From ae94d62357b5c968d69c27ff6398c6e4a37238d0 Mon Sep 17 00:00:00 2001
From: gamer147 <gamer147@gmail.com>
Date: Wed, 3 Jun 2026 09:02:54 -0400
Subject: [PATCH] feat(auth): add Dev-only always-valid ISteamServer for local
 no-Steam clients

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../Services/DevAlwaysValidSteamServer.cs     | 31 +++++++++++++++++++
 .../DevAlwaysValidSteamServerTests.cs         | 25 +++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 SVSim.EmulatedEntrypoint/Services/DevAlwaysValidSteamServer.cs
 create mode 100644 SVSim.UnitTests/Services/DevAlwaysValidSteamServerTests.cs

diff --git a/SVSim.EmulatedEntrypoint/Services/DevAlwaysValidSteamServer.cs b/SVSim.EmulatedEntrypoint/Services/DevAlwaysValidSteamServer.cs
new file mode 100644
index 0000000..5b3ae5c
--- /dev/null
+++ b/SVSim.EmulatedEntrypoint/Services/DevAlwaysValidSteamServer.cs
@@ -0,0 +1,31 @@
+using Microsoft.Extensions.Logging;
+
+namespace SVSim.EmulatedEntrypoint.Services;
+
+/// <summary>
+/// Development-only <see cref="ISteamServer"/> that accepts every ticket without contacting
+/// Steam. Selected in <c>Program.cs</c> when <c>Auth:BypassSteamTicket</c> is true, so clients
+/// with a synthetic (non-Steam) identity — e.g. a second instance on the same machine for the
+/// two-client PvP smoke — can authenticate. NEVER select this outside local dev: it turns the
+/// Steam ticket gate into a no-op for the whole process.
+/// </summary>
+public sealed class DevAlwaysValidSteamServer : ISteamServer
+{
+    private readonly ILogger<DevAlwaysValidSteamServer> _logger;
+
+    public DevAlwaysValidSteamServer(ILogger<DevAlwaysValidSteamServer> logger) => _logger = logger;
+
+    public void Initialize(int appId) { }
+
+    public bool BeginAuthSession(byte[] ticket, ulong steamId)
+    {
+        _logger.LogWarning(
+            "DEV Steam bypass: accepting ticket for steamId {SteamId} WITHOUT validation (ticketLen={Len}).",
+            steamId, ticket?.Length ?? 0);
+        return true;
+    }
+
+    public void EndSession(ulong steamId) { }
+
+    public void Shutdown() { }
+}
diff --git a/SVSim.UnitTests/Services/DevAlwaysValidSteamServerTests.cs b/SVSim.UnitTests/Services/DevAlwaysValidSteamServerTests.cs
new file mode 100644
index 0000000..fea69f6
--- /dev/null
+++ b/SVSim.UnitTests/Services/DevAlwaysValidSteamServerTests.cs
@@ -0,0 +1,25 @@
+using Microsoft.Extensions.Logging.Abstractions;
+using NUnit.Framework;
+using SVSim.EmulatedEntrypoint.Services;
+
+namespace SVSim.UnitTests.Services;
+
+[TestFixture]
+public class DevAlwaysValidSteamServerTests
+{
+    [Test]
+    public void BeginAuthSession_accepts_any_ticket_for_any_steamId()
+    {
+        var sut = new DevAlwaysValidSteamServer(NullLogger<DevAlwaysValidSteamServer>.Instance);
+
+        Assert.That(sut.BeginAuthSession(new byte[] { 0xDE, 0xAD }, 900001UL), Is.True);
+        Assert.That(sut.BeginAuthSession(System.Array.Empty<byte>(), 0UL), Is.True);
+    }
+
+    [Test]
+    public void Lifecycle_methods_do_not_throw()
+    {
+        var sut = new DevAlwaysValidSteamServer(NullLogger<DevAlwaysValidSteamServer>.Instance);
+        Assert.DoesNotThrow(() => { sut.Initialize(453480); sut.EndSession(900001UL); sut.Shutdown(); });
+    }
+}