Only allow messages from the same IP address

[grilme99]

I don't think engine.io currently does this, but I want to prevent someone from sending messages to a socket when they don't have the same IP address as the initial request. How can I accomplish this?

[ghost]

I don't believe that you can do this with vanilla Socket.io, but however, there is a package called ip that is a great source to use for this. You can run a user's IP address by saying 'ip.address()' and it should return the IP address of the user's WiFi router. In the backend such as Node.js, when the user requests to post something, you can compare an incoming IP to one stored in a database.
const ip = require('ip') console.log(ip.address())

Terminal:
Example: '127.0.0.1'

[darrachequesne]

You can add a 'message' handler, and check the address (only in XHR polling, as this isn't needed for WebSocket):

server.on('connection', (socket) => {
  socket.on('message', () => {
    if (socket.transport.name === 'polling') {
      const initialAddress = socket.remoteAddress;
      const currentAddress = socket.transport.req.socket.remoteAddress;

      if (initialAddress !== currentAddress) {
        socket.close();
      }
    }
  });
});