- The right way is however you want it to happen. Generally the client shouldn’t actually be making too many calculations. Instead what it does is “simulate” or “guess” what’s happening by the information given. Location is something that’s replicated for us out of the box for almost all things. Depending on what you’re trying to move, the Server does all the logic, the client “can” if you want simulate/move it on the client side, but being the client this move is null and void, so the server will eventually send an update correcting the player’s move if they’re out of sync.
You can read up a bit about the “how” here
- Check for Authority and many other “replicated” functions inside the engine all have verification, and validation checks going on. Attempting to modify these, like say a hacker, would end up resulting in the engine not working for them on their end, or the server booting them from the server because of invalid attempts. Although still technically possible. For the most part, the Authority check is there to prevent normal users from having certain code activated on their machine so that replication works properly. So yes, the client gets it, but the entire engine is already setup to provide clients from not calling anything.
Usually whenever you write networking code for games, your client does nothing. It’ll sometimes make requests, but for the most part it does nothing but show you what’s happening. There are “Server” and “Client” functions that you can mark inside your code that tell it to run on the respective machine. Using those macros properly prevent the client from even being able to call the “GiveGold()” function. The engine just won’t do it. If for some reason you write your code to allow the client to use “GiveGold()” it sends it to the server, and the server should check if it’s a valid request anyways before processing it.