Sign In Register

How can we help you today?

Start a new topic
Answered

Executing events with delay

Hi again. I'm trying to figure out a way to cast a spell using cloud code. A spell is an event that takes some casterID, spellID, targetID gets their respective health and damageOutput, calculate stuff and save.


What I'd like is some anti-hacking security. Example:


In-game, the user presses a key which starts the cast bar animation. The bar animation corresponds to the cast time defined by the spell. When the cast bar reaches its end, it calls an event on the platform. This is all fine and dandy, but what if someone was to feed this info to the server prior to casting done, effectively instantly firing (long) cast-time spells.


My idea is to send an event TryCastSpell which will have casterID, spellID, targetID. Then check whether the spell is instant. If so, execute and return attack result. If not instant, register the time the spell cast was attempted, return this info to client and inform it of cast time. Now, the client has info: i need to re-send the TryCastSpell after X time has passed. This time the event will report it's a cast spell, but with a flag (true) it was already attempted x seconds ago - we are all good. execute!

Would this be the correct approach or can events be delayed on the platform?
Example:

TryCastSpellEvent -> it's an instant spell -> execute

TryCastSpellEvent -> it's a cast spell -> <yield some time> -> execute

<yield some time> would be some mechanic on the platform, rather than having it done as I explained.


I don't have any examples to my solution, haven't event got my hands dirty. I'm just logically thinking this through. This mongoDB paradigm is all new to me. Very hard to wrap my head around it.


Best Answer

Hey Pavao,


SparkScheduler is what you're looking for if you wish to delay cloud code.


As far as hacking concerns go, anyone hacking the client would also need access to your game's API secret, encrypted in the client and only available directly on the portal otherwise.

Even then, they can only use whatever events you've already set-up within your game.


Thanks,


Oisin.


Answer

Hey Pavao,


SparkScheduler is what you're looking for if you wish to delay cloud code.


As far as hacking concerns go, anyone hacking the client would also need access to your game's API secret, encrypted in the client and only available directly on the portal otherwise.

Even then, they can only use whatever events you've already set-up within your game.


Thanks,


Oisin.

Hey Oisin, thanks for the reply, I'll take a look at it.


As for hacking, I'm not sure how much I can trust the client. If I want to check the distance between the caster and the target, it would be a lot easier to trust the client on that issue. Otherwise, locations of units would have to be handled on the server. I don't know much about hacking, but I would image someone could "easily" make the client ignore the distance and just assign its action. Same goes for moving the units. Ideally, the client would register a location via click and feed that info to the server to update that unit or what not. Again, checking this client-side is easier. Otherwise, the server would have to handle a grid which, well... complicates stuff :)


Am I just being too paranoid? :)

Thanks

Hey Pavao,

Is your game turn based or are you using any or our challenges to delegate how players share data with the server during gameplay?
Depending on your answer i might be able to offer you some consideration that will help alleviate your worries a bit.

Thanks,
Sean

 

Hey Sean,


so far, I haven't done anything on the platform except some event testing. The game APPEARS as turn based, but technically should (i think) be implemented as real-time.


Basically, I'm looking for a way to protect the client being hacked to avoid the need to code all the game logic on the server. Example, I'd like the client to determine position and distances between units, rather than having this data in a grid on the server. Also, some spells will hit before others (even tho being cast at the same time). Some hit directly (aka burst hits), some have projectiles with different speeds. All of this affects which unit will be hit (if at all) and when. Since I use Unity, it makes it much easier to implement with their API. The damage calculation would be done on the server implemented as: event (cloud code) = spell.


I know this is not the place to discuss hacking, but I was wondering if the platform has some sort of client "validity-check". Btw, are there any news on gamesparks real-time multiplayer?


Thanks,
Pavao

Login to post a comment