feat: production hardening — input validation, anti-cheat, reconnection, zone backup#57
Merged
feat: production hardening — input validation, anti-cheat, reconnection, zone backup#57
Conversation
- Wrap all handle_message dispatches in safe_handle_message try/catch
- Catches badmatch, badkey, function_clause, case_clause errors
- Returns error reply to client instead of crashing the WS process
- Add chat content length limit (2000 bytes)
- Log unexpected crashes via logger:warning
Previously, missing payload fields (e.g. chat.send without content)
would crash the WS handler, killing the session and disconnecting
the player. Now returns {error, invalid_payload} gracefully.
- Pass tick number into ZoneState before calling GameMod:zone_tick - Add anticheat_violation/3 telemetry event for logging suspicious inputs - Game modules can now track tick count for cooldown enforcement
- Add reconnect_state to world server init (from config reconnect key) - Monitor player session PIDs on join, detect disconnect via DOWN - Grace period via asobi_reconnect module (already existed, now wired) - On disconnect: start grace timer, keep entity alive in zones - On reconnect: re-subscribe to zones, re-monitor new session - On grace expiry: remove player from world and zones - ETS asobi_player_worlds table for PlayerId→WorldPid lookup - ETS asobi_world_state table for zone crash recovery (Phase 4) - WS handler checks for pending reconnect on session.connect - Backwards compatible: games without reconnect config unchanged
- Backup zone entity state to ETS every 20 ticks (~1 second) - On zone restart, recover entities from ETS backup - Normal/graceful shutdown clears backup - Abnormal termination preserves backup for recovery - Uses asobi_world_state ETS table (created in asobi_world_sup)
Taure
force-pushed
the
feat/production-hardening
branch
from
0008be0 to
1016454
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Four critical production hardening changes for 60-minute session games:
Phase 1: Input Validation
safe_handle_messagetry/catch wrapper prevents WS handler crashes from malformed payloadsPhase 2: Anti-Cheat Basics
anticheat_violation/3telemetry event for suspicious input loggingPhase 3: Reconnection Grace Period
asobi_reconnectmodule to world server (module already existed)asobi_player_worldstable for PlayerId→WorldPid lookupPhase 4: Zone Entity State Backup
Test plan