User Tools

Site Tools


moss:initial_notes_for_v0.1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
moss:initial_notes_for_v0.1 [2026/06/26 10:14] appledogmoss:initial_notes_for_v0.1 [2026/06/26 10:21] (current) appledog
Line 78: Line 78:
  
 The bridge is a one-time **ticket**: The bridge is a one-time **ticket**:
-# You log in on the web → a normal PHP session marks you as authenticated. +# You log in on the web and the PHP session marks you as authenticated. 
-# When the game page (''index.php'') loads, it checks that session. No session → you are redirected to the sign-in page (**there are no guests**).+# When the game page (''index.php'') loads, it checks that session. No session and you are redirected to the sign-in page (//"there are no guests"//).
 # If you //are// logged in, the page mints a random **ticket**, stores it in a ''tickets'' table (your uid + a timestamp), and embeds it in the page. # If you //are// logged in, the page mints a random **ticket**, stores it in a ''tickets'' table (your uid + a timestamp), and embeds it in the page.
 # The browser opens the WebSocket and **its very first message is** ''auth <ticket>''. # The browser opens the WebSocket and **its very first message is** ''auth <ticket>''.
Line 152: Line 152:
 * Vendored **Bootstrap 5** (CSS/JS) and a couple of jQuery helpers, used only by the web pages. Static assets. * Vendored **Bootstrap 5** (CSS/JS) and a couple of jQuery helpers, used only by the web pages. Static assets.
  
-=== Known gaps and next steps +=== Immediate improvements 
-* No brute-force rate-limiting on login/signup yet.+v0.1 is a proof-of-concept / prototype. It's the basis for the whole system; the structural bones of it all. So there is naturally a lot of room for improvement. 
 +* No rate-limiting on login/signup or on game commands. 
 +* No filters on chat.
 * The WebSocket ticket is reusable within a short TTL (convenient for reconnects; could be hardened to strictly one-time). * The WebSocket ticket is reusable within a short TTL (convenient for reconnects; could be hardened to strictly one-time).
 * Half-open sockets aren't actively reaped yet (a heartbeat/ping would do it). * Half-open sockets aren't actively reaped yet (a heartbeat/ping would do it).
-* The world is a 4-room placeholder; the object model (objectsproperties, verbs, containment) is the real next chapter+ 
-* Legacy files noted above are candidates to remove or adapt.+Lots of other little things are sure to come out under analysis. But as milestones gov0.1 is a big one
 + 
 +<blockquote>"When in doubt, just start coding."</blockquote>
moss/initial_notes_for_v0.1.1782468866.txt.gz · Last modified: by appledog

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki