felixfoertsch/whattoplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
whattoplay/features/keycrow
History

README.md

KeyCrow - Steam Key Trading Platform with Escrow

Technical foundation for a automated Steam key trading platform with escrow system.

Architecture Overview

┌─────────────────────────────────────────────────────────────┐
│                        Client/App                            │
└──────────────────────────┬──────────────────────────────────┘
                           │
                           ▼
┌─────────────────────────────────────────────────────────────┐
│                     Backend API (Express)                   │
├─────────────────────────────────────────────────────────────┤
│  Routes: auth | listings | transactions | theoretical       │
└──────┬──────────────┬──────────────────┬───────────────────┘
       │              │                  │
       ▼              ▼                  ▼
┌──────────────┐ ┌──────────────┐ ┌──────────────────────────┐
│    Store     │ │  Encryption  │ │      Services            │
│ (In-Memory)  │ │   Service    │ │ - PaymentProvider (Mock) │
│              │ │    (AES)     │ │ - KeyActivationProvider  │
└──────────────┘ └──────────────┘ └──────────────────────────┘

What's Implemented

Realistic Flow (Production-Ready Pattern)

  1. Seller creates a listing with encrypted Steam key
  2. Buyer purchases via escrow (payment held)
  3. Platform delivers decrypted key to buyer
  4. Buyer confirms key works → money released to seller
  5. Buyer reports failure → dispute, refund initiated

Theoretica/Ideal Flow (Mock Only)

  • Automated server-side key activation on buyer's Steam account
  • DISABLED by default - requires ALLOW_THEORETICAL_ACTIVATION=true
  • Clearly marked as potentially violating Steam ToS

API Endpoints

Authentication

  • POST /auth/register - Register user
  • GET /auth/me - Get current user
  • POST /auth/auth/steam/login - Steam login (mock)

Listings

  • POST /listings - Create listing
  • GET /listings - Get active listings
  • GET /listings/:id - Get listing by ID
  • GET /listings/seller/me - Get seller's listings
  • DELETE /listings/:id - Cancel listing

Transactions

  • POST /transactions - Create purchase (escrow hold)
  • GET /transactions/:id - Get transaction
  • GET /transactions/:id/key - Get decrypted key (buyer only)
  • POST /transactions/:id/confirm - Confirm key works/failed
  • GET /transactions/buyer/me - Buyer's transactions
  • GET /transactions/seller/me - Seller's transactions

Theoretical (Mock)

  • POST /theoretical/activate - Attempt automated activation

Environment Variables

PORT=3000
ENCRYPTION_KEY=your-256-bit-key
STEAM_API_KEY=your-steam-api-key
STEAM_REDIRECT_URI=http://localhost:3000/auth/steam/callback
ALLOW_THEORETICAL_ACTIVATION=false

Legal Notice

This implementation is a technical proof-of-concept. Automated Steam key activation is likely to violate Steam's Terms of Service unless you have an official partnership with Valve.

The "theoretical" module is clearly marked and disabled by default. Use at your own risk.

Reference in New Issue View Git Blame Copy Permalink