[Feature] configurable **client** certificate · ChatGPTNextWeb/NextChat#3935

(3 commentaires) (0 réactions) (0 assignés)TypeScript (87 992 stars) (59 717 forks)batch import

backloghelp wanted

Description

Hi, I encountered a problem with the client certificate verifying / authenticating.

When enabled client certs (typically the Cloudflare mTLS rules), the client must present its private cert (aka .p12/.pfx file) to the server. However since ChatGPT-Next-Web requests the API base from the backend, it would not carry the valid credentials that should have come from a browser request.

So there should be a configurable option to specify a client certificate so that the mutual verification would work.

I have read the issue list and found that #518 #3034 may be related, but both of them didn't mention if it's possible to deploy a client certificate for the backend.

My current approach is to allow the server IP as request src_ip, but it's quite inconvenient since I had to hard code the IP into the rules. So let me ask for a feature to satisfy this scene.

Guide contributeur

Stack technique: typescriptnodejsreactnextjs
Domaine: securityauthenticationbackend
Type d'issue: feature
Difficulté: 3
Temps estimé: 3-5 days
Statut d'activité: fresh
Clarté: clear
Prérequis: mTLS basicsNode.js https moduleNextChat backend architecture
Accessibilité débutant: 60
Direction de recherche: Investigate the backend server implementation in pages/api to understand how HTTP requests are made to external APIs. Examine the existing configuration options (e.g., environment variables) and plan how to add a client certificate option. Review related issues #518 and #3034 for prior discussion on custom certificates. Consider using Node.js https.Agent with cert and key options to support mTLS.