Sign in to follow this  

Custom Level Upload-Server

This topic is 477 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello forum!

 

I'm looking for some ideas to realise the following:

 

A player can create a customised level which will be saved in a Lua file.

Next step would be, to upload this level file on a server.

 

The server's level files can be seen in the client, it should show who created it, ratings, downloads, ...

Once a player decided what to play, they can just press download and the client downloads the level - saves it within the applications source tree.

 

I would like to know what server software might become interesting for this?

 

Another part is checking whether the uploaded material should be accepted.

I would not want someone to upload some malefic file. However, trusting the source from where the file is being uploaded should not be trusted without further ado, right?

 

Thinking about all these integrity checks make me wonder, if having a server isn't actually way too dangerous for my users.

Also aspects like DDOSing blows this topic up to an extreme extent.

 

Nonetheless, I would happy to hear your thoughts and suggestions!

 

Share this post


Link to post
Share on other sites
First, nobody will DDoS you for any length of time unless you have either a very profitable game, or a game with a very rabidly emotionally attached user base, or both.
Either of those cases is actually, in the grand scheme of things, a good thing :-)

Second, because you're using LUA, you can actually prevent the users from doing anything "really bad" to the machine where it runs.
However, you have to make sure that the default LUA libraries for things like file I/O are not available.
Instead, only make functions available that respond to things that happen in your game. That way, you can build a "LUA sandbox" that doesn't let a script reach outside where it's supposed to be.
Designing secure, tight, sandbox APIs is actually pretty hard, unfortunately, but it's possible, assuming LUA doesn't have a bug in itself that's exploitable.
Also, user ratings of scripts ought to be able to alert you to any particular problems.

Server software for an upload/browse/download/rate system for text scripts? Literally any web application framework in the world will be able to do this.
(Static site generators don't count, as they don't generate applications :-)
Define a few REST services (GET/POST/PUT) that lets a user create a new file, upload the file, set metadata about the file, as well as post comments/ratings about it, and searching the database of files.

What's your favorite language?
Erlang with Webmachine?
Haskell with Warp?
PHP just as it is?
Python with Flask?
JavaScript with Nodejs?

For a few dozen files, you don't need more storage than a file system (that makes sure users can't overwrite existing files or create files with bad file names like "." or "/etc/passwd" or whatnot.)
For many thousand files, a simple MySQL (or Postgres, or MSSQL, or Cassandra, or RIAK, or ...) server will work just fine. Use MEDIUMTEXT or similar data type for the payload script.

Another good thing to do is set an upper limit to the size of the script (30 kB?) and make sure that the entire script parses like a proper LUA file (throw it at a sandbox LUA interpreter and look for errors) so that nobody uploads child porn or whatever.

Finally, you will need some what for users to log into your game server, both from a web interface (if you want to support web-based management/ratings) and from the client.
"Log in with Facebook/Google/Twitter/Whatever" is quite handy for web servers, but much harder to do for game clients, because it assumes the game client is a full-fledged browser that can talk HTTPS and follow HTTP redirects and show HTML/JavaScript applications to the user.
An alternative is to just create an account with email address and password, and make the user verify the email address with a link you mail them.
Most web application frameworks should be able to do this for you.

Share this post


Link to post
Share on other sites

Thanks a lot : )

 

I thought that using a MySQL-server would be sufficient.

 

An alternative is to just create an account with email address and password, and make the user verify the email address with a link you mail them. Most web application frameworks should be able to do this for you.

While it is an interesting thought to support "Log in with ...", it creates some dependency that I would have to maintenance if the API changes.

 

I thought offering registration for a personal account might be quite a good way of doing it.

While I read a bit about security, I liked the idea to use a PHP script as a proxy for MySQL-server interactions.

Is there any way to do this in C++? I prefer approaches that are platform independent.

 

Additionally, are there maybe complete libraries that centre around this concept? Maybe providing an easy way to login and keep a session alive.

Share this post


Link to post
Share on other sites

I liked the idea to use a PHP script as a proxy for MySQL-server interactions.
Is there any way to do this in C++? I prefer approaches that are platform independent.


In the abstract, PHP and C++ can both do this, and both of them can do it on Linux, Windows, BSD, and MacOS X (as if you'd ever run a server on that :-)
In practice, installing PHP on Apache or nginx under Linux or BSD is quite fast, and writing the scripts necessary is also quite fast, compared to writing the code in C++.
The main reason for that is that there is no good, well documented web server library for C++ that has as many nice frameworks/examples available as for PHP (or Flask/Python, or whatever.)
Also, making SSL work in C++ is a pain, because libopenssl is very poorly documented. There are a few other libraries that try to solve this, but I don't know how safe and battle tested they really are yet.
(Possible alternatives may include Botan or PolarSSL or CYaSSL.)

I think that, for web services, you really shouldn't be doing C++, unless you have a lot of C++ web development experience already.
(That seems to work for OKCupid, but not many others :-) Edited by hplus0603

Share this post


Link to post
Share on other sites

Oh, I might expressed myself the wrong way.

 

The proxy shall be PHP, which accesses the database. However, the C++-client shall send the important data to the PHP-proxy.

For example, the user wants to login, C++ shall send the username and password to the PHP proxy. This one shall see, whether the given account exists and has the right password.

Or the user wants to upload a level, Lua-level-file will be sent to the PHP-proxy.

 

I was wondering on how to call a PHP script via C++. Especially, when it is not part of the source tree, but located on some online host.

Is there a neat library to do this? Preferably as platform independent as possible.

 

About the web services, I was rather thinking about active sessions on the C++ game client itself, in order to avoid requesting username/password a dozen times for every action that shall alter the uploaded files on the server. Probably something along the lines to simply save the username/password encrypted in some file, sending these to the proxy together with the content changes.

Share this post


Link to post
Share on other sites
Ah! You need a HTTP/HTTPS client library in C++.
libcurl is pretty good.

You can then "log in" the C++ client by posting name/password to the web service, which might return a Set-Cookie header with a random, hard-to-guess session ID, and you can provide that Cookie header in subsequent requests to the web service.
The good news with that is that you can then use the same login mechanism if you build a web app to manage your data :-)

Share this post


Link to post
Share on other sites

This topic is 477 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this