Add Steam ticket auth for auth=steam HTTP requests#158
Conversation
Made-with: Cursor
|
The main purpuse of this is locking content download behind and auth, so with the steam ticket, server can verify its legitimacy, and then provide specific content to an user or group of users based on steam id, but ye can be used for multiple things. P.S: This is my first pull request — please excuse any inconvenience. Feedback is welcome. |
|
Thank you! I’m not sure if I’m entirely happy with it though, it can allow to do some shady things, so I added a few changes. Now, server admins can add (Sorry about the delay, sadly I don’t have time to check GitHub often, please feel free to DM me on tg if you want to discuss it or have other suggestions,) |
|
@gro-ove Would it be ok to contact you through gmail? About this ill revisit it later on, i had some ideas on how to make it more secure, will let you know when i get back to that |
2 participants
Adds support for Steam-authenticated HTTP requests. When a URL includes auth=steam, the client sends the user's Steam session ticket in the Authorization header so the server can verify the request. This works for downloads, API calls, and any other HTTP request that goes through the shared web client (e.g. content downloads, server content, metadata fetching).
Changes:
a4f081c:
SteamTicketProvider.cs(new) obtains Steam session ticket viaGetAuthSessionTicketand exposesUrlRequiresSteamTicket()to detectauth=steamin URLs.CookieAwareWebClient.csadds Steam ticket injection inGetWebRequest, settingAuthorization: Bearer <hex-ticket>when the URL containsauth=steam.AcManager.Tools.csprojadds compile include forSteamTicketProvider.cs.