Client/Server backend inventory (storing/equiping items).

This is pretty generic/architectural question, about how to handle equping items in game.

I have inventory which stores all items and equipment (which manages which items are equipped). All Items are stored as Json in some backend database. For obvious reason client have no authority over either of them.

On backend side there are serverless functions which handle equipping/upgradeing/manipulation of items. When client is not connected to any server it’s not an issue. Client makes http request to backend, gets response and update it’s current state.

When client is connected to dedicated server it get’s more complex. Here i can’t simply bypass server, because server must also know which items player have.

Here Is few solutions I have thought about:

  1. Create separate components for when player is not connected to dedicated server and for when player is connected (would have to maintain two separate code paths).
  2. Let client make requests and then send it’s state to dedicated server (possibly very unsecure).
  3. Let client make requests and when there is response from backend, tell server to also pull data from backend (safe, but potentially very slow.
  4. Always route requets trough dedicated server instance (so client would also need to be connected to dedicated server instance, when they are in menu, in that case UE4 instance would only act as gateway and clients connected to it, wouldn’t need to know about other clients).

Do you guys have any other thoughts, about how to do it ?

Last game I worked on*
** I implemented my USQLite Plugin for them, I didn’t touch the gameplay code.

They simply created the “inventory” in PlayerState class :slight_smile:
Really, it was that simple…

The basic idea is simple, the hard part is when have to secure it :D. I already have inventory working and that’s non issue, the part is to actually integrate it with backend services in some sensible way, without duplicating functionality.

This can increase security a bit:
Always use HTTPS protocol. When you send request, always use some token or hash. And change it everytime when you send HTTP request.
For instance, first time when client login to server with username and password (or whatever you use), server will create token for that client, validate client and send it back to client. After that you can use that token for another request. When server authorize again your token and client data, it will create a new token and send it back to client (if all previous validation was successfull).