question

Ruben Pascual Blanco avatar image
Ruben Pascual Blanco asked

Server only Azure Functions for Economy v2? (Actions and scheduled tasks only include legacy inventory)

Since Economy v2 can only be changed via Azure Functions from a Playstream Event or a Scheduled Task.

Is there any way to prevent clients "tricking" the function into thinking it came from an event? is there some check that can't be faked and is always reliable?

I am developing a function that will be triggered when the player levels up, to grant certain rewards automatically. This could be easily done without cloudscript in Inventory v1, since it's integrated, but theres no Economy v2 equivalents for this.

apis
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Gosen Gao avatar image
Gosen Gao answered

Is there any way to prevent clients "tricking" the function into thinking it came from an event? is there some check that can't be faked and is always reliable?

The clients cannot trick the Azure Functions(AF) into thinking it came from an event, since clients cannot call an event triggered AF directly. AF triggered via Playstream Event or a Scheduled Task are managed internally, clients shouldn't know the function info. Also, the contexts are different from different execution mechanisms. You can refer to Tutorial: Using CloudScript context models.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Ruben Pascual Blanco avatar image Ruben Pascual Blanco commented ·

Yes I know, I use the playstream context for my server-only functions.

So even if a client managed to guess the function name, the context would be null when being deserialized as a playstream context, since it was not called from an event but a client, right?

0 Likes 0 ·
Gosen Gao avatar image Gosen Gao Ruben Pascual Blanco commented ·

Part of the context would be null, for example, the PlayStreamEventEnvelope is null, if the function is called from a client.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.