A full-stack real-time video conferencing web app built with React, Node.js, Socket.IO and WebRTC. Create instant meetings, invite anyone with a link, and collaborate with video, audio, chat, screen sharing and reactions β all in the browser.
- Video & Audio Calls β Multi-user real-time video calls using WebRTC peer-to-peer mesh networking (up to 6 participants)
- Perfect Negotiation β Collision-safe WebRTC signaling following the W3C Perfect Negotiation pattern
- Screen Sharing β Share your screen with a single click, switch back to camera seamlessly
- In-Meeting Chat β Public group chat with message history replay for late joiners
- Private DMs β Send direct messages to individual participants mid-call
- Emoji Reactions β Floating emoji reactions visible to all participants
- Raise Hand β Signal the host without interrupting
- Cam / Mic Controls β Toggle camera and microphone independently, with live status shown to peers
- Dark / Light Mode β Persistent theme toggle
- Authentication
- Email & password (bcrypt hashed)
- Google OAuth 2.0
- Fingerprint-based guest access (1 free meeting)
- Meeting History β Browse and rejoin past meetings (90-day TTL)
- Duplicate Join Prevention β Same account can't join the same meeting twice
- Host Controls β Host can end the meeting for all participants
- Responsive UI β Works on desktop and mobile browsers
| Technology | Purpose |
|---|---|
| React 18 | UI framework |
| React Router v6 | Client-side routing |
| Socket.IO Client | Real-time signaling |
| WebRTC (native) | Peer-to-peer video/audio |
| Material UI v5 | Component library |
| Axios | HTTP client |
| Technology | Purpose |
|---|---|
| Node.js (ESM) | Runtime |
| Express 5 | HTTP server |
| Socket.IO 4 | WebSocket signaling server |
| Mongoose 9 | MongoDB ODM |
| JWT | Authentication tokens |
| bcrypt | Password hashing |
| Helmet | Security headers |
| express-rate-limit | Brute force protection |
| Google Auth Library | OAuth token verification |
| Technology | Purpose |
|---|---|
| MongoDB Atlas | Users, rooms, meeting history |
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend (React) β
β Landing β Auth β Home β VideoMeet β History β
β AuthContext Β· ThemeContext Β· environment.js β
ββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββ
β REST (Axios) + WebSocket (Socket.IO)
ββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββ
β Backend (Express + Socket.IO) β
β /api/v1/users Β· /api/v1/rooms β
β user.controller Β· room.controller Β· socketManager β
β JWT middleware Β· rate limiting Β· Helmet β
ββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββ
β Mongoose
ββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββ
β MongoDB Atlas β
β Users Β· Rooms (24h TTL) Β· Meetings (90d TTL) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
WebRTC: Direct P2P between browsers (STUN: Google public servers)
- Node.js 18+
- MongoDB Atlas account (or local MongoDB)
- Google Cloud project with OAuth 2.0 credentials (optional)
git clone https://github.com/your-username/MeetOn.git
cd MeetOncd backend
npm install
cp .env.example .env
# Fill in your values in .env
npm run devbackend/.env
MONGO_URI=your_mongodb_atlas_uri
JWT_SECRET=your_long_random_secret
JWT_EXPIRES_IN=7d
PORT=8000
ALLOWED_ORIGIN=http://localhost:3000
GOOGLE_CLIENT_ID=your_google_client_id # optionalcd frontend
npm install
cp .env.example .env
npm startfrontend/.env
REACT_APP_SERVER_URL=http://localhost:8000
REACT_APP_GOOGLE_CLIENT_ID=your_google_client_id # optionalVisit http://localhost:3000
- New Project β Deploy from GitHub β set root to
backend/ - Add all env vars from
backend/.env.example - Settings β Networking β Generate Domain
- New Project β Import repo β set root to
frontend/ - Framework: Create React App
- Add env vars:
REACT_APP_SERVER_URL=https://your-backend.railway.app REACT_APP_GOOGLE_CLIENT_ID=your_google_client_id
- Update
ALLOWED_ORIGINon Railway to your Vercel URL - Add your Vercel URL to Google OAuth authorized origins
- MongoDB Atlas β Network Access β allow
0.0.0.0/0
MeetOn/
βββ backend/
β βββ src/
β β βββ controllers/
β β β βββ user.controller.js
β β β βββ room.controller.js
β β β βββ socketManager.js
β β βββ middleware/
β β β βββ auth.js
β β βββ models/
β β β βββ user.model.js
β β β βββ room.model.js
β β β βββ meeting.model.js
β β βββ routes/
β β β βββ users.routes.js
β β β βββ rooms.routes.js
β β βββ app.js
β βββ .env.example
β βββ package.json
β
βββ frontend/
βββ src/
β βββ contexts/
β β βββ AuthContext.jsx
β β βββ ThemeContext.jsx
β βββ pages/
β β βββ VideoMeet.jsx
β β βββ home.jsx
β β βββ authentication.jsx
β β βββ history.jsx
β β βββ landing.jsx
β βββ utils/
β β βββ environment.js
β βββ App.js
βββ .env.example
βββ package.json
- JWT verified at both HTTP and Socket.IO handshake layers
- Anti-enumeration: identical error for wrong username or wrong password
requireFullAccountmiddleware blocks guests from protected routes- Rate limiting on all auth, guest, and profile endpoints
- Helmet security headers (COEP disabled for WebRTC compatibility)
- bcrypt password hashing (10 rounds)
- NoSQL injection protection via mongo-sanitize
- Duplicate session prevention β same account can't join the same room twice
- No TURN server β calls may fail between users on strict symmetric NAT (corporate/mobile networks). Planned for a future release.
- In-memory socket state β room state resets on server restart. Redis pub/sub needed for horizontal scaling.
- Mesh WebRTC β capped at 6 participants. SFU architecture (e.g. mediasoup) needed for larger calls.
Rashi-AI7