Verify that actions come from the active player.

Could prevent bad states in some cases of network race conditions or cheating attempts.
author: Tor Andersson <tor@ccxvii.net> 2022-09-23 13:13:00 +0200
committer: Tor Andersson <tor@ccxvii.net> 2022-10-05 17:36:50 +0200
commit: 868599b8e2df9e9a01aa93479371d24566f49126 (patch)
tree: 5bb3e6d8dff56cdf03947d9930e1902a35a2bd48 /server.js
parent: 6fe88f12e4a5fdf1e928fa9f448b3f22be2f2563 (diff)
download: server-868599b8e2df9e9a01aa93479371d24566f49126.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/server.js b/server.js
index 7e63528..9747f7c 100644
--- a/server.js
+++ b/server.js
@@ -1847,6 +1847,10 @@ function on_action(socket, action, arg) {
 		SLOG(socket, "ACTION", action)
 	try {
 		let state = get_game_state(socket.game_id)
+
+		if (state.active !== socket.role && state.active !== "Both" && state.active !== "All")
+			return send_message(socket, 'error', "It's not your turn!")
+
 		let old_active = state.active
 		state = socket.rules.action(state, socket.role, action, arg)
 		put_game_state(socket.game_id, state, old_active)
author	Tor Andersson <tor@ccxvii.net>	2022-09-23 13:13:00 +0200
committer	Tor Andersson <tor@ccxvii.net>	2022-10-05 17:36:50 +0200
commit	868599b8e2df9e9a01aa93479371d24566f49126 (patch)
tree	5bb3e6d8dff56cdf03947d9930e1902a35a2bd48 /server.js
parent	6fe88f12e4a5fdf1e928fa9f448b3f22be2f2563 (diff)
download	server-868599b8e2df9e9a01aa93479371d24566f49126.tar.gz