mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 23:54:13 +00:00
e7ed718965
A freshly-joined namespace node could come up with TURN silently disabled
(turn.credentials -> namespace_not_configured) when GetWebRTCConfig errored:
the stored TURN shared secret was encrypted with a pre-rotation
cluster-secret-derived key and failed to decrypt, and the converge swallowed
that error into "WebRTC disabled", writing a TURN-disabled gateway config.
Distinguish "resolved but not enabled" (genuinely disabled, fine to write the
empty block) from "unresolved" (DB/decrypt error). chooseRestoreWebRTC's
dbFetch callback now returns a `resolved` bool; an unresolved lookup forces
enabled=false AND sets restoreWebRTC.unresolved. The converge then:
- logs the decrypt/read error loudly with the exact remediation
(`orama namespace disable webrtc` then `enable webrtc`) instead of
swallowing it;
- on the warm path, SKIPS ReconcileGateway so it doesn't rewrite a running
gateway's working WebRTC block to empty (preserves TURN);
- on the cold path, still spawns the gateway (the namespace needs one) but
warns loudly that TURN is degraded until the secret is regenerated.
Healthy nodes are unaffected: a node whose state file holds the secret
short-circuits before dbFetch, so a flaky/rotated DB cannot disable it.
Dual-reviewed (code-quality APPROVED, security SECURE — no secret material is
logged; operator disable still resolves to disabled, not unresolved).
Pure-function coverage in restore_webrtc_test.go: unresolved marking,
resolved-empty-is-disabled, and state-secret-wins-over-db-error.
Orama Network
A decentralized infrastructure platform combining distributed SQL, IPFS storage, caching, serverless WASM execution, and privacy relay — all managed through a unified API gateway.
Packages
| Package | Language | Description |
|---|---|---|
| core/ | Go | API gateway, distributed node, CLI, and client SDK |
| sdk/ | TypeScript | @debros/orama — JavaScript/TypeScript SDK (npm) |
| website/ | TypeScript | Marketing website and invest portal |
| vault/ | Zig | Distributed secrets vault (Shamir's Secret Sharing) |
| os/ | Go + Buildroot | OramaOS — hardened minimal Linux for network nodes |
Quick Start
# Build the core network binaries
make core-build
# Run tests
make core-test
# Start website dev server
make website-dev
# Build vault
make vault-build
Documentation
| Document | Description |
|---|---|
| Architecture | System architecture and design patterns |
| Deployment Guide | Deploy apps, databases, and domains |
| Dev & Deploy | Building, deploying to VPS, rolling upgrades |
| Security | Security hardening and threat model |
| Monitoring | Cluster health monitoring |
| Client SDK | Go SDK documentation |
| Serverless | WASM serverless functions |
| Common Problems | Troubleshooting known issues |
Contributing
See CONTRIBUTING.md for setup, development, and PR guidelines.