the create > share > join flow is probably the first thing I should validate. If people can’t get someone into the room smoothly, nothing else matters.
- Built using Node + WebSockets
- All chat messages exist only in server memory per room
- When a room expires (10 minutes after first join), the server destroys its in-memory data structure and disconnects clients
- No logs of message bodies (explicitly disabled)
- No database writes for messages; only permanent-room metadata is stored
- Simple per-connection rate limiting to prevent abuse
- Free rooms = 10 minutes, paid rooms = permanent URL with ephemeral messages
- Paid flow uses Stripe; confirmation → claim-room pattern
I’m particularly interested in feedback on:
- Whether 10 minutes is too short/long
- Any privacy or anonymity pitfalls I may be missing
- How to improve reliability / reduce edge case failures
- Whether the paid model makes sense / feels ethical
the create > share > join flow is probably the first thing I should validate. If people can’t get someone into the room smoothly, nothing else matters.
really appreciate the feedback!!