mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 22:54:12 +00:00
872c553d1c
Root-cause hardening for bug #240 and #249's "intermittent 401 over WS" reports. handleNamespaceGatewayRequest previously had a third code path beyond "auth ok" and "auth error": when validateAuthForNamespaceProxy returned empty namespace AND empty error (i.e. "no credentials found"), the request fell through to a silent forward to the namespace gateway WITHOUT internal-auth headers. The namespace gateway then rejected with 401 "missing API key" in ~60µs. From the client's perspective: opaque 401. From our side: only the namespace gateway logged it, and that tier can't validate API keys (they live in the main cluster RQLite), so the operator had no signal that the main gateway had even seen the request. AnChat's intermittent 401-on-WS reports went unsolved for this exact reason. Fix: - Explicit reject at main when no credentials extracted AND path isn't public. Returns 401 with WWW-Authenticate: Bearer realm and a clear message naming the three accepted credential sources. - Rich structured logging on every WS upgrade auth outcome: presence of api_key/token/jwt query params, Authorization + X-API-Key headers, Connection/Upgrade headers, Origin, User-Agent, client IP, raw query length. Steady-state stays low-noise: success path logs at debug, reject paths log at warn. - Namespace-mismatch reject (existing branch) now also logs. VERSION bumped to 0.122.19.
Orama Network
A decentralized infrastructure platform combining distributed SQL, IPFS storage, caching, serverless WASM execution, and privacy relay — all managed through a unified API gateway.
Packages
| Package | Language | Description |
|---|---|---|
| core/ | Go | API gateway, distributed node, CLI, and client SDK |
| sdk/ | TypeScript | @debros/orama — JavaScript/TypeScript SDK (npm) |
| website/ | TypeScript | Marketing website and invest portal |
| vault/ | Zig | Distributed secrets vault (Shamir's Secret Sharing) |
| os/ | Go + Buildroot | OramaOS — hardened minimal Linux for network nodes |
Quick Start
# Build the core network binaries
make core-build
# Run tests
make core-test
# Start website dev server
make website-dev
# Build vault
make vault-build
Documentation
| Document | Description |
|---|---|
| Architecture | System architecture and design patterns |
| Deployment Guide | Deploy apps, databases, and domains |
| Dev & Deploy | Building, deploying to VPS, rolling upgrades |
| Security | Security hardening and threat model |
| Monitoring | Cluster health monitoring |
| Client SDK | Go SDK documentation |
| Serverless | WASM serverless functions |
| Common Problems | Troubleshooting known issues |
Contributing
See CONTRIBUTING.md for setup, development, and PR guidelines.