Ability to interface with HTTP events within instances

Being able to send data to/from an instance to an outside source for logs, information, leaderboard stats, and more, would vastly expand upon what creators could do in regards to saving backups of playerdata, let creators restore playerdata or modify it without the player present, creators to use database tools to see if anyone has cheated or log if a player has cheated by standing in areas they’re not supposed to, fully customizable leaderboards and more.

Surely, this feature would need to be ratelimited or even set that only the Room Authority can do HTTP requests, and that RecRoom would need to host a proxy and include headers like ClientAgent: RecRoomCV2, RoomName: ^RoomName, RequestingPlayer: PlayerAtName, etc.

image1443×547 111 KB

Creators and players then could even interface with Discord webhooks or their own webhooks/webservers to log if players completed an event or players that help moderate rooms can use ingame tools to send a report from within RecRoom, and not have to tab out of window to add a warning to a player for misbehaving or being inappropriate.

Creators then could even improve upon sending multiple player position data for logging, and then using tools to heatmap where players love playing at in your own rooms, to see if you need to balance weapons or move weapons somewhere else to improve map footprint, or certain weapons that players like to hold the most, to consider ‘nerfing’.

This seems like a very cool idea, but I can see hackers using this to spam Discords more easily and raid the in-game room. If it has high security it might be a good idea.

RecRoom could essentially require the chip to have a hard coded domain hashed into the chip/room and only work if the chip has been saved to the room/is apart of the instance.

Say like you want to send a request to Discord for a webhook, then you would add a domain to the allowed domains list on the chip/room, save the room, then be able to submit http requests to that domain.

The chip more than likely would forward the http request ingame from the cv2, to a RecRoom proxy server, the proxy server can check if that domain is in the allow list on their end, instead of the hackers end, and send/drop the request from there!

As for hackers spamming your webhook, RecRoom could offer ways to modify the proxy data before it’s sent to the server, to include the name of the player that sent the webhook in the get/post data etc.

Then in regards for hackers messing around with the data, really can’t do much there other than if you’re running your own web server, to have graphs of all the players balances, tools they held, etc.