[Feature] configurable **client** certificate · ChatGPTNextWeb/NextChat#3935

(3 comments) (0 reactions) (0 assignees)TypeScript (87,992 stars) (59,717 forks)batch import

backloghelp wanted

説明

Hi, I encountered a problem with the client certificate verifying / authenticating.

When enabled client certs (typically the Cloudflare mTLS rules), the client must present its private cert (aka .p12/.pfx file) to the server. However since ChatGPT-Next-Web requests the API base from the backend, it would not carry the valid credentials that should have come from a browser request.

So there should be a configurable option to specify a client certificate so that the mutual verification would work.

I have read the issue list and found that #518 #3034 may be related, but both of them didn't mention if it's possible to deploy a client certificate for the backend.

My current approach is to allow the server IP as request src_ip, but it's quite inconvenient since I had to hard code the IP into the rules. So let me ask for a feature to satisfy this scene.

コントリビューターガイド

技術スタック: typescriptnodejsreactnextjs
領域: securityauthenticationbackend
Issue 種別: feature
難度: 3
推定時間: 3-5 days
活動状況: fresh
明確さ: clear
前提条件: mTLS basicsNode.js https moduleNextChat backend architecture
初心者向け度: 60
調査方針: Investigate the backend server implementation in pages/api to understand how HTTP requests are made to external APIs. Examine the existing configuration options (e.g., environment variables) and plan how to add a client certificate option. Review related issues #518 and #3034 for prior discussion on custom certificates. Consider using Node.js https.Agent with cert and key options to support mTLS.