This document explains how real-time features are implemented using Socket.IO, including order updates, delivery tracking, and role-based communication.

The platform involves multiple actors interacting simultaneously:

• Customers waiting for order updates
• Restaurants updating order status
• Delivery partners sharing live location

Polling would:

• Increase server load
• Waste bandwidth
• Add latency

Socket.IO enables low-latency, event-driven communication.

• Socket.IO (WebSocket + fallback)
• Redis (session-based auth support)
• Rooms-based event routing

Client (Browser / Mobile)
      ↕ WebSocket
Socket Server (Node.js)
      ↕
Business Logic + DB

Sockets run alongside Express, not inside controllers.

Sockets use session-based authentication, not JWT.

1. User logs in via HTTP
2. Session stored in Redis
3. Socket handshake includes cookies
4. Server validates session
5. Socket connection accepted

• Same auth rules for HTTP & sockets
• Device-level session control
• Secure role-based access

Rooms are the backbone of scalability.

Note: Role-prefixed rooms are used for clarity. Internally, this can also be abstracted as a generic user:{userId} room.

customer:{userId}

Used for:

• Live Delivery Boy Tracking
• Order updates

Event:

order:status_changed

Payload:

{
  "orderId": "abc123",
  "shopName": "Awadhi Kitchen",
  "previousStatus": "ready",
  "newStatus": "out_for_delivery"
}

Handled by:

• Toast notification
• Optional query invalidation

Event:

delivery:location_update

Emitted every few seconds while delivering.

1. Delivery app emits location
2. Socket server broadcasts
3. Customer receives updates
4. Map re-renders marker

• Throttled updates
• Distance-based emit control
• Battery-friendly

• useCustomerSocket
• useCustomerOrderSocket

Benefits:

• Clean layout components
• Reusable logic
• Controlled side-effects

Instead of heavy UI updates:

• Toast notifications for most events

Only user-facing lifecycle changes are emitted.

• Events are stateless
• API remains source of truth
• Socket events enhance UX only

If an event is missed:

• HTTP fetch resolves correct state

Horizontal scaling ready.

Socket Server 1
Socket Server 2
Socket Server 3
        ↕
      Redis

Supports:

• Redis adapter
• Multi-instance broadcasting

• Invalid session → socket disconnected
• Unauthorized room join → rejected
• Network failure → auto reconnect

• No sensitive data in events
• Auth verified before room join
• Role-based room access
• Server-side validation enforced

• Scalable
• Secure
• Battery-efficient
• Low latency
• Clean separation of concerns
• Easy to debug