Long story short I started making this game using Laravel but lost motivation. After somewhere half year few people gave me motivation to finish this game and I’ve made it with NodeJS and socket.io
It’s probably unlimited possibilities how can I improve this game. But be real it’s really tedious to create this kind of game all alone atleast for me. So I hope you will like it! It’s the first time I’ve created a game.
Sorry someone just managed to do some kind of injection and find a way to get how much gold he wants. So I’m searching for solution… at the moment… Don’t know how it’s possible to change the js code itself in the game
Haha now I know he was running function in console in chrome tools. But I don’t get it how to prevent that?
Sounds bad. I think there is no way to prevent commands from console. Need to figure out somehow like do it in NODE JS side so the user cant inject how to add gold.
Now it’s less cheatable but can’t figure out how to prevent socket emits per second. Let’s say if user in fight sends more than 20 emits of attacking another user per second than like freeze account for 5 min or show some captcha.
Hey there! I haven’t posted here in ages, but here it comes! @MadIce In essence the server / app should be the only source of truth for the game core functionality and any resources that the players are to own.
As for the solution to limiting the number or requests I think you can rate limit by the number of triggers per any given timeframe on the server as well. You can run your sockets almost like a middleware on node where you return if the current player shouldn’t be able to take any actions.
In essence all the game logic should run on the server.
A relatively easy way of preventing unfair socket flooding without kicking the player is implementing a Finite state machine, eg. each character has several states say [‘ready’, ‘resting’] to simplify. For each attach you check the condition on the server - which is the only source of truth and voila - even if someone sends a 100 requests you can just kindly reply not to cheat, or even punish them!
So, if there is some reward generation - do it on the server.
If there is some damage calculation - do it on the server.
And so on and so forth! : )
Put it back live, I would love to check it out!: )
Hey @jadczakd TY for reply! I made a little different approach with attacking. At first when user finds another user to fight there is new temporary fight created in database. And in that collection can’t be more than one the same user at the time. So you always have to pick user at first to start a fight. Also added that after attack there’s one second delay and then you can attack again. And yeah everything is now in on serverside Just fixing few more bugs and I’ll run it again