DeBros/orama
4
0
Fork 0
mirror of https://github.com/DeBrosOfficial/orama.git synced 2026-06-16 22:54:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
orama/core/pkg/gateway/config.go
anonpenguin23 f41242538e feat(serverless): add raw http response mode and secrets encryption 
- Add `raw_http_response` configuration to functions to allow verbatim HTTP responses
- Implement cluster-wide secrets encryption key generation and distribution for serverless functions
- Update documentation with UnifiedPush support for ntfy on Android/GrapheneOS
2026-06-09 13:01:02 +03:00

87 lines
4.3 KiB
Go
Raw Blame History

package gateway
import "time"
// Config holds configuration for the gateway server
type Config struct {
ListenAddr string
ClientNamespace string
BootstrapPeers []string
NodePeerID string // The node's actual peer ID from its identity file
// Optional DSN for rqlite database/sql driver, e.g. "http://localhost:4001"
// If empty, defaults to "http://localhost:4001".
RQLiteDSN string
// Global RQLite DSN for API key validation (for namespace gateways)
// If empty, uses RQLiteDSN (for main/global gateways)
GlobalRQLiteDSN string
// HTTPS configuration
EnableHTTPS bool // Enable HTTPS with ACME (Let's Encrypt)
DomainName string // Domain name for HTTPS certificate
TLSCacheDir string // Directory to cache TLS certificates (default: ~/.orama/tls-cache)
// Domain routing configuration
BaseDomain string // Base domain for deployment routing. Set via node config http_gateway.base_domain. Defaults to "dbrs.space"
// Data directory configuration
DataDir string // Base directory for node-local data (SQLite databases, deployments). Defaults to ~/.orama
// Olric cache configuration
OlricServers []string // List of Olric server addresses (e.g., ["localhost:3320"]). If empty, defaults to ["localhost:3320"]
OlricTimeout time.Duration // Timeout for Olric operations (default: 10s)
// IPFS Cluster configuration
IPFSClusterAPIURL string // IPFS Cluster HTTP API URL (e.g., "http://localhost:9094"). If empty, gateway will discover from node configs
IPFSAPIURL string // IPFS HTTP API URL for content retrieval (e.g., "http://localhost:4501"). If empty, gateway will discover from node configs
IPFSTimeout time.Duration // Timeout for IPFS operations (default: 60s)
IPFSReplicationFactor int // Replication factor for pins (default: 3)
IPFSEnableEncryption bool // Enable client-side encryption before upload (default: true, discovered from node configs)
// RQLite authentication (basic auth credentials embedded in DSN)
RQLiteUsername string // RQLite HTTP basic auth username (default: "orama")
RQLitePassword string // RQLite HTTP basic auth password
// WireGuard mesh configuration
ClusterSecret string // Cluster secret for authenticating internal WireGuard peer exchange
// API key HMAC secret for hashing API keys before storage.
// When set, API keys are stored as HMAC-SHA256(key, secret) in the database.
// Loaded from ~/.orama/secrets/api-key-hmac-secret.
APIKeyHMACSecret string
// SecretsEncryptionKey is the AES-256 key (32 bytes, hex-encoded → 64
// hex chars) used to encrypt serverless function secrets at rest in the
// function_secrets table. It MUST be identical on every namespace-gateway
// node in a cluster and stable across restarts — otherwise secrets
// encrypted by one process cannot be decrypted by another (bugboard #837).
// Loaded from ~/.orama/secrets/secrets-encryption-key.
SecretsEncryptionKey string
// WebRTC configuration (set when namespace has WebRTC enabled).
//
// WebRTCEnabled is RETAINED for back-compat with operator YAML and
// the spawn-handler request shape, but no longer gates route
// registration (bugboard #411). Routes auto-register whenever
// SFUPort > 0 — the actual operational prerequisite. Validate still
// uses WebRTCEnabled to enforce "if you opted in, you MUST set the
// dependent fields", which catches obvious YAML typos at config
// load.
WebRTCEnabled bool // legacy opt-in; routes auto-register when SFUPort>0 regardless. Kept for back-compat.
SFUPort int // Local SFU signaling port to proxy WebSocket connections to. >0 = WebRTC routes registered.
TURNDomain string // TURN server domain for credential generation
TURNSecret string // HMAC-SHA1 shared secret for TURN credential generation (empty → /v1/webrtc/turn/credentials returns 503)
// StealthCDNDomain, when set, makes the WebRTC credentials handler
// advertise turns:<StealthCDNDomain>:443 (served by the SNI router).
StealthCDNDomain string
// Push notification configuration. Push is enabled when at least one
// provider URL/token is set. Tokens stored in the push_devices table
// are encrypted at rest via pkg/secrets using the cluster secret.
NtfyBaseURL string // ntfy server URL (e.g. "http://localhost:8080")
NtfyAuthToken string // optional bearer token for ntfy
ExpoAccessToken string // optional Expo access token
}
Reference in New Issue View Git Blame Copy Permalink