Based on the description of your use case, I'd recommend you to use custom entities, which natively have the user access control (ACL) configured. And check out this article about some size limits on entities in case you haven't see it. http://help.getbraincloud.com/en/articles/3472603-what-are-the-size-limits-on-user-entities
Posts made by JasonL
RE: Shared Global Context for each CloudCode invocation?
RE: Pre Hook for Authenticate Or send Custom content
The authenticate API is not allowed a prehook, every API (including cloud code scripts) only can be called after the user authenticated.
RE: Saving global stats that are accessible with listFriends request.
To limit operations like IncrementExperiencePoints() to cloud code only. This will essentially take away the ability to make these calls from the bare client API. You can see a script that enforces these restrictions here - https://getbraincloud.com/apidocs/cloud-code-central/handy-cloud-code-scripts/restrictclientcalls-script/
Refer to another post below for more strategies you can apply to prevent cheating: https://forums.getbraincloud.com/topic/23/discussion-strategies-to-prevent-cheating-in-tournaments
RE: Shared Scripts not working
I copied your scripts to my app, tested, it works without any problem.
So, I guess you see the "getPremadeDeck_Dark_001 is not defined" from the editor warning when you hover over your cursor to the triangle warning icon? Actually, You can just ignore it or comment out the "use strict".
RE: NodeJS setup question
Can you provide us with more details of your use case regarding your web interface? if you can write some validation handle code on your web interface server, you still can call all of brainCloud Client-API, unless you want the API directly be called from your client app through your web interface server without any validation code for that, if that is the case, you will have to use S2S for that. https://www.npmjs.com/package/brainclouds2s, it's kind of complicated than using https://www.npmjs.com/package/braincloud