Add automated session ID capture via browser cookies and login #307
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Use requests.Session for connection/cookie reuse across all API calls
- Update User-Agent to modern Instagram Android string (was broken "iphone_ua" literal)
- Add standard headers (X-IG-App-ID, X-IG-Device-ID, X-IG-Connection-Type)
- Add delay between sequential API requests to avoid rate limiting
- Pass session ID to advanced_lookup() (was unauthenticated)
- Fix searchType default parameter bug ("username" or "id" → "username")
- Add retry with exponential backoff on 429 responses
- Fix bare except clause, add 401 handling, catch KeyError/TypeError
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…r support Increase MAX_RETRIES to 5, fix exponential backoff formula to use RETRY_BASE_DELAY * 2^attempt (~2-32s), add random jitter to avoid synchronized retries, and respect Retry-After header from Instagram. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use deterministic device ID (uuid5) derived from session ID to prevent IP/device mismatch blocks
- Eliminate redundant users/{id}/info API call by reusing web_profile_info data (3→2 calls)
- Increase pre-request delay for advanced_lookup to 3-5s with jitter to reduce rate limiting
- Add session validation with clear error message for blocked sessions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix control flow in getInfo(): ID lookup block was incorrectly unindented - Fix misleading "Rate limit" error on JSON parse/key errors in getUserId() - Add null-safe .get() access for all output fields in main() - Add 401/403/429 handling in advanced_lookup() - Remove unused session parameter from _request_with_retry() - Fix always-truthy str() wrapping on phone number falsy checks - Fix unsafe nested key access for profile picture URL Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
-s/--sessionidoptional by adding--browserand--loginflags for automatic session acquisition--browserextracts Instagramsessionidcookie from Chrome/Firefox viabrowser_cookie3--loginprovides interactive username/password login with AES-GCM+RSA encrypted password and 2FA support~/.toutatis/sessionand reused automatically on subsequent runsextras_requirein setup.py for optionalbrowser_cookie3andpycryptodomedependenciesTest plan
toutatis --helpshows new--browserand--loginflagstoutatis -u test --loginprompts for credentialstoutatis -u test --browser chromeattempts cookie extraction-s, subsequenttoutatis -u testworks without-s(uses cached session)