Added `client:getSteamID` method for the Lua API

[vulcan-dev]

I added this functionality because secret isn't persistent so storing users in a DB (On CPR & Verb servers) doesn't work very well. It's also a good way to identify users.

Usage:

connections[client_id]:getSteamID()

[WhiteHusky]

Be aware that the client reporting the SteamID can not be trusted since the client could provide a falsified SteamID. They could, for example, redefine the global Steam with one that provides a fake SteamID. It's still useful, but the server-side would have to scrutinize it for anything important like permissions.

[vulcan-dev]

That's true but it's very unlikely they'll do that. And either way, they could do the same with secret by modifying the mod.

[WhiteHusky]

@vulcan-dev

True. Probably needs to be stressed in the documentation to rely on another source of truth when using either values.

[TheHellBox]

Looks good for 0.6, but changes the netcode so can't be added into 0.5

[AsciiJakob]

That's true but it's very unlikely they'll do that. And either way, they could do the same with secret by modifying the mod.

But to be fair kissmp secrets are not public, hence the name, while steamids for anyone could easily be looked up. If SteamIDs cannot be trusted, then what is the point of having them?

[vulcan-dev]

That's true but it's very unlikely they'll do that. And either way, they could do the same with secret by modifying the mod.

But to be fair kissmp secrets are not public, hence the name, while steamids for anyone could easily be looked up. If SteamIDs cannot be trusted, then what is the point of having them?

Yeah, I had another think about it before and I think it's best to implement it into the bridge. For now, it's fine since I doubt anyone is going to be changing them since most people don't have the knowledge on how.