d47eb03bce2305ba1bea9057c7caf96f03749888
Replace Flask-SocketIO + eventlet with python-socketio AsyncServer on an
ASGI app served by uvicorn (Python 3.14). The server is no longer started
as an import side-effect; `python -m app` runs uvicorn for dev and the
Docker image runs `uvicorn api:app`.
Bug fixes:
- create_game now mints a real uuid gid and returns it to the creator
(was hardcoded 'a').
- play_card resolves the player's hand and plays the selected Card (was
indexing a method and crashing).
Hardening:
- Identity binding: every action derives the seat from the connection
(sid -> {gid, order}); clients no longer pass a player number, closing
the hidden-cards cheat where any client could request any hand.
- Secure token-based reconnect (per-player secret token).
- disconnect handler marks players offline and drops empty games (no
more leaked games), notifying the room via player_connection.
- Guards for unknown gid, double start_game, and bad input; engine
exception messages are forwarded instead of swallowed.
- Lobby payload is public-only (no sids/tokens); game_status carries a
completed flag.
- /health endpoint via other_asgi_app; env-driven CORS and logging.
Infra:
- Dockerfile -> python:3.14-slim, uvicorn CMD, drop dead venv lines.
- requirements.txt -> python-socketio/engineio + uvicorn; drop eventlet,
Flask-SocketIO, Flask-Session.
- docker-compose: drop unused debugpy port and obsolete version key.
- Remove redundant start.py; gitignore /.venv.
Tests: test_socket.py drives the handlers (identity binding, lobby
privacy, reconnect, disconnect cleanup, error handling, play flow).
Full suite: 29 passing.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Description
kartova hra bridzik
Languages
Python
100%