I can alterate socket.on events with the console. Any help?

[DrFrankxio]

Describe the bug
The bug is, when i enter a value in the console like this:

setInterval(()=>{
    socket.on("pack",(e)=>{
        camera.position.x--
    })
},1)

The camera goes at a inhuman velocity to -X orientation.

Server

const express = require('express')
const app = express();
const server = require('http').createServer(app);
const io = require('socket.io')(server);

app.get('/', (req, res) => {
  res.sendFile(__dirname + '/public/index.html')
})
app.use(express.static('public'));

distance=(obj1,obj2)=>{
  return (((obj1.x-obj2.x)**2+(obj1.y-obj2.y)**2+(obj1.z-obj2.z)**2)**0.5)
}

players={}

io.on('connect', (socket) => {
  socket.id = Math.random();
  players[socket.id] = {
    socket: socket.id,
    x: 0,
    z: 0,
    walkSpeed: 0.1,
    pressingRight: false,
    pressingLeft: false,
    pressingUp: false,
    pressingDown: false,
    health:10000,
  };

  socket.on('angle', (e) => {
    if(players[socket.id].health>0){
      players[socket.id].xa = e.x;
      players[socket.id].ya = e.y;
    }
  });

  socket.on('keyPress', function (data) {
    if (data.inputId === 'left') players[socket.id].pressingLeft = data.state;
    else if (data.inputId === 'right') players[socket.id].pressingRight = data.state;
    else if (data.inputId === 'up') players[socket.id].pressingUp = data.state;
    else if (data.inputId === 'down') players[socket.id].pressingDown = data.state;
    else if (data.inputId === 'attack') players[socket.id].pressingAttack = data.state;
  });

  // Mover al jugador basándote en el estado de las teclas presionadas
  setInterval(() => {

    socket.emit("health",{health:players[socket.id].health})

    if(players[socket.id].pressingLeft&&players[socket.id].health>0){
      players[socket.id].x+=players[socket.id].walkSpeed*Math.cos(players[socket.id].xa)
      players[socket.id].z-=players[socket.id].walkSpeed*Math.sin(players[socket.id].xa)
    }
    if(players[socket.id].pressingUp&&players[socket.id].health>0){
      players[socket.id].x+=players[socket.id].walkSpeed*Math.sin(players[socket.id].xa)
      players[socket.id].z+=players[socket.id].walkSpeed*Math.cos(players[socket.id].xa)
    }
    if(players[socket.id].pressingRight&&players[socket.id].health>0){
      players[socket.id].x-=players[socket.id].walkSpeed*Math.cos(players[socket.id].xa)
      players[socket.id].z+=players[socket.id].walkSpeed*Math.sin(players[socket.id].xa)
    }
    if(players[socket.id].pressingDown&&players[socket.id].health>0){
      players[socket.id].x-=players[socket.id].walkSpeed*Math.sin(players[socket.id].xa)
      players[socket.id].z-=players[socket.id].walkSpeed*Math.cos(players[socket.id].xa)
    }

    if (players[socket.id].pressingAttack && players[socket.id].health > 0) {
      for (i1 in players) {
        if (i1 !== socket.id){     
          for (let i2 = 5; i2 < 10; i2 += 0.1) {
            const check_x = players[socket.id].x + i2 * Math.sin(players[socket.id].xa) * Math.cos(players[socket.id].ya);
            const check_y = 0
            const check_z = players[socket.id].z + i2 * Math.cos(players[socket.id].xa) * Math.cos(players[socket.id].ya);

            if (distance({x:players[i1].x,y:0,z:players[i1].z}, { x: check_x, y: 0, z: check_z }) < 1) { // Rango ajustado
              players[i1].health-=20;
            }
          }
        }
      }
    }
    socket.emit("eval", { code : `
      light.intensity=Math.sin(`+time+`/500)*4/10+6/10
      sun.position.set(0,800*Math.sin(`+time+`/500),800*Math.cos(`+time+`/500))
      moon.position.set(0,400*Math.sin(`+time+`/200),400*Math.cos(`+time+`/200))
      scene.background = new THREE.Color("rgb(0,"+Math.floor(light.intensity*127)+","+Math.floor(light.intensity*255)+")")
    ` })
    socket.emit('pack', { x: players[socket.id].x, z: players[socket.id].z });
    socket.emit('all', { all: players });

  }, 1000 / 60); // 60 FPS
});

server.listen(8000, () => {
  console.log(`Servidor escuchando en el puerto 8000.`);
});

time=0
setInterval(()=>{
  time++
},1000/60)

Socket.IO client version: x.y.z

Client

import { io } from "socket.io-client";

const socket = io("ws://localhost:3000/", {});

socket.on("connect", () => {
  console.log(`connect ${socket.id}`);
});

socket.on("disconnect", () => {
  console.log("disconnect");
});

Expected behavior
I want to block any attack from the console or cheat engine or another program or thing...

Platform:

• Windows 11 Home 64 Bits

Additional context
Add any other context about the problem here.

[Shaheryarkhalid]

I think the issue might be with the way you are checking for socket.on("pack" ...) event.

setInterval(()=>{
socket.on("pack",(e)=>{
camera.position.x--
})
},1)

You do not need to use setInterval. Because once socket.on("pack" ...) is called, it will automatically look for "pack" event. Calling this socket event every millisecond is not just a waste of resources but it might also be causing the issue. just call "pack" event like this

socket.on("pack",(e)=>{
camera.position.x--
});

If must add a delay use setTimeout like below. This will ensure that there is a delay before code runs and once timeout is reached and code runs. Socket io event will take over and after that any time "pack" event is emitted it will do whatever you want to do.

setTimeout(()=>{
socket.on("pack",(e)=>{
camera.position.x--
})
},1)