From cc317e10a8f1c71a16b0c577ddb0976adc244d71 Mon Sep 17 00:00:00 2001 From: JustArchi Date: Fri, 23 Dec 2016 19:04:36 +0100 Subject: [PATCH] Remove ForceHttp option Initially I wanted to make it configurable to choose either HTTPS (preferred), or HTTP, depending on user choice. I strongly believed that it WAS possible without much headache, and solve many older Mono issues without any strong code drawbacks. However, Volvo proved me wrong yet again, as it seems that using HTTP just like that for accepting a trade makes it impossible, and that's ONLY because we're using HTTP and not HTTPS, even if all other data, including referer, post and request, looks exactly the same. It's quite sad that I must remove this option, but I literally discovered that switching this to true makes accepting trades impossible, and that is beyond the point I can accept, as user could switch this to true when he doesn't need it, and limit program functionality without even knowing that this is the cause. Everybody using up-to-date Mono should have no issues using HTTPS, even legacy TLS 1.0, so hopefully this won't hurt that marginal percent of users that had this set to true in the past. It was mentioned in the wiki that this option might disappear later on, and this is the moment when it doesn't only should, but MUST, disappear... :cry: --- ArchiSteamFarm/ArchiWebHandler.cs | 61 ++++++++++++++++++++----------- ArchiSteamFarm/GlobalConfig.cs | 3 -- ArchiSteamFarm/WebBrowser.cs | 4 -- ArchiSteamFarm/config/ASF.json | 1 - ConfigGenerator/GlobalConfig.cs | 4 -- 5 files changed, 39 insertions(+), 34 deletions(-) diff --git a/ArchiSteamFarm/ArchiWebHandler.cs b/ArchiSteamFarm/ArchiWebHandler.cs index efc9db8e4..307cf0d01 100644 --- a/ArchiSteamFarm/ArchiWebHandler.cs +++ b/ArchiSteamFarm/ArchiWebHandler.cs @@ -40,13 +40,15 @@ using Formatting = Newtonsoft.Json.Formatting; namespace ArchiSteamFarm { internal sealed class ArchiWebHandler : IDisposable { private const byte MinSessionTTL = GlobalConfig.DefaultHttpTimeout / 4; // Assume session is valid for at least that amount of seconds + + // We must use HTTPS for SteamCommunity, as http would make certain POST requests failing (trades) + private const string SteamCommunityURL = "https://" + SteamCommunityHost; private const string SteamCommunityHost = "steamcommunity.com"; - private const string SteamStoreHost = "store.steampowered.com"; // We could (and should) use HTTPS for SteamStore, but that would make certain POST requests failing + private const string SteamStoreHost = "store.steampowered.com"; private const string SteamStoreURL = "http://" + SteamStoreHost; - private static string SteamCommunityURL = "https://" + SteamCommunityHost; private static int Timeout = GlobalConfig.DefaultHttpTimeout * 1000; // This must be int type private readonly Bot Bot; @@ -162,7 +164,11 @@ namespace ArchiSteamFarm { iEconService.Timeout = Timeout; try { - response = iEconService.DeclineTradeOffer(tradeofferid: tradeID.ToString(), method: WebRequestMethods.Http.Post, secure: !Program.GlobalConfig.ForceHttp); + response = iEconService.DeclineTradeOffer( + tradeofferid: tradeID.ToString(), + method: WebRequestMethods.Http.Post, + secure: true + ); } catch (Exception e) { Bot.ArchiLogger.LogGenericException(e); } @@ -207,7 +213,12 @@ namespace ArchiSteamFarm { iEconService.Timeout = Timeout; try { - response = iEconService.GetTradeOffers(get_received_offers: 1, active_only: 1, get_descriptions: 1, secure: !Program.GlobalConfig.ForceHttp); + response = iEconService.GetTradeOffers( + get_received_offers: 1, + active_only: 1, + get_descriptions: 1, + secure: true + ); } catch (Exception e) { Bot.ArchiLogger.LogGenericException(e); } @@ -527,7 +538,7 @@ namespace ArchiSteamFarm { return null; } - string request = SteamCommunityURL + "/my/games/?xml=1"; + const string request = SteamCommunityURL + "/my/games/?xml=1"; XmlDocument response = await WebBrowser.UrlGetToXMLRetry(request).ConfigureAwait(false); @@ -574,7 +585,11 @@ namespace ArchiSteamFarm { iPlayerService.Timeout = Timeout; try { - response = iPlayerService.GetOwnedGames(steamid: steamID, include_appinfo: 1, secure: !Program.GlobalConfig.ForceHttp); + response = iPlayerService.GetOwnedGames( + steamid: steamID, + include_appinfo: 1, + secure: true + ); } catch (Exception e) { Bot.ArchiLogger.LogGenericException(e); } @@ -607,7 +622,10 @@ namespace ArchiSteamFarm { iTwoFactorService.Timeout = Timeout; try { - response = iTwoFactorService.QueryTime(method: WebRequestMethods.Http.Post, secure: !Program.GlobalConfig.ForceHttp); + response = iTwoFactorService.QueryTime( + method: WebRequestMethods.Http.Post, + secure: true + ); } catch (Exception e) { Bot.ArchiLogger.LogGenericException(e); } @@ -708,8 +726,7 @@ namespace ArchiSteamFarm { return null; } - string request = SteamCommunityURL + "/mobileconf/multiajaxop"; - + const string request = SteamCommunityURL + "/mobileconf/multiajaxop"; List> data = new List>(7 + confirmations.Count * 2) { new KeyValuePair("op", accept ? "allow" : "cancel"), new KeyValuePair("p", deviceID), @@ -729,13 +746,7 @@ namespace ArchiSteamFarm { return response?.Success; } - internal static void Init() { - Timeout = Program.GlobalConfig.HttpTimeout * 1000; - SteamCommunityURL = (Program.GlobalConfig.ForceHttp ? "http://" : "https://") + SteamCommunityHost; - - // We could (and should) use HTTPS for SteamStore, but that would make certain POST requests failing - //SteamStoreURL = (Program.GlobalConfig.ForceHttp ? "http://" : "https://") + SteamStoreHost; - } + internal static void Init() => Timeout = Program.GlobalConfig.HttpTimeout * 1000; internal async Task Init(ulong steamID, EUniverse universe, string webAPIUserNonce, string parentalPin) { if ((steamID == 0) || (universe == EUniverse.Invalid) || string.IsNullOrEmpty(webAPIUserNonce) || string.IsNullOrEmpty(parentalPin)) { @@ -771,7 +782,13 @@ namespace ArchiSteamFarm { iSteamUserAuth.Timeout = Timeout; try { - authResult = iSteamUserAuth.AuthenticateUser(steamid: steamID, sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)), encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)), method: WebRequestMethods.Http.Post, secure: !Program.GlobalConfig.ForceHttp); + authResult = iSteamUserAuth.AuthenticateUser( + steamid: steamID, + sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)), + encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)), + method: WebRequestMethods.Http.Post, + secure: true + ); } catch (Exception e) { Bot.ArchiLogger.LogGenericException(e); return false; @@ -848,7 +865,7 @@ namespace ArchiSteamFarm { return false; } - string request = SteamCommunityURL + "/my/inventory"; + const string request = SteamCommunityURL + "/my/inventory"; return await WebBrowser.UrlHeadRetry(request).ConfigureAwait(false); } @@ -908,8 +925,8 @@ namespace ArchiSteamFarm { itemID++; } - string referer = SteamCommunityURL + "/tradeoffer/new"; - string request = referer + "/send"; + const string referer = SteamCommunityURL + "/tradeoffer/new"; + const string request = referer + "/send"; foreach (Dictionary data in trades.Select(trade => new Dictionary(6) { { "sessionid", sessionID }, { "serverid", "1" }, @@ -1002,7 +1019,7 @@ namespace ArchiSteamFarm { private async Task IsLoggedIn() { // It would make sense to use /my/profile here, but it dismisses notifications related to profile comments // So instead, we'll use some less intrusive link, such as /my/videos - string request = SteamCommunityURL + "/my/videos"; + const string request = SteamCommunityURL + "/my/videos"; Uri uri = await WebBrowser.UrlHeadToUriRetry(request).ConfigureAwait(false); return !uri?.AbsolutePath.StartsWith("/login", StringComparison.Ordinal); @@ -1088,7 +1105,7 @@ namespace ArchiSteamFarm { Bot.ArchiLogger.LogGenericInfo("Unlocking parental account..."); - string request = SteamCommunityURL + "/parental/ajaxunlock"; + const string request = SteamCommunityURL + "/parental/ajaxunlock"; Dictionary data = new Dictionary(1) { { "pin", parentalPin } }; diff --git a/ArchiSteamFarm/GlobalConfig.cs b/ArchiSteamFarm/GlobalConfig.cs index f808c1509..03b2a45fb 100644 --- a/ArchiSteamFarm/GlobalConfig.cs +++ b/ArchiSteamFarm/GlobalConfig.cs @@ -59,9 +59,6 @@ namespace ArchiSteamFarm { [JsonProperty(Required = Required.DisallowNull)] internal readonly byte FarmingDelay = DefaultFarmingDelay; - [JsonProperty(Required = Required.DisallowNull)] - internal readonly bool ForceHttp = false; - [JsonProperty(Required = Required.DisallowNull)] internal readonly byte GiftsLimiterDelay = 1; diff --git a/ArchiSteamFarm/WebBrowser.cs b/ArchiSteamFarm/WebBrowser.cs index 9cefead45..4fdfc8b9d 100644 --- a/ArchiSteamFarm/WebBrowser.cs +++ b/ArchiSteamFarm/WebBrowser.cs @@ -497,10 +497,6 @@ namespace ArchiSteamFarm { return null; } - if (request.StartsWith("https://", StringComparison.Ordinal) && Program.GlobalConfig.ForceHttp) { - return null; - } - HttpResponseMessage responseMessage; using (HttpRequestMessage requestMessage = new HttpRequestMessage(httpMethod, request)) { if (data != null) { diff --git a/ArchiSteamFarm/config/ASF.json b/ArchiSteamFarm/config/ASF.json index 03cba2cc6..b7e104ac3 100644 --- a/ArchiSteamFarm/config/ASF.json +++ b/ArchiSteamFarm/config/ASF.json @@ -13,7 +13,6 @@ "InventoryLimiterDelay": 3, "GiftsLimiterDelay": 1, "MaxTradeHoldDuration": 15, - "ForceHttp": false, "HttpTimeout": 60, "WCFHost": "127.0.0.1", "WCFPort": 1242, diff --git a/ConfigGenerator/GlobalConfig.cs b/ConfigGenerator/GlobalConfig.cs index 874c85e4c..05e2ad74a 100644 --- a/ConfigGenerator/GlobalConfig.cs +++ b/ConfigGenerator/GlobalConfig.cs @@ -64,10 +64,6 @@ namespace ConfigGenerator { [JsonProperty(Required = Required.DisallowNull)] public byte FarmingDelay { get; set; } = DefaultFarmingDelay; - [Category("\tDebugging")] - [JsonProperty(Required = Required.DisallowNull)] - public bool ForceHttp { get; set; } = false; - [Category("\tPerformance")] [JsonProperty(Required = Required.DisallowNull)] public byte GiftsLimiterDelay { get; set; } = 1;