End-to-end encrypted wallet-to-wallet messaging with voice calls
No registration. No phone number. Just your Phantom wallet.
🌐 Website • 💬 Open Messenger • 🔒 Security
We jumped ahead of our roadmap! We're thrilled to announce that real-time audio calls are now live in SOLink. This is a huge milestone in the evolution of our messenger - bringing Web3 communication to a whole new level.
- ✅ SSL Labs audit upgraded to A - TLS configuration hardened and re-tested
- 1-on-1 Audio Calls — Call any contact directly from chat
- Cloudflare TURN — Reliable connectivity through NAT/firewalls
- WebRTC Powered — Low-latency, high-quality audio with DTLS-SRTP encryption
- Call UI — Full-screen and minimized modes, mute toggle, call timer
- Call History — Incoming, outgoing, missed calls logged in chat
- 30s Ring Timeout — Auto-disconnect if no answer
- Responsive Design — Works on desktop and mobile
- 🔑 Wallet-Native Identity — Your Solana wallet is your identity. No signup, no passwords.
- 🔒 End-to-End Encryption — Messages encrypted with NaCl (XSalsa20-Poly1305). Server never sees plaintext.
- 📞 Audio Calls — Real-time voice calls powered by WebRTC and Cloudflare TURN.
- ☁️ Cloud Sync — Automatic encrypted backup to cloud. Clear cache, switch devices — your data stays safe.
- 💸 Send SOL in Chat — Transfer SOL directly in conversations.
- 🎤 Voice Messages — Record and send encrypted voice messages with waveform visualization.
- 🔍 Token Scanner — Instant security reports for any Solana token powered by DFN Patrol.
- 🔗 Token Link Preview — Paste any token link and get instant security report card.
- 🔔 Push Notifications — Get notified when you receive new messages.
- 📱 PWA Support — Install as app on desktop and mobile.
- 💾 Encrypted Backups — Export your data with AES-256 password protection.
SOLink takes security seriously. We've achieved top ratings across security audits:
| Service | Rating | Details |
|---|---|---|
| Security Headers | A+ | CSP, HSTS, X-Frame-Options |
| Mozilla Observatory | A+ (125/100) | 10/10 tests passed |
| SSL Labs | A | TLS 1.2/1.3 |
| ImmuniWeb | A | HTTPS, CSP verified |
┌─────────────────────────────────────────────────────────┐
│ Your Browser │
├─────────────────────────────────────────────────────────┤
│ Phantom Wallet → Ed25519 signature for auth │
│ TweetNaCl → X25519 key exchange │
│ XSalsa20-Poly1305 → Message encryption │
│ WebRTC → DTLS-SRTP for voice calls │
│ IndexedDB → Local cache (messages, contacts) │
└─────────────────────────────────────────────────────────┘
│
(only ciphertext)
▼
┌─────────────────────────────────────────────────────────┐
│ Cloudflare Workers │
├─────────────────────────────────────────────────────────┤
│ KV Storage → Profiles, public keys, sessions │
│ Durable Objects → Message queue + Call signaling │
│ R2 Storage → Encrypted backups & voice messages │
│ TURN Server → WebRTC relay for audio calls │
│ No plaintext ever touches the server │
└─────────────────────────────────────────────────────────┘
- ✅ CORS restricted to
solink.chat - ✅ CSP prevents XSS attacks
- ✅ HSTS enforces HTTPS
- ✅ No inline scripts — all JS in external files
- ✅ Encrypted backups with AES-256-GCM
- ✅ Cloud backups encrypted with wallet-derived key
- ✅ Rate limiting — 60 messages/minute
- ✅ Nonce-based auth — replay attack protection
| Layer | Technologies |
|---|---|
| Frontend | Vanilla JS, TweetNaCl, IndexedDB, WebRTC, CSS3 |
| Backend | Cloudflare Workers, KV, Durable Objects, R2, TURN |
| Encryption | NaCl (X25519 + XSalsa20-Poly1305), DTLS-SRTP |
| Blockchain | Solana Web3.js, Phantom Wallet |
| Voice Calls | WebRTC, Cloudflare TURN, Durable Objects (signaling) |
SOLink/
├── public/ # Static frontend
│ ├── app/ # Main app (UI shell)
│ │ ├── index.html # App shell + import map
│ │ └── og-image.png # Open Graph image
│ ├── dev/ # Dev console (PWA)
│ │ ├── calls/ # WebRTC call test page
│ │ │ └── index.html
│ │ ├── index.html # Dev console main
│ │ ├── manifest.json # PWA manifest
│ │ └── sw.js # Dev service worker
│ ├── css/
│ │ ├── style.css # Main app styles
│ │ ├── dev.css # Dev console styles
│ │ └── dev-calls.css # Call test page styles
│ ├── js/
│ │ ├── api.js # API client (fetch)
│ │ ├── chat.js # Chat logic, inbox, rendering
│ │ ├── db.js # IndexedDB helpers
│ │ ├── dev.js # Dev console logic
│ │ ├── dev-calls.js # WebRTC diagnostics/tests
│ │ ├── landing.js # Landing page scripts
│ │ ├── main.js # Auth + wallet bootstrap
│ │ ├── phantom-mobile.js # Phantom Mobile support
│ │ ├── voice-recorder.js # Voice message recording
│ │ ├── call/ # Audio call module (WebRTC)
│ │ │ ├── call-manager.js # Call orchestration (UI + signaling)
│ │ │ ├── call-signaling.js # WebSocket signaling client
│ │ │ ├── call-ui.js # Call UI components
│ │ │ └── webrtc-client.js # PeerConnection, ICE, media
│ │ └── vendor/ # Local vendored deps
│ │ ├── eventemitter3-wrapper.js
│ │ ├── jayson-browser.js
│ │ ├── rpc-websocket-client.js
│ │ └── rpc-websocket-factory.js
│ ├── media/ # Assets (audio/icons)
│ │ ├── caller.mp3 # Outgoing dial tone
│ │ ├── incoming.mp3 # Incoming ringtone
│ │ ├── inbox.mp3 # Legacy message ping
│ │ └── *.svg/png # Logos, partners
│ ├── icons/ # PWA icons
│ ├── presentation/ # Presentation materials
│ │ ├── background-presentation.mp3
│ │ └── index.html
│ ├── manifest.json # App PWA manifest
│ ├── sw.js # Main service worker
│ ├── _redirects # Pages redirects
│ ├── favicon.* / og-image.* # Favicons & OG images
│ ├── robots.txt / sitemap.xml
│ ├── index.html # Landing page
│ └── help/, privacy/, terms/, disclaimer/ # Static pages
├── worker/ # Cloudflare Worker + Durable Objects
│ ├── worker.js # Main worker: API routing
│ ├── inbox-do.js # Inbox/message queue DO
│ ├── call-do.js # Call signaling DO
│ └── utils/
│ ├── crypto.js # Crypto helpers
│ ├── nonce.js # Nonce management
│ ├── ratelimit.js # Rate limiting
│ └── logger.js # Dev console logging
- Go to solink.chat
- Click "Open Messenger"
- Connect your Phantom wallet
- Start chatting!
# Clone repository
git clone https://github.com/dfnwtf/solink.git
cd solink
# Install Wrangler CLI
npm install -g wrangler
# Configure wrangler.toml with your credentials
# (copy from wrangler.toml.example)
# Run locally
wrangler dev
# Open http://localhost:8787/app- Key Generation: On first launch, client generates X25519 keypair
- Key Exchange: Public keys stored on server, shared secret computed via Diffie-Hellman
- Message Encryption: Each message encrypted with unique nonce using XSalsa20-Poly1305
- Server Role: Only sees ciphertext, never plaintext
// Simplified encryption flow
const sharedSecret = nacl.box.before(recipientPublicKey, mySecretKey);
const nonce = nacl.randomBytes(24);
const ciphertext = nacl.box.after(messageBytes, nonce, sharedSecret);
// Only ciphertext + nonce sent to serverSOLink includes a built-in developer console for monitoring and debugging.
| Feature | Description |
|---|---|
| 📊 Real-time Dashboard | Live stats: requests, errors, latency, unique wallets |
| 📈 Charts | Requests over time, category distribution, status breakdown |
| 🔍 Event Logs | Filterable table with all API events |
| ❤️ Health Check | Test all systems: KV, R2, Durable Objects, Solana RPC |
| 🔎 Search | Find events by ID, action, wallet, or details |
| 📱 PWA | Install as standalone app |
| 🔄 Auto-refresh | Updates every 10 seconds |
auth— Login, nonce, verifymessage— Send, poll, ackvoice— Upload, download voice messagespush— Push notification subscriptionssync— Cloud backup operationsprofile— Nickname updatessolana— RPC proxy requestssystem— Health checks, dev login
Automatic health check runs every 5 minutes via Cloudflare Cron Trigger, monitoring:
- KV Storage
- R2 Storage
- Durable Objects
- Solana RPC
- End-to-end encryption
- Durable Object message queue
- Global @nicknames
- Send SOL in chat
- Security hardening (A+ rating)
- Encrypted backups (local export)
- Cloud sync (R2 encrypted backup)
- SEO & sitemap
- Token Scanner (DFN Patrol integration)
- Message reactions
- Push notifications
- Mobile swipe gestures (reply/delete)
- Voice messages with waveform visualization
- Developer console with analytics
- 🎉 Audio Calls (WebRTC + Cloudflare TURN) — Ahead of schedule!
- Multi-wallet support (Solflare, Backpack)
- Group chats
- Video calls
- Image sharing
MIT License — see LICENSE for details.
Built with 💜 on Solana