@lobehub/chat 1.122.4 → 1.122.5

package/CHANGELOG.md

@@ -2,6 +2,31 @@
 
 # Changelog
 
+### [Version 1.122.5](https://github.com/lobehub/lobe-chat/compare/v1.122.4...v1.122.5)
+
+<sup>Released on **2025-09-04**</sup>
+
+#### ♻ Code Refactoring
+
+- **misc**: Make LobeNextAuthDBAdapter Edge Compatible.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### Code refactoring
+
+- **misc**: Make LobeNextAuthDBAdapter Edge Compatible, closes [#8188](https://github.com/lobehub/lobe-chat/issues/8188) ([f456e91](https://github.com/lobehub/lobe-chat/commit/f456e91))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.122.4](https://github.com/lobehub/lobe-chat/compare/v1.122.3...v1.122.4)
 
 <sup>Released on **2025-09-04**</sup>

package/changelog/v1.json

@@ -1,4 +1,13 @@
 [
+  {
+    "children": {
+      "improvements": [
+        "Make LobeNextAuthDBAdapter Edge Compatible."
+      ]
+    },
+    "date": "2025-09-04",
+    "version": "1.122.5"
+  },
   {
     "children": {
       "improvements": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.122.4",
+  "version": "1.122.5",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/packages/utils/src/server/__tests__/auth.test.ts

@@ -28,7 +28,7 @@ vi.mock('@/libs/clerk-auth', () => ({
   },
 }));
 
-vi.mock('@/libs/next-auth/edge', () => ({
+vi.mock('@/libs/next-auth', () => ({
   default: {
     auth: vi.fn().mockResolvedValue({
       user: {

package/packages/utils/src/server/auth.ts

@@ -12,9 +12,9 @@ export const getUserAuth = async () => {
   }
 
   if (enableNextAuth) {
-    const { default: NextAuthEdge } = await import('@/libs/next-auth/edge');
+    const { default: NextAuth } = await import('@/libs/next-auth');
 
-    const session = await NextAuthEdge.auth();
+    const session = await NextAuth.auth();
 
     const userId = session?.user.id;
 

package/src/app/(backend)/api/auth/adapter/route.ts

@@ -0,0 +1,137 @@
+import debug from 'debug';
+import { NextRequest, NextResponse } from 'next/server';
+
+import { serverDBEnv } from '@/config/db';
+import { serverDB } from '@/database/server';
+import { dateKeys } from '@/libs/next-auth/adapter';
+import { NextAuthUserService } from '@/server/services/nextAuthUser';
+
+const log = debug('lobe-next-auth:api:auth:adapter');
+
+/**
+ * @description Process the db query for the NextAuth adapter.
+ * Returns the db query result directly and let NextAuth handle the raw results.
+ * @returns {
+ *  success: boolean; // Only return false if the database query fails or the action is invalid.
+ *  data?: any;
+ *  error?: string;
+ * }
+ */
+export async function POST(req: NextRequest) {
+  try {
+    // try validate the request
+    if (
+      !req.headers.get('Authorization') ||
+      req.headers.get('Authorization')?.trim() !== `Bearer ${serverDBEnv.KEY_VAULTS_SECRET}`
+    ) {
+      log('Unauthorized request, missing or invalid Authorization header');
+      return NextResponse.json({ error: 'Unauthorized', success: false }, { status: 401 });
+    }
+
+    // Parse the request body
+    const data = await req.json();
+    log('Received request data:', data);
+    // Preprocess
+    if (data?.data) {
+      for (const key of dateKeys) {
+        if (data?.data && data.data[key]) {
+          data.data[key] = new Date(data.data[key]);
+          continue;
+        }
+      }
+    }
+    const service = new NextAuthUserService(serverDB);
+    let result;
+    switch (data.action) {
+      case 'createAuthenticator': {
+        result = await service.createAuthenticator(data.data);
+        break;
+      }
+      case 'createSession': {
+        result = await service.createSession(data.data);
+        break;
+      }
+      case 'createUser': {
+        result = await service.createUser(data.data);
+        break;
+      }
+      case 'createVerificationToken': {
+        result = await service.createVerificationToken(data.data);
+        break;
+      }
+      case 'deleteSession': {
+        result = await service.deleteSession(data.data);
+        break;
+      }
+      case 'deleteUser': {
+        result = await service.deleteUser(data.data);
+        break;
+      }
+      case 'getAccount': {
+        result = await service.getAccount(data.data.providerAccountId, data.data.provider);
+        break;
+      }
+      case 'getAuthenticator': {
+        result = await service.getAuthenticator(data.data);
+        break;
+      }
+      case 'getSessionAndUser': {
+        result = await service.getSessionAndUser(data.data);
+        break;
+      }
+      case 'getUser': {
+        result = await service.getUser(data.data);
+        break;
+      }
+      case 'getUserByAccount': {
+        result = await service.getUserByAccount(data.data);
+        break;
+      }
+      case 'getUserByEmail': {
+        result = await service.getUserByEmail(data.data);
+        break;
+      }
+      case 'linkAccount': {
+        result = await service.linkAccount(data.data);
+        break;
+      }
+      case 'listAuthenticatorsByUserId': {
+        result = await service.listAuthenticatorsByUserId(data.data);
+        break;
+      }
+      case 'unlinkAccount': {
+        result = await service.unlinkAccount(data.data);
+        break;
+      }
+      case 'updateAuthenticatorCounter': {
+        result = await service.updateAuthenticatorCounter(
+          data.data.credentialID,
+          data.data.counter,
+        );
+        break;
+      }
+      case 'updateSession': {
+        result = await service.updateSession(data.data);
+        break;
+      }
+      case 'updateUser': {
+        result = await service.updateUser(data.data);
+        break;
+      }
+      case 'useVerificationToken': {
+        result = await service.useVerificationToken(data.data);
+        break;
+      }
+      default: {
+        return NextResponse.json({ error: 'Invalid action', success: false }, { status: 400 });
+      }
+    }
+    return NextResponse.json({ data: result, success: true });
+  } catch (error) {
+    log('Error processing request:');
+    log(error);
+    return NextResponse.json({ error, success: false }, { status: 400 });
+  }
+}
+
+export const runtime = 'nodejs';

package/src/app/(backend)/api/webhooks/logto/route.ts

@@ -36,6 +36,15 @@ export const POST = async (req: Request): Promise<NextResponse> => {
         },
       );
     }
+    case 'User.SuspensionStatus.Updated': {
+      if (data.isSuspended) {
+        return nextAuthUserService.safeSignOutUser({
+          provider: 'logto',
+          providerAccountId: data.id,
+        });
+      }
+      return NextResponse.json({ message: 'user reactivated', success: true }, { status: 200 });
+    }
 
     default: {
       pino.warn(

package/src/config/auth.ts

@@ -18,6 +18,8 @@ declare global {
 
       NEXT_AUTH_DEBUG?: string;
 
+      NEXT_AUTH_SSO_SESSION_STRATEGY?: string;
+
       AUTH0_CLIENT_ID?: string;
       AUTH0_CLIENT_SECRET?: string;
       AUTH0_ISSUER?: string;
@@ -159,6 +161,7 @@ export const getAuthConfig = () => {
       NEXT_AUTH_SECRET: z.string().optional(),
       NEXT_AUTH_SSO_PROVIDERS: z.string().optional().default('auth0'),
       NEXT_AUTH_DEBUG: z.boolean().optional().default(false),
+      NEXT_AUTH_SSO_SESSION_STRATEGY: z.enum(['jwt', 'database']).optional().default('jwt'),
 
       // Auth0
       AUTH0_CLIENT_ID: z.string().optional(),
@@ -221,6 +224,7 @@ export const getAuthConfig = () => {
       NEXT_AUTH_SSO_PROVIDERS: process.env.NEXT_AUTH_SSO_PROVIDERS,
       NEXT_AUTH_SECRET: process.env.NEXT_AUTH_SECRET,
       NEXT_AUTH_DEBUG: !!process.env.NEXT_AUTH_DEBUG,
+      NEXT_AUTH_SSO_SESSION_STRATEGY: process.env.NEXT_AUTH_SSO_SESSION_STRATEGY || 'jwt',
 
       // Auth0
       AUTH0_CLIENT_ID: process.env.AUTH0_CLIENT_ID,

package/src/libs/next-auth/adapter/index.ts

@@ -4,273 +4,175 @@ import type {
   AdapterUser,
   VerificationToken,
 } from '@auth/core/adapters';
-import { and, eq } from 'drizzle-orm';
-import type { NeonDatabase } from 'drizzle-orm/neon-serverless';
+import debug from 'debug';
 import { Adapter, AdapterAccount } from 'next-auth/adapters';
+import urlJoin from 'url-join';
 
-import { UserModel } from '@/database/models/user';
-import * as schema from '@/database/schemas';
-import { AgentService } from '@/server/services/agent';
-import { merge } from '@/utils/merge';
+import { serverDBEnv } from '@/config/db';
+import { appEnv } from '@/envs/app';
 
-import {
-  mapAdapterUserToLobeUser,
-  mapAuthenticatorQueryResutlToAdapterAuthenticator,
-  mapLobeUserToAdapterUser,
-  partialMapAdapterUserToLobeUser,
-} from './utils';
+const log = debug('lobe-next-auth:adapter');
 
-const {
-  nextauthAccounts,
-  nextauthAuthenticators,
-  nextauthSessions,
-  nextauthVerificationTokens,
-  users,
-} = schema;
+interface BackendAdapterResponse {
+  data?: any;
+  error?: string;
+  success: boolean;
+}
+
+// Due to use direct HTTP Post, the date string cannot parse automatically
+export const dateKeys = ['expires', 'emailVerified'];
 
 /**
  * @description LobeNextAuthDbAdapter is implemented to handle the database operations
  * for NextAuth, this function do the same things as `src/app/api/webhooks/clerk/route.ts`
  * @returns {Adapter}
  */
-export function LobeNextAuthDbAdapter(serverDB: NeonDatabase<typeof schema>): Adapter {
+export function LobeNextAuthDbAdapter(): Adapter {
+  const baseUrl = appEnv.APP_URL;
+
+  // Ensure the baseUrl is set, otherwise throw an error
+  if (!baseUrl) {
+    throw new Error('LobeNextAuthDbAdapter: APP_URL is not set in environment variables');
+  }
+  const interactionUrl = urlJoin(baseUrl, '/api/auth/adapter');
+  log(`LobeNextAuthDbAdapter initialized with url: ${interactionUrl}`);
+
+  // Ensure serverDBEnv.KEY_VAULTS_SECRET is set, otherwise throw an error
+  if (!serverDBEnv.KEY_VAULTS_SECRET) {
+    throw new Error('LobeNextAuthDbAdapter: KEY_VAULTS_SECRET is not set in environment variables');
+  }
+
+  const fetcher = (action: string, data: any) =>
+    fetch(interactionUrl, {
+      body: JSON.stringify({ action, data }),
+      headers: {
+        'Authorization': `Bearer ${serverDBEnv.KEY_VAULTS_SECRET}`,
+        'Content-Type': 'application/json',
+      },
+      method: 'POST',
+    });
+  const postProcessor = async (res: Response) => {
+    const data = (await res.json()) as BackendAdapterResponse;
+    log('LobeNextAuthDbAdapter: postProcessor called with data:', data);
+    if (!data.success) {
+      log('LobeNextAuthDbAdapter: Error in postProcessor:');
+      log(data);
+      throw new Error(`LobeNextAuthDbAdapter: ${data.error}`);
+    }
+    if (data?.data) {
+      for (const key of dateKeys) {
+        if (data.data[key]) {
+          data.data[key] = new Date(data.data[key]);
+          continue;
+        }
+      }
+    }
+    return data.data;
+  };
+
   return {
     async createAuthenticator(authenticator): Promise<AdapterAuthenticator> {
-      const result = await serverDB
-        .insert(nextauthAuthenticators)
-        .values(authenticator)
-        .returning()
-        .then((res) => res[0] ?? undefined);
-      if (!result) throw new Error('LobeNextAuthDbAdapter: Failed to create authenticator');
-      return mapAuthenticatorQueryResutlToAdapterAuthenticator(result);
+      const data = await fetcher('createAuthenticator', authenticator);
+      return await postProcessor(data);
     },
-    async createSession(data): Promise<AdapterSession> {
-      return serverDB
-        .insert(nextauthSessions)
-        .values(data)
-        .returning()
-        .then((res) => res[0]);
+    async createSession(session): Promise<AdapterSession> {
+      const data = await fetcher('createSession', session);
+      return await postProcessor(data);
     },
     async createUser(user): Promise<AdapterUser> {
-      const { id, name, email, emailVerified, image, providerAccountId } = user;
-      // return the user if it already exists
-      let existingUser =
-        email && typeof email === 'string' && email.trim()
-          ? await UserModel.findByEmail(serverDB, email)
-          : undefined;
-      // If the user is not found by email, try to find by providerAccountId
-      if (!existingUser && providerAccountId) {
-        existingUser = await UserModel.findById(serverDB, providerAccountId);
-      }
-      if (existingUser) {
-        const adapterUser = mapLobeUserToAdapterUser(existingUser);
-        return adapterUser;
-      }
-
-      // create a new user if it does not exist
-      // Use id from provider if it exists, otherwise use id assigned by next-auth
-      // ref: https://github.com/lobehub/lobe-chat/pull/2935
-      const uid = providerAccountId ?? id;
-      await UserModel.createUser(
-        serverDB,
-        mapAdapterUserToLobeUser({
-          email,
-          emailVerified,
-          // Use providerAccountId as userid to identify if the user exists in a SSO provider
-          id: uid,
-          image,
-          name,
-        }),
-      );
-
-      // 3. Create an inbox session for the user
-      const agentService = new AgentService(serverDB, uid);
-      await agentService.createInbox();
-
-      return { ...user, id: uid };
+      const data = await fetcher('createUser', user);
+      return await postProcessor(data);
     },
     async createVerificationToken(data): Promise<VerificationToken | null | undefined> {
-      return serverDB
-        .insert(nextauthVerificationTokens)
-        .values(data)
-        .returning()
-        .then((res) => res[0]);
+      const result = await fetcher('createVerificationToken', data);
+      return await postProcessor(result);
     },
     async deleteSession(sessionToken): Promise<AdapterSession | null | undefined> {
-      await serverDB
-        .delete(nextauthSessions)
-        .where(eq(nextauthSessions.sessionToken, sessionToken));
+      const result = await fetcher('deleteSession', sessionToken);
+      await postProcessor(result);
       return;
     },
     async deleteUser(id): Promise<AdapterUser | null | undefined> {
-      const user = await UserModel.findById(serverDB, id);
-      if (!user) throw new Error('NextAuth: Delete User not found');
-
-      await UserModel.deleteUser(serverDB, id);
+      const result = await fetcher('deleteUser', id);
+      await postProcessor(result);
       return;
     },
 
     async getAccount(providerAccountId, provider): Promise<AdapterAccount | null> {
-      return serverDB
-        .select()
-        .from(nextauthAccounts)
-        .where(
-          and(
-            eq(nextauthAccounts.provider, provider),
-            eq(nextauthAccounts.providerAccountId, providerAccountId),
-          ),
-        )
-        .then((res) => res[0] ?? null) as Promise<AdapterAccount | null>;
+      const data = await fetcher('getAccount', {
+        provider,
+        providerAccountId,
+      });
+      return await postProcessor(data);
     },
 
     async getAuthenticator(credentialID): Promise<AdapterAuthenticator | null> {
-      const result = await serverDB
-        .select()
-        .from(nextauthAuthenticators)
-        .where(eq(nextauthAuthenticators.credentialID, credentialID))
-        .then((res) => res[0] ?? null);
-      if (!result) throw new Error('LobeNextAuthDbAdapter: Failed to get authenticator');
-      return mapAuthenticatorQueryResutlToAdapterAuthenticator(result);
+      const result = await fetcher('getAuthenticator', credentialID);
+      return await postProcessor(result);
     },
 
     async getSessionAndUser(sessionToken): Promise<{
       session: AdapterSession;
       user: AdapterUser;
     } | null> {
-      const result = await serverDB
-        .select({
-          session: nextauthSessions,
-          user: users,
-        })
-        .from(nextauthSessions)
-        .where(eq(nextauthSessions.sessionToken, sessionToken))
-        .innerJoin(users, eq(users.id, nextauthSessions.userId))
-        .then((res) => (res.length > 0 ? res[0] : null));
-
-      if (!result) return null;
-      const adapterUser = mapLobeUserToAdapterUser(result.user);
-      if (!adapterUser) return null;
-      return {
-        session: result.session,
-        user: adapterUser,
-      };
+      const result = await fetcher('getSessionAndUser', sessionToken);
+      return await postProcessor(result);
     },
 
     async getUser(id): Promise<AdapterUser | null> {
-      const lobeUser = await UserModel.findById(serverDB, id);
-      if (!lobeUser) return null;
-      return mapLobeUserToAdapterUser(lobeUser);
+      log('getUser called with id:', id);
+      const result = await fetcher('getUser', id);
+      return await postProcessor(result);
     },
 
     async getUserByAccount(account): Promise<AdapterUser | null> {
-      const result = await serverDB
-        .select({
-          account: nextauthAccounts,
-          users,
-        })
-        .from(nextauthAccounts)
-        .innerJoin(users, eq(nextauthAccounts.userId, users.id))
-        .where(
-          and(
-            eq(nextauthAccounts.provider, account.provider),
-            eq(nextauthAccounts.providerAccountId, account.providerAccountId),
-          ),
-        )
-        .then((res) => res[0]);
-
-      return result?.users ? mapLobeUserToAdapterUser(result.users) : null;
+      const data = await fetcher('getUserByAccount', account);
+      return await postProcessor(data);
     },
 
     async getUserByEmail(email): Promise<AdapterUser | null> {
-      const lobeUser =
-        email && typeof email === 'string' && email.trim()
-          ? await UserModel.findByEmail(serverDB, email)
-          : undefined;
-      return lobeUser ? mapLobeUserToAdapterUser(lobeUser) : null;
+      const data = await fetcher('getUserByEmail', email);
+      return await postProcessor(data);
     },
 
     async linkAccount(data): Promise<AdapterAccount | null | undefined> {
-      const [account] = await serverDB
-        .insert(nextauthAccounts)
-        .values(data as any)
-        .returning();
-      if (!account) throw new Error('NextAuthAccountModel: Failed to create account');
-      // TODO Update type annotation
-      return account as any;
+      const result = await fetcher('linkAccount', data);
+      return await postProcessor(result);
     },
 
     async listAuthenticatorsByUserId(userId): Promise<AdapterAuthenticator[]> {
-      const result = await serverDB
-        .select()
-        .from(nextauthAuthenticators)
-        .where(eq(nextauthAuthenticators.userId, userId))
-        .then((res) => res);
-      if (result.length === 0)
-        throw new Error('LobeNextAuthDbAdapter: Failed to get authenticator list');
-      return result.map((r) => mapAuthenticatorQueryResutlToAdapterAuthenticator(r));
+      const result = await fetcher('listAuthenticatorsByUserId', userId);
+      return await postProcessor(result);
     },
 
     // @ts-ignore: The return type is {Promise<void> | Awaitable<AdapterAccount | undefined>}
     async unlinkAccount(account): Promise<void | AdapterAccount | undefined> {
-      await serverDB
-        .delete(nextauthAccounts)
-        .where(
-          and(
-            eq(nextauthAccounts.provider, account.provider),
-            eq(nextauthAccounts.providerAccountId, account.providerAccountId),
-          ),
-        );
+      const result = await fetcher('unlinkAccount', account);
+      await postProcessor(result);
+      return;
     },
 
     async updateAuthenticatorCounter(credentialID, counter): Promise<AdapterAuthenticator> {
-      const result = await serverDB
-        .update(nextauthAuthenticators)
-        .set({ counter })
-        .where(eq(nextauthAuthenticators.credentialID, credentialID))
-        .returning()
-        .then((res) => res[0]);
-      if (!result) throw new Error('LobeNextAuthDbAdapter: Failed to update authenticator counter');
-      return mapAuthenticatorQueryResutlToAdapterAuthenticator(result);
+      const result = await fetcher('updateAuthenticatorCounter', {
+        counter,
+        credentialID,
+      });
+      return await postProcessor(result);
     },
 
     async updateSession(data): Promise<AdapterSession | null | undefined> {
-      const res = await serverDB
-        .update(nextauthSessions)
-        .set(data)
-        .where(eq(nextauthSessions.sessionToken, data.sessionToken))
-        .returning();
-      return res[0];
+      const result = await fetcher('updateSession', data);
+      return await postProcessor(result);
     },
 
     async updateUser(user): Promise<AdapterUser> {
-      const lobeUser = await UserModel.findById(serverDB, user?.id);
-      if (!lobeUser) throw new Error('NextAuth: User not found');
-      const userModel = new UserModel(serverDB, user.id);
-
-      const updatedUser = await userModel.updateUser({
-        ...partialMapAdapterUserToLobeUser(user),
-      });
-      if (!updatedUser) throw new Error('NextAuth: Failed to update user');
-
-      // merge new user data with old user data
-      const newAdapterUser = mapLobeUserToAdapterUser(lobeUser);
-      if (!newAdapterUser) {
-        throw new Error('NextAuth: Failed to map user data to adapter user');
-      }
-      return merge(newAdapterUser, user);
+      const result = await fetcher('updateUser', user);
+      return await postProcessor(result);
     },
 
     async useVerificationToken(identifier_token): Promise<VerificationToken | null> {
-      return serverDB
-        .delete(nextauthVerificationTokens)
-        .where(
-          and(
-            eq(nextauthVerificationTokens.identifier, identifier_token.identifier),
-            eq(nextauthVerificationTokens.token, identifier_token.token),
-          ),
-        )
-        .returning()
-        .then((res) => (res.length > 0 ? res[0] : null));
+      const result = await fetcher('useVerificationToken', identifier_token);
+      return await postProcessor(result);
     },
   };
 }