- TypeScript 94.3%
- Dockerfile 5.7%
| .github | ||
| src | ||
| .gitignore | ||
| docker-compose.yml | ||
| Dockerfile | ||
| LICENSE | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
Steam OAuth Middleware
A Simple Node.js Express application that provides Steam authentication and API integration services. This middleware implements OAuth 2.0-like flow for Steam authentication, allowing applications to authenticate users through their Steam accounts.
Prerequisites
- Node.js 20.x or later
- Docker and Docker Compose (optional)
- Steam API Key (obtain from Steam Web API)
Environment Variables
| Variable | Description | Example |
|---|---|---|
| PORT | Port number for the server | 3000 |
| STEAM_API_KEY | Your Steam Web API Key | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| REALM | Base URL of your application | http://localhost:3000 |
| RETURN_URL | OAuth return URL | http://localhost:3000/auth/steam/authenticate |
| JWT_SECRET | The Secret used when creating JWTs | JwtSecret |
| CLIENT_ID | The ID used for authenticating into the Middleware | ClientId |
| CLIENT_SECRET | The Secret used for authenticating into the Middleware | ClientSecret |
API Endpoints
Base Endpoints
GET /
- Description: Health check endpoint
- Response: Simple text indicating the API is running
- Example Response:
Steam Auth API is running
GET /health
- Description: Detailed health check endpoint
- Response: JSON object with configuration status
- Example Response:
{ "status": "healthy", "timestamp": "2024-02-20T12:00:00Z", "config": { "steamApiKey": "configured", "realm": "configured", "returnUrl": "configured", "clientId": "configured", "clientSecret": "configured", "jwtSecret": "configured" } }
Authentication Endpoints
All authentication endpoints are prefixed with /auth/steam
1. GET /auth/steam/authorize
- Description: Initiates the Steam authentication flow
- Query Parameters:
state: (Required) Random string to prevent CSRFredirect_uri: (Required) Where to redirect after authentication
- Response: Redirects to Steam login page
2. GET /auth/steam/callback
- Description: Handles the Steam authentication callback
- Query Parameters:
session_key: (Required) Session identifier
- Response: Redirects to the original redirect_uri with:
- Success:
?code={auth_code}&state={original_state} - Error:
?error=authentication_failed&error_description={message}&state={original_state}
- Success:
3. POST /auth/steam/token
- Description: Exchanges authorization code for access token
- Authentication: Basic Auth or Body Parameters with client credentials
- Request Body:
{ "code": "authorization_code", "client_id": "your_client_id", // Optional if using Basic Auth "client_secret": "your_client_secret" // Optional if using Basic Auth } - Response:
{ "access_token": "jwt_token", "token_type": "Bearer", "expires_in": 3600 }
4. GET /auth/steam/userinfo
- Description: Retrieves authenticated user's Steam profile
- Authentication: Bearer token required
- Headers:
Authorization: Bearer {access_token}
- Response: Steam user profile information
Installation
Local Development
- Clone the repository
- Install dependencies:
npm install - Create a
.envfile in the root directory with the required environment variables - Build the TypeScript code:
npm run build - Start the development server:
npm run dev
Docker Development
- Clone the repository
- Create a
.envfile with the required environment variables or add them to the Environment section in the compose. - Build and run using Docker Compose:
docker-compose up --build
Project Structure
.
├── src/
│ ├── utils/
│ │ └── helpers.ts
│ ├── providers/
│ │ └── steam-auth-provider.ts
│ ├── routes/
│ │ └── steam-routes.ts
│ └── index.ts
├── dist/ # Compiled JavaScript files
├── Dockerfile
├── docker-compose.yml
├── tsconfig.json
└── package.json
Scripts
npm run build: Compile TypeScript to JavaScriptnpm run start: Start the production servernpm run dev: Start the development server with hot-reload
Docker Configuration
The application uses a multi-stage Docker build process for optimal production images:
Development Mode
- Uses Node.js 20 Alpine base image
- Hot-reload enabled with volume mounts
- All dependencies installed for development
- Source code mounted for live updates
Production Mode
- Minimal production image
- Only production dependencies included
- Built TypeScript code only
- Non-root user for security
- Health check monitoring
- Resource limits available
Environment Configuration
- All environment variables configurable via docker-compose
- Default values provided for development
- Secure secrets management
- Health monitoring included
TypeScript Configuration
The project uses a comprehensive TypeScript configuration with the following features:
Compilation Settings
- Target: ES2020
- Module: CommonJS
- Source Maps enabled
- Declaration files generated
- Line endings normalized (LF)
Type Checking
- Strict mode enabled
- Unused code checking
- Implicit returns checked
- Switch case fallthrough prevention
- Index access checking
- Unreachable code detection
Module Resolution
- Node.js resolution strategy
- JSON module support
- ES Module interop enabled
- Consistent casing enforced
- Base URL configured
Development Experience
- Source maps for debugging
- Declaration files for better IDE support
- Strict null checks
- Unused code detection
- Comprehensive error checking
Security Considerations
- Uses JWT for secure token generation
- Implements state parameter to prevent CSRF attacks
- Validates client credentials
- Supports both Basic Auth and form-based authentication
- Session management for authentication flow
- HTTPS recommended for production use
- Docker security features:
- Non-root user
- No privilege escalation
- Resource limits
- Health monitoring
Contributing
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
License
MIT License