yass/server.js

const express = require("express");
const app = express();
const http = require("http");
const server = http.createServer(app);
const { Server } = require("socket.io");
const io = new Server(server);

// Password setting via environment variable, defaulting to "secret"
const BROADCASTER_PASSWORD = process.env.BROADCASTER_PASSWORD;
const TURN_USER = process.env.TURN_USER || 'myuser';
const TURN_PASSWORD = process.env.TURN_PASSWORD || 'mypassword';
let broadcasterSocketId = null;

// Serve TURN credentials to clients
app.get('/turn-config', (req, res) => {
    res.json({ username: TURN_USER, credential: TURN_PASSWORD });
});

app.use(express.static("public"));

io.on("connection", (socket) => {
  console.log("a user connected:", socket.id);

  // When the broadcaster starts sharing
  socket.on("broadcaster", (password) => {
    if (password !== BROADCASTER_PASSWORD) {
      socket.emit("authError", "Invalid broadcaster password.");
      return;
    }
    broadcasterSocketId = socket.id;
    socket.broadcast.emit("broadcaster");
  });

  // When a viewer joins — notify ONLY the broadcaster, not all sockets
  socket.on("viewer", () => {
    if (broadcasterSocketId) {
      socket.to(broadcasterSocketId).emit("viewer", socket.id);
    }
  });

  // WebRTC Signaling
  socket.on("offer", (id, message) => {
    if (socket.id !== broadcasterSocketId) return; // Prevent hijacking
    socket.to(id).emit("offer", socket.id, message);
  });

  socket.on("answer", (id, message) => {
    socket.to(id).emit("answer", socket.id, message);
  });

  socket.on("candidate", (id, message) => {
    socket.to(id).emit("candidate", socket.id, message);
  });

  socket.on("disconnect", () => {
    console.log("user disconnected", socket.id);
    socket.broadcast.emit("disconnectPeer", socket.id);
  });
});

const PORT = process.env.PORT || 3000;
server.listen(PORT, () => {
  console.log(`listening on *:${PORT}`);
});