Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a Secure SQL ChatBot demo #1073

Merged
merged 1 commit into from
Nov 18, 2024
Merged

Add a Secure SQL ChatBot demo #1073

merged 1 commit into from
Nov 18, 2024

Conversation

sberyozkin
Copy link
Contributor

@sberyozkin sberyozkin commented Nov 12, 2024
edited
Loading

Fixes #609.

The flow will look like this:

  • Step 1:

Screenshot From 2024-11-12 12-39-59

  • Step 2 (this page is only available to authenticated users, and the security identity is propagated to the WS connection once the user chooses a chatbot icon):

Screenshot From 2024-11-12 12-39-08

ContentRetriever can only be called if the user is authenticated:

Screenshot From 2024-11-12 13-10-25

I'd just like to look at some hardening updates at the Quarkus level with Martin and Michal to have some more security binding done, but overall it is looking not bad with the WS-Next security support.

Here are application.properties.

It is only HTTPS and WSS secure protocols.

I'll look at adding a custom WS Next HttpUpgradeCheck.

Perhaps an output Quardrail can be added as well

CC @geoand @cescoffier

@jmartisk jmartisk self-requested a review November 13, 2024 07:39
@jmartisk
Copy link
Collaborator

Gonna try to run it today

@geoand
Copy link
Collaborator

geoand commented Nov 13, 2024

Very cool @sberyozkin!

@sberyozkin sberyozkin force-pushed the secure_sql_chatbot branch 2 times, most recently from 4fe0077 to 46be75c Compare November 14, 2024 16:18
@sberyozkin
Copy link
Contributor Author

sberyozkin commented Nov 14, 2024
edited
Loading

@geoand @jmartisk I've added a custom WebSockets ticket scheme just to show what users can do to make what are already secure WSS upgrade requests even more secure, and updated README with a a more complete list of security considerations.

Next, I'll to tune some of the RAG code to take the user identity into account and the demo should be ready for review once it is done

@sberyozkin sberyozkin force-pushed the secure_sql_chatbot branch 3 times, most recently from fd5f73b to 42ef0d8 Compare November 14, 2024 18:34
@sberyozkin sberyozkin marked this pull request as ready for review November 14, 2024 18:35
@sberyozkin sberyozkin requested a review from a team as a code owner November 14, 2024 18:35
@sberyozkin
Copy link
Contributor Author

@jmartisk Jan, I did something similar to what is done in the secure fraud detection demo.

So, in addition to the Movies data support which was already available, a MovieWatcher DB is generated, where a registered movie watcher has a random preferred genre allocated.

Then, the Movie content retriever passes the genre preferred by the current user to the MovieSupport AI service which is asked to use this property to sort the movies...

Hopefully it is good enough to show how AI can use the user identity to support its work :-), have a look please

Thanks

@sberyozkin
Copy link
Contributor Author

Also added a Logout support, missing movie watcher exception support, similarly to how it is done in the secure fraud detection demo...

I'm happy enough now with what this demo can show...

@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
jmartisk
jmartisk approved these changes Nov 15, 2024
View reviewed changes
Copy link
Collaborator

@jmartisk jmartisk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@sberyozkin
Copy link
Contributor Author

@jmartisk Let me do a bit of formatting as I've reset the workspace and lost the formatting configuration, so a few sources have tabs impacting them. And a few typos in README

@sberyozkin
Copy link
Contributor Author

Should be better now...

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Nov 15, 2024

Status for workflow Build (on pull request)

This is the status report for running Build (on pull request) on commit 62c0836.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

@jmartisk jmartisk merged commit 55c9c69 into quarkiverse:main Nov 18, 2024
61 checks passed
@sberyozkin sberyozkin deleted the secure_sql_chatbot branch November 18, 2024 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsmet gsmet gsmet left review comments

@jmartisk jmartisk jmartisk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add secure-sql-chatbot demo
4 participants
@sberyozkin @jmartisk @geoand @gsmet