VanishText More Info
This page documents the behavior of the current server and browser client implementation.
Runtime Overview
Section titled “Runtime Overview”VanishText consists of:
- An Express HTTP server (static frontend + middleware).
- A Socket.IO server (real-time chat events).
- Utility modules for user state and command handling.
Server startup flow:
- Load
.envwithdotenv.config(). - Resolve runtime flags from env vars.
- Configure cookie parser + auth middleware.
- Serve the bundled frontend assets.
- Start HTTP server and attach Socket.IO.
Server Entry (main server file)
Section titled “Server Entry (main server file)”Key imports
Section titled “Key imports”express: HTTP server and middleware.socket.io(Server): WebSocket transport and rooms.cookie-parser: readsreq.cookies.authfor protection mode.dotenv: injects environment variables.Readablefromstream: pipes fetched remote frontend assets.runCommand: handles/!command messages.utilities.js: username validation and room/user state helpers.
Important exported constants
Section titled “Important exported constants”ADMIN: system sender name used for unclaimable system messages.commandsEnabled: command feature switch.UsersState: in-memory user store wrapper.io: shared Socket.IO server instance.
HTTP middleware behavior
Section titled “HTTP middleware behavior”- If protection is disabled and request path is
/, requests are redirected to/chat.html. - For
/chat.html, access is allowed when:- protection is disabled, or
authcookie value exists inPROTECTION_PASSWORDS.
- Otherwise requests are redirected to
/.
Static frontend selection
Section titled “Static frontend selection”The server serves the local built-in frontend directory (frontend) by default.
Socket.IO Event Reference
Section titled “Socket.IO Event Reference”Server emits
Section titled “Server emits”| Event | Payload | When it is emitted |
|---|---|---|
config | { autoReconnect: boolean } | Immediately after client connects |
message | buildMsg(name, text) | System and chat messages |
userList | { users, room } | Room membership updates |
chat_image | { name, type, image, time } | Image message in a room |
activity | name | Typing indicator to other users |
Server listens
Section titled “Server listens”| Event | Expected payload | Main behavior |
|---|---|---|
enterRoom | { name, room } | Validates user, leaves previous room, joins new room, updates user list |
message | { name, text } | Filters dangerous substrings, executes /! commands, broadcasts message |
chat_image | { name, type, image } | Sends image to current room if image sharing enabled |
activity | name | Broadcasts typing activity to other room members |
disconnect | none | Removes user, broadcasts leave message, refreshes room user list |
Message and Name Validation
Section titled “Message and Name Validation”Name rules
Section titled “Name rules”- Reserved names are blocked (
SYSTEM,ADMIN, etc.). - Allowed characters are limited to
A-Z,0-9,_,-. - Validation happens on room join and message/image/activity events.
Message filtering
Section titled “Message filtering”Before message broadcast, text is lowercased and checked against a denylist containing:
- HTML tags such as
<script>,<iframe>,<img>,<style>, etc. - Event handler terms like
onerror,onclick,onload. - Dangerous attribute/protocol fragments (
src=,href=,javascript:,data:).
If blocked, the message is not emitted to the room.
Frontend Client Reference (chat page script)
Section titled “Frontend Client Reference (chat page script)”Core UI bindings
Section titled “Core UI bindings”- Message form submit -> emits
message. - Join form submit -> emits
enterRoom. - Message input keypress -> emits
activity.
Connection handling
Section titled “Connection handling”- On
connect: enables inputs and sets connected status text. - On
disconnect: disables image/message actions and shows disconnected status.
Rendering behavior
Section titled “Rendering behavior”messageevent:- own messages are right-aligned,
- other users are left-aligned,
- system messages use dedicated system style,
- command messages beginning with
/!are not displayed in chat list.
chat_imageevent:- reconstructs image Blob from payload,
- creates object URL and appends an
<img>preview to chat list.
userListevent:- displays up to 15 usernames and summarizes overflow (
and N more).
- displays up to 15 usernames and summarizes overflow (
activityevent:- tracks typing users with timeout-based cleanup,
- renders
is typing.../are typing...indicator.
Function Reference
Section titled “Function Reference”| Function | Location | Purpose |
|---|---|---|
buildMsg(name, text) | Server | Builds standardized chat payload with timestamp |
middleware(req, res, next) | Server | Redirect/auth gate for protected access |
showUsers(users, room) | Client | Creates compact user list display string |
stringtocolor(str) | Client | Assigns deterministic pseudo-random color to names |
Deployment Notes
Section titled “Deployment Notes”- In production (
NODE_ENV=production), Socket.IO CORS origin is disabled (false) by current config. - If commands should be disabled in production, ensure
ENABLE_COMMANDS=falseand enforce the check inside command execution paths.
Troubleshooting Quick Reference
Section titled “Troubleshooting Quick Reference”| Symptom | Likely cause | Check |
|---|---|---|
Redirect loop between / and /chat.html | Protection settings/cookie mismatch | ENABLE_PROTECTION, PROTECTION_PASSWORDS, auth cookie |
| Users cannot connect from external domain | CORS restriction in production | Socket.IO cors.origin and reverse proxy setup |
| Images do not send | Image feature disabled | ENABLE_IMAGES=true |
| Commands ignored | Commands disabled or filtered path | ENABLE_COMMANDS, runCommand integration |