Summary
Currently, any connected socket can trigger the start-stream event and create a live stream.
Problem
There is no authentication check inside the Socket.IO layer. This allows unauthenticated users to start streams.
Suggested Improvement
Integrate authentication validation into the WebSocket layer so that only logged-in users can initiate start-stream.
Possible approaches:
- Validate JWT token during socket connection
- Attach user data to
socket.user
- Check authentication before allowing
start-stream
Why This Matters
This improves platform security and prevents unauthorized stream creation.
Summary
Currently, any connected socket can trigger the
start-streamevent and create a live stream.Problem
There is no authentication check inside the Socket.IO layer. This allows unauthenticated users to start streams.
Suggested Improvement
Integrate authentication validation into the WebSocket layer so that only logged-in users can initiate
start-stream.Possible approaches:
socket.userstart-streamWhy This Matters
This improves platform security and prevents unauthorized stream creation.