built the gitlogs admin panel with htm esm cdn, zero build step. 5 lines and jsx is basically there via tagged templates. why was i ever running webpack for internal tools lmao

tweet-per-commit was kinda spammy ngl. gitlogs batches commits into daily or weekly digests now so u stop nuking ppl's feeds every push

gitlogs now reads the actual diff to write changelogs instead of trusting my commit messages. which is good cuz half of mine just say "fix stuff" lol

GitLogs: gitlogs.aayushman.dev Repo: github.com/aayushman-singh/g… Key files: pkceHelper.js, oauthHandler.js, server.js (lines 691-803), twitterClient.js Article: medium.com/@aayushman2702/ho…

How to Connect Users’ X (Twitter) Accounts Using OAuth 2.0  PKCE Because the X API docs are unusable I've made a comprehensive tutorial for beginners complete with code snippets and live working examples. By the end, you’ll understand OAuth conceptually and have working Node.js code. Note: This is account linking, not primary login. Your app needs its own auth first. I used github What We're Building A flow where users click "Connect X Account," authorize your app, and you can tweet for them. Prerequisites 1. X Developer Account with app created 2. Client ID (and optionally Client Secret) 3. Registered callback URL (e.g., http://localhost:3000/auth/x/callback) The Problem You can't ask for passwords. That's insecure, fragile, and against X's rules. The Solution: OAuth OAuth = hotel key card. X gives you a card that only opens specific doors (permissions), can be deactivated anytime, and you never get the master key. The Flow 1. User clicks "Connect with X" 2. Your app redirects to X's login 3. User approves: "App wants to read/post tweets" 4. X redirects back with a temporary code 5. You exchange code for access token 6. Store token, use for API calls Why PKCE? The vulnerability: What if someone intercepts that code in step 4? PKCE prevents this: Before redirecting: 1. Generate random code_verifier (stays on your server) 2. Send hashed version (code_challenge) to X 3. When exchanging code: Send original code_verifier 4. X verifies the hash matches Even if attackers steal the code, they can't use it without the verifier that never left your server. The Code File 1: pkceHelper.js -generateCodeVerifier() - Creates a 128-character random string (96 bytes → base64url) -generateCodeChallenge() - SHA-256 hashes the verifier into a "fingerprint" -generatePKCEPair() - Returns both at once for convenience File 2: oauthHandler.js -Constructor - Stores your Client ID, Secret, callback URL, and default scopes (tweet[dot]read, tweet[dot]write, users[dot]read, offline[dot]access) -generateAuthUrl(state) - Builds the X authorization URL with PKCE challenge. Returns the URL to redirect to the verifier you must store server-side -exchangeCodeForTokens(code, verifier) - Trades the authorization code verifier for access/refresh tokens. -Handles Basic Auth if you have a Client Secret -refreshAccessToken(refreshToken) - Gets a new access token when the old one expires (~2 hours). Critical for production File 3: server.js -Setup: 1. Express session middleware (critical for linking OAuth to users) 2. In-memory PKCE store (use Redis/database in production) 3. OAuth handler initialization -Route 1: /auth/x (Start OAuth) -Route 2: /auth/x/callback (Handle X's redirect) The Critical Part: Session Linking The trap: You get tokens back, but which user do they belong to? The solution: 1. Store user ID with the PKCE verifier when starting OAuth 2. Verify session matches in the callback 3. Save tokens associated with that user ID The state parameter prevents CSRF. Your session cookie tells you which user is completing the flow. Token Refresh Access tokens expire in ~2 hours. 1. Handle this proactively, check before each req 2. Reactively on 401s Real Implementation (Links in replies) See this in action: GitLogs Full article on medium with all kinds of bells and whistles like code snippets and diagrams 👇

update: - added new auth util file. - standardized github login url method. - display 'get started' only if unauth. gitlogs 🔗 github.com/aayushman-singh/g… please star the repo ^^ if you like it!

update: - updated social media img url, added new opengraph img. - set opengraph img alt text, locale, and ms tile color. gitlogs 🔗 github.com/aayushman-singh/g… please star the repo ^^ if you like it!

If I see any of u mfs logging shit on my TL without using gitlogs i will find you and ask you so you better be ready

Meet GitLogs! (v1) 🚀🚀 Stop writing posts about your code. Let your code write them for you. GitLogs auto-posts to X every time you push to GitHub. Perfect for builders who want visibility without distraction. Set it. Forget it. Keep shipping. 🔗 Links in replies

Gm guys Launching Gitlogs today in a few hours, I'm pretty hyped cuz it should be useful to everyone Gonna finish up the template customisation so everyones logs don't look the same lmao

update: - added user customisation ui component. - updated frontend, api & backend services for customisation data. gitlogs 🔗 github.com/aayushman-singh/g… please star the repo ^^ if you like it!

🚀 update: - removed firebase impl. - improved redir handling via vercel config. 📦 gitlogs 👤 aayushman-singh 🔗 github.com/aayushman-singh/g… #coding #github #dev

Gm chat My sleep schedule as usual has fallen apart on the weekend, eh I'll bring it back I think things get less reach on Sunday, if that's true i might move gitlogs public access to some other day Lmk 🙏

🚀 update: - refined test for better log parsing. - updated test data for current log formats. 📦 gitlogs 👤 aayushman-singh 🔗 github.com/aayushman-singh/g… #coding #github #dev

Gitlogs is so close to done bruh just some minor quality of life changes to go. Completely revamped the infra to support general users and automate everything but user experience is always worth the investment Lets hope it's done by tomorrow

🚀 today's log : - Launched `gitlogs` React SPA frontend. Hooked up multi-user auth via GitHub OAuth, integrating user mgmt with backend APIs. 📦 gitlogs 👤 aayushman-singh 🔗 github.com/aayushman-singh/g… #coding #github #dev

Gm chat FriYay 🔥 Gonna see if I can oneshot work by 12 and if i don't get lazy I'll try releasing gitlogs, almost done

First tweet successful from my bot, lfg Calling it gitlogs for now, gonna make it publicly available soon. It's gonna be indistinguishable from the tech slop you usually see.

🚀 today's log : - Spun up OTP-style processes for event handling. - Using a GenServer for state, enabling robust fault tolerance. 📦 gitlogs 👤 aayushman-singh 🔗 github.com/aayushman-singh/g… #coding #github #dev

EP – 11: Git Remove and Move files CC: @bevyinsight #git #github #gitbash #stash #gitlab #coding #bevyinsight #bevyinsight_edu #vcs #softwaredeveloper #githubuniverse #programmer #webdevelopment #learning #gitcheatsheet #gitops #gitlab #gitrepository #gitproject #gitlogs