[Feature] configurable **client** certificate · ChatGPTNextWeb/NextChat#3935

(3 评论) (0 反应) (0 负责人)TypeScript (87,992 star) (59,717 fork)batch import

backloghelp wanted

描述

Hi, I encountered a problem with the client certificate verifying / authenticating.

When enabled client certs (typically the Cloudflare mTLS rules), the client must present its private cert (aka .p12/.pfx file) to the server. However since ChatGPT-Next-Web requests the API base from the backend, it would not carry the valid credentials that should have come from a browser request.

So there should be a configurable option to specify a client certificate so that the mutual verification would work.

I have read the issue list and found that #518 #3034 may be related, but both of them didn't mention if it's possible to deploy a client certificate for the backend.

My current approach is to allow the server IP as request src_ip, but it's quite inconvenient since I had to hard code the IP into the rules. So let me ask for a feature to satisfy this scene.

贡献者指南

技术栈: typescriptnodejsreactnextjs
领域: securityauthenticationbackend
议题类型: feature
难度: 3
预计时间: 3-5 days
活动状态: fresh
清晰度: clear
前置要求: mTLS basicsNode.js https moduleNextChat backend architecture
新手友好度: 60
研究方向: Investigate the backend server implementation in pages/api to understand how HTTP requests are made to external APIs. Examine the existing configuration options (e.g., environment variables) and plan how to add a client certificate option. Review related issues #518 and #3034 for prior discussion on custom certificates. Consider using Node.js https.Agent with cert and key options to support mTLS.