Add JS Speech to text with sherpa-onnx as a more reliable alternative without sidecar#282
Add JS Speech to text with sherpa-onnx as a more reliable alternative without sidecar#282
Conversation
…wson/PDR_AI_v2 into feature/speech-to-text
… for viewing audio, and also updated the transcription file. transcription now shows the audio playing with timestamps and allows the user to click on a time stamp or line of audio and have the audio clip jump to that spot.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 635f12a09a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const { userId, videoUrl, category, title, preferredProvider } = validation.data; | ||
|
|
||
| const [user] = await db |
There was a problem hiding this comment.
This handler trusts a caller-supplied userId from the request body and immediately uses it to load tenant context, but it never verifies that userId matches the authenticated session (or that a session exists). In environments where this route is reachable, an attacker can submit another user's ID and enqueue transcriptions/documents into the wrong company, which is a cross-tenant authorization issue.
Useful? React with 👍 / 👎.
| with yt_dlp.YoutubeDL(ydl_opts) as ydl: | ||
| info = ydl.extract_info(url, download=True) |
There was a problem hiding this comment.
/download-and-transcribe forwards unvalidated user input directly into yt_dlp.extract_info(). Because this endpoint accepts arbitrary URL strings, callers can force the sidecar to fetch non-approved/internal targets or very large resources, bypassing the app-layer hostname allowlist and turning this endpoint into an SSRF/resource-abuse vector.
Useful? React with 👍 / 👎.
| volumes: | ||
| postgres_data: | ||
| seaweedfs_data: | ||
| sidecar_models: |
There was a problem hiding this comment.
The top-level volumes section now declares sidecar_models but no longer declares seaweedfs_data, while the seaweedfs service still mounts seaweedfs_data:/data. This leaves the compose file internally inconsistent for the local-storage setup and can break docker compose validation/startup for that profile.
Useful? React with 👍 / 👎.
3 participants
Replaces sidecar speech to text with sherpa-onnx that runs natively in node.js. Uses whisper model of same quality (upgrade from what I showed at the meeting with HuggingFace) but without python dependency. Requires ffmpeg and one time model download