Validate roomId in WebRTC signaling handlers

[shishir-21]

Summary

The signaling handlers (offer, answer, ice-candidate) destructure roomId but do not validate it against active streams.

Problem

The server does not verify:

• Whether the room exists
• Whether the socket belongs to the room

Suggested Improvement

Before forwarding signaling messages, validate:

• activeStreams.has(roomId)
• socket.rooms includes the room

This would improve robustness and security.

[gbowne1]

This will not work without PR #61 and or #68 to the master branch

[shishir-21]

@gbowne1

Thanks for the clarification.

I understand that this validation depends on the complete live stream implementation from #61 and #68.

We can revisit this validation once the core streaming functionality is merged into master to avoid overlap or duplication.

The goal is to ensure signaling handlers properly validate room membership for robustness and security once the architecture is finalized.

[gbowne1]

@shishir-21

I just now merged #61.. so now #68 will need review and merging.

I did clean up the PR with fixes but it's still kinda dirty

CI still failed

[gbowne1]

Io think the core of this issue is fine but let's see where the dust settles after a few PRs that are left (still need either rebase or reviews)

Because this project is still kinda fragile I want to only merge if theres at least 2 reviews beyond mine unless it's an Emergency fix.

[shishir-21]

@gbowne1
Thanks for the update.

Since you mentioned the PR is still a bit dirty, do you think it would be better to:

Rebase and clean it incrementally in this PR, or

Split it into smaller focused PRs (e.g., backend Socket.IO integration vs frontend chat UI)?

I’d be happy to help with cleanup or conflict resolution — just let me know the preferred direction.