fix: Dockerfile to reduce vulnerabilities (#106 )

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314623 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314624 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314624 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314641 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314643
feat: nvidia speech credential (#105 )
2026-01-25 02:08:24 +00:00 · 2023-02-12 22:50:13 -05:00 · 2023-02-10 08:31:49 -05:00
5 changed files with 49 additions and 4 deletions
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 node:18.12.1-alpine3.16 as base
+FROM --platform=linux/amd64 node:18-alpine3.16 as base

 RUN apk --update --no-cache add --virtual .builds-deps build-base python3

--- a/lib/routes/api/speech-credentials.js
+++ b/lib/routes/api/speech-credentials.js
@@ -51,6 +51,7 @@ const encryptCredential = (obj) => {
    tts_region,
    stt_api_key,
    stt_region,
+    riva_server_uri,
    instance_id
  } = obj;

@@ -106,6 +107,11 @@ const encryptCredential = (obj) => {
      const ibmData = JSON.stringify({tts_api_key, tts_region, stt_api_key, stt_region, instance_id});
      return encrypt(ibmData);

+    case 'nvidia':
+      assert(riva_server_uri, 'invalid riva server uri: riva_server_uri is required');
+      const nvidiaData = JSON.stringify({ riva_server_uri });
+      return encrypt(nvidiaData);
+
    default:
      assert(false, `invalid or missing vendor: ${vendor}`);
  }
@@ -210,6 +216,9 @@ router.get('/', async(req, res) => {
        obj.stt_api_key = obscureKey(o.stt_api_key);
        obj.stt_region = o.stt_region;
        obj.instance_id = o.instance_id;
+      } else if ('nvidia' == obj.vendor) {
+        const o = JSON.parse(decrypt(credential));
+        obj.riva_server_uri = o.riva_server_uri;
      }
      return obj;
    }));
@@ -272,6 +281,9 @@ router.get('/:sid', async(req, res) => {
      obj.stt_api_key = obscureKey(o.stt_api_key);
      obj.stt_region = o.stt_region;
      obj.instance_id = o.instance_id;
+    } else if ('nvidia' == obj.vendor) {
+      const o = JSON.parse(decrypt(credential));
+      obj.riva_server_uri = o.riva_server_uri;
    }
    res.status(200).json(obj);
  } catch (err) {
@@ -302,7 +314,7 @@ router.put('/:sid', async(req, res) => {
  const sid = req.params.sid;
  const logger = req.app.locals.logger;
  try {
-    const {use_for_tts, use_for_stt, region, aws_region, stt_region, tts_region} = req.body;
+    const {use_for_tts, use_for_stt, region, aws_region, stt_region, tts_region, riva_server_uri} = req.body;
    if (typeof use_for_tts === 'undefined' && typeof use_for_stt === 'undefined') {
      throw new DbErrorUnprocessableRequest('use_for_tts and use_for_stt are the only updateable fields');
    }
@@ -337,7 +349,8 @@ router.put('/:sid', async(req, res) => {
          use_custom_stt,
          custom_stt_endpoint,
          stt_region,
-          tts_region
+          tts_region,
+          riva_server_uri
        };
        logger.info({o, newCred}, 'updating speech credential with this new credential');
        obj.credential = encryptCredential(newCred);
--- a/lib/swagger/swagger.yaml
+++ b/lib/swagger/swagger.yaml
@@ -4262,6 +4262,8 @@ components:
          type: boolean
        stt_tested_ok:
          type: boolean
+        riva_server_uri:
+          type: string
    SpeechCredentialUpdate:
      properties:
        use_for_tts:
--- a/lib/utils/speech-utils.js
+++ b/lib/utils/speech-utils.js
@@ -16,7 +16,6 @@ const testNuanceStt = async(logger, credentials) => {
  return true;
 };

-
 const testGoogleTts = async(logger, credentials) => {
  const client = new ttsGoogle.TextToSpeechClient({credentials});
  await client.listVoices();
--- a/test/speech-credentials.js
+++ b/test/speech-credentials.js
@@ -300,6 +300,37 @@ test('speech credentials tests', async(t) => {
      t.ok(result.statusCode === 204, 'successfully deleted speech credential');
    }

+    /* add a credential for nvidia */
+    result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,
+      body: {
+        vendor: 'nvidia',
+        use_for_stt: true,
+        use_for_tts: true,
+        riva_server_uri: "192.168.1.2:5060"
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully added speech credential for nvidia');
+    const ms_sid = result.body.sid;
+
+    /* test the speech credential */
+    result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,   
+    });
+    // TODO Nvidia test.
+    t.ok(result.statusCode === 200 && result.body.stt.status === 'not tested', 'successfully tested speech credential for nvida stt');
+
+    /* delete the credential */
+    result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
+      auth: authUser,
+      resolveWithFullResponse: true,
+    });
+    t.ok(result.statusCode === 204, 'successfully deleted speech credential');
+
    await deleteObjectBySid(request, '/Accounts', account_sid);
    await deleteObjectBySid(request, '/ServiceProviders', service_provider_sid);
    //t.end();