← Projects Live · movietq.com

Movie Games

A real-time multiplayer movie game. Players join rooms and race to identify films across multiple game modes.

Play free Game modes
Bomb-It demo
Alex 0 pts
name a movie with F difficulty 1
Maya 0 pts

Bomb-It · demo

Game modes

Race

Trailer Quiz

A trailer clip plays for everyone in the room at the same moment. First to type the correct title takes the round.

  • The host sets the genre, number of rounds, and difficulty (1–10); the round timer runs 10–60 seconds.
  • A wrong guess that shares a genre with the answer still earns a few consolation points without breaking your streak.
  • If a trailer is broken or region-blocked, players report it and the server swaps in a backup instantly, then resets the timer so no one loses round points.
Survival

Bomb-It

A timed survival mode: name a movie that fits the prompt before your timer runs out. Run out of time and you lose a life.

  • The prompt is a letter combination — one letter at the lowest difficulty, two or three letters as difficulty rises.
  • A correct answer passes the turn to the next player; the timer follows whoever is on the spot.
  • Miss or stall and you drop a life. Lose all your lives and you are out; the last player standing wins.
In development

More modes

Additional modes are in development, including games personalized from a player’s Letterboxd history.

  • A connected Letterboxd account lets a mode draw from films a player has actually watched.
  • The mode framework is shared, so new rule sets reuse the same rooms, scoring, and progression.
Round 1 / 4 0:08
trailer playing
the movie was Nosferatu +18
You 0
Maya 0
T
Theo 0

Features

Rooms & access

  • Public lobbies
  • Private, password-protected rooms
  • Genre and difficulty (1–10) filters
  • One-click guest sessions

Hosts customize genre, round count, and difficulty per room. A guest gets a one-tap session and can play immediately, but can’t open a profile or the inventory until they register.

Social

  • Friends list with online status
  • Direct messages
  • Real-time lobby chat
  • Global leaderboard

Friend requests surface mutual connections and who’s online. Direct messages track unread counts, you can mute or block abusive users, and lobby chat appears as bubbles over player cards mid-game.

Progression

  • XP, levels, and achievements
  • Popcorn in-game currency
  • Cosmetics store — avatars, titles, backgrounds
  • Persistent profile across games

XP equals your match score, and leveling up grants Popcorn. An achievements engine reads end-of-match data — wins, genre counts, Letterboxd connection — and auto-grants titles, cosmetics, and currency.

Scoring

  • Scales with difficulty and answer streaks
  • Consolation points for genre-adjacent guesses

Points combine a difficulty multiplier (1–10) with a streak multiplier, so harder movies and longer correct runs are worth more. A wrong guess that shares a genre with the answer earns a flat 3 points without breaking your streak.

Leaderboard & profiles

Recreated from the in-game leaderboard — real cards, live ranking and stats. Click the card to open the profile.

Cailus avatar LVL 1

Cailus

ADMIN

Check my website for more projects and to support me :)

gabrieldabbah.com
Level Progress50%
50 XPNext Lvl
Unlocked Achievements 5 Unlocked
Perfect Round First Game Rookie Newbie First Friend
55,000+ films in play
2 live game modes
1s real-time sync
1 developer

One person. The whole stack.

Frontend, backend, database, payments, security, and deployment — all built and shipped solo.

Built with

  • React
  • TypeScript
  • Vite
  • Tailwind CSS
  • react-youtube
  • Node.js
  • Express
  • Supabase
  • PostgreSQL
  • JWT
  • bcrypt
  • node-cron
  • Cloudflare
  • Render

Engineering

Server-authoritative rooms

The game’s brain runs on the server, not in your browser. Every room beats on a one-second heartbeat that tells all players what’s happening at the same instant — so nobody can win by tampering with their own screen, and everyone sees the same trailer moment together.

GameManager holds each room in memory and advances a LOBBYSTARTINGIN_ROUNDBETWEEN_ROUNDSFINISHED state machine on a 1-second setInterval tick. Clients are render-only: they poll state once a second and reconcile to the broadcast, so a tampered client cannot alter the outcome, and the answer is withheld from the payload until BETWEEN_ROUNDS.

Real-time beyond polling

Trailer Quiz stays in sync through fast server updates, but the lively parts — lobby chat, emotes like throwing tomatoes at other players, and the whole Bomb-It mode — run over a live connection so they land instantly, with no refresh or delay.

Steady-state Trailer Quiz reconciles on the 1-second tick, but latency-sensitive events use a persistent WebSocket instead of polling: lobby chat, emotes (tomato throws), and all of Bomb-It’s turn passing and shared timer push the moment they happen rather than waiting on the next tick.

Separated middleware pipeline

Every request walks one ordered line of checks before any handler runs — CORS and cookies, origin/CSRF, per-route rate limiting, schema validation, then auth — so each concern is isolated and a bad request is rejected at the earliest gate.

Every request walks one ordered Express middleware chain: cors and cookie parsing, then an Origin/CSRF check, then per-route express-rate-limit (five limiters keyed to the real IP, with IPv6 bucketed to /56), then schema validation with prototype-pollution and XSS sanitization, then auth. Each concern is isolated, and a bad request is rejected at the earliest gate before any handler sees it.

Preloaded movie catalog

The trailers themselves aren’t stored — what loads into the server’s memory at startup is each movie’s info and its YouTube trailer link. During a round the clip plays straight from a YouTube embed in the player’s browser, so the server never serves video and a round never waits on an outside lookup. Difficulty simply controls how deep into the popularity-ranked list the game is allowed to reach.

~55,000 films’ metadata — titles, info, and YouTube trailer ids — are parsed from JSONL into memory at boot and sorted by popularity; no video is stored server-side. Genre maps UI labels onto dataset categories; difficulty slices the sorted pool — top 100 at level 1 up to the whole pool at level 10 — before a non-repeating random draw. The trailer plays client-side through a YouTube embed, so no TMDB lookup happens during a match.

Resilient trailers

If a trailer is dead or blocked in someone’s region, the round doesn’t stall. A player report (or a host reroll) swaps in a fresh clip and resets the timer, so nobody loses points to a broken video.

A reported or host-rerolled trailer is validated against the live round, the bad video id is blacklisted so it is never drawn again, a backup is pulled from the in-memory pool, the round swaps to it, the timer resets, and guesses already made are cleared so they cannot carry over onto the replacement.

Real identity through the proxy

A Cloudflare Pages Function fronts the API and forwards each call with cf-connecting-ip as a signed x-mtq-client-ip header; Express trusts the forwarded IP only when the HMAC signature matches. Identity survives the multi-hop proxy chain intact and cannot be spoofed from the client.

Server-enforced authorization

The backend is the only gatekeeper, so it treats every request as untrusted: it validates everything, checks where it came from, and can revoke a session instantly. Staff muting, banning, and audit logs sit on top.

The backend talks to PostgreSQL with the Supabase service_role key and bypasses RLS, so authorization is enforced entirely server-side. JWTs ride in httpOnly cookies, and auth middleware re-checks session_version and deletion_requested_at on every request — so a session can be revoked instantly.

Scheduled upkeep

Quiet background jobs keep the game tidy on their own — for example, clearing out guest sessions once they expire so old data doesn’t pile up.

node-cron runs server-side maintenance off the request path — sweeping expired guest sessions on their 3-day TTL and keeping in-memory state lean — with no manual intervention.

Role-aware admin console

Behind the game is an internal operations dashboard where trusted staff run the live game: monitoring activity and cost, moderating players, working through player and trailer reports, scheduling background jobs, and flipping site-wide switches like maintenance or paused match creation. The whole dashboard reshapes by role — moderators get a focused reports-and-chat-audit view, while admins get the full set of controls — and every action is logged for accountability.

A two-column, role-gated console with a tab rail — Stats, Event Queue, User Management, User & Trailer Reports, Contact Inbox, Audit Chat Logs, System Controls, System Logs — whose shape is driven by the staff role, so moderators resolve into a reports-and-audit subset rather than seeing admin-only tools hidden in the markup. System Controls flip global runtime flags — Maintenance, Registration Lock, Test and Beta gating, Pause Game Creation, Disable Payments, Force Backend Offline — that the Express layer enforces and that can end live WebSocket sessions; the Event Queue schedules deferred actions like timed unbans, deletions, and bulk popcorn grants off the request path; and moderation evidence (match chat, direct-message context, prior reports) is compiled beside each case so a decision is made in one place. Every operational action is written to an audit log exportable as JSON or CSV.

Social

Movie Games is a social game too — identity, friends, rivalry, and live in-room expression. The two panels below are real and interactive — try them.

Emote click Maya →
You
Lobby chat type & send →
You
0/50

Profiles & cosmetics

Every player is a recognizable identity — a portrait, a level, an equipped title, a background and a bio that follow them across every screen.

AvatarsTitlesBackgroundsBiosRarity tiers

Friends & DMs

Send and accept requests, see who’s online, and chat one-to-one in lightweight popups — friends become collectible player cards, not address-book rows.

RequestsFriend cards1:1 chatOnline statusUnread badges

Global leaderboard

Ranked by level with the top three highlighted gold/silver/bronze; your own row stays pinned even when you're off the visible page. Tap a row to open the profile.

Ranked by levelTop 3 highlightedYour rank pinnedClick to inspect

Store & inventory

Earn Popcorn from matches and level-ups, then spend it on cosmetics. Rarity drives both price and prestige; equip anything you own straight from the inventory.

Popcorn currencyAvatarsBackgroundsTitlesSound FXRarity pricing

Achievements

Proof-of-play with progress bars and rarity badges. Unlocks grant titles, cosmetics and Popcorn — and surface as the trophy strip on your profile.

Progress barsRarity badgesGrants rewardsTrophy strip

Safety & staff

Calm, visible safety tools live next to the person they affect, with separate staff controls and an official Mod Team roster so players know who represents the game.

ReportBlockMuteBanMod Team roster
Play free movietq.com — free to play

Have a dream project?

Tell me your idea and I’ll send you a quote.