From de95685c0ba9c596456264d1ff8a220a1bb3d546 Mon Sep 17 00:00:00 2001 From: Sadzurami Date: Thu, 1 Feb 2024 15:37:56 +0300 Subject: [PATCH 1/2] include cookies for login.steampowered.com on getWebCookies() --- src/LoginSession.ts | 50 +++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 29 deletions(-) diff --git a/src/LoginSession.ts b/src/LoginSession.ts index a405e26..96db81b 100644 --- a/src/LoginSession.ts +++ b/src/LoginSession.ts @@ -1,5 +1,5 @@ import StdLib from '@doctormckay/stdlib'; -import {HttpClient, HttpResponse} from '@doctormckay/stdlib/http'; +import {HttpClient} from '@doctormckay/stdlib/http'; import {randomBytes} from 'crypto'; import createDebug from 'debug'; import HTTPS from 'https'; @@ -839,47 +839,39 @@ export default class LoginSession extends TypedEmitter { throw err; } - // Now we want to execute all transfers specified in the finalizelogin response. Technically we only need one - // successful transfer (hence the usage of promsieAny), but we execute them all for robustness in case one fails. - // As long as one succeeds, we're good. - let transfers:Promise[] = finalizeResponse.jsonBody.transfer_info.map(({url, params}) => new Promise(async (resolve, reject) => { + let domain = new URL(finalizeResponse.url).host; + + let cookies:string[] = finalizeResponse.headers['set-cookie'] + .map(cookie => !cookie.toLowerCase().includes('domain=') ? `${cookie}; Domain=${domain}` : cookie); + + // Now we want to execute all transfers specified in the finalizelogin response. + await Promise.all(finalizeResponse.jsonBody.transfer_info.map(async ({url, params}) => { let body = {steamID: this.steamID.getSteamID64(), ...params}; debug('POST %s %o', url, body); - let result: HttpResponse; - try { - result = await this._webClient.request({ - method: 'POST', - url, - multipartForm: HttpClient.simpleObjectToMultipartForm(body) - }); - } catch (error) { - return reject(error); - } + let result = await this._webClient.request({ + method: 'POST', + url, + multipartForm: HttpClient.simpleObjectToMultipartForm(body) + }); if (!result.headers || !result.headers['set-cookie'] || result.headers['set-cookie'].length == 0) { - return reject(new Error('No Set-Cookie header in result')); + throw new Error('No Set-Cookie header in result'); } if (!result.headers['set-cookie'].some(c => c.startsWith('steamLoginSecure='))) { - return reject(new Error('No steamLoginSecure cookie in result')); + throw new Error('No steamLoginSecure cookie in result'); } - let domain = new URL(url).host; - resolve( - result.headers['set-cookie'].map( - cookie => !cookie.toLowerCase().includes('domain=') ? `${cookie}; Domain=${domain}` : cookie - ) - ); - })); + let domain = new URL(result.url).host; - let cookies:string[] = []; - (await Promise.all(transfers)).forEach((domainCookies) => { - cookies = cookies.concat(domainCookies); - }); + result.headers['set-cookie'] + .map(cookie => !cookie.toLowerCase().includes('domain=') ? `${cookie}; Domain=${domain}` : cookie) + .forEach(cookie => cookies.push(cookie)); + })); // Filter out any sessionid cookies we might have, since we want to set one that works for everything - cookies = cookies.filter(c => !c.startsWith('sessionid=')); + cookies = cookies.filter(cookie => !cookie.startsWith('sessionid=')); // Now add in a sessionid cookie cookies.push(`sessionid=${sessionId}`); From 0582ef4d5fb6887239bcccfe862d388878094dab Mon Sep 17 00:00:00 2001 From: Sadzurami Date: Thu, 1 Feb 2024 15:38:34 +0300 Subject: [PATCH 2/2] update sessionid handling on getWebCookies() --- src/LoginSession.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/LoginSession.ts b/src/LoginSession.ts index 96db81b..fceb1c8 100644 --- a/src/LoginSession.ts +++ b/src/LoginSession.ts @@ -874,7 +874,11 @@ export default class LoginSession extends TypedEmitter { cookies = cookies.filter(cookie => !cookie.startsWith('sessionid=')); // Now add in a sessionid cookie - cookies.push(`sessionid=${sessionId}`); + [ + ...new Set(cookies.map(cookie => cookie.split('Domain=')[1].split(';')[0])) + ] + .filter(domain => domain !== 'login.steampowered.com') + .forEach(domain => cookies.push(`sessionid=${sessionId}; Path=/; Secure; SameSite=None; Domain=${domain}`)); return cookies; }