From 868599b8e2df9e9a01aa93479371d24566f49126 Mon Sep 17 00:00:00 2001 From: Tor Andersson Date: Fri, 23 Sep 2022 13:13:00 +0200 Subject: Verify that actions come from the active player. Could prevent bad states in some cases of network race conditions or cheating attempts. --- server.js | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'server.js') diff --git a/server.js b/server.js index 7e63528..9747f7c 100644 --- a/server.js +++ b/server.js @@ -1847,6 +1847,10 @@ function on_action(socket, action, arg) { SLOG(socket, "ACTION", action) try { let state = get_game_state(socket.game_id) + + if (state.active !== socket.role && state.active !== "Both" && state.active !== "All") + return send_message(socket, 'error', "It's not your turn!") + let old_active = state.active state = socket.rules.action(state, socket.role, action, arg) put_game_state(socket.game_id, state, old_active) -- cgit v1.2.3