Emergency help, asap please

gruset · February 10, 2025, 2:11pm

Ive released my game on Google Play. 2d MMORPG.

Critical bug found in game atm. When players buy something from the Google Store, and they cancel the payment or the payment pruchase takes a long time. They can still validate the purchase as successful and they get rewarded.

Solution? The seenBefore function is just not enough. It needs to validate the purchase as well.

sesposito · February 10, 2025, 5:40pm

Hello @gruset,

What server version are you using, which runtime, what does your purchase validation and reward grant flow look like?

gruset · February 12, 2025, 2:22pm

Nakama 3.22.


validateResponse, err := nk.PurchaseValidateGoogle(ctx, *userId, data, true)

for _, response := range validateResponse.GetValidatedPurchases() {
   transaction, err := nk.PurchaseGetByTransactionId(ctx, response.TransactionId)
   if transaction.SeenBefore {
       //error
   }
   //Reward player

}

The problem is that, there is no functions exposing if the transaction was successfull or not. When I debug this with my own phone, (payment slow) and call the validation before the payment has been approved, it still validates it as successful somehow?

I have done plenty of workarounds and safeguards now, but there is still some loopholes that could be used if found.

sesposito · February 12, 2025, 2:44pm

I think I understand what’s happening, I believe we’re accepting validation as correct when the returned state from: REST Resource: purchases.products | Google Play Developer API | Google for Developers is still in “Pending”.

I’ll create a ticket to return an error if that’s the case, that should resolve the issue.

Expect it to be included in the next release.

Best.

sesposito · February 12, 2025, 3:16pm

Also, congratulations on the release! Care to share the game?

I’m glad you’ve managed to put some rails around the issue, as mentioned we’ll make sure to include the fix in the next release.

gruset · February 13, 2025, 9:50pm

Well thank you, 3 years in development and finally released.

The game can be found here: https://halmgaard.com/

It’s some sort of a success in my eyes, with around 200-400 concurrent players online at the same time. (1 match, 1 world)

thanks!

gruset · February 14, 2025, 7:28am

Can i follow that ticket somehow?

sesposito · March 6, 2025, 5:36pm

PS: The Forum has a showcase section if you’d like to share your game there

Topic		Replies	Views
Validated pending purchases Runtime Framework server-framework	3	34	March 6, 2025
In app purchase validation error Runtime Framework	4	634	August 10, 2022
Nakama Google In-App Purchase Validation Game Design server-framework	10	290	June 19, 2024
Validating iOS in-app purchase receipts fails Runtime Framework server-framework , golang	14	356	May 8, 2024
Unity IAP Validate Typescript Runtime doc missing Runtime Framework server-framework , typescript	1	40	September 10, 2024

Emergency help, asap please

Related topics