ReportService (Discord to Roblox Admin Service)

TL;DR? Votekick turned up to the max.

As an extension of a framework for my passion project, I’ve created a service that I call “ReportService.” The purpose of this service is to, in-game, allow users to be able to report misbehaving players. This could be because these players are exploiting, or that they’re being mean, or just generally are being unruly - a form of a votekick system, but with moderation in mind.

I should explain that I was going to write about this in what are you working on currently, but after realizing that I was quickly surpassing multiple paragraphs just explaining this thing, I figured it was better it deserve it’s own post.

I’ve thought about releasing this, but in it’s current progression, there’s too much that it hangs onto other than itself for it to be easily used by the public. I may work to do something about this in the future.

Anyways, to preface the video, I should explain the handful of things I have working in my framework in order to make this system work:

- A MongoDB Database
- A Webserver with REST API (using JavaScript)
- Custom asynchronous Roblox API budget manager
- Handmade Report UI
- Discord / Discord Webhooks

Obviously this system goes way over the line of overkill when it comes to in-game security, but after all, it is my passion project, and something I tinker on in my free time before I go back to work and school. In this state, it’s neither finished nor entirely usable, as there’s no finished product to what you can yet do with the data you’re given (i.e. overwatch-type system, administrative data viewing tools, et cetera).

Moving on, here’s the showcase of the system at work:

Please let me know your thoughts and opinions on the system!

Any questions on the things I used to get it to work?
Would would you expect out of this system?
What could be a useful feature of something like this?

Thanks for reading and sorry if it was a bit long! I can talk a lot.

Looks awesome, especially the design. I’m sure this would be very useful for plenty of individuals, and I would love to make use of it myself if released publicly in the future.

i expect a debounce for this otherwise it will be spammed a lot
it’s a great though

There’s both client-sided and server-sided rate ratelimiting. Thanks!

This is cool, but if you have a popular game with many players sending reports to discord, discord can‘t handle too much and will ban your account. Still, it‘s great and nice.

When you send a request to Discord’s webhooks, they return a header that tells you how much you have left before you’re being rate-limited. I believe it’s something like “x-ratelimit-bucket” that you have to pay attention to.

Using this from your HttpService response and managing your webhook sends is probably an easy thing to bypass. Especially if instead, I decided to use my webserver to send the initial webhooks, rather than to just send when the MongoDB database has saved data.

Definitely something to consider, though.

seems really cool, excited for the release

Looks great! Our game will need better security! Want a job?

As it is this seems like a pretty clean cut and easy to use solution but the fact that a moderator still needs to manually join every server with a report still nags me.

What would be cool is a Discord to Roblox interaction. In some instances a game moderator would not even need to join the game to know the player is deserving of a kick or ban - in those cases would it not be nice for the mod to immediately be able to interact with the discord message and start a kick or ban? Perhaps reacting to a message with a checkmark or X mark resulting in a kick/ban. Of course the problem is you cant host an API on a roblox server so you would have to store the kick/ban info externally and have the game poll that external storage somehow.

Wow, This is great may I ask. How did u do getting the server and a quick join link?

Yeah, there’s currently no actual moderation tools to be used for this service yet - I guess I felt kind of eager to show off.

One of the basic heuristics I used for this is the “speed” data point. Basically, if you take position data point n and get the delta magnitude between that point and point (n - 1), do that for all points, sum them together, and average that number by the number of points, you’ll receive an average magnitudinal speed for the user. It’s a good face-level heuristic, but definitely not as in-depth as something like a frame by frame playback of every position the player held.

For example, if a user’s speed was over 9000 and I had nothing in the game that would allow a user to move that fast, I would assume they’re flying and ban them on the spot.

As for actually enacting moderation without going into a game, for this case, my next todo item is to create a poll HttpService GET request every 5 seconds or so for Discord commands sent by moderation to the MongoDB database. This would include the commands to ban users from games and potentially in-game, as well as the potential for a mute command and really, any other administration command to be had.

This would require an actual Discord bot, or maybe just more application to my webserver (which would then probably require a login system… hmmm…) that would include an admin panel of sorts. I’d prefer using Discord more, to be honest; even if it is more layers. It’ll just look nicer.

To expand further on the entirety of the framework, I’d save these changes two-fold, both in a user’s data using Roblox’s DataStoreService, as well as on the MongoDB in an efficient collection of banned and/or muted users, incase DataStores go down at any point in time.

Sure! Glad to answer.

The Server field in the Discord embed is the JobId of the server. You can read more about that and what it is and what it’s used for here.

Separately, I should probably warn that I do not recommend doing this unless you know what you are doing, but the “Quick Join Link” field is actually a line of JavaScript code that is meant to be ran in the address bar.

The reason I don’t recommend doing this is that there are specific safeguards built into most, if not all browsers that do not allow you to copy and paste JavaScript code into your address bar, and instead have you manually type “javascript:” before pasting and running the code itself when you press enter in order to safeguard against general attacks like cookie logging, cross-site exploitation, and other means of basically wronging unknowing individuals.

It should go without saying that you should not run JavaScript in your address bar unless you know what it does and you know what you are doing.

The Quick Join Link, when used on the Roblox site, uses the game’s PlaceId and the specific report server’s JobId in order to specify to your browser and run the same code that Roblox runs when you click the play button on a game. Running that will join a specific server of your choosing. This has proven helpful for me in the past when debugging issues with specific servers in my games, as well as finding specific individuals to follow without having to search through 12 pages of servers on a popular game.

I feel like leaving it as-is will be more useful for developers who want to implement their own moderation tools. The idea of using Discord to moderate users is pretty repetitive but this implementation is creative and straight-forward.

Overall great work.

Very cool! I could see this system being useful for bug reports or other user feedback as well.

How does that Quick Join Link work? I’d like to get a bit more information on that.