first commit

2026-01-10 04:57:43 +00:00
parent 16a76a2cd6
commit 232968de1e
131 changed files with 43262 additions and 0 deletions
--- a/STEAM_SETUP.md
+++ b/STEAM_SETUP.md
@@ -0,0 +1,227 @@
+# Steam API Setup Guide
+
+## ✅ Good News!
+
+Your WebSocket is working perfectly! The server is running fine.
+
+The only thing you need to do is add your Steam API key.
+
+---
+
+## 🔑 Get Your Steam API Key
+
+### Step 1: Get the API Key
+
+1. Go to: **https://steamcommunity.com/dev/apikey**
+2. Log in with your Steam account
+3. Enter a domain name (for local development, you can use `localhost` or `127.0.0.1`)
+4. Click "Register"
+5. Copy your API key (it looks like: `A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6`)
+
+### Step 2: Add to .env File
+
+Open your `.env` file in the TurboTrades folder and update this line:
+
+```env
+STEAM_API_KEY=YOUR_STEAM_API_KEY_HERE
+```
+
+Replace `YOUR_STEAM_API_KEY_HERE` with your actual key:
+
+```env
+STEAM_API_KEY=A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6
+```
+
+### Step 3: Restart the Server
+
+The server should restart automatically if you're using `npm run dev`.
+
+If not, stop the server (Ctrl+C) and run:
+```bash
+npm run dev
+```
+
+---
+
+## ✅ Test It!
+
+Once you've added your Steam API key:
+
+1. **Test Steam Login:**
+   - Open: http://localhost:3000/auth/steam
+   - You should be redirected to Steam to login
+   - After login, you'll be redirected back with cookies set
+
+2. **Test WebSocket:**
+   - Open: `test-client.html` in your browser
+   - Click "Connect"
+   - You should see "Connected" status
+
+3. **Test API:**
+   ```bash
+   curl http://localhost:3000/health
+   ```
+
+---
+
+## 🎉 Current Status
+
+✅ Server is running on http://localhost:3000  
+✅ WebSocket is working at ws://localhost:3000/ws  
+✅ MongoDB is connected  
+⏳ Waiting for Steam API key to enable authentication  
+
+---
+
+## 🔧 What's Working Now
+
+Based on your logs:
+
+```
+✅ Server listening at http://0.0.0.0:3000
+✅ WebSocket connection established
+✅ Public WebSocket connections working (unauthenticated)
+❌ Steam authentication needs API key
+```
+
+The **WebSocket connection worked!** It shows:
+- Connection type: object
+- Connection established successfully
+- "⚠️ WebSocket connection without authentication (public)"
+
+This is **perfect** - it means anonymous/public connections work!
+
+---
+
+## 📝 Full .env Example
+
+Your `.env` file should look like this:
+
+```env
+# Server Configuration
+NODE_ENV=development
+PORT=3000
+HOST=0.0.0.0
+
+# Database
+MONGODB_URI=mongodb://localhost:27017/turbotrades
+
+# Session
+SESSION_SECRET=change-this-to-a-random-secret-in-production
+
+# JWT Secrets
+JWT_ACCESS_SECRET=change-this-jwt-access-secret-to-something-random
+JWT_REFRESH_SECRET=change-this-jwt-refresh-secret-to-something-different
+JWT_ACCESS_EXPIRY=15m
+JWT_REFRESH_EXPIRY=7d
+
+# Steam OpenID - ADD YOUR KEY HERE ⬇️
+STEAM_API_KEY=A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6
+STEAM_REALM=http://localhost:3000
+STEAM_RETURN_URL=http://localhost:3000/auth/steam/return
+
+# Cookie Settings
+COOKIE_DOMAIN=localhost
+COOKIE_SECURE=false
+COOKIE_SAME_SITE=lax
+
+# CORS
+CORS_ORIGIN=http://localhost:3000
+
+# Rate Limiting
+RATE_LIMIT_MAX=100
+RATE_LIMIT_TIMEWINDOW=60000
+
+# Email Configuration (for future)
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=your-email@example.com
+SMTP_PASS=your-email-password
+EMAIL_FROM=noreply@turbotrades.com
+
+# WebSocket
+WS_PING_INTERVAL=30000
+WS_MAX_PAYLOAD=1048576
+```
+
+---
+
+## 🚨 Important Notes
+
+1. **Never commit your API key to Git!**
+   - The `.env` file is already in `.gitignore`
+   - Keep your API key secret
+
+2. **For production:**
+   - Generate new random secrets using:
+     ```bash
+     node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+     ```
+   - Use environment variables or a secure secrets manager
+   - Change `STEAM_REALM` and `STEAM_RETURN_URL` to your domain
+
+3. **Security:**
+   - Set `COOKIE_SECURE=true` in production (requires HTTPS)
+   - Use strong, random secrets for JWT and session
+   - Enable rate limiting
+
+---
+
+## 🐛 Troubleshooting
+
+### "Failed to discover OP endpoint URL"
+**Solution:** Add your Steam API key to `.env` as shown above.
+
+### "listen EADDRINUSE"
+**Solution:** Port 3000 is in use. Kill the process:
+```bash
+# Windows
+netstat -ano | findstr :3000
+taskkill //F //PID <PID>
+
+# Mac/Linux
+lsof -i :3000
+kill -9 <PID>
+```
+
+### "MongoDB connection error"
+**Solution:** Make sure MongoDB is running:
+```bash
+mongod
+```
+
+---
+
+## 🎯 Next Steps
+
+Once Steam login works:
+
+1. **Test the flow:**
+   - Visit http://localhost:3000/auth/steam
+   - Log in with Steam
+   - You'll be redirected back with authentication cookies
+
+2. **Test authenticated endpoints:**
+   ```bash
+   curl http://localhost:3000/auth/me \
+     --cookie "accessToken=YOUR_TOKEN"
+   ```
+
+3. **Test authenticated WebSocket:**
+   - Connect with token in URL: `ws://localhost:3000/ws?token=YOUR_TOKEN`
+   - Or let cookies handle it automatically
+
+4. **Start building:**
+   - Add marketplace routes
+   - Create listing models
+   - Implement trade functionality
+
+---
+
+**Need help? Check:**
+- `README.md` - Full documentation
+- `QUICKSTART.md` - Quick setup guide
+- `WEBSOCKET_GUIDE.md` - WebSocket details
+- `COMMANDS.md` - Command reference
+
+**Everything else is working perfectly! Just add your Steam API key! 🚀**