docs: auth proxy mode

Signed-off-by: BobDu <[email protected]>
chatgpt-web-dev · Mar 7, 2024 · a7a3e13 · a7a3e13
1 parent 24fc6f3
commit a7a3e13
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/README.en.md b/README.en.md
@@ -30,6 +30,7 @@ Some unique features have been added:
 
 [✓] Conversation round limit & setting different limits by user & giftcards
 
+[✓] Implement SSO login through the auth proxy feature (need to integrate a third-party authentication reverse proxy, it can support login protocols such as LDAP/OIDC/SAML)
 
 > [!CAUTION]
 > This project is only published on GitHub, based on the MIT license, free and for open source learning usage. And there will be no any form of account selling, paid service, discussion group, discussion group and other behaviors. Beware of being deceived.
@@ -353,6 +354,24 @@ Q: The content returned is incomplete?
 
 A: There is a length limit for the content returned by the API each time. You can modify the `VITE_GLOB_OPEN_LONG_REPLY` field in the `.env` file under the root directory, set it to `true`, and rebuild the front-end to enable the long reply feature, which can return the full content. It should be noted that using this feature may bring more API usage fees.
 
+## Auth Proxy Mode
+
+> [!WARNING]  
+> This feature is only provided for Operations Engineer with relevant experience to deploy during the integration of the enterprise's internal account management system. Improper configuration may lead to security risks.
+
+Set env `AUTH_PROXY_ENABLED=true` can enable auth proxy mode.
+
+
+After activating this feature, it is necessary to ensure that chatgpt-web can only be accessed through a reverse proxy.
+
+Authentication is carried out by the reverse proxy, which then forwards the request with the `X-Email` header to identify the user identity.
+
+
+Recommended for current IdP to use LDAP protocol, using [authelia](https://www.authelia.com)
+
+Recommended for current IdP to use OIDC protocol, using [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy)
+
+
 ## Contributing
 
 Please read the [Contributing Guidelines](./CONTRIBUTING.en.md) before contributing.

diff --git a/README.md b/README.md
@@ -30,6 +30,8 @@
 
 [✓] 对话数量限制 & 设置不同用户对话数量 & 兑换数量
 
+[✓] 通过 auth proxy 功能实现sso登录 (配合第三方身份验证反向代理 可实现支持 LDAP/OIDC/SAML 等协议登录)
+
 
 > [!CAUTION]
 > 声明：此项目只发布于 Github，基于 MIT 协议，免费且作为开源学习使用。并且不会有任何形式的卖号、付费服务、讨论群、讨论组等行为。谨防受骗。
@@ -349,6 +351,24 @@ PS: 不进行打包，直接在服务器上运行 `pnpm start` 也可
 pnpm build
 ```
 
+## Auth Proxy Mode
+
+> [!WARNING]  
+> 该功能仅适用于有相关经验的运维人员在集成企业内部账号管理系统时部署 配置不当可能会导致安全风险
+
+设置环境变量 `AUTH_PROXY_ENABLED=true` 即可开启 auth proxy 模式
+
+
+在开启该功能后 需确保 chatgpt-web 只能通过反向代理访问
+
+由反向代理进行进行身份验证 并再转发请求时携带请求头`X-Email`标识用户身份
+
+
+推荐当前 Idp 使用 LDAP 协议的 可以选择使用 [authelia](https://www.authelia.com)
+
+当前 Idp 使用 OIDC 协议的 可以选择使用 [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy)
+
+
 ## 常见问题
 Q: 为什么 `Git` 提交总是报错？