marqetive-lib 0.1.7__py3-none-any.whl → 0.1.9__py3-none-any.whl

marqetive/core/client.py

@@ -5,6 +5,11 @@ from typing import Any
 import httpx
 from pydantic import BaseModel
 
+# Default connection pool limits for optimal performance
+DEFAULT_MAX_CONNECTIONS = 100
+DEFAULT_MAX_KEEPALIVE_CONNECTIONS = 20
+DEFAULT_KEEPALIVE_EXPIRY = 30.0
+
 
 class APIResponse(BaseModel):
     """Response model for API calls."""
@@ -24,6 +29,8 @@ class APIClient:
         base_url: The base URL for API requests
         timeout: Request timeout in seconds (default: 30)
         headers: Optional default headers for all requests
+        max_connections: Maximum total connections in pool (default: 100)
+        max_keepalive_connections: Maximum persistent connections (default: 20)
 
     Example:
         >>> client = APIClient(base_url="https://api.example.com")
@@ -36,12 +43,19 @@ class APIClient:
         base_url: str,
         timeout: float = 30.0,
         headers: dict[str, str] | None = None,
+        max_connections: int = DEFAULT_MAX_CONNECTIONS,
+        max_keepalive_connections: int = DEFAULT_MAX_KEEPALIVE_CONNECTIONS,
     ) -> None:
         """Initialize the API client."""
         self.base_url = base_url.rstrip("/")
         self.timeout = timeout
         self.default_headers = headers or {}
         self._client: httpx.AsyncClient | None = None
+        self._limits = httpx.Limits(
+            max_connections=max_connections,
+            max_keepalive_connections=max_keepalive_connections,
+            keepalive_expiry=DEFAULT_KEEPALIVE_EXPIRY,
+        )
 
     async def __aenter__(self) -> "APIClient":
         """Async context manager entry."""
@@ -49,6 +63,7 @@ class APIClient:
             base_url=self.base_url,
             timeout=self.timeout,
             headers=self.default_headers,
+            limits=self._limits,
         )
         return self
 

marqetive/platforms/instagram/client.py

@@ -35,6 +35,7 @@ from marqetive.platforms.instagram.media import (
     InstagramMediaManager,
     MediaItem,
 )
+from marqetive.utils.media import validate_media_url
 
 
 class InstagramClient(SocialMediaPlatform):
@@ -245,7 +246,11 @@ class InstagramClient(SocialMediaPlatform):
         }
 
         if request.media_urls:
-            container_params["image_url"] = request.media_urls[0]
+            # Validate URL to prevent SSRF attacks
+            validated_url = validate_media_url(
+                request.media_urls[0], platform=self.platform_name
+            )
+            container_params["image_url"] = validated_url
 
         if request.content:
             container_params["caption"] = request.content
@@ -533,14 +538,17 @@ class InstagramClient(SocialMediaPlatform):
         if not self.api_client:
             raise RuntimeError("Client must be used as async context manager")
 
+        # Validate URL to prevent SSRF attacks
+        validated_url = validate_media_url(media_url, platform=self.platform_name)
+
         params: dict[str, Any] = {
             "access_token": self.credentials.access_token,
         }
 
         if media_type.lower() == "image":
-            params["image_url"] = media_url
+            params["image_url"] = validated_url
         elif media_type.lower() == "video":
-            params["video_url"] = media_url
+            params["video_url"] = validated_url
             params["media_type"] = "VIDEO"
         else:
             raise ValidationError(
@@ -612,13 +620,15 @@ class InstagramClient(SocialMediaPlatform):
         if not self._media_manager:
             raise RuntimeError("Client must be used as async context manager")
 
-        # Convert to MediaItem objects
+        # Convert to MediaItem objects with URL validation
         media_items = []
         for idx, url in enumerate(media_urls):
+            # Validate each URL to prevent SSRF attacks
+            validated_url = validate_media_url(url, platform=self.platform_name)
             alt_text = None
             if alt_texts and idx < len(alt_texts):
                 alt_text = alt_texts[idx]
-            media_items.append(MediaItem(url=url, type="image", alt_text=alt_text))
+            media_items.append(MediaItem(url=validated_url, type="image", alt_text=alt_text))
 
         # Create containers
         container_ids = await self._media_manager.create_feed_containers(
@@ -667,11 +677,19 @@ class InstagramClient(SocialMediaPlatform):
         if not self._media_manager:
             raise RuntimeError("Client must be used as async context manager")
 
+        # Validate URLs to prevent SSRF attacks
+        validated_video_url = validate_media_url(video_url, platform=self.platform_name)
+        validated_cover_url = None
+        if cover_url:
+            validated_cover_url = validate_media_url(
+                cover_url, platform=self.platform_name
+            )
+
         # Create reel container
         container_id = await self._media_manager.create_reel_container(
-            video_url,
+            validated_video_url,
             caption=caption,
-            cover_url=cover_url,
+            cover_url=validated_cover_url,
             share_to_feed=share_to_feed,
             wait_for_processing=True,
         )
@@ -710,9 +728,12 @@ class InstagramClient(SocialMediaPlatform):
         if not self._media_manager:
             raise RuntimeError("Client must be used as async context manager")
 
+        # Validate URL to prevent SSRF attacks
+        validated_url = validate_media_url(media_url, platform=self.platform_name)
+
         # Create story container
         container_id = await self._media_manager.create_story_container(
-            media_url,
+            validated_url,
             media_type,
             wait_for_processing=(media_type == "video"),
         )

marqetive/platforms/tiktok/client.py

@@ -33,9 +33,9 @@ from marqetive.platforms.tiktok.exceptions import TikTokErrorCode, map_tiktok_er
 from marqetive.platforms.tiktok.media import (
     CreatorInfo,
     MediaUploadResult,
-    PrivacyLevel,
     TikTokMediaManager,
 )
+from marqetive.platforms.tiktok.models import PrivacyLevel
 
 # TikTok API base URL
 TIKTOK_API_BASE = "https://open.tiktokapis.com/v2"
@@ -107,6 +107,7 @@ class TikTokClient(SocialMediaPlatform):
             open_id=self.credentials.additional_data["open_id"],
             timeout=self.timeout,
         )
+        await self._media_manager.__aenter__()
 
     async def _cleanup_managers(self) -> None:
         """Cleanup media manager."""
@@ -213,7 +214,7 @@ class TikTokClient(SocialMediaPlatform):
             await self.query_creator_info()
 
         # 2. Determine privacy level
-        privacy_level = PrivacyLevel.SELF_ONLY  # Default for unaudited apps
+        privacy_level = PrivacyLevel.PRIVATE  # Default for unaudited apps
         requested_privacy = request.additional_data.get("privacy_level")
         if requested_privacy and self._creator_info:
             # Check if requested privacy is available
@@ -230,15 +231,26 @@ class TikTokClient(SocialMediaPlatform):
             wait_for_publish=True,
         )
 
-        if not upload_result.video_id:
-            raise PlatformError(
-                "Video upload succeeded but no video ID returned. "
-                "Video may still be processing.",
-                platform=self.platform_name,
-            )
+        # 4. Return post - either fetch full details or create minimal Post
+        if upload_result.video_id:
+            # Fetch the created post to return full Post object
+            return await self.get_post(upload_result.video_id)
 
-        # 4. Fetch the created post to return full Post object
-        return await self.get_post(upload_result.video_id)
+        # For private/SELF_ONLY posts, TikTok may not return video_id
+        # Return a minimal Post object with publish_id
+        return Post(
+            post_id=upload_result.publish_id,
+            platform=self.platform_name,
+            content=request.content,
+            status=PostStatus.PUBLISHED,
+            created_at=datetime.now(),
+            raw_data={
+                "publish_id": upload_result.publish_id,
+                "upload_status": upload_result.status,
+                "privacy_level": privacy_level.value,
+                "note": "Video published but video_id not returned (common for private posts)",
+            },
+        )
 
     async def get_post(self, post_id: str) -> Post:
         """Retrieve a TikTok video by its ID.
@@ -293,7 +305,7 @@ class TikTokClient(SocialMediaPlatform):
 
     async def update_post(
         self,
-        post_id: str,
+        post_id: str,  # noqa: ARG002
         request: PostUpdateRequest,  # noqa: ARG002
     ) -> Post:
         """Update a TikTok video.
@@ -340,7 +352,7 @@ class TikTokClient(SocialMediaPlatform):
 
     async def create_comment(
         self,
-        post_id: str,
+        post_id: str,  # noqa: ARG002
         content: str,  # noqa: ARG002
     ) -> Comment:
         """Create a comment on a TikTok video.

marqetive/platforms/tiktok/media.py

@@ -11,6 +11,7 @@ Reference: https://developers.tiktok.com/doc/content-posting-api-reference-direc
 
 import asyncio
 import inspect
+import json
 import logging
 import math
 import os
@@ -19,14 +20,17 @@ from dataclasses import dataclass
 from enum import Enum
 from typing import Any, Literal
 
+import aiofiles
 import httpx
 
 from marqetive.core.exceptions import (
     InvalidFileTypeError,
     MediaUploadError,
+    PlatformError,
 )
 from marqetive.core.models import ProgressEvent, ProgressStatus
 from marqetive.platforms.tiktok.exceptions import TikTokErrorCode, map_tiktok_error
+from marqetive.platforms.tiktok.models import PrivacyLevel
 from marqetive.utils.file_handlers import download_file
 from marqetive.utils.media import detect_mime_type, format_file_size
 
@@ -69,14 +73,6 @@ class PublishStatus(str, Enum):
     FAILED = "FAILED"
 
 
-class PrivacyLevel(str, Enum):
-    """Privacy level options for TikTok posts."""
-
-    PUBLIC_TO_EVERYONE = "PUBLIC_TO_EVERYONE"
-    MUTUAL_FOLLOW_FRIENDS = "MUTUAL_FOLLOW_FRIENDS"
-    SELF_ONLY = "SELF_ONLY"  # Private - only for unaudited apps or private posts
-
-
 @dataclass
 class UploadProgress:
     """Progress information for a media upload.
@@ -196,6 +192,27 @@ class TikTokMediaManager:
         await self._client.aclose()
         await self._upload_client.aclose()
 
+    def _parse_json_response(self, response: httpx.Response) -> dict[str, Any]:
+        """Parse JSON from HTTP response with proper error handling.
+
+        Args:
+            response: HTTP response object.
+
+        Returns:
+            Parsed JSON data as dictionary.
+
+        Raises:
+            PlatformError: If response is not valid JSON.
+        """
+        try:
+            return response.json()
+        except json.JSONDecodeError as e:
+            raise PlatformError(
+                f"Invalid JSON response from TikTok API: {e}",
+                platform="tiktok",
+                status_code=response.status_code,
+            ) from e
+
     async def _emit_progress(
         self,
         status: ProgressStatus,
@@ -249,7 +266,7 @@ class TikTokMediaManager:
         url = f"{TIKTOK_API_BASE}/post/publish/creator_info/query/"
 
         response = await self._client.post(url)
-        data = response.json()
+        data = self._parse_json_response(response)
 
         self._check_response_error(response.status_code, data)
 
@@ -272,7 +289,7 @@ class TikTokMediaManager:
         file_path: str,
         *,
         title: str = "",
-        privacy_level: PrivacyLevel = PrivacyLevel.SELF_ONLY,
+        privacy_level: PrivacyLevel = PrivacyLevel.PRIVATE,
         disable_duet: bool = False,
         disable_comment: bool = False,
         disable_stitch: bool = False,
@@ -321,7 +338,7 @@ class TikTokMediaManager:
         }
 
         response = await self._client.post(url, json=payload)
-        data = response.json()
+        data = self._parse_json_response(response)
 
         self._check_response_error(response.status_code, data)
 
@@ -343,7 +360,7 @@ class TikTokMediaManager:
         video_url: str,
         *,
         title: str = "",
-        privacy_level: PrivacyLevel = PrivacyLevel.SELF_ONLY,
+        privacy_level: PrivacyLevel = PrivacyLevel.PRIVATE,
         disable_duet: bool = False,
         disable_comment: bool = False,
         disable_stitch: bool = False,
@@ -386,7 +403,7 @@ class TikTokMediaManager:
         }
 
         response = await self._client.post(url, json=payload)
-        data = response.json()
+        data = self._parse_json_response(response)
 
         self._check_response_error(response.status_code, data)
 
@@ -439,10 +456,10 @@ class TikTokMediaManager:
 
         bytes_uploaded = 0
 
-        with open(file_path, "rb") as f:
+        async with aiofiles.open(file_path, "rb") as f:
             chunk_index = 0
             while True:
-                chunk_data = f.read(chunk_size)
+                chunk_data = await f.read(chunk_size)
                 if not chunk_data:
                     break
 
@@ -507,19 +524,29 @@ class TikTokMediaManager:
         url = f"{TIKTOK_API_BASE}/post/publish/status/fetch/"
 
         response = await self._client.post(url, json={"publish_id": publish_id})
-        data = response.json()
+        data = self._parse_json_response(response)
 
         self._check_response_error(response.status_code, data)
 
         result_data = data.get("data", {})
         status = result_data.get("status", PublishStatus.FAILED)
 
+        logger.debug(f"TikTok publish status response: {data}")
+
         video_id = None
         if status == PublishStatus.PUBLISH_COMPLETE:
-            # Video IDs are in publicaly_available_post_id array
+            # Video IDs are in publicaly_available_post_id array (note TikTok's typo)
+            # For private/SELF_ONLY posts, this may be empty
             video_ids = result_data.get("publicaly_available_post_id", [])
             if video_ids:
                 video_id = str(video_ids[0])
+            else:
+                # Try alternative field names that TikTok might use
+                video_id = result_data.get("video_id") or result_data.get("item_id")
+                logger.warning(
+                    f"No video ID in publicaly_available_post_id, "
+                    f"tried alternatives: video_id={video_id}"
+                )
 
         return MediaUploadResult(
             publish_id=publish_id,
@@ -614,7 +641,7 @@ class TikTokMediaManager:
         file_path: str,
         *,
         title: str = "",
-        privacy_level: PrivacyLevel = PrivacyLevel.SELF_ONLY,
+        privacy_level: PrivacyLevel = PrivacyLevel.PRIVATE,
         chunk_size: int = DEFAULT_CHUNK_SIZE,
         wait_for_publish: bool = True,
     ) -> MediaUploadResult:
@@ -642,47 +669,65 @@ class TikTokMediaManager:
             InvalidFileTypeError: If the file is not a supported video format.
             MediaUploadError: If upload or processing fails.
         """
-        # Handle URL downloads
-        if file_path.startswith(("http://", "https://")):
-            logger.info(f"Downloading media from URL: {file_path}")
-            file_path = await download_file(file_path)
-
-        if not os.path.exists(file_path):
-            raise FileNotFoundError(f"Media file not found: {file_path}")
-
-        # Validate file
-        mime_type = detect_mime_type(file_path)
-        file_size = os.path.getsize(file_path)
-        self._validate_media(mime_type, file_size)
-
-        # Initialize upload
-        init_result = await self.init_video_upload(
-            file_path,
-            title=title,
-            privacy_level=privacy_level,
-            chunk_size=chunk_size,
-        )
+        # Track if we downloaded a temp file that needs cleanup
+        temp_file_path: str | None = None
+
+        try:
+            # Handle URL downloads
+            if file_path.startswith(("http://", "https://")):
+                logger.info(f"Downloading media from URL: {file_path}")
+                file_path = await download_file(file_path)
+                temp_file_path = file_path  # Mark for cleanup
+
+            if not os.path.exists(file_path):
+                raise FileNotFoundError(f"Media file not found: {file_path}")
+
+            # Validate file
+            mime_type = detect_mime_type(file_path)
+            file_size = os.path.getsize(file_path)
+            self._validate_media(mime_type, file_size)
+
+            # Initialize upload
+            init_result = await self.init_video_upload(
+                file_path,
+                title=title,
+                privacy_level=privacy_level,
+                chunk_size=chunk_size,
+            )
 
-        # Upload chunks
-        await self.upload_video_chunks(
-            init_result.upload_url,
-            file_path,
-            init_result.publish_id,
-            chunk_size=chunk_size,
-        )
+            # Upload chunks
+            await self.upload_video_chunks(
+                init_result.upload_url,
+                file_path,
+                init_result.publish_id,
+                chunk_size=chunk_size,
+            )
 
-        # Wait for publish
-        if wait_for_publish:
-            return await self.wait_for_publish(init_result.publish_id, file_path)
+            # Wait for publish
+            if wait_for_publish:
+                return await self.wait_for_publish(init_result.publish_id, file_path)
 
-        return MediaUploadResult(
-            publish_id=init_result.publish_id,
-            status=PublishStatus.PROCESSING_UPLOAD,
-        )
+            return MediaUploadResult(
+                publish_id=init_result.publish_id,
+                status=PublishStatus.PROCESSING_UPLOAD,
+            )
+        finally:
+            # Clean up downloaded temp file
+            if temp_file_path and os.path.exists(temp_file_path):
+                try:
+                    os.remove(temp_file_path)
+                    logger.debug(f"Cleaned up temp file: {temp_file_path}")
+                except OSError as e:
+                    logger.warning(f"Failed to clean up temp file {temp_file_path}: {e}")
 
     def _normalize_chunk_size(self, chunk_size: int, file_size: int) -> int:
         """Normalize chunk size to TikTok's requirements.
 
+        TikTok chunk requirements:
+        - Minimum chunk size: 5MB (except for files smaller than 5MB)
+        - Maximum chunk size: 64MB (final chunk can be up to 128MB)
+        - All non-final chunks must be at least MIN_CHUNK_SIZE
+
         Args:
             chunk_size: Requested chunk size.
             file_size: Total file size.
@@ -690,13 +735,27 @@ class TikTokMediaManager:
         Returns:
             Normalized chunk size within TikTok limits.
         """
-        # Files smaller than MIN_CHUNK_SIZE must be uploaded as single chunk
-        if file_size < MIN_CHUNK_SIZE:
+        # Files smaller than MAX_CHUNK_SIZE (64MB) should be uploaded as single chunk
+        # This avoids issues with the final chunk being smaller than MIN_CHUNK_SIZE
+        if file_size <= MAX_CHUNK_SIZE:
             return file_size
 
-        # Ensure within limits
+        # For larger files, ensure chunk size is within limits
         chunk_size = max(MIN_CHUNK_SIZE, min(chunk_size, MAX_CHUNK_SIZE))
 
+        # Ensure the last chunk won't be smaller than MIN_CHUNK_SIZE
+        # If it would be, increase chunk size to make fewer, larger chunks
+        total_chunks = math.ceil(file_size / chunk_size)
+        last_chunk_size = file_size - (chunk_size * (total_chunks - 1))
+
+        if last_chunk_size < MIN_CHUNK_SIZE and total_chunks > 1:
+            # Recalculate to have fewer chunks with larger size
+            # Use ceiling division to ensure last chunk is large enough
+            total_chunks = math.ceil(file_size / MAX_CHUNK_SIZE)
+            chunk_size = math.ceil(file_size / total_chunks)
+            # Ensure still within limits
+            chunk_size = max(MIN_CHUNK_SIZE, min(chunk_size, MAX_CHUNK_SIZE))
+
         return chunk_size
 
     def _validate_media(self, mime_type: str, file_size: int) -> None:

marqetive/platforms/tiktok/models.py

@@ -24,7 +24,10 @@ class PrivacyLevel(StrEnum):
 
 
 class TikTokPostRequest(BaseModel):
-    """TikTok-specific post creation request.
+    """TikTok-specific post creation request with full API options.
+
+    This model provides a type-safe way to configure TikTok-specific post settings.
+    It can be converted to the universal PostCreateRequest for use with TikTokClient.
 
     TikTok only supports video posts. Videos must be between 3 seconds
     and 10 minutes, and under 4GB in size.
@@ -43,30 +46,24 @@ class TikTokPostRequest(BaseModel):
         schedule_time: Unix timestamp to schedule post (10 mins to 10 days ahead)
 
     Example:
-        >>> # Public video post
-        >>> request = TikTokPostRequest(
+        >>> from marqetive.core.models import PostCreateRequest
+        >>>
+        >>> # Create TikTok-specific request
+        >>> tiktok_request = TikTokPostRequest(
         ...     title="Check out this dance!",
         ...     video_url="https://example.com/dance.mp4",
-        ...     privacy_level=PrivacyLevel.PUBLIC
-        ... )
-
-        >>> # Private video with features disabled
-        >>> request = TikTokPostRequest(
-        ...     title="Personal video",
-        ...     video_url="https://example.com/video.mp4",
-        ...     privacy_level=PrivacyLevel.PRIVATE,
-        ...     disable_comment=True,
+        ...     privacy_level=PrivacyLevel.PUBLIC,
         ...     disable_duet=True,
-        ...     disable_stitch=True
         ... )
-
-        >>> # Branded content
-        >>> request = TikTokPostRequest(
-        ...     title="Sponsored review",
-        ...     video_url="https://example.com/review.mp4",
-        ...     privacy_level=PrivacyLevel.PUBLIC,
-        ...     brand_content_toggle=True
+        >>>
+        >>> # Convert to universal PostCreateRequest for client
+        >>> request = PostCreateRequest(
+        ...     content=tiktok_request.title,
+        ...     media_urls=[tiktok_request.video_url] if tiktok_request.video_url else [],
+        ...     additional_data=tiktok_request.model_dump(exclude_none=True),
         ... )
+        >>> async with TikTokClient(credentials) as client:
+        ...     post = await client.create_post(request)
     """
 
     title: str | None = None

marqetive/platforms/twitter/media.py

@@ -17,6 +17,7 @@ from dataclasses import dataclass
 from enum import Enum
 from typing import Any, Literal
 
+import aiofiles
 import httpx
 
 from marqetive.core.exceptions import (
@@ -337,9 +338,9 @@ class TwitterMediaManager:
 
         @retry_async(config=STANDARD_BACKOFF)
         async def _do_upload() -> MediaUploadResult:
-            # Read file
-            with open(file_path, "rb") as f:
-                file_data = f.read()
+            # Read file asynchronously
+            async with aiofiles.open(file_path, "rb") as f:
+                file_data = await f.read()
 
             # Prepare form data
             files = {"media": (os.path.basename(file_path), file_data)}
@@ -465,9 +466,9 @@ class TwitterMediaManager:
         bytes_uploaded = 0
         segment_index = 0
 
-        with open(file_path, "rb") as f:
+        async with aiofiles.open(file_path, "rb") as f:
             while True:
-                chunk_data = f.read(chunk_size)
+                chunk_data = await f.read(chunk_size)
                 if not chunk_data:
                     break
 

marqetive/utils/media.py

@@ -5,14 +5,19 @@ This module provides utilities for working with media files including:
 - File validation (size, type, format)
 - File chunking for large uploads
 - File hashing for integrity verification
+- URL validation for media URLs
 """
 
 import hashlib
+import ipaddress
 import mimetypes
 import os
 from collections.abc import AsyncGenerator
 from pathlib import Path
 from typing import Literal
+from urllib.parse import urlparse
+
+from marqetive.core.exceptions import ValidationError
 
 # Initialize mimetypes database
 mimetypes.init()
@@ -397,3 +402,84 @@ def get_chunk_count(file_path: str, chunk_size: int) -> int:
 
     file_size = os.path.getsize(file_path)
     return (file_size + chunk_size - 1) // chunk_size  # Ceiling division
+
+
+def validate_media_url(
+    url: str,
+    *,
+    allowed_schemes: list[str] | None = None,
+    block_private_ips: bool = True,
+    platform: str = "unknown",
+) -> str:
+    """Validate a media URL for security.
+
+    Validates that the URL uses an allowed scheme (default: http/https) and
+    optionally blocks private/internal IP addresses to prevent SSRF attacks.
+
+    Args:
+        url: The URL to validate.
+        allowed_schemes: List of allowed URL schemes (default: ['http', 'https']).
+        block_private_ips: If True, block private/loopback IP addresses.
+        platform: Platform name for error messages.
+
+    Returns:
+        The validated URL (unchanged if valid).
+
+    Raises:
+        ValidationError: If the URL is invalid or uses a disallowed scheme/IP.
+
+    Example:
+        >>> url = validate_media_url("https://example.com/image.jpg")
+        >>> url = validate_media_url("https://cdn.example.com/video.mp4", platform="instagram")
+    """
+    if allowed_schemes is None:
+        allowed_schemes = ["http", "https"]
+
+    try:
+        parsed = urlparse(url)
+    except Exception as e:
+        raise ValidationError(
+            f"Invalid URL format: {e}",
+            platform=platform,
+            field="media_url",
+        ) from e
+
+    # Validate scheme
+    if not parsed.scheme:
+        raise ValidationError(
+            "URL must include a scheme (e.g., https://)",
+            platform=platform,
+            field="media_url",
+        )
+
+    if parsed.scheme.lower() not in allowed_schemes:
+        raise ValidationError(
+            f"URL scheme '{parsed.scheme}' not allowed. "
+            f"Allowed schemes: {', '.join(allowed_schemes)}",
+            platform=platform,
+            field="media_url",
+        )
+
+    # Validate hostname exists
+    if not parsed.hostname:
+        raise ValidationError(
+            "URL must include a hostname",
+            platform=platform,
+            field="media_url",
+        )
+
+    # Block private/internal IPs if requested
+    if block_private_ips:
+        try:
+            ip = ipaddress.ip_address(parsed.hostname)
+            if ip.is_private or ip.is_loopback or ip.is_reserved or ip.is_link_local:
+                raise ValidationError(
+                    "Private, loopback, and reserved IP addresses are not allowed",
+                    platform=platform,
+                    field="media_url",
+                )
+        except ValueError:
+            # Not an IP address, it's a hostname - that's fine
+            pass
+
+    return url

marqetive/utils/oauth.py

@@ -5,6 +5,7 @@ different social media platforms.
 """
 
 import logging
+import re
 from datetime import datetime, timedelta
 from typing import Any
 
@@ -15,6 +16,32 @@ from marqetive.core.models import AuthCredentials
 
 logger = logging.getLogger(__name__)
 
+# Patterns for sensitive data that should be redacted from logs
+_SENSITIVE_PATTERNS = [
+    re.compile(r'"access_token"\s*:\s*"[^"]*"', re.IGNORECASE),
+    re.compile(r'"refresh_token"\s*:\s*"[^"]*"', re.IGNORECASE),
+    re.compile(r'"client_secret"\s*:\s*"[^"]*"', re.IGNORECASE),
+    re.compile(r'"api_key"\s*:\s*"[^"]*"', re.IGNORECASE),
+    re.compile(r'"token"\s*:\s*"[^"]*"', re.IGNORECASE),
+    re.compile(r"access_token=[^&\s]+", re.IGNORECASE),
+    re.compile(r"refresh_token=[^&\s]+", re.IGNORECASE),
+]
+
+
+def _sanitize_response_text(text: str) -> str:
+    """Sanitize response text to remove sensitive credentials.
+
+    Args:
+        text: Raw response text that may contain credentials.
+
+    Returns:
+        Sanitized text with sensitive values redacted.
+    """
+    result = text
+    for pattern in _SENSITIVE_PATTERNS:
+        result = pattern.sub("[REDACTED]", result)
+    return result
+
 
 async def refresh_oauth2_token(
     refresh_token: str,
@@ -73,7 +100,7 @@ async def refresh_oauth2_token(
     except httpx.HTTPStatusError as e:
         logger.error(f"HTTP error refreshing token: {e.response.status_code}")
         raise PlatformAuthError(
-            f"Failed to refresh token: {e.response.text}",
+            f"Failed to refresh token: {_sanitize_response_text(e.response.text)}",
             platform="oauth2",
             status_code=e.response.status_code,
         ) from e
@@ -252,7 +279,7 @@ async def refresh_instagram_token(
     except httpx.HTTPStatusError as e:
         logger.error(f"HTTP error refreshing Instagram token: {e.response.status_code}")
         raise PlatformAuthError(
-            f"Failed to refresh Instagram token: {e.response.text}",
+            f"Failed to refresh Instagram token: {_sanitize_response_text(e.response.text)}",
             platform="instagram",
             status_code=e.response.status_code,
         ) from e
@@ -312,7 +339,7 @@ async def refresh_tiktok_token(
     except httpx.HTTPStatusError as e:
         logger.error(f"HTTP error refreshing tiktok token: {e.response.status_code}")
         raise PlatformAuthError(
-            f"Failed to refresh token: {e.response.text}",
+            f"Failed to refresh token: {_sanitize_response_text(e.response.text)}",
             platform="tiktok",
             status_code=e.response.status_code,
         ) from e
@@ -387,7 +414,7 @@ async def fetch_tiktok_token(
     except httpx.HTTPStatusError as e:
         logger.error(f"HTTP error fetching tiktok token: {e.response.status_code}")
         raise PlatformAuthError(
-            f"Failed to fetch token: {e.response.text}",
+            f"Failed to fetch token: {_sanitize_response_text(e.response.text)}",
             platform="tiktok",
             status_code=e.response.status_code,
         ) from e

{marqetive_lib-0.1.7.dist-info → marqetive_lib-0.1.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: marqetive-lib
-Version: 0.1.7
+Version: 0.1.9
 Summary: Modern Python utilities for web APIs
 Keywords: api,utilities,web,http,marqetive
 Requires-Python: >=3.12

{marqetive_lib-0.1.7.dist-info → marqetive_lib-0.1.9.dist-info}/RECORD

@@ -1,13 +1,13 @@
 marqetive/__init__.py,sha256=pW77CUnzOQ0X1pb-GTcRgrrvsSaJBdVhGZLnvCD_4q4,3032
 marqetive/core/__init__.py,sha256=0_0vzxJ619YIJkz1yzSvhnGDJRkrErs_QSg2q3Bloss,1172
 marqetive/core/base.py,sha256=J5iYXpa2C371zVLNMx3eFnC0fdLWqTrjbVcqJQdGyrU,16147
-marqetive/core/client.py,sha256=2_FoNpqaRglsWg10i5RTbyDg_kRQKhgWjYs6iDdFxLg,3210
+marqetive/core/client.py,sha256=eCtvL100dkxYQHC_TJzHbs3dGjgsa_me9VTHo-CUN2M,3900
 marqetive/core/exceptions.py,sha256=Xyj0bzNiZm5VTErmzXgVW8T6IQnOpF92-HJiKPKjIio,7076
 marqetive/core/models.py,sha256=L2gA4FhW0feAXQFsz2ce1ttd0vScMRhatoTclhDGCU0,14727
 marqetive/factory.py,sha256=irZ5oN8a__kXZH70UN2uI7TzqTXu66d4QZ1FoxSoiK8,14092
 marqetive/platforms/__init__.py,sha256=RBxlQSGyELsulSnwf5uaE1ohxFc7jC61OO9CrKaZp48,1312
 marqetive/platforms/instagram/__init__.py,sha256=c1Gs0ozG6D7Z-Uz_UQ7S3joL0qUTT9eUZPWcePyESk8,229
-marqetive/platforms/instagram/client.py,sha256=C5T9v1Aina8F3_Dk3d_I_RiVt7VvxTwwqdYeizDr0iQ,25187
+marqetive/platforms/instagram/client.py,sha256=vOx5HpgrxanBIFFC9VgmCNguH-njRGChnyp6Rr1r1Xc,26191
 marqetive/platforms/instagram/exceptions.py,sha256=TcD_pX4eSx_k4yW8DgfA6SGPiAz3VW7cMqM8DmiXIhg,8978
 marqetive/platforms/instagram/media.py,sha256=0ZbUbpwJ025_hccL9X8qced_-LJGoL_-NdS84Op97VE,23228
 marqetive/platforms/instagram/models.py,sha256=20v3m1037y3b_WlsKF8zAOgV23nFu63tfmmUN1CefOI,2769
@@ -17,23 +17,23 @@ marqetive/platforms/linkedin/exceptions.py,sha256=i5fARUkZik46bS3htZBwUInVzetsZx
 marqetive/platforms/linkedin/media.py,sha256=iWXUfqDYGsrTqeM6CGZ7a8xjpbdJ5qESolQL8Fv2PIg,20341
 marqetive/platforms/linkedin/models.py,sha256=n7DqwVxYSbGYBmeEJ1woCZ6XhUIHcLx8Gpm8uCBACzI,12620
 marqetive/platforms/tiktok/__init__.py,sha256=BqjkXTZDyBlcY3lvREy13yP9h3RcDga8E6Rl6f5KPp8,238
-marqetive/platforms/tiktok/client.py,sha256=i_nyhVywh4feFu5vv4LrMQOkoLsxfxgpH6aKa9JjdOc,17060
+marqetive/platforms/tiktok/client.py,sha256=ErhJOskyWVJP1nfLeJl09fGEyVh3QEhjYCgRlVLV-JY,17704
 marqetive/platforms/tiktok/exceptions.py,sha256=vxwyAKujMGZJh0LetG1QsLF95QfUs_kR6ujsWSHGqL0,10124
-marqetive/platforms/tiktok/media.py,sha256=nDijJYq89dQfMFwq58P2PXOvZukxgVRzMrfKTOONn_c,25717
-marqetive/platforms/tiktok/models.py,sha256=acV-fe_3O6kKbZzqytCNCATAwmFpjt0Ac2uacbjt1u8,2822
+marqetive/platforms/tiktok/media.py,sha256=aa47EDRA7woKGqKZkl_5XWu7kcRp2nT93Ol2skEQJpY,28592
+marqetive/platforms/tiktok/models.py,sha256=WWdjuFqhTIR8SnHkz-8UaNc5Mm2PrGomwQ3W7pJcQFg,2962
 marqetive/platforms/twitter/__init__.py,sha256=dvcgVT-v-JOtjSz-OUvxGrn_43OI6w_ep42Wx_nHTSM,217
 marqetive/platforms/twitter/client.py,sha256=08jV2hQVmGOpnG3C05u7bCqL7KapWn7bSsG0wbN_t5M,23270
 marqetive/platforms/twitter/exceptions.py,sha256=eZ-dJKOXH_-bAMg29zWKbEqMFud29piEJ5IWfC9wFts,8926
-marqetive/platforms/twitter/media.py,sha256=_7ka0ENlKr6EMxQQvPS_A38_a8MpjDE2zIrXe20QkuI,27079
+marqetive/platforms/twitter/media.py,sha256=9j7JQpdlOhkMfQkDH0dLpp6HmlYkeB6SvNosRx5Oab8,27152
 marqetive/platforms/twitter/models.py,sha256=yPQlx40SlNmz7YGasXUqdx7rEDEgrQ64aYovlPKo6oc,2126
 marqetive/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 marqetive/utils/__init__.py,sha256=bSrNajbxYBSKQayrPviLz8JeGjplnyK8y_NGDtgb7yQ,977
 marqetive/utils/file_handlers.py,sha256=4TP5kmWofNTSZmlS683CM1UYP83WvRd_NubMbqtXv-g,12568
 marqetive/utils/helpers.py,sha256=8-ljhL47SremKcQO2GF8DIHOPODEv1rSioVNuSPCbec,2634
-marqetive/utils/media.py,sha256=Rvxw9XKU65n-z4G1bEihG3wXZBmjSDZUqClfjGFrg6k,12013
-marqetive/utils/oauth.py,sha256=LQLXpThZUe0XbSpO3dJ5oW3sPRJuKjSk3_f5_3baUzA,12095
+marqetive/utils/media.py,sha256=O1rISYdaP3CuuPxso7kqvxWXNfe2jjioNkaBc4cpwkY,14668
+marqetive/utils/oauth.py,sha256=1SkYCE6dcyPvcDqbjRFSSBcKTwLJy8u3jAANPdftVmo,13108
 marqetive/utils/retry.py,sha256=lAniJLMNWp9XsHrvU0XBNifpNEjfde4MGfd5hlFTPfA,7636
 marqetive/utils/token_validator.py,sha256=dNvDeHs2Du5UyMMH2ZOW6ydR7OwOEKA4c9e-rG0f9-0,6698
-marqetive_lib-0.1.7.dist-info/METADATA,sha256=xsPKt4AbFy44aZtNeft0YeaSWNKrS-xWxsavavh2xtM,7875
-marqetive_lib-0.1.7.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
-marqetive_lib-0.1.7.dist-info/RECORD,,
+marqetive_lib-0.1.9.dist-info/METADATA,sha256=jdnVbFyp8VBoa2wtc3OMObF0RUDNucFAm6IeezeGYG8,7875
+marqetive_lib-0.1.9.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
+marqetive_lib-0.1.9.dist-info/RECORD,,