generated from nhcarrigan/template
hikari
46f095ff8b
Option A — state validation on every save: - Cap all resources to RESOURCE_CAP (server enforces, not just client) - Block boss status rollback (defeated can't become non-defeated) - Block quest status rollback (completed can't become non-completed) - Block achievement rollback (unlockedAt can't be cleared or future-dated) - Block prestige count rollback (count can only go up) Option D — HMAC signed save chain: - Server signs the saved state with ANTI_CHEAT_SECRET (env var) - Signature returned from both /game/load and /game/save - Client stores signature in localStorage, sends it with every save - Server verifies signature matches the previous DB state before accepting - Gracefully degrades: if secret unset or first save, checks are skipped Both options combine: a valid signature doesn't bypass A-validation; A-validation runs regardless and silently corrects tampered fields.
New Repository Template
This template contains all of our basic files for a new GitHub repository. There is also a handy workflow that will create an issue on a new repository made from this template, with a checklist for the steps we usually take in setting up a new repository.
If you're starting a Node.JS project with TypeScript, we have a specific template for that purpose.
Readme
Delete all of the above text (including this line), and uncomment the below text to use our standard readme template.