i want to use golang as backend.need to build simple,secure chat-app like whatsapp.
which library or protocol should i use? i tried to use xmpp but it's not very tested for golang.
评论:
rgzr:
Yellow_Bricks:Depending on how ambitious you are, you could try to implement the Matrix protocol.
Like others here suggested it's REST/JSON but lays out how a secure, modern chat client/server should work.
I don't know if there is any work done in Go that goes into the direction but you can look at their reference implementation (in Python).
ZetaHunter:Certainly very interesting, but also very ambitious. The matrix team is also currently working on a go rewrite so you might want to just jump on there.
ericzhill:You could look at https://github.com/mattermost/mattermost-server for inspiration.
Thaxll:RESTful websockets or gRPC would be a good starting point.
skyacer:A bit nitpicking but I'm not sure RESTful websocket is a thing, REST is stateless, more appropriate would be JSON over websocket.
ericzhill:They say websockets arent safe as xmpp?
skyacer:How do you you define "safe"?
qu33ksilver:"in October 2010, Google’s security analyst Adam Barth accompanied by Carnegie-Mellon scientists in their work “Transparent Proxies: Threat or Menace” demonstrating how to intercept the WebSockets feeds of the users working through transparent proxies and substitute the information they receive. This gives a wide field for scamming, which is why Firefox and Opera refused to support the protocol until the more secure version is released. In addition, some popular anti-virus programs, such as Avast, consider this protocol harmful and block its usage completely."
captncraig:websockets already have "wss://" which just initiates an https connection and then moves on to work with just the tcp layer.
Is this still insecure ?
ericzhill:Yeah, this article must be pre-wss. Although even the 2010 rfcs I found have wss in them.
If you don't like websockets, then go with gRPC over SSL.
