A modern, scalable, and secure video conferencing platform for real-time communication
Features β’ Tech Stack β’ Quick Start β’ Setup β’ API Documentation β’ Security
Confera is a production-ready video conferencing application that enables seamless peer-to-peer and group video meetings with real-time communication. Whether you need to host team meetings, online classes, or webinars, Confera provides a robust and secure platform with advanced features like screen sharing, chat, meeting history, and guest access.
Many organizations struggle with finding a reliable, self-hosted video conferencing solution that doesn't depend on expensive third-party services. Confera provides:
- Cost-effective alternative to traditional video conferencing platforms
- Full control over your communication infrastructure
- Guest access without requiring user registration
- Meeting history tracking for audit and compliance needs
- Secure authentication with OAuth and encrypted tokens
- π’ Corporate Team Meetings - Host secure internal video meetings with employees
- π Online Education - Conduct virtual classes and tutoring sessions
- π€ Client Consultations - Provide video consultation services to clients via guest links
- π Webinars & Presentations - Stream presentations with interactive Q&A
- πΌ Remote Collaboration - Enable seamless distributed team collaboration
- React 19.2 - Modern UI library with hooks and functional components
- Vite 7.2 - Lightning-fast build tool and dev server
- Tailwind CSS 4.1 - Utility-first CSS framework for responsive design
- Socket.IO Client 4.8 - Real-time bidirectional communication
- React Router 7.11 - Client-side routing and navigation
- Axios 1.13 - HTTP client for API requests
- Lucide React - Beautiful, consistent SVG icons
- Styled Components 6.1 - CSS-in-JS for component styling
- Node.js with ES6 Modules - Modern JavaScript runtime
- Express 5.2 - Lightweight web framework
- Socket.IO 4.8 - WebSocket library for real-time features
- MongoDB with Mongoose 9.0 - NoSQL database with schema validation
- Passport.js 0.7 - Authentication middleware
- Google OAuth 2.0 - Social authentication integration
- Bcrypt 6.0 - Password hashing and security
- JWT & Crypto Tokens - Token-based authentication
- Helmet 8.1 - HTTP security headers
- Express Rate Limit 8.2 - DDoS protection and rate limiting
- CORS 2.8 - Cross-origin resource sharing
- Nodemon 3.1 - Development auto-reload
- MongoDB - Document-based NoSQL database
- Collections: Users (with meeting history) and Meetings
- npm - Package management
- Render - Cloud deployment platform (backend)
- Git - Version control
- High-quality peer-to-peer video with WebRTC integration
- Screen sharing capability for presentations and demos
- Audio controls - Toggle microphone with one click
- Video management - Enable/disable camera independently
- Multiple device support - Audio input/output device selection
- Secure user registration with bcrypt password hashing
- Google OAuth 2.0 integration for single sign-on
- Hex token-based authentication stored in MongoDB
- Guest access without requiring user accounts
- Rate limiting on all endpoints (15 auth attempts per 15 minutes)
- XSS protection and helmet security headers
- MongoDB data sanitization to prevent injection attacks
- Real-time text chat within video meetings
- Meeting code generation for easy sharing
- User presence indicators showing who's in the meeting
- Host controls for managing participants
- Meeting history tracking with timestamps
- Persistent meeting records for compliance and audit
- Meeting activity dashboard viewing user's past meetings
- Quick meeting join via meeting codes or URLs
- Responsive design works on desktop, tablet, and mobile
- Dark/Light mode support with Tailwind CSS
- Real-time notifications for user actions
- Clean, intuitive interface with Lucide icons
- Meeting participant list with user information
- One-click meeting code copy to clipboard
- Client-side rendering with React for fast interactions
- WebSocket communication for real-time updates
- STUN servers (Google's public STUN) for NAT traversal
- Optimized bundle size with Vite
- Lazy loading of components and routes
Confera/
β
βββ frontend/ # React application
β βββ src/
β β βββ components/ # Reusable UI components
β β β βββ Navbar.jsx # Navigation bar
β β β βββ Footer.jsx # Footer component
β β βββ pages/ # Page components (routes)
β β β βββ LandingPage.jsx # Public landing page
β β β βββ Authentication.jsx # Login/Register page
β β β βββ GuestJoin.jsx # Guest meeting access
β β β βββ Home.jsx # Authenticated home dashboard
β β β βββ VideoMeet.jsx # Video meeting room (2000+ lines)
β β β βββ History.jsx # User meeting history
β β βββ contexts/
β β β βββ AuthContext.jsx # Authentication state management
β β βββ hooks/
β β β βββ useSpeechRecognition.js # Speech-to-text hook
β β βββ layouts/
β β β βββ DashboardLayout.jsx # Dashboard layout wrapper
β β βββ utils/
β β β βββ withAuth.jsx # HOC for protected routes
β β βββ assets/ # Images, icons, media
β β βββ App.jsx # Main app component with routing
β β βββ App.css # Global styles
β β βββ main.jsx # React DOM entry point
β β βββ index.css # Base styles
β β βββ environment.js # Environment configuration
β βββ package.json # Frontend dependencies
β βββ vite.config.js # Vite build configuration
β βββ tailwind.config.js # Tailwind CSS configuration
β βββ postcss.config.js # PostCSS configuration
β βββ eslint.config.js # ESLint rules
β βββ index.html # HTML entry point
β
βββ backend/ # Node.js/Express server
βββ src/
β βββ config/
β β βββ passportConfig.js # Google OAuth strategy setup
β βββ controllers/
β β βββ authentication.js # Login/register/history logic
β β βββ SocketManager.js # WebSocket event handlers
β βββ middlewares/
β β βββ limiters.js # Rate limiting middleware
β βββ models/
β β βββ user.js # User schema (name, username, password, token, history)
β β βββ meeting.js # Meeting schema (meetingCode, date)
β βββ routes/
β β βββ authRoutes.js # Auth endpoints (login, register, OAuth)
β β βββ users.js # User endpoints (activity/history)
β βββ app.js # Express app setup & Socket.IO config
βββ package.json # Backend dependencies
βββ .env.example # Environment variables template
- frontend/src/pages/VideoMeet.jsx - The most complex component (~2000 lines), handles all video conferencing logic including WebRTC, local/remote streams, screen sharing, chat, and participant management
- backend/src/app.js - Central server file initializing Express, Socket.IO, middleware, routes, and database connections
- backend/controllers/SocketManager.js - Manages real-time event handling for join, signal, chat, disconnect
- frontend/src/contexts/AuthContext.jsx - Centralized auth state for token management and user data persistence
Before you begin, ensure you have the following installed:
- Node.js (v16 or higher) - Download
- npm (comes with Node.js)
- MongoDB (local or cloud instance) - MongoDB Atlas for free tier
- Git - Download
Create a .env file in the backend/ directory:
# Server Configuration
PORT=8000
NODE_ENV=development
# Database
MONGO_URI=mongodb+srv://username:[email protected]/confera?retryWrites=true&w=majority
# Frontend URL (for CORS and OAuth callback)
CLIENT_URL=http://localhost:5173
# Google OAuth Credentials (from Google Cloud Console)
GOOGLE_CLIENT_ID=your_google_client_id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your_google_client_secret
CALLBACK_URL=http://localhost:8000/auth/google/callbackThe frontend uses src/environment.js:
let IS_PROD = false; // Set to true for production
const server = IS_PROD ? "https://your-production-api.com" : "http://localhost:8000";
export default server;git clone https://github.com/yourusername/confera.git
cd conferacd backend
npm installcd ../frontend
npm installMongoDB Atlas (Cloud)
- Create a free account at MongoDB Atlas
- Create a new cluster
- Get your connection string
- Replace
MONGO_URIin.envwith your connection string
#### 5. Set Up Google OAuth
1. Go to [Google Cloud Console](https://console.cloud.google.com/)
2. Create a new project
3. Enable Google+ API
4. Create OAuth 2.0 credentials (Web application)
5. Add authorized redirect URIs:
- `http://localhost:8000/auth/google/callback` (development)
- `https://yourdomain.com/auth/google/callback` (production)
6. Copy Client ID and Client Secret to `.env`
#### 6. Start Development Servers
**Terminal 1 - Backend:**
```bash
cd backend
npm run dev
# Server runs on http://localhost:8000
Terminal 2 - Frontend:
cd frontend
npm run dev
# App runs on http://localhost:5173cd backend
npm startcd frontend
npm run build
# Creates optimized build in dist/
npm run previewPOST /auth/register
Content-Type: application/json
{
"name": "John Doe",
"username": "[email protected]",
"password": "securePassword123"
}
Response: 201 Created
{
"message": "User Registered Successfully."
}POST /auth/login
Content-Type: application/json
{
"username": "[email protected]",
"password": "securePassword123"
}
Response: 200 OK
{
"token": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
}GET /auth/google
# Initiates Google OAuth flow
GET /auth/google/callback
# Redirect from Google with authorization code
# Sets token and redirects to /home?token=<TOKEN>GET /api/v1/users/activity
Authorization: Bearer <TOKEN>
Response: 200 OK
[
{
"meetingCode": "XYZ123",
"date": "2025-12-28T10:30:00Z"
},
{
"meetingCode": "ABC456",
"date": "2025-12-27T14:15:00Z"
}
]GET /health
Response: 200 OK
OK// Client connects with token
socket = io(server_url, {
auth: { token: "hex_token_from_backend" }
});socket.emit('join-call', meetingCode);
// Server broadcasts 'user-joined' event with socket listsocket.emit('signal', targetSocketId, signalingMessage);
socket.on('signal', (senderSocketId, signalingMessage) => {
// Handle WebRTC signaling
});socket.emit('chat-message', messageText, senderName);
socket.on('chat-message', (messageText, senderName, senderId) => {
// Display message
});socket.on('user-left', (socketId) => {
// Remove user from participant list
});- Visit
http://localhost:5173/auth - Create new account or login with credentials
- Or use "Sign in with Google" for quick authentication
- After login, you're on the home dashboard
- Click "New Meeting" to create a new meeting
- Share meeting code with participants
- View your meeting history by clicking "History"
Meeting URL: http://localhost:5173/meeting/YOUR_MEETING_CODE
- Click to join or send link to others
- Share Screen: Click screen sharing icon (browser permission required)
- Chat: Open chat panel on the right
- Participant List: View all connected participants
- End Meeting: Click "Leave Meeting" button
- Navigate to
http://localhost:5173/guest - Enter your name
- Enter meeting code provided by host
- No account required
- No password needed
- Click "Join Meeting"
-
Password Hashing
- All passwords hashed with bcrypt (10 salt rounds)
- Never stored in plain text
- Verified during login with timing-safe comparison
-
Token Management
- Cryptographically secure tokens (20 random bytes β 40-char hex)
- Stored in MongoDB with user record
- Validated on every socket connection
- Cleared on logout
-
OAuth 2.0 Integration
- Secure Google OAuth flow with PKCE
- Email-based user lookup to prevent duplication
- Automatic token generation on successful auth
-
Rate Limiting
- Auth endpoints: 15 requests per 15 minutes per IP
- API endpoints: 150 requests per 15 minutes per IP
- Prevents brute force and DDoS attacks
-
HTTP Security Headers
- Helmet.js enables:
- CSP (Content Security Policy)
- HSTS (HTTP Strict Transport Security)
- X-Frame-Options (clickjacking protection)
- X-Content-Type-Options (MIME sniffing protection)
- Helmet.js enables:
-
CORS Protection
- Whitelist frontend origin in environment variable
- Specific allowed methods (GET, POST, PUT, DELETE)
- Credentials required for all requests
-
Data Sanitization
- Express-mongo-sanitize prevents NoSQL injection
- Removes
$and.characters from input data - XSS-clean middleware for HTML content
-
WebSocket Authentication
- All socket connections require token in handshake
- Invalid tokens result in connection rejection
- Guest access allowed with explicit role assignment
-
Event Validation
- Server validates all socket events
- Prevents unauthorized room access
- Checks user membership before broadcasting
-
Sensitive Configuration
β DO Store in .env: - Database credentials - API keys and secrets - OAuth credentials - JWT secrets - Port numbers β DON'T Store in .env: - Push to version control - Commit .env files - Share credentials - Use weak/default secrets -
Environment Separation
Development: http://localhost:8000 (local) Production: https://https://confera-h2oo.onrender.com (HTTPS only)
| Practice | Implementation | Status |
|---|---|---|
| Password Hashing | Bcrypt 10 rounds | β Implemented |
| Rate Limiting | Express-rate-limit | β Implemented |
| HTTPS | Recommended for production | |
| CORS | Whitelist origin | β Implemented |
| Input Validation | express-mongo-sanitize | β Implemented |
| XSS Protection | helmet + xss-clean | β Implemented |
| CSRF Protection | Same-site cookies | |
| Logging | Console (add Winston for prod) |
- Set
NODE_ENV=production - Use HTTPS/TLS certificates
- Enable MongoDB authentication
- Rotate JWT/Token secrets regularly
- Set strong, unique Google OAuth credentials
- Enable helmet CSP headers
- Configure HTTPS redirect
- Use environment secrets manager (AWS Secrets, HashiCorp Vault)
- Set up monitoring and alerting
- Regular security audits
- Keep dependencies updated (
npm audit fix)
Professional landing page with call-to-action and feature highlights
Login/Register form with Google OAuth option
Main dashboard showing quick meeting creation and recent meetings
Full-featured video conferencing interface with controls and participant list
Meeting history with dates, participants, and duration
Simple guest access interface without authentication
- WebRTC SFU - Selective Forwarding Unit for better scalability
- Janus/Kurento - Media server for advanced features
- Redis - Session management and caching
- Stripe/Razorpay - Subscription and payment handling
- Twilio - Phone dial-in and fallback
- Docker & Kubernetes - Containerization and orchestration
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow ESLint configuration
- Write clear commit messages
- Test thoroughly before submitting PR
- Update documentation for new features
- Add comments for complex logic
This project is licensed under the ISC License - see the LICENSE file for details.
ISC License
Copyright (c) 2025 Piyush Prajapati
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
Piyush Prajapati - Full Stack Development(MERN)
Contributions and feedback from the community are appreciated!
- π§ Email: [email protected]
- π Issues: GitHub Issues
- π Website: https://confera-h2oo.onrender.com/
- Create account on Render
- Connect GitHub repository
- Create new Web Service
- Set environment variables in dashboard
- Deploy automatically on push
- Connect GitHub to Vercel
- Select frontend directory
- Set production API URL
- Deploy
- Google OAuth - Secure authentication
- WebRTC - Real-time peer communication
- Socket.IO - Real-time event handling
- MongoDB - Reliable data persistence
- React & Vite - Modern frontend tooling
- Tailwind CSS - Beautiful styling
Last Updated: December 28, 2025
Status: β Production Ready | π¦ v1.0.0 | π Actively Maintained
Made with β€οΈ by Piyush Prajapati
β If you find this project helpful, please star it on GitHub!