OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Securing In-App Purchases for Guest and Logged-in Players in a Flutter and Node.js Real-Time Game

  • Thread starter Thread starter Mona
  • Start date Start date
M

Mona

Guest
I am developing a real-time game with Flutter as the frontend and Node.js as the backend. The game includes a shop UI where players can buy coins, gems, and avatars. Players can purchase gems using virtual coins and avatars using virtual gems. For each item, the UI displays its price in either virtual gems or coins. Data storage varies based on the player's status (guest or logged in).

Current Implementation: For guest players, data is stored locally using sqflite. The purchase process is handled entirely on the frontend to reduce server costs. Here’s the method for buying gems:

Dart

Code:
void buyGems(int coins, int gems) async {
    showErrMsg(coins, user.userData.coins, "no_coins_for_bundle_msg");
    user.userData.coins = user.userData.coins - coins;
    user.userData.gems += gems;
    await user.saveOrUpdateUserInLocalDb(user.userData);
}

For logged-in players, data is stored both locally (sqflite) and on the server (MySQL). The backend handles the purchase process to ensure security. The steps are:

-The player sends a request to the server. -The server checks if the player has enough coins. -The server retrieves the bundle's price and amount from environment variables. -The server updates the player's data in the MySQL database. -The server responds to the client. -The client updates the local database upon a successful response.

Security for Guest Players: Since the calculation and data update are handled on the frontend, there's a risk of players accessing and modifying the Flutter files to manipulate their data. Server Resource Management: Moving all calculations to the backend for security reasons can increase server load and costs, which is a concern given the limited budget.
<p>I am developing a real-time game with Flutter as the frontend and Node.js as the backend. The game includes a shop UI where players can buy coins, gems, and avatars. Players can purchase gems using virtual coins and avatars using virtual gems. For each item, the UI displays its price in either virtual gems or coins. Data storage varies based on the player's status (guest or logged in).</p>
<p>Current Implementation:
For guest players, data is stored locally using sqflite. The purchase process is handled entirely on the frontend to reduce server costs. Here’s the method for buying gems:</p>
<p>Dart</p>
<pre><code>
void buyGems(int coins, int gems) async {
showErrMsg(coins, user.userData.coins, "no_coins_for_bundle_msg");
user.userData.coins = user.userData.coins - coins;
user.userData.gems += gems;
await user.saveOrUpdateUserInLocalDb(user.userData);
}
</code></pre>
<p>For logged-in players, data is stored both locally (sqflite) and on the server (MySQL). The backend handles the purchase process to ensure security. The steps are:</p>
<p>-The player sends a request to the server.
-The server checks if the player has enough coins.
-The server retrieves the bundle's price and amount from environment variables.
-The server updates the player's data in the MySQL database.
-The server responds to the client.
-The client updates the local database upon a successful response.</p>
<p>Security for Guest Players: Since the calculation and data update are handled on the frontend, there's a risk of players accessing and modifying the Flutter files to manipulate their data.
Server Resource Management: Moving all calculations to the backend for security reasons can increase server load and costs, which is a concern given the limited budget.</p>
Continue reading...
 

Latest posts

M
Replies
0
Views
1
Mohit Pant
M
Top