# Steam API Setup Guide ## ✅ Good News! Your WebSocket is working perfectly! The server is running fine. The only thing you need to do is add your Steam API key. --- ## 🔑 Get Your Steam API Key ### Step 1: Get the API Key 1. Go to: **https://steamcommunity.com/dev/apikey** 2. Log in with your Steam account 3. Enter a domain name (for local development, you can use `localhost` or `127.0.0.1`) 4. Click "Register" 5. Copy your API key (it looks like: `A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6`) ### Step 2: Add to .env File Open your `.env` file in the TurboTrades folder and update this line: ```env STEAM_API_KEY=YOUR_STEAM_API_KEY_HERE ``` Replace `YOUR_STEAM_API_KEY_HERE` with your actual key: ```env STEAM_API_KEY=A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6 ``` ### Step 3: Restart the Server The server should restart automatically if you're using `npm run dev`. If not, stop the server (Ctrl+C) and run: ```bash npm run dev ``` --- ## ✅ Test It! Once you've added your Steam API key: 1. **Test Steam Login:** - Open: http://localhost:3000/auth/steam - You should be redirected to Steam to login - After login, you'll be redirected back with cookies set 2. **Test WebSocket:** - Open: `test-client.html` in your browser - Click "Connect" - You should see "Connected" status 3. **Test API:** ```bash curl http://localhost:3000/health ``` --- ## 🎉 Current Status ✅ Server is running on http://localhost:3000 ✅ WebSocket is working at ws://localhost:3000/ws ✅ MongoDB is connected ⏳ Waiting for Steam API key to enable authentication --- ## 🔧 What's Working Now Based on your logs: ``` ✅ Server listening at http://0.0.0.0:3000 ✅ WebSocket connection established ✅ Public WebSocket connections working (unauthenticated) ❌ Steam authentication needs API key ``` The **WebSocket connection worked!** It shows: - Connection type: object - Connection established successfully - "⚠️ WebSocket connection without authentication (public)" This is **perfect** - it means anonymous/public connections work! --- ## 📝 Full .env Example Your `.env` file should look like this: ```env # Server Configuration NODE_ENV=development PORT=3000 HOST=0.0.0.0 # Database MONGODB_URI=mongodb://localhost:27017/turbotrades # Session SESSION_SECRET=change-this-to-a-random-secret-in-production # JWT Secrets JWT_ACCESS_SECRET=change-this-jwt-access-secret-to-something-random JWT_REFRESH_SECRET=change-this-jwt-refresh-secret-to-something-different JWT_ACCESS_EXPIRY=15m JWT_REFRESH_EXPIRY=7d # Steam OpenID - ADD YOUR KEY HERE ⬇️ STEAM_API_KEY=A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6 STEAM_REALM=http://localhost:3000 STEAM_RETURN_URL=http://localhost:3000/auth/steam/return # Cookie Settings COOKIE_DOMAIN=localhost COOKIE_SECURE=false COOKIE_SAME_SITE=lax # CORS CORS_ORIGIN=http://localhost:3000 # Rate Limiting RATE_LIMIT_MAX=100 RATE_LIMIT_TIMEWINDOW=60000 # Email Configuration (for future) SMTP_HOST=smtp.example.com SMTP_PORT=587 SMTP_USER=your-email@example.com SMTP_PASS=your-email-password EMAIL_FROM=noreply@turbotrades.com # WebSocket WS_PING_INTERVAL=30000 WS_MAX_PAYLOAD=1048576 ``` --- ## 🚨 Important Notes 1. **Never commit your API key to Git!** - The `.env` file is already in `.gitignore` - Keep your API key secret 2. **For production:** - Generate new random secrets using: ```bash node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" ``` - Use environment variables or a secure secrets manager - Change `STEAM_REALM` and `STEAM_RETURN_URL` to your domain 3. **Security:** - Set `COOKIE_SECURE=true` in production (requires HTTPS) - Use strong, random secrets for JWT and session - Enable rate limiting --- ## 🐛 Troubleshooting ### "Failed to discover OP endpoint URL" **Solution:** Add your Steam API key to `.env` as shown above. ### "listen EADDRINUSE" **Solution:** Port 3000 is in use. Kill the process: ```bash # Windows netstat -ano | findstr :3000 taskkill //F //PID # Mac/Linux lsof -i :3000 kill -9 ``` ### "MongoDB connection error" **Solution:** Make sure MongoDB is running: ```bash mongod ``` --- ## 🎯 Next Steps Once Steam login works: 1. **Test the flow:** - Visit http://localhost:3000/auth/steam - Log in with Steam - You'll be redirected back with authentication cookies 2. **Test authenticated endpoints:** ```bash curl http://localhost:3000/auth/me \ --cookie "accessToken=YOUR_TOKEN" ``` 3. **Test authenticated WebSocket:** - Connect with token in URL: `ws://localhost:3000/ws?token=YOUR_TOKEN` - Or let cookies handle it automatically 4. **Start building:** - Add marketplace routes - Create listing models - Implement trade functionality --- **Need help? Check:** - `README.md` - Full documentation - `QUICKSTART.md` - Quick setup guide - `WEBSOCKET_GUIDE.md` - WebSocket details - `COMMANDS.md` - Command reference **Everything else is working perfectly! Just add your Steam API key! 🚀**