TurboTrades/STEAM_SETUP.md

Steam API Setup Guide

✅ Good News!

Your WebSocket is working perfectly! The server is running fine.

The only thing you need to do is add your Steam API key.

---

🔑 Get Your Steam API Key

Step 1: Get the API Key

1. Go to: https://steamcommunity.com/dev/apikey
2. Log in with your Steam account
3. Enter a domain name (for local development, you can use localhost or 127.0.0.1)
4. Click "Register"
5. Copy your API key (it looks like: A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6)

Step 2: Add to .env File

Open your .env file in the TurboTrades folder and update this line:

STEAM_API_KEY=YOUR_STEAM_API_KEY_HERE

Replace YOUR_STEAM_API_KEY_HERE with your actual key:

STEAM_API_KEY=A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6

Step 3: Restart the Server

The server should restart automatically if you're using npm run dev.

If not, stop the server (Ctrl+C) and run:

npm run dev

---

✅ Test It!

Once you've added your Steam API key:

1. Test Steam Login:

   • Open: http://localhost:3000/auth/steam
   • You should be redirected to Steam to login
   • After login, you'll be redirected back with cookies set

2. Test WebSocket:

   • Open: test-client.html in your browser
   • Click "Connect"
   • You should see "Connected" status

3. Test API:

   curl http://localhost:3000/health
   

---

🎉 Current Status

✅ Server is running on http://localhost:3000
✅ WebSocket is working at ws://localhost:3000/ws
✅ MongoDB is connected
⏳ Waiting for Steam API key to enable authentication

---

🔧 What's Working Now

Based on your logs:

✅ Server listening at http://0.0.0.0:3000
✅ WebSocket connection established
✅ Public WebSocket connections working (unauthenticated)
❌ Steam authentication needs API key

The WebSocket connection worked! It shows:

• Connection type: object
• Connection established successfully
• "⚠️ WebSocket connection without authentication (public)"

This is perfect - it means anonymous/public connections work!

---

📝 Full .env Example

Your .env file should look like this:

# Server Configuration
NODE_ENV=development
PORT=3000
HOST=0.0.0.0

# Database
MONGODB_URI=mongodb://localhost:27017/turbotrades

# Session
SESSION_SECRET=change-this-to-a-random-secret-in-production

# JWT Secrets
JWT_ACCESS_SECRET=change-this-jwt-access-secret-to-something-random
JWT_REFRESH_SECRET=change-this-jwt-refresh-secret-to-something-different
JWT_ACCESS_EXPIRY=15m
JWT_REFRESH_EXPIRY=7d

# Steam OpenID - ADD YOUR KEY HERE ⬇️
STEAM_API_KEY=A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6
STEAM_REALM=http://localhost:3000
STEAM_RETURN_URL=http://localhost:3000/auth/steam/return

# Cookie Settings
COOKIE_DOMAIN=localhost
COOKIE_SECURE=false
COOKIE_SAME_SITE=lax

# CORS
CORS_ORIGIN=http://localhost:3000

# Rate Limiting
RATE_LIMIT_MAX=100
RATE_LIMIT_TIMEWINDOW=60000

# Email Configuration (for future)
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=your-email@example.com
SMTP_PASS=your-email-password
EMAIL_FROM=noreply@turbotrades.com

# WebSocket
WS_PING_INTERVAL=30000
WS_MAX_PAYLOAD=1048576

---

🚨 Important Notes

1. Never commit your API key to Git!

   • The .env file is already in .gitignore
   • Keep your API key secret

2. For production:

   • Generate new random secrets using:

     node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
     

   • Use environment variables or a secure secrets manager
   • Change STEAM_REALM and STEAM_RETURN_URL to your domain

3. Security:

   • Set COOKIE_SECURE=true in production (requires HTTPS)
   • Use strong, random secrets for JWT and session
   • Enable rate limiting

---

🐛 Troubleshooting

"Failed to discover OP endpoint URL"

Solution: Add your Steam API key to .env as shown above.

"listen EADDRINUSE"

Solution: Port 3000 is in use. Kill the process:

# Windows
netstat -ano | findstr :3000
taskkill //F //PID <PID>

# Mac/Linux
lsof -i :3000
kill -9 <PID>

"MongoDB connection error"

Solution: Make sure MongoDB is running:

mongod

---

🎯 Next Steps

Once Steam login works:

1. Test the flow:

   • Visit http://localhost:3000/auth/steam
   • Log in with Steam
   • You'll be redirected back with authentication cookies

2. Test authenticated endpoints:

   curl http://localhost:3000/auth/me \
     --cookie "accessToken=YOUR_TOKEN"
   

3. Test authenticated WebSocket:

   • Connect with token in URL: ws://localhost:3000/ws?token=YOUR_TOKEN
   • Or let cookies handle it automatically

4. Start building:

   • Add marketplace routes
   • Create listing models
   • Implement trade functionality

---

Need help? Check:

• README.md - Full documentation
• QUICKSTART.md - Quick setup guide
• WEBSOCKET_GUIDE.md - WebSocket details
• COMMANDS.md - Command reference

Everything else is working perfectly! Just add your Steam API key! 🚀