简体繁体 English

多人游戏NodeJS，HTML，JS-服务器/客户端验证

[英]Multiplayer game NodeJS, HTML, JS - server/client side validation

原文 2018-05-16 09:11:26 6 3 javascript/ html/ node.js

My question is more related to validations of the movements in the game, the game is Checkers. 我的问题与游戏动作验证有关，游戏是“跳棋”。 I'm developing a Checkers game, in html, css, js, and nodeJS, the game will be multiplayer. 我正在用HTML，CSS，JS和NodeJS开发Checkers游戏，该游戏将是多人游戏。

So my question is about the validation, what would be the best approach. 所以我的问题是关于验证，什么是最好的方法。

Right now all the validations (valid movement, etc) are done client side (of course must be server side). 现在，所有验证（有效移动等）都在客户端完成（当然必须在服务器端）。

My question is, what would be the best approach: 我的问题是，最好的方法是什么：

Having client side validation, if the validation is OK then send the validation to the server and validate it there if all is ok change turn for the next player, if not the server rejects the movement and the player have to do a valid movement. 进行客户端验证后，如果验证正常，则将验证发送到服务器，然后在下一个玩家的所有变更都可以的情况下在服务器上进行验证，否则，服务器拒绝该动作，而玩家必须进行有效动作。
No client side validation, just basics, all validation are done server-side. 没有客户端验证，只是基础知识，所有验证都在服务器端完成。

Scenario 1: I think it's the best, because we don't rely that heavily on the server, if the movement client-side is wrong then it won't even send it to the server and if a player with bad intentions (modifying code) try to do bad movements there is the server with side validation. 方案1：我认为这是最好的，因为我们不那么依赖服务器，如果移动客户端错误，那么它甚至都不会将其发送到服务器，并且如果玩家有不良意图（修改代码））尝试执行不良动作，该服务器具有侧面验证功能。

Scenario 2: We rely more heavily on the server, it will consume more resources and will be slower for all online players overall, but it will be a little bit "faster" on the client side because there aren't as much validations as in scenario 1. 方案2：我们更加依赖服务器，它将消耗更多资源，并且整体而言，对于所有在线播放器来说，速度都将变慢，但是在客户端，这将“更快”一点，因为验证不如在服务器上那样多。方案1。

I think that Scenario 1 is the best approach because: 我认为方案1是最好的方法，因为：

More security, client and server validations 更多安全性，客户端和服务器验证
Less lag for other player because only validated movements from the client will be validated in the server 其他玩家的延迟减少，因为只有来自客户端的经过验证的移动才会在服务器中进行验证
Less Resources = Less infrastructure, so cheaper overall. 更少的资源=更少的基础设施，因此总体上更便宜。

What's your opinion, or do you have a better approach? 您对此有何看法，还是有更好的方法？

Thanks all for reading. 谢谢大家的阅读。

3 个解决方案

This question is maybe a bit too open-ended and opinion-based for SO, but here goes: 对于SO来说，这个问题可能有点过于开放和基于观点，但是这里有：

Personally, I think having clients behave as "watchers" for the game server is ideal. 就个人而言，我认为让客户充当游戏服务器的“观察者”是理想的选择。 The game server should be authoritative and do all the logic to ensure consistency. 游戏服务器应具有权威性，并应执行所有逻辑以确保一致性。

I'm working on a networked JS game + engine right now and handle this as follows: 我现在正在开发一个联网的JS游戏+引擎，并按以下方式处理：

The server broadcasts 2 game states with timestamps to all clients. 服务器向所有客户端广播带有时间戳的2个游戏状态。 Each client then interpolates between state n and n+1 . 然后，每个客户端在状态n和n+1之间进行插值。 In that time, any user input is sent back to the server, which is then incorporated into states n+1 and n+2 which are sent on the next broadcast. 在那个时候，任何用户输入都被发送回服务器，然后服务器被合并到状态n+1和n+2 ，它们在下一次广播中发送。 When the clients reach n+1 in the interpolation, n+1 is corrected with the new pair of n+1 and n+2 . 当客户到达n+1内插， n+1与新的对修正n+1和n+2 。

This means clients can experience maximum of 1 tick's worth of lag if an event was fired at the beginning of an interpolation and not broadcast to the other clients until the next state broadcast. 这意味着，如果在插值开始时触发了一个事件，则客户端最多可以经历1个点的延迟，并且直到下一次状态广播时才广播给其他客户端。 This can be about 200 ms before it gets noticeable, but that's pretty tolerable in my experience. 这可能需要大约200毫秒，然后才能引起注意，但是根据我的经验，这是可以忍受的。

I came to this method thanks largely to this incredibly useful set of articles by Gabriel Gambetta: 我之所以使用这种方法，主要是因为加百列·甘贝塔（Gabriel Gambetta）撰写了非常有用的文章：

I. Client-Server Game Architecture 一，客户端-服务器游戏架构

II. II。 Client-Side Prediction & Server Reconciliation 客户端预测和服务器对帐

III. III。 Entity Interpolation 实体插值

IV. IV。 Lag Compensation 滞后补偿

Obviously I can't include all of the articles, but the gist of what I wrote above is in this image from the first article: 显然，我不能包括所有文章，但是我在上面写的要旨是在第一篇文章的这张图片中：

I would say senario 1 is better. 我会说senario 1更好。

You need to use both types of validations. 您需要使用两种类型的验证。 As a user clicks, show movement on the client side by javascript validation, and in the background send movement code to the server for validation so that player sitting on another can see it. 当用户单击时，通过javascript验证在客户端显示动作，并在后台将动作代码发送到服务器进行验证，以便坐在另一个上的玩家可以看到它。 Anyways you will have to send data to the server so that other player can see the movement of the player. 无论如何，您都必须将数据发送到服务器，以便其他播放器可以看到播放器的移动。

Add client-side validation also to prevent unnecessary request to the server and it will also increase waiting time for the player. 添加客户端验证还可以防止对服务器的不必要请求，这还将增加播放器的等待时间。

I usually prefer validation on server side for the following reasons: 我通常更喜欢在服务器端进行验证，原因如下：

Client is not loaded with validation burden. 客户端不承担验证负担。
In case validation fails, the back-end is aware thus, failures are logged centrally and you may decide on certain actions upon several failure cases. 如果验证失败，后端将因此而意识到，将失败集中记录下来，您可以根据几种失败情况决定采取某些措施。 (post a message? send an email? see failures trending?) （发布消息？发送电子邮件？查看失败趋势？）
Easier code debugging. 简化代码调试。
The client code is not trustworthy security wise. 客户端代码不是值得信赖的安全性。
Related to the game, you will have to send updates anyway so, your code will be more manageable if it is all server side and you may optimise various aspects of it. 与游戏相关，无论如何，您都必须发送更新，因此，如果代码是服务器端的，则代码将更易于管理，并且可以优化代码的各个方面。