Validate Checkpoint in ChangePack for PushPull API requests

[hackerwins]

Description:

When the Client calls the PushPull API and sends the request ChangePack, Checkpoint in the request may be tampered with due to various reasons such as network delays causing duplicate requests, new SDK bugs, or intentional tampering by malicious clients.

Therefore, it is beneficial for the stability and security of the system to validate Checkpoint.

Consider the following validation checks:

• Changes in the request ChangePack passed to PushPull API are created by a single Client, so Change.ID.Checkpoint.ClientSeq should increment sequentially by one.
• Checkpoint.ServerSeq in the request ChangePack for PushPull API cannot be greater than the server's Checkpoint.ServerSeq since it is set when the server saves the Change to the database.

If the Checkpoint is invalid, consider the following exception handling:

• If duplicate requests caused by network delays treat them as OK
• For other reasons, return INVALID_ARGUMENT

Why:

This validation will help ensure the integrity and security of the system.