Socket IO Rooms Tutorial (Backend part 1)
Вставка
- Опубліковано 30 вер 2024
- Get 1 on 1 mentorship with me! ▶▶▶calendly.com/c...
In this video I demonstrate the usage of socket io rooms. Socket io rooms, allows us to create separate channels which sockets can join, and send messages to. This allows us to create more fully feature chat applications similar to slack which have the ability to join multiple channels as well as allows us to send direct messages to other users.
slow down bruhh. M here to learn, but you're on a train.
You can just watch it slowed to x0.75, the video won't be that longer
I think it is not safe for the server to call a function passed by a client. That function could be anything. Moreover, you are revealing to the client that you are using a Javascript backend.
Damn, ussualy i speed these things up and had to check I hadnt increased playback speed, this guy talks fast! I like it!
me too 😂
I don't agree with you passing a callback function from the clinet side this is literally the most dangerous thing you can do because hackers
@Amir Moeen Rahmani well you see whet he does is he gets a function from the user and executes it on the backend but the user can put whatever malicious code he want in that function with that the hacker can: crash your backend, make a never ending loop preventing the backend from functioning properly, steal all the data he wants, and the list goes on. This dude is legit letting anyone send a function to the backend that will get executed even I with 0 hacking skills could crash his backend
This is the docs from socket.io talking about this approach. socket.io/docs/v3/emitting-events/
Scroll down to Acknowledgements
I should also mention that there is no risk here because this is not code that executes user code. A good example where one more worry about executing user code is with the common xss attack. For example, you have a blog, and then you have comments, now a user can make a comment have a script tag and then add their own javascript to this script which will execute on your website. This works because when you render a script tag, the code within executes.
In this case however, you are not taking user entered data and passing it along to an environment that can execute this code.
Hope this helps clear things up.
@@CodingWithChaim But can I not write a regular node script that will connect to the server and emit an event with the malicious function?
@@ЖукОбычниик When the server executes the callback provided by the client, it is essentially sending a message back to the client that triggers the client's function. The server does not run the client's code directly.
Seriously appreciate this. Idk if you're just on my wavelength but this makes the most sense out of the socket IO and rooms tutorials I've seen so far. You quickly and perfectly explain what you're doing and why you're doing it without going overboard, and even though I'm working on an app that's not the same as the chat you make in this tutorial, I'm actually able to follow along and pick out or edit as needed without losing functionality.
10:16 wouldn't that be insecure? Since people can modify the client javascript and execute another function?
if your function is e.g. `console.log` this will not trigger `console.log` on the server, just on the client. it's literally like emitting a response back containing the function name and arguments and the client calling the function, but it's a built-in thing to save you that client-side code
Thanks for the video. Really well explained!
One bit of constructive criticism though - I like the fast pace but at times it sounds like you're rushing and some words are hard to understand. I had to check I didn't have you set to 1.5x speed lol
Set speed to 0.75 and everything for me is now clear
You've totally nailed this socket io stuff! Looking forward to the client side part :)
Thank you! Well I certainly hope the client side part won’t disappoint
imagine him rapping :o
Hey Chaim! This was a magnificent video, thank you so much for putting this beauty together! 🏆🎊🙌🏽
I'd like to voice an educated guess: the client-side defined callback may be a security risk. I'm thinking that a highly motivated attacker could reverse engineer your build js file and alter the callback to do something malicious, and it will run on your server regardless. That's my immediate thought, but I'll have to watch the next video to see how you do the cb. I read it in the docs a few weeks ago but I didn't understand it then. Do you have an opinion on this?
Again, phenomenal explanation of the "rooms" concept! 💯😎
Great tutorial. Thanks a lot!
This is still such a good video, super useful.
Really great, but you speak too fast, I am native Hindi speaker and thank God UA-cam has this slow video speed feature 🙏🙏
Amazing Content...💕
Just Watch @ 0.75x Playback Speed...
Very cool! Thank you for doing these videos. Btw, I think the link to the code repository for this video is not correct.
thank you Chaim, can you please provide git source ?
That was awesome. Love that you speak fast.
Thank you very much. This is an amazing tutorial, very well explained. You helped me save a lot of time.
Really awesome tutorial!
I am kind of concerned about the security of letting the client send a callback function to run on the server though. I've just been getting deeper into security, so maybe I'm paranoid, but it seems very vulnerable to some sort of code injection?
Great content! Keep it on going :)
Thanks! Will certainly keep it going
great video! But man, you sound like a texan auctioneer
I thought my video was on 2x speed.
this is the first video where i need to slow down to 0.75
hablas rapidísimo, pensé que sabia ingles😅
didnt needed to make its speed faster
You can beat Eminem :)
Thanks a lot! By the way, cb(callback) is equal to ack. It may cause confusion because I am applying this in the java spring boot application and I couldn't find anything about the callback. So just i wanted to mention it. Thank you again :)))
1337. What a throwback ! Great pace for your vid. What do you do when you’re not making UA-cam vids, got a blog or something I can read?
pls where is the part two
I have a question. So basically, when user joins, you push its username and id to usernames array, which contains all users. But what happen if user leaves and his info still stays in array? I'm doing something simmilar with pushing room code which is a object with few details and users insde that room eg.
"123" = {leaderId: "", isLocked: false, sockets: []}
, but when all users leave, i want to destroy that room object, but idk how to do it properly, or is it even possible, or shoud I change whole system for better one, since Im still new to socketio?
Eminem?
What's the advantage of using express when you're also using socket?
Amazing! Keep the content flowing!
This is awesome but I have a question if I wanted to remove a user from channel(room) how can I do it??
Explanations are on point👌🏻 but damn I thought the video was sped up🤣
hey If I would like to access socket in another page like I have multiple controller, how can we pass it to different pages?
can you please slow down a little its quite fast for me tbh. otherwise video is very helpful.
bro is rapping
Very Well Explained!
You got a new subscriber,
Thanks.
in my website i cant use @t on multiple pages.
is it valid or not i am doing ?
why you dont use rooms of socket io ? socket io has a buided function
Great Content! Thanks! Subscribed! :)
Bruf he has surpassed Eminems level of speed speaking
Are u sure that you belong to this planet earth?
you make my adhd very happy
Haha happy to help
shalom
מדהים
It's the best explanation that I've seen
Can you do one with the twilio video rooms API, its easier
Can certainly take a peek into it
@@CodingWithChaim It would be great and quick in just 10min
this guy speaks so fast, i love it
Just adding a callback to the original socket message is genius. Far more elegant than having to respond with a whole new message. Thanks!
1337... My man.
You’re the first person to comment on this easter egg
9:16 dude's a rap god
awesome video 👍
Great video!!!
Awesome video. Incredibly lucid.
Great stuff. Thanks!
You might wanna add a beat in the background...it would also make a great rap improv....
Just saying....
Thanks again ! Cheers
Very nice video. Thank you a lot
You’re very welcome
always love your vids! would love to see you make more vids on javascript and react
Thank you! Do you have a specific topic in mind you’d like me to cover?
@@CodingWithChaim personally I would love to see a full react application using all the react features but as practical components something you would see in real life.
Would even be great as a separate course explaining the behind the good of the js side
Will you make any video on private chat ?
Would you mind elaborating a little more about what you mean?
@@CodingWithChaim Like there is a list of user in a chat room, but I would like to chat with an specific user. Private chat
This video covers that too
Sir, your server.js on github is empty, i wanna know how callback function works.
Great tutorial! Could you please update the github repo because the code from part 1 & 2 is not included. Best regards, evoq!
im trying to make a clone (on a small scale) of discord and believe me this really helped
Could you teach us how to deploy these apps on Heroku?
That was an awesome explanation.
Simply awesome! Quite easily, the best channel on youtube.
Thank you!!
Millions subscribers on the way. Great stuff as usual. 😊
Thanks! I sure hope so 😉
I agree! Great content!
new to programming here, but learning fast. This has been the best information so far and exactly what I've looked for! You explain everything in depth and it's really quite helpful, I'll be tuning in much more frequently from now on!
Glad you find the content helpful