steamcommunity 3.45.2 → 3.46.0

package/components/helpers.js

@@ -1,4 +1,6 @@
 const EResult = require('../resources/EResult.js');
+const request = require('request');
+const xml2js  = require('xml2js');
 
 exports.isSteamID = function(input) {
 	var keys = Object.keys(input);
@@ -65,4 +67,42 @@ exports.decodeJwt = function(jwt) {
 		.replace(/_/g, '/');
 
 	return JSON.parse(Buffer.from(standardBase64, 'base64').toString('utf8'));
-}
+};
+
+/**
+ * Resolves a Steam profile URL to get steamID64 and vanityURL
+ * @param {String} url - Full steamcommunity profile URL or only the vanity part.
+ * @param {Object} callback - First argument is null/Error, second is object containing vanityURL (String) and steamID (String)
+ */
+exports.resolveVanityURL = function(url, callback) {
+	// Precede url param if only the vanity was provided
+	if (!url.includes("steamcommunity.com")) {
+		url = "https://steamcommunity.com/id/" + url;
+	}
+
+	// Make request to get XML data
+	request(url + "/?xml=1", function(err, response, body) {
+		if (err) {
+			callback(err);
+			return;
+		}
+
+		// Parse XML data returned from Steam into an object
+		new xml2js.Parser().parseString(body, (err, parsed) => {
+			if (err) {
+				callback(new Error("Couldn't parse XML response"));
+				return;
+			}
+
+			if (parsed.response && parsed.response.error) {
+				callback(new Error("Couldn't find Steam ID"));
+				return;
+			}
+
+			let steamID64 = parsed.profile.steamID64;
+			let vanityURL = parsed.profile.customURL;
+
+			callback(null, {"vanityURL": vanityURL, "steamID": steamID64});
+		});
+	});
+};

package/components/inventoryhistory.js

@@ -1,5 +1,6 @@
 var SteamCommunity = require('../index.js');
 var CEconItem = require('../classes/CEconItem.js');
+var Helpers = require('./helpers.js');
 var SteamID = require('steamid');
 var request = require('request');
 var Cheerio = require('cheerio');
@@ -142,7 +143,7 @@ SteamCommunity.prototype.getInventoryHistory = function(options, callback) {
 		}
 
 		if (options.resolveVanityURLs) {
-			Async.map(vanityURLs, resolveVanityURL, function(err, results) {
+			Async.map(vanityURLs, Helpers.resolveVanityURL, function(err, results) {
 				if (err) {
 					callback(err);
 					return;
@@ -170,19 +171,3 @@ SteamCommunity.prototype.getInventoryHistory = function(options, callback) {
 	}, "steamcommunity");
 };
 
-function resolveVanityURL(vanityURL, callback) {
-	request("https://steamcommunity.com/id/" + vanityURL + "/?xml=1", function(err, response, body) {
-		if (err) {
-			callback(err);
-			return;
-		}
-
-		var match = body.match(/<steamID64>(\d+)<\/steamID64>/);
-		if (!match || !match[1]) {
-			callback(new Error("Couldn't find Steam ID"));
-			return;
-		}
-
-		callback(null, {"vanityURL": vanityURL, "steamID": match[1]});
-	});
-}

package/components/sharedfiles.js

@@ -0,0 +1,158 @@
+var SteamID = require('steamid');
+
+var SteamCommunity = require('../index.js');
+
+
+/**
+ * Deletes a comment from a sharedfile's comment section
+ * @param {SteamID | String} userID - ID of the user associated to this sharedfile
+ * @param {String} sharedFileId - ID of the sharedfile
+ * @param {String} cid - ID of the comment to delete
+ * @param {function} callback - Takes only an Error object/null as the first argument
+ */
+SteamCommunity.prototype.deleteSharedFileComment = function(userID, sharedFileId, cid, callback) {
+	if (typeof userID === "string") {
+		userID = new SteamID(userID);
+	}
+
+	this.httpRequestPost({
+		"uri": `https://steamcommunity.com/comment/PublishedFile_Public/delete/${userID.toString()}/${sharedFileId}/`,
+		"form": {
+			"gidcomment": cid,
+			"count": 10,
+			"sessionid": this.getSessionID()
+		}
+	}, function(err, response, body) {
+		if (!callback) {
+			return;
+		}
+
+		callback(err);
+	}, "steamcommunity");
+};
+
+/**
+ * Favorites a sharedfile
+ * @param {String} sharedFileId - ID of the sharedfile
+ * @param {String} appid - ID of the app associated to this sharedfile
+ * @param {function} callback - Takes only an Error object/null as the first argument
+ */
+SteamCommunity.prototype.favoriteSharedFile = function(sharedFileId, appid, callback) {
+	this.httpRequestPost({
+		"uri": "https://steamcommunity.com/sharedfiles/favorite",
+		"form": {
+			"id": sharedFileId,
+			"appid": appid,
+			"sessionid": this.getSessionID()
+		}
+	}, function(err, response, body) {
+		if (!callback) {
+			return;
+		}
+
+		callback(err);
+	}, "steamcommunity");
+};
+
+/**
+ * Posts a comment to a sharedfile
+ * @param {SteamID | String} userID - ID of the user associated to this sharedfile
+ * @param {String} sharedFileId - ID of the sharedfile
+ * @param {String} message - Content of the comment to post
+ * @param {function} callback - Takes only an Error object/null as the first argument
+ */
+SteamCommunity.prototype.postSharedFileComment = function(userID, sharedFileId, message, callback) {
+	if (typeof userID === "string") {
+		userID = new SteamID(userID);
+	}
+
+	this.httpRequestPost({
+		"uri": `https://steamcommunity.com/comment/PublishedFile_Public/post/${userID.toString()}/${sharedFileId}/`,
+		"form": {
+			"comment": message,
+			"count": 10,
+			"sessionid": this.getSessionID()
+		}
+	}, function(err, response, body) {
+		if (!callback) {
+			return;
+		}
+
+		callback(err);
+	}, "steamcommunity");
+};
+
+/**
+ * Subscribes to a sharedfile's comment section. Note: Checkbox on webpage does not update
+ * @param {SteamID | String} userID ID of the user associated to this sharedfile
+ * @param {String} sharedFileId ID of the sharedfile
+ * @param {function} callback - Takes only an Error object/null as the first argument
+ */
+SteamCommunity.prototype.subscribeSharedFileComments = function(userID, sharedFileId, callback) {
+	if (typeof userID === "string") {
+		userID = new SteamID(userID);
+	}
+
+	this.httpRequestPost({
+		"uri": `https://steamcommunity.com/comment/PublishedFile_Public/subscribe/${userID.toString()}/${sharedFileId}/`,
+		"form": {
+			"count": 10,
+			"sessionid": this.getSessionID()
+		}
+	}, function(err, response, body) { // eslint-disable-line
+		if (!callback) {
+			return;
+		}
+
+		callback(err);
+	}, "steamcommunity");
+};
+
+/**
+ * Unfavorites a sharedfile
+ * @param {String} sharedFileId - ID of the sharedfile
+ * @param {String} appid - ID of the app associated to this sharedfile
+ * @param {function} callback - Takes only an Error object/null as the first argument
+ */
+SteamCommunity.prototype.unfavoriteSharedFile = function(sharedFileId, appid, callback) {
+	this.httpRequestPost({
+		"uri": "https://steamcommunity.com/sharedfiles/unfavorite",
+		"form": {
+			"id": sharedFileId,
+			"appid": appid,
+			"sessionid": this.getSessionID()
+		}
+	}, function(err, response, body) {
+		if (!callback) {
+			return;
+		}
+
+		callback(err);
+	}, "steamcommunity");
+};
+
+/**
+ * Unsubscribes from a sharedfile's comment section. Note: Checkbox on webpage does not update
+ * @param {SteamID | String} userID - ID of the user associated to this sharedfile
+ * @param {String} sharedFileId - ID of the sharedfile
+ * @param {function} callback - Takes only an Error object/null as the first argument
+ */
+SteamCommunity.prototype.unsubscribeSharedFileComments = function(userID, sharedFileId, callback) {
+	if (typeof userID === "string") {
+		userID = new SteamID(userID);
+	}
+
+	this.httpRequestPost({
+		"uri": `https://steamcommunity.com/comment/PublishedFile_Public/unsubscribe/${userID.toString()}/${sharedFileId}/`,
+		"form": {
+			"count": 10,
+			"sessionid": this.getSessionID()
+		}
+	}, function(err, response, body) { // eslint-disable-line
+		if (!callback) {
+			return;
+		}
+
+		callback(err);
+	}, "steamcommunity");
+};

package/examples/README.md

@@ -0,0 +1,35 @@
+# node-steamcommunity examples
+
+The files in this directory are example scripts that you can use as a getting-started point for using node-steamcommunity.
+
+## Enable or Disable Two-Factor Authentication
+
+If you need to enable or disable 2FA on your bot account, you can use enable_twofactor.js and disable_twofactor.js to do so.
+The way that you're intended to use these scripts is by cloning the repository locally, and then running them directly
+from this examples directory.
+
+For example:
+
+```shell
+git clone https://github.com/DoctorMcKay/node-steamcommunity node-steamcommunity
+cd node-steamcommunity
+npm install
+cd examples
+node enable_twofactor.js
+```
+
+## Accept All Confirmations
+
+If you need to accept trade or market confirmations on your bot account for which you have your identity secret, you can
+use accept_all_confirmations.js to do so. The way that you're intended to use this script is by cloning the repository
+locally, and then running it directly from this examples directory.
+
+For example:
+
+```shell
+git clone https://github.com/DoctorMcKay/node-steamcommunity node-steamcommunity
+cd node-steamcommunity
+npm install
+cd examples
+node accept_all_confirmations.js
+```

package/examples/accept_all_confirmations.js

@@ -0,0 +1,173 @@
+// If you aren't running this script inside of the repository, replace the following line with:
+// const SteamCommunity = require('steamcommunity');
+const SteamCommunity = require('../index.js');
+const SteamSession = require('steam-session');
+const SteamTotp = require('steam-totp');
+const ReadLine = require('readline');
+
+const EConfirmationType = SteamCommunity.ConfirmationType;
+
+let g_AbortPromptFunc = null;
+
+let community = new SteamCommunity();
+
+main();
+async function main() {
+	let accountName = await promptAsync('Username: ');
+	let password = await promptAsync('Password (hidden): ', true);
+
+	// Create a LoginSession for us to use to attempt to log into steam
+	let session = new SteamSession.LoginSession(SteamSession.EAuthTokenPlatformType.MobileApp);
+
+	// Go ahead and attach our event handlers before we do anything else.
+	session.on('authenticated', async () => {
+		abortPrompt();
+
+		let cookies = await session.getWebCookies();
+		community.setCookies(cookies);
+
+		doConfirmations();
+	});
+
+	session.on('timeout', () => {
+		abortPrompt();
+		console.log('This login attempt has timed out.');
+	});
+
+	session.on('error', (err) => {
+		abortPrompt();
+
+		// This should ordinarily not happen. This only happens in case there's some kind of unexpected error while
+		// polling, e.g. the network connection goes down or Steam chokes on something.
+
+		console.log(`ERROR: This login attempt has failed! ${err.message}`);
+	});
+
+	// Start our login attempt
+	let startResult = await session.startWithCredentials({accountName, password});
+	if (startResult.actionRequired) {
+		// Some Steam Guard action is required. We only care about email and device codes; in theory an
+		// EmailConfirmation and/or DeviceConfirmation action could be possible, but we're just going to ignore those.
+		// If the user does receive a confirmation and accepts it, LoginSession will detect and handle that automatically.
+		// The only consequence of ignoring it here is that we don't print a message to the user indicating that they
+		// could accept an email or device confirmation.
+
+		let codeActionTypes = [SteamSession.EAuthSessionGuardType.EmailCode, SteamSession.EAuthSessionGuardType.DeviceCode];
+		let codeAction = startResult.validActions.find(action => codeActionTypes.includes(action.type));
+		if (codeAction) {
+			if (codeAction.type == SteamSession.EAuthSessionGuardType.EmailCode) {
+				console.log(`A code has been sent to your email address at ${codeAction.detail}.`);
+			} else {
+				// We wouldn't expect this to happen since we're trying to enable 2FA, but just in case...
+				console.log('You need to provide a Steam Guard Mobile Authenticator code.');
+			}
+
+			let code = await promptAsync('Code or Shared Secret: ');
+			if (code) {
+				// The code might've been a shared secret
+				if (code.length > 10) {
+					code = SteamTotp.getAuthCode(code);
+				}
+				await session.submitSteamGuardCode(code);
+			}
+
+			// If we fall through here without submitting a Steam Guard code, that means one of two things:
+			//   1. The user pressed enter without providing a code, in which case the script will simply exit
+			//   2. The user approved a device/email confirmation, in which case 'authenticated' was emitted and the prompt was canceled
+		}
+	}
+}
+
+async function doConfirmations() {
+	let identitySecret = await promptAsync('Identity Secret: ');
+
+	let confs = await new Promise((resolve, reject) => {
+		let time = SteamTotp.time();
+		let key = SteamTotp.getConfirmationKey(identitySecret, time, 'conf');
+		community.getConfirmations(time, key, (err, confs) => {
+			if (err) {
+				return reject(err);
+			}
+
+			resolve(confs);
+		});
+	});
+
+	console.log(`Found ${confs.length} outstanding confirmations.`);
+
+	// We need to track the previous timestamp we used, as we cannot reuse timestamps.
+	let previousTime = 0;
+
+	for (let i = 0; i < confs.length; i++) {
+		let conf = confs[i];
+
+		process.stdout.write(`Accepting confirmation for ${EConfirmationType[conf.type]} - ${conf.title}... `);
+
+		try {
+			await new Promise((resolve, reject) => {
+				let time = SteamTotp.time();
+				if (time == previousTime) {
+					time++;
+				}
+
+				previousTime = time;
+				let key = SteamTotp.getConfirmationKey(identitySecret, time, 'allow');
+				conf.respond(time, key, true, (err) => {
+					err ? reject(err) : resolve();
+				});
+			});
+
+			console.log('success');
+		} catch (ex) {
+			console.log(`error: ${ex.message}`);
+		}
+
+		// sleep 500ms so we don't run too far away from the current timestamp
+		await new Promise(resolve => setTimeout(resolve, 500));
+	}
+
+	console.log('Finished processing confirmations');
+	process.exit(0);
+}
+
+// Nothing interesting below here, just code for prompting for input from the console.
+
+function promptAsync(question, sensitiveInput = false) {
+	return new Promise((resolve) => {
+		let rl = ReadLine.createInterface({
+			input: process.stdin,
+			output: sensitiveInput ? null : process.stdout,
+			terminal: true
+		});
+
+		g_AbortPromptFunc = () => {
+			rl.close();
+			resolve('');
+		};
+
+		if (sensitiveInput) {
+			// We have to write the question manually if we didn't give readline an output stream
+			process.stdout.write(question);
+		}
+
+		rl.question(question, (result) => {
+			if (sensitiveInput) {
+				// We have to manually print a newline
+				process.stdout.write('\n');
+			}
+
+			g_AbortPromptFunc = null;
+			rl.close();
+			resolve(result);
+		});
+	});
+}
+
+function abortPrompt() {
+	if (!g_AbortPromptFunc) {
+		return;
+	}
+
+	g_AbortPromptFunc();
+	process.stdout.write('\n');
+}

package/examples/disable_twofactor.js

@@ -1,73 +1,85 @@
 // If you aren't running this script inside of the repository, replace the following line with:
 // const SteamCommunity = require('steamcommunity');
 const SteamCommunity = require('../index.js');
+const SteamSession = require('steam-session');
 const ReadLine = require('readline');
 
+let g_AbortPromptFunc = null;
+
 let community = new SteamCommunity();
-let rl = ReadLine.createInterface({
-	input: process.stdin,
-	output: process.stdout
-});
-
-rl.question('Username: ', (accountName) => {
-	rl.question('Password: ', (password) => {
-		rl.question('Two-Factor Auth Code: ', (authCode) =>{
-			rl.question('Revocation Code: R', (rCode) => {
-				doLogin(accountName, password, authCode, '', rCode);
-			});
-		});
-	});
-});
-
-function doLogin(accountName, password, authCode, captcha, rCode) {
-	community.login({
-		accountName: accountName,
-		password: password,
-		twoFactorCode: authCode,
-		captcha: captcha
-	}, (err, sessionID, cookies, steamguard) => {
-		if (err) {
-			if (err.message == 'SteamGuard') {
-				console.log('This account does not have two-factor authentication enabled.');
-				process.exit();
-				return;
-			}
 
-			if (err.message == 'CAPTCHA') {
-				console.log(err.captchaurl);
-				rl.question('CAPTCHA: ', (captchaInput) => {
-					doLogin(accountName, password, authCode, captchaInput);
-				});
+main();
+async function main() {
+	let accountName = await promptAsync('Username: ');
+	let password = await promptAsync('Password (hidden): ', true);
 
-				return;
-			}
+	// Create a LoginSession for us to use to attempt to log into steam
+	let session = new SteamSession.LoginSession(SteamSession.EAuthTokenPlatformType.MobileApp);
 
-			console.log(err);
-			process.exit();
-			return;
-		}
+	// Go ahead and attach our event handlers before we do anything else.
+	session.on('authenticated', async () => {
+		abortPrompt();
 
-		console.log('Logged on!');
+		let accessToken = session.accessToken;
+		let cookies = await session.getWebCookies();
 
-		if (community.mobileAccessToken) {
-			// If we already have a mobile access token, we don't need to prompt for one.
-			doRevoke(rCode);
-			return;
-		}
+		community.setCookies(cookies);
+		community.setMobileAppAccessToken(accessToken);
 
-		console.log('You need to provide a mobile app access token to continue.');
-		console.log('You can generate one using steam-session (https://www.npmjs.com/package/steam-session).');
-		console.log('The access token needs to be generated using EAuthTokenPlatformType.MobileApp.');
-		console.log('Make sure you provide an *ACCESS* token, not a refresh token.');
+		// Enabling or disabling 2FA is presently the only action in node-steamcommunity which requires an access token.
+		// In all other cases, using `community.setCookies(cookies)` is all you need to do in order to be logged in,
+		// although there's never any harm in setting a mobile app access token.
 
-		rl.question('Access Token: ', (accessToken) => {
-			community.setMobileAppAccessToken(accessToken);
-			doRevoke(rCode);
-		});
+		doRevoke();
+	});
+
+	session.on('timeout', () => {
+		abortPrompt();
+		console.log('This login attempt has timed out.');
+	});
+
+	session.on('error', (err) => {
+		abortPrompt();
+
+		// This should ordinarily not happen. This only happens in case there's some kind of unexpected error while
+		// polling, e.g. the network connection goes down or Steam chokes on something.
+
+		console.log(`ERROR: This login attempt has failed! ${err.message}`);
 	});
+
+	// Start our login attempt
+	let startResult = await session.startWithCredentials({accountName, password});
+	if (startResult.actionRequired) {
+		// Some Steam Guard action is required. We only care about email and device codes; in theory an
+		// EmailConfirmation and/or DeviceConfirmation action could be possible, but we're just going to ignore those.
+		// If the user does receive a confirmation and accepts it, LoginSession will detect and handle that automatically.
+		// The only consequence of ignoring it here is that we don't print a message to the user indicating that they
+		// could accept an email or device confirmation.
+
+		let codeActionTypes = [SteamSession.EAuthSessionGuardType.EmailCode, SteamSession.EAuthSessionGuardType.DeviceCode];
+		let codeAction = startResult.validActions.find(action => codeActionTypes.includes(action.type));
+		if (codeAction) {
+			if (codeAction.type == SteamSession.EAuthSessionGuardType.EmailCode) {
+				// We wouldn't expect this to happen since we're trying to disable 2FA, but just in case...
+				console.log(`A code has been sent to your email address at ${codeAction.detail}.`);
+			} else {
+				console.log('You need to provide a Steam Guard Mobile Authenticator code.');
+			}
+
+			let code = await promptAsync('Code: ');
+			if (code) {
+				await session.submitSteamGuardCode(code);
+			}
+
+			// If we fall through here without submitting a Steam Guard code, that means one of two things:
+			//   1. The user pressed enter without providing a code, in which case the script will simply exit
+			//   2. The user approved a device/email confirmation, in which case 'authenticated' was emitted and the prompt was canceled
+		}
+	}
 }
 
-function doRevoke(rCode) {
+async function doRevoke() {
+	let rCode = await promptAsync('Revocation Code: R');
 	community.disableTwoFactor('R' + rCode, (err) => {
 		if (err) {
 			console.log(err);
@@ -79,3 +91,45 @@ function doRevoke(rCode) {
 		process.exit();
 	});
 }
+
+// Nothing interesting below here, just code for prompting for input from the console.
+
+function promptAsync(question, sensitiveInput = false) {
+	return new Promise((resolve) => {
+		let rl = ReadLine.createInterface({
+			input: process.stdin,
+			output: sensitiveInput ? null : process.stdout,
+			terminal: true
+		});
+
+		g_AbortPromptFunc = () => {
+			rl.close();
+			resolve('');
+		};
+
+		if (sensitiveInput) {
+			// We have to write the question manually if we didn't give readline an output stream
+			process.stdout.write(question);
+		}
+
+		rl.question(question, (result) => {
+			if (sensitiveInput) {
+				// We have to manually print a newline
+				process.stdout.write('\n');
+			}
+
+			g_AbortPromptFunc = null;
+			rl.close();
+			resolve(result);
+		});
+	});
+}
+
+function abortPrompt() {
+	if (!g_AbortPromptFunc) {
+		return;
+	}
+
+	g_AbortPromptFunc();
+	process.stdout.write('\n');
+}