Jump to content
McKay Development

Dr. McKay

Administrator
  • Posts

    3597
  • Joined

  • Last visited

Reputation Activity

  1. Like
    Dr. McKay got a reaction from igor in Trading and Escrow -- Mobile Trade Confirmations   
    As of December 2015, all users who are losing items in a trade must have the Steam Guard Mobile Authenticator enabled, or else the trade will be held for three fifteen days. It's also no longer possible to opt-out of trade confirmations.
     
    This means that effectively, all trading bots need a mobile authenticator and need to accept mobile trade confirmations. You don't need an actual physical phone to act as your mobile authenticator, however. Through the efforts of myself and others, you can emulate a mobile authenticator right from node.js, and also accept trade confirmations.
     
    Enabling a Mobile Authenticator
     
    The Steam Guard Mobile Authenticator provides two-factor authentication security (hereinafter "2FA") for your account, which is more secure than standard email-based Steam Guard. This is done using a "shared secret" which is known to both the Steam servers and to your authenticator. Both sides run this secret through an algorithm along with the current time, which produces a 5-character alphanumeric code. This code is only valid for 30 seconds, and can only be used once. Attempts to reuse a 2FA code (either through the Steam Client or by logging in on steamcommunity.com) will treat the code as incorrect and reject it. For this reason, you can't login more frequently than once in a 30-second period.
     
    Enabling 2FA is a three-step process.
    Link and verify a phone number with your Steam account. You can do this manually from your account page, or programmatically using node-steamstore. Call enableTwoFactor using either node-steam-user or node-steamcommunity. If successful, this will return an object containing a bunch of properties. You should save this entire object. You can call JSON.stringify on it safely to turn it into a string. You'll need the revocation_code in the future if you ever want to disable 2FA. At this stage, 2FA isn't enabled yet. Steam will send you an SMS containing a code which you'll need in step 3. Call finalizeTwoFactor using either node-steam-user or node-steamcommunity. You will need the value of the shared_secret property from the object returned in step 2, and the numeric activation code from your SMS. If successful, your Steam account now has 2FA. Logging in With a Mobile Authenticator
     
    If you have 2FA enabled, then for every login you will need to provide a twoFactorCode (unless you're logging in with node-steam-user using a loginKey). You can generate this code using node-steam-totp and your shared_secret which you obtained (and should have saved) when you enabled 2FA.
     
    Mobile-Confirming Trades
     
    You are now required to confirm all trades in which you lose items. If you don't have 2FA enabled, then these confirmations will go to your email and the trades will be held for fifteen days. If you do have 2FA enabled, then the confirmations must be accepted through Steam's mobile confirmation interface. You can also accept mobile confirmations through node.js.
     
    node-steam-tradeoffer-manager doesn't have anything built-in to accept mobile confirmations. This is because mobile confirmations encompass more than just trades -- market listings also require confirmation, and potentially other things in the future.
     
    node-steamcommunity can accept your confirmations for you. In order to accept mobile confirmations, you will need the identity_secret (not the shared_secret used for login) from when you enabled 2FA. The best way to do this is to call acceptConfirmationForObject right after each trade offer you send/accept or market listing you create.
  2. Like
    Dr. McKay got a reaction from dcv in My proxy provider forbids access to https://checkout.steampowered.com/login/settoken   
    If you aren't planning on making any requests to a domain, then you shouldn't have any issues patching the module to skip that domain's settoken call.
  3. Like
    Dr. McKay got a reaction from Josiox in Anyway to get float, pattern, ispect link using classid, assetid from inventory api   
    You can't get wear from steamcommunity.com, only from the GC.
  4. Like
    Dr. McKay got a reaction from igor in logout and cookies   
    Yes, cookies are invalidated when you logout. It's possible for a JWT to become invalid before its expiration date for that reason.
  5. Like
  6. Like
    Dr. McKay got a reaction from SwenH in Best way to determine if a Steam user owns a free game's package/app ID   
    Set the enablePicsCache option to true in the constructor, then listen for the ownershipCached event and once it's emitted, you can call ownsApp to check if you own a license for an app.
  7. Like
    Dr. McKay got a reaction from Fess23 in How GetAuthTicket() Works   
    I wasn't ever able to find a definition for that enum.
  8. Thanks
    Dr. McKay got a reaction from vindisel in Which architecture is more suitable for keeping bots running?   
    It wouldn't hurt to clusterize things, but either way things should generally work fine without need for much hardware.
  9. Thanks
    Dr. McKay got a reaction from Devx09 in Getting tradehold of user without getUserDetails.   
    https://steamapi.xpaw.me/#IEconService/GetTradeHoldDurations
  10. Like
    Dr. McKay reacted to George Hazan in How to maintain Steam websocket connection alive?   
    mea culpa, I've forgotten to thank you for this advice, thank you, it helped
  11. Like
    Dr. McKay got a reaction from DcSteamUser in SteamUser Resets its Values   
    Values like what?
  12. Like
    Dr. McKay got a reaction from Pip in Error 26 (eruslt=26) - unable to send offers via BOT   
    Ignore any id and assetid properties in the description object when you merge it onto the asset object.
  13. Thanks
    Dr. McKay got a reaction from pepe2 in extract chat_id and group_id from Chat Room Groups   
    client.chat.on('chatMessage', function (message) { // message is an object that includes chat_group_id and chat_id properties // ref: https://github.com/DoctorMcKay/node-steam-user/wiki/SteamChatRoomClient#incoming-chat-message });  
  14. Thanks
    Dr. McKay got a reaction from mqwerty in Parse point shop items   
    Every Steam WebAPI endpoint that accepts and outputs protobuf also accepts input_json, and will output json.
    Here is the protobuf definition for BatchedQueryRewardItems/v1, and repeated .CLoyaltyRewards_QueryRewardItems_Request requests means that it expects a json object with key "requests", which is an array of CLoyaltyRewards_QueryRewardItems_Request objects, which is defined here.
    So we could make a URL like this: https://api.steampowered.com/ILoyaltyRewardsService/BatchedQueryRewardItems/v1?input_json=%7B%22requests%22%3A%5B%7B%22appids%22%3A%5B%5D%2C%22community_item_classes%22%3A%5B3%5D%2C%22reward_types%22%3A%5B1%5D%2C%22excluded_community_item_classes%22%3A%5B%5D%2C%22definitionids%22%3A%5B%5D%2C%22filters%22%3A%5B4%5D%2C%22filter_match_all_category_tags%22%3A%5B%5D%2C%22filter_match_any_category_tags%22%3A%5B%5D%2C%22contains_definitionids%22%3A%5B%5D%2C%22excluded_content_descriptors%22%3A%5B%5D%2C%22excluded_appids%22%3A%5B%5D%2C%22excluded_store_tagids%22%3A%5B%5D%2C%22store_tagids%22%3A%5B%5D%2C%22time_available%22%3Anull%2C%22language%22%3A%22english%22%2C%22count%22%3A10%2C%22cursor%22%3Anull%2C%22sort%22%3A2%2C%22sort_descending%22%3Afalse%2C%22include_direct_purchase_disabled%22%3Anull%2C%22search_term%22%3Anull%7D%2C%7B%22appids%22%3A%5B%5D%2C%22community_item_classes%22%3A%5B17%5D%2C%22reward_types%22%3A%5B1%5D%2C%22excluded_community_item_classes%22%3A%5B%5D%2C%22definitionids%22%3A%5B%5D%2C%22filters%22%3A%5B%5D%2C%22filter_match_all_category_tags%22%3A%5B%5D%2C%22filter_match_any_category_tags%22%3A%5B%5D%2C%22contains_definitionids%22%3A%5B%5D%2C%22excluded_content_descriptors%22%3A%5B%5D%2C%22excluded_appids%22%3A%5B%5D%2C%22excluded_store_tagids%22%3A%5B%5D%2C%22store_tagids%22%3A%5B%5D%2C%22time_available%22%3Anull%2C%22language%22%3A%22english%22%2C%22count%22%3A10%2C%22cursor%22%3Anull%2C%22sort%22%3A2%2C%22sort_descending%22%3Afalse%2C%22include_direct_purchase_disabled%22%3Anull%2C%22search_term%22%3Anull%7D%5D%7D
    With a large enough request, you might run into URL length limitations, in which case you'd want to encode your request using those protobufs. I believe you could still pass &format=json to get a json response even if you send a protobuf request.
    Exactly what the community item classes, reward types, etc mean, I don't know.
  15. Like
    Dr. McKay got a reaction from iulian in Issue confirming tradeoffers   
    The callback to getOffers has three argument, not two. It's (err, sent, received)
    Your code as written is only looking at sent offers, so it's expected you wouldn't see your received offers in there.
    I also see some other issues in your code. Firstly, you're creating a new 30-second interval on checkTrades every time webSession is emitted, so after two webSession events you're calling checkTrades twice every 30 seconds, thrice after 3 emits, and so on. This is in addition to TradeOfferManager's internal 30 second polling that you've enabled via pollInterval: 30000.
    I'd recommend that you eliminate your checkTrades function entirely and instead use the offerList event, which is designed for exactly what you're using checkTrades for now. It'll be emitted every time TradeOfferManager performs a poll, which is every 30 seconds as configured here.
  16. Like
    Dr. McKay got a reaction from iulian in Issue confirming tradeoffers   
    Yes, a new secret is generated when a mobile authenticator is set up.
    When logging in using steam-user, you need to refresh your web session periodically. Call webLogOn() to do so.
  17. Thanks
    Dr. McKay got a reaction from auditt19 in Need help with a steam idler   
    If the clock is right, then the secret must be wrong.
    Try using the secret in a test script locally. If it generates correct codes, something is wrong with how you're transporting the secret to Heroku; maybe it's encoding it weirdly. If it's wrong locally, then you have the wrong secret. Maybe you exported it from SDA wrong.
  18. Like
    Dr. McKay got a reaction from SteamUs1 in Missing mention of the “getUserInventoryContents” method   
    https://github.com/DoctorMcKay/node-steamcommunity/wiki/CSteamUser#getinventorycontentsappid-contextid-tradableonly-language-callback
  19. Thanks
    Dr. McKay got a reaction from auditt19 in Need help with a steam idler   
    If the codes it's generating don't match the codes generated by the app, then your secret is wrong or the clock is wrong.
  20. Like
    Dr. McKay got a reaction from sfwefsdHashiiiieee in How do I login with steam-user while steam/cs2 is open on windows?   
    Only one Steam client session can be in-game at a time or else you get the LoggedInElsewhere error you mentioned. That guy isn't running CS2 on the same account twice; the real game instance must be logged in under a different account.
    No.
  21. Like
    Dr. McKay reacted to SteamUs1 in Obtaining SteamLogin Secure Token   
    Topic is irrelevant, I found the post where steam session is explained. Thank you
  22. Like
    Dr. McKay got a reaction from Cheekyzzz in Steam-Session Authentication unusual attempt when login   
    No.
  23. Thanks
    Dr. McKay got a reaction from asdfghjkl in Get the original_id of my items listed on the steam market   
    Yeah that should work fine.
  24. Like
    Dr. McKay got a reaction from Andrei Elvis in sentOfferChanged is not firing. The bot can send offer though   
    You need to enable the useAccessToken option or trades containing CS2 items won't appear.
  25. Like
×
×
  • Create New...