-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Upgrade deps and fix tests #16
base: master
Are you sure you want to change the base?
WIP: Upgrade deps and fix tests #16
Conversation
…ns to Protocols to send new auth flow
…es i had to a minimal version of this to get the integration working in GOG Galaxy. This version is newer than what i am testing, so it may have errors
… this patch for the current version i have working in the plugin. Still need to add hello message
…uires sending a hello message.
… webpage to go to step 2. various little bugfixes, including no more infinite loops on getters
…sic code to display all the other pages. This is largely unchanged from the original, but the login page has evidently changed. the code-behind isn't implemented. Various bugfixes as well
…cked up so the merge doesn't destroy it
…Windows 11, macOS12,13). Other tweaks, idk anymore
… 2FA, but hopefully i haven't broken anything else
…ning about types overshadowing the standard types. Removed authentication.py. Moved all enums i could find in Steam_network to a dedicated enums.py. Moved All top level functions that may have been called in multiple spots to a utils.py Internally, downgraded my environment to 3.7 as per GOG Galaxy instructions. The resulting file was added to .gitignore
…d to in order to figure out its type.
…perly. Removed an exceptions import that did nothing and randomly caused an error. Apparently i don't know how to stash things.
…s before it works properly
… of that is implemented. oops. layed out the empty methods for it.
…e, the py versions of proto files were not updated
… plugin works from task.py. Not finished; switching gears to localization so i don't go insane.
…n't print like i want them to, which annoys me immensely. Need to retrieve old py files in the repo before calling build install, which broke them
…few conflicts, i'll have to figure out the best way to handle them
…uld now be able to get the latest proto and py files from them
… finally build this thing and it'll run properly.
…d remaining logged in. will likely need to revert some changes in this commit, and possibly others back to the original fork.
said backend doesn't exist anymore
@@ -2,8 +2,8 @@ galaxy.plugin.api==0.69 | |||
|
|||
# steam_network backend | |||
protobuf==3.19.4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With better proto, we can update this to a much newer version as well, though i'm still working out the kinks there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could use a newer protobuf, too, if Gog wouldn't still use python 3.7. Protobuf 3.19 is the latest compatible version for a python this old
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's not ideal. As i mentioned before I'd prefer python 3.10+ because i want match
aka a switch statement (but python is too much of a hipster to call it that).
@TheSentry - Tagging you in so you see this. I know @TheSentry was trying to find time to get to fixing some of the test cases but other things (i.e. work and personal life) have taken priority, which is completely understandable. I personally don't have nearly the time i used to, most of my work here lately has just been reading the various comments, commits, etc. I'm assuming everything still builds and works properly with the newer versions? For the most part i inherited the pinned versions and ran into breaking changes whenever i tried to update them, so i just left them alone. One thing i did find though was that |
I've been using the updated dependencies locally for a few days now and there seem to be no errors so far; so I assume that the most important components still work as expected. However, I didn't do much manual testing besides that so I'd appreciate if someone else could try it out and report back how it went. |
websockets==8.1 | ||
dataclasses-json==0.4.2 | ||
vdf==3.4 | ||
pyobjc-framework-CoreServices==5.1.2; sys_platform == 'darwin' # this one could use an update to 9.1.1 I guess; according to docu it's tested with 3.7 regularly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can try to get our Mac dev to try that latest version. The other potential issue is the newer versions might have some Mac issues we don't know about. I doubt it but i know from my own testing that pip tools 5.1.2 was broken on Mac (which we inherited from the old code). It required 5.4.0. A newer version should still work there but it's something we'll need to confirm with all of these updated versions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://pyobjc.readthedocs.io/en/latest/changelog.html#backward-incompatible-changes
I have no idea where we use this but this might be an issue. Idk if we abused the optional argument rule before they nixed it in 8.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering why we even need to include this specific dependency. We don't use any Objc bindings anywhere so this appears to me to be a band aid to fix another dependency on MacOS and since I don't know which dependency that might be, I cannot tell whether or not that change breaks our neck.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uri Scheme Handler uses it. i have no idea why/what it does though. See
galaxy-integration-steam/src/uri_scheme_handler.py
Lines 28 to 36 in 4a84a25
from CoreServices.LaunchServices import LSCopyDefaultHandlerForURLScheme | |
from AppKit import NSWorkspace | |
def is_uri_handler_installed(protocol): | |
bundle_id = LSCopyDefaultHandlerForURLScheme(protocol) | |
if not bundle_id: | |
return False | |
return NSWorkspace.sharedWorkspace().absolutePathForAppBundleWithIdentifier_(bundle_id) is not None | |
That...seems excessive. I understand not trusting "foreign" programs, but adding more hoops doesn't seem like the solution after a certain point. That whole issue thread is a mess of opinions lol. |
I especially love the guy running sandboxes for every program he uses, just....wow. I cannot imagine the overhead they expend for that. |
I think the analogy of a lock is apt here. Locks aren't meant to be impenetrable, they just add enough difficulty to make what's inside not worth the effort of breaking them. I honestly doubt a bad actor is going to waste all the effort to exploit Steam's login process for a few video games and in my experience things like phishing are much more of a concern to the regular user than any questionable security shortfall from Steam itself. apologies for sharing opinions in a technical thread, but you're already dealing with a lot and adding other people's hangups to the pile isn't going to help. |
From what I saw, these caches are more or less just data classes which Galaxy only serializes to JSON and then saves the result into the SQLite database somewhere in %PROGRAMDATA%. There's probably not much we can clean up since this is just how it works.
There's one crucial thing wrong with their arguments: we don't use the browser embedded into Galaxy for authentication. We only and solely use the browser to render our HTML to get the credentials from the user. All the authentication and authorization stuff is performed purely in the Python code. No browsers involved. And, fwiw, implementing OpenID is not that easy on our end. Yes, we could ask the user to extract the token returned by Valve's authentication website (it's probably just a JWT) and provide it via a HTML form during authentication similar to how the MFA code thing is implemented. But that will be a nasty and really ugly hack since the OpenID authentication websites expect you to provide a return URL to which the token is sent (usually as a parameter in the URL). What website can we use? Our authentication attempt comes from within an application, there's no way we can let the OpenID website know that. If Galaxy supported data URIs we could maybe return the token via a URI like |
I'm not sure but it may be possible to optimize those writes. If we write to the cache all the time it's incredibly inefficient, especially if the db file is closed and reopened. Most OS have an optimal block size for reading/writing, so for extremely large amounts of data that arrives at different times it may be useful to have a stream and write in chunks. It may be necessary when dealing with huge libraries to get all their data before that 10 minute timeout. That said, this is definitely a very low priority thing. I guess a higher priority would be making it easier to understand if it's poorly written (which it probably is because everything here is) |
It's technically possible to provide a callback url and use a locally-hosted site, but to do this we need to use an http server (the url would be roughly Ngl if someone raises an issue on this it's getting |
bfb80ad
to
4a8d717
Compare
I took the liberty and upgraded all dependencies to the latest version available (except the MacOS runtime stuff because I don't have a Mac and can't test it). Mainly because I got annoyed by the pinned pip version. tl;dr: fixed since ages, we just needed to upgrade pip-tools.
Also I made it so that the tests can be executed again. Not that they all run smoothly or return green but at least we can now see to that and fix everything that is broken there. I already removed a lot of tests for which there is no code anymore (mostly only the public profile related tests).
My observations so far: about half of the tests are green, a quarter is red, and the rest just deadlocks and never finishes (imo that's because of websocket stuff where some coroutines just end up waiting endlessly for results).