I am having some problems with understanding replication of actors in general. I will split this up into 2 questions, which are very similiar:
What’s the right way to set up moving / spawning actors? Generally, the client should be able to move without having to wait for a response of the server and should perform all kinds of actions - and the server should more or less just validate these actions and coordinate the game itself, right? How does that work? How would I implement this in C++ / Blueprint? Because I don’t see this being done by default.
The Blueprint Networking Tutorial on Youtube suggest using some kind of “check for authority” in the blueprint, so that only the server executes what comes after that node. However, it seems like the client still get’s that part of the blueprint, it just doesn’t execute it. Now what stops it from just saying: Well, I don’t care about this authority check, let’s just do it - and change his position or give himself gold / whatever?
The right way is however you want it to happen. Generally the client shouldn’t actually be making too many calculations. Instead what it does is “simulate” or “guess” what’s happening by the information given. Location is something that’s replicated for us out of the box for almost all things. Depending on what you’re trying to move, the Server does all the logic, the client “can” if you want simulate/move it on the client side, but being the client this move is null and void, so the server will eventually send an update correcting the player’s move if they’re out of sync.
You can read up a bit about the “how” here
Check for Authority and many other “replicated” functions inside the engine all have verification, and validation checks going on. Attempting to modify these, like say a hacker, would end up resulting in the engine not working for them on their end, or the server booting them from the server because of invalid attempts. Although still technically possible. For the most part, the Authority check is there to prevent normal users from having certain code activated on their machine so that replication works properly. So yes, the client gets it, but the entire engine is already setup to provide clients from not calling anything.
Usually whenever you write networking code for games, your client does nothing. It’ll sometimes make requests, but for the most part it does nothing but show you what’s happening. There are “Server” and “Client” functions that you can mark inside your code that tell it to run on the respective machine. Using those macros properly prevent the client from even being able to call the “GiveGold()” function. The engine just won’t do it. If for some reason you write your code to allow the client to use “GiveGold()” it sends it to the server, and the server should check if it’s a valid request anyways before processing it.