Merge pull request #338 from TaloDev/steamworks-auth

Allow players to authenticate with Steamworks tickets

Author: tudddorrr

src/docs/player-api.docs.ts

@@ -16,8 +16,8 @@ const PlayerAPIDocs: APIDocs<PlayerAPIService> = {
         sample: {
           alias: {
             id: 1,
-            service: 'steam',
-            identifier: '11133645',
+            service: 'username',
+            identifier: 'jimbo',
             player: {
               id: '7a4e70ec-6ee6-418e-923d-b3a45051b7f9',
               props: [
@@ -38,6 +38,20 @@ const PlayerAPIDocs: APIDocs<PlayerAPIService> = {
             }
           }
         }
+      },
+      {
+        title: 'Steam authentication with identity (identifier format is <identity>:<ticket>)',
+        sample: {
+          service: 'steam',
+          identifier: 'talo:14000000bc9f006804c54b4032b27d0502002002cbfdcf771800000002000000060000004f0957cde6f88aecb090245624000000d8000000480000000500000033b19c0602002002fab015006438f58d8001b9d0000000008c57ef77fce61b780200551002000200f1cf060000000000d4dff043aed3c37739e65db7bc83d0196ecabeed867436df9cafa957ba08e29fe20739e47a3142ef1181e1fae857105545049f2bb6a6e86594fbf675246b5618b297d6535b605160f51650e61f516f05ed62163f5a0616c56c4fcbed3c049d7eedd65e69f23b843d8f92939b6987f9fc6980107079710'
+        }
+      },
+      {
+        title: 'Steam authentication without identity',
+        sample: {
+          service: 'steam',
+          identifier: '14000000bc9f006804c54b4032b27d0502002002cbfdcf771800000002000000060000004f0957cde6f88aecb090245624000000d8000000480000000500000033b19c0602002002fab015006438f58d8001b9d0000000008c57ef77fce61b780200551002000200f1cf060000000000d4dff043aed3c37739e65db7bc83d0196ecabeed867436df9cafa957ba08e29fe20739e47a3142ef1181e1fae857105545049f2bb6a6e86594fbf675246b5618b297d6535b605160f51650e61f516f05ed62163f5a0616c56c4fcbed3c049d7eedd65e69f23b843d8f92939b6987f9fc6980107079710'
+        }
       }
     ]
   },

src/entities/integration.ts

@@ -2,7 +2,7 @@ import { Entity, EntityManager, Enum, Filter, ManyToOne, PrimaryKey, Property }
 import { Request, Required, ValidationCondition } from 'koa-clay'
 import { decrypt, encrypt } from '../lib/crypto/string-encryption'
 import Game from './game'
-import { createSteamworksLeaderboard, createSteamworksLeaderboardEntry, deleteSteamworksLeaderboard, deleteSteamworksLeaderboardEntry, setSteamworksStat, syncSteamworksLeaderboards, syncSteamworksStats } from '../lib/integrations/steamworks-integration'
+import { authenticateTicket, createSteamworksLeaderboard, createSteamworksLeaderboardEntry, deleteSteamworksLeaderboard, deleteSteamworksLeaderboardEntry, setSteamworksStat, syncSteamworksLeaderboards, syncSteamworksStats } from '../lib/integrations/steamworks-integration'
 import Leaderboard from './leaderboard'
 import { pick } from 'lodash'
 import LeaderboardEntry from './leaderboard-entry'
@@ -176,6 +176,13 @@ export default class Integration {
     }
   }
 
+  async getPlayerIdentifier(req: Request, identifier: string): Promise<string> {
+    switch (this.type) {
+      case IntegrationType.STEAMWORKS:
+        return authenticateTicket(req, this, identifier)
+    }
+  }
+
   toJSON() {
     return {
       id: this.id,

src/entities/player.ts

@@ -47,6 +47,16 @@ export default class Player {
     this.props.add(new PlayerProp(this, key, value))
   }
 
+  upsertProp(key: string, value: string) {
+    const prop = this.props.getItems().find((prop) => prop.key === key)
+
+    if (prop) {
+      prop.value = value
+    } else {
+      this.addProp(key, value)
+    }
+  }
+
   setProps(props: { key: string, value: string }[]) {
     this.props.set(props.map(({ key, value }) => new PlayerProp(this, key, value)))
   }

src/lib/integrations/steamworks-integration.ts

@@ -11,6 +11,7 @@ import Player from '../../entities/player'
 import { performance } from 'perf_hooks'
 import GameStat from '../../entities/game-stat'
 import PlayerGameStat from '../../entities/player-game-stat'
+import { Request } from 'koa-clay'
 
 type SteamworksRequestConfig = {
   method: SteamworksRequestMethod
@@ -101,6 +102,35 @@ export type GetUserStatsForGameResponse = {
   }
 }
 
+export type AuthenticateUserTicketResponse = {
+  response: {
+    params?: {
+      result: 'OK'
+      steamid: string
+      ownersteamid: string
+      vacbanned: boolean
+      publisherbanned: boolean
+    }
+    error?: {
+      errorcode: number
+      errordesc: string
+    }
+  }
+}
+
+export type CheckAppOwnershipResponse = {
+  appownership: {
+    ownsapp: boolean
+    permanent: boolean
+    timestamp: string
+    ownersteamid: string
+    sitelicense: boolean
+    timedtrial: boolean
+    usercanceled: boolean
+    result: 'OK'
+  }
+}
+
 function createSteamworksRequestConfig(integration: Integration, method: SteamworksRequestMethod, url: string, body = ''): SteamworksRequestConfig {
   return {
     method,
@@ -465,3 +495,68 @@ export async function syncSteamworksStats(em: EntityManager, integration: Integr
     await setSteamworksStat(em, integration, unsyncedPlayerStat, steamAlias)
   }
 }
+
+export async function authenticateTicket(req: Request, integration: Integration, identifier: string): Promise<string> {
+  const em: EntityManager = req.ctx.em
+
+  const parts = identifier.split(':')
+  const identity = parts.length > 1 ? parts[0] : undefined
+  const ticket = parts.at(-1)
+
+  const config = createSteamworksRequestConfig(integration, 'GET', `/ISteamUserAuth/AuthenticateUserTicket/v1?appid=${integration.getConfig().appId}&ticket=${ticket}${identity ? `&identity=${identity}` : ''}`)
+  const event = createSteamworksIntegrationEvent(integration, config)
+  const res = await makeRequest<AuthenticateUserTicketResponse>(config, event)
+  await em.persistAndFlush(event)
+
+  if (res.data.response.error) {
+    const message = `Failed to authenticate Steamworks ticket: ${res.data.response.error.errordesc} (${res.data.response.error.errorcode})`
+    throw new Error(message, { cause: 400 })
+  }
+
+  const steamId = res.data.response.params.steamid
+  const alias = await em.getRepository(PlayerAlias).findOne({
+    service: PlayerAliasService.STEAM,
+    identifier: steamId,
+    player: {
+      game: integration.game
+    }
+  })
+
+  const {
+    appownership: {
+      ownsapp,
+      permanent,
+      timestamp
+    }
+  } = await verifyOwnership(em, integration, steamId)
+
+  const { vacbanned, publisherbanned } = res.data.response.params
+
+  if (alias) {
+    alias.player.upsertProp('META_STEAMWORKS_VAC_BANNED', String(vacbanned))
+    alias.player.upsertProp('META_STEAMWORKS_PUBLISHER_BANNED', String(publisherbanned))
+    alias.player.upsertProp('META_STEAMWORKS_OWNS_APP', String(ownsapp))
+    alias.player.upsertProp('META_STEAMWORKS_OWNS_APP_PERMANENTLY', String(permanent))
+    alias.player.upsertProp('META_STEAMWORKS_OWNS_APP_FROM_DATE', timestamp)
+    await em.flush()
+  } else {
+    req.ctx.state.initialPlayerProps = [
+      { key: 'META_STEAMWORKS_VAC_BANNED', value: String(vacbanned) },
+      { key: 'META_STEAMWORKS_PUBLISHER_BANNED', value: String(publisherbanned) },
+      { key: 'META_STEAMWORKS_OWNS_APP', value: String(ownsapp) },
+      { key: 'META_STEAMWORKS_OWNS_APP_PERMANENTLY', value: String(permanent) },
+      { key: 'META_STEAMWORKS_OWNS_APP_FROM_DATE', value: timestamp }
+    ]
+  }
+
+  return steamId
+}
+
+export async function verifyOwnership(em: EntityManager, integration: Integration, steamId: string): Promise<CheckAppOwnershipResponse> {
+  const config = createSteamworksRequestConfig(integration, 'GET', `/ISteamUser/CheckAppOwnership/v3?appid=${integration.getConfig().appId}&steamid=${steamId}`)
+  const event = createSteamworksIntegrationEvent(integration, config)
+  const res = await makeRequest<CheckAppOwnershipResponse>(config, event)
+  await em.persistAndFlush(event)
+
+  return res.data
+}

src/services/api/player-api.service.ts

@@ -11,16 +11,37 @@ import PlayerAPIDocs from '../../docs/player-api.docs'
 import PlayerProp from '../../entities/player-prop'
 import PlayerGameStat from '../../entities/player-game-stat'
 import checkScope from '../../policies/checkScope'
+import Integration, { IntegrationType } from '../../entities/integration'
 
-export function findAliasFromIdentifyRequest(
-  em: EntityManager,
+async function getRealIdentifier(
+  req: Request,
+  key: APIKey,
+  service: string,
+  identifier: string
+): Promise<string> {
+  if (service === PlayerAliasService.STEAM) {
+    const integration = await (req.ctx.em as EntityManager).getRepository(Integration).findOne({
+      game: key.game,
+      type: IntegrationType.STEAMWORKS
+    })
+
+    if (integration) {
+      return integration.getPlayerIdentifier(req, identifier)
+    }
+  }
+
+  return identifier
+}
+
+export async function findAliasFromIdentifyRequest(
+  req: Request,
   key: APIKey,
   service: string,
   identifier: string
 ): Promise<PlayerAlias | null> {
-  return em.getRepository(PlayerAlias).findOne({
+  return (req.ctx.em as EntityManager).getRepository(PlayerAlias).findOne({
     service,
-    identifier,
+    identifier: await getRealIdentifier(req, key, service, identifier),
     player: {
       game: key.game
     }
@@ -38,7 +59,8 @@ export async function createPlayerFromIdentifyRequest(
   if (checkScope(key, APIKeyScope.WRITE_PLAYERS)) {
     const res = await forwardRequest(req, {
       body: {
-        aliases: [{ service, identifier }]
+        aliases: [{ service, identifier: await getRealIdentifier(req, key, service, identifier) }],
+        props: req.ctx.state.initialPlayerProps
       }
     })
 
@@ -77,14 +99,23 @@ export default class PlayerAPIService extends APIService {
     const em: EntityManager = req.ctx.em
 
     const key = await this.getAPIKey(req.ctx)
-
-    let alias = await findAliasFromIdentifyRequest(em, key, service, identifier)
-    if (!alias) {
-      if (service === PlayerAliasService.TALO) {
-        req.ctx.throw(404, 'Player not found: Talo aliases must be created using the /v1/players/auth API')
+    let alias: PlayerAlias = null
+
+    try {
+      alias = await findAliasFromIdentifyRequest(req, key, service, identifier)
+      if (!alias) {
+        if (service === PlayerAliasService.TALO) {
+          req.ctx.throw(404, 'Player not found: Talo aliases must be created using the /v1/players/auth API')
+        } else {
+          const player = await createPlayerFromIdentifyRequest(req, key, service, identifier)
+          alias = player?.aliases[0]
+        }
+      }
+    } catch (err) {
+      if (err instanceof Error && err.cause === 400) {
+        req.ctx.throw(400, err.message)
       } else {
-        const player = await createPlayerFromIdentifyRequest(req, key, service, identifier)
-        alias = player?.aliases[0]
+        throw err
       }
     }
 

src/services/api/player-auth-api.service.ts

@@ -151,7 +151,7 @@ export default class PlayerAuthAPIService extends APIService {
 
     const key = await this.getAPIKey(req.ctx)
 
-    const alias = await findAliasFromIdentifyRequest(em, key, PlayerAliasService.TALO, identifier)
+    const alias = await findAliasFromIdentifyRequest(req, key, PlayerAliasService.TALO, identifier)
     if (!alias) this.handleFailedLogin(req)
 
     const passwordMatches = await bcrypt.compare(password, alias.player.auth.password)

tests/fixtures/PlayerFactory.ts

@@ -76,9 +76,11 @@ export default class PlayerFactory extends Factory<Player> {
     })
   }
 
-  withSteamAlias(): this {
+  withSteamAlias(steamId?: string): this {
     return this.state(async (player: Player) => {
-      const alias = await new PlayerAliasFactory(player).steam().one()
+      const alias = await new PlayerAliasFactory(player).steam().state(() => ({
+        identifier: steamId ?? casual.integer(100000, 1000000).toString()
+      })).one()
 
       return {
         aliases: new Collection<PlayerAlias>(player, [alias])

tests/services/_api/game-stat-api/steamworksPut.test.ts

@@ -80,7 +80,5 @@ describe('Game stats API service - put - steamworks integration', () => {
 
     const event = await (<EntityManager>global.em).getRepository(SteamworksIntegrationEvent).findOne({ integration })
     expect(event).toBeNull()
-
-    axiosMock.reset()
   })
 })