@lobehub/chat 0.159.12 → 0.160.1

package/CHANGELOG.md

@@ -2,6 +2,56 @@
 
 # Changelog
 
+### [Version 0.160.1](https://github.com/lobehub/lobe-chat/compare/v0.160.0...v0.160.1)
+
+<sup>Released on **2024-05-18**</sup>
+
+#### 🐛 Bug Fixes
+
+- **misc**: Fix enable ollama env.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's fixed
+
+- **misc**: Fix enable ollama env ([9c3f5a8](https://github.com/lobehub/lobe-chat/commit/9c3f5a8))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
+## [Version 0.160.0](https://github.com/lobehub/lobe-chat/compare/v0.159.12...v0.160.0)
+
+<sup>Released on **2024-05-18**</sup>
+
+#### ✨ Features
+
+- **misc**: Bump version and add enable ollama env.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's improved
+
+- **misc**: Bump version and add enable ollama env, closes [#2554](https://github.com/lobehub/lobe-chat/issues/2554) ([f5ce7c9](https://github.com/lobehub/lobe-chat/commit/f5ce7c9))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 0.159.12](https://github.com/lobehub/lobe-chat/compare/v0.159.11...v0.159.12)
 
 <sup>Released on **2024-05-15**</sup>

package/README.md

@@ -230,7 +230,7 @@ In addition, these plugins are not limited to news aggregation, but can also ext
 | [Social Search](https://chat-preview.lobehub.com/settings/agent)<br/><sup>By **say-apps** on **2024-05-02**</sup>         | The Social Search provides access to tweets, users, followers, images, media and more.<br/>`social` `twitter` `x` `search` |
 | [Search Google via Serper](https://chat-preview.lobehub.com/settings/agent)<br/><sup>By **Barry** on **2024-04-30**</sup> | Google search engine via Serper.dev free API (2500x🆓/month)<br/>`web` `search`                                            |
 
-> 📊 Total plugins: [<kbd>**58**</kbd>](https://github.com/lobehub/lobe-chat-plugins)
+> 📊 Total plugins: [<kbd>**56**</kbd>](https://github.com/lobehub/lobe-chat-plugins)
 
  <!-- PLUGIN LIST -->
 

package/README.zh-CN.md

@@ -222,7 +222,7 @@ LobeChat 的插件生态系统是其核心功能的重要扩展，它极大地
 | [社交搜索](https://chat-preview.lobehub.com/settings/agent)<br/><sup>By **say-apps** on **2024-05-02**</sup>             | 社交搜索提供访问推文、用户、关注者、图片、媒体等功能。<br/>`社交` `推特` `x` `搜索` |
 | [通过 Serper 搜索 Google](https://chat-preview.lobehub.com/settings/agent)<br/><sup>By **Barry** on **2024-04-30**</sup> | 通过 Serper.dev 免费 API 进行 Google 搜索引擎（每月 2500 次🆓）<br/>`网络` `搜索`   |
 
-> 📊 Total plugins: [<kbd>**58**</kbd>](https://github.com/lobehub/lobe-chat-plugins)
+> 📊 Total plugins: [<kbd>**56**</kbd>](https://github.com/lobehub/lobe-chat-plugins)
 
  <!-- PLUGIN LIST -->
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "0.159.12",
+  "version": "0.160.1",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",
@@ -85,6 +85,8 @@
     "@anthropic-ai/sdk": "^0.20.9",
     "@auth/core": "0.28.0",
     "@aws-sdk/client-bedrock-runtime": "^3.574.0",
+    "@aws-sdk/client-s3": "^3.577.0",
+    "@aws-sdk/s3-request-presigner": "^3.577.0",
     "@azure/openai": "1.0.0-beta.12",
     "@cfworker/json-schema": "^1.12.8",
     "@clerk/localizations": "2.0.0",
@@ -108,7 +110,7 @@
     "@vercel/speed-insights": "^1.0.10",
     "ahooks": "^3.7.11",
     "ai": "3.0.19",
-    "antd": "5.17.0",
+    "antd": "^5.17.2",
     "antd-style": "^3.6.2",
     "brotli-wasm": "^3.0.0",
     "chroma-js": "^2.4.2",

package/src/app/trpc/{[trpc] → edge/[trpc]}/route.ts

@@ -3,7 +3,7 @@ import type { NextRequest } from 'next/server';
 
 import { pino } from '@/libs/logger';
 import { createContext } from '@/server/context';
-import { appRouter } from '@/server/routers';
+import { edgeRouter } from '@/server/routers';
 
 export const runtime = 'edge';
 
@@ -14,7 +14,7 @@ const handler = (req: NextRequest) =>
      */
     createContext: () => createContext(req),
 
-    endpoint: '/trpc',
+    endpoint: '/trpc/edge',
 
     onError: ({ error, path }) => {
       pino.info(`Error in tRPC handler (edge) on path: ${path}`);
@@ -22,7 +22,7 @@ const handler = (req: NextRequest) =>
     },
 
     req,
-    router: appRouter,
+    router: edgeRouter,
   });
 
 export { handler as GET, handler as POST };

package/src/config/__tests__/server.test.ts

@@ -33,17 +33,6 @@ describe('getServerConfig', () => {
     expect(config.OPENAI_FUNCTION_REGIONS).toStrictEqual(['iad1', 'sfo1']);
   });
 
-  it('returns default IMGUR_CLIENT_ID when no environment variable is set', () => {
-    const config = getServerConfig();
-    expect(config.IMGUR_CLIENT_ID).toBe('e415f320d6e24f9');
-  });
-
-  it('returns custom IMGUR_CLIENT_ID when environment variable is set', () => {
-    process.env.IMGUR_CLIENT_ID = 'custom-client-id';
-    const config = getServerConfig();
-    expect(config.IMGUR_CLIENT_ID).toBe('custom-client-id');
-  });
-
   describe('index url', () => {
     it('should return default URLs when no environment variables are set', () => {
       const config = getServerConfig();

package/src/config/file.ts

@@ -0,0 +1,34 @@
+import { createEnv } from '@t3-oss/env-nextjs';
+import { z } from 'zod';
+
+const DEFAULT_S3_FILE_PATH = 'files';
+
+export const getFileConfig = () => {
+  return createEnv({
+    client: {
+      NEXT_PUBLIC_S3_DOMAIN: z.string().optional(),
+      NEXT_PUBLIC_S3_FILE_PATH: z.string().optional(),
+    },
+    runtimeEnv: {
+      NEXT_PUBLIC_S3_DOMAIN: process.env.NEXT_PUBLIC_S3_DOMAIN,
+      NEXT_PUBLIC_S3_FILE_PATH: process.env.NEXT_PUBLIC_S3_FILE_PATH || DEFAULT_S3_FILE_PATH,
+
+      S3_ACCESS_KEY_ID: process.env.S3_ACCESS_KEY_ID,
+      S3_BUCKET: process.env.S3_BUCKET,
+      S3_ENDPOINT: process.env.S3_ENDPOINT,
+      S3_REGION: process.env.S3_REGION,
+      S3_SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY,
+    },
+    server: {
+      // S3
+      S3_ACCESS_KEY_ID: z.string().optional(),
+      S3_BUCKET: z.string().optional(),
+      S3_ENDPOINT: z.string().optional(),
+
+      S3_REGION: z.string().optional(),
+      S3_SECRET_ACCESS_KEY: z.string().optional(),
+    },
+  });
+};
+
+export const fileEnv = getFileConfig();

package/src/config/server/app.ts

@@ -6,8 +6,6 @@ declare global {
     interface ProcessEnv {
       ACCESS_CODE?: string;
 
-      IMGUR_CLIENT_ID?: string;
-
       SITE_URL?: string;
 
       AGENTS_INDEX_URL?: string;
@@ -25,10 +23,6 @@ declare global {
   }
 }
 
-// we apply a free imgur app to get a client id
-// refs: https://apidocs.imgur.com/
-const DEFAULT_IMAGUR_CLIENT_ID = 'e415f320d6e24f9';
-
 export const getAppConfig = () => {
   if (typeof process === 'undefined') {
     throw new Error('[Server Config] you are importing a server-only module outside of server');
@@ -45,8 +39,6 @@ export const getAppConfig = () => {
 
     SITE_URL: process.env.SITE_URL,
 
-    IMGUR_CLIENT_ID: process.env.IMGUR_CLIENT_ID || DEFAULT_IMAGUR_CLIENT_ID,
-
     AGENTS_INDEX_URL: !!process.env.AGENTS_INDEX_URL
       ? process.env.AGENTS_INDEX_URL
       : 'https://chat-agents.lobehub.com',

package/src/config/server/provider.ts

@@ -22,7 +22,7 @@ declare global {
       // DeepSeek Provider
       ENABLED_DEEPSEEK?: string;
       DEEPSEEK_API_KEY?: string;
-      
+
       // ZhiPu Provider
       ENABLED_ZHIPU?: string;
       ZHIPU_API_KEY?: string;
@@ -113,7 +113,7 @@ export const getProviderConfig = () => {
   const AWS_ACCESS_KEY_ID = process.env.AWS_ACCESS_KEY_ID || '';
 
   const DEEPSEEK_API_KEY = process.env.DEEPSEEK_API_KEY || '';
-  
+
   const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY || '';
 
   const MOONSHOT_API_KEY = process.env.MOONSHOT_API_KEY || '';
@@ -221,7 +221,7 @@ export const getProviderConfig = () => {
     AWS_ACCESS_KEY_ID: AWS_ACCESS_KEY_ID,
     AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY || '',
 
-    ENABLE_OLLAMA: Boolean(process.env.ENABLE_OLLAMA),
+    ENABLE_OLLAMA: process.env.ENABLE_OLLAMA !== '0',
     OLLAMA_PROXY_URL: process.env.OLLAMA_PROXY_URL || '',
     OLLAMA_MODEL_LIST: process.env.OLLAMA_MODEL_LIST || process.env.OLLAMA_CUSTOM_MODELS,
   };

package/src/database/client/models/file.ts

@@ -1,3 +1,4 @@
+import { DBModel } from '@/database/client/core/types/db';
 import { DB_File, DB_FileSchema } from '@/database/client/schemas/files';
 import { nanoid } from '@/utils/uuid';
 
@@ -14,7 +15,7 @@ class _FileModel extends BaseModel<'files'> {
     return this._addWithSync(file, `file-${id}`);
   }
 
-  async findById(id: string) {
+  async findById(id: string): Promise<DBModel<DB_File>> {
     return this.table.get(id);
   }
 

package/src/database/client/schemas/files.ts

@@ -8,7 +8,7 @@ export const DB_FileSchema = z.object({
   /**
    * file data array buffer
    */
-  data: z.instanceof(ArrayBuffer),
+  data: z.instanceof(ArrayBuffer).optional(),
   /**
    * file type
    * @example 'image/png'
@@ -33,7 +33,7 @@ export const DB_FileSchema = z.object({
   /**
    * file url if saveMode is url
    */
-  url: z.string().url().optional(),
+  url: z.string().optional(),
 });
 
 export type DB_File = z.infer<typeof DB_FileSchema>;

package/src/libs/agent-runtime/google/index.test.ts

@@ -560,7 +560,7 @@ describe('LobeGoogleAI', () => {
         });
       });
 
-      it('should correctly convert message with content parts', () => {
+      it('should correctly convert message with inline base64 image parts', () => {
         const message: OpenAIChatMessage = {
           role: 'user',
           content: [
@@ -571,6 +571,25 @@ describe('LobeGoogleAI', () => {
 
         const converted = instance['convertOAIMessagesToGoogleMessage'](message);
 
+        expect(converted).toEqual({
+          role: 'user',
+          parts: [
+            { text: 'Check this image:' },
+            { inlineData: { data: '...', mimeType: 'image/png' } },
+          ],
+        });
+      });
+      it.skip('should correctly convert message with image url parts', () => {
+        const message: OpenAIChatMessage = {
+          role: 'user',
+          content: [
+            { type: 'text', text: 'Check this image:' },
+            { type: 'image_url', image_url: { url: 'https://image-file.com' } },
+          ],
+        };
+
+        const converted = instance['convertOAIMessagesToGoogleMessage'](message);
+
         expect(converted).toEqual({
           role: 'user',
           parts: [

package/src/libs/agent-runtime/google/index.ts

@@ -115,18 +115,31 @@ export class LobeGoogleAI implements LobeRuntimeAI {
         return { text: content.text };
       }
       case 'image_url': {
-        const { mimeType, base64 } = parseDataUri(content.image_url.url);
+        const { mimeType, base64, type } = parseDataUri(content.image_url.url);
 
-        if (!base64) {
-          throw new TypeError("Image URL doesn't contain base64 data");
+        if (type === 'base64') {
+          if (!base64) {
+            throw new TypeError("Image URL doesn't contain base64 data");
+          }
+
+          return {
+            inlineData: {
+              data: base64,
+              mimeType: mimeType || 'image/png',
+            },
+          };
         }
 
-        return {
-          inlineData: {
-            data: base64,
-            mimeType: mimeType || 'image/png',
-          },
-        };
+        // if (type === 'url') {
+        //   return {
+        //     fileData: {
+        //       fileUri: content.image_url.url,
+        //       mimeType: mimeType || 'image/png',
+        //     },
+        //   };
+        // }
+
+        throw new TypeError(`currently we don't support image url: ${content.image_url.url}`);
       }
     }
   };

package/src/libs/agent-runtime/utils/uriParser.test.ts

@@ -0,0 +1,29 @@
+import { describe, expect, it } from 'vitest';
+
+import { parseDataUri } from './uriParser';
+
+describe('parseDataUri', () => {
+  it('should parse a valid data URI', () => {
+    const dataUri = 'data:image/png;base64,abc';
+    const result = parseDataUri(dataUri);
+    expect(result).toEqual({ base64: 'abc', mimeType: 'image/png', type: 'base64' });
+  });
+
+  it('should parse a valid URL', () => {
+    const url = 'https://example.com/image.jpg';
+    const result = parseDataUri(url);
+    expect(result).toEqual({ base64: null, mimeType: null, type: 'url' });
+  });
+
+  it('should return null for an invalid input', () => {
+    const invalidInput = 'invalid-data';
+    const result = parseDataUri(invalidInput);
+    expect(result).toEqual({ base64: null, mimeType: null, type: null });
+  });
+
+  it('should handle an empty input', () => {
+    const emptyInput = '';
+    const result = parseDataUri(emptyInput);
+    expect(result).toEqual({ base64: null, mimeType: null, type: null });
+  });
+});

package/src/libs/agent-runtime/utils/uriParser.ts

@@ -1,16 +1,24 @@
-export const parseDataUri = (
-  dataUri: string,
-): { base64: string | null; mimeType: string | null } => {
+interface UriParserResult {
+  base64: string | null;
+  mimeType: string | null;
+  type: 'url' | 'base64' | null;
+}
+
+export const parseDataUri = (dataUri: string): UriParserResult => {
   // 正则表达式匹配整个 Data URI 结构
   const dataUriMatch = dataUri.match(/^data:([^;]+);base64,(.+)$/);
 
-  // 如果匹配成功，则返回 mimeType 和 base64，否则返回 null
   if (dataUriMatch) {
-    return {
-      base64: dataUriMatch[2],
-      mimeType: dataUriMatch[1],
-    };
+    // 如果是合法的 Data URI
+    return { base64: dataUriMatch[2], mimeType: dataUriMatch[1], type: 'base64' };
   }
 
-  return { base64: null, mimeType: null };
+  try {
+    new URL(dataUri);
+    // 如果是合法的 URL
+    return { base64: null, mimeType: null, type: 'url' };
+  } catch {
+    // 既不是 Data URI 也不是合法 URL
+    return { base64: null, mimeType: null, type: null };
+  }
 };

package/src/libs/trpc/client.ts

@@ -1,13 +1,15 @@
 import { createTRPCClient, httpBatchLink } from '@trpc/client';
 import superjson from 'superjson';
 
-import type { AppRouter } from '@/server/routers';
+import type { EdgeRouter } from '@/server/routers';
+import { createHeaderWithAuth } from '@/services/_auth';
 
-export const trpcClient = createTRPCClient<AppRouter>({
+export const edgeClient = createTRPCClient<EdgeRouter>({
   links: [
     httpBatchLink({
+      headers: async () => createHeaderWithAuth(),
       transformer: superjson,
-      url: '/trpc',
+      url: '/trpc/edge',
     }),
   ],
 });

package/src/libs/trpc/index.ts

@@ -7,60 +7,36 @@
  * @link https://trpc.io/docs/v11/router
  * @link https://trpc.io/docs/v11/procedures
  */
-import { TRPCError, initTRPC } from '@trpc/server';
-import superjson from 'superjson';
-
-import type { Context } from '@/server/context';
-
-const t = initTRPC.context<Context>().create({
-  /**
-   * @link https://trpc.io/docs/v11/error-formatting
-   */
-  errorFormatter({ shape }) {
-    return shape;
-  },
-  /**
-   * @link https://trpc.io/docs/v11/data-transformers
-   */
-  transformer: superjson,
-});
+import { trpc } from './init';
+import { passwordChecker } from './middleware/password';
+import { userAuth } from './middleware/userAuth';
 
 /**
  * Create a router
  * @link https://trpc.io/docs/v11/router
  */
-export const router = t.router;
+export const router = trpc.router;
 
 /**
  * Create an unprotected procedure
  * @link https://trpc.io/docs/v11/procedures
  **/
-export const publicProcedure = t.procedure;
+export const publicProcedure = trpc.procedure;
 
 // procedure that asserts that the user is logged in
-export const authedProcedure = t.procedure.use(async (opts) => {
-  const { ctx } = opts;
-  // `ctx.user` is nullable
-  if (!ctx.userId) {
-    throw new TRPCError({ code: 'UNAUTHORIZED' });
-  }
+export const authedProcedure = trpc.procedure.use(userAuth);
 
-  return opts.next({
-    ctx: {
-      // ✅ user value is known to be non-null now
-      userId: ctx.userId,
-    },
-  });
-});
+// procedure that asserts that the user add the password
+export const passwordProcedure = trpc.procedure.use(passwordChecker);
 
 /**
  * Merge multiple routers together
  * @link https://trpc.io/docs/v11/merging-routers
  */
-export const mergeRouters = t.mergeRouters;
+export const mergeRouters = trpc.mergeRouters;
 
 /**
  * Create a server-side caller
  * @link https://trpc.io/docs/v11/server/server-side-calls
  */
-export const createCallerFactory = t.createCallerFactory;
+export const createCallerFactory = trpc.createCallerFactory;

package/src/libs/trpc/init.ts

@@ -0,0 +1,26 @@
+/**
+ * This is your entry point to setup the root configuration for tRPC on the server.
+ * - `initTRPC` should only be used once per app.
+ * - We export only the functionality that we use so we can enforce which base procedures should be used
+ *
+ * Learn how to create protected base procedures and other things below:
+ * @link https://trpc.io/docs/v11/router
+ * @link https://trpc.io/docs/v11/procedures
+ */
+import { initTRPC } from '@trpc/server';
+import superjson from 'superjson';
+
+import type { Context } from '@/server/context';
+
+export const trpc = initTRPC.context<Context>().create({
+  /**
+   * @link https://trpc.io/docs/v11/error-formatting
+   */
+  errorFormatter({ shape }) {
+    return shape;
+  },
+  /**
+   * @link https://trpc.io/docs/v11/data-transformers
+   */
+  transformer: superjson,
+});

package/src/libs/trpc/middleware/password.test.ts

@@ -0,0 +1,87 @@
+import { TRPCError } from '@trpc/server';
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+
+import * as utils from '@/app/api/middleware/auth/utils';
+import * as serverConfig from '@/config/server';
+import { createCallerFactory } from '@/libs/trpc';
+import { trpc } from '@/libs/trpc/init';
+import { AuthContext, createContextInner } from '@/server/context';
+
+import { passwordChecker } from './password';
+
+const appRouter = trpc.router({
+  protectedQuery: trpc.procedure.use(passwordChecker).query(async ({ ctx }) => {
+    return ctx.jwtPayload;
+  }),
+});
+
+const createCaller = createCallerFactory(appRouter);
+let ctx: AuthContext;
+let router: ReturnType<typeof createCaller>;
+
+beforeEach(() => {
+  vi.resetAllMocks();
+});
+
+describe('passwordChecker middleware', () => {
+  it('should throw UNAUTHORIZED error if authorizationHeader is not present in context', async () => {
+    ctx = await createContextInner();
+    router = createCaller(ctx);
+
+    await expect(router.protectedQuery()).rejects.toThrow(new TRPCError({ code: 'UNAUTHORIZED' }));
+  });
+
+  it('should throw UNAUTHORIZED error if access code is not correct', async () => {
+    vi.spyOn(serverConfig, 'getServerConfig').mockReturnValue({
+      ACCESS_CODES: ['123'],
+    } as any);
+    vi.spyOn(utils, 'getJWTPayload').mockResolvedValue({ accessCode: '456' });
+
+    ctx = await createContextInner({ authorizationHeader: 'Bearer token' });
+    router = createCaller(ctx);
+
+    await expect(router.protectedQuery()).rejects.toThrow(new TRPCError({ code: 'UNAUTHORIZED' }));
+  });
+
+  it('should call next with jwtPayload in context if access code is correct', async () => {
+    const jwtPayload = { accessCode: '123' };
+    vi.spyOn(serverConfig, 'getServerConfig').mockReturnValue({
+      ACCESS_CODES: ['123'],
+    } as any);
+    vi.spyOn(utils, 'getJWTPayload').mockResolvedValue(jwtPayload);
+
+    ctx = await createContextInner({ authorizationHeader: 'Bearer token' });
+    router = createCaller(ctx);
+
+    const data = await router.protectedQuery();
+
+    expect(data).toEqual(jwtPayload);
+  });
+
+  it('should call next with jwtPayload in context if no access codes are set', async () => {
+    const jwtPayload = {};
+    vi.spyOn(serverConfig, 'getServerConfig').mockReturnValue({
+      ACCESS_CODES: [],
+    } as any);
+    vi.spyOn(utils, 'getJWTPayload').mockResolvedValue(jwtPayload);
+
+    ctx = await createContextInner({ authorizationHeader: 'Bearer token' });
+    router = createCaller(ctx);
+
+    const data = await router.protectedQuery();
+
+    expect(data).toEqual(jwtPayload);
+  });
+  it('should call next with jwtPayload in context if  access codes is undefined', async () => {
+    const jwtPayload = {};
+    vi.spyOn(serverConfig, 'getServerConfig').mockReturnValue({} as any);
+    vi.spyOn(utils, 'getJWTPayload').mockResolvedValue(jwtPayload);
+
+    ctx = await createContextInner({ authorizationHeader: 'Bearer token' });
+    router = createCaller(ctx);
+
+    const data = await router.protectedQuery();
+
+    expect(data).toEqual(jwtPayload);
+  });
+});

package/src/libs/trpc/middleware/password.ts

@@ -0,0 +1,26 @@
+import { TRPCError } from '@trpc/server';
+
+import { getJWTPayload } from '@/app/api/middleware/auth/utils';
+import { getServerConfig } from '@/config/server';
+import { trpc } from '@/libs/trpc/init';
+
+export const passwordChecker = trpc.middleware(async (opts) => {
+  const { ACCESS_CODES } = getServerConfig();
+
+  const { ctx } = opts;
+
+  if (!ctx.authorizationHeader) throw new TRPCError({ code: 'UNAUTHORIZED' });
+
+  const jwtPayload = await getJWTPayload(ctx.authorizationHeader);
+
+  // if there are access codes, check if the user has set correct one
+  if (ACCESS_CODES && ACCESS_CODES.length > 0) {
+    const accessCode = jwtPayload.accessCode;
+
+    if (!accessCode || !ACCESS_CODES.includes(accessCode)) {
+      throw new TRPCError({ code: 'UNAUTHORIZED' });
+    }
+  }
+
+  return opts.next({ ctx: { jwtPayload } });
+});