Real-Time Events (Socket.IO)¶
Documentation of the Socket.IO implementation, events, and broadcasting patterns.
Overview¶
The application uses Socket.IO v4.7.5 for real-time client-server communication. The current implementation is minimal — a basic broadcast hub that relays updates to all connected clients. There are no rooms, namespaces, or authentication middleware on socket connections.
Initialization¶
File: server.js (lines 109–135)
const io = require('socket.io')(server);
io.on('connection', function (socket) {
socketConnection = socket;
socket.on('disconnect', function () { ... });
socket.on('update', function (msg) {
io.emit('update', msg);
});
});
// Passed to routes via the App object:
var App = { db, server: app, socket: socketConnection };
The socket instance is stored in a module-level socketConnection variable and injected into the shared App object, making it available to all route handlers and the actions layer.
Events¶
Incoming (Client → Server)¶
| Event | Payload | Handler Location | Description |
|---|---|---|---|
connection |
Socket object | server.js:117 |
Client establishes WebSocket connection |
disconnect |
— | server.js:121 |
Client disconnects |
update |
msg (any) |
server.js:125 |
Client sends a data update; server re-broadcasts to all clients |
Outgoing (Server → Client)¶
| Event | Payload | Emitter Location | Scope | Description |
|---|---|---|---|---|
update |
msg (any) |
server.js:127 |
All connected clients (io.emit) |
Re-broadcasts client update to everyone |
Prepared but Unused¶
| Method | Event | Location | Scope |
|---|---|---|---|
emitDataToClient(data) |
update |
actions/actions.js:173–179 |
All clients except sender (socket.broadcast.emit) |
This method is defined in the generic CRUD actions class but is never called by any route handler.
Event Flow¶
┌─────────┐ ┌─────────┐ ┌─────────┐
│ Client A│ │ Server │ │ Client B│
└────┬────┘ └────┬────┘ └────┬────┘
│ │ │
│──── emit('update', msg) ────▶│ │
│ │ │
│ │── io.emit('update', msg) ──▶│
│◀── io.emit('update', msg) ──│ │
│ │ │
All connected clients receive the update, including the sender.
Architecture Details¶
No Authentication on Sockets¶
Socket connections have no middleware (io.use()) for token verification. Any client that can reach the server can connect and listen to all broadcast events.
No Rooms or Namespaces¶
- No
socket.join()/socket.leave()calls - No
io.of('/namespace')declarations - No
io.to('room')targeted broadcasts - All emissions are global to every connected client
Single Socket Reference¶
The socketConnection variable stores only the most recently connected socket. In multi-client scenarios, this means:
- App.socket always references the last client's socket
- The emitDataToClient() broadcast method would only work relative to the last connection
- The io.emit() pattern (used in the update handler) correctly broadcasts to all clients regardless
Integration Points¶
The socket is accessible in route handlers through the App object:
| Module | Access Pattern | Usage |
|---|---|---|
routes/routes.js |
App.socket |
Available but not actively used |
dashboard/routes/index.js |
App.socket |
Available but not actively used |
actions/actions.js |
self.socket (via constructor) |
emitDataToClient() defined but not called |
Current State¶
The Socket.IO implementation serves as prepared infrastructure rather than an actively-used feature. The only active behavior is the update event relay — clients can push arbitrary update messages that get broadcast to all other connected clients. This is likely used by the frontend to trigger UI refreshes when one user makes changes that others should see (e.g., content planner updates, scheduling changes).
Considerations¶
- No message validation — incoming
updatepayloads are not checked or sanitized - No connection auth — any client can connect without a token
- Global broadcast only — no per-account or per-user isolation
- Single socket reference — limits server-initiated targeted emissions
- No error handling — socket event handlers lack try/catch