Jump to content
McKay Development

Minimal code to stay logged in forever...


klonaway

Recommended Posts

I have spent some time checking the node-steamcommunity GitHub wiki, and first of all : Dr. McKay, you are a hero for building up such an easy npm interface for the messy Steam API...

 

I came up with some code to make sure I'm logged in almost 24/7 :

// Modules are required and secret stuff is ready...

function logOnSteam() {
	
  console.log("Logging in to Steam...");
  steamCommunity.login(logOnOptions, function (e, sessionID, cookies, steamguard) {

    if (e) {
      console.log("There was an error logging in ! Error details : " + e.message);
      setTimeout(logOnSteam, 1000*60*4); // try to reconnect in 4 minutes
      return;

    } else {

      console.log("Successfully logged in as " + logOnOptions.accountName + " !");
      steamCommunity.chatLogon(); // to appear online
      tradeOfferManager.setCookies(cookies, function (err) {
        if (err) {
          console.log(err);
          return;
        }
      });
    }
    // automatic confirmation of EVERYTHING every "confirmationPeriod" ms
    steamCommunity.startConfirmationChecker(confirmationPeriod, identitySecret);
  });
}

function checkSteamLogged() {

  steamCommunity.loggedIn( function (err, loggedIn, familyView) {
    if (err) {
      console.log(err);
      setTimeout(checkSteamLogged, 1000*60*4); // check again in 4 min
    } else if ( ! loggedIn ) {
      console.log("Steam login check : NOT LOGGED IN !");
      logOnSteam();
    } else {
      console.log("Steam login check : already logged in !");
    }
  });
}

steamCommunity.on('sessionExpired', function (err) {
  if (err) {console.log(err);}
  logOnSteam();
});

logOnSteam();
setInterval(checkSteamLogged, 1000*60*30);

I guess this is enough to be safe... (unless I made some rookie mistake ?)

 

This code is obviously the starting point for some TradeOfferManager handling, and I was wondering if I didn't go too far :

  • if the 'sessionExpired' event is really triggered whenever we are not logged in, does it mean the 'checkSteamLogged()' function can be safely removed without harm ?
  • '.startConfirmationChecker()' doesn't create a new instance each time it is called ? (I don't want to trigger 10 confirmations checkers leading to 10 times the intended check rate...)

Thanks for any input !

Link to comment
Share on other sites

That all looks fine to me. sessionExpired is only emitted when a request you make fails because you aren't logged in. It doesn't check automatically, it only checks whenever the library makes a request somewhere.

 

Starting a new confirmation checker without stopping the old one is just fine. It'll stop an old one if you call it while one is running.

 

I recommend updating to v3.23.1 if you're going to use webchat.

Link to comment
Share on other sites

Thanks for your quick answer and your amazing work (no wonder OpSkins is a moneymaker ;-)).

I'll take a look at v3.23.1 but I couldn't care less about chatting : this bot is never meant to interact with human beings, he's a pure trader !

 

Two more questions and one remark :

 

1) Since :

- the TradeOfferManager side checks pending trade offers every 2 minutes,

- the confirmationChecker checks pending confirmations every minute,

I guess 'sessionExpired' will be triggered within a minute if needed, so my checkedSteamLogged() thingy really seems useless to me, nope ?

 

2) An account firing max 2 or 3 (let's say 5) automatic requests per minute is ok with Steam ? I can't afford getting banned... I'm sure there are some awfully more spamming bots out there, but better feel safe... Do you know if there is a kind of safe request limit I shouldn't ever cross ? (didn't find any info about that)

 

3) That's just a remark which could improve your documentation :

 

I noticed that if my app fails to login the first time, it will be stuck with a SteamGuardMobile error. This led me to the two-factor code and I *think* the code below only generates the ephemeral code once when booting :

var logOnOptions = {
  'accountName': accountName,
  'password': password,
  'twoFactorCode': SteamTOTP.generateAuthCode(sharedSecret)
};

function logOnSteam() {
  steamCommunity.login(logOnOptions, function (e, sessionID, cookies, steamguard) {...});
}

I tried wrapping the options in a generator and now it works 100% (so far...) :

function generateLogon() {
  return {
    'accountName': accountName,
    'password': password,
    'twoFactorCode': SteamTOTP.generateAuthCode(sharedSecret)
  };
}

function logOnSteam() {
  steamCommunity.login(generateLogon(), function (e, sessionID, cookies, steamguard) {...});
}

If my assumptions are correct and an ephemeral generator is indeed required, it might prove useful to put it somewhere in the documentation (don't remember seeing it)...

 

Hope you'll take some time to read and answer all this, I'm closing this thread right after !

Link to comment
Share on other sites

1) I'd keep your login checker code in there. The manager will only notice that your session is gone when you try to send/accept an offer. Normal polling and canceling offers uses the WebAPI and your API key, so the session isn't actually used there.

2) That's more than fine. 5 requests per minute is super low.

3) You're correct, your first snippet generated the code once on boot. It ceased to be valid once you used it.

Link to comment
Share on other sites

Thanks a lot for your time and attention. I thought interfacing my code with Steam would be the worst part of my project, and it ended up being the easiest ; all thanks to your amazing work ! Can't tell you how grateful I am. I'll keep you in my heart and will think about sending you some skins or bitcoins if my code proves lucrative. Cheers !

Link to comment
Share on other sites

  • 2 weeks later...

Isn't it sufficient to refresh session every 30 mins and check the err value when doing some calls and see if it's Error: Http 4xx/5xx or Error: Not LoggedIn and webLogOn(); ?

 

It's same as refreshing sessions when sessionExpired is emitted but that's the old way when sessionExpired wasn't a thing.

 

Also does sessionExpired covers all http errors and malformed responses ? (not all malformed responses are fatal, I know)

Edited by cookie
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...