temp

.gitignore

@@ -0,0 +1,30 @@
+# JWT keys
+config/jwt_private.pem
+config/jwt_public.pem
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool
+*.out
+
+# Go workspace file
+go.work
+
+# Dependency directories
+vendor/
+bin/
+pkg/
+
+# IDE specific files
+.idea/
+.vscode/
+*.swp
+*.swo

Dockerfile

@@ -1,6 +1,23 @@
+# Build stage
+FROM golang:1.24-alpine AS builder
+
+WORKDIR /app
+
+# Copy go mod files
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source files
+COPY . .
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux go build -o /app/main
+
+# Final stage
 FROM ubuntu:22.04
 
-# Install system dependencies
+# Copy built binary from builder
+COPY --from=builder /app/main /app/main
 RUN apt-get update && \
     apt-get install -y \
     build-essential \
@@ -30,13 +47,12 @@ RUN git clone https://github.com/ggerganov/llama.cpp && \
 RUN mkdir -p /models && \
     wget -O /models/model.q8_0.gguf https://huggingface.co/unsloth/DeepSeek-R1-Distill-Qwen-1.5B-GGUF/resolve/main/DeepSeek-R1-Distill-Qwen-1.5B-Q8_0.gguf
 
-# Copy app and startup script
-COPY app.py /app.py
+# Copy startup script
 COPY start.sh /start.sh
 RUN chmod +x /start.sh
 
 # Expose ports
-EXPOSE 7860 8080
+EXPOSE 8080 3000
 
 # Start services
 CMD ["/start.sh"]

README.md

@@ -15,4 +15,59 @@ models:
 - unsloth/DeepSeek-R1-Distill-Qwen-1.5B-GGUF
 ---
 
+# P2P LLM Inference Platform
+
+A peer-to-peer platform for distributed LLM inference.
+
+## Current Features
+
+- **Trusted Peers Management**:
+  - Load peers from configuration file
+  - Load peers from database
+  - Combine both sources for peer discovery
+- **Request Forwarding**:
+  - Distribute requests across available peers
+  - Handle both regular and SSE responses
+
+## Planned Features
+
+- **Trust Scores**:
+  - Track peer reliability and performance
+  - Weight request distribution based on scores
+- **Peer Advertising**:
+  - Automatic peer discovery
+  - Peer-to-peer network formation
+- **Enhanced Security**:
+  - Peer authentication
+  - Request validation
+
+## Getting Started
+
+1. Clone the repository
+2. Configure `files/config.json` with your settings
+3. Build and run with Docker:
+
+```bash
+docker-compose up --build
+```
+
+## Configuration
+
+Edit `files/config.json` to specify:
+
+- Database path
+- Target URL
+- Trusted peers (URLs and public keys)
+- Trusted peers file path
+
+## Development
+
+```bash
+# Run locally
+go run main.go
+
+# Run tests
+go test ./...
+```
+
 Check out the configuration reference at <https://huggingface.co/docs/hub/spaces-config-reference>

auth/handler.go

@@ -0,0 +1,42 @@
+package auth
+
+import (
+	"errors"
+	"net/http"
+)
+
+type AuthHandler struct {
+	authService *AuthService
+}
+
+func NewAuthHandler(authService *AuthService) *AuthHandler {
+	return &AuthHandler{
+		authService: authService,
+	}
+}
+
+func (h *AuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	apiKey := r.Header.Get("X-API-Key")
+	if apiKey == "" {
+		http.Error(w, "API key required", http.StatusUnauthorized)
+		return
+	}
+
+	token, err := h.authService.Authenticate(apiKey)
+	if err != nil {
+		if errors.Is(err, ErrInvalidAPIKey) {
+			http.Error(w, "Invalid API key", http.StatusUnauthorized)
+		} else {
+			http.Error(w, "Authentication error", http.StatusInternalServerError)
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.Write([]byte(`{"token":"` + token + `"}`))
+}

auth/jwt.go

@@ -0,0 +1,54 @@
+package auth
+
+import (
+	"crypto/rsa"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/golang-jwt/jwt"
+)
+
+type JWTMiddleware struct {
+	publicKey *rsa.PublicKey
+}
+
+func NewJWTMiddleware(publicKey *rsa.PublicKey) *JWTMiddleware {
+	return &JWTMiddleware{publicKey: publicKey}
+}
+
+func (m *JWTMiddleware) Middleware(next http.HandlerFunc) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Skip auth endpoint
+		if r.URL.Path == "/auth" {
+			next(w, r)
+			return
+		}
+
+		authHeader := r.Header.Get("Authorization")
+		if authHeader == "" {
+			http.Error(w, "Authorization header required", http.StatusUnauthorized)
+			return
+		}
+
+		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
+		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+			if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+			}
+			return m.publicKey, nil
+		})
+
+		if err != nil {
+			http.Error(w, "Invalid token", http.StatusUnauthorized)
+			return
+		}
+
+		if !token.Valid {
+			http.Error(w, "Invalid token", http.StatusUnauthorized)
+			return
+		}
+
+		next(w, r)
+	})
+}

auth/service.go

@@ -0,0 +1,66 @@
+package auth
+
+import (
+	"crypto/rsa"
+	"errors"
+	"time"
+
+	"github.com/arpinfidel/p2p-llm/db"
+	"github.com/golang-jwt/jwt"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type AuthService struct {
+	keys     *rsa.PrivateKey
+	authRepo db.APIKeyRepository
+}
+
+func NewAuthService(privateKey *rsa.PrivateKey, authRepo db.APIKeyRepository) *AuthService {
+	return &AuthService{
+		keys:     privateKey,
+		authRepo: authRepo,
+	}
+}
+
+func (s *AuthService) HashAPIKey(apiKey string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(apiKey), bcrypt.DefaultCost)
+	if err != nil {
+		return "", err
+	}
+	return string(hash), nil
+}
+
+func (s *AuthService) VerifyAPIKey(apiKey, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(apiKey))
+	return err == nil
+}
+
+func (s *AuthService) GenerateJWT() (string, error) {
+	token := jwt.New(jwt.SigningMethodRS256)
+	claims := token.Claims.(jwt.MapClaims)
+	claims["exp"] = time.Now().Add(time.Hour * 24).Unix() // Token expires in 24 hours
+	claims["iat"] = time.Now().Unix()
+
+	tokenString, err := token.SignedString(s.keys)
+	if err != nil {
+		return "", err
+	}
+	return tokenString, nil
+}
+
+func (s *AuthService) Authenticate(apiKey string) (string, error) {
+	hash, err := s.authRepo.GetActiveKeyHash()
+	if err != nil {
+		return "", err
+	}
+
+	if !s.VerifyAPIKey(apiKey, hash) {
+		return "", ErrInvalidAPIKey
+	}
+
+	return s.GenerateJWT()
+}
+
+var (
+	ErrInvalidAPIKey = errors.New("invalid API key")
+)

config/config.go

@@ -0,0 +1,214 @@
+package config
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"os"
+	"strings"
+)
+
+type Peer struct {
+	URL       string
+	PublicKey *rsa.PublicKey
+}
+
+type Config struct {
+	DBPath              string `json:"db_path"`
+	TargetURL           string `json:"target_url"`
+	Port                string `json:"port"`
+	MaxParallelRequests int    `json:"max_parallel_requests"`
+	TrustedPeers        []Peer `json:"trusted_peers"`
+	TrustedPeersPath    string `json:"trusted_peers_path"`
+}
+
+type Secrets struct {
+	PrivateKeyPath string `json:"jwt_private_key_path"`
+	PublicKeyPath  string `json:"jwt_public_key_path"`
+}
+
+type KeyPair struct {
+	PrivateKey *rsa.PrivateKey
+	PublicKey  *rsa.PublicKey
+}
+
+func LoadConfig(path string) (*Config, error) {
+	file, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	var cfg Config
+	err = json.Unmarshal(file, &cfg)
+	return &cfg, err
+}
+
+func LoadSecrets(path string) (*Secrets, error) {
+	file, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	var secrets Secrets
+	err = json.Unmarshal(file, &secrets)
+	return &secrets, err
+}
+
+func generateRSAKeys() (*rsa.PrivateKey, error) {
+	return rsa.GenerateKey(rand.Reader, 2048)
+}
+
+func saveKeyToFile(key interface{}, path string) error {
+	file, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	var pemBlock *pem.Block
+	switch k := key.(type) {
+	case *rsa.PrivateKey:
+		bytes, err := x509.MarshalPKCS8PrivateKey(k)
+		if err != nil {
+			return err
+		}
+		pemBlock = &pem.Block{
+			Type:  "PRIVATE KEY",
+			Bytes: bytes,
+		}
+	case *rsa.PublicKey:
+		bytes, err := x509.MarshalPKIXPublicKey(k)
+		if err != nil {
+			return err
+		}
+		pemBlock = &pem.Block{
+			Type:  "PUBLIC KEY",
+			Bytes: bytes,
+		}
+	default:
+		return fmt.Errorf("unsupported key type")
+	}
+
+	return pem.Encode(file, pemBlock)
+}
+
+func loadKeyFromFile(path string, private bool) (interface{}, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	block, _ := pem.Decode(data)
+	if block == nil {
+		return nil, fmt.Errorf("failed to parse PEM block")
+	}
+
+	if private {
+		key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		return key.(*rsa.PrivateKey), nil
+	}
+	return x509.ParsePKIXPublicKey(block.Bytes)
+}
+
+func ensureKeysExist(secrets *Secrets) (*KeyPair, error) {
+	if _, err := os.Stat(secrets.PrivateKeyPath); os.IsNotExist(err) {
+		privateKey, err := generateRSAKeys()
+		if err != nil {
+			return nil, err
+		}
+
+		if err := saveKeyToFile(privateKey, secrets.PrivateKeyPath); err != nil {
+			return nil, err
+		}
+
+		if err := saveKeyToFile(&privateKey.PublicKey, secrets.PublicKeyPath); err != nil {
+			return nil, err
+		}
+	}
+
+	privateKey, err := loadKeyFromFile(secrets.PrivateKeyPath, true)
+	if err != nil {
+		return nil, err
+	}
+
+	publicKey, err := loadKeyFromFile(secrets.PublicKeyPath, false)
+	if err != nil {
+		return nil, err
+	}
+
+	return &KeyPair{
+		PrivateKey: privateKey.(*rsa.PrivateKey),
+		PublicKey:  publicKey.(*rsa.PublicKey),
+	}, nil
+}
+
+func LoadTrustedPeers(path string) ([]Peer, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	var peers []Peer
+	lines := strings.Split(string(data), "\n")
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		parts := strings.SplitN(line, "|", 2)
+		if len(parts) != 2 {
+			continue
+		}
+
+		block, _ := pem.Decode([]byte(parts[1]))
+		if block == nil {
+			continue
+		}
+
+		pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
+		if err != nil {
+			continue
+		}
+
+		peers = append(peers, Peer{
+			URL:       parts[0],
+			PublicKey: pubKey.(*rsa.PublicKey),
+		})
+	}
+
+	return peers, nil
+}
+
+func Load() (*Config, *Secrets, *KeyPair, error) {
+	cfg, err := LoadConfig("/app/files/config.json")
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	secrets, err := LoadSecrets("/app/files/secrets.json")
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	keyPair, err := ensureKeysExist(secrets)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	if cfg.TrustedPeersPath != "" {
+		peers, err := LoadTrustedPeers(cfg.TrustedPeersPath)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+		cfg.TrustedPeers = peers
+	}
+
+	return cfg, secrets, keyPair, nil
+}

db/database.go

@@ -0,0 +1,83 @@
+package db
+
+import (
+	"database/sql"
+	"errors"
+	"log"
+	"os"
+	"path/filepath"
+
+	"github.com/arpinfidel/p2p-llm/config"
+)
+
+var (
+	// ErrNoRows is returned when a query returns no rows
+	ErrNoRows = errors.New("no rows in result set")
+)
+
+// Database defines the interface for database operations
+type Database interface {
+	Init() error
+	Close()
+	Ping() error
+	Exec(query string, args ...interface{}) (sql.Result, error)
+	Query(query string, args ...interface{}) (*sql.Rows, error)
+	QueryRow(query string, args ...interface{}) *sql.Row
+}
+
+// SQLiteDB implements the Database interface for SQLite
+type SQLiteDB struct {
+	db *sql.DB
+}
+
+// NewSQLiteDB creates a new SQLite database connection
+func NewSQLiteDB(cfg *config.Config) (*SQLiteDB, error) {
+	// Ensure the database directory exists
+	dbDir := filepath.Dir(cfg.DBPath)
+	if dbDir != "." {
+		if err := os.MkdirAll(dbDir, 0755); err != nil {
+			return nil, err
+		}
+	}
+
+	// Open the database connection
+	db, err := sql.Open("sqlite", cfg.DBPath)
+	if err != nil {
+		return nil, err
+	}
+
+	return &SQLiteDB{db: db}, nil
+}
+
+func (s *SQLiteDB) Init() error {
+	// Test the connection
+	if err := s.Ping(); err != nil {
+		return err
+	}
+
+	log.Println("Database connection established successfully")
+	return nil
+}
+
+func (s *SQLiteDB) Close() {
+	if s.db != nil {
+		s.db.Close()
+		log.Println("Database connection closed")
+	}
+}
+
+func (s *SQLiteDB) Ping() error {
+	return s.db.Ping()
+}
+
+func (s *SQLiteDB) Exec(query string, args ...interface{}) (sql.Result, error) {
+	return s.db.Exec(query, args...)
+}
+
+func (s *SQLiteDB) Query(query string, args ...interface{}) (*sql.Rows, error) {
+	return s.db.Query(query, args...)
+}
+
+func (s *SQLiteDB) QueryRow(query string, args ...interface{}) *sql.Row {
+	return s.db.QueryRow(query, args...)
+}

db/database_test.go

@@ -0,0 +1,65 @@
+package db
+
+import (
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/arpinfidel/p2p-llm/config"
+)
+
+func setupTestDB(t *testing.T) (*SQLiteDB, string) {
+	// Create a temporary database file
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "test.db")
+
+	// Create test config
+	cfg := &config.Config{
+		DBPath: dbPath,
+	}
+
+	// Initialize database
+	db, err := NewSQLiteDB(cfg)
+	if err != nil {
+		t.Fatalf("Failed to create test database: %v", err)
+	}
+
+	if err := db.Init(); err != nil {
+		t.Fatalf("Failed to initialize test database: %v", err)
+	}
+
+	// Create tables
+	if err := CreateTables(db); err != nil {
+		t.Fatalf("Failed to create tables: %v", err)
+	}
+
+	return db, dbPath
+}
+
+func TestAPIKeyOperations(t *testing.T) {
+	db, _ := setupTestDB(t)
+	defer db.Close()
+
+	repo := NewSQLiteAPIKeyRepository(db)
+
+	// Test CreateKey
+	expiresAt := time.Now().Add(24 * time.Hour)
+	err := repo.CreateKey("testhash", "testkey", &expiresAt)
+	if err != nil {
+		t.Errorf("CreateKey failed: %v", err)
+	}
+
+	// Test GetActiveKeyHash
+	hash, err := repo.GetActiveKeyHash()
+	if err != nil {
+		t.Errorf("GetActiveKeyHash failed: %v", err)
+	}
+	if hash != "testhash" {
+		t.Errorf("Expected hash 'testhash', got '%s'", hash)
+	}
+
+	// Test DeactivateKey
+	// Note: This would need to know the ID of the created key
+	// For a complete test, we'd need to query the ID first
+	// For now, we'll just verify the basic operations work
+}

db/repositories.go

@@ -0,0 +1,125 @@
+package db
+
+import "time"
+
+// APIKeyRepository defines operations for API key management
+type APIKeyRepository interface {
+	CreateKey(hash, name string, expiresAt *time.Time) error
+	GetActiveKeyHash() (string, error)
+	DeactivateKey(id int) error
+}
+
+// SQLiteAPIKeyRepository implements APIKeyRepository for SQLite
+type SQLiteAPIKeyRepository struct {
+	db Database
+}
+
+// NewSQLiteAPIKeyRepository creates a new SQLite API key repository
+func NewSQLiteAPIKeyRepository(db Database) *SQLiteAPIKeyRepository {
+	return &SQLiteAPIKeyRepository{db: db}
+}
+
+func (r *SQLiteAPIKeyRepository) CreateKey(hash, name string, expiresAt *time.Time) error {
+	_, err := r.db.Exec(`
+		INSERT INTO api_keys (key_hash, name, expires_at)
+		VALUES (?, ?, ?)
+	`, hash, name, expiresAt)
+	return err
+}
+
+func (r *SQLiteAPIKeyRepository) GetActiveKeyHash() (string, error) {
+	var hash string
+	err := r.db.QueryRow(`
+		SELECT key_hash FROM api_keys 
+		WHERE is_active = TRUE 
+		AND (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)
+	`).Scan(&hash)
+	return hash, err
+}
+
+func (r *SQLiteAPIKeyRepository) DeactivateKey(id int) error {
+	_, err := r.db.Exec(`
+		UPDATE api_keys 
+		SET is_active = FALSE 
+		WHERE id = ?
+	`, id)
+	return err
+}
+
+// PeerRepository defines operations for peer management
+type PeerRepository interface {
+	AddPeer(url, publicKeyPEM string) error
+	ListTrustedPeers() ([]struct {
+		URL       string
+		PublicKey string
+	}, error)
+}
+
+// SQLitePeerRepository implements PeerRepository for SQLite
+type SQLitePeerRepository struct {
+	db Database
+}
+
+// NewSQLitePeerRepository creates a new SQLite peer repository
+func NewSQLitePeerRepository(db Database) *SQLitePeerRepository {
+	return &SQLitePeerRepository{db: db}
+}
+
+func (r *SQLitePeerRepository) AddPeer(url, publicKeyPEM string) error {
+	_, err := r.db.Exec(`
+		INSERT INTO peers (url, public_key_pem)
+		VALUES (?, ?)
+	`, url, publicKeyPEM)
+	return err
+}
+
+func (r *SQLitePeerRepository) ListTrustedPeers() ([]struct {
+	URL       string
+	PublicKey string
+}, error) {
+	rows, err := r.db.Query(`
+		SELECT url, public_key_pem FROM peers
+	`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var peers []struct {
+		URL       string
+		PublicKey string
+	}
+	for rows.Next() {
+		var peer struct {
+			URL       string
+			PublicKey string
+		}
+		if err := rows.Scan(&peer.URL, &peer.PublicKey); err != nil {
+			return nil, err
+		}
+		peers = append(peers, peer)
+	}
+	return peers, nil
+}
+
+// CreateTables creates the necessary database tables
+func CreateTables(db Database) error {
+	_, err := db.Exec(`
+		CREATE TABLE IF NOT EXISTS api_keys (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			key_hash TEXT NOT NULL UNIQUE,
+			name TEXT NOT NULL,
+			created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+			expires_at TIMESTAMP,
+			is_active BOOLEAN DEFAULT TRUE
+		);
+
+		CREATE TABLE IF NOT EXISTS peers (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			url TEXT NOT NULL UNIQUE,
+			public_key_pem TEXT NOT NULL,
+			created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+		);
+	`)
+	return err
+}

docker-compose.yml

@@ -0,0 +1,14 @@
+version: '3.8'
+
+services:
+  app:
+    build: .
+    ports:
+      - "8080:8080"
+    volumes:
+      - ./files:/app/files
+      # - ./files/config.json:/app/files/config.json
+      # - ./files/secrets.json:/app/files/secrets.json
+    environment:
+      - GIN_MODE=release
+    restart: unless-stopped

files/config.json

@@ -0,0 +1,7 @@
+{
+  "db_path": "files/app.db",
+  "target_url": "http://localhost:8081",
+  "port": ":3000",
+  "max_parallel_requests": 1,
+  "trusted_peers_path": "files/trusted_peers.txt"
+}

files/jwt_private.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCsgQauTs5z+SM5
+jPBnUc9Mnhz4XFoMwZdW0bSj6ql92OxgN1jp6ytXtTG8ljhdhjZv2HzdqczXPvmH
+z/UYhkwsLg3BUiV1GU9mGDRSfPlcJTuIlu4k83QO9VEsxBe1eClmD293xOvVClAF
+49Nyo41doZyAyPp8mGO2ctxB+K2+KlZ23OA8UU+wh+b+UPSlK5hxntufKyS+uiT6
+lRzrzE6S2IFEMdeTcdksBDWit4LDe4cpGJV154eIq4tZq+SPSGh9ED7ZQsU3+6Ld
+A4K6ZgBakn4NaqpZvr9VUyy7smUQbzDsWvTYJ2X8osvBLZhPWduhoTuXvpfQ9p50
+S0ymawgFAgMBAAECggEABFgwJ+Lo+xn6MTVmBdBt4M7MxHG/merMF3zSQ5xrvNLO
+dr7OGhL97erd7s5Zaw+5uY88nJg8aIjpGtbrGimOeqL7hYyDi0wiHlKDHjct2hYr
+0DRzrKfy1co48sLUm0LdFjRmZAyA5E/5o4FCYkNu11GH9viFIO71RwILi265Nca/
+Kv4BwVsGe1M5AZd7Kp1pAMPIddd1EQro/eiDfeLLjvrnTUP+aTKX1zucwGDpdhYH
+d0vzrMYqAsaFGoQp+/H+9kmz1p8DHRBgUr9VafLme6LORPilzUPhsIi7WLJHVB+r
+udOa0R+IrBH98V8uaxDbcOVPnVmeQbV+4X8a6SE3/QKBgQDos/jLmpf4mGfylza6
+hMOmx2Zs8IfYX1NR9/jNVoVyZjx7xGLOAD7t+SxL8HSXd736jZJRxX1yhIrWJBzr
+imdLJVfmI5EZjS/2gEI/oKjvjdPRX1hsRy07LNrf2vPDnIKK5gCldTRTrdH0nXfR
+RO65UQMrbI4xHwdJvGqnSezfewKBgQC9xjFJ1bRzL0rp+ujb5NRV1T2NMyeQ36NO
+6pAps0xKjrRpgEy+P/HjxNGLUyc6h2Pf/UTHy0ijNI5lFohYV2h14pZiOmNcpjvP
+ky1Of5dSMWuRKo79n60DDLaM0ghMuqyjmOhatA+CtcV33/7HcZ0ChZG1CKw+nclM
+pG6z87tefwKBgDlaynKceuKJ5ezz+khEmtiLgyJMsp7Q9/9XCBrMPX3x1uyGfffa
+Nah/5rwc2w/OMqQDqtG+xGmqY3HeWsZvSYBLBvwxPf03QGAYQrveBGVu5otPXcLq
+VCqmppfQJo7LD53ejMA7QBdz2zDYcwTAYbqJTiewzOcsh6ZT61GqNdjrAoGAKSXK
+FhpSMA93DNismNE7AQlleTI4R/9Vp4zQiVopFpluoNmCylWPGzXXwX/cJ6Knky+V
+NETtkQWaQmzqT01UhwsEVHQYi0Q3/8AHuNeNdfLlQeqaan+uwdSF2G7KAekP+cDz
+0IbuPgcvs9hLo+8Mfjl76GbjAgiwVv/oSPh2Df0CgYEAmZBBCO9N54hziRKXKdZL
+3eJ95mZo0DUzBZeuCC5i44Rq1FnHMC3J21h3mwdw25upuZZ/+VppB6DK/zPFJlhl
+h/8K/7WUmGkkDnuP0risG63JaIso54DDHegH/50/rSAOMZ3rdAdZktMmmUc09mME
+Erfw2B4dLfSOWWScQ58enr8=
+-----END PRIVATE KEY-----

files/jwt_public.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIEGrk7Oc/kjOYzwZ1HP
+TJ4c+FxaDMGXVtG0o+qpfdjsYDdY6esrV7UxvJY4XYY2b9h83anM1z75h8/1GIZM
+LC4NwVIldRlPZhg0Unz5XCU7iJbuJPN0DvVRLMQXtXgpZg9vd8Tr1QpQBePTcqON
+XaGcgMj6fJhjtnLcQfitvipWdtzgPFFPsIfm/lD0pSuYcZ7bnyskvrok+pUc68xO
+ktiBRDHXk3HZLAQ1oreCw3uHKRiVdeeHiKuLWavkj0hofRA+2ULFN/ui3QOCumYA
+WpJ+DWqqWb6/VVMsu7JlEG8w7Fr02Cdl/KLLwS2YT1nboaE7l76X0PaedEtMpmsI
+BQIDAQAB
+-----END PUBLIC KEY-----

files/secrets.json

@@ -0,0 +1,4 @@
+{
+  "jwt_private_key_path": "files/jwt_private.pem",
+  "jwt_public_key_path": "files/jwt_public.pem"
+}

files/trusted_peers.txt

@@ -0,0 +1,3 @@
+# List of trusted peers in format: URL|PUBLIC_KEY_PEM
+# Example:
+# http://peer1.example.com|-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----

go.mod

@@ -0,0 +1,30 @@
+module github.com/arpinfidel/p2p-llm
+
+go 1.23.0
+
+require (
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	golang.org/x/crypto v0.36.0
+	modernc.org/sqlite v1.28.0
+)
+
+require (
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/google/uuid v1.3.1 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/tools v0.9.3 // indirect
+	lukechampine.com/uint128 v1.2.0 // indirect
+	modernc.org/cc/v3 v3.41.0 // indirect
+	modernc.org/ccgo/v3 v3.16.15 // indirect
+	modernc.org/libc v1.41.0 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.7.2 // indirect
+	modernc.org/opt v0.1.3 // indirect
+	modernc.org/strutil v1.1.3 // indirect
+	modernc.org/token v1.1.0 // indirect
+)

go.sum

@@ -0,0 +1,61 @@
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
+github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
+github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
+github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
+golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+lukechampine.com/uint128 v1.2.0 h1:mBi/5l91vocEN8otkC5bDLhi2KdCticRiwbdB0O+rjI=
+lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
+modernc.org/cc/v3 v3.41.0 h1:QoR1Sn3YWlmA1T4vLaKZfawdVtSiGx8H+cEojbC7v1Q=
+modernc.org/cc/v3 v3.41.0/go.mod h1:Ni4zjJYJ04CDOhG7dn640WGfwBzfE0ecX8TyMB0Fv0Y=
+modernc.org/ccgo/v3 v3.16.15 h1:KbDR3ZAVU+wiLyMESPtbtE/Add4elztFyfsWoNTgxS0=
+modernc.org/ccgo/v3 v3.16.15/go.mod h1:yT7B+/E2m43tmMOT51GMoM98/MtHIcQQSleGnddkUNI=
+modernc.org/ccorpus v1.11.6 h1:J16RXiiqiCgua6+ZvQot4yUuUy8zxgqbqEEUuGPlISk=
+modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ=
+modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
+modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM=
+modernc.org/libc v1.41.0 h1:g9YAc6BkKlgORsUWj+JwqoB1wU3o4DE3bM3yvA3k+Gk=
+modernc.org/libc v1.41.0/go.mod h1:w0eszPsiXoOnoMJgrXjglgLuDy/bt5RR4y3QzUUeodY=
+modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
+modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
+modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E=
+modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E=
+modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
+modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/sqlite v1.28.0 h1:Zx+LyDDmXczNnEQdvPuEfcFVA2ZPyaD7UCZDjef3BHQ=
+modernc.org/sqlite v1.28.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0=
+modernc.org/strutil v1.1.3 h1:fNMm+oJklMGYfU9Ylcywl0CO5O6nTfaowNsh2wpPjzY=
+modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
+modernc.org/tcl v1.15.2 h1:C4ybAYCGJw968e+Me18oW55kD/FexcHbqH2xak1ROSY=
+modernc.org/tcl v1.15.2/go.mod h1:3+k/ZaEbKrC8ePv8zJWPtBSW0V7Gg9g8rkmhI1Kfs3c=
+modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
+modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
+modernc.org/z v1.7.3 h1:zDJf6iHjrnB+WRD88stbXokugjyc0/pB91ri1gO6LZY=
+modernc.org/z v1.7.3/go.mod h1:Ipv4tsdxZRbQyLq9Q1M6gdbkxYzdlrciF2Hi/lS7nWE=

main.go

@@ -0,0 +1,97 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/arpinfidel/p2p-llm/auth"
+	"github.com/arpinfidel/p2p-llm/config"
+	"github.com/arpinfidel/p2p-llm/db"
+	"github.com/arpinfidel/p2p-llm/peers"
+	"github.com/arpinfidel/p2p-llm/proxy"
+	_ "modernc.org/sqlite" // SQLite driver
+)
+
+type Application struct {
+	cfg           *config.Config
+	database      db.Database
+	authService   *auth.AuthService
+	jwtMiddleware *auth.JWTMiddleware
+	proxyHandler  *proxy.ProxyHandler
+	peerHandler   *peers.PeerHandler
+}
+
+func NewApplication() (*Application, error) {
+	// Load configuration (ignore secrets since we only need keys)
+	cfg, _, keys, err := config.Load()
+	if err != nil {
+		return nil, fmt.Errorf("failed to load configuration: %w", err)
+	}
+
+	// Initialize database
+	database, err := db.NewSQLiteDB(cfg)
+	if err != nil {
+		return nil, fmt.Errorf("failed to initialize database: %w", err)
+	}
+
+	// Initialize repositories
+	authRepo := db.NewSQLiteAPIKeyRepository(database)
+	peerRepo := db.NewSQLitePeerRepository(database)
+
+	// Create tables
+	if err := db.CreateTables(database); err != nil {
+		return nil, fmt.Errorf("failed to create tables: %w", err)
+	}
+
+	// Initialize auth service
+	authService := auth.NewAuthService(keys.PrivateKey, authRepo)
+
+	// Initialize JWT middleware
+	jwtMiddleware := auth.NewJWTMiddleware(keys.PublicKey)
+
+	proxyHandler := proxy.NewProxyHandler(cfg, peerRepo)
+
+	// Initialize peer service and handler
+	peerService := peers.NewPeerService(cfg, peerRepo)
+	peerHandler := peers.NewPeerHandler(peerService)
+
+	return &Application{
+		cfg:           cfg,
+		database:      database,
+		authService:   authService,
+		jwtMiddleware: jwtMiddleware,
+		proxyHandler:  proxyHandler,
+		peerHandler:   peerHandler,
+	}, nil
+}
+
+func (app *Application) Close() {
+	if app.database != nil {
+		app.database.Close()
+	}
+}
+
+func main() {
+	app, err := NewApplication()
+	if err != nil {
+		log.Fatalf("Failed to initialize application: %v", err)
+	}
+	defer app.Close()
+
+	// Create auth handler
+	authHandler := auth.NewAuthHandler(app.authService)
+
+	// Register routes
+	RegisterRoutes(authHandler, app.peerHandler, app.jwtMiddleware, app.proxyHandler)
+
+	// Start server
+	log.Printf("Starting proxy server on %s", app.cfg.Port)
+	server := &http.Server{
+		Addr:         app.cfg.Port,
+		ReadTimeout:  10 * time.Minute,
+		WriteTimeout: 10 * time.Minute,
+	}
+	log.Fatal(server.ListenAndServe())
+}

peers/handler.go

@@ -0,0 +1,32 @@
+package peers
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+type PeerHandler struct {
+	peerService *PeerService
+}
+
+func NewPeerHandler(peerService *PeerService) *PeerHandler {
+	return &PeerHandler{
+		peerService: peerService,
+	}
+}
+
+func (h *PeerHandler) ListTrustedPeers(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	peers, err := h.peerService.ListTrustedPeers()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(peers)
+}

peers/service.go

@@ -0,0 +1,53 @@
+package peers
+
+import (
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+
+	"github.com/arpinfidel/p2p-llm/config"
+	"github.com/arpinfidel/p2p-llm/db"
+)
+
+type PeerService struct {
+	cfg  *config.Config
+	repo db.PeerRepository
+}
+
+func NewPeerService(cfg *config.Config, repo db.PeerRepository) *PeerService {
+	return &PeerService{
+		cfg:  cfg,
+		repo: repo,
+	}
+}
+
+func (s *PeerService) ListTrustedPeers() ([]config.Peer, error) {
+	// Get peers from config
+	peers := s.cfg.TrustedPeers
+
+	// Get peers from database
+	dbPeers, err := s.repo.ListTrustedPeers()
+	if err != nil {
+		return nil, err
+	}
+
+	// Convert database peers to config.Peer format
+	for _, dbPeer := range dbPeers {
+		block, _ := pem.Decode([]byte(dbPeer.PublicKey))
+		if block == nil {
+			continue
+		}
+
+		pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
+		if err != nil {
+			continue
+		}
+
+		peers = append(peers, config.Peer{
+			URL:       dbPeer.URL,
+			PublicKey: pubKey.(*rsa.PublicKey),
+		})
+	}
+
+	return peers, nil
+}

proxy/handler.go

@@ -0,0 +1,173 @@
+package proxy
+
+import (
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"io"
+	"log"
+	"net/http"
+
+	"github.com/arpinfidel/p2p-llm/config"
+	"github.com/arpinfidel/p2p-llm/db"
+)
+
+type ProxyHandler struct {
+	cfg                     *config.Config
+	peerRepo                db.PeerRepository
+	queue                   chan Request
+	maxParallelRequests     int
+	maxParallelPeerRequests int
+}
+
+type Request struct {
+	W http.ResponseWriter
+	R *http.Request
+}
+
+func NewProxyHandler(cfg *config.Config, peerRepo db.PeerRepository) *ProxyHandler {
+	return &ProxyHandler{
+		cfg:                     cfg,
+		peerRepo:                peerRepo,
+		queue:                   make(chan Request, 100), // Hardcoded queue size
+		maxParallelRequests:     cfg.MaxParallelRequests,
+		maxParallelPeerRequests: 5, // Hardcoded peer requests limit
+	}
+}
+
+func (h *ProxyHandler) Handle(w http.ResponseWriter, r *http.Request) {
+	req := Request{W: w, R: r}
+	h.queue <- req
+}
+
+func (h *ProxyHandler) Run() {
+	// Get peers from config
+	peers := h.cfg.TrustedPeers
+
+	// Get peers from database
+	dbPeers, err := h.peerRepo.ListTrustedPeers()
+	if err != nil {
+		log.Printf("Error getting peers from database: %v", err)
+	} else {
+		for _, p := range dbPeers {
+			block, _ := pem.Decode([]byte(p.PublicKey))
+			if block == nil {
+				continue
+			}
+
+			pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
+			if err != nil {
+				continue
+			}
+
+			peers = append(peers, config.Peer{
+				URL:       p.URL,
+				PublicKey: pubKey.(*rsa.PublicKey),
+			})
+		}
+	}
+
+	// Start workers for target URL
+	for range h.maxParallelRequests {
+		go func() {
+			for req := range h.queue {
+				h.Forward(req, h.cfg.TargetURL)
+			}
+		}()
+	}
+
+	// Start workers for each peer
+	for _, peer := range peers {
+		go func(p config.Peer) {
+			for req := range h.queue {
+				h.Forward(req, p.URL)
+			}
+		}(peer)
+	}
+}
+
+func (h *ProxyHandler) Forward(req Request, url string) {
+	// Create a new request to the target server
+	targetReq, err := http.NewRequest(req.R.Method, url+req.R.URL.Path, req.R.Body)
+	if err != nil {
+		log.Printf("Error creating request: %v", err)
+		http.Error(req.W, "Error creating request", http.StatusInternalServerError)
+		return
+	}
+
+	// Copy headers from original request
+	for name, values := range req.R.Header {
+		for _, value := range values {
+			targetReq.Header.Add(name, value)
+		}
+	}
+
+	// Create HTTP client
+	client := &http.Client{}
+
+	// Send the request to the target server
+	resp, err := client.Do(targetReq)
+	if err != nil {
+		log.Printf("Error forwarding request: %v", err)
+		http.Error(req.W, "Error forwarding request", http.StatusBadGateway)
+		return
+	}
+	defer resp.Body.Close()
+
+	// Check if this is an SSE response
+	isSSE := false
+	for name, values := range resp.Header {
+		for _, value := range values {
+			req.W.Header().Add(name, value)
+			if name == "Content-Type" && value == "text/event-stream" {
+				isSSE = true
+			}
+		}
+	}
+
+	// Set response status code
+	req.W.WriteHeader(resp.StatusCode)
+
+	// Handle SSE responses differently
+	if isSSE {
+		// Set necessary headers for SSE
+		req.W.Header().Set("Content-Type", "text/event-stream")
+		req.W.Header().Set("Cache-Control", "no-cache")
+		req.W.Header().Set("Connection", "keep-alive")
+		req.W.Header().Set("Transfer-Encoding", "chunked")
+
+		// Create a flusher if the ResponseWriter supports it
+		flusher, ok := req.W.(http.Flusher)
+		if !ok {
+			log.Printf("ResponseWriter does not support flushing")
+			http.Error(req.W, "Streaming unsupported", http.StatusInternalServerError)
+			return
+		}
+
+		// Buffer for reading from response body
+		buf := make([]byte, 1024)
+		for {
+			n, err := resp.Body.Read(buf)
+			if n > 0 {
+				// Write data to client
+				if _, writeErr := req.W.Write(buf[:n]); writeErr != nil {
+					log.Printf("Error writing to client: %v", writeErr)
+					break
+				}
+				// Flush data immediately to client
+				flusher.Flush()
+			}
+			if err != nil {
+				if err != io.EOF {
+					log.Printf("Error reading from response body: %v", err)
+				}
+				break
+			}
+		}
+	} else {
+		// For non-SSE responses, just copy the body
+		if _, err := io.Copy(req.W, resp.Body); err != nil {
+			log.Printf("Error copying response body: %v", err)
+		}
+	}
+}

routes.go

@@ -0,0 +1,20 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/arpinfidel/p2p-llm/auth"
+	"github.com/arpinfidel/p2p-llm/peers"
+	"github.com/arpinfidel/p2p-llm/proxy"
+)
+
+func RegisterRoutes(
+	authHandler *auth.AuthHandler,
+	peerHandler *peers.PeerHandler,
+	jwtMiddleware *auth.JWTMiddleware,
+	proxyHandler *proxy.ProxyHandler,
+) {
+	http.HandleFunc("/auth", authHandler.ServeHTTP)
+	http.HandleFunc("/trusted-peers", peerHandler.ListTrustedPeers)
+	http.Handle("/", jwtMiddleware.Middleware(http.HandlerFunc(proxyHandler.Handle)))
+}

start.sh

@@ -2,16 +2,17 @@
 
 # Start llama-server in background
 cd /llama.cpp/build
-./bin/llama-server --host 0.0.0.0 --port 8080 --model /models/model.q8_0.gguf --ctx-size 32768 &
+./bin/llama-server --host 0.0.0.0 --port 8081 --model /models/model.q8_0.gguf --ctx-size 32768 &
 
-# Wait for server to initialize
-echo "Waiting for server to start..."
-until curl -s "http://localhost:8080/v1/models" >/dev/null; do
+# Wait for llama-server to initialize
+echo "Waiting for llama-server to start..."
+until curl -s "http://localhost:8081/v1/models" >/dev/null; do
     sleep 1
 done
 
-echo "Server is ready."
+echo "llama-server is ready."
 
-# Start Gradio UI
-cd /
-python3 app.py
+# Start Go application (main service)
+echo "Starting Go application..."
+cd /app
+exec ./main