not secure, current implementation passes username from frontend

[aaayushsingh]

anyone user can send a message with any alias

$(".chat-message button").on("click", function(e) {
        var textareaEle = $("textarea[name='message']");
        var messageContent = textareaEle.val().trim();
        if (messageContent !== "") {
          var message = {
            content: messageContent,
            username: username,
            date: Date.now()
          };

          socket.emit("newMessage", roomId, message);
          textareaEle.val("");
          app.helpers.addMessage(message);
        }
      });

any user can thus pass any username

[OmarElgabry]

Absolutely. I didn't mention Its meant to be secured.