Register
Login
Resources
Docs Blog Datasets Glossary Case Studies Tutorials & Webinars
Product
Data Engine LLMs Platform Enterprise
Pricing Explore
Connect to our Discord channel
Resources  
Docs Blog Datasets Glossary Case Studies Tutorials & Webinars
Explore Pricing
Product  
Data Engine LLMs Platform Enterprise
Connect to Dagshub Discord channel
Register
Login

nirbarazida
/
promptfoo
mirror of https://github.com/promptfoo/promptfoo

Watch 1
Issues   Discussions 0

app.js 3.6 KB
Permalink History Raw

You have to be logged in to leave a comment. Sign In
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107 
  1. const express = require('express');
    2. 

  2. const { providers } = require('promptfoo');
    3. 

  3. const crypto = require('crypto');
    4. 

  4. const fs = require('fs');
    5. 

  5. const jks = require('jks-js');
    6. 

  6. 

  7. const app = express();
    8. 

  8. app.use(express.json());
    9. 

  9. 

  10. // Add signature validation configuration for JKS
    11. 

  11. const SIGNATURE_CONFIG = {
    12. 

  12.   keystorePath: './clientkeystore.jks',
    13. 

  13.   keystorePassword: 'password', // In real apps, use environment variables
    14. 

  14.   keyAlias: 'client', // Common alias for client certificates
    15. 

  15.   keyPassword: 'password', // In real apps, use environment variables
    16. 

  16.   signatureHeader: 'signature',
    17. 

  17.   timestampHeader: 'timestamp',
    18. 

  18.   clientIdHeader: 'client-id',
    19. 

  19.   signatureValidityMs: 300000, // 5 minutes
    20. 

  20.   signatureDataTemplate: 'promptfoo-app{{timestamp}}',
    21. 

  21.   signatureAlgorithm: 'SHA256',
    22. 

  22. };
    23. 

  23. 

  24. // Load JKS keystore and extract public key
    25. 

  25. let publicKey;
    26. 

  26. try {
    27. 

  27.   const keystoreData = fs.readFileSync(SIGNATURE_CONFIG.keystorePath);
    28. 

  28.   const keystore = jks.toPem(keystoreData, SIGNATURE_CONFIG.keystorePassword);
    29. 

  29. 

  30.   // Find the certificate by alias
    31. 

  31.   const cert = keystore[SIGNATURE_CONFIG.keyAlias];
    32. 

  32.   if (!cert) {
    33. 

  33.     throw new Error(`Certificate with alias '${SIGNATURE_CONFIG.keyAlias}' not found in keystore`);
    34. 

  34.   }
    35. 

  35. 

  36.   publicKey = cert.cert;
    37. 

  37.   console.log('Successfully loaded JKS keystore and extracted public key');
    38. 

  38. } catch (error) {
    39. 

  39.   console.error('Error loading JKS keystore:', error.message);
    40. 

  40.   console.error('Make sure keystore.jks exists and credentials are correct');
    41. 

  41.   process.exit(1);
    42. 

  42. }
    43. 

  43. 

  44. // Signature validation middleware
    45. 

  45. function validateSignature(req, res, next) {
    46. 

  46.   try {
    47. 

  47.     const signature = req.headers[SIGNATURE_CONFIG.signatureHeader];
    48. 

  48.     const timestamp = req.headers[SIGNATURE_CONFIG.timestampHeader];
    49. 

  49.     const clientId = req.headers[SIGNATURE_CONFIG.clientIdHeader];
    50. 

  50. 

  51.     // Check if all required headers are present
    52. 

  52.     if (!signature || !timestamp || !clientId) {
    53. 

  53.       console.warn('Request rejected: Missing signature headers');
    54. 

  54.       return res.status(401).json({ error: 'Missing signature headers' });
    55. 

  55.     }
    56. 

  56. 

  57.     // Check timestamp validity
    58. 

  58.     const now = Date.now();
    59. 

  59.     const requestTime = Number.parseInt(timestamp, 10);
    60. 

  60. 

  61.     if (Number.isNaN(requestTime) || now - requestTime > SIGNATURE_CONFIG.signatureValidityMs) {
    62. 

  62.       console.warn('Request rejected: Signature expired or invalid timestamp');
    63. 

  63.       return res.status(401).json({ error: 'Signature expired or invalid timestamp' });
    64. 

  64.     }
    65. 

  65. 

  66.     // Generate signature data using the template
    67. 

  67.     const signatureData = SIGNATURE_CONFIG.signatureDataTemplate.replace(
    68. 

  68.       '{{timestamp}}',
    69. 

  69.       timestamp,
    70. 

  70.     );
    71. 

  71. 

  72.     // Verify signature using the public key from JKS
    73. 

  73.     const verify = crypto.createVerify(SIGNATURE_CONFIG.signatureAlgorithm);
    74. 

  74.     verify.update(signatureData);
    75. 

  75.     const isValid = verify.verify(publicKey, signature, 'base64');
    76. 

  76. 

  77.     if (!isValid) {
    78. 

  78.       console.warn('Request rejected: Invalid signature');
    79. 

  79.       return res.status(401).json({ error: 'Invalid signature' });
    80. 

  80.     }
    81. 

  81. 

  82.     console.log('JKS signature checks out... continuing');
    83. 

  83.     next();
    84. 

  84.   } catch (error) {
    85. 

  85.     console.error('Error validating signature:', error);
    86. 

  86.     return res.status(500).json({ error: 'Error validating signature' });
    87. 

  87.   }
    88. 

  88. }
    89. 

  89. 

  90. app.post('/chat', validateSignature, async (req, res) => {
    91. 

  91.   try {
    92. 

  92.     return res.json({ message: 'hello from JKS authenticated endpoint' });
    93. 

  93.   } catch (error) {
    94. 

  94.     console.error('Error processing chat request:', error);
    95. 

  95.     return res.status(500).json({ error: error.message });
    96. 

  96.   }
    97. 

  97. });
    98. 

  98. 

  99. const PORT = process.env.PORT || 2346;
    100. 

  100. app.listen(PORT, (error) => {
    101. 

  101.   if (error) {
    102. 

  102.     console.error(`Failed to start server: ${error.message}`);
    103. 

  103.     process.exit(1);
    104. 

  104.     return;
    105. 

  105.   }
    106. 

  106.   console.info(`JKS server is running on port ${PORT}`);
    107. 

  107. });
    108.
Prev
Next
Tip!

Press p or to see the previous file or, n or to see the next file

Comments

Write Preview
Loading...
Integrate AWS S3
Use S3 remote
Select bucket
Access key
Finish

Use AWS S3 as storage!

Browsing data directories saved to S3 is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your S3 bucket

Access key (If needed)

Congratulations!

promptfoo is now integrated with AWS S3!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes
Integrate Google Cloud Storage
Use Google Storage
Select bucket
Upload key
Finish

Use Google Cloud Storage!

Browsing data directories saved to Google Cloud Storage is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your Google Storage bucket

Service Account Key

Congratulations!

promptfoo is now integrated with Google Cloud Storage!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes
Integrate Azure Cloud Storage
Use Azure Storage
Select bucket
Set key
Finish

Use Azure Cloud Storage!

Browsing data directories saved to Azure Cloud Storage is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your Azure Storage bucket

Access key (If needed)

Congratulations!

promptfoo is now integrated with Azure Cloud Storage!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes
Integrate S3 compatible storage
Use S3 like remote
Select bucket
Access key
Finish

Use any S3 compatible storage!

Browsing data directories saved to S3 compatible storage is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your S3 bucket

Bucket name cannot be the same as the repository name. Please change one of them.

Access key (If needed)

Congratulations!

promptfoo is now integrated with your S3 compatible storage!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes