Basic socket.io authentication

I have the following code to allow users to join a room to start chatting. 

server.on('connect', function(data) {
  nickname = prompt('What is your name?');
  server.emit('join', {name : nickname, room : $('#roomid').val()});
  $('#events').append('<li>Welcome, ' + nickname + '!</li>');
});

However, one concern I had is: what's preventing users from emitting 'join' with hundreds of usernames, spamming the chat room? I'm brand new to real-time programming, so I'm wondering what sort of techniques I can use to preventing this sort of behavior.

There's not really anything from stopping a user from doing this by default. You'll want to build in server-side security to handle this kind of thing; a good example is IRC, where some servers have systems set up which limits or disconnects users who get too spammy. Consider these options for additional logic on the server side:

  1. Limit a user (i.e. make it where the events they send are ignored) if they emit more than a certain number of events in a period of time; disconnect/blacklist them if they do it often or particularly excessively.
  2. Ignore events that are emitted in an unallowed state; for example, keep track of the connected socket's username somewhere (i.e. using socket.set), and if they send another join event, discard it.