question

Kaiwen Yu avatar image
Kaiwen Yu asked

CloudScript using Azure Functions Authorization

Hi all,

I am currently using Azure Functions for all my CloudScripts. I am working on Scheduled Task using Azure Functions. However, I couldn't figure out the way to stop player client accessing the same Functions. For example, I want to create a Scheduled Task to rotate my shop items. This function should only be executed by a scheduled task set in the Game Manager Console. But when I try to invoke them through my Unity player client, it won't throw an exception.

How could I reject the execution when the caller is from a player client? Or how can I only allow execution from the Scheduled Task functionality within PlayFab Game Manager Console.

I tried to convert the context to ScheduledTaskFunctionExecutionContext, but it won't throw an exception even when I invoke the function through a Unity client side ExecuteFunction attempt. 

[FunctionName("UpdateStore")]
public static async Task<dynamic> Run(
    [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
    ILogger log
)
{
    try
    {
        var context =
            JsonConvert.DeserializeObject<ScheduledTaskFunctionExecutionContext<dynamic>>(
                await req.ReadAsStringAsync());
        
        return null;
    }
    catch (Exception e)
    {
        log.LogError($"Unexpected error calling UpdateStore function. [{e.Message}]\n{e.StackTrace}");
        return null;
    }
}
CloudScript
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Citrus Yan avatar image
Citrus Yan answered

When executing Azure Functions via the ExecuteFunction API, the context FunctionExecutionContext passed by PlayFab contains the info about the caller:

public PlayFab.ProfilesModels.EntityProfileBody CallerEntityProfile { get; set; }

You may use such info to tell whether a player is calling the function or not. If it is, you may abort the call, for more details, please check out this thread: Azure Function differentiate between client/server/API - Playfab Community

5 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kaiwen Yu avatar image Kaiwen Yu commented ·

I will try it out. However, does that mean I can tell if the caller is a player, but I don't have a way to tell it is from ScheduledTask process?

I mean instead of (pseudo code)

if caller != player:

	do the thing

Is there a mechanism to?

if caller == taskScheduler:

	do the thing
0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Kaiwen Yu commented ·

The ScheduledTaskFunctionExecutionContext is sent to Azure Function when executed via Scheduled Tasks, I believe you can use that to tell whether it's from Scheduled Task

0 Likes 0 ·
Kaiwen Yu avatar image Kaiwen Yu Citrus Yan commented ·

As I mentioned in the question body, I tried to deserialize context into ScheduledTaskFunctionExecutionContext when I actually invoked the Azure Function from a player client and it won't throw serialization exceptions. I am using 

JsonConvert.deserializeObject<ScheduledTaskFunctionExecutionContext>(context);
0 Likes 0 ·
Show more comments
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.