cmd/faucet: use Twitter API instead of scraping webpage (#21850)

This PR adds support for using Twitter API to query the tweet and author details. There are two reasons behind this change: - Twitter will be deprecating the legacy website on 15th December. The current method is expected to stop working then. - More importantly, the current system uses Twitter handle for spam protection but the Twitter handle can be changed via automated calls. This allows bots to use the same tweet to withdraw funds infinite times as long as they keep changing their handle between every request. The Rinkeby as well as the Goerli faucet are being actively drained via this method. This PR changes the spam protection to be based on Twitter IDs instead of usernames. A user can not change their Twitter ID.
2020-12-11 15:05:39 +05:30
parent 62dc59c2bd
commit b47f4ca5cf
3 changed files with 110 additions and 13 deletions
--- a/cmd/puppeth/wizard_faucet.go
+++ b/cmd/puppeth/wizard_faucet.go
@ -102,6 +102,29 @@ func (w *wizard) deployFaucet() {
 			infos.captchaSecret = w.readPassword()
 		}
 	}
+
+	// Accessing the twitter api requires a bearer token, request it
+	if infos.twitterToken != "" {
+		fmt.Println()
+		fmt.Println("Reuse previous twitter API Bearer token (y/n)? (default = yes)")
+		if !w.readDefaultYesNo(true) {
+			infos.twitterToken = ""
+		}
+	}
+	if infos.twitterToken == "" {
+		// No previous twitter token (or old one discarded)
+		fmt.Println()
+		fmt.Println("Enable twitter API (y/n)? (default = no)")
+		if !w.readDefaultYesNo(false) {
+			log.Warn("The faucet will fallback to using direct calls")
+		} else {
+			// Twitter api explicitly requested, read the bearer token
+			fmt.Println()
+			fmt.Printf("What is the twitter API Bearer token?\n")
+			infos.twitterToken = w.readString()
+		}
+	}
+
 	// Figure out where the user wants to store the persistent data
 	fmt.Println()
 	if infos.node.datadir == "" {