2021-03-24 22:49:09 +01:00
|
|
|
use std::collections::HashMap;
|
2021-03-30 21:51:26 +02:00
|
|
|
use reqwest::{Url, cookie::{CookieStore}, header::COOKIE, header::{SET_COOKIE, USER_AGENT}};
|
2021-03-24 22:49:09 +01:00
|
|
|
use rsa::{PublicKey, RSAPublicKey};
|
|
|
|
use std::time::{SystemTime, UNIX_EPOCH};
|
|
|
|
use serde::{Serialize, Deserialize};
|
2021-03-25 17:43:41 +01:00
|
|
|
use serde::de::{Visitor};
|
2021-03-24 22:49:09 +01:00
|
|
|
use rand::rngs::OsRng;
|
2021-03-25 17:43:41 +01:00
|
|
|
use std::fmt;
|
2021-03-30 21:51:26 +02:00
|
|
|
use log::*;
|
2021-03-24 22:49:09 +01:00
|
|
|
|
2021-03-25 17:43:41 +01:00
|
|
|
#[derive(Debug, Clone, Deserialize)]
|
2021-03-24 22:49:09 +01:00
|
|
|
struct LoginResponse {
|
|
|
|
success: bool,
|
2021-03-25 17:43:41 +01:00
|
|
|
#[serde(default)]
|
2021-03-24 22:49:09 +01:00
|
|
|
login_complete: bool,
|
2021-03-30 21:51:26 +02:00
|
|
|
// #[serde(default)]
|
|
|
|
// oauth: String,
|
2021-03-25 17:43:41 +01:00
|
|
|
#[serde(default)]
|
|
|
|
captcha_needed: bool,
|
|
|
|
#[serde(default)]
|
|
|
|
captcha_gid: String,
|
|
|
|
#[serde(default)]
|
|
|
|
emailsteamid: u64,
|
|
|
|
#[serde(default)]
|
|
|
|
emailauth_needed: bool,
|
|
|
|
#[serde(default)]
|
|
|
|
requires_twofactor: bool,
|
2021-03-30 21:51:26 +02:00
|
|
|
#[serde(default)]
|
2021-03-25 17:43:41 +01:00
|
|
|
message: String,
|
2021-03-30 21:51:26 +02:00
|
|
|
transfer_urls: Option<Vec<String>>,
|
|
|
|
transfer_parameters: Option<LoginTransferParameters>,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug, Clone, Serialize, Deserialize)]
|
|
|
|
struct LoginTransferParameters {
|
|
|
|
steamid: String,
|
|
|
|
token_secure: String,
|
|
|
|
auth: String,
|
|
|
|
remember_login: bool,
|
|
|
|
webcookie: String,
|
2021-03-24 22:49:09 +01:00
|
|
|
}
|
|
|
|
|
2021-03-25 17:43:41 +01:00
|
|
|
#[derive(Debug, Clone, Deserialize)]
|
2021-03-24 22:49:09 +01:00
|
|
|
struct RsaResponse {
|
|
|
|
success: bool,
|
|
|
|
publickey_exp: String,
|
|
|
|
publickey_mod: String,
|
|
|
|
timestamp: String,
|
|
|
|
token_gid: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
pub enum LoginResult {
|
2021-03-30 21:51:26 +02:00
|
|
|
Ok(Session),
|
2021-03-24 22:49:09 +01:00
|
|
|
BadRSA,
|
|
|
|
BadCredentials,
|
2021-03-25 20:26:45 +01:00
|
|
|
NeedCaptcha{ captcha_gid: String },
|
2021-03-24 22:49:09 +01:00
|
|
|
Need2FA,
|
|
|
|
NeedEmail,
|
2021-03-25 17:43:41 +01:00
|
|
|
TooManyAttempts,
|
2021-03-24 22:49:09 +01:00
|
|
|
OtherFailure,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
pub struct UserLogin {
|
|
|
|
pub username: String,
|
|
|
|
pub password: String,
|
2021-03-25 17:43:41 +01:00
|
|
|
pub captcha_required: bool,
|
|
|
|
pub captcha_gid: String,
|
2021-03-24 22:49:09 +01:00
|
|
|
pub captcha_text: String,
|
|
|
|
pub twofactor_code: String,
|
|
|
|
pub email_code: String,
|
2021-03-25 17:43:41 +01:00
|
|
|
pub steam_id: u64,
|
2021-03-24 22:49:09 +01:00
|
|
|
|
|
|
|
cookies: reqwest::cookie::Jar,
|
|
|
|
// cookies: Arc<reqwest::cookie::Jar>,
|
|
|
|
client: reqwest::blocking::Client,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl UserLogin {
|
|
|
|
pub fn new(username: String, password: String) -> UserLogin {
|
|
|
|
return UserLogin {
|
|
|
|
username,
|
|
|
|
password,
|
2021-03-25 17:43:41 +01:00
|
|
|
captcha_required: false,
|
|
|
|
captcha_gid: String::from("-1"),
|
2021-03-24 22:49:09 +01:00
|
|
|
captcha_text: String::from(""),
|
|
|
|
twofactor_code: String::from(""),
|
|
|
|
email_code: String::from(""),
|
2021-03-25 17:43:41 +01:00
|
|
|
steam_id: 0,
|
2021-03-24 22:49:09 +01:00
|
|
|
cookies: reqwest::cookie::Jar::default(),
|
|
|
|
// cookies: Arc::<reqwest::cookie::Jar>::new(reqwest::cookie::Jar::default()),
|
|
|
|
client: reqwest::blocking::ClientBuilder::new()
|
|
|
|
.cookie_store(true)
|
|
|
|
.build()
|
|
|
|
.unwrap(),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fn update_session(&self) {
|
2021-03-30 21:51:26 +02:00
|
|
|
trace!("UserLogin::update_session");
|
2021-03-24 22:49:09 +01:00
|
|
|
let url = "https://steamcommunity.com".parse::<Url>().unwrap();
|
|
|
|
self.cookies.add_cookie_str("mobileClientVersion=0 (2.1.3)", &url);
|
|
|
|
self.cookies.add_cookie_str("mobileClient=android", &url);
|
|
|
|
self.cookies.add_cookie_str("Steam_Language=english", &url);
|
|
|
|
|
2021-04-04 20:07:06 +02:00
|
|
|
let resp = self.client
|
2021-03-24 22:49:09 +01:00
|
|
|
.get("https://steamcommunity.com/login?oauth_client_id=DE45CD61&oauth_scope=read_profile%20write_profile%20read_client%20write_client".parse::<Url>().unwrap())
|
|
|
|
.header("X-Requested-With", "com.valvesoftware.android.steam.community")
|
|
|
|
.header(USER_AGENT, "Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; Google Nexus 4 - 4.1.1 - API 16 - 768x1280 Build/JRO03S) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30")
|
|
|
|
// .header(COOKIE, "mobileClientVersion=0 (2.1.3)")
|
|
|
|
// .header(COOKIE, "mobileClient=android")
|
|
|
|
// .header(COOKIE, "Steam_Language=english")
|
|
|
|
.header(COOKIE, self.cookies.cookies(&url).unwrap())
|
|
|
|
.send();
|
2021-04-04 20:07:06 +02:00
|
|
|
trace!("{:?}", resp);
|
2021-03-30 21:51:26 +02:00
|
|
|
|
|
|
|
trace!("cookies: {:?}", self.cookies);
|
2021-03-24 22:49:09 +01:00
|
|
|
}
|
|
|
|
|
2021-03-26 00:47:44 +01:00
|
|
|
pub fn login(&mut self) -> LoginResult {
|
2021-03-30 21:51:26 +02:00
|
|
|
trace!("UserLogin::login");
|
2021-03-25 17:43:41 +01:00
|
|
|
if self.captcha_required && self.captcha_text.len() == 0 {
|
2021-03-26 00:47:44 +01:00
|
|
|
return LoginResult::NeedCaptcha{captcha_gid: self.captcha_gid.clone()};
|
2021-03-25 17:43:41 +01:00
|
|
|
}
|
|
|
|
|
2021-03-24 22:49:09 +01:00
|
|
|
let url = "https://steamcommunity.com".parse::<Url>().unwrap();
|
|
|
|
if self.cookies.cookies(&url) == Option::None {
|
|
|
|
self.update_session()
|
|
|
|
}
|
|
|
|
|
|
|
|
let mut params = HashMap::new();
|
|
|
|
params.insert("donotcache", format!("{}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() * 1000));
|
|
|
|
params.insert("username", self.username.clone());
|
|
|
|
let resp = self.client
|
|
|
|
.post("https://steamcommunity.com/login/getrsakey")
|
|
|
|
.form(¶ms)
|
|
|
|
.send()
|
|
|
|
.unwrap();
|
|
|
|
|
|
|
|
let encrypted_password: String;
|
2021-03-25 17:43:41 +01:00
|
|
|
let rsa_timestamp: String;
|
2021-03-24 22:49:09 +01:00
|
|
|
match resp.json::<RsaResponse>() {
|
|
|
|
Ok(rsa_resp) => {
|
2021-04-04 15:38:34 +02:00
|
|
|
rsa_timestamp = rsa_resp.timestamp.clone();
|
|
|
|
encrypted_password = encrypt_password(rsa_resp, &self.password);
|
2021-03-24 22:49:09 +01:00
|
|
|
}
|
|
|
|
Err(error) => {
|
2021-03-30 21:51:26 +02:00
|
|
|
error!("rsa error: {:?}", error);
|
2021-03-24 22:49:09 +01:00
|
|
|
return LoginResult::BadRSA
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-04 15:38:34 +02:00
|
|
|
trace!("captchagid: {}", self.captcha_gid);
|
|
|
|
trace!("captcha_text: {}", self.captcha_text);
|
|
|
|
trace!("twofactorcode: {}", self.twofactor_code);
|
|
|
|
trace!("emailauth: {}", self.email_code);
|
2021-03-24 22:49:09 +01:00
|
|
|
let mut params = HashMap::new();
|
|
|
|
params.insert("donotcache", format!("{}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() * 1000));
|
|
|
|
params.insert("username", self.username.clone());
|
2021-03-25 17:43:41 +01:00
|
|
|
params.insert("password", encrypted_password);
|
|
|
|
params.insert("twofactorcode", self.twofactor_code.clone());
|
|
|
|
params.insert("emailauth", self.email_code.clone());
|
|
|
|
params.insert("captchagid", self.captcha_gid.clone());
|
|
|
|
params.insert("captcha_text", self.captcha_text.clone());
|
|
|
|
params.insert("rsatimestamp", rsa_timestamp);
|
|
|
|
params.insert("remember_login", String::from("true"));
|
|
|
|
params.insert("oauth_client_id", String::from("DE45CD61"));
|
|
|
|
params.insert("oauth_scope", String::from("read_profile write_profile read_client write_client"));
|
|
|
|
|
|
|
|
let login_resp: LoginResponse;
|
|
|
|
match self.client
|
|
|
|
.post("https://steamcommunity.com/login/dologin")
|
|
|
|
.form(¶ms)
|
|
|
|
.send() {
|
|
|
|
Ok(resp) => {
|
2021-03-30 21:51:26 +02:00
|
|
|
// https://stackoverflow.com/questions/49928648/rubys-mechanize-error-401-while-sending-a-post-request-steam-trade-offer-send
|
|
|
|
let text = resp.text().unwrap();
|
|
|
|
trace!("resp content: {}", text);
|
|
|
|
match serde_json::from_str(text.as_str()) {
|
2021-03-25 17:43:41 +01:00
|
|
|
Ok(lr) => {
|
2021-03-30 21:51:26 +02:00
|
|
|
info!("login resp: {:?}", lr);
|
2021-03-25 17:43:41 +01:00
|
|
|
login_resp = lr;
|
|
|
|
}
|
|
|
|
Err(error) => {
|
2021-03-30 21:51:26 +02:00
|
|
|
debug!("login response did not have normal schema");
|
|
|
|
error!("login parse error: {:?}", error);
|
2021-03-25 17:43:41 +01:00
|
|
|
return LoginResult::OtherFailure;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Err(error) => {
|
2021-03-30 21:51:26 +02:00
|
|
|
error!("login request error: {:?}", error);
|
2021-03-25 17:43:41 +01:00
|
|
|
return LoginResult::OtherFailure;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if login_resp.message.contains("too many login") {
|
|
|
|
return LoginResult::TooManyAttempts;
|
|
|
|
}
|
|
|
|
|
2021-03-25 18:22:42 +01:00
|
|
|
if login_resp.message.contains("Incorrect login") {
|
|
|
|
return LoginResult::BadCredentials;
|
|
|
|
}
|
|
|
|
|
|
|
|
if login_resp.captcha_needed {
|
2021-03-26 00:47:44 +01:00
|
|
|
self.captcha_gid = login_resp.captcha_gid.clone();
|
|
|
|
return LoginResult::NeedCaptcha{ captcha_gid: self.captcha_gid.clone() };
|
2021-03-25 18:22:42 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if login_resp.emailauth_needed {
|
2021-03-26 00:47:44 +01:00
|
|
|
self.steam_id = login_resp.emailsteamid.clone();
|
2021-03-25 18:22:42 +01:00
|
|
|
return LoginResult::NeedEmail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if login_resp.requires_twofactor {
|
|
|
|
return LoginResult::Need2FA;
|
|
|
|
}
|
|
|
|
|
|
|
|
if !login_resp.login_complete {
|
|
|
|
return LoginResult::BadCredentials;
|
|
|
|
}
|
|
|
|
|
2021-03-24 22:49:09 +01:00
|
|
|
|
2021-03-30 21:51:26 +02:00
|
|
|
// transfer login parameters? Not completely sure what this is for.
|
|
|
|
// i guess steam changed their authentication scheme slightly
|
|
|
|
let oauth;
|
|
|
|
match (login_resp.transfer_urls, login_resp.transfer_parameters) {
|
|
|
|
(Some(urls), Some(params)) => {
|
|
|
|
debug!("received transfer parameters, relaying data...");
|
|
|
|
for url in urls {
|
|
|
|
trace!("posting transfer to {}", url);
|
|
|
|
let result = self.client
|
|
|
|
.post(url)
|
|
|
|
.json(¶ms)
|
|
|
|
.send();
|
|
|
|
trace!("result: {:?}", result);
|
|
|
|
match result {
|
|
|
|
Ok(resp) => {
|
|
|
|
debug!("result status: {}", resp.status());
|
|
|
|
self.save_cookies_from_response(&resp);
|
|
|
|
}
|
|
|
|
Err(e) => {
|
|
|
|
error!("failed to transfer parameters: {:?}", e);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
oauth = OAuthData {
|
|
|
|
oauth_token: params.auth,
|
|
|
|
steamid: params.steamid.parse().unwrap(),
|
|
|
|
wgtoken: params.token_secure.clone(), // guessing
|
|
|
|
wgtoken_secure: params.token_secure,
|
|
|
|
webcookie: params.webcookie,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
_ => {
|
|
|
|
error!("did not receive transfer_urls and transfer_parameters");
|
|
|
|
return LoginResult::OtherFailure;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// let oauth: OAuthData = serde_json::from_str(login_resp.oauth.as_str()).unwrap();
|
|
|
|
let url = "https://steamcommunity.com".parse::<Url>().unwrap();
|
|
|
|
let cookies = self.cookies.cookies(&url).unwrap();
|
|
|
|
let all_cookies = cookies.to_str().unwrap();
|
|
|
|
let mut session_id = String::from("");
|
|
|
|
for cookie in all_cookies.split(";").map(|s| cookie::Cookie::parse(s).unwrap()) {
|
|
|
|
if cookie.name() == "sessionid" {
|
|
|
|
session_id = String::from(cookie.value());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
trace!("cookies {:?}", cookies);
|
|
|
|
let session = self.build_session(oauth, session_id);
|
|
|
|
|
|
|
|
return LoginResult::Ok(session);
|
2021-03-24 22:49:09 +01:00
|
|
|
}
|
2021-03-25 18:52:55 +01:00
|
|
|
|
2021-03-30 21:51:26 +02:00
|
|
|
fn build_session(&self, data: OAuthData, session_id: String) -> Session {
|
2021-03-25 18:52:55 +01:00
|
|
|
return Session{
|
|
|
|
token: data.oauth_token,
|
|
|
|
steam_id: data.steamid,
|
|
|
|
steam_login: format!("{}%7C%7C{}", data.steamid, data.wgtoken),
|
|
|
|
steam_login_secure: format!("{}%7C%7C{}", data.steamid, data.wgtoken_secure),
|
2021-03-30 21:51:26 +02:00
|
|
|
session_id: session_id,
|
|
|
|
web_cookie: data.webcookie,
|
2021-03-25 18:52:55 +01:00
|
|
|
};
|
|
|
|
}
|
2021-03-30 21:51:26 +02:00
|
|
|
|
|
|
|
fn save_cookies_from_response(&mut self, response: &reqwest::blocking::Response) {
|
|
|
|
let set_cookie_iter = response.headers().get_all(SET_COOKIE);
|
|
|
|
let url = "https://steamcommunity.com".parse::<Url>().unwrap();
|
|
|
|
|
|
|
|
for c in set_cookie_iter {
|
|
|
|
c.to_str()
|
|
|
|
.into_iter()
|
|
|
|
.for_each(|cookie_str| {
|
|
|
|
self.cookies.add_cookie_str(cookie_str, &url)
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
2021-03-25 18:52:55 +01:00
|
|
|
}
|
|
|
|
|
2021-03-26 00:47:44 +01:00
|
|
|
#[derive(Debug, Clone, Deserialize)]
|
2021-03-25 18:52:55 +01:00
|
|
|
struct OAuthData {
|
|
|
|
oauth_token: String,
|
|
|
|
steamid: u64,
|
|
|
|
wgtoken: String,
|
|
|
|
wgtoken_secure: String,
|
|
|
|
webcookie: String,
|
2021-03-24 22:49:09 +01:00
|
|
|
}
|
|
|
|
|
2021-03-27 13:17:56 +01:00
|
|
|
#[derive(Debug, Clone, Serialize, Deserialize)]
|
2021-03-25 18:52:55 +01:00
|
|
|
pub struct Session {
|
2021-03-27 13:17:56 +01:00
|
|
|
#[serde(rename = "SessionID")]
|
2021-03-25 18:52:55 +01:00
|
|
|
pub session_id: String,
|
2021-03-27 13:17:56 +01:00
|
|
|
#[serde(rename = "SteamLogin")]
|
2021-03-25 18:52:55 +01:00
|
|
|
pub steam_login: String,
|
2021-03-27 13:17:56 +01:00
|
|
|
#[serde(rename = "SteamLoginSecure")]
|
2021-03-25 18:52:55 +01:00
|
|
|
pub steam_login_secure: String,
|
2021-03-27 13:17:56 +01:00
|
|
|
#[serde(rename = "WebCookie")]
|
2021-03-25 18:52:55 +01:00
|
|
|
pub web_cookie: String,
|
2021-03-27 13:17:56 +01:00
|
|
|
#[serde(rename = "OAuthToken")]
|
2021-03-25 18:52:55 +01:00
|
|
|
pub token: String,
|
2021-03-27 13:17:56 +01:00
|
|
|
#[serde(rename = "SteamID")]
|
2021-03-25 18:52:55 +01:00
|
|
|
pub steam_id: u64,
|
|
|
|
}
|
2021-03-24 22:49:09 +01:00
|
|
|
|
|
|
|
pub fn get_server_time() -> i64 {
|
|
|
|
let client = reqwest::blocking::Client::new();
|
|
|
|
let resp = client
|
|
|
|
.post("https://api.steampowered.com/ITwoFactorService/QueryTime/v0001")
|
|
|
|
.body("steamid=0")
|
|
|
|
.send();
|
|
|
|
let value: serde_json::Value = resp.unwrap().json().unwrap();
|
|
|
|
|
|
|
|
// println!("{}", value["response"]);
|
|
|
|
|
|
|
|
return String::from(value["response"]["server_time"].as_str().unwrap()).parse().unwrap();
|
|
|
|
}
|
2021-04-04 15:38:34 +02:00
|
|
|
|
|
|
|
fn encrypt_password(rsa_resp: RsaResponse, password: &String) -> String {
|
|
|
|
let rsa_exponent = rsa::BigUint::parse_bytes(rsa_resp.publickey_exp.as_bytes(), 16).unwrap();
|
|
|
|
let rsa_modulus = rsa::BigUint::parse_bytes(rsa_resp.publickey_mod.as_bytes(), 16).unwrap();
|
|
|
|
let public_key = RSAPublicKey::new(rsa_modulus, rsa_exponent).unwrap();
|
|
|
|
let mut rng = OsRng;
|
|
|
|
let padding = rsa::PaddingScheme::new_pkcs1v15_encrypt();
|
|
|
|
let encrypted_password = base64::encode(public_key.encrypt(&mut rng, padding, password.as_bytes()).unwrap());
|
|
|
|
return encrypted_password;
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn test_encrypt_password() {
|
|
|
|
let rsa_resp = RsaResponse{
|
|
|
|
success: true,
|
|
|
|
publickey_exp: String::from("010001"),
|
|
|
|
publickey_mod: String::from("98f9088c1250b17fe19d2b2422d54a1eef0036875301731f11bd17900e215318eb6de1546727c0b7b61b86cefccdcb2f8108c813154d9a7d55631965eece810d4ab9d8a59c486bda778651b876176070598a93c2325c275cb9c17bdbcacf8edc9c18c0c5d59bc35703505ef8a09ed4c62b9f92a3fac5740ce25e490ab0e26d872140e4103d912d1e3958f844264211277ee08d2b4dd3ac58b030b25342bd5c949ae7794e46a8eab26d5a8deca683bfd381da6c305b19868b8c7cd321ce72c693310a6ebf2ecd43642518f825894602f6c239cf193cb4346ce64beac31e20ef88f934f2f776597734bb9eae1ebdf4a453973b6df9d5e90777bffe5db83dd1757b"),
|
|
|
|
timestamp: String::from("asdf"),
|
|
|
|
token_gid: String::from("asdf"),
|
|
|
|
};
|
|
|
|
let result = encrypt_password(rsa_resp, &String::from("kelwleofpsm3n4ofc"));
|
|
|
|
assert_eq!(result.len(), 344); // can't test exact match because the result is different every time (because of OsRng)
|
|
|
|
}
|