yorkie
yorkie copied to clipboard
Validate Checkpoint in ChangePack for PushPull API requests
Description:
When the Client calls the PushPull API
and sends the request ChangePack
, Checkpoint
in the request may be tampered with due to various reasons such as network delays causing duplicate requests, new SDK bugs, or intentional tampering by malicious clients.
Therefore, it is beneficial for the stability and security of the system to validate Checkpoint
.
Consider the following validation checks:
-
Change
s in the requestChangePack
passed toPushPull API
are created by a single Client, soChange.ID.Checkpoint.ClientSeq
should increment sequentially by one. -
Checkpoint.ServerSeq
in the requestChangePack
forPushPull API
cannot be greater than the server'sCheckpoint.ServerSeq
since it is set when the server saves the Change to the database.
If the Checkpoint is invalid, consider the following exception handling:
- If duplicate requests caused by network delays treat them as
OK
- For other reasons, return
INVALID_ARGUMENT
Why:
This validation will help ensure the integrity and security of the system.