prevent clients sending messages socket.io

Question

I'm wondering how to prevent connected clients hack into code and send messages.

nodejs server code:

var app = require('express')();
var http = require('http').Server(app);
var io = require('socket.io')(http ,{serveClient: false});
var port = process.env.PORT || 3000;
var request = require("request")
var url = "http://localhost/api/index.php";
events = require('events'),
    serverEmitter = new events.EventEmitter();
app.get('/', function(req, res){
    res.sendFile(__dirname + '/index.html');
});


io.on('connection', function(socket){


    request({
        url: url,
        json: true
    }, function (error, response, body) {

        if (!error && response.statusCode === 200) {
            io.emit('chat message', body);
        }
    });


});


http.listen(port, function(){
    console.log('listening on *:' + port);
});

I'm using webSocket to keep users up-to-date with currencies prices. I would like to prevent users sending data to other clients.

Answer 1

Steps involved in a client to client interaction. For simplicity, I'm using a custom socket event name as 'chat'

1. A client emits an event 'chat'
2. Server listens for the 'chat' event and gets the message
3. Server then emits a 'chat' event to send the message
4. The appropriate client(s) listens for 'chat' and receives the message

Every message passes through your server.So you can restrict any client to client interaction.

---

Also, the socket.io (written in the question) sends currency prices to all connected clients everytime a new client connects. Instead, send prices when a client connects through GET request.Then send updated prices whenever the price gets updated.

Replace your socket code with your new code that follows the above pattern