mirror of https://github.com/cliffe/BreakEscape.git synced 2026-02-23 04:08:03 +00:00

Go to file

Claude 1ae34b2944 Implement comprehensive server-side validation and data filtering for client actions

Server-side changes:
- Game model: Initialize starting items in player inventory from scenario
- Game model: Add filter_requires_and_contents_recursive to hide solutions and locked contents
- Game model: Fix filtered_room_data to preserve lockType while removing requires
- GamesController: Add scenario_map endpoint for minimal layout metadata
- GamesController: Update room endpoint with access control and NPC encounter tracking
- GamesController: Add container endpoint for lazy-loading locked container contents
- GamesController: Update inventory endpoint with comprehensive validation
  - Validates item exists in scenario
  - Checks item is takeable
  - Verifies container is unlocked if item is in container
  - Verifies room is unlocked if room is locked
  - Checks NPC is encountered if item held by NPC
- GamesController: Update unlock endpoint with transaction safety
- GamesController: Update sync_state to verify room accessibility
- Routes: Add scenario_map and container routes

Client-side changes:
- inventory.js: Make addToInventory async and add server validation before local updates
- container-minigame.js: Add lazy-loading of container contents from server
- game.js: Update to use scenario_map endpoint for reduced initial payload
- api-client.js: Add getScenarioMap method alongside getScenario

Security improvements:
- Prevents client-side cheating by validating all actions server-side
- Hides solution fields (requires) from client responses
- Hides locked container contents until unlocked
- Enforces room and container access controls
- Tracks NPC encounters automatically
- All validation failures return clear error messages

Implements plans from:
- planning_notes/validate_client_actions/GOALS_AND_DECISIONS.md
- planning_notes/validate_client_actions/IMPLEMENTATION_PLAN.md

2025-11-21 15:39:14 +00:00

.cursor/rules

settings updates

2025-05-16 10:42:42 +01:00

.github

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

.vscode

Add NPC dialogue and interaction scripts

2025-10-29 13:48:22 +00:00

app

Implement comprehensive server-side validation and data filtering for client actions

2025-11-21 15:39:14 +00:00

bin

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

config

Implement comprehensive server-side validation and data filtering for client actions

2025-11-21 15:39:14 +00:00

refactor: Move scenarios to root and update paths

2025-11-21 15:27:54 +00:00

docs

feat(rfid): Enhance hex generation with improved hash-based approach for realistic card data

2025-11-15 23:48:15 +00:00

lib

feat: Add rake task to load engine seed data

2025-11-21 15:27:54 +00:00

planning_notes

Implement comprehensive server-side validation and client integration for inventory and container management

2025-11-21 15:27:54 +00:00

public/break_escape

Implement comprehensive server-side validation and data filtering for client actions

2025-11-21 15:39:14 +00:00

scenarios

refactor: Move scenarios to root and update paths

2025-11-21 15:27:54 +00:00

scripts

refactor: Convert scenarios to ERB templates

2025-11-21 15:27:53 +00:00

story_design

feat: Add educational tool help files for security tools

2025-11-19 18:26:14 +00:00

test

Update test database: modified test.sqlite3 to reflect new schema changes

2025-11-21 15:27:54 +00:00

.gitignore

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

.rubocop.yml

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

break_escape.gemspec

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

CODEBASE_EXPLORATION.md

docs: Add comprehensive codebase exploration documentation

2025-11-20 15:37:37 +00:00

Gemfile

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

Gemfile.lock

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

HACKTIVITY_INTEGRATION.md

docs: Add comprehensive documentation

2025-11-21 15:27:54 +00:00

IMPLEMENTATION_COMPLETE.md

Implement Line-of-Sight (LOS) System for NPCs

2025-11-12 11:58:29 +00:00

index.html

feat(rfid): Complete system integration

2025-11-15 23:48:15 +00:00

key-demo.html

feat: Enhance key selection with additional key presets and improve random key generation logic

2025-10-28 16:03:50 +00:00

locksmith-forge.html

refactor: Simplify key generation by using generic names for keys in KeySelection

2025-10-28 14:26:52 +00:00

MIT-LICENSE

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

Rakefile

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

README_design.md

Add Codebase Review Document and Refactor Key Systems: Introduce a comprehensive review of the codebase organization, highlighting areas for improvement and recent refactoring successes. Refactor key-lock and unlock systems for better modularity and maintainability, consolidating logic into dedicated modules. Update relevant files and documentation to reflect these changes, ensuring a clearer structure and improved performance.

2025-10-12 23:11:32 +01:00

README_scenario_design.md

docs: Update room layout documentation and add comprehensive test scenarios

2025-11-17 08:49:50 +00:00

README.md

docs: Add comprehensive documentation

2025-11-21 15:27:54 +00:00

SCENARIO_FORMAT_FIXES.md

Implement Line-of-Sight (LOS) System for NPCs

2025-11-12 11:58:29 +00:00

SCENARIO_JSON_FORMAT_AUDIT.md

Implement Line-of-Sight (LOS) System for NPCs

2025-11-12 11:58:29 +00:00

scenario_select.html

Refactor scenarios: Remove deprecated XML files and update JSON scenarios with starting inventory items. Adjust room creation logic to prevent sprite creation for starting inventory items. Update scenario select paths for consistency.

2025-10-25 23:28:25 +01:00

server.py

feat(npc): Implement conversation state management and enhance NPC interaction features

2025-11-05 01:03:08 +00:00

test-auto-desktop.html

Update Minigame Framework: Replace references to 'minigames.css' with 'minigames-framework.css' across multiple HTML files for improved organization. Add new Google Font 'Pixelify Sans' to enhance typography in the game. Introduce new icon assets for better visual representation in various minigames, including search, disk, backpack, and clipboard icons. Update CSS styles for various minigames to enhance visual consistency and user experience.

2025-10-21 10:58:56 +01:00

test-container-desktop.html

2025-10-21 10:58:56 +01:00

test-container-interactive-items.html

2025-10-21 10:58:56 +01:00

test-container-minigame.html

Add Container Minigame: Introduce a new minigame for interacting with container items, including features for visual display, item interaction, and integration with the unlock system. Add CSS styles and test page for functionality. Update index.html and minigame manager to support the new minigame.

2025-10-13 11:53:07 +01:00

test-container-simple.html

2025-10-21 10:58:56 +01:00

test-keyboard-pause.html

feat: Implement keyboard input pause/resume functionality for minigames

2025-10-28 22:45:41 +00:00

test-los-visualization.html

Add Hostile NPC mode

2025-11-14 19:47:54 +00:00

test-notes-features.html

Add Notes Minigame: Implement interactive note display and inventory integration

2025-10-10 02:39:28 +01:00

test-npc-ink.html

Add NPC dialogue and interaction scripts

2025-10-29 13:48:22 +00:00

test-npc-interaction.html

Add Hostile NPC mode

2025-11-14 19:47:54 +00:00

test-password-minigame.html

2025-10-21 10:58:56 +01:00

test-person-chat-item-delivery.html

Add NPC sprite test scenario, server for development, and HTML test pages

2025-11-04 14:16:48 +00:00

test-phaser-lockpicking.html

Refactor minigame structure and styles: Update index_new.html to link to the new minigames-framework.css, add new lockpicking-comparison.html and locksmith-forge.html files for enhanced gameplay, and introduce dusting and lockpicking CSS files for improved styling. Update README_design.md for clarity on main.js functionality. Add new test-phaser-lockpicking.html for testing purposes. Enhance Bluetooth system with new functionality in bluetooth.js and interactions.js. Ensure game state management for notes and Bluetooth devices is consistent across the application.

2025-08-08 15:33:44 +01:00

test-phone-chat-minigame.html

feat: Implement voice messages in phone chat minigame

2025-10-30 02:45:05 +00:00

test-phone-minigame.html.old

refactor: Remove old phone-messages minigame and transition to phone-chat

2025-10-30 10:16:31 +00:00

test-pin-minigame.html

2025-10-21 10:58:56 +01:00

test-rfid-hex-generation.html

feat(rfid): Enhance hex generation with improved hash-based approach for realistic card data

2025-11-15 23:48:15 +00:00

test-text-file-minigame.html

2025-10-21 10:58:56 +01:00

TESTING_GUIDE.md

Implement global variable system for NPC conversations

2025-11-08 15:44:24 +00:00

verify-css.html

2025-10-21 10:58:56 +01:00

README.md

BreakEscape Rails Engine

Cybersecurity training escape room game as a mountable Rails Engine.

Features

24+ cybersecurity escape room scenarios
Server-side progress tracking with 2-table schema
Randomized passwords per game instance via ERB
JIT Ink script compilation for NPC dialogue
Polymorphic player support (User/DemoUser)
Pundit authorization
RESTful API for game state management
Session-based state persistence

Installation

In your Gemfile:

gem 'break_escape', path: 'path/to/break_escape'

Then:

bundle install
rails break_escape:install:migrations
rails db:migrate
rails db:seed  # Optional: creates missions from scenarios

Mounting in Host App

In your config/routes.rb:

mount BreakEscape::Engine => "/break_escape"

Usage

Standalone Mode (Development)

export BREAK_ESCAPE_STANDALONE=true
rails server
# Visit http://localhost:3000/break_escape/

Mounted Mode (Production)

Mount in Hacktivity or another Rails app. The engine will use the host app's current_user via Devise.

Configuration

# config/initializers/break_escape.rb
BreakEscape.configure do |config|
  config.standalone_mode = false  # true for development
  config.demo_user_handle = 'demo_player'
end

Database Schema

break_escape_missions - Scenario metadata (name, display_name, published, difficulty)
break_escape_games - Player state + scenario snapshot (JSONB)
break_escape_demo_users - Standalone mode only (optional)

API Endpoints

GET /games/:id/scenario - Scenario JSON (ERB-generated)
GET /games/:id/ink?npc=X - NPC script (JIT compiled from .ink)
GET /games/:id/bootstrap - Initial game data
PUT /games/:id/sync_state - Sync player state
POST /games/:id/unlock - Validate unlock attempt
POST /games/:id/inventory - Update inventory

Architecture

ERB Scenario Generation

Scenarios are stored as .json.erb templates and rendered on-demand with randomized values:

<%= random_password %> - Generates unique password per game
<%= random_pin %> - Generates unique 4-digit PIN
<%= random_code %> - Generates unique hex code

JIT Ink Compilation

NPC dialogue scripts compile on first request (~300ms):

Check if .json exists and is newer than .ink
If needed, run inklecate to compile
Cache compiled JSON for subsequent requests

State Management

Player state stored in JSONB column:

Current room and unlocked rooms
Inventory and collected items
NPC encounters
Global variables (synced with client)
Health and minigame state

Testing

rails test

License

MIT

Documentation

See HACKTIVITY_INTEGRATION.md for integration guide.

Languages

JavaScript 86.5%

Ink 7%

HTML 2.9%

CSS 2.5%

Ruby 0.9%

Other 0.2%