search

Vocab-Apps / anki-hyper-tts

HyperTTS Addon for Anki
GNU General Public License v3.0
84 stars 10 forks source link

[Feature Request] Custom domains for Azure Speech Service #159

Closed vlev closed 8 months ago

vlev commented 9 months ago

Hi,

First of all, thank you for the great work! I find this plugin to be extremely useful.

Is there a chance, you can add the support of custom domains for Azure Speech Service? I believe, at the moment, the target endpoint is calculated as [location].api.cognitive.microsoft.com. Would be nice to be able to provide a custom one, e.g. custom-domain.cognitiveservices.azure.com

This is needed in order to enable ip-based firewall rules on the service.

vlev commented 9 months ago

It looks like token-based authentication won't work with custom domains. When calling issueToken endpoints I get a BadRequest with a message "Virtual network/Firewall is configured, Token API is disabled."

The alternatives are:

  1. put subscription key into headers with requests to tts services (just checked - seems to be working)
  2. use entraid authentication

I think, the first option requires less effort to implement - tts endpoint stays the same, we just need to provide a bool flag for token-based auth. Here is relevant documentation - https://learn.microsoft.com/en-us/azure/ai-services/authentication#authenticate-with-a-single-service-resource-key.

Dirty fix that worked for me:

        # if self.token_refresh_required():
        #     self.get_token(subscription_key, region)

...

        headers = {
            'Ocp-Apim-Subscription-Key': subscription_key,
            # 'Authorization': 'Bearer ' + self.access_token,
            'Content-Type': 'application/ssml+xml',
            'X-Microsoft-OutputFormat': audio_format_map[audio_format],
            'User-Agent': 'anki-hyper-tts'
        }
luc-vocab commented 9 months ago

just curious what is the main reason to use custom api domains ? Also note you can create your own custom service, it's simply a matter of cloning the existing azure one and renaming the file and the class. This could be a solution to get it working for you right now.

vlev commented 9 months ago

The main motivation is security considerations - I prefer to limit access to paid cloud resources to specific IPs. With Azure Cognitive services (including text to speach) this configuration requires custom domains. Here is a fresh thread on this - https://learn.microsoft.com/en-us/answers/questions/1154764/how-to-enable-networking-for-azure-cognitive-servi I've also done some experimenting and can confirm that this limitation is in place.

luc-vocab commented 8 months ago

I don't have time to implement this. If you want it, you can create your own custom service, it's extremely easy.