Prevent clients from creating rooms

in JavaScript
Hello - I am wondering if there is a way to setup my app such that anonymous clients, which access photon using a website and the js sdk, can join rooms, but not create new rooms, and only the "server" for my game, using a custom authentication mechanism, can create rooms.
Because of how my game is intending to function, similar to jack box games, I can't think of a way for the clients to be able use an authentication method and I want to prevent unauthenticated users from being able to essentially hijack my photon app and create their own rooms and the like.
Is such a thing possible?
Because of how my game is intending to function, similar to jack box games, I can't think of a way for the clients to be able use an authentication method and I want to prevent unauthenticated users from being able to essentially hijack my photon app and create their own rooms and the like.
Is such a thing possible?
0
Comments
Thank you for choosing Photon!
This is not possible using client logic only.
The proper way to do this is via custom server plugin which are available for self-hosted (on-premises) Photon Server or private Photon Enterprise Cloud.
There is another way to do this using webhooks but it's hacky as it was not the intended purpose:
Webhooks were meant to allow saving and loading room state.
So if you want to use them to block room creation here is what you need:
Idea:
we are going to fake new room creation as old room state loading (via JoinOrCreateRoom).
or when we want to prevent actual new room creation we do not return a response.
Config:
Implementation:
Client:
- prefer JoinOrCreateRoom over Create room to create rooms.
Web Server:
- in PathCreate handler, if args.Type == "Create" and you don't want this room to be created DO NOT RETURN ANY RESPONSE.
- in PathCreate handler, if args.Type == "Load" and you don't want this room to be created, return response with ResultCode != 0.
- in PathCreate handler, if args.Type == "Create" and you want this room to be created return a default success response (ResultCode = 0).
- in PathCreate handler, if args.Type == "Load" and you want this room to be created return a success response (ResulceCode = 0, State = {}).