I started making a module to handle stats so I could easily substract from stamina when sprinting or adding stamina when I use a certain skill, and it should work for both clientside and serverside. The problem is that I have no idea on how to secure it: should I just make the module serverside only (put in serverscriptservice instead of replicatedstorage) so exploiters can’t see the script in it? What kinds of sanity checks should I do? Anything else?
I’m really bad with securing scripts, so anything related would help a lot, even if it has nothing to do with my module.
local Players = game:GetService("Players")
local IsServer = game:GetService("RunService"):IsServer()
local StatController = {}
StatController.__index = StatController
function StatController:Add(value)
if IsServer then
-- directly add to the stat
-- example taken from a test script (doesn't match with this one):
-- CharacterStats:SetAttribute("CurrentStamina", currentStamina - 3)
else
-- fire a remote with the value, then do the same stuff as above, but with sanity checks
end
end
function StatController:Sub(value)
if IsServer then
-- directly substract from the stat
else
-- fire a remote with the value, then do the same stuff as above, but with sanity checks
end
end
return {
new = function(player, statName)
if not player then error("Player missing.")
elseif not statName then error("Stat name missing.") end
if IsServer then
if Players:FindFirstChild(player.Name) then error("Invalid player.") end
else
player = Players.LocalPlayer
end
local _stats = player.Character.Stats
if not _stats:GetAttribute(statName) then error("Invalid stat.") end
local newStat = setmetatable({}, StatController)
newStat.Player = player
newStat.StatName = statName
return newStat
end
}