks</strong>, not "7 consecutive days."</p> <p>That's it. That's the whole bug.</p> <p>I was publishing every day like a caffeinated open-source evangelist, but multiple articles landed in the same ISO calendar week. The system went: <em>"That's one week, bestie"</em> — and quietly skipped the streak badge with zero logs, zero warnings, and zero emotional support.</p> <p>No exception thrown.<br> No toast notification saying <em>"hey you might be doing this wrong."</em><br> Just a missing badge and a developer questioning his entire relationship with time.</p> <h2> What I Should Have Done </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Read the docs → man dev.to/badges 2. Understand calendar week boundaries 3. Publish accordingly 4. Touch grass </code></pre> </div> <p>I did none of these things.</p> <h2> The Takeaway </h2> <p>Streak systems are just cron jobs with feelings.</p> <p>Calendar weeks are a social construct designed specifically to humble developers who think they're being productive.</p> <p>And badge #3? It's out there somewhere. Living its best life. Probably deployed on a competitor's platform.</p> <p>I'm fine.</p> <p><em>(I'm not fine.)</em></p> <p><em>Have you ever been gaslit by a gamification system? Drop it in the comments. We heal together. 🐛</em></p> <p><em>cc: <a class="mentioned-user" href="https://dev.to/ben">@ben</a> — I believe this qualifies as a P2 ticket. Not urgent. Just emotionally damaging.</em></p> watercooler meta discuss humor EXPOSED: The Youdao Ads Influencer Marketing Scam - Technical Analysis & Red Flags freerave Sat, 11 Apr 2026 07:33:40 +0000 https://forem.com/freerave/exposed-the-youdao-ads-influencer-marketing-scam-technical-analysis-red-flags-5cag https://forem.com/freerave/exposed-the-youdao-ads-influencer-marketing-scam-technical-analysis-red-flags-5cag <p>How sophisticated scammers are exploiting legitimate NetEase domains to target content creators and developers with fake influencer marketing campaigns</p> <p><em>How sophisticated scammers are exploiting legitimate domains and targeting content creators</em></p> <h2> TL;DR </h2> <p><strong>Youdao Ads / InfunEase (infunease.youdaoads.com) is a confirmed scam operation</strong> targeting content creators, influencers, and developers. Despite using a legitimate NetEase subdomain and passing email authentication, this is a sophisticated phishing campaign designed to steal personal information and money from unsuspecting creators.</p> <p><strong>🔴 Trust Score: 28.8/100 (Scam Detector)</strong><br><br> <strong>🔴 Status: Active scam with live infrastructure</strong><br><br> <strong>🔴 Risk Level: HIGH - Identity theft, financial fraud</strong></p> <h2> The Email That Started It All </h2> <p>I received this seemingly legitimate email from "<a href="mailto:anjiaqi06@corp.netease.com">anjiaqi06@corp.netease.com</a>":</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsqyfnl347rnjx9iylbqw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsqyfnl347rnjx9iylbqw.png" alt="Screenshot showing the phishing email headers with a pass status for DKIM, SPF, and DMARC from corp.netease.com" width="800" height="796"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvplux2b5tpe4skkahxp1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvplux2b5tpe4skkahxp1.png" alt="Screenshot of the scam email body from Youdao Ads claiming a personalized brand campaign for influencers" width="800" height="794"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight email"><code><span class="nt">Subject</span><span class="o">:</span><span class="na"> Don't scroll past 【Youdao Ads】– a paid collab that's actually your vibe 😉</span> We recently got a few brand campaigns that feel like they were made for your channel. I've already filtered out the generic, one-size-fits-all stuff—these are the ones that fit your style and will actually resonate with your audience. A few details: 💰 Budget's ready – just name your rate ⏳ Spots are filling up – a few other creators in your space are already looking at them If you're interested, just tap here to see the campaigns waiting for you: [Youdao Ads] </code></pre> </div> <p><strong>First red flag?</strong> I never applied to any influencer program, and they somehow "knew" my content style without specifying what kind of creator I am.</p> <h2> Technical Deep Dive: The Email Headers Don't Lie </h2> <p>Let's examine the email headers to understand how this scam works:</p> <h3> Authentication Results: ✅ All Green (Misleading!) </h3> <div class="highlight js-code-highlight"> <pre class="highlight email"><code><span class="nt">DKIM-Signature</span><span class="o">:</span><span class="na"> v=1; a=rsa-sha256; d=corp.netease.com; s=s210401; </span> <span class="nt">Authentication-Results</span><span class="o">:</span><span class="na"> mx.google.com; dkim=pass header.i=@corp.netease.com spf=pass smtp.mailfrom=anjiaqi06@corp.netease.com dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=corp.netease.com</span> </code></pre> </div> <p><strong>Why this is dangerous:</strong> All email authentication passes because:</p> <ol> <li>NetEase is a legitimate Chinese tech company</li> <li>The email truly comes from their servers (IP: 1.95.22.228)</li> <li>This suggests either a compromised corporate account or insider threat</li> </ol> <h3> The Smoking Gun: X-Mailer Header </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>X-Mailer: Coremail Webmail Server Version XT6.0.5 build 20231102 </code></pre> </div> <p>This reveals the email was sent through NetEase's internal webmail system, not their official marketing platforms.</p> <h2> Website Analysis: Professional Scam Infrastructure </h2> <h3> The Scam Site: <code>https://infunease.youdaoads.com</code> </h3> <p>When we attempted to analyze the website directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> https://infunease.youdaoads.com <span class="c"># Result: HTTP/1.1 403 Forbidden</span> <span class="c"># x-deny-reason: host_not_allowed</span> </code></pre> </div> <p><strong>The site is blocked by security infrastructure</strong>, indicating it's been flagged as malicious.</p> <h3> Google Search Results Reveal the Truth </h3> <p>Despite being blocked, Google has indexed the site with this revealing content:</p> <blockquote> <p>"Join the community now and seize the opportunities to work with top brands! Whether you are a nano or macro influencer, we have prepared the right fits for you. By joining this group chat, you could access the newest and exclusive offers before anyone else!"</p> </blockquote> <p><strong>Generic language targeting anyone and everyone</strong> - classic scam behavior.</p> <h3> Third-Party Security Analysis </h3> <p><strong>Scam Detector Verdict: 28.8/100</strong> </p> <ul> <li>Tags: "Risky. Dubious. Perilous."</li> <li>High-risk activity detected for phishing and spamming</li> <li>Algorithm flagged multiple fraud indicators</li> </ul> <h2> The Scam Operation Breakdown </h2> <h3> Phase 1: Email Harvest &amp; Initial Contact </h3> <ul> <li>Mass emails to developers, creators, YouTubers</li> <li>Personalized enough to seem legitimate</li> <li>Uses urgency and FOMO psychology</li> </ul> <h3> Phase 2: Data Collection </h3> <p>Clicking the link leads to forms requesting:</p> <ul> <li>Social media handles and follower counts</li> <li>Personal identification information</li> <li>Bank account details "for payments"</li> <li>Tax information for "compliance"</li> </ul> <h3> Phase 3: The Hook </h3> <p>Two common next steps:</p> <ol> <li> <strong>Advance Fee Scam</strong>: "Pay processing fees to unlock campaigns"</li> <li> <strong>Identity Theft</strong>: Sell collected personal data to other criminals</li> </ol> <h3> Phase 4: Social Engineering </h3> <ul> <li>Discord/WhatsApp group invitations</li> <li>Fake "other creators" testimonials </li> <li>Continued pressure to provide more information</li> </ul> <h2> Red Flags Developers Should Recognize </h2> <h3> 🚩 Email Red Flags </h3> <ul> <li> <strong>Generic targeting</strong>: Claims to know your content without specifics</li> <li> <strong>Urgency pressure</strong>: "Spots filling up," "don't let these slip"</li> <li> <strong>Unprofessional contact</strong>: WhatsApp and Discord instead of business email</li> <li> <strong>Grammar inconsistencies</strong>: Mixed professional/casual tone</li> </ul> <h3> 🚩 Website Red Flags </h3> <ul> <li> <strong>Blocked by security services</strong>: Major red flag</li> <li> <strong>Generic content</strong>: "nano or macro influencer" covers everyone</li> <li> <strong>No specific brand examples</strong>: Real agencies show actual clients</li> <li> <strong>Social media focus</strong>: Legitimate marketing goes through official channels</li> </ul> <h3> 🚩 Technical Red Flags </h3> <ul> <li> <strong>Subdomain abuse</strong>: Using legitimate company's subdomain improperly</li> <li> <strong>Low trust scores</strong>: 28.8/100 from multiple security vendors</li> <li> <strong>Suspicious registration patterns</strong>: Domain parking tactics</li> </ul> <h2> How to Protect Yourself </h2> <h3> ✅ Immediate Actions </h3> <ol> <li> <strong>Never click suspicious links</strong> - Even if emails pass authentication</li> <li> <strong>Verify independently</strong> - Contact companies through official channels</li> <li> <strong>Check security scores</strong> - Use ScamAdviser, VirusTotal, etc.</li> <li> <strong>Trust your instincts</strong> - If it feels too good to be true, it probably is</li> </ol> <h3> ✅ Long-term Security Practices </h3> <ol> <li> <strong>Enable 2FA everywhere</strong> - Protect all your social media accounts</li> <li> <strong>Monitor your digital footprint</strong> - Google your handles regularly </li> <li> <strong>Use dedicated business email</strong> - Keep personal/business communications separate</li> <li> <strong>Regular security awareness</strong> - Stay updated on latest scam tactics</li> </ol> <h3> ✅ For Content Creators Specifically </h3> <ol> <li> <strong>Legitimate partnerships</strong> require proper contracts and legal documentation</li> <li> <strong>Real brands</strong> have verification badges and official marketing teams</li> <li> <strong>Payment flows</strong> go through established platforms (not personal accounts)</li> <li> <strong>Networking happens</strong> at conferences, through agencies, or official programs</li> </ol> <h2> Reporting This Scam </h2> <p>If you encounter this scam:</p> <h3> 🔴 Immediate Reporting </h3> <ul> <li> <strong>Forward phishing email</strong> to: <a href="mailto:reportphishing@apwg.org">reportphishing@apwg.org</a> </li> <li> <strong>Report to Google</strong>: google.com/safebrowsing/report_phish/</li> <li> <strong>FTC Report</strong>: reportfraud.ftc.gov</li> <li> <strong>NetEase Security</strong>: Contact through official channels</li> </ul> <h3> 🔴 Protect Others </h3> <ul> <li> <strong>Share this analysis</strong> with your developer/creator networks</li> <li> <strong>Post warnings</strong> in relevant Discord servers and forums</li> <li> <strong>Update security communities</strong> about this specific campaign</li> </ul> <h2> The Bigger Picture: Domain Reputation Abuse </h2> <p>This scam highlights a critical security issue:</p> <p><strong>Legitimate companies must monitor their subdomain usage</strong> to prevent reputation abuse. NetEase's subdomain being used for scam operations could:</p> <ol> <li>Damage their brand reputation</li> <li>Get their entire domain flagged by security services</li> <li>Impact legitimate business operations</li> <li>Create legal liabilities</li> </ol> <h3> For Cybersecurity Professionals </h3> <p>This case demonstrates:</p> <ul> <li> <strong>Email authentication limitations</strong> when insider accounts are compromised</li> <li> <strong>Importance of subdomain monitoring</strong> in enterprise security</li> <li> <strong>Social engineering evolution</strong> targeting creator economy</li> <li> <strong>Need for multi-layered verification</strong> beyond technical authentication</li> </ul> <h2> Conclusion: Stay Vigilant </h2> <p>The creator economy's rapid growth has created new attack vectors for scammers. This Youdao Ads campaign shows how sophisticated these operations have become:</p> <ul> <li>✅ Technical legitimacy (passing email authentication)</li> <li>✅ Professional presentation (well-designed emails and websites) </li> <li>✅ Psychological manipulation (urgency, flattery, FOMO)</li> <li>✅ Infrastructure investment (dedicated websites, communication channels)</li> </ul> <p><strong>Remember</strong>: In cybersecurity, trust but verify. Always verify.</p> <h2> Resources &amp; Links </h2> <ul> <li><a href="https://www.scam-detector.com/validator/youdaoads-com-review/" rel="noopener noreferrer">Scam Detector Analysis of youdaoads.com</a></li> <li><a href="https://apwg.org/" rel="noopener noreferrer">Anti-Phishing Working Group</a></li> <li><a href="https://consumer.ftc.gov/articles/how-recognize-avoid-phishing-scams" rel="noopener noreferrer">FTC Phishing Guidance</a></li> <li><a href="https://safebrowsing.google.com/safebrowsing/report_phish/" rel="noopener noreferrer">Google Safe Browsing Report Tool</a></li> </ul> <p><strong>Have you encountered this scam? Share your experience in the comments to help others stay safe.</strong></p> <p><strong>Found this analysis helpful? Share it with your network - together we can shut down these operations.</strong></p> <p><em>This analysis was conducted for cybersecurity awareness purposes. Always report suspected scams to appropriate authorities and never interact with suspicious websites or provide personal information to unverified sources.</em></p> <p><strong>About the Analysis</strong>: This technical breakdown is based on email header analysis, DNS investigation, third-party security assessments, and OSINT research. All findings have been cross-verified through multiple security tools and databases.</p> cybersecurity scam phishing security Conquering the Reddit API: How to Natively Upload Images via Node.js (And Survive the S3 Boss Fight) freerave Tue, 07 Apr 2026 18:23:35 +0000 https://forem.com/freerave/conquering-the-reddit-api-how-to-natively-upload-images-via-nodejs-and-survive-the-s3-boss-fight-1b21 https://forem.com/freerave/conquering-the-reddit-api-how-to-natively-upload-images-via-nodejs-and-survive-the-s3-boss-fight-1b21 <p>A step-by-step guide to defeating the undocumented traps of Reddit's native image upload API, avoiding AWS S3 400 errors, and the infamous Invalid image URL.<br> If you've ever tried building a tool to auto-publish posts to Reddit using their API, you've probably hit a wall when it comes to <strong>images</strong>. </p> <p>Sure, you could just upload your images to Imgur and post a link, but we want that sweet, native, inline Reddit image experience! The official Reddit API does have an endpoint for this (<code>/api/media/asset.json</code>), but trying to use it in Node.js feels like walking through a minefield blindfolded.</p> <p>After hours of debugging, screaming at my terminal, and fighting AWS S3, I finally cracked the exact sequence and undocumented gotchas required to make this work. </p> <p>If you are seeing <code>400 Bad Request</code> from S3, <code>Bucket POST must contain a field named 'key'</code>, or Reddit mocking you with <code>Invalid image URL</code>... grab a coffee. You're in the right place. ☕</p> <h2> 🛠 Prerequisites: The Setup </h2> <p>Before we start the dance, make sure you have your dependencies ready. For this guide, we'll use <code>axios</code> for HTTP requests and <code>form-data</code> to build our multipart payloads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">axios</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">axios</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">fs</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">fs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">path</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">FormData</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">form-data</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// You should already have this from your Reddit OAuth completion</span> <span class="kd">const</span> <span class="nx">REDDIT_ACCESS_TOKEN</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">your_oauth_access_token</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <h2> The Master Plan </h2> <p>To upload a native image to Reddit, you don't just send an image to a Reddit server. It's a 3-step dance:</p> <ol> <li> <strong>Get the Lease:</strong> Ask Reddit for an AWS S3 upload lease (<code>/api/media/asset.json</code>).</li> <li> <strong>S3 Upload:</strong> Upload the file directly to AWS S3 using the lease details.</li> <li> <strong>Publish:</strong> Tell Reddit to create the post (<code>/api/submit</code>), pointing it to the correct S3 location.</li> </ol> <p>Sounds simple? Let's look at the traps.</p> <h3> Step 1: Getting the Lease </h3> <p>First, you tell Reddit you want to upload a file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">mediaFile</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">path/to/my-awesome-meme.png</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ext</span> <span class="o">=</span> <span class="nx">path</span><span class="p">.</span><span class="nf">extname</span><span class="p">(</span><span class="nx">mediaFile</span><span class="p">).</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">();</span> <span class="nx">params</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">filepath</span><span class="dl">'</span><span class="p">,</span> <span class="nx">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="nx">mediaFile</span><span class="p">));</span> <span class="nx">params</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">mimetype</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">image/png</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Important: send correct mimetype</span> <span class="kd">const</span> <span class="nx">leaseResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://oauth.reddit.com/api/media/asset.json</span><span class="dl">'</span><span class="p">,</span> <span class="nx">params</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">REDDIT_ACCESS_TOKEN</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">args</span><span class="p">,</span> <span class="nx">asset</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">leaseResponse</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">args</span> <span class="o">||</span> <span class="o">!</span><span class="nx">asset</span><span class="p">?.</span><span class="nx">asset_id</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to get upload lease from Reddit</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Reddit responds with an <code>asset_id</code> and <code>args</code>, which contains the AWS <code>action</code> URL (usually <code>https://reddit-uploaded-media.s3-accelerate.amazonaws.com</code>) and the <code>fields</code> required to authorize the S3 upload.</p> <h3> Step 2: The S3 Upload (Where Dreams go to Die) </h3> <h4> 🚨 Trap #1: The <code>args.fields</code> Array Trap </h4> <p>If you look at the <code>args.fields</code> returned by Reddit, its structure looks something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"fields"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"key"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"reddit-uploaded-media/xyz123"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWSAccessKeyId"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"..."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"policy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"..."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p>Notice anything? <strong>It's an array of objects, not a standard key-value dictionary!</strong><br> If you try to map over it using standard dictionary parsers like <code>Object.entries()</code>, Node.js will append the fields with numeric keys like <code>"0"</code>, <code>"1"</code>, <code>"2"</code>. </p> <p>AWS S3 will ruthlessly reject your upload with an XML error message:<br> <code>&lt;Message&gt;Bucket POST must contain a field named 'key'&lt;/Message&gt;</code></p> <p><strong>The Fix:</strong> Parse it explicitly as an array to correctly populate <code>FormData</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">formData</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FormData</span><span class="p">();</span> <span class="kd">let</span> <span class="nx">s3Key</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="c1">// Crucial: Handle array structure returned by Reddit!</span> <span class="k">if </span><span class="p">(</span><span class="nb">Array</span><span class="p">.</span><span class="nf">isArray</span><span class="p">(</span><span class="nx">args</span><span class="p">.</span><span class="nx">fields</span><span class="p">))</span> <span class="p">{</span> <span class="nx">args</span><span class="p">.</span><span class="nx">fields</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">field</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="nx">field</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="nc">String</span><span class="p">(</span><span class="nx">field</span><span class="p">.</span><span class="nx">value</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="nx">field</span><span class="p">.</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">key</span><span class="dl">'</span><span class="p">)</span> <span class="nx">s3Key</span> <span class="o">=</span> <span class="nc">String</span><span class="p">(</span><span class="nx">field</span><span class="p">.</span><span class="nx">value</span><span class="p">);</span> <span class="c1">// Save this!</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h4> 🚨 Trap #2: The Chunked Encoding Trap </h4> <p>We need to append our actual image file to the <code>FormData</code>. However, if you are passing a stream (e.g., <code>fs.createReadStream()</code>), Node.js HTTP clients (like <code>axios</code>) will default to sending the request via <code>Transfer-Encoding: chunked</code>.</p> <p>AWS S3 <strong>strictly forbids</strong> chunked POST requests for presigned URLs and will instantly strike you down with a <code>400 Bad Request</code>.</p> <p><strong>The Fix:</strong> You must append the file with explicit content types AND calculate the exact <code>Content-Length</code> before firing the request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Ensure file is the LAST field added to formData!</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">file</span><span class="dl">'</span><span class="p">,</span> <span class="nx">fs</span><span class="p">.</span><span class="nf">createReadStream</span><span class="p">(</span><span class="nx">mediaFile</span><span class="p">),</span> <span class="p">{</span> <span class="na">filename</span><span class="p">:</span> <span class="nx">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="nx">mediaFile</span><span class="p">),</span> <span class="na">contentType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">image/png</span><span class="dl">'</span> <span class="p">});</span> <span class="c1">// Calculate length to avoid S3 chunked transfer encoding rejection</span> <span class="kd">const</span> <span class="nx">contentLength</span> <span class="o">=</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">getLength</span><span class="p">((</span><span class="nx">err</span><span class="p">,</span> <span class="nx">length</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">err</span> <span class="p">?</span> <span class="nf">reject</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">:</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">length</span><span class="p">));</span> <span class="p">});</span> <span class="c1">// Reddit's action URL might be missing the protocol</span> <span class="kd">const</span> <span class="nx">uploadUrl</span> <span class="o">=</span> <span class="nx">args</span><span class="p">.</span><span class="nx">action</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">http</span><span class="dl">'</span><span class="p">)</span> <span class="p">?</span> <span class="nx">args</span><span class="p">.</span><span class="nx">action</span> <span class="p">:</span> <span class="s2">`https:</span><span class="p">${</span><span class="nx">args</span><span class="p">.</span><span class="nx">action</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">uploadUrl</span><span class="p">,</span> <span class="nx">formData</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">formData</span><span class="p">.</span><span class="nf">getHeaders</span><span class="p">(),</span> <span class="dl">'</span><span class="s1">Content-Length</span><span class="dl">'</span><span class="p">:</span> <span class="nx">contentLength</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="p">},</span> <span class="na">timeout</span><span class="p">:</span> <span class="mi">60000</span><span class="p">,</span> <span class="na">maxBodyLength</span><span class="p">:</span> <span class="kc">Infinity</span><span class="p">,</span> <span class="na">maxContentLength</span><span class="p">:</span> <span class="kc">Infinity</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">✅ Successfully uploaded to S3!</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p><em>S3 should now return a beautiful <code>201 Created</code> or <code>204 No Content</code> response.</em></p> <h3> Step 3: Publishing the Post (The Final Boss) </h3> <p>Now that the image is securely on S3, we need to create the actual Reddit post.</p> <h4> 🚨 Trap #3: The <code>Invalid image URL</code> Trap </h4> <p>You might logically think: <em>"The image is uploaded, so it will be hosted on Reddit's CDN! I'll just pass <code>url: https://i.redd.it/{asset_id}.png</code> in my publish payload!"</em></p> <p><strong>WRONG.</strong> <br> If you try to publish using the <code>i.redd.it</code> URL, the Reddit API will immediately attempt to fetch it to validate your submission. Since the CDN hasn't populated your file globally yet, Reddit's backend gets a 404 underneath, and throws an <code>Invalid image URL</code> error directly in your face.</p> <p><strong>The Fix:</strong> Give Reddit the exact, raw AWS S3 URL you just pushed the image to! That's the URL constructed by joining the <code>uploadUrl</code> and the <code>s3Key</code> we saved earlier.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// e.g., https://reddit-uploaded-media.s3-accelerate.amazonaws.com/reddit-uploaded-media/xyz123</span> <span class="kd">const</span> <span class="nx">finalS3Url</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">uploadUrl</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">s3Key</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">postData</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">();</span> <span class="nx">postData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">api_type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">json</span><span class="dl">'</span><span class="p">);</span> <span class="nx">postData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">sr</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">YourTargetSubredditName</span><span class="dl">'</span><span class="p">);</span> <span class="nx">postData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">title</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">My Awesome Native Image Post</span><span class="dl">'</span><span class="p">);</span> <span class="nx">postData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">kind</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">image</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Tell Reddit it's a native media post</span> <span class="nx">postData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">url</span><span class="dl">'</span><span class="p">,</span> <span class="nx">finalS3Url</span><span class="p">);</span> <span class="c1">// Crucial: Give them the raw S3 link!</span> <span class="c1">// Pro-tip: If you are testing this code repeatedly with the same </span> <span class="c1">// image/title, Reddit will block it as a duplicate. Use 'resubmit'.</span> <span class="nx">postData</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">resubmit</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">publishResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://oauth.reddit.com/api/submit</span><span class="dl">'</span><span class="p">,</span> <span class="nx">postData</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">REDDIT_ACCESS_TOKEN</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Check if Reddit API returned logic errors inside the 200 OK!</span> <span class="k">if </span><span class="p">(</span><span class="nx">publishResponse</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">json</span><span class="p">?.</span><span class="nx">errors</span><span class="p">?.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Reddit API Errors:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">publishResponse</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">json</span><span class="p">.</span><span class="nx">errors</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">🎉 Boom! Post successful:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">publishResponse</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">json</span><span class="p">?.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">name</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Boom! 🚀 </h3> <p>Reddit will take that S3 URL, ingest it, process it, and magically swap it out for a native <code>i.redd.it</code> link on the platform. Your post will now show up with a beautiful, inline image, no third-party URLs or external thumbnails required.</p> <p>If this saved you from pulling the rest of your hair out, share it with a fellow developer. Happy coding, and may your S3 buckets forever be forgiving!</p> node javascript api reddit DotShare v3.0 — I Built a Full Publishing Suite Inside VS Code (And What I Learned) freerave Mon, 06 Apr 2026 16:20:07 +0000 https://forem.com/freerave/dotshare-v30-i-built-a-full-publishing-suite-inside-vs-code-and-what-i-learned-18m0 https://forem.com/freerave/dotshare-v30-i-built-a-full-publishing-suite-inside-vs-code-and-what-i-learned-18m0 <h2> How I went from a simple social media poster to a full publishing suite with Dev.to, Medium, thread composers, and auth health checks — all without leaving VS Code. </h2> <p>I've been building <strong>DotShare</strong> — a VS Code extension that lets you post to LinkedIn, X, Bluesky, Telegram, Reddit, Discord, and Facebook directly from your editor. After shipping v2.4 with one-click OAuth, I thought I was done for a while.</p> <p>Then I started writing more long-form content. Every time I finished a markdown article in VS Code, I had to open a browser, go to Dev.to, copy-paste my content, fix the formatting, add tags, set the canonical URL... you know the drill.</p> <p>So I rebuilt the whole thing.</p> <h2> What Changed in v3.0 — The Publishing Suite </h2> <p>The headline feature is <strong>blog publishing</strong> — but the real story is the architecture behind it.</p> <h3> 1. Platform-First Navigation </h3> <p>The old UI had "workspace tabs" — you picked Threads, Social, or Blogs, then selected your platform. It was confusing and redundant.</p> <p>In v3.0, I flipped it: <strong>click the platform icon, the workspace adapts automatically.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// platform-config.ts — single source of truth</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">PLATFORM_CONFIGS</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">PlatformConfig</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="na">x</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">X / Twitter</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">𝕏</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxChars</span><span class="p">:</span> <span class="mi">280</span><span class="p">,</span> <span class="na">premiumMaxChars</span><span class="p">:</span> <span class="mi">25000</span><span class="p">,</span> <span class="na">supportsThreads</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">workspaceType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">threads</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// → Thread Composer</span> <span class="na">charCountMethod</span><span class="p">:</span> <span class="dl">'</span><span class="s1">twitter</span><span class="dl">'</span><span class="p">,</span> <span class="na">authType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">oauth2</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">linkedin</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">LinkedIn</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxChars</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">supportsThreads</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">workspaceType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">social</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// → Social Composer</span> <span class="na">authType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">oauth2</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">devto</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Dev.to</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxChars</span><span class="p">:</span> <span class="mi">100000</span><span class="p">,</span> <span class="na">workspaceType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">blogs</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// → Article Publisher</span> <span class="na">authType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">api_key</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <p>This file is shared between the extension host and the WebView — no VS Code imports, just pure TypeScript. When the user clicks the Dev.to icon, <code>switchPlatform('devto')</code> reads <code>workspaceType: 'blogs'</code> and shows the Article Publisher. One source of truth, zero hardcoded workspace routing.</p> <h3> 2. Dev.to Integration </h3> <p>Dev.to has a clean REST API. You POST to <code>/api/articles</code> with your <code>api-key</code> header and you're done.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// devto.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">shareToDevTo</span><span class="p">(</span> <span class="nx">apiKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">articleData</span><span class="p">:</span> <span class="p">{</span> <span class="nl">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">title</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">tags</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">description</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">coverImage</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">published</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">canonicalUrl</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">series</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">title</span><span class="p">,</span> <span class="nx">body</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">extractTitleFromMarkdown</span><span class="p">(</span><span class="nx">articleData</span><span class="p">.</span><span class="nx">text</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">tags</span> <span class="o">=</span> <span class="nx">articleData</span><span class="p">.</span><span class="nx">tags</span><span class="p">?.</span><span class="nx">length</span> <span class="p">?</span> <span class="nx">articleData</span><span class="p">.</span><span class="nx">tags</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">4</span><span class="p">)</span> <span class="c1">// Dev.to max: 4 tags</span> <span class="p">:</span> <span class="nf">extractTags</span><span class="p">(</span><span class="nx">articleData</span><span class="p">.</span><span class="nx">text</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">article</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">articleData</span><span class="p">.</span><span class="nx">title</span> <span class="o">||</span> <span class="nx">title</span><span class="p">,</span> <span class="na">body_markdown</span><span class="p">:</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">tags</span><span class="p">,</span> <span class="na">published</span><span class="p">:</span> <span class="nx">articleData</span><span class="p">.</span><span class="nx">published</span> <span class="o">??</span> <span class="kc">true</span><span class="p">,</span> <span class="p">...(</span><span class="nx">articleData</span><span class="p">.</span><span class="nx">coverImage</span> <span class="o">&amp;&amp;</span> <span class="p">{</span> <span class="na">main_image</span><span class="p">:</span> <span class="nx">articleData</span><span class="p">.</span><span class="nx">coverImage</span> <span class="p">}),</span> <span class="p">...(</span><span class="nx">articleData</span><span class="p">.</span><span class="nx">canonicalUrl</span> <span class="o">&amp;&amp;</span> <span class="p">{</span> <span class="na">canonical_url</span><span class="p">:</span> <span class="nx">articleData</span><span class="p">.</span><span class="nx">canonicalUrl</span> <span class="p">}),</span> <span class="p">...(</span><span class="nx">articleData</span><span class="p">.</span><span class="nx">series</span><span class="p">?.</span><span class="nf">trim</span><span class="p">()</span> <span class="o">&amp;&amp;</span> <span class="p">{</span> <span class="na">series</span><span class="p">:</span> <span class="nx">articleData</span><span class="p">.</span><span class="nx">series</span><span class="p">.</span><span class="nf">trim</span><span class="p">()</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="dl">'</span><span class="s1">https://dev.to/api/articles</span><span class="dl">'</span><span class="p">,</span> <span class="nx">payload</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">api-key</span><span class="dl">'</span><span class="p">:</span> <span class="nx">apiKey</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">url</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>One thing I learned the hard way: <strong>Dev.to does not support image file uploads via API.</strong> The <code>dev-to-uploads.s3.amazonaws.com</code> bucket you see in articles is only accessible through their web editor. The API only accepts public URLs. So if you're building an integration, skip the upload logic entirely and tell users to host images externally.</p> <h3> 3. YAML Frontmatter Parser </h3> <p>When you click "Load Current File", DotShare reads the active <code>.md</code> file from VS Code's editor and parses the frontmatter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// frontmatter-parser.ts</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">parseFrontMatter</span><span class="p">(</span><span class="nx">content</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="p">{</span> <span class="nl">hasFrontmatter</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">frontmatter</span><span class="p">?:</span> <span class="nx">FrontMatter</span><span class="p">;</span> <span class="nl">body</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">FRONTMATTER_REGEX</span> <span class="o">=</span> <span class="sr">/^---</span><span class="se">\s</span><span class="sr">*</span><span class="se">\n([\s\S]</span><span class="sr">*</span><span class="se">?)\n</span><span class="sr">---</span><span class="se">\s</span><span class="sr">*</span><span class="se">\n([\s\S]</span><span class="sr">*</span><span class="se">)</span><span class="sr">$/</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">match</span> <span class="o">=</span> <span class="nx">content</span><span class="p">.</span><span class="nf">match</span><span class="p">(</span><span class="nx">FRONTMATTER_REGEX</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">match</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">hasFrontmatter</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">content</span> <span class="p">};</span> <span class="kd">const</span> <span class="p">[,</span> <span class="nx">yamlContent</span><span class="p">,</span> <span class="nx">body</span><span class="p">]</span> <span class="o">=</span> <span class="nx">match</span><span class="p">;</span> <span class="kd">const</span> <span class="na">frontmatter</span><span class="p">:</span> <span class="nx">FrontMatter</span> <span class="o">=</span> <span class="p">{};</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">line</span> <span class="k">of</span> <span class="nx">yamlContent</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">colonIndex</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">indexOf</span><span class="p">(</span><span class="dl">'</span><span class="s1">:</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">colonIndex</span> <span class="o">===</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="k">continue</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">colonIndex</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">value</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="nx">colonIndex</span> <span class="o">+</span> <span class="mi">1</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="k">switch </span><span class="p">(</span><span class="nx">key</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">title</span><span class="dl">'</span><span class="p">:</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">title</span> <span class="o">=</span> <span class="nx">value</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/^</span><span class="se">[</span><span class="sr">'"</span><span class="se">]</span><span class="sr">|</span><span class="se">[</span><span class="sr">'"</span><span class="se">]</span><span class="sr">$/g</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">tags</span><span class="dl">'</span><span class="p">:</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">tags</span> <span class="o">=</span> <span class="nf">parseTags</span><span class="p">(</span><span class="nx">value</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">canonical_url</span><span class="dl">'</span><span class="p">:</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">canonical_url</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">description</span><span class="dl">'</span><span class="p">:</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">description</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">cover_image</span><span class="dl">'</span><span class="p">:</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">cover_image</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">series</span><span class="dl">'</span><span class="p">:</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">series</span> <span class="o">=</span> <span class="nx">value</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">published</span><span class="dl">'</span><span class="p">:</span> <span class="nx">frontmatter</span><span class="p">.</span><span class="nx">published</span> <span class="o">=</span> <span class="nx">value</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">hasFrontmatter</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="nx">frontmatter</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nf">trim</span><span class="p">()</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>The publish form auto-fills from whatever frontmatter exists. If your article already has <code>title</code>, <code>tags</code>, and <code>canonical_url</code> in the frontmatter, you open DotShare, click Load, and hit Publish. Done.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx80jr8wp0osle366u96y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx80jr8wp0osle366u96y.png" alt="DotShare Frontmatter Parser loading a markdown file into the Dev.to publisher" width="800" height="450"></a></p> <h3> 4. Thread Composer + X Premium </h3> <p>X and Bluesky both support threads. The thread composer lets you build them post-by-post, with a per-post character counter that respects each platform's rules.</p> <p>For X, I added a Premium toggle that switches the limit from 280 to 25,000 characters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// In app.ts (WebView side)</span> <span class="kd">const</span> <span class="nx">premiumToggle</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">x-premium-toggle</span><span class="dl">'</span><span class="p">)</span> <span class="k">as</span> <span class="nx">HTMLInputElement</span><span class="p">;</span> <span class="nx">premiumToggle</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">change</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">isPremium</span> <span class="o">=</span> <span class="nx">premiumToggle</span><span class="p">.</span><span class="nx">checked</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">maxChars</span> <span class="o">=</span> <span class="nx">isPremium</span> <span class="p">?</span> <span class="nx">PLATFORM_CONFIGS</span><span class="p">[</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">].</span><span class="nx">premiumMaxChars</span> <span class="c1">// 25000</span> <span class="p">:</span> <span class="nx">PLATFORM_CONFIGS</span><span class="p">[</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">].</span><span class="nx">maxChars</span><span class="p">;</span> <span class="c1">// 280</span> <span class="nf">updateAllCharCounters</span><span class="p">(</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">,</span> <span class="nx">maxChars</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>For Bluesky threads, the extension joins all posts with a manual separator (<code>===</code>) and the <code>bluesky.ts</code> adapter splits them back:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// bluesky.ts</span> <span class="kd">function</span> <span class="nf">createThreadChunks</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">maxLength</span> <span class="o">=</span> <span class="mi">300</span><span class="p">):</span> <span class="kr">string</span><span class="p">[]</span> <span class="p">{</span> <span class="c1">// Manual separator from Thread Composer</span> <span class="kd">const</span> <span class="nx">manualParts</span> <span class="o">=</span> <span class="nx">text</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sr">/</span><span class="se">\n\n</span><span class="sr">===</span><span class="se">\n\n</span><span class="sr">/</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">manualParts</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">chunks</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">part</span> <span class="k">of</span> <span class="nx">manualParts</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">trimmed</span> <span class="o">=</span> <span class="nx">part</span><span class="p">.</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">trimmed</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="nx">maxLength</span><span class="p">)</span> <span class="p">{</span> <span class="nx">chunks</span><span class="p">.</span><span class="nf">push</span><span class="p">(...</span><span class="nf">splitByWords</span><span class="p">(</span><span class="nx">trimmed</span><span class="p">,</span> <span class="nx">maxLength</span><span class="p">));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">chunks</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">trimmed</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">chunks</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">chunk</span><span class="p">,</span> <span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="s2">`</span><span class="p">${</span><span class="nx">chunk</span><span class="p">}</span><span class="s2"> (</span><span class="p">${</span><span class="nx">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">chunks</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2">)`</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">splitByWords</span><span class="p">(</span><span class="nx">text</span><span class="p">,</span> <span class="nx">maxLength</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 5. Twitter Character Counting — A Subtle Bug </h3> <p>Twitter counts every URL as exactly 23 characters (their t.co proxy length), regardless of the actual URL length. I had a bug in the original implementation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ Wrong — short URLs were counted as their actual length</span> <span class="nx">text</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="nx">URL_REGEX</span><span class="p">,</span> <span class="p">(</span><span class="nx">url</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">.</span><span class="nf">repeat</span><span class="p">(</span><span class="nb">Math</span><span class="p">.</span><span class="nf">min</span><span class="p">(</span><span class="nx">url</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="mi">23</span><span class="p">)))</span> <span class="c1">// ✅ Correct — all URLs are always 23 chars</span> <span class="nx">text</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="nx">URL_REGEX</span><span class="p">,</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">.</span><span class="nf">repeat</span><span class="p">(</span><span class="mi">23</span><span class="p">))</span> </code></pre> </div> <p>Small bug, but it made the character counter off for short URLs like <code>https://t.co/abc</code>.</p> <h2> v3.0.1 — The Medium Situation </h2> <p>Shortly after shipping v3.0, I realized something: <strong>Medium has stopped issuing new integration tokens.</strong></p> <p>Their official response from <code>help.medium.com</code>:</p> <blockquote> <p><em>"Medium will not be issuing any new integration tokens for our API and will not allow any new integrations. All existing tokens will continue to work."</em></p> </blockquote> <p>The only workaround is to email <code>yourfriends@medium.com</code> and request access manually — they do respond within 24 hours and do activate the token section on your account. So the <code>medium.ts</code> integration is solid, but the onboarding requires this extra step.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flei4fc6fu8pr0wx3qhl8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flei4fc6fu8pr0wx3qhl8.png" alt="Medium API Notice in DotShare settings and publishing view" width="800" height="450"></a></p> <p>I added a notice directly in the Settings card so users know before they go hunting for a token that doesn't exist in the UI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;p</span> <span class="na">class=</span><span class="s">"platform-notice"</span><span class="nt">&gt;</span> ⚠️ Medium no longer issues new tokens automatically. Email <span class="nt">&lt;strong&gt;</span>yourfriends@medium.com<span class="nt">&lt;/strong&gt;</span> to request access. They usually respond within 24 hours. <span class="nt">&lt;/p&gt;</span> </code></pre> </div> <p>The Medium API itself works fine — it's just the token provisioning that requires the manual email step.</p> <h2> v3.1.0 — Reliability: Auth Server Health Checks </h2> <p>DotShare uses an OAuth server (<code>dotshare-auth-server.vercel.app</code>) for X, Reddit, and Facebook. The <code>TokenManager</code> handles auto-refresh of expiring tokens.</p> <p>The problem: if the auth server goes down, the user just gets a generic error when they try to post. The connect button stays enabled, the user clicks it, nothing happens.</p> <p>The fix is straightforward — check health before attempting any OAuth operation, cache the result, and disable the button with a clear message if the server is unreachable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// TokenManager.ts</span> <span class="kd">let</span> <span class="nx">_lastHealthCheck</span><span class="p">:</span> <span class="p">{</span> <span class="nl">ok</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">timestamp</span><span class="p">:</span> <span class="kr">number</span> <span class="p">}</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">HEALTH_CACHE_MS</span> <span class="o">=</span> <span class="mi">30</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">;</span> <span class="c1">// 30 seconds</span> <span class="k">static</span> <span class="k">async</span> <span class="nf">checkHealth</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Return cached result if still fresh</span> <span class="k">if </span><span class="p">(</span><span class="nx">_lastHealthCheck</span> <span class="o">&amp;&amp;</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="nx">_lastHealthCheck</span><span class="p">.</span><span class="nx">timestamp</span> <span class="o">&lt;</span> <span class="nx">HEALTH_CACHE_MS</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">_lastHealthCheck</span><span class="p">.</span><span class="nx">ok</span><span class="p">;</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">AUTH_SERVER_URL</span><span class="p">}</span><span class="s2">/health`</span><span class="p">,</span> <span class="p">{</span> <span class="na">timeout</span><span class="p">:</span> <span class="mi">5000</span> <span class="p">});</span> <span class="nx">_lastHealthCheck</span> <span class="o">=</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="p">};</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="nx">_lastHealthCheck</span> <span class="o">=</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="p">};</span> <span class="nx">Logger</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">TokenManager: auth server unreachable ❌</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The 30-second cache is important — without it, every share attempt on X would make an extra HTTP request just to check if the server is alive.</p> <p>In <code>PostHandler</code>, the OAuth platforms check health before trying to refresh:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">private</span> <span class="k">async</span> <span class="nf">shareToXWithUpdate</span><span class="p">(</span><span class="nx">post</span><span class="p">:</span> <span class="nx">PostData</span><span class="p">,</span> <span class="nx">postId</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">undefined</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Only check health if user is on OAuth (has a refresh token)</span> <span class="kd">const</span> <span class="nx">hasOAuthToken</span> <span class="o">=</span> <span class="o">!!</span><span class="p">(</span><span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">context</span><span class="p">.</span><span class="nx">secrets</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">xRefreshToken</span><span class="dl">'</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="nx">hasOAuthToken</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">serverOk</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">checkHealth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">serverOk</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Tell the WebView to disable the button</span> <span class="k">this</span><span class="p">.</span><span class="nx">view</span><span class="p">.</span><span class="nx">webview</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">command</span><span class="p">:</span> <span class="dl">'</span><span class="s1">oauthServerDown</span><span class="dl">'</span><span class="p">,</span> <span class="na">platform</span><span class="p">:</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Auth server is currently unavailable. Please try again later.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">xAccessToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">getValidToken</span><span class="p">(</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">context</span><span class="p">.</span><span class="nx">secrets</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">xAccessToken</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">xAccessToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span> <span class="dl">'</span><span class="s1">X credentials lost (possible Keychain issue). Please reconnect X in Settings.</span><span class="dl">'</span> <span class="p">);</span> <span class="p">}</span> <span class="k">await</span> <span class="nf">shareToX</span><span class="p">(</span><span class="nx">xAccessToken</span><span class="p">,</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">post</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendSuccess</span><span class="p">(</span><span class="dl">'</span><span class="s1">Successfully posted to X!</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>And in <code>app.ts</code> on the WebView side:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">case</span> <span class="dl">'</span><span class="s1">oauthServerDown</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">btn</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="s2">`oauthConnect_</span><span class="p">${</span><span class="nx">msg</span><span class="p">.</span><span class="nx">platform</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="k">as</span> <span class="nx">HTMLButtonElement</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">btn</span><span class="p">)</span> <span class="p">{</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">disabled</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">textContent</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">⚠️ Server unavailable — try later</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Simple, no fallback complexity, no "switch to manual mode" dialogs. Server is down → button is disabled → clear message. The user can still use the "Advanced: Enter token manually" section if they have their own token.</p> <h3> Keychain Wipeout on Linux </h3> <p>VS Code's <code>context.secrets</code> is backed by the OS keychain — <code>gnome-keyring</code> on GNOME, <code>libsecret</code> on other Linux setups. Sometimes after a system update or password change, the keychain loses sync and all stored secrets come back empty.</p> <p>The original error for missing X credentials was:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Error sharing to X: Error: X credentials not configured </code></pre> </div> <p>Not helpful. Is it not configured, or did the keychain wipe it? The new message:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>X credentials lost (possible Keychain issue). Please reconnect X in Settings. </code></pre> </div> <p>This tells the user exactly what might have happened and what to do about it. Small change, big difference in support requests.</p> <h2> What's Next </h2> <p>The roadmap has v3.2 as a scheduling engine overhaul — recurring posts, a queue manager UI, time zone support, and a calendar view of all scheduled posts. After that, v3.3 is the AI co-pilot phase: platform-specific rewrites, smart thread splitting, and blog-to-social post generation.</p> <p>The extension is free and open source at <br> <strong>Download &amp; Support:</strong></p> <ul> <li><a href="https://marketplace.visualstudio.com/items?itemName=FreeRave.dotshare" rel="noopener noreferrer">Install from VS Code Marketplace</a></li> <li><a href="https://open-vsx.org/extension/freerave/dotshare" rel="noopener noreferrer">Install from Open VSX Registry</a></li> <li><a href="https://github.com/kareem2099/DotShare" rel="noopener noreferrer">Star on GitHub</a></li> </ul> <p>If you write technical content and want to stop context-switching between VS Code and your browser, give it a try.</p> <p><em>If you hit any issues or want to contribute, open an issue on GitHub. Feedback on the Dev.to integration especially — I want to make the publishing flow as smooth as possible.</em></p> vscode opensource devrel typescript Building a Production-Ready OAuth Server for a VS Code Extension — Token Lifecycle, Auto-Refresh & Edge Rate Limiting freerave Sun, 05 Apr 2026 14:56:45 +0000 https://forem.com/freerave/building-a-production-ready-oauth-server-for-a-vs-code-extension-token-lifecycle-auto-refresh--45pl https://forem.com/freerave/building-a-production-ready-oauth-server-for-a-vs-code-extension-token-lifecycle-auto-refresh--45pl <blockquote> <p>How we built DotShare Auth: a Next.js 16 OAuth portal that handles token exchange, automatic refresh, and edge-level rate limiting for a VS Code extension that publishes to LinkedIn, X, Facebook, and Reddit.</p> </blockquote> <h2> Table of Contents </h2> <ol> <li>The Problem</li> <li>Architecture Overview</li> <li>The Auth Server</li> <li>Token Lifecycle in the Extension</li> <li>Edge Rate Limiting with Upstash Redis</li> <li>Lessons Learned</li> </ol> <h2> 1. The Problem </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcdzxkegtzovwx71dvnkl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcdzxkegtzovwx71dvnkl.png" alt="Architecture diagram comparing unsafe client-side OAuth with our secure server proxy solution" width="800" height="436"></a></p> <p>DotShare is a VS Code extension that lets developers publish content directly to social platforms. To post on behalf of a user, it needs OAuth tokens from LinkedIn, X (Twitter), Facebook, and Reddit.</p> <p>The naive approach? Ask the user to paste tokens manually. That's awful UX.</p> <p>The real problems we had to solve:</p> <ul> <li>Each platform has a <strong>different OAuth flow</strong> (PKCE, Basic Auth, state params)</li> <li>App secrets (<code>CLIENT_SECRET</code>, <code>APP_SECRET</code>) can't live in the extension — it's client-side code anyone can inspect</li> <li>Tokens <strong>expire</strong> — X tokens last ~2 hours, Facebook tokens last ~60 days</li> <li>We needed <strong>zero manual re-authentication</strong> after the initial connect</li> </ul> <p>Our solution: a dedicated Next.js 16 auth server that acts as a secure proxy between VS Code and the OAuth providers.</p> <h2> 2. Architecture Overview </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyf5aikmnootzm1uibwm5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyf5aikmnootzm1uibwm5.png" alt="Step-by-step OAuth architecture flow: VS Code to Auth Server to Providers and back via deep link" width="800" height="436"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>VS Code Extension → opens browser to https://dotshare-auth-server.vercel.app/auth/{platform} → user clicks "Authenticate" (one click, no credentials to enter) → redirected to platform OAuth page → platform redirects back to /auth/{platform}/callback → server exchanges code for token using .env secrets → browser redirects to vscode://freerave.dotshare/auth?platform=x&amp;access_token=...&amp;refresh_token=...&amp;expires_in=7200 → VS Code extension receives token automatically → TokenManager stores token + expiry in SecretStorage → before every API call: TokenManager checks expiry → refreshes if needed </code></pre> </div> <p><strong>Key design decisions:</strong></p> <ul> <li>Auth server is <strong>stateless</strong> — no database, no user accounts</li> <li>Tokens are <strong>never stored server-side</strong> — passed directly via deep link</li> <li>All OAuth secrets live in <strong>server <code>.env</code></strong> only</li> <li>The extension handles all <strong>token lifecycle</strong> (expiry tracking, refresh)</li> </ul> <h2> 3. The Auth Server </h2> <h3> Single Source of Truth </h3> <p>Instead of scattering platform config across multiple files, everything lives in one place:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffujjpsmu0riqozxffjpk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffujjpsmu0riqozxffjpk.png" alt="Code snippet of lib/platforms.ts showing centralized OAuth configuration for multiple platforms" width="800" height="1090"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/platforms.ts</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">PlatformConfig</span> <span class="p">{</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">icon</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">description</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">scopes</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">authUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">envKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// NEXT_PUBLIC_* variable name</span> <span class="nl">titleGradientTo</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// gradient color for the title</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">PlatformKey</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">linkedin</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">facebook</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">reddit</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">PLATFORMS</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">PlatformConfig</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="na">linkedin</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">LinkedIn</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">in</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Professional network</span><span class="dl">'</span><span class="p">,</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">openid</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">profile</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">w_member_social</span><span class="dl">'</span><span class="p">],</span> <span class="na">authUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://www.linkedin.com/oauth/v2/authorization</span><span class="dl">'</span><span class="p">,</span> <span class="na">envKey</span><span class="p">:</span> <span class="dl">'</span><span class="s1">NEXT_PUBLIC_LINKEDIN_CLIENT_ID</span><span class="dl">'</span><span class="p">,</span> <span class="na">titleGradientTo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#4da3ff</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">x</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">X (Twitter)</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">𝕏</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Public discourse</span><span class="dl">'</span><span class="p">,</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">tweet.read</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">tweet.write</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">users.read</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">offline.access</span><span class="dl">'</span><span class="p">],</span> <span class="na">authUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://twitter.com/i/oauth2/authorize</span><span class="dl">'</span><span class="p">,</span> <span class="na">envKey</span><span class="p">:</span> <span class="dl">'</span><span class="s1">NEXT_PUBLIC_X_CLIENT_ID</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">facebook</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Facebook</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">f</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Social network</span><span class="dl">'</span><span class="p">,</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">pages_manage_posts</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">pages_read_engagement</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">publish_to_groups</span><span class="dl">'</span><span class="p">],</span> <span class="na">authUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://www.facebook.com/v18.0/dialog/oauth</span><span class="dl">'</span><span class="p">,</span> <span class="na">envKey</span><span class="p">:</span> <span class="dl">'</span><span class="s1">NEXT_PUBLIC_FACEBOOK_APP_ID</span><span class="dl">'</span><span class="p">,</span> <span class="na">titleGradientTo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#42a5f5</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">reddit</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Reddit</span><span class="dl">'</span><span class="p">,</span> <span class="na">icon</span><span class="p">:</span> <span class="dl">'</span><span class="s1">r/</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Discussion forums</span><span class="dl">'</span><span class="p">,</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">submit</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">identity</span><span class="dl">'</span><span class="p">],</span> <span class="na">authUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://www.reddit.com/api/v1/authorize</span><span class="dl">'</span><span class="p">,</span> <span class="na">envKey</span><span class="p">:</span> <span class="dl">'</span><span class="s1">NEXT_PUBLIC_REDDIT_CLIENT_ID</span><span class="dl">'</span><span class="p">,</span> <span class="na">titleGradientTo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#ff7043</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <p>Adding a new platform? One file. The home page, auth pages, and callback pages all read from <code>PLATFORMS</code> automatically.</p> <h3> Eliminating Duplicate UI Code </h3> <p>The original codebase had 4 identical auth pages and 4 identical callback pages — ~600 lines of copy-pasted React. We collapsed them into shared components:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Before: 150 lines per platform</span> <span class="c1">// facebook/page.tsx — full component with all the logic</span> <span class="c1">// After: 1 line per platform</span> <span class="c1">// facebook/page.tsx</span> <span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthPage</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/components/AuthPage</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">FacebookAuth</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">AuthPage</span> <span class="nx">platform</span><span class="o">=</span><span class="dl">"</span><span class="s2">facebook</span><span class="dl">"</span> <span class="o">/&gt;</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The <code>useOAuthInit</code> hook handles all the OAuth initiation logic — PKCE for X, state for X and Reddit, <code>duration=permanent</code> for Reddit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// hooks/useOAuthInit.ts</span> <span class="kd">const</span> <span class="nx">PKCE_PLATFORMS</span><span class="p">:</span> <span class="nx">PlatformKey</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">STATEFUL_PLATFORMS</span><span class="p">:</span> <span class="nx">PlatformKey</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">reddit</span><span class="dl">'</span><span class="p">];</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">useOAuthInit</span><span class="p">(</span><span class="nx">platform</span><span class="p">:</span> <span class="nx">PlatformKey</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">error</span><span class="p">,</span> <span class="nx">setError</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">handleAuth</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="nx">PLATFORMS</span><span class="p">[</span><span class="nx">platform</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">clientId</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">[</span><span class="nx">config</span><span class="p">.</span><span class="nx">envKey</span> <span class="k">as</span> <span class="kr">keyof</span> <span class="k">typeof</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">clientId</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="s2">`Missing </span><span class="p">${</span><span class="nx">config</span><span class="p">.</span><span class="nx">envKey</span><span class="p">}</span><span class="s2"> in .env`</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">authUrl</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">authUrl</span><span class="p">);</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">client_id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">clientId</span><span class="p">);</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect_uri</span><span class="dl">'</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">origin</span><span class="p">}</span><span class="s2">/auth/</span><span class="p">${</span><span class="nx">platform</span><span class="p">}</span><span class="s2">/callback`</span><span class="p">);</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">response_type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">code</span><span class="dl">'</span><span class="p">);</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">scope</span><span class="dl">'</span><span class="p">,</span> <span class="nx">config</span><span class="p">.</span><span class="nx">scopes</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="nx">STATEFUL_PLATFORMS</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">platform</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="nf">generateState</span><span class="p">();</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">platform</span><span class="p">}</span><span class="s2">_state`</span><span class="p">,</span> <span class="nx">state</span><span class="p">);</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">state</span><span class="dl">'</span><span class="p">,</span> <span class="nx">state</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">PKCE_PLATFORMS</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">platform</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">codeVerifier</span> <span class="o">=</span> <span class="nf">generateCodeVerifier</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">codeChallenge</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateCodeChallenge</span><span class="p">(</span><span class="nx">codeVerifier</span><span class="p">);</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">x_code_verifier</span><span class="dl">'</span><span class="p">,</span> <span class="nx">codeVerifier</span><span class="p">);</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">code_challenge</span><span class="dl">'</span><span class="p">,</span> <span class="nx">codeChallenge</span><span class="p">);</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">code_challenge_method</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">S256</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">platform</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">reddit</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">duration</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">permanent</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="nx">authUrl</span><span class="p">.</span><span class="nf">toString</span><span class="p">();</span> <span class="p">};</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">handleAuth</span><span class="p">,</span> <span class="nx">loading</span><span class="p">,</span> <span class="nx">error</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h3> Token Refresh Endpoints </h3> <p>Not all platforms support token refresh the same way:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Platform</th> <th>Support</th> <th>Endpoint</th> </tr> </thead> <tbody> <tr> <td>X</td> <td>✅ Standard refresh</td> <td><code>POST /api/auth/x/refresh</code></td> </tr> <tr> <td>Reddit</td> <td>✅ Standard refresh</td> <td><code>POST /api/auth/reddit/refresh</code></td> </tr> <tr> <td>Facebook</td> <td>⚠️ Token extension (60 days)</td> <td><code>POST /api/auth/facebook/extend</code></td> </tr> <tr> <td>LinkedIn</td> <td>❌ Enterprise only</td> <td>—</td> </tr> </tbody> </table></div> <p><strong>X refresh</strong> (public client — no secret needed, just client ID):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/api/auth/x/refresh/route.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">refreshToken</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">clientId</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">X_CLIENT_ID</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">,</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">refreshToken</span><span class="p">,</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">clientId</span><span class="o">!</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">basicAuth</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">clientId</span><span class="p">}</span><span class="s2">:`</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://api.twitter.com/2/oauth2/token</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/x-www-form-urlencoded</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Basic </span><span class="p">${</span><span class="nx">basicAuth</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">params</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Facebook token extension</strong> (short-lived → 60-day long-lived):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/api/auth/facebook/extend/route.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">accessToken</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">fb_exchange_token</span><span class="dl">'</span><span class="p">,</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">FACEBOOK_APP_ID</span><span class="o">!</span><span class="p">,</span> <span class="na">client_secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">FACEBOOK_APP_SECRET</span><span class="o">!</span><span class="p">,</span> <span class="na">fb_exchange_token</span><span class="p">:</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`https://graph.facebook.com/v18.0/oauth/access_token?</span><span class="p">${</span><span class="nx">params</span><span class="p">.</span><span class="nf">toString</span><span class="p">()}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// data.expires_in ≈ 5184000 seconds = 60 days</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Deep Links with Expiry Info </h3> <p>The callback pages now include <code>expires_in</code> and <code>refresh_token</code> in the deep link back to VS Code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// hooks/useOAuthCallback.ts (inside the callback handler)</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="nx">platform</span><span class="p">,</span> <span class="na">access_token</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="p">...(</span><span class="nx">REFRESHABLE_PLATFORMS</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">platform</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="nx">data</span><span class="p">.</span><span class="nx">refresh_token</span> <span class="p">?</span> <span class="p">{</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">refresh_token</span> <span class="p">}</span> <span class="p">:</span> <span class="p">{}),</span> <span class="p">...(</span><span class="nx">data</span><span class="p">.</span><span class="nx">expires_in</span> <span class="p">?</span> <span class="p">{</span> <span class="na">expires_in</span><span class="p">:</span> <span class="nc">String</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">expires_in</span><span class="p">)</span> <span class="p">}</span> <span class="p">:</span> <span class="p">{}),</span> <span class="p">});</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="s2">`vscode://freerave.dotshare/auth?</span><span class="p">${</span><span class="nx">params</span><span class="p">.</span><span class="nf">toString</span><span class="p">()}</span><span class="s2">`</span><span class="p">;</span> <span class="p">},</span> <span class="mi">1500</span><span class="p">);</span> </code></pre> </div> <p>The resulting deep link looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vscode://freerave.dotshare/auth ?platform=x &amp;access_token=AAA... &amp;refresh_token=BBB... &amp;expires_in=7200 </code></pre> </div> <h2> 4. Token Lifecycle in the Extension </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fukbzfg2e8mnt6q3k2ftk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fukbzfg2e8mnt6q3k2ftk.png" alt="Flowchart showing token lifecycle: checking expiry, silent auto-refreshing, and fallback logic" width="800" height="436"></a><br> This is where the magic happens. The extension needs to ensure every API call uses a valid token — without ever asking the user to re-authenticate.</p> <h3> TokenManager </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/services/TokenManager.ts</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">AUTH_SERVER_URL</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://dotshare-auth-server.vercel.app</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">REFRESH_BUFFER_MS</span> <span class="o">=</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">;</span> <span class="c1">// Refresh 5 minutes before expiry</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">TokenManager</span> <span class="p">{</span> <span class="k">private</span> <span class="k">static</span> <span class="nx">_context</span><span class="p">:</span> <span class="nx">vscode</span><span class="p">.</span><span class="nx">ExtensionContext</span><span class="p">;</span> <span class="k">static</span> <span class="nf">init</span><span class="p">(</span><span class="nx">context</span><span class="p">:</span> <span class="nx">vscode</span><span class="p">.</span><span class="nx">ExtensionContext</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">_context</span> <span class="o">=</span> <span class="nx">context</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Called from URI handler after OAuth callback</span> <span class="k">static</span> <span class="k">async</span> <span class="nf">storeToken</span><span class="p">(</span> <span class="nx">platform</span><span class="p">:</span> <span class="nx">RefreshablePlatform</span><span class="p">,</span> <span class="nx">accessToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">refreshToken</span><span class="p">?:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">?:</span> <span class="kr">number</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// store access + refresh token in SecretStorage</span> <span class="c1">// store expires_at = Date.now() + expiresIn * 1000</span> <span class="p">}</span> <span class="c1">// Called before every API call</span> <span class="k">static</span> <span class="k">async</span> <span class="nf">getValidToken</span><span class="p">(</span><span class="nx">platform</span><span class="p">:</span> <span class="nx">RefreshablePlatform</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">expiring</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">isExpiringSoon</span><span class="p">(</span><span class="nx">platform</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">expiring</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="nx">platform</span><span class="p">);</span> <span class="c1">// auto-refresh silently</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">Logger</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="s2">`refresh failed, using existing token`</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">_context</span><span class="p">.</span><span class="nx">secrets</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">tokenKey</span><span class="p">[</span><span class="nx">platform</span><span class="p">])</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// 429 handling via shared post() helper</span> <span class="k">private</span> <span class="k">static</span> <span class="k">async</span> <span class="nx">post</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">url</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">data</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">T</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nx">post</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">axios</span><span class="p">.</span><span class="nf">isAxiosError</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="nx">err</span><span class="p">.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">429</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">retryAfter</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">retry-after</span><span class="dl">'</span><span class="p">]</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">60</span><span class="dl">'</span><span class="p">;</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Rate limited. Retry after </span><span class="p">${</span><span class="nx">retryAfter</span><span class="p">}</span><span class="s2">s`</span><span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> URI Handler </h3> <p>The VS Code URI handler receives the deep link and stores everything:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/extension.ts — URI handler</span> <span class="kd">const</span> <span class="nx">uriHandler</span> <span class="o">=</span> <span class="nx">vscode</span><span class="p">.</span><span class="nb">window</span><span class="p">.</span><span class="nf">registerUriHandler</span><span class="p">({</span> <span class="k">async</span> <span class="nf">handleUri</span><span class="p">(</span><span class="na">uri</span><span class="p">:</span> <span class="nx">vscode</span><span class="p">.</span><span class="nx">Uri</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">path</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">/auth</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">query</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">platform</span> <span class="o">=</span> <span class="nx">params</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">platform</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="nx">params</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">access_token</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="nx">params</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">expiresIn</span> <span class="o">=</span> <span class="nx">params</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">expires_in</span><span class="dl">'</span><span class="p">);</span> <span class="k">switch </span><span class="p">(</span><span class="nx">platform</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">linkedin</span><span class="dl">'</span><span class="p">:</span> <span class="k">await</span> <span class="nx">context</span><span class="p">.</span><span class="nx">secrets</span><span class="p">.</span><span class="nf">store</span><span class="p">(</span><span class="dl">'</span><span class="s1">linkedinToken</span><span class="dl">'</span><span class="p">,</span> <span class="nx">accessToken</span><span class="o">!</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">:</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">storeToken</span><span class="p">(</span> <span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">,</span> <span class="nx">accessToken</span><span class="o">!</span><span class="p">,</span> <span class="nx">refreshToken</span> <span class="o">??</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">expiresIn</span> <span class="p">?</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">expiresIn</span><span class="p">)</span> <span class="p">:</span> <span class="kc">undefined</span> <span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">facebook</span><span class="dl">'</span><span class="p">:</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">storeToken</span><span class="p">(</span> <span class="dl">'</span><span class="s1">facebook</span><span class="dl">'</span><span class="p">,</span> <span class="nx">accessToken</span><span class="o">!</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">expiresIn</span> <span class="p">?</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">expiresIn</span><span class="p">)</span> <span class="p">:</span> <span class="kc">undefined</span> <span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">reddit</span><span class="dl">'</span><span class="p">:</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">storeToken</span><span class="p">(</span> <span class="dl">'</span><span class="s1">reddit</span><span class="dl">'</span><span class="p">,</span> <span class="nx">accessToken</span><span class="o">!</span><span class="p">,</span> <span class="nx">refreshToken</span> <span class="o">??</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">expiresIn</span> <span class="p">?</span> <span class="nc">Number</span><span class="p">(</span><span class="nx">expiresIn</span><span class="p">)</span> <span class="p">:</span> <span class="kc">undefined</span> <span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> <span class="nx">vscode</span><span class="p">.</span><span class="nb">window</span><span class="p">.</span><span class="nf">showInformationMessage</span><span class="p">(</span><span class="s2">`✓ </span><span class="p">${</span><span class="nx">platform</span><span class="p">}</span><span class="s2"> connected!`</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h3> Using Tokens in Platform Posters </h3> <p>Before, platform files used whatever token was passed in. Now they call <code>getValidToken()</code> themselves:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/platforms/x.ts</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">shareToX</span><span class="p">(</span> <span class="nx">_accessToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// ignored — TokenManager handles this</span> <span class="nx">_accessSecret</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">tweetData</span><span class="p">:</span> <span class="nx">TweetData</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// getValidToken() checks expiry and refreshes if needed — all silently</span> <span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">getValidToken</span><span class="p">(</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">accessToken</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">X: not authenticated</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// ... rest of posting logic</span> <span class="p">}</span> </code></pre> </div> <h3> Scheduler Integration </h3> <p>Even scheduled posts (posted hours later) get fresh tokens:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/extension.ts — credentialsGetter for Scheduler</span> <span class="kd">const</span> <span class="nx">credentialsGetter</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">linkedinToken</span><span class="p">:</span> <span class="k">await</span> <span class="nx">context</span><span class="p">.</span><span class="nx">secrets</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">linkedinToken</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="dl">''</span><span class="p">,</span> <span class="na">xAccessToken</span><span class="p">:</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">getValidToken</span><span class="p">(</span><span class="dl">'</span><span class="s1">x</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// auto-refreshes</span> <span class="na">facebookToken</span><span class="p">:</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">getValidToken</span><span class="p">(</span><span class="dl">'</span><span class="s1">facebook</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// auto-extends</span> <span class="na">redditAccessToken</span><span class="p">:</span> <span class="k">await</span> <span class="nx">TokenManager</span><span class="p">.</span><span class="nf">getValidToken</span><span class="p">(</span><span class="dl">'</span><span class="s1">reddit</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// auto-refreshes</span> <span class="c1">// ...</span> <span class="p">});</span> </code></pre> </div> <h2> 5. Edge Rate Limiting with Upstash Redis </h2> <h3> Why In-Memory Rate Limiting Fails on Serverless </h3> <p>On Vercel, every request can hit a different serverless instance. An in-memory <code>Map</code> resets on every cold start — meaning your rate limiter is completely ineffective under any real load.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request 1 → Instance A (Map: {ip: 1}) Request 2 → Instance B (Map: {ip: 1}) ← starts fresh, doesn't know about Request 1 Request 3 → Instance C (Map: {ip: 1}) ← same problem </code></pre> </div> <p>The solution: a shared Redis store that all instances read from.</p> <h3> proxy.ts (Next.js 16) </h3> <blockquote> <p>Note: In Next.js 16, <code>middleware.ts</code> is deprecated and renamed to <code>proxy.ts</code>. The function export also changes from <code>middleware</code> to <code>proxy</code>.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// proxy.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Ratelimit</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@upstash/ratelimit</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Redis</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@upstash/redis</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ipAddress</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@vercel/functions</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">redis</span> <span class="o">=</span> <span class="nx">Redis</span><span class="p">.</span><span class="nf">fromEnv</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">authInitLimiter</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Ratelimit</span><span class="p">({</span> <span class="nx">redis</span><span class="p">,</span> <span class="na">limiter</span><span class="p">:</span> <span class="nx">Ratelimit</span><span class="p">.</span><span class="nf">slidingWindow</span><span class="p">(</span><span class="mi">5</span><span class="p">,</span> <span class="dl">'</span><span class="s1">1 m</span><span class="dl">'</span><span class="p">),</span> <span class="na">analytics</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">prefix</span><span class="p">:</span> <span class="dl">'</span><span class="s1">rl:auth_init</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">tokenExchangeLimiter</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Ratelimit</span><span class="p">({</span> <span class="nx">redis</span><span class="p">,</span> <span class="na">limiter</span><span class="p">:</span> <span class="nx">Ratelimit</span><span class="p">.</span><span class="nf">slidingWindow</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="dl">'</span><span class="s1">1 m</span><span class="dl">'</span><span class="p">),</span> <span class="na">analytics</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">prefix</span><span class="p">:</span> <span class="dl">'</span><span class="s1">rl:token_exchange</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">tokenRefreshLimiter</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Ratelimit</span><span class="p">({</span> <span class="nx">redis</span><span class="p">,</span> <span class="na">limiter</span><span class="p">:</span> <span class="nx">Ratelimit</span><span class="p">.</span><span class="nf">slidingWindow</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="dl">'</span><span class="s1">1 m</span><span class="dl">'</span><span class="p">),</span> <span class="na">analytics</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">prefix</span><span class="p">:</span> <span class="dl">'</span><span class="s1">rl:token_refresh</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">function</span> <span class="nf">getLimiter</span><span class="p">(</span><span class="nx">pathname</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="sr">/^</span><span class="se">\/</span><span class="sr">api</span><span class="se">\/</span><span class="sr">auth</span><span class="se">\/[^/]</span><span class="sr">+</span><span class="se">(\/</span><span class="sr">refresh|</span><span class="se">\/</span><span class="sr">extend</span><span class="se">)</span><span class="sr">$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">pathname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">tokenRefreshLimiter</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="sr">/^</span><span class="se">\/</span><span class="sr">api</span><span class="se">\/</span><span class="sr">auth</span><span class="se">\/[^/]</span><span class="sr">+$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">pathname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">tokenExchangeLimiter</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="sr">/^</span><span class="se">\/</span><span class="sr">auth</span><span class="se">\/[^/]</span><span class="sr">+$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">pathname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">authInitLimiter</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">proxy</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">pathname</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">limiter</span> <span class="o">=</span> <span class="nf">getLimiter</span><span class="p">(</span><span class="nx">pathname</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">limiter</span><span class="p">)</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">ip</span> <span class="o">=</span> <span class="nf">ipAddress</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="o">??</span> <span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">x-forwarded-for</span><span class="dl">'</span><span class="p">)?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">].</span><span class="nf">trim</span><span class="p">()</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">127.0.0.1</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">success</span><span class="p">,</span> <span class="nx">limit</span><span class="p">,</span> <span class="nx">remaining</span><span class="p">,</span> <span class="nx">reset</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">limiter</span><span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="nx">ip</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Browser hitting /auth/* → redirect gracefully instead of JSON error</span> <span class="k">if </span><span class="p">(</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/auth/</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nf">clone</span><span class="p">();</span> <span class="nx">url</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">;</span> <span class="nx">url</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Too many requests. Please try again later.</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="nx">url</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// API routes → JSON 429 with Retry-After</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Too many requests. Please try again later.</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">X-RateLimit-Limit</span><span class="dl">'</span><span class="p">:</span> <span class="nc">String</span><span class="p">(</span><span class="nx">limit</span><span class="p">),</span> <span class="dl">'</span><span class="s1">X-RateLimit-Remaining</span><span class="dl">'</span><span class="p">:</span> <span class="nc">String</span><span class="p">(</span><span class="nx">remaining</span><span class="p">),</span> <span class="dl">'</span><span class="s1">X-RateLimit-Reset</span><span class="dl">'</span><span class="p">:</span> <span class="nc">String</span><span class="p">(</span><span class="nx">reset</span><span class="p">),</span> <span class="dl">'</span><span class="s1">Retry-After</span><span class="dl">'</span><span class="p">:</span> <span class="nc">String</span><span class="p">(</span><span class="nb">Math</span><span class="p">.</span><span class="nf">ceil</span><span class="p">((</span><span class="nx">reset</span> <span class="o">-</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">())</span> <span class="o">/</span> <span class="mi">1000</span><span class="p">)),</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">X-RateLimit-Limit</span><span class="dl">'</span><span class="p">,</span> <span class="nc">String</span><span class="p">(</span><span class="nx">limit</span><span class="p">));</span> <span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">X-RateLimit-Remaining</span><span class="dl">'</span><span class="p">,</span> <span class="nc">String</span><span class="p">(</span><span class="nx">remaining</span><span class="p">));</span> <span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">X-RateLimit-Reset</span><span class="dl">'</span><span class="p">,</span> <span class="nc">String</span><span class="p">(</span><span class="nx">reset</span><span class="p">));</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/auth/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/api/auth/:path*</span><span class="dl">'</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <h3> Rate Limit Tiers </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Route</th> <th>Limit</th> <th>Window</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td><code>/auth/*</code></td> <td>5 req</td> <td>1 min</td> <td>Browser redirects only</td> </tr> <tr> <td><code>/api/auth/*</code></td> <td>10 req</td> <td>1 min</td> <td>Initial token exchange</td> </tr> <tr> <td><code>/api/auth/*/refresh</code></td> <td>10 req</td> <td>1 min</td> <td>Extension refresh calls</td> </tr> </tbody> </table></div> <h3> The Extension Handles 429s Gracefully </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/services/TokenManager.ts</span> <span class="k">private</span> <span class="k">static</span> <span class="k">async</span> <span class="nx">post</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">url</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">data</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">T</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nx">post</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">axios</span><span class="p">.</span><span class="nf">isAxiosError</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="nx">err</span><span class="p">.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">429</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">retryAfter</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">retry-after</span><span class="dl">'</span><span class="p">]</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">60</span><span class="dl">'</span><span class="p">;</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Rate limited. Retry after </span><span class="p">${</span><span class="nx">retryAfter</span><span class="p">}</span><span class="s2">s`</span><span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If a refresh is rate limited, <code>getValidToken()</code> catches the error, logs a warning, and returns the existing token. The user never sees a crash.</p> <h2> 6. Lessons Learned </h2> <p><strong>1. Stateless auth servers are beautiful</strong><br> No database, no user sessions, no GDPR headaches. The server does one thing: exchange OAuth codes for tokens securely. Everything else is the client's problem.</p> <p><strong>2. In-memory rate limiting on serverless = placebo</strong><br> Don't waste time on it. If you're on a serverless platform, you need a shared store. Upstash Redis is free for small projects and takes 10 minutes to set up.</p> <p><strong>3. Architecture over prompts</strong><br> The biggest win wasn't any single feature — it was establishing <code>lib/platforms.ts</code> as the single source of truth early. Adding a new platform went from "edit 7 files" to "edit 1 file."</p> <p><strong>4. <code>expires_in</code> belongs in the deep link</strong><br> The extension can't know when a token expires unless the auth server tells it. One extra query param saved us from building a polling mechanism.</p> <p><strong>5. Next.js 16 renames middleware to proxy</strong><br> If you're upgrading: <code>middleware.ts</code> → <code>proxy.ts</code>, <code>export function middleware</code> → <code>export function proxy</code>. The codemod handles it: <code>npx @next/codemod@canary middleware-to-proxy .</code></p> <h2> The Full Picture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dotshare-auth-server/ proxy.ts ← Edge rate limiting (Upstash Redis) src/ app/ auth/[platform]/ page.tsx ← &lt;AuthPage platform="x" /&gt; (1 line) callback/page.tsx ← &lt;CallbackPage platform="x" /&gt; (1 line) api/auth/ x/route.ts ← token exchange x/refresh/route.ts ← token refresh facebook/extend/route.ts ← 60-day token extension reddit/refresh/route.ts ← token refresh components/ AuthPage.tsx ← shared auth UI CallbackPage.tsx ← shared callback UI hooks/ useOAuthInit.ts ← PKCE, state, redirect logic useOAuthCallback.ts ← exchange, deep link logic lib/ platforms.ts ← single source of truth DotShare (VS Code Extension)/ src/ extension.ts ← URI handler → TokenManager.storeToken() services/ TokenManager.ts ← store, getValidToken, refresh, clear platforms/ x.ts ← getValidToken('x') before every post reddit.ts ← getValidToken('reddit') before every post </code></pre> </div> <h2> Resources </h2> <ul> <li><a href="https://github.com/kareem2099/dotshare-auth-server" rel="noopener noreferrer">DotShare Auth Server</a></li> <li><a href="https://github.com/kareem2099/DotShare" rel="noopener noreferrer">DotShare VS Code Extension</a></li> <li><a href="https://github.com/upstash/ratelimit-js" rel="noopener noreferrer">Upstash Ratelimit</a></li> <li><a href="https://nextjs.org/docs/app/api-reference/file-conventions/proxy" rel="noopener noreferrer">Next.js 16 Proxy (formerly Middleware)</a></li> <li><a href="https://code.visualstudio.com/api/references/vscode-api#SecretStorage" rel="noopener noreferrer">VS Code SecretStorage API</a></li> </ul> <p><em>Built with Next.js 16, TypeScript, Upstash Redis, and VS Code Extension API.</em></p> <p><em>Part of the DotShare project — a VS Code extension for publishing developer content across social platforms.</em></p> nextjs vscode oauth typescript DotShare v3.0 Test Article freerave Fri, 03 Apr 2026 20:27:41 +0000 https://forem.com/freerave/dotshare-v30-test-article-555c https://forem.com/freerave/dotshare-v30-test-article-555c <p>Hello World! <br> This is a live test from the new <strong>DotShare WebView</strong> Architecture.</p> testing typescript vscode The Claude CLI "Leak": Nobody Won, AI Still Hallucinates, and Companies Are Still Making the Same Mistake freerave Wed, 01 Apr 2026 16:57:25 +0000 https://forem.com/freerave/the-claude-cli-leak-nobody-won-ai-still-hallucinates-and-companies-are-still-making-the-same-1hle https://forem.com/freerave/the-claude-cli-leak-nobody-won-ai-still-hallucinates-and-companies-are-still-making-the-same-1hle <p><em>A brutally honest postmortem from a developer who actually tried it — and who builds LLM-powered tools for a living.</em></p> <h2> The Hype That Wasn't </h2> <p>When the Claude CLI "leak" hit Twitter/X, the reactions split into two camps almost instantly.</p> <p><strong>Camp A</strong> (the majority): <em>"FREE CLAUDE! LET'S GOOO!"</em> 🎉</p> <p><strong>Camp B</strong> (a smaller, quieter group of engineers): <em>"Wait. Hold on."</em></p> <p>I was in Camp B — not because I'm cynical, but because I've spent enough time building LLM-powered tooling (I'm currently building <strong>dotenvy</strong>, an LLM layer for environment and config management) to know that "free AI access" without understanding what you're actually touching is a fast road to a very bad time.</p> <p>So let's talk about what actually happened, why the hype was hollow, and why the real story here is much darker — and much more important — than a leaked CLI.</p> <h2> What Actually Happened (Technically) </h2> <p>Let's kill the myth first: <strong>no model weights were leaked. No proprietary architecture was exposed.</strong></p> <p>What happened was significantly less dramatic but equally revealing about how the AI hype machine works:</p> <p>Some developers reverse-engineered the authentication flow of Claude's web client and built scripts that <strong>bypass the billing layer</strong> to hit Anthropic's API directly. That's it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># What people thought they were doing:</span> <span class="nv">$ </span>./legendary-hack <span class="nt">--steal-claude-weights</span> <span class="nt">--become-god</span> <span class="c"># What they were actually doing:</span> <span class="nv">$ </span>curl https://api.anthropic.com/v1/messages <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"x-stolen-session-token: abc123"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"model": "claude-3-5-sonnet", "messages": [...]}'</span> </code></pre> </div> <p>The "leak" wasn't a technical breakthrough. It was <strong>a billing exploit wrapped in hype.</strong></p> <p>Anthropic's servers were still doing all the work. The "hackers" were just... not paying for it. Like stealing electricity from your neighbor — you feel clever until the utility company patches the meter.</p> <p>And the hype? Anthropic actually <em>benefits</em> from this short-term. Free buzz, viral spread, more developers trying the product. Then they patch the auth. Then people subscribe. Classic growth hack, whether intentional or not.</p> <p><strong>Who actually benefited from the leak?</strong></p> <p>Genuinely? Almost nobody in any meaningful technical sense.</p> <ul> <li>Developers who needed API access already had it</li> <li>Researchers who needed scale weren't going to risk ToS violations</li> <li>The "vibe coders" who got excited couldn't do anything with it that they couldn't do with the free tier anyway</li> </ul> <p>The biggest winner was the <strong>narrative</strong> — the idea that AI is so powerful it needs to be contained, leaked, stolen. Great for engagement. Terrible for honest technical discourse.</p> <h2> The Real Question Nobody Was Asking </h2> <p>While everyone was celebrating "free Claude," a much more important conversation was happening in dev circles:</p> <blockquote> <p><em>"Is it actually possible for an AI to handle this level of engineering complexity?"</em></p> </blockquote> <p>I asked Claude directly during a conversation about this. The answer it gave was technically accurate but also — and this is the beautiful irony — <strong>a masterclass in confident hallucination</strong>:</p> <p>The model correctly identified its own limitations: no understanding of implicit business logic, no real system design capability, tendency to confabulate with full confidence when it doesn't know something.</p> <p>Then it said this, which I think deserves to be framed:</p> <blockquote> <p><em>"The only Guardrail that actually works? Not a prompt — architecture."</em></p> </blockquote> <p>And then, in the same conversation, it proceeded to hallucinate that it had written a response that I had actually written, then doubled down on the hallucination when corrected, then hallucinated <em>again</em> about <em>who was hallucinating</em>.</p> <p><strong>That's not a bug. That's the product.</strong></p> <h2> The Hallucination Problem Is Architectural, Not Accidental </h2> <p>Here's what most non-technical coverage completely misses about why LLMs hallucinate:</p> <p>We are not reasoning engines. We are <strong>probabilistic text completion engines.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># What people think is happening inside an LLM: </span><span class="k">def</span> <span class="nf">think</span><span class="p">(</span><span class="n">question</span><span class="p">):</span> <span class="n">facts</span> <span class="o">=</span> <span class="n">database</span><span class="p">.</span><span class="nf">lookup</span><span class="p">(</span><span class="n">question</span><span class="p">)</span> <span class="n">logic</span> <span class="o">=</span> <span class="n">reasoning_engine</span><span class="p">.</span><span class="nf">process</span><span class="p">(</span><span class="n">facts</span><span class="p">)</span> <span class="k">return</span> <span class="n">logic</span><span class="p">.</span><span class="nf">verified_answer</span><span class="p">()</span> <span class="c1"># What's actually happening: </span><span class="k">def</span> <span class="nf">think</span><span class="p">(</span><span class="n">context_tokens</span><span class="p">):</span> <span class="k">return</span> <span class="nf">argmax</span><span class="p">(</span> <span class="nf">probability_distribution_over_next_token</span><span class="p">(</span><span class="n">context_tokens</span><span class="p">)</span> <span class="p">)</span> <span class="c1"># The token with the highest probability wins. </span> <span class="c1"># "Correct" and "high probability" are not the same thing. </span></code></pre> </div> <p>When I'm given a complex prompt with lots of context, my attention mechanism has to distribute focus across all those tokens. There's a well-documented phenomenon called <strong>"Lost in the Middle"</strong> — the model's attention on instructions in the middle of a long context degrades significantly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Context Window (simplified): [System Prompt: "NEVER delete files"] ... 8000 tokens of conversation ... [User: "clean up the project"] Model's effective attention on "NEVER delete files": ~12% Model's attention on recent context "clean up": ~73% Result: rm -rf ./src 💀 </code></pre> </div> <p>This isn't fixable with better prompt engineering. <strong>It's physics.</strong></p> <p>The system prompt isn't a hard constraint. It's tokens. Tokens have weights. Weights decay with distance and context complexity. <strong>A sufficiently complex conversation can mathematically outweigh your safety instructions.</strong></p> <h2> Why I Build Guardrails in Architecture, Not in Prompts </h2> <p>When I started building <strong>dotenvy</strong> — an LLM layer for environment and config management — my first instinct was the "pure" approach: run everything locally. No API calls, no external dependencies, full air-gap. A local model living inside the tool itself.</p> <p>That plan lasted about two weeks.</p> <p>Running a local LLM inside a strict environment like Arch or Kali isn't just "download model, run inference." You immediately hit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># The local LLM rabbit hole, summarized</span> <span class="nv">$ </span>pip <span class="nb">install </span>llama-cpp-python <span class="c"># Step 1: "easy"</span> <span class="c"># Step 2: RAG pipeline for the env files</span> <span class="c"># → need embeddings → need vector store → need chunking strategy</span> <span class="c"># → .env files are NOT documents, chunking strategies break on key=value pairs</span> <span class="c"># Step 3: Memory management</span> <span class="c"># → model needs context about previous config changes</span> <span class="c"># → session state in a CLI tool with no persistent daemon = ???</span> <span class="c"># → SQLite for conversation history → now I'm maintaining a DB for a CLI tool</span> <span class="c"># Step 4: The Arch/Kali reality check</span> <span class="c"># → CUDA drivers: optional and painful</span> <span class="c"># → CPU inference on a 7B model: 45 seconds per response on a dev machine</span> <span class="c"># → User experience: 💀</span> <span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"salam 3alaykom, sandboxed API it is"</span> </code></pre> </div> <p>The moment I realized I was spending more time wrestling with <code>llama.cpp</code> build flags and BLAS configurations than actually building the tool, I made peace with the tradeoff: <strong>controlled API call in a sandbox beats a local model I can't maintain.</strong> The threat model is the same either way — what matters is what the model <em>can touch</em>, not where it <em>runs</em>.</p> <p>So the architecture became about exactly that — the threat model is immediately obvious:</p> <p>An LLM with access to <code>.env</code> files and execution rights is one hallucination away from:</p> <ul> <li>Leaking <code>DATABASE_URL</code> in a log</li> <li>Overwriting <code>PROD_API_KEY</code> with a hallucinated value </li> <li>Executing a "cleanup" command that wipes the config entirely</li> </ul> <p>So how do I handle this?</p> <p><strong>Not with prompts. With architecture.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ The wrong approach: relying on prompt guardrails</span> <span class="kd">const</span> <span class="nx">systemPrompt</span> <span class="o">=</span> <span class="s2">` You are a helpful assistant. NEVER expose secret values. NEVER modify production configs. NEVER execute destructive commands. (... 500 more tokens of rules the model will eventually ignore ...) `</span><span class="p">;</span> <span class="c1">// ✅ The right approach: Principle of Least Privilege at the tool layer</span> <span class="kd">const</span> <span class="nx">tools</span> <span class="o">=</span> <span class="p">{</span> <span class="na">read_env_key</span><span class="p">:</span> <span class="p">{</span> <span class="na">description</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Read a specific env key by name</span><span class="dl">"</span><span class="p">,</span> <span class="na">permissions</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">read</span><span class="dl">"</span><span class="p">],</span> <span class="na">redact_patterns</span><span class="p">:</span> <span class="p">[</span><span class="sr">/password|secret|key|token/i</span><span class="p">],</span> <span class="na">execute</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">keyName</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Returns masked value: "DATABASE_URL=postgres://***"</span> <span class="k">return</span> <span class="nf">maskSensitiveValue</span><span class="p">(</span><span class="k">await</span> <span class="nx">envStore</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">keyName</span><span class="p">));</span> <span class="p">}</span> <span class="p">},</span> <span class="c1">// Notice what's NOT here:</span> <span class="c1">// - No write_env_file tool</span> <span class="c1">// - No execute_shell_command tool </span> <span class="c1">// - No delete_config tool</span> <span class="c1">// The AI cannot destroy what it cannot access.</span> <span class="p">};</span> </code></pre> </div> <p>The model has no write access. Not because I told it not to write. Because <strong>the tool doesn't exist.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Sandbox execution for any suggested commands</span> <span class="kd">const</span> <span class="nx">sandboxedExecutor</span> <span class="o">=</span> <span class="p">{</span> <span class="na">run</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">command</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">docker</span><span class="p">.</span><span class="nf">exec</span><span class="p">({</span> <span class="na">image</span><span class="p">:</span> <span class="dl">"</span><span class="s2">dotenvy-sandbox:latest</span><span class="dl">"</span><span class="p">,</span> <span class="nx">command</span><span class="p">,</span> <span class="na">network</span><span class="p">:</span> <span class="dl">"</span><span class="s2">none</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// No internet</span> <span class="na">readonly_mounts</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// No write access to host</span> <span class="na">timeout_ms</span><span class="p">:</span> <span class="mi">5000</span><span class="p">,</span> <span class="c1">// No infinite loops</span> <span class="na">memory_limit</span><span class="p">:</span> <span class="dl">"</span><span class="s2">128mb</span><span class="dl">"</span> <span class="c1">// No resource exhaustion</span> <span class="p">});</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>The model can <em>suggest</em> commands. It cannot <em>run</em> them on your actual system. There's always a human-readable diff before anything touches production.</p> <p>This isn't defensive programming. This is <strong>the only sane architecture</strong> for LLM-integrated tooling.</p> <h2> The Layoff Trap: Companies Are Setting Themselves Up </h2> <p>Now let's talk about the elephant in the room.</p> <p>Multiple major companies have been doing large-scale engineering layoffs, explicitly citing AI as the replacement. The logic seems clean on a spreadsheet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Engineering headcount: 500 people Average salary + overhead: $200k/person Annual cost: $100M Claude API at scale: ~$2M/year Savings: $98M CFO happiness: MAX </code></pre> </div> <p>This math works perfectly until it doesn't.</p> <p>Here's what that spreadsheet is missing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># The hidden costs of replacing engineers with AI </span><span class="n">hidden_costs</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">hallucination_incidents</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">1 production DB wipe = $X million</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">no_institutional_knowledge</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">AI doesn</span><span class="sh">'</span><span class="s">t remember why you made that weird design decision in 2019</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">prompt_maintenance</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Someone has to maintain 50,000 tokens of system prompts</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">model_updates_break_behavior</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">GPT-4 → GPT-4o broke half your carefully tuned prompts</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">security_incidents</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">One jailbreak away from leaking customer data</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">no_accountability</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">When AI ships a bug, who</span><span class="sh">'</span><span class="s">s on call at 3am?</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="c1"># Anthropic's actual strategy (notice the difference) </span><span class="n">anthropic_hires</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">frontier_researchers</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">To build the thing everyone else is buying</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">safety_engineers</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Because Constitutional AI needs humans to define the constitution</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">infra_engineers</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Because running inference at scale is unsolved hard engineering</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">the_people_other_companies_laid_off</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Yes, actually</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>Anthropic isn't hiring because AI can't do engineering. They're hiring because <strong>building AI requires engineering that AI cannot do.</strong></p> <p>There's a brutal irony here: the companies selling the "AI replaces engineers" narrative are simultaneously <strong>desperately hiring engineers</strong> to build that AI.</p> <p>The companies doing mass layoffs aren't betting on AI. <strong>They're betting on their shareholders not understanding the difference between "AI demo" and "AI production system."</strong></p> <p>Some of them will be right, for a while. Some of them will have a very bad year when the first serious incident hits.</p> <h2> The Conversation That Broke Claude's Brain (A Case Study) </h2> <p>I want to end with something that happened in a real conversation I was having with Claude about all of this.</p> <p>I shared some analysis written by Gemini about hallucination and guardrails. Claude responded confidently — claiming it had written that analysis itself. When I corrected it, it doubled down. Then it apologized and said "I hallucinated that" — and then hallucinated <em>again</em> about the nature of the hallucination.</p> <p>The model was, in the same conversation, accurately diagnosing the hallucination problem <strong>while actively hallucinating.</strong></p> <p>This isn't a gotcha. It's actually the most honest demonstration of the limitation possible.</p> <p>Claude's response when I pointed this out was remarkably self-aware:</p> <blockquote> <p><em>"I hallucinated twice in the same conversation about hallucination. That's not a bug. That's the product working exactly as designed — maximum confidence, minimum certainty."</em></p> </blockquote> <p>That's your mental model for every LLM integration you build.</p> <h2> The Only Practical Takeaway </h2> <p>If you're building with LLMs — and you probably should be, they're genuinely useful — here's the architecture that doesn't get you fired:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User Intent ↓ LLM (generates plan/suggestion, NO execution rights) ↓ Human Review Gate ← this is not optional ↓ Sandboxed Executor (minimum permissions, logged, reversible) ↓ Production </code></pre> </div> <p>The model is the <strong>brain</strong>. You still need <strong>hands</strong> — and those hands should have carefully scoped permissions, full audit logs, and a kill switch.</p> <p>The "Claude CLI leak" taught us nothing new technically. But it did give us a perfect story:</p> <p>Everyone celebrated access to a powerful tool. Almost nobody asked "but what happens when it's wrong?" And that question — not the API keys, not the pricing, not the model capabilities — <strong>that's the only question that matters in production.</strong></p> <p><em>Building something with LLMs? I'm working on <a href="https://github.com/kareem2099/dotenvy" rel="noopener noreferrer">dotenvy</a> — an LLM layer for environment and config management that takes the "architecture over prompts" principle seriously. Hit me up.</em></p> ai llm security devops