-
-
Notifications
You must be signed in to change notification settings - Fork 1k
IPC zh HK
ASF ๅ ๅซ่ชๅทฑ็จ็น็ IPC ๆฅๅฃ๏ผๅฏ็จๆผ่ๆต็จ้ฒไธๆญฅไบคไบใ IPCๆ็บ** ้ฒ็จ้้ไฟก ๏ผๆ็ฐกๅฎ็ๅฎ็พฉๆฏๅบๆผ Kestrel HTTPไผบๆๅจ **็โASF็ถฒ้ ็้ขโ๏ผๅฏ็จๆผ่ๆต็จ้ฒไธๆญฅ้ๆ๏ผๆฏๆ็ต็จๆถ็ๅ็ซฏ๏ผASF-ui๏ผ๏ผไบฆๆฏ็ฌฌไธๆนๅทฅๅ ท้ๆ็ๅพ็ซฏ๏ผASF API๏ผใ
ๆ นๆๆจ็้ๆฑๅๆ่ฝ๏ผIPC ๅฏ็จๆผ่ซธๅคไธๅ็ไบๆ ใ ไพๅฆ๏ผๆจๅฏไปฅไฝฟ็จๅฎไพ็ฒๅ ASF ๅๆๆๆฉๆขฐไบบ็็ๆ ๏ผ็ผ้ ASF ๅฝไปค๏ผ็ฒๅๅ็ทจ่ผฏๅ จๅ/ๆฉๆขฐไบบ้ ็ฝฎ๏ผๆทปๅ ๆฐๆฉๆขฐไบบ๏ผๅช้ค็พๆๆฉๆขฐไบบ๏ผๆไบค** <a href =โhttps๏ผ/ /github.com/JustArchiNET/ArchiSteamFarm/wiki/Background-games-redeemer">BGR **ๆ่จชๅ ASF ็ๆฅ่ชๆชๆกใ ๆๆ้ไบๆไฝ้ฝ็ฑๆๅ็ API ๅ ฌ้๏ผ้ๆๅณ่ๆจๅฏไปฅ็ทจ่ผฏ่ชๅทฑ็ๅทฅๅ ทๅ่ ณๆฌ๏ผไปฅๅ ถ่ ASF ้ไฟกไธฆๅจ้่กๆๅฐๅ ถ็ข็ๅฝฑ้ฟใ ้คๆญคไนๅค๏ผๆๅ็ ASF-ui ้ๅฏฆ็พไบ้ธๅฎ็ๆไฝ๏ผไพๅฆ็ผ้ๅฝไปค๏ผ๏ผๆจๅฏไปฅ้้ๅๅฅฝ็ Web ็้ข่ผ้ฌ่จชๅๅฎๅใ
ๆจๅฏไปฅ้้ๅ็จIPC
** ๅ
จๅ้
็ฝฎๅฑฌๆง**ไพๅ็จๆๅ็ IPC ๆฅๅฃใ ASF ๅฐๅจๅ
ถๆฅ่ชไธญ่ฒๆ IPC ๅๅ, ๆจๅฏไปฅไฝฟ็จ่ฉฒๆฅ่ช้ฉ่ญ IPC ไป้ขๆฏๅฆๅทฒๆญฃๅธธๅๅ๏ผ
INFO|ASF|Start() Starting IPC server...
INFO|ASF|Start() IPC server ready!
ASF ็ http ไผบๆๅจ็พๅจๆญฃๅจๅต่ฝ้ธๅฎ็็ซฏ้ปใ ๅฆๆๆจๆฒๆ็บ IPC ๆไพ่ช่จ้
็ฝฎๆช๏ผ้ ่จญ็ซฏ้ปๅฐ็บๅบๆผIPv4 ** 127.0.0.1 ๅๅบๆผIPv6็ [:: 1] **็1242
็ซฏ้ปใ ๆจๅฏไปฅๅพ่้่ก ASF ้ฒ็จๅไธๅฐ้ป่
ฆ้้ไปฅไธ้ฃ็ต่จชๅๆๅ็ IPC ๆฅๅฃใ
ASF ็ IPC ๆฅๅฃๆไพไบไธ็จฎไธๅ็่จชๅๆนๅผ๏ผๅ ท้ซๅๆฑบๆผๆจ็่จๅ็จๆณใ
ๅจๆไฝ็ดๅฅ๏ผ** ASF API **ๆฏๆๅ IP Cๆฅๅฃ็ๆ ธๅฟ๏ผไธฆๅ ่จฑๅ ถไปๆๆๆไฝใ ้ๆฏๆจๅธๆๅจ่ชๅทฑ็ๅทฅๅ ท๏ผๅฏฆ็จ็จๅบๅ้ ็ฎไธญไฝฟ็จ็๏ผไปฅไพฟ็ดๆฅ่ ASF ้ฒ่ก้ไฟกใ
ๅจไธญ็ญ็ดๅฅ๏ผๆๅ็** Swagger ๆไปถ็ทจ่ฃฝ **ๅ ็ถไบ ASF API ็ๅ็ซฏใ ๅฎๅ ทๆ ASF API ็ๅฎๆดๆไปถ็ทจ่ฃฝ๏ผ้ๅ ่จฑๆจๆด่ผ้ฌๅฐ่จชๅๅฎใ ๅฆๆๆจ่จๅ็ทจๅฏซ้้ๅ ถ API ่ ASF ้ไฟก็ๅทฅๅ ทใๅฏฆ็จ็จๅบๆๅ ถไป้ ็ฎ๏ผ้ฃ้บผๆจๅฏไปฅๆชขๆฅ้ไธ้ปใ
ๅจๆ้ซ็ดๅฅ๏ผ** ASF-ui **ๅบๆผๆๅ็ ASF API๏ผไธฆๆไพๅฐ็จๆถๅๅฅฝ็ๆนๅผไพๅท่กๅ็จฎ ASF ๆไฝใ ้ๆฏๆๅ็บๆ็ต็จๆถ่จญ่จ็้ป่ช IPC ๆฅๅฃ๏ผไนๆฏๆจไฝฟ็จ ASF API ๆงๅปบ็ๅฎ็พ็คบไพใ ๅฆๆๆจ้กๆ๏ผๅฏไปฅไฝฟ็จ่ช่จ Web UI ่ ASF ไธ่ตทไฝฟ็จ๏ผๆนๆณๆฏๆๅฎ --path
ๅฝไปคๅๅๆธ๏ผไธฆไฝฟ็จไฝๆผ้ฃ่ฃก็่ชๅฎ็พฉwww
็ฎ้ใ
ASF-ui ๆฏไธๅ็คพๅ้ ็ฎ๏ผๆจๅจๅตๅปบ็จๆถๅๅฅฝ็ๅๅฝข Web ็้ขใ ็บไบๅฏฆ็พ้ไธ็ฎๆจ๏ผๅฎไฝ็บๆๅ** ASF API **็ๅ็ซฏ๏ผ่ฎๆจ่ผ้ฌๅฐๅท่กๅ็จฎๆไฝใ ้ๆฏ ASF ้ๅธถ็้ป่ช UIใ
ๅฆไธๆ่ฟฐ๏ผASF-ui ๆฏไธๅ็คพๅ้ ็ฎ๏ผไธ็ฑ ASF ๆ ธๅฟ้็ผไบบๅก็ถญ่ญทใ ๅฎ็ๆๆ็ธ้ๅ้กใ้ฏ่ชค๏ผๆผๆดๅ ฑๅๅๅปบ่ญฐๆ้ตๅพช่ชๅทฑ็ๆต็จ** ASF-ui repo **ใ
ๆๅ็ASF APIๆฏๅ ธๅ็** RESTful ** Web API๏ผๅฎ็ไธป่ฆๆธๆๆ ผๅผๅบๆผJSONใ ๆๅๆญฃๅจ็กๅไฝฟ็จHTTP็ๆ ไปฃ็ขผ๏ผๅจ้ฉ็ถ็ๆ ๆณไธ๏ผ็ฒพ็ขบๆ่ฟฐ้ฟๆ๏ผไปฅๅๆจๅฏไปฅ่ชๅทฑ่งฃๆ็้ฟๆ๏ผไปฅไพฟไบ่งฃ่ซๆฑๆฏๅฆๆๅ๏ผไปฅๅๅฏ่ฝ็ๅคฑๆๅๅ ใ
ๅฏไปฅ้้ๅ/Api
็ซฏ้ป็ผ้่ซๆฑไพ่จชๅๆๅ็ ASF APIใ ๆจๅฏไปฅไฝฟ็จ้ไบ API ็ซฏ้ปไพๅตๅปบ่ชๅทฑ็ๅนซๅฉ็จๅบ่
ณๆฌใๅทฅๅ
ทใGUI ็ญใ This is exactly what our ASF-ui achieves under the hood, and every other tool can achieve the same. ASF API is officially supported and maintained by core ASF team.
ๆ้ๅฏ็จ็ซฏ้ปใๆ่ฟฐใ่ซๆฑใ้ฟๆใhttp ็ๆ ไปฃ็ขผไปฅๅ็ธ้ ASF API ๆๆๅ ถไปๅ งๅฎน็ๅฎๆดๆไปถ็ทจ่ฃฝ ๏ผ่ซๅ้ฑๆๅ็** swaggerๆไปถ็ทจ่ฃฝ **ใ
ASF IPC ๆฅๅฃไธ้่ฆไปปไฝ้กๅ็่บซไปฝ้ฉ่ญ๏ผๅ ็บ้ ่จญๆ
ๆณไธIPCPassword
็บnull
ใ ไฝๆฏ๏ผๅฆๆ้้่จญ็ฝฎ็บไปปไฝ้็ฉบๅผไพๅ็จIPCPassword
๏ผๅๆฏๆฌก่ชฟ็จ ASF ็ API ้ฝ้่ฆ่IPCPassword
ๅน้
็ๅฏ็ขผใ ๅฆๆ็็ฅ่บซไปฝ้ฉ่ญๆ่ผธๅ
ฅ้ฏ่ชค็ๅฏ็ขผ๏ผๆจๅฐๆถๅฐ401 - Unauthorized
้ฏ่ชคใ ๅฆๆๆจ็นผ็บ็ผ้ๆช็ถ่บซไปฝ้ฉ่ญ็่ซๆฑ๏ผๆ็ตๆจๅฐๆซๆ่ขซ403 - Forbidden
้ฏ่ชคๅฐ็ฆใ
่บซไปฝ้ฉ่ญๅฏไปฅ้้ๅ ฉ็จฎไธๅ็ๆนๅผๅฎๆใ
้ๅธธ๏ผๆจๆ่ฉฒ้้่จญ็ฝฎAuthentication
ๅญๆฎต็ผ้ๅฐๆผๆจ้ ญ็ HTTP ่ซๆฑใ The way of doing that depends on the actual tool you're using for accessing ASF's IPC interface, for example if you're using curl
then you should add -H 'Authentication: MyPassword'
as a parameter. This way authentication is passed in the headers of the request, where it in fact should take place.
Alternatively you can append password
parameter to the end of the URL you're about to call, for example by calling /Api/ASF?password=MyPassword
instead of /Api/ASF
alone. This approach is good enough, but obviously it exposes password in the open, which is not necessarily always appropriate. In addition to that it's extra argument in the query string, which complicates the look of the URL and makes it feel like it's URL-specific, while password applies to entire ASF API communication.
Both ways are supported and it's totally up to you which one you want to choose. We recommend to use HTTP headers everywhere where you can, as usage-wise it's more appropriate than query string. However, we support query string as well, mainly because of various limitations related to request headers. A good example includes lack of custom headers while initiating a websocket connection in javascript (even though it's completely valid according to the RFC). In this situation query string is the only way to authenticate.
Our IPC interface, in additon to ASF API and ASF-ui also includes swagger documentation, which is available under /swagger
URL. Swagger documentation serves as a middle-man between our API implementation and other tools using it (e.g. ASF-ui). It provides a complete documentation and availability of all API endpoints in OpenAPI specification that can be easily consumed by other projects, allowing you to write and test ASF API with ease.
Apart from using our swagger documentation as a complete specification of ASF API, you can also use it as user-friendly way to execute various API endpoints, mainly those that are not implemented by ASF-ui. ็ฑๆผๆๅ็ swagger ๆๆชๆฏๅพ ASF ไปฃ็ขผ่ชๅ็ๆ็๏ผๅ ๆญคๆจๅฏไปฅไฟ่ญๆๆชๅง็ต่ๆจ็ ASF ็ๆฌไธญๅ ๅซ็API็ซฏ้ปไธญ็ๆๆฐๆๆชไฟๆๅๆญฅใ
ASF by default listens only on localhost
addresses, which means that accessing ASF IPC from any other machine but your own is impossible. Unless you modify default endpoints, attacker would need a direct access to your own machine in order to access ASF's IPC, therefore it's as secure as it can be and there is no possibility of anybody else accessing it, even from your own LAN.
However, if you decide to change default localhost
bind addresses to something else, then you're supposed to set proper firewall rules yourself in order to allow only authorized IPs to access ASF's IPC interface. In addition to doing that, we strongly recommend to set up IPCPassword
, that will add another layer of extra security. You may also want to run ASF's IPC interface behind a reverse proxy in this case, which is further explained below.
ๆฏ็๏ผ้ๅฐฑๆฏASF API็่จญ่จ็ฎ็๏ผๆจๅฏไปฅไฝฟ็จไปปไฝ่ฝๅค ็ผ้HTTP่ซๆฑ็ๅทฅๅ
ทไพ่จชๅๅฎใ Local userscripts follow CORS logic, and we allow access from all origins for them (*
), as long as IPCPassword
is set, as an extra security measure. This allows you to execute various authenticated ASF API requests, without allowing potentially malicious scripts to do that automatically (as they'd need to know your IPCPassword
to do that).
ๆฏ็๏ผๆๅๅปบ่ญฐๅฐๆญคไฝฟ็จๅๅไปฃ็๏ผๅฆไธๆ่ฟฐ๏ผใ This way you can access your web server in typical way, which will then access ASF's IPC on the same machine. Alternatively, if you don't want to run with a reverse proxy, you can use custom configuration with appropriate URL for that. For example, if your machine is in a private VPN with 10.8.0.1
address, then you can set http://10.8.0.1:1242
listening URL in IPC config, which would enable IPC access from within your private VPN, but not from anywhere else.
ๆฏ็๏ผๆๅ็ IPC ่ๆญค้ก่จญ็ฝฎๅฎๅ จๅ ผๅฎน๏ผๅ ๆญคๅฆๆๆจ้กๆ็่ฉฑ๏ผๆจๅฏไปฅๅจไฝฟ็จ่ชๅทฑ็ๅทฅๅ ทๅ่ช็ฑ่จ็ฎกๅฎ๏ผไปฅ็ฒๅพ้กๅค็ๅฎๅ จๆงๅๅ ผๅฎนๆงใ In general ASF's Kestrel http server is very secure and possesses no risk when being connected directly to the internet, but putting it behind a reverse-proxy such as Apache or Nginx could provide extra functionality that wouldn't be possible to achieve otherwise, such as securing ASF's interface with a basic auth.
็คบไพ Nginx ้
็ฝฎๅฏไปฅๅจไธ้ขๆพๅฐใ We included full server
block, although you're interested mainly in location
ones. Please refer to nginx documentation if you need further explanation.
server {
listen *:443 ssl;
server_name asf.mydomain.com;
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/certificate.key;
location ~* /Api/NLog {
proxy_pass http://127.0.0.1:1242;
# proxy_set_header Host 127.0.0.1; # Only if you need to override default host
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
# We add those 3 extra options for websockets proxying, see https://nginx.org/en/docs/http/websocket.html
proxy_http_version 1.1;
proxy_set_header Connection "Upgrade";
proxy_set_header Upgrade $http_upgrade;
}
location / {
proxy_pass http://127.0.0.1:1242;
# proxy_set_header Host 127.0.0.1; # Only if you need to override default host
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
ๆฏ็๏ผๆจๅฏไปฅ้้ๅ ฉ็จฎไธๅ็ๆนๅผๅฏฆ็พๅฎใ A recommended way would be to use a reverse proxy for that (described above) where you can access your web server through https like usual, and connect through it with ASF's IPC interface on the same machine. This way your traffic is fully encrypted and you don't need to modify IPC in any way to support such setup.
Second way includes specifying a custom config for ASF's IPC interface where you can enable https endpoint and provide appropriate certificate directly to our Kestrel http server. This way is recommended if you're not running any other web server and don't want to run one exclusively for ASF. Otherwise, it's much easier to achieve a satisfying setup by using a reverse proxy mechanism.
Our IPC interface supports extra config file, IPC.config
that should be put in standard ASF's config
directory.
When available, this file specifies advanced configuration of ASF's Kestrel http server, together with other IPC-related tuning. Unless you have a particular need, there is no reason for you to use this file, as ASF is already using sensible defaults in this case.
่จญๅฎๆชๅบๆผไปฅไธ JSON ็ตๆง๏ผ
{
"Kestrel": {
"Endpoints": {
"example-http4": {
"Url": "http://127.0.0.1:1242"
},
"example-http6": {
"Url": "http://[::1]:1242"
},
"example-https4": {
"Url": "https://127.0.0.1:1242",
"Certificate": {
"Path": "/path/to/certificate.pfx",
"Password": "passwordToPfxFileAbove"
}
},
"example-https6": {
"Url": "https://[::1]:1242",
"Certificate": {
"Path": "/path/to/certificate.pfx",
"Password": "passwordToPfxFileAbove"
}
}
},
"PathBase": "/"
}
}
ๆ2ๅๅฑฌๆงๅผๅพ่งฃ้/็ทจ่ผฏ๏ผๅฎๅๆฏEndpoints
ๅPathBase
ใ
Endpoints
- This is a collection of endpoints, each endpoint having its own unique name (like example-http4
) and Url
property that specifies Protocol://Host:Port
listening address. By default, ASF listens on IPv4 and IPv6 http addresses, but we've added https examples for you to use, if needed. You should declare only those endpoints that you need, we've included 4 example ones above so you can edit them easier.
Host
accepts a variety of values, including *
value that binds ASF's http server to all available interfaces. Be extremely careful when you use Host
values that allow remote access. Doing so will enable access to ASF's IPC interface from other machines, which may pose a security risk. We strongly recommend to use IPCPassword
(and preferably your own firewall too) at a minimum in this case.
PathBase
- This is base path that will be used by IPC interface. This property is optional, defaults to /
and shouldn't be required to modify for majority of use cases. By changing this property you'll host entire IPC interface on a custom prefix, for example http://127.0.0.1:1242/MyPrefix
instead of http://127.0.0.1:1242
alone. Using custom PathBase
may be wanted in combination with specific setup of a reverse proxy where you'd like to proxy a specific URL only, for example mydomain.com/ASF
instead of entire mydomain.com
domain. Normally that would require from you to write a rewrite rule for your web server that would map mydomain.com/ASF/Api/X
-> 127.0.0.1:1242/Api/X
, but instead you can define a custom PathBase
of /ASF
and achieve easier setup of mydomain.com/ASF/Api/X
-> 127.0.0.1:1242/ASF/Api/X
.
้ค้ๆจ็ขบๅฏฆ้่ฆๆๅฎ่ช่จๅบๆฌ่ทฏๅพ๏ผๅฆๅๆๅฅฝๅฐๅ ถไฟ็็บ้ ่จญ่ทฏๅพใ
The following config will allow remote access from all sources, therefore you should ensure that you read and understood our security notice about that, available above.
{
"Kestrel": {
"Endpoints": {
"HTTP": {
"Url": "http://*:1242"
}
}
}
}
If you do not require access from all sources, but for example your LAN only, then it's much better idea to use something like 192.168.0.*
instead of *
. Adapt the network address appropriately if you use a different one.
- ๐ก Home
- ๐ง Configuration
- ๐ฌ FAQ
- โ๏ธ Setting up (start here)
- ๐ฅ ๅพๅฐๅบ่ๅๅๅจ
- ๐ข Commands
- ๐ ๏ธ Compatibility
- ๐งฉ ItemsMatcherPlugin
- ๐ Management
- โฑ๏ธ Performance
- ๐ก Remote communication
- ๐ช Steam ่ฆชๅๅไบซ
- ๐ Trading