You will have to enforce authentication in your application. I suggest you get the derby-auth npm module and use that to authenticate.
Once your user is authenticated you can then pass their handle (see Passport) back to every edit request to your server, then push that info back out to the connected clients.