-
Notifications
You must be signed in to change notification settings - Fork 4
WebSockets
Francois edited this page Jan 20, 2026
·
1 revision
WebSocket is a protocol providing persistent communication channels over TCP
For ft_transcendence, websockets are privileged over HTTP when:
- real-time communication is needed, ie for the game
- we want to minimize network traffic : sending only necessary data payloads once the connection is open.
We could have a dedicated WebSocket gateway (as for the API Gateway service), but the use of WebSocket is limited to game.
| โ Do | โ Don't |
|---|---|
Use wss:// (WebSocket Secure): Always encrypt traffic with TLS to prevent Man-in-the-Middle attacks. |
Send sensitive data over ws://: Insecure connections expose tokens and private messages. |
| Implement Heartbeats: Use ping/pong mechanisms to detect and clean up "zombie" connections. | - |
| Validate and sanitize messages | Trust Client Input: risk of injections. |
| Offload Auth to Handshake: Use JWTs or "tickets" during the initial HTTP upgrade request. | Re-authenticate on every message: This adds unnecessary latency and processing overhead. |
| Type | Resource | Notes |
|---|---|---|
| ๐ฆ | fastify-websocket | - |
| ๐ | OWASP WebSocket Security | Best practices for securing persistent connections. |
- Gateway Service - API Gateway & JWT validation
- Auth Service - Authentication & 2FA/TOTP
- AI Service - AI opponent
- API Documentation - OpenAPI/Swagger
- Fastify - Web framework
- Prisma - ORM
- WebSockets - Real-time communication
- Restful API - API standards
- React - UI library
- CSS - Styling
- Tailwind - CSS framework
- Accessibility - WCAG compliance
- TypeScript - Language
- Zod - Schema validation
- Nginx - Reverse proxy
- Logging and Error management - Observability
- OAuth 2.0 - Authentication flows
- Two-factor authentication - 2FA/TOTP
- Avalanche - Blockchain network
- Hardhat - Development framework
- Solidity - Smart contracts language
- Open Zeppelin - Security standards
- ESLint - Linting
- Vitest - Testing
- GitHub Actions - CI/CD
- Husky, Commit lints and git hooks - Git hooks
- ELK - Logging stack
๐ Page model