Level file version control

[Germanunkol]

Somehow, we should make sure that there's a "version" tag in each level file, for versions this file should run fine with. Then the game should also have a "version" tag. Otherwise, when updating the level format or something, we might get into trouble. Also, players should also only be able to download levels which correspond to their version (or which is known to work with their version) of the game.

[michalove]

I though about this a little. What if someone uploads a level and then finds an error and wants to upload an improved version of the level? Do we want to allow that people upload a level that already exists on the server? Or should the user make a different name (like levelname_2)? Everybody can use everybodys name, so we can never be sure that some other people want to overwrite a level or so.

Maybe we can add a "delete request" functionality. If someone accidently uploaded something that he wants to have deleted, then he can push the delete request button and one of us checks the level and deletes it, if it is back/unplayable or so.

Or we make the game remember which levels have been uploaded and then you have the options to delete the levels that you uploaded.

[Germanunkol]

I like the idea with the delete request. As we have to authorize levels anyway, that won't be much of a hazzle, I think...

The thing with remembering which levels one uploaded is that people could change the savefile which has that data stored to remove all levels. I find that too risky. What would work though is that the server could send back a "password" for each uploaded level - a 32 character long random string (like a hash). Then both the server and the game would save that password along with the level name - and when the user wants to delete the level he/she can simply click a button and the password is sent to the server with the delete request. That would be simple enough to code...

[michalove]

Good idea with the password. The game should additionally save all the passwords in the save-folder, so that the user does not have to copy them by hand. We can combine that with the delete-request in case somebody loses the data.

We should, however, try to avoid a registration process. That would probably be too much work for us.

[Germanunkol]

Yes, I wasn't going to show the password. I wanted the password to be hidden from the user entirely. So if when the game displays the levels in the level list, it will check if they have a password entry in the savefiles and if so it will display a button to delete the file on the server (or else enable sending a delete request).

[michalove]

Ok, got it. That sounds like a clean and easy solution.

[michalove]

I just want to throw another idea into the ring (it is not necessarily better): On the upload the user could enter a password. Once it is uploaded, the password is necessary for each change (upload new version, delete,...)

[Germanunkol]

Well, that would work. But it's not really easier, it's more work I believe. If just sending a simple password is enough, then that's fine, but I don't like to transmit single passwords (http/tcp is not encrypted, so passwords could be read - and people tend to re-use passwords for multiple purposes). So we'd have to do some hashing (easy) but, if possible, also send some salts around to make it secure etc. That would be unnecessary work.

Instead, I think the server should generate and save a password for each map and give that to the client (game) which saves the pw in the background. Then, if the user sends an update or delete request the game automatically sends along the password. If it's an update that the client sends, the game goes back to unauthorized.

One thing we have to keep in mind: If other clients already downloaded the map earlier and there's a new version, they should be given the chance to download the newer version.

[michalove]

Okay. I agree. This is also simpler for the user as he never sees any password.