npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@fabiansharp/modern-passport-steam

v1.2.9

Published

A modern passport strategy for steam with hopefully no bugs!

Downloads

927

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

fabiansharpfabiansharp

Keywords

passportsteammodernvulnerability

Readme

Modern Steam OpenID strategy for Passport

Important Note

This package is a forked version of the modern-passport-steam package originally created by easton36. This fork includes the following enhancements:

  1. Added support for the passReqToCallback option, allowing the request object to be passed to the verify callback.
  2. Added TypeScript type definitions (index.d.ts) for improved developer experience and type safety.
  3. Fixed small issue in relation to realm validation.

These improvements aim to make the package more flexible and easier to use in TypeScript projects while maintaining the security and modernity of the original implementation.

Description

A modern Passport strategy for authenticating with Steam using OpenID 2.0. Inspired by the original passport-steam strategy, and DoctorMcKay's node-steam-signin library.

There is currently a vulnerability in the original passport-steam library that allows you to authenticate as any steam account.

Installation

$ npm i --save @fabiansharp/modern-passport-steam

Contents

Options

This strategy takes an options object with the following properties:

  • returnUrl - The URL to which Steam will redirect the user after authentication. This should be the URL of the route that calls passport.authenticate('steam').
  • realm - The URL to which Steam will redirect the user after authentication. This should be the root URL of your website.
  • fetchSteamLevel - Whether or not to fetch the user's Steam level. Defaults to false. Requires an API key to be provided.
  • fetchUserProfile - Whether or not to fetch the user's profile. Defaults to true. Requires an API key to be provided.
  • passReqToCallback - When true, req is the first argument to the verify callback. Defaults to false.
  • apiKey - A Steam API key to use for fetching the user's Steam level and profile. Can be a string or a function that returns a string. Can be async if you need to fetch the key from a remote service!
    • If you do not explicity set fetchUserProfile to false, an error will be thrown if you do not provide an API key.
    • If you do not provide an API key, the first parameter passed to the verify callback will be the SteamID object.
    • If you provide an API key, the first parameter passed to the verify callback will be the full user object. (See examples below)

Example options object:

{
	returnUrl: 'http://localhost:3000/login/return',
	realm: 'http://localhost:3000/',
	fetchSteamLevel: true, // Defaults to false, makes an extra request to fetch the user's Steam level
	fetchUserProfile: true, // Defaults to true if an API key is provided
	passReqToCallback: false, // Defaults to false, if true, req is the first argument to the verify callback
	apiKey: () => {
		// You should return your Steam API key here
		// For security, you should use environment variables or a secure key management service
		// Can be a string or a function that returns a string
		// Can be async if you need to fetch the key from a remote service!
		return 'MY_STEAM_API_KEY';
	}
}

Usage

Require Strategy

const SteamStrategy = require('modern-passport-steam');

Configure Strategy

If you want to fetch the user's Steam level and profile, you will need to provide a Steam API key. You can get one here. If you do not pass an api key, the first parameter passed to the verify callback will be the SteamID object, as you can see in the examples below.

With Profile Fetching:

passport.use(new SteamStrategy({
	returnUrl: 'http://localhost:3000/login/return',
	realm: 'http://localhost:3000/',
	fetchSteamLevel: true,
	fetchUserProfile: true,
	passReqToCallback: false,
	apiKey: () => {
		// You should return your Steam API key here
		// For security, you should use environment variables or a secure key management service
		// Can be a string or a function that returns a string
		// Can be async if you need to fetch the key from a remote service!
		return 'MY_STEAM_API_KEY';
	}
}, (user, done) => {
	// Here you would look up the user in your database using the SteamID
	// For this example, we're just passing the full user object back

	done(null, user);
}));

With passReqToCallback:

passport.use(new SteamStrategy({
    returnUrl: 'http://localhost:3000/login/return',
    realm: 'http://localhost:3000/',
    passReqToCallback: true,
    apiKey: 'YOUR_STEAM_API_KEY'
}, (req, user, done) => {
    // 'req' is now available here
    // You can access request-specific information if needed
    done(null, user);
}));

Example user object if you pass an API key:

{
  SteamID: SteamID { universe: 1, type: 1, instance: 1, accountid: 893472231 },
  profile: {
    steamid: '76561198853737959',
    communityvisibilitystate: 3,
    profilestate: 1,
    personaname: 'sampli',
    commentpermission: 1,
    profileurl: 'https://steamcommunity.com/id/shamp/',
    avatar: 'https://avatars.steamstatic.com/979e4a6baa364403e1dc268a52034162044ae391.jpg',
    avatarmedium: 'https://avatars.steamstatic.com/979e4a6baa364403e1dc268a52034162044ae391_medium.jpg',
    avatarfull: 'https://avatars.steamstatic.com/979e4a6baa364403e1dc268a52034162044ae391_full.jpg',
    avatarhash: '979e4a6baa364403e1dc268a52034162044ae391',
    lastlogoff: 1716699862,
    personastate: 0,
    primaryclanid: '103582791429521408',
    timecreated: 1534350460,
    personastateflags: 0
  },
  level: 52
}

Without Profile Fetching:

passport.use(new SteamStrategy({
	returnUrl: 'http://localhost:3000/login/return',
	realm: 'http://localhost:3000/',
	fetchUserProfile: false // Must explicitly set this to false if you do not want to fetch the user's profile
}, (SteamID, done) => {
	// Here you would look up the user in your database using the SteamID
	// For this example, we're just passing the SteamID64 back as the user id
	const user = {
		id: SteamID.getSteamID64()
	};

	done(null, user);
}));

Authenticate Requests

Use passport.authenticate(), specifying the 'steam' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/login', passport.authenticate('steam'));

app.get('/login/return', passport.authenticate('steam', {
	failureRedirect: '/login'
}), (req, res) => {
	// Successful authentication, redirect home.
	res.redirect('/');
});

Examples

There is a basic example using express in the examples folder.

License

The MIT License