mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 21:54:14 +00:00
e685c864fc
v0.122.42 (f412425, secrets encryption) shipped the template emission, the per-cluster secret generator, and the gateway.Config consumer — but NOT the parse field on config.HTTPGatewayConfig. Phase 4 writes `secrets_encryption_key` into node.yaml under the http_gateway section, and pkg/config/yaml.go decodes with KnownFields(true) (strict). The unknown field made every node.yaml parse fail, so orama-node exited 1 on every start and systemd crash-looped it (restart counter hit 380+ on the first upgraded devnet node before the rolling controller halted). Root cause: a generated-config field with no matching struct field under strict unmarshal. Fix is the missing field. The runtime key itself is still consumed from ~/.orama/secrets/secrets-encryption-key (pkg/node/ gateway.go), which already worked — so this one-field addition fully restores boot AND the feature. The standalone gateway (cmd/gateway/config.go) uses lenient parsing and was unaffected. Regression test in pkg/config/decode_test.go decodes a node.yaml carrying secrets_encryption_key under strict mode.
84 lines
4.7 KiB
Go
84 lines
4.7 KiB
Go
package config
|
|
|
|
import "time"
|
|
|
|
// HTTPGatewayConfig contains HTTP reverse proxy gateway configuration
|
|
type HTTPGatewayConfig struct {
|
|
Enabled bool `yaml:"enabled"` // Enable HTTP gateway
|
|
ListenAddr string `yaml:"listen_addr"` // Address to listen on (e.g., ":8080")
|
|
NodeName string `yaml:"node_name"` // Node name for routing
|
|
Routes map[string]RouteConfig `yaml:"routes"` // Service routes
|
|
HTTPS HTTPSConfig `yaml:"https"` // HTTPS/TLS configuration
|
|
SNI SNIConfig `yaml:"sni"` // SNI-based TCP routing configuration
|
|
|
|
// Full gateway configuration (for API, auth, pubsub)
|
|
ClientNamespace string `yaml:"client_namespace"` // Namespace for network client
|
|
RQLiteDSN string `yaml:"rqlite_dsn"` // RQLite database DSN
|
|
OlricServers []string `yaml:"olric_servers"` // List of Olric server addresses
|
|
OlricTimeout time.Duration `yaml:"olric_timeout"` // Timeout for Olric operations
|
|
IPFSClusterAPIURL string `yaml:"ipfs_cluster_api_url"` // IPFS Cluster API URL
|
|
IPFSAPIURL string `yaml:"ipfs_api_url"` // IPFS API URL
|
|
IPFSTimeout time.Duration `yaml:"ipfs_timeout"` // Timeout for IPFS operations
|
|
BaseDomain string `yaml:"base_domain"` // Base domain for deployments (e.g., "dbrs.space"). Defaults to "dbrs.space"
|
|
|
|
// SecretsEncryptionKey is the AES-256 key (hex, 64 chars) used to encrypt
|
|
// serverless function secrets at rest. Generated per-cluster and written
|
|
// into node.yaml by Phase 4 config generation. This field MUST exist or
|
|
// strict YAML unmarshal rejects node.yaml entirely and orama-node fails
|
|
// to boot (regression that shipped in v0.122.42: template + secret
|
|
// generator + gateway.Config consumer all landed, but this parse field
|
|
// and the node→gateway mapping were missed).
|
|
SecretsEncryptionKey string `yaml:"secrets_encryption_key"`
|
|
|
|
// WebRTC configuration (optional, enabled per-namespace)
|
|
WebRTC WebRTCConfig `yaml:"webrtc"`
|
|
}
|
|
|
|
// WebRTCConfig contains WebRTC-related gateway configuration
|
|
type WebRTCConfig struct {
|
|
Enabled bool `yaml:"enabled"` // Whether this gateway has WebRTC support active
|
|
SFUPort int `yaml:"sfu_port"` // Local SFU signaling port to proxy to
|
|
TURNDomain string `yaml:"turn_domain"` // TURN domain (e.g., "turn.ns-myapp.dbrs.space")
|
|
TURNSecret string `yaml:"turn_secret"` // HMAC-SHA1 shared secret for TURN credential generation
|
|
}
|
|
|
|
// HTTPSConfig contains HTTPS/TLS configuration for the gateway
|
|
type HTTPSConfig struct {
|
|
Enabled bool `yaml:"enabled"` // Enable HTTPS (port 443)
|
|
Domain string `yaml:"domain"` // Primary domain (e.g., node-123.orama.network)
|
|
AutoCert bool `yaml:"auto_cert"` // Use Let's Encrypt for automatic certificate
|
|
UseSelfSigned bool `yaml:"use_self_signed"` // Use self-signed certificates (pre-generated)
|
|
CertFile string `yaml:"cert_file"` // Path to certificate file (if not using auto_cert)
|
|
KeyFile string `yaml:"key_file"` // Path to key file (if not using auto_cert)
|
|
CacheDir string `yaml:"cache_dir"` // Directory for Let's Encrypt certificate cache
|
|
HTTPPort int `yaml:"http_port"` // HTTP port for ACME challenge (default: 80)
|
|
HTTPSPort int `yaml:"https_port"` // HTTPS port (default: 443)
|
|
Email string `yaml:"email"` // Email for Let's Encrypt account
|
|
}
|
|
|
|
// SNIConfig contains SNI-based TCP routing configuration for port 7001
|
|
type SNIConfig struct {
|
|
Enabled bool `yaml:"enabled"` // Enable SNI-based TCP routing
|
|
ListenAddr string `yaml:"listen_addr"` // Address to listen on (e.g., ":7001")
|
|
Routes map[string]string `yaml:"routes"` // SNI hostname -> backend address mapping
|
|
CertFile string `yaml:"cert_file"` // Path to certificate file
|
|
KeyFile string `yaml:"key_file"` // Path to key file
|
|
}
|
|
|
|
// RouteConfig defines a single reverse proxy route
|
|
type RouteConfig struct {
|
|
PathPrefix string `yaml:"path_prefix"` // URL path prefix (e.g., "/rqlite/http")
|
|
BackendURL string `yaml:"backend_url"` // Backend service URL
|
|
Timeout time.Duration `yaml:"timeout"` // Request timeout
|
|
WebSocket bool `yaml:"websocket"` // Support WebSocket upgrades
|
|
}
|
|
|
|
// ClientConfig represents configuration for network clients
|
|
type ClientConfig struct {
|
|
AppName string `yaml:"app_name"`
|
|
DatabaseName string `yaml:"database_name"`
|
|
BootstrapPeers []string `yaml:"bootstrap_peers"`
|
|
ConnectTimeout time.Duration `yaml:"connect_timeout"`
|
|
RetryAttempts int `yaml:"retry_attempts"`
|
|
}
|