mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 22:54:12 +00:00
07638354d2
Migration 028: namespace_push_credentials
- Per-(namespace, provider) AES-256-GCM encrypted credential blob.
- Generic schema — apns/ntfy/expo/future plug in with zero migration.
- Separated from migration 026's namespace_push_config (preferences vs
credentials, different access patterns).
pkg/push/credentials
- Manager + Registry + RQLite store; HKDF purpose "namespace-push-credentials"
via pkg/secrets. Provider Validator interface for per-provider schema.
pkg/push/providers/apns
- Apple Push Notification service direct provider (no Expo proxy).
- Validator + dispatcher; credentials are p8 signing key + key_id + team_id.
pkg/push/providers/ntfy/credentials.go
- ntfy credential schema (auth_token + default topic). Used both with
the public ntfy.sh and our self-hosted instance.
pkg/environments/production/installers/ntfy.go
- Self-hosted ntfy server installer. Binary, system user, hardened
/etc/ntfy/server.yml, systemd unit. Listens on 127.0.0.1:NtfyListenPort
only — Caddy is the only public path.
pkg/environments/production/installers/caddy.go
- Emit reverse_proxy block for push.<dnsZone> -> 127.0.0.1:NtfyListenPort
when operator enables ntfy on a node.
CLI: install/upgrade orchestrators learn a new "ntfy" install/preserve
phase; flag gating in install/flags.go + upgrade/flags.go.
Gateway handlers/push/credentials_handler.go
- GET/PUT/DELETE /v1/namespace/push-credentials/{provider}.
- PUT validates against provider Validator before encrypting and storing.
- GET returns a redacted view (booleans + non-secret fields only).
Push manager: provider resolution now also consults
namespace_push_credentials before falling back to YAML defaults.
Docs: core/docs/PUSH_NOTIFICATIONS.md walks through end-to-end setup.
VERSION bumped to 0.122.14.
Orama Network
A decentralized infrastructure platform combining distributed SQL, IPFS storage, caching, serverless WASM execution, and privacy relay — all managed through a unified API gateway.
Packages
| Package | Language | Description |
|---|---|---|
| core/ | Go | API gateway, distributed node, CLI, and client SDK |
| sdk/ | TypeScript | @debros/orama — JavaScript/TypeScript SDK (npm) |
| website/ | TypeScript | Marketing website and invest portal |
| vault/ | Zig | Distributed secrets vault (Shamir's Secret Sharing) |
| os/ | Go + Buildroot | OramaOS — hardened minimal Linux for network nodes |
Quick Start
# Build the core network binaries
make core-build
# Run tests
make core-test
# Start website dev server
make website-dev
# Build vault
make vault-build
Documentation
| Document | Description |
|---|---|
| Architecture | System architecture and design patterns |
| Deployment Guide | Deploy apps, databases, and domains |
| Dev & Deploy | Building, deploying to VPS, rolling upgrades |
| Security | Security hardening and threat model |
| Monitoring | Cluster health monitoring |
| Client SDK | Go SDK documentation |
| Serverless | WASM serverless functions |
| Common Problems | Troubleshooting known issues |
Contributing
See CONTRIBUTING.md for setup, development, and PR guidelines.