i know there’s already a question with the same title. but i have something more to say

What are my main goals:

• I’m trying to let any user from my app to connect to any other user securely, so that no 3rd person can see their messages. just like any normal messaging system (i.e. WhatsApp, Messenger, Discord DM, Instagram DM). Groups won’t be available

What I’ve found so far:

• The answer in the above linked question says

  The most logical method would be to have a single channel for each
  1-to-1 chat (so chat:user1:user2), as this guarantees you have:

  • A consistent message order between the 2
  • It’s easy to get the history or any one conversation, as it’s available via a single
    chat request. Generally, the logical division
    of chats as channels makes any processing you’d want to do on chats
    simple

  What issue I’ve found in the existing answer:

  • I could be wrong, but i guess the channel name won’t be same for both of the users. cuz in
    practice, what we’ll have to do in the code is chat:<sender_id>:<recipient_id>. and as the
    sender_id & recipient_ids are different for each of the users, they won’t be landing in
    the same channel. hence, they won’t be connected with each other.

    What I can think of as the possible solution:

    • maybe we can alphabetically sort the user IDs and then make a string
      out of it for the channel name. so both users get the same channel
      name. This approach have a security issue. cuz any other user can grab
      user_1 & user_2 IDs, alphabetically sort it, and enter their chat
      room easily
    • we can create a hash using user_1 & user_2 IDs (after alphabetical sort) along with a
      salt. if we can ensure that our hashing algorithm always generates the same hash string for
      a given plain text, we can make sure that both of the users are landing on the same channel
      and getting connected. besides, no malicious user will be able to recreate this hash even
      if they have the user IDs, as they don’t have the salt

Tho this approach creates a secure channel name, but we still don’t have any way to get all the channels available for a particular user. and we’ll need this to show the list of all the available chat-rooms for that user (we usually see that in the left side of the screen in popular messaging platforms. i.e. WhatsApp, Messenger, Discord, Instagram Web Version). I guess we might need this to implement the notification system as well. Not sure on this. Haven’t dived deep about how to implement push notification in the web with ably yet

So my ultimate questions are:

1. Is my approach good?
2. If no, what should be the best and secure approach?
3. If yes, how can I show my users their available chat-rooms?

My tech stacks:

1. NextJS@14
2. [email protected]