server

package

v0.1.0 Latest Latest Go to latest Published: Mar 16, 2026 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Prasad-178/opaque

Links

Open Source Insights

Documentation ¶

Overview ¶

Package server provides the REST API server for privacy-preserving vector search.

Architecture (simplified for local deployment):

Client authenticates and gets credentials (centroids, AES key)
Client does HE scoring LOCALLY (no query leaves client!)
Client requests blobs from selected clusters + decoys
Server returns encrypted blobs (doesn't know which are real vs decoy)
Client decrypts and scores locally

This maintains privacy because:

Query NEVER leaves the client - all HE ops are local
Cluster selection is based on locally decrypted HE scores
Blob access is hidden via decoy requests
Final scoring is client-side with AES-decrypted vectors

Note: This is simpler than having the server do HE operations. For a full production deployment, you might want server-side HE to avoid sending centroids to client, but that requires more complex key management (Galois keys transfer, etc.)

Index ¶

type BlobData
type Config
- func DefaultConfig() Config
type GetBucketsResponse
type LoginRequest
type LoginResponse
type RefreshRequest
type RefreshResponse
type Server
- func New(cfg Config, blobStore blob.Store, authService *auth.Service, ...) *Server
- func (s *Server) Shutdown(ctx context.Context) error
- func (s *Server) Start() error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BlobData ¶

type BlobData struct {
	ID         string `json:"id"`
	Ciphertext string `json:"ciphertext"` // Base64
	Dimension  int    `json:"dimension"`
}

type Config ¶

type Config struct {
	// Address to listen on (e.g., ":8080")
	Address string

	// Read/write timeouts
	ReadTimeout  time.Duration
	WriteTimeout time.Duration
}

Config holds server configuration.

func DefaultConfig ¶

func DefaultConfig() Config

DefaultConfig returns sensible defaults for local development.

type GetBucketsResponse ¶

type GetBucketsResponse struct {
	Blobs []BlobData `json:"blobs"`
}

Get buckets handler

type LoginRequest ¶

type LoginRequest struct {
	UserID       string `json:"user_id"`
	EnterpriseID string `json:"enterprise_id"`
	Password     string `json:"password"`
}

Login request/response

type LoginResponse ¶

type LoginResponse struct {
	Token       string      `json:"token"`
	ExpiresAt   time.Time   `json:"expires_at"`
	AESKey      string      `json:"aes_key"` // Base64
	Centroids   [][]float64 `json:"centroids"`
	Dimension   int         `json:"dimension"`
	NumClusters int         `json:"num_clusters"`
}

type RefreshRequest ¶

type RefreshRequest struct {
	Token string `json:"token"`
}

Refresh token handler

type RefreshResponse ¶

type RefreshResponse struct {
	Token     string    `json:"token"`
	ExpiresAt time.Time `json:"expires_at"`
}

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server handles REST API requests for private vector search.

func New ¶

func New(cfg Config, blobStore blob.Store, authService *auth.Service, enterpriseStore enterprise.Store) *Server

New creates a new server instance.

func (*Server) Shutdown ¶

func (s *Server) Shutdown(ctx context.Context) error

Shutdown gracefully shuts down the server.

func (*Server) Start ¶

func (s *Server) Start() error

Start starts the HTTP server.

Source Files ¶

View all Source files

server.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL