question

nickpruehs avatar image
nickpruehs asked

How to design CloudScript calls restricted to servers?

Hey everyone,

we are trying to move some custom server logic to CloudScript, more specifically for reporting the results of a match.

Parameters:

  • Match Players
  • Match Winners

Script:

  1. For each player:
    1. Get current wins, losses and matchmaking rating of that player.
    2. If the player won, increase wins and matchmaking rating.
    3. Else, increase losses and reduce matchmaking rating.
  2. Call server.UpdatePlayerStatistics with the new values.

We'd love to do so in CloudScript. However, CloudScript can be called from clients as well, which we don't want to allow them to do.

Right now, we're calling the CloudScript function from server-side on behalf of any of the players, and send a server secret along with the JSON payload. The CloudScript function then verifies the secret before applying the above changes.

It this the correct way to do so, or do you recommend another approach?

Our next step would be to write a CloudScript function for initializing player statistics with reasonable default values (e.g. matchmaking rating other than zero). How would we go about that?

CloudScriptCustom Game Servers
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

nickpruehs avatar image nickpruehs commented ·

Okay, I've already found

https://community.playfab.com/questions/7056/start-off-every-player-with-certain-player-data-an.html

for the second part of the question. The first part still remains :)

0 Likes 0 ·

1 Answer

·
Joshua Strunk avatar image
Joshua Strunk answered

So your solution to having CloudScript handlers which should only handle calls originating from other servers is the only solution for now. You can find some more in-depth discussion on it in this thread.

https://community.playfab.com/questions/12570/can-the-api-permission-policy-be-used-to-restrict.html

That is unless you are triggering the handler through a PlayStream event. In that case, by looking at the PlayStream event's context data you might be able to determine the origin as being from a server api call. I need to double check this.

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

nickpruehs avatar image nickpruehs commented ·

Thanks for the confirmation! :)

0 Likes 0 ·
brendan avatar image brendan commented ·

Yes, for PlayStream-launched Cloud Script executions, you can use the Context, but you can also pass in parameters in your Action configuration. You could have a "key" that you pass in that way, which you then check in the Cloud Script code.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.