Jump to content


Photo

Minimal code to stay logged in forever...

node.js node-steamcommunity

Best Answer Dr. McKay , 07 August 2016 - 12:23 AM

1) I'd keep your login checker code in there. The manager will only notice that your session is gone when you try to send/accept an offer. Normal polling and canceling offers uses the WebAPI and your API key, so the session isn't actually used there.

2) That's more than fine. 5 requests per minute is super low.

3) You're correct, your first snippet generated the code once on boot. It ceased to be valid once you used it.

Go to the full post


  • Please log in to reply
7 replies to this topic

#1 klonaway

klonaway

    Newbie

  • Member
  • Pip
  • 9 posts

Posted 06 August 2016 - 07:59 PM

I have spent some time checking the node-steamcommunity GitHub wiki, and first of all : Dr. McKay, you are a hero for building up such an easy npm interface for the messy Steam API...

 

I came up with some code to make sure I'm logged in almost 24/7 :

// Modules are required and secret stuff is ready...

function logOnSteam() {
	
  console.log("Logging in to Steam...");
  steamCommunity.login(logOnOptions, function (e, sessionID, cookies, steamguard) {

    if (e) {
      console.log("There was an error logging in ! Error details : " + e.message);
      setTimeout(logOnSteam, 1000*60*4); // try to reconnect in 4 minutes
      return;

    } else {

      console.log("Successfully logged in as " + logOnOptions.accountName + " !");
      steamCommunity.chatLogon(); // to appear online
      tradeOfferManager.setCookies(cookies, function (err) {
        if (err) {
          console.log(err);
          return;
        }
      });
    }
    // automatic confirmation of EVERYTHING every "confirmationPeriod" ms
    steamCommunity.startConfirmationChecker(confirmationPeriod, identitySecret);
  });
}

function checkSteamLogged() {

  steamCommunity.loggedIn( function (err, loggedIn, familyView) {
    if (err) {
      console.log(err);
      setTimeout(checkSteamLogged, 1000*60*4); // check again in 4 min
    } else if ( ! loggedIn ) {
      console.log("Steam login check : NOT LOGGED IN !");
      logOnSteam();
    } else {
      console.log("Steam login check : already logged in !");
    }
  });
}

steamCommunity.on('sessionExpired', function (err) {
  if (err) {console.log(err);}
  logOnSteam();
});

logOnSteam();
setInterval(checkSteamLogged, 1000*60*30);

I guess this is enough to be safe... (unless I made some rookie mistake ?)

 

This code is obviously the starting point for some TradeOfferManager handling, and I was wondering if I didn't go too far :

  • if the 'sessionExpired' event is really triggered whenever we are not logged in, does it mean the 'checkSteamLogged()' function can be safely removed without harm ?
  • '.startConfirmationChecker()' doesn't create a new instance each time it is called ? (I don't want to trigger 10 confirmations checkers leading to 10 times the intended check rate...)

Thanks for any input !


  • yellowish likes this

#2 Dr. McKay

Dr. McKay

    Developer

  • Administrator
  • 1,998 posts

Posted 06 August 2016 - 11:03 PM

That all looks fine to me. sessionExpired is only emitted when a request you make fails because you aren't logged in. It doesn't check automatically, it only checks whenever the library makes a request somewhere.

 

Starting a new confirmation checker without stopping the old one is just fine. It'll stop an old one if you call it while one is running.

 

I recommend updating to v3.23.1 if you're going to use webchat.


  • yellowish and klonaway like this

#3 klonaway

klonaway

    Newbie

  • Member
  • Pip
  • 9 posts

Posted 07 August 2016 - 12:20 AM

Thanks for your quick answer and your amazing work (no wonder OpSkins is a moneymaker ;-)).

I'll take a look at v3.23.1 but I couldn't care less about chatting : this bot is never meant to interact with human beings, he's a pure trader !

 

Two more questions and one remark :

 

1) Since :

- the TradeOfferManager side checks pending trade offers every 2 minutes,

- the confirmationChecker checks pending confirmations every minute,

I guess 'sessionExpired' will be triggered within a minute if needed, so my checkedSteamLogged() thingy really seems useless to me, nope ?

 

2) An account firing max 2 or 3 (let's say 5) automatic requests per minute is ok with Steam ? I can't afford getting banned... I'm sure there are some awfully more spamming bots out there, but better feel safe... Do you know if there is a kind of safe request limit I shouldn't ever cross ? (didn't find any info about that)

 

3) That's just a remark which could improve your documentation :

 

I noticed that if my app fails to login the first time, it will be stuck with a SteamGuardMobile error. This led me to the two-factor code and I *think* the code below only generates the ephemeral code once when booting :

var logOnOptions = {
  'accountName': accountName,
  'password': password,
  'twoFactorCode': SteamTOTP.generateAuthCode(sharedSecret)
};

function logOnSteam() {
  steamCommunity.login(logOnOptions, function (e, sessionID, cookies, steamguard) {...});
}

I tried wrapping the options in a generator and now it works 100% (so far...) :

function generateLogon() {
  return {
    'accountName': accountName,
    'password': password,
    'twoFactorCode': SteamTOTP.generateAuthCode(sharedSecret)
  };
}

function logOnSteam() {
  steamCommunity.login(generateLogon(), function (e, sessionID, cookies, steamguard) {...});
}

If my assumptions are correct and an ephemeral generator is indeed required, it might prove useful to put it somewhere in the documentation (don't remember seeing it)...

 

Hope you'll take some time to read and answer all this, I'm closing this thread right after !



#4 Dr. McKay

Dr. McKay

    Developer

  • Administrator
  • 1,998 posts

Posted 07 August 2016 - 12:23 AM   Best Answer

1) I'd keep your login checker code in there. The manager will only notice that your session is gone when you try to send/accept an offer. Normal polling and canceling offers uses the WebAPI and your API key, so the session isn't actually used there.

2) That's more than fine. 5 requests per minute is super low.

3) You're correct, your first snippet generated the code once on boot. It ceased to be valid once you used it.


  • klonaway likes this

#5 klonaway

klonaway

    Newbie

  • Member
  • Pip
  • 9 posts

Posted 07 August 2016 - 06:21 AM

Thanks a lot for your time and attention. I thought interfacing my code with Steam would be the worst part of my project, and it ended up being the easiest ; all thanks to your amazing work ! Can't tell you how grateful I am. I'll keep you in my heart and will think about sending you some skins or bitcoins if my code proves lucrative. Cheers !



#6 Dr. McKay

Dr. McKay

    Developer

  • Administrator
  • 1,998 posts

Posted 07 August 2016 - 09:04 PM

Happy to help! :)



#7 cookie

cookie

    Advanced Member

  • Member
  • PipPipPip
  • 62 posts

Posted 22 August 2016 - 05:20 AM

Isn't it sufficient to refresh session every 30 mins and check the err value when doing some calls and see if it's Error: Http 4xx/5xx or Error: Not LoggedIn and webLogOn(); ?

 

It's same as refreshing sessions when sessionExpired is emitted but that's the old way when sessionExpired wasn't a thing.

 

Also does sessionExpired covers all http errors and malformed responses ? (not all malformed responses are fatal, I know)


Edited by cookie, 22 August 2016 - 05:21 AM.


#8 Dr. McKay

Dr. McKay

    Developer

  • Administrator
  • 1,998 posts

Posted 22 August 2016 - 10:53 AM

Yeah, that should be sufficient.

 

If I remember correctly, sessionExpired is only emitted for known no-session errors.







Also tagged with one or more of these keywords: node.js, node-steamcommunity

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users