which protocol or library should i use for chat-application?

<p>i want to use golang as backend.need to build simple,secure chat-app like whatsapp.</p> <p>which library or protocol should i use? i tried to use xmpp but it&#39;s not very tested for golang.</p> <hr/>**评论：**<br/><br/>rgzr: <pre><p>Depending on how ambitious you are, you could try to implement the <a href="https://matrix.org" rel="nofollow">Matrix protocol</a>.</p> <p>Like others here suggested it&#39;s REST/JSON but lays out how a secure, modern chat client/server should work.</p> <p>I don&#39;t know if there is any work done in Go that goes into the direction but you can look at their <a href="https://github.com/matrix-org/synapse" rel="nofollow">reference implementation</a> (in Python).</p></pre>Yellow_Bricks: <pre><p>Certainly very interesting, but also very ambitious. The matrix team is also currently working on a go rewrite so you might want to just jump on there.</p></pre>ZetaHunter: <pre><p>You could look at <a href="https://github.com/mattermost/mattermost-server" rel="nofollow">https://github.com/mattermost/mattermost-server</a> for inspiration.</p></pre>ericzhill: <pre><p>RESTful websockets or gRPC would be a good starting point.</p></pre>Thaxll: <pre><p>A bit nitpicking but I&#39;m not sure RESTful websocket is a thing, REST is stateless, more appropriate would be JSON over websocket.</p></pre>skyacer: <pre><p>They say websockets arent safe as xmpp?</p></pre>ericzhill: <pre><p>How do you you define &#34;safe&#34;?</p></pre>skyacer: <pre><p>&#34;in October 2010, Google’s security analyst Adam Barth accompanied by Carnegie-Mellon scientists in their work “Transparent Proxies: Threat or Menace” demonstrating how to intercept the WebSockets feeds of the users working through transparent proxies and substitute the information they receive. This gives a wide field for scamming, which is why Firefox and Opera refused to support the protocol until the more secure version is released. In addition, some popular anti-virus programs, such as Avast, consider this protocol harmful and block its usage completely.&#34;</p></pre>qu33ksilver: <pre><p>websockets already have &#34;wss://&#34; which just initiates an https connection and then moves on to work with just the tcp layer.</p> <p>Is this still insecure ?</p></pre>captncraig: <pre><p>Yeah, this article must be pre-wss. Although even the <a href="https://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75" rel="nofollow">2010 rfcs</a> I found have wss in them.</p></pre>ericzhill: <pre><p>If you don&#39;t like websockets, then go with gRPC over SSL.</p></pre>