-
Notifications
You must be signed in to change notification settings - Fork 289
/
Copy pathprotocol.txt
111 lines (67 loc) · 2.29 KB
/
protocol.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
server.php
?action=get_sequence_number
&email=[email address]
Return:
sequence number
OK
Gets next valid sequence number associated with email. Note that even if
email is unknown to server, 0 will be returned so that first life can be
submitted.
server.php
?action=curse
&email=[email address]
&sequence_number=[int]
&hash_value=[hash value]
Return:
OK
-or-
DENIED
Used by game servers to indicate that a given email's curse score has gone
up by one.
hash_value is computed on both ends with:
HMAC_SHA1( $shared_secret, $sequence_number )
Where $shared_secret is a secret string known to both the curseServer and
the game servers that have permission to post game stats.
If sequence number is <= previously used sequence number for this email address,
request will be rejected.
server.php
?action=live_time
&seconds=[time in sec]
&email=[email address]
&sequence_number=[int]
&hash_value=[hash value]
Return:
OK
-or-
DENIED
Used by game servers to indicate that a given email has lived a life of
a certain number of seconds.
seconds can be a floating point number
hash_value is computed on both ends with:
HMAC_SHA1( $shared_secret, $sequence_number )
Where $shared_secret is a secret string known to both the curseServer and
the game servers that have permission to post game stats.
If sequence number is <= previously used sequence number for this email address,
request will be rejected.
server.php
?action=is_cursed
&email=[email address]
&email_hash_value=[hash value]
Return:
1 excess_points if cursed
-or-
0 0 if not cursed
-or-
DENIED
Used by game servers to indicate that a given email's curse status.
excess_points is how many points above the limit the user has.
hash_value is computed on both ends with:
HMAC_SHA1( $shared_secret, $email )
Where $shared_secret is a secret string known to both the curseServer and
the game servers that have permission to post game stats.
NOTE: No sequence number is used in this call, making it subject to replay
attacks. However, since this is a read-only call, this is fine.
The point of the hash is to prevent third parties from checking
the curse status of a known email address.
Foregoing the sequence number check allows this to be a single-round-trip
call, simplifying game server code.