TLDR; how do I handle messages to different users of my app without compromising security or forcing a non-reactive polling routine?
I am building an application in which one feature is a messaging system. Users can send messages to clients. Clients do not use the app, so messages come as text messages. Replies are handles as messages and come back the app as messages in the messaging system. Let’s introduce the concepts:
- App instance - an instance of the app used by a user. Running on a browser.
- Messaging service - an Akka HTTP microservice running on some server, implemented using Akka typed actors
- Client - the client of the user using the app instance, some person with a phone number.
When a client replies to the text, the reply goes to the messaging service which has to route it as an event to the correct app instance so it shoes up there as a message. I have three options:
- Publish this event to a port on the messaging server, and have the app instances listen to that port; the issue is that all instances listen to all messages, a security concern as messages are private. I could encrypt them and have only the correct recipients access the decryption key, but this seems like an antipattern. I’d like them to not be able to see these messages at all.
- Send the message to a port on the app instance address; this solves the problem above, but introduces the problem of having to keep track of client addresses somehow. This violates REST and is generally difficult to do with things like network proxies/VPNs/other networking stuff that I don’t understand.
- Non-reactive; publish replies to a database on the messaging service, and have the app instances poll an API for this database periodically to check if they have mail; this is ugly and wasteful. It introduces latency between when the message was actually received and when it is available to the client, and creates a bad tradeoff where I have to decide if I want more network calls for lower latency or reduce the frequency of the network calls for a lower latency. Eats my clients’ network bills depending on their mobile coverage. Would like to avoid, but it does solve both problems above.
Is there a reactive, efficient way to do this?