I'm using the cloud code API, and trying to set up a sequence of events, for example: some units march out from a players base, attack another player, then return home. Each event happens at a known time after the previous one.
I'm can use Spark.getScheduler().inSeconds() to set up a callback after the first event, but I can't directly call it again to handle the second event, as it's disallowed, to prevent infinite scheduler loops.
So, as a workaround, from inside my scheduler callback, I can send a request, and set up the second callback there, eg:
var request = new SparkRequests.LogEventRequest(); request.eventKey = "ReturnMarch"; request.march = march; request.Execute();
(and then call Spark.getScheduler().inSeconds() in the ReturnMarch request handler).
But now I've got the problem of trying to prevent a malicious user sending bogus requests to accelerate the course of events...
So. Is there any simple way to tell if a request was sent over the wire, or if it was invoked directly from inside other cloud code? (in this case, I want to reject the request if it came in over the network).
I'm sure I can hack up some system which stores tokens in the database I can then pick up for verification, but that seems a little heavyweight if there's another way to do it...
Yes, you can enable/disable events/requests that credentials can call in Configurator > Credentials > (edit). I'm pretty sure the server calls use the server credential, but I have not testing this to verify. You'd want to disable ReturnMarch for the device credential (or debug, if you are using debug credential in your app.
Alternatively, with the new Spark.getClientIp() that was released today, you can probably derive if it is a client request or a server request based on its results, but I don't think that is necessary.