@lobehub/chat 1.16.10 → 1.16.11

package/CHANGELOG.md

@@ -2,6 +2,39 @@
 
 # Changelog
 
+### [Version 1.16.11](https://github.com/lobehub/lobe-chat/compare/v1.16.10...v1.16.11)
+
+<sup>Released on **2024-09-12**</sup>
+
+#### 🐛 Bug Fixes
+
+- **misc**: Support webhooks for logto.
+
+#### 💄 Styles
+
+- **misc**: Default disable mistral provider useless models.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's fixed
+
+- **misc**: Support webhooks for logto, closes [#3774](https://github.com/lobehub/lobe-chat/issues/3774) ([0cfee6b](https://github.com/lobehub/lobe-chat/commit/0cfee6b))
+
+#### Styles
+
+- **misc**: Default disable mistral provider useless models, closes [#3922](https://github.com/lobehub/lobe-chat/issues/3922) ([bdbc647](https://github.com/lobehub/lobe-chat/commit/bdbc647))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.16.10](https://github.com/lobehub/lobe-chat/compare/v1.16.9...v1.16.10)
 
 <sup>Released on **2024-09-12**</sup>

package/docs/self-hosting/server-database/docker-compose.mdx

@@ -186,6 +186,7 @@ And the service port without reverse proxy:
 
 <Callout type="warning">
   Please note that CORS cross-origin is configured internally in MinIO / Logto service, do not configure CORS additionally in your reverse proxy, as this will cause errors.
+  For minio ports other than 443, Host must be $http_host (with port number), otherwise a 403 error will occur: proxy_set_header Host $http_host.
 
 If you need to configure SSL certificates, please configure them uniformly in the outer Nginx reverse proxy, rather than in MinIO.
 

package/docs/self-hosting/server-database/docker-compose.zh-CN.mdx

@@ -185,6 +185,7 @@ docker compose up -d
 
 <Callout type="warning">
   请务必注意，CORS 跨域是在 MinIO / Logto 服务端内部配置的，请勿在你的反向代理中额外配置 CORS，这会导致错误。
+  对于minio非443端口时，Host必须是$http_host（带端口号），否则会403错误：proxy_set_header Host $http_host。
 
 如果你需要配置 SSL 证书，请统一在外层的 Nginx 反向代理中配置，而不是在 MinIO 中配置。
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.16.10",
+  "version": "1.16.11",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/src/app/api/webhooks/logto/__tests__/route.test.ts

@@ -0,0 +1,92 @@
+import { createHmac } from 'node:crypto';
+import { describe, expect, it } from 'vitest';
+
+interface UserDataUpdatedEvent {
+  event: string;
+  createdAt: string;
+  userAgent: string;
+  ip: string;
+  path: string;
+  method: string;
+  status: number;
+  params: {
+    userId: string;
+  };
+  matchedRoute: string;
+  data: {
+    id: string;
+    username: string;
+    primaryEmail: string;
+    primaryPhone: string | null;
+    name: string;
+    avatar: string | null;
+    customData: Record<string, unknown>;
+    identities: Record<string, unknown>;
+    lastSignInAt: number;
+    createdAt: number;
+    updatedAt: number;
+    profile: Record<string, unknown>;
+    applicationId: string;
+    isSuspended: boolean;
+  };
+  hookId: string;
+}
+
+const userDataUpdatedEvent: UserDataUpdatedEvent = {
+  event: 'User.Data.Updated',
+  createdAt: '2024-09-07T08:29:09.381Z',
+  userAgent:
+    'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0',
+  ip: '223.104.76.217',
+  path: '/users/rra41h9vmpnd',
+  method: 'PATCH',
+  status: 200,
+  params: {
+    userId: 'rra41h9vmpnd',
+  },
+  matchedRoute: '/users/:userId',
+  data: {
+    id: 'uid',
+    username: 'test',
+    primaryEmail: 'user@example.com',
+    primaryPhone: null,
+    name: 'test',
+    avatar: null,
+    customData: {},
+    identities: {},
+    lastSignInAt: 1725446291545,
+    createdAt: 1725440405556,
+    updatedAt: 1725697749337,
+    profile: {},
+    applicationId: 'appid',
+    isSuspended: false,
+  },
+  hookId: 'hookId',
+};
+
+const LOGTO_WEBHOOK_SIGNING_KEY = 'logto-signing-key';
+
+// Test Logto Webhooks in Local dev, here is some tips:
+// - Replace the var `LOGTO_WEBHOOK_SIGNING_KEY` with the actual value in your `.env` file
+// - Start web request: If you want to run the test, replace `describe.skip` with `describe` below
+
+describe.skip('Test Logto Webhooks in Local dev', () => {
+  // describe('Test Logto Webhooks in Local dev', () => {
+  it('should send a POST request with logto headers', async () => {
+    const url = 'http://localhost:3010/api/webhooks/logto'; // 替换为目标URL
+    const data = userDataUpdatedEvent;
+    //  Generate data signature
+    const hmac = createHmac('sha256', LOGTO_WEBHOOK_SIGNING_KEY!);
+    hmac.update(JSON.stringify(data));
+    const signature = hmac.digest('hex');
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'logto-signature-sha-256': signature,
+      },
+      body: JSON.stringify(data),
+    });
+    expect(response.status).toBe(200); // 检查响应状态
+  });
+});

package/src/app/api/webhooks/logto/route.ts

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server';
+
+import { authEnv } from '@/config/auth';
+import { pino } from '@/libs/logger';
+import { NextAuthUserService } from '@/server/services/nextAuthUser';
+
+import { validateRequest } from './validateRequest';
+
+export const POST = async (req: Request): Promise<NextResponse> => {
+  const payload = await validateRequest(req, authEnv.LOGTO_WEBHOOK_SIGNING_KEY!);
+
+  if (!payload) {
+    return NextResponse.json(
+      { error: 'webhook verification failed or payload was malformed' },
+      { status: 400 },
+    );
+  }
+
+  const { event, data } = payload;
+
+  pino.trace(`logto webhook payload: ${{ data, event }}`);
+
+  const nextAuthUserService = new NextAuthUserService();
+  switch (event) {
+    case 'User.Data.Updated': {
+      return nextAuthUserService.safeUpdateUser(data.id, {
+        avatar: data?.avatar,
+        email: data?.primaryEmail,
+        fullName: data?.name,
+      });
+    }
+
+    default: {
+      pino.warn(
+        `${req.url} received event type "${event}", but no handler is defined for this type`,
+      );
+      return NextResponse.json({ error: `unrecognised payload type: ${event}` }, { status: 400 });
+    }
+  }
+};

package/src/app/api/webhooks/logto/validateRequest.ts

@@ -0,0 +1,50 @@
+import { headers } from 'next/headers';
+import { createHmac } from 'node:crypto';
+
+import { authEnv } from '@/config/auth';
+
+export type LogtToUserEntity = {
+  applicationId?: string;
+  avatar?: string;
+  createdAt?: string;
+  customData?: object;
+  id: string;
+  identities?: object;
+  isSuspended?: boolean;
+  lastSignInAt?: string;
+  name?: string;
+  primaryEmail?: string;
+  primaryPhone?: string;
+  username?: string;
+};
+
+interface LogtoWebhookPayload {
+  // Only support user event currently
+  data: LogtToUserEntity;
+  event: string;
+}
+
+export const validateRequest = async (request: Request, signingKey: string) => {
+  const payloadString = await request.text();
+  const headerPayload = headers();
+  const logtoHeaderSignature = headerPayload.get('logto-signature-sha-256')!;
+  try {
+    const hmac = createHmac('sha256', signingKey);
+    hmac.update(payloadString);
+    const signature = hmac.digest('hex');
+    if (signature === logtoHeaderSignature) {
+      return JSON.parse(payloadString) as LogtoWebhookPayload;
+    } else {
+      console.warn(
+        '[logto]: signature verify failed, please check your logto signature in `LOGTO_WEBHOOK_SIGNING_KEY`',
+      );
+      return;
+    }
+  } catch (e) {
+    if (!authEnv.LOGTO_WEBHOOK_SIGNING_KEY) {
+      throw new Error('`LOGTO_WEBHOOK_SIGNING_KEY` environment variable is missing.');
+    }
+    console.error('[logto]: incoming webhook failed in verification.\n', e);
+    return;
+  }
+};

package/src/config/auth.ts

@@ -200,6 +200,7 @@ export const getAuthConfig = () => {
       LOGTO_CLIENT_ID: z.string().optional(),
       LOGTO_CLIENT_SECRET: z.string().optional(),
       LOGTO_ISSUER: z.string().optional(),
+      LOGTO_WEBHOOK_SIGNING_KEY: z.string().optional(),
     },
 
     runtimeEnv: {
@@ -257,6 +258,7 @@ export const getAuthConfig = () => {
       LOGTO_CLIENT_ID: process.env.LOGTO_CLIENT_ID,
       LOGTO_CLIENT_SECRET: process.env.LOGTO_CLIENT_SECRET,
       LOGTO_ISSUER: process.env.LOGTO_ISSUER,
+      LOGTO_WEBHOOK_SIGNING_KEY: process.env.LOGTO_WEBHOOK_SIGNING_KEY,
     },
   });
 };

package/src/config/modelProviders/bedrock.ts

@@ -40,6 +40,20 @@ const Bedrock: ModelProviderCard = {
       tokens: 200_000,
       vision: true,
     },
+    {
+      description:
+        'Claude 3 Haiku 是 Anthropic 最快、最紧凑的模型，提供近乎即时的响应速度。它可以快速回答简单的查询和请求。客户将能够构建模仿人类互动的无缝 AI 体验。Claude 3 Haiku 可以处理图像并返回文本输出，具有 200K 的上下文窗口。',
+      displayName: 'Claude 3 Haiku',
+      enabled: true,
+      functionCall: true,
+      id: 'anthropic.claude-3-haiku-20240307-v1:0',
+      pricing: {
+        input: 0.25,
+        output: 1.25,
+      },
+      tokens: 200_000,
+      vision: true,
+    },
     {
       description:
         'Anthropic 的 Claude 3 Sonnet 在智能和速度之间达到了理想的平衡——特别适合企业工作负载。它以低于竞争对手的价格提供最大的效用，并被设计成为可靠的、高耐用的主力机，适用于规模化的 AI 部署。Claude 3 Sonnet 可以处理图像并返回文本输出，具有 200K 的上下文窗口。',
@@ -68,20 +82,6 @@ const Bedrock: ModelProviderCard = {
       tokens: 200_000,
       vision: true,
     },
-    {
-      description:
-        'Claude 3 Haiku 是 Anthropic 最快、最紧凑的模型，提供近乎即时的响应速度。它可以快速回答简单的查询和请求。客户将能够构建模仿人类互动的无缝 AI 体验。Claude 3 Haiku 可以处理图像并返回文本输出，具有 200K 的上下文窗口。',
-      displayName: 'Claude 3 Haiku',
-      enabled: true,
-      functionCall: true,
-      id: 'anthropic.claude-3-haiku-20240307-v1:0',
-      pricing: {
-        input: 0.25,
-        output: 1.25,
-      },
-      tokens: 200_000,
-      vision: true,
-    },
     {
       description:
         'Claude 2 的更新版，具有双倍的上下文窗口，以及在长文档和 RAG 上下文中的可靠性、幻觉率和基于证据的准确性的改进。',

package/src/config/modelProviders/mistral.ts

@@ -8,7 +8,6 @@ const Mistral: ModelProviderCard = {
       description:
         'Mistral 7B是一款紧凑但高性能的模型，擅长批量处理和简单任务，如分类和文本生成，具有良好的推理能力。',
       displayName: 'Mistral 7B',
-      enabled: true,
       id: 'open-mistral-7b',
       tokens: 32_768,
     },
@@ -16,7 +15,6 @@ const Mistral: ModelProviderCard = {
       description:
         'Mixtral 8x7B是一个稀疏专家模型，利用多个参数提高推理速度，适合处理多语言和代码生成任务。',
       displayName: 'Mixtral 8x7B',
-      enabled: true,
       id: 'open-mixtral-8x7b',
       tokens: 32_768,
     },
@@ -57,7 +55,6 @@ const Mistral: ModelProviderCard = {
       description:
         'Codestral Mamba是专注于代码生成的Mamba 2语言模型，为先进的代码和推理任务提供强力支持。',
       displayName: 'Codestral Mamba',
-      enabled: true,
       id: 'open-codestral-mamba',
       tokens: 256_000,
     },

package/src/server/services/nextAuthUser/index.ts

@@ -0,0 +1,42 @@
+import { NextResponse } from 'next/server';
+
+import { serverDB } from '@/database/server';
+import { UserModel } from '@/database/server/models/user';
+import { UserItem } from '@/database/server/schemas/lobechat';
+import { pino } from '@/libs/logger';
+import { LobeNextAuthDbAdapter } from '@/libs/next-auth/adapter';
+
+export class NextAuthUserService {
+  userModel;
+  adapter;
+
+  constructor() {
+    this.userModel = new UserModel();
+    this.adapter = LobeNextAuthDbAdapter(serverDB);
+  }
+
+  safeUpdateUser = async (providerAccountId: string, data: Partial<UserItem>) => {
+    pino.info('updating user due to webhook');
+    // 1. Find User by account
+    // @ts-expect-error: Already impl in `LobeNextauthDbAdapter`
+    const user = await this.adapter.getUserByAccount({
+      provider: 'logto',
+      providerAccountId,
+    });
+
+    // 2. If found, Update user data from provider
+    if (user?.id) {
+      // Perform update
+      await this.userModel.updateUser(user.id, {
+        avatar: data?.avatar,
+        email: data?.email,
+        fullName: data?.fullName,
+      });
+    } else {
+      pino.warn(
+        `[logto]: Webhooks handler user update for "${JSON.stringify(data)}", but no user was found by the providerAccountId.`,
+      );
+    }
+    return NextResponse.json({ message: 'user updated', success: true }, { status: 200 });
+  };
+}