mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 22:54:12 +00:00
b9d5f542e1
- Add `turn_stealth_domain` to gateway config for stealth TURN support - Introduce `turn_discovery` in `sni-router` to auto-discover per-namespace routes - Add database migration to enable stealth TURN per namespace - Document ephemeral state API in `SERVERLESS.md`
27 lines
1.1 KiB
Go
27 lines
1.1 KiB
Go
package turn
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"fmt"
|
|
)
|
|
|
|
// stealthHostHashBytes is how many bytes of the namespace digest appear in the
|
|
// stealth hostname label. 6 bytes (12 hex chars) keeps the label CDN-bland
|
|
// while making cross-namespace collisions negligible at platform scale.
|
|
const stealthHostHashBytes = 6
|
|
|
|
// StealthHostForNamespace derives the censorship-resistant TURNS hostname for
|
|
// a namespace: "cdn-<12-hex-of-sha256(namespace)>.<baseDomain>".
|
|
//
|
|
// Design (feat-124): the label must NOT contain the namespace (an SNI string
|
|
// like "cdn.ns-anchat-test.…" hands DPI the exact app to block), must be
|
|
// deterministic so every component (cluster manager, namespace gateway, SNI
|
|
// router, DNS) derives the same value with no extra coordination, and must be
|
|
// unique per namespace because the SNI router maps it to that namespace's
|
|
// TURN-TLS backend.
|
|
func StealthHostForNamespace(namespace, baseDomain string) string {
|
|
sum := sha256.Sum256([]byte(namespace))
|
|
return fmt.Sprintf("cdn-%s.%s", hex.EncodeToString(sum[:stealthHostHashBytes]), baseDomain)
|
|
}
|