Preventing Direct Room Joining and Monitoring User Leaving in Socket.IO
The client-side socket.io library does not have the ability to .join()
a room. That ability is only in the server-side library (because that’s where the rooms are maintained) and thus the only place it can actually be processed.
So, the only way to join a room is to make your own message for a join request from client to server and process that message on the server on behalf of a given client which enables you to do any sort of checking you want before any client can join a particular room. As such, you should be safe the way you’re already doing it.
Similarly, there are only two ways that a client leaves a room. The first is when you process your own message and call .leave()
server-side so you can certainly monitor any time that happens since it’s your own server-side code calling .leave()
. The other way a client leaves a room is when the client disconnects and you can also monitor for disconnects in the server. Like with .join()
, the client cannot call .leave()
directly so you don’t have to worry about that.