[Feature] configurable **client** certificate · ChatGPTNextWeb/NextChat#3935

(3 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)TypeScript (87.992 Stars) (59.717 Forks)batch import

backloghelp wanted

Beschreibung

Hi, I encountered a problem with the client certificate verifying / authenticating.

When enabled client certs (typically the Cloudflare mTLS rules), the client must present its private cert (aka .p12/.pfx file) to the server. However since ChatGPT-Next-Web requests the API base from the backend, it would not carry the valid credentials that should have come from a browser request.

So there should be a configurable option to specify a client certificate so that the mutual verification would work.

I have read the issue list and found that #518 #3034 may be related, but both of them didn't mention if it's possible to deploy a client certificate for the backend.

My current approach is to allow the server IP as request src_ip, but it's quite inconvenient since I had to hard code the IP into the rules. So let me ask for a feature to satisfy this scene.

Contributor Guide

Tech Stack: typescriptnodejsreactnextjs
Domain: securityauthenticationbackend
Issue Type: feature
Schwierigkeit: 3
Geschätzte Zeit: 3-5 days
Aktivitätsstatus: fresh
Klarheit: clear
Voraussetzungen: mTLS basicsNode.js https moduleNextChat backend architecture
Einsteigerfreundlichkeit: 60
Research-Richtung: Investigate the backend server implementation in pages/api to understand how HTTP requests are made to external APIs. Examine the existing configuration options (e.g., environment variables) and plan how to add a client certificate option. Review related issues #518 and #3034 for prior discussion on custom certificates. Consider using Node.js https.Agent with cert and key options to support mTLS.