To facilitate WebSocket connections between frontends and canisters on the IC, we use a gateway. This gateway provides a standard WebSocket endpoint for frontends and handles the communication with the canister. It establishes WebSocket connections with canisters through update calls and uses polling to obtain the latest messages and deliver them to the client.
We invite you to explore the code on GitHub, available at GitHub - dfinity/ic-websocket-poc. This repository can serve as a starting point for developers interested in leveraging WebSockets on the IC. However, please note that this proof-of-concept requires further improvements to enhance security and stability (e.g. using SSL and enhancing error handling) and is not usable in production.
We encourage you to give it a try and let us know what you think!
Regarding security, what is the vision there? E.g. will the websockets support certified data, equivalent to certified queries? I.e. will a developer be able to take data, sign it as for certified queries, then post it and have it validated by the service worker? The crypto part is definitely possible to do oneself; does it make sense to include such functionality out of the box to make it easy for developers to write secure code first time?
The proof-of-concept already makes use of certification and signatures so that the gateway is trustless. Messages from the canister (together with a timestamp and a sequence number) are certified. Likewise messages from the client are signed using the key the client registered in the first update call.
The WebSocket Gateway can now be considered trustless as it cannot tamper, reorder or block the messages without being detected by both the client and the canister. We’re waiting for the vetKeys to become generally available to integrate them into our libraries and make sure the Gateway can’t even read the messages.
Nice tutorial, ping-pong is the hello world of network stack code, awesome! Imho, what matters isn’t that it’s available for multiple of languages, but instead it’s rock solid in just one language. There are definitely a couple of use cases w/o a sensitive message payload, and there are workarounds for encrypting a message payload before vetKeys goes GA. Great work @massimoalbarello & @ilbert, w(h)en production-ready ?