[Feature] configurable **client** certificate · ChatGPTNextWeb/NextChat#3935

(3 comments) (0 reactions) (0 assignees)TypeScript (87,992 stars) (59,717 forks)batch import

backloghelp wanted

Description

Hi, I encountered a problem with the client certificate verifying / authenticating.

When enabled client certs (typically the Cloudflare mTLS rules), the client must present its private cert (aka .p12/.pfx file) to the server. However since ChatGPT-Next-Web requests the API base from the backend, it would not carry the valid credentials that should have come from a browser request.

So there should be a configurable option to specify a client certificate so that the mutual verification would work.

I have read the issue list and found that #518 #3034 may be related, but both of them didn't mention if it's possible to deploy a client certificate for the backend.

My current approach is to allow the server IP as request src_ip, but it's quite inconvenient since I had to hard code the IP into the rules. So let me ask for a feature to satisfy this scene.

Contributor guide

Tech stack: typescriptnodejsreactnextjs
Domain: securityauthenticationbackend
Issue type: feature
Difficulty: 3
Estimated time: 3-5 days
Activity status: fresh
Clarity: clear
Prerequisites: mTLS basicsNode.js https moduleNextChat backend architecture
Newbie friendliness: 60
Research direction: Investigate the backend server implementation in pages/api to understand how HTTP requests are made to external APIs. Examine the existing configuration options (e.g., environment variables) and plan how to add a client certificate option. Review related issues #518 and #3034 for prior discussion on custom certificates. Consider using Node.js https.Agent with cert and key options to support mTLS.