Merge pull request #2 from molecul/main

Implement correct iteraction with Steam OAuth and Steam OpenId

Author: chr233

ASFOAuth/ASFOAuth.cs

@@ -153,12 +153,20 @@ public Task OnLoaded()
             {
                 //Core
                 "OAUTH" or
-                "O" when argLength == 3 && access >= EAccess.Master =>
+                "OA" when argLength == 3 && access >= EAccess.Master =>
                     Core.Command.OAuth(args[1], args[2]),
 
                 "OAUTH" or
-                "O" when argLength == 2 && access >= EAccess.Master =>
+                "OA" when argLength == 2 && access >= EAccess.Master =>
                     Core.Command.OAuth(bot, args[1]),
+                
+                "OPENID" or 
+                "OP" when argLength == 3 && access >= EAccess.Master =>
+                    Core.Command.OpenId(args[1], args[2]),
+
+                "OPENID" or
+                "OP" when argLength == 2 && access >= EAccess.Master =>
+                    Core.Command.OpenId(bot, args[1]),
 
                 _ => null,
             },

ASFOAuth/Core/Command.cs

@@ -24,4 +24,24 @@ internal static class Command
         }
         return await OAuth(bot, url).ConfigureAwait(false);
     }
+    
+    internal static async Task<string?> OpenId(Bot bot, string url)
+    {
+        if (!bot.IsConnectedAndLoggedOn)
+        {
+            return bot.FormatBotResponse(Strings.BotNotConnected);
+        }
+        var response = await WebRequest.LoginViaSteamOpenId(bot, url).ConfigureAwait(false);
+        return bot.FormatBotResponse(response);
+    }
+
+    internal static async Task<string?> OpenId(string botName, string url)
+    {
+        var bot = Bot.GetBot(botName);
+        if (bot == null)
+        {
+            return Utils.FormatStaticResponse(string.Format(Strings.BotNotFound, botName));
+        }
+        return await OpenId(bot, url).ConfigureAwait(false);
+    }
 }

ASFOAuth/Core/WebRequest.cs

@@ -7,17 +7,21 @@ namespace ASFOAuth.Core;
 internal static partial class WebRequest
 {
     [GeneratedRegex(@"(?:(openid\.[a-z_.]+)=([^&]+))")]
-    private static partial Regex MatchQueries();
+    private static partial Regex OpenIdMatchQueries();
+    
+    [GeneratedRegex(@"(?:([a-z_.]+)=([^&]+))")]
+    private static partial Regex OAuthMatchQueries();
 
     /// <summary>
-    /// Steam OAuth登录
+    /// Steam OpenId登录
     /// </summary>
     /// <param name="bot"></param>
     /// <param name="url"></param>
     /// <returns></returns>
-    internal static async Task<string> LoginViaSteamOAuth(Bot bot, string url)
+    internal static async Task<string> LoginViaSteamOpenId(Bot bot, string url)
     {
-        var regex = MatchQueries();
+
+        var regex = OpenIdMatchQueries();
         var matches = regex.Matches(url);
 
         var queries = new List<string>();
@@ -28,7 +32,7 @@ internal static async Task<string> LoginViaSteamOAuth(Bot bot, string url)
 
         if (queries.Count == 0)
         {
-            return "OAuth链接无效";
+            return "OpenId链接无效";
         }
 
         var request = new Uri(SteamCommunityURL, "/openid/login?" + string.Join('&', queries));
@@ -37,7 +41,7 @@ internal static async Task<string> LoginViaSteamOAuth(Bot bot, string url)
         var eles = response?.Content?.QuerySelectorAll("#openidForm>input[name][value]");
         if (eles == null)
         {
-            return "网络错误或OAuth链接无效";
+            return "网络错误或OpenId链接无效";
         }
 
         var formData = new Dictionary<string, string>();
@@ -54,6 +58,59 @@ internal static async Task<string> LoginViaSteamOAuth(Bot bot, string url)
         request = new Uri(SteamCommunityURL, "/openid/login");
         var response2 = await bot.ArchiWebHandler.UrlPostToHtmlDocumentWithSession(request, data: formData, requestOptions: WebBrowser.ERequestOptions.ReturnRedirections).ConfigureAwait(false);
 
+        return response2?.FinalUri.ToString() ?? "登录失败";
+    } 
+    
+    /// <summary>
+    /// Steam OAuth登录
+    /// </summary>
+    /// <param name="bot"></param>
+    /// <param name="url"></param>
+    /// <returns></returns>
+    internal static async Task<string> LoginViaSteamOAuth(Bot bot, string url)
+    {
+        
+        var regex = OAuthMatchQueries();
+        var matches = regex.Matches(url);
+
+        var queries = new List<string>();
+        foreach (var match in matches.ToList())
+        {
+            queries.Add(match.Value);
+        }
+
+        if (queries.Count == 0)
+        {
+            return "OAuth链接无效";
+        }
+
+        var request = new Uri(SteamCommunityURL, "/oauth/login?" + string.Join('&', queries));
+        var response = await bot.ArchiWebHandler.UrlGetToHtmlDocumentWithSession(request).ConfigureAwait(false);
+        var eles = response?.Content?.QuerySelectorAll("#openidForm>input[name][value]");
+        if (eles == null)
+        {
+            return "网络错误或OAuth链接无效";
+        }
+        
+        var formData = new Dictionary<string, string>();
+        foreach (var ele in eles)
+        {
+            var name = ele.GetAttribute("name");
+            var value = ele.GetAttribute("value");
+            if (!string.IsNullOrEmpty(name) && !string.IsNullOrEmpty(value))
+            {
+                formData.Add(name, value);
+            }
+        }
+
+        if (!formData.GetValueOrDefault("action", "").Equals("steam_openid_login"))
+        {
+            return "网络错误或OAuth链接无效";
+        }
+        
+        request = new Uri(SteamCommunityURL, "/oauth/auth");
+        var response2 = await bot.ArchiWebHandler.UrlPostToHtmlDocumentWithSession(request, data: formData, requestOptions: WebBrowser.ERequestOptions.ReturnRedirections).ConfigureAwait(false);
+        
         return response2?.FinalUri.ToString() ?? "登录失败";
     }
 }

ASFOAuth/IPC/ASFOAuthController.cs

@@ -26,6 +26,22 @@ public sealed record OAuthResponse
     public string? LoginUrl { get; set; }
 }
 
+public sealed record OpenIdRequest
+{
+    [JsonInclude]
+    [JsonRequired]
+    public string? BotName { get; set; }
+    [JsonInclude]
+    [JsonRequired]
+    public string? OpenIdUrl { get; set; }
+}
+
+public sealed record OpenIdResponse
+{
+    public bool Success { get; set; }
+    public string? LoginUrl { get; set; }
+}
+
 /// <summary>
 /// 基础控制器
 /// </summary>
@@ -106,4 +122,80 @@ public async Task<ActionResult<GenericResponse>> Oauth([FromRoute] string botNam
 
         return Ok(new GenericResponse<OAuthResponse>(response));
     }
+    
+    /// <summary>
+    /// Steam登录
+    /// </summary>
+    /// <param name="request"></param>
+    /// <returns></returns>
+    /// <exception cref="ArgumentNullException"></exception>
+    [HttpPost("OpenId")]
+    [SwaggerOperation(Summary = "Steam登录", Description = "通过SteamOpenId登录第三方网站")]
+    [SwaggerResponse((int)HttpStatusCode.BadRequest, $"The request has failed, check {nameof(GenericResponse.Message)} from response body for actual reason. Most of the time this is ASF, understanding the request, but refusing to execute it due to provided reason.", typeof(GenericResponse))]
+    [ProducesResponseType(typeof(GenericResponse<OpenIdResponse>), (int)HttpStatusCode.OK)]
+    [ProducesResponseType(typeof(GenericResponse), (int)HttpStatusCode.BadRequest)]
+    public async Task<ActionResult<GenericResponse>> OpenId([FromBody] OpenIdRequest request)
+    {
+        if (request == null)
+        {
+            throw new ArgumentNullException(nameof(request));
+        }
+
+        if (string.IsNullOrEmpty(request.BotName) || string.IsNullOrEmpty(request.OpenIdUrl))
+        {
+            return BadRequest(new GenericResponse(false, "BotName or OpenIdUrl can not be null"));
+        }
+
+        var bot = Bot.GetBot(request.BotName);
+        if (bot == null)
+        {
+            return BadRequest(new GenericResponse(false, string.Format(CultureInfo.CurrentCulture, Strings.BotNotFound, request.BotName)));
+        }
+
+        var result = await Core.WebRequest.LoginViaSteamOpenId(bot, request.OpenIdUrl).ConfigureAwait(false);
+
+        var response = new OpenIdResponse
+        {
+            Success = result.StartsWith("https"),
+            LoginUrl = result,
+        };
+
+        return Ok(new GenericResponse<OpenIdResponse>(response));
+    }
+
+    [HttpGet("OpenId/{botName:required}/{OpenIdUrl:required}")]
+    [HttpPost("OpenId/{botName:required}/{OpenIdUrl:required}")]
+    [SwaggerOperation(Summary = "Steam登录", Description = "通过SteamOpenId登录第三方网站")]
+    [SwaggerResponse((int)HttpStatusCode.BadRequest, $"The request has failed, check {nameof(GenericResponse.Message)} from response body for actual reason. Most of the time this is ASF, understanding the request, but refusing to execute it due to provided reason.", typeof(GenericResponse))]
+    [ProducesResponseType(typeof(GenericResponse<OpenIdResponse>), (int)HttpStatusCode.OK)]
+    [ProducesResponseType(typeof(GenericResponse), (int)HttpStatusCode.BadRequest)]
+    public async Task<ActionResult<GenericResponse>> OpenId([FromRoute] string botName, [FromRoute] string OpenIdUrl)
+    {
+        if (string.IsNullOrEmpty(botName))
+        {
+            throw new ArgumentNullException(nameof(botName));
+        }
+
+        var bot = Bot.GetBot(botName);
+        if (bot == null)
+        {
+            return BadRequest(new GenericResponse(false, string.Format(CultureInfo.CurrentCulture, Strings.BotNotFound, botName)));
+        }
+
+        if (string.IsNullOrEmpty(OpenIdUrl))
+        {
+            return BadRequest(new GenericResponse(false, "OpenIdUrl can not be null"));
+        }
+
+        var result = await Core.WebRequest.LoginViaSteamOpenId(bot, OpenIdUrl).ConfigureAwait(false);
+
+        var response = new OpenIdResponse
+        {
+            Success = result.StartsWith("https"),
+            LoginUrl = result,
+        };
+
+        return Ok(new GenericResponse<OpenIdResponse>(response));
+    }
+
 }

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
 	<PropertyGroup>
-		<Version>1.3.0.0</Version>
+		<Version>1.3.0.1</Version>
 	</PropertyGroup>
 
 	<PropertyGroup>

README.md

@@ -37,13 +37,14 @@
 
 ### 更新日志
 
-| ASFOAuth 版本                                                      | 适配 ASF 版本 | 更新说明                         |
-| ------------------------------------------------------------------ | :-----------: | -------------------------------- |
-| [1.3.0.0](https://github.com/chr233/ASFOAuth/releases/tag/1.3.0.0) |    6.0.0.3    | ASF -> 6.0.0.3                   |
-| [1.2.0.0](https://github.com/chr233/ASFOAuth/releases/tag/1.2.0.0) |   5.5.0.11    | ASF -> 5.5.0.11                  |
-| [1.1.0.0](https://github.com/chr233/ASFOAuth/releases/tag/1.1.0.0) |   5.4.12.5    | ASF -> 5.4.12.5, 接入 ASFEnhance |
-| [1.0.1.0](https://github.com/chr233/ASFOAuth/releases/tag/1.0.1.0) |    5.4.8.3    | ASF -> 5.4.8.3                   |
-| [1.0.0.2](https://github.com/chr233/ASFOAuth/releases/tag/1.0.0.2) |    5.4.5.2    | 第一个版本                       |
+| ASFOAuth 版本                                                      | 适配 ASF 版本 | 更新说明                                      |
+|--------------------------------------------------------------------| :-----------: | --------------------------------------------- |
+| [1.3.0.1](https://github.com/chr233/ASFOAuth/releases/tag/1.3.0.0) |    6.0.0.3    | 与 Steam OAuth 和 Steam OpenId 实现正确的交互 |
+| [1.3.0.0](https://github.com/chr233/ASFOAuth/releases/tag/1.3.0.0) |    6.0.0.3    | ASF -> 6.0.0.3                                |
+| [1.2.0.0](https://github.com/chr233/ASFOAuth/releases/tag/1.2.0.0) |   5.5.0.11    | ASF -> 5.5.0.11                               |
+| [1.1.0.0](https://github.com/chr233/ASFOAuth/releases/tag/1.1.0.0) |   5.4.12.5    | ASF -> 5.4.12.5, 接入 ASFEnhance              |
+| [1.0.1.0](https://github.com/chr233/ASFOAuth/releases/tag/1.0.1.0) |    5.4.8.3    | ASF -> 5.4.8.3                                |
+| [1.0.0.2](https://github.com/chr233/ASFOAuth/releases/tag/1.0.0.2) |    5.4.5.2    | 第一个版本                                    |
 
 ## 插件配置说明
 
@@ -82,6 +83,7 @@ ASF.json
 
 ### 功能指令
 
-| 命令              | 缩写 | 权限     | 说明                                                                      |
-| ----------------- | ---- | -------- | ------------------------------------------------------------------------- |
-| `OAUTH [Bot] Uri` | `O`  | `Master` | 自动使用机器人身份通过 SteamOpenId 登录第三方网站, 返回跳转回第三方的网址 |
+| 命令               | 缩写 | 权限     | 说明                                                                         |
+|--------------------|------|----------|------------------------------------------------------------------------------|
+| `OAUTH [Bot] Uri`  | `OA` | `Master` | 自动使用机器人身份通过  SteamOAuth  登录第三方网站 , 返回跳转回第三方的网址  |
+| `OPENID [Bot] Uri` | `OP` | `Master` | 自动使用机器人身份通过  SteamOpenId  登录第三方网站 , 返回跳转回第三方的网址 |