Closed
Description
All other client events are verified to confirm that the client is indeed the current player, but currently there's no verification for clients sending newGistLink! That means users could potentially cheat and change the Gist link at any time.
Related issue/limitation: handling the creation, forking, and editing of Gists on the client side means there's no way to prevent users from cheating or messing up the game! The only way to prevent that entirely would be to handle all of those actions on the server. Another issue: since this app relies on GitHub, there's no way to prevent users (within the game or outside of the game) from forking and editing the game's Gist at any time, even if the server did handle all the API calls!