@lobehub/chat 1.16.10 → 1.16.12

package/CHANGELOG.md

@@ -2,6 +2,64 @@
 
 # Changelog
 
+### [Version 1.16.12](https://github.com/lobehub/lobe-chat/compare/v1.16.11...v1.16.12)
+
+<sup>Released on **2024-09-12**</sup>
+
+#### 💄 Styles
+
+- **misc**: Remove brackets from model names with dates in OpenAI.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### Styles
+
+- **misc**: Remove brackets from model names with dates in OpenAI, closes [#3927](https://github.com/lobehub/lobe-chat/issues/3927) ([2a937bc](https://github.com/lobehub/lobe-chat/commit/2a937bc))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
+### [Version 1.16.11](https://github.com/lobehub/lobe-chat/compare/v1.16.10...v1.16.11)
+
+<sup>Released on **2024-09-12**</sup>
+
+#### 🐛 Bug Fixes
+
+- **misc**: Support webhooks for logto.
+
+#### 💄 Styles
+
+- **misc**: Default disable mistral provider useless models.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's fixed
+
+- **misc**: Support webhooks for logto, closes [#3774](https://github.com/lobehub/lobe-chat/issues/3774) ([0cfee6b](https://github.com/lobehub/lobe-chat/commit/0cfee6b))
+
+#### Styles
+
+- **misc**: Default disable mistral provider useless models, closes [#3922](https://github.com/lobehub/lobe-chat/issues/3922) ([bdbc647](https://github.com/lobehub/lobe-chat/commit/bdbc647))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.16.10](https://github.com/lobehub/lobe-chat/compare/v1.16.9...v1.16.10)
 
 <sup>Released on **2024-09-12**</sup>

package/docs/self-hosting/advanced/auth/next-auth/logto.zh-CN.mdx

@@ -75,4 +75,4 @@ tags:
 </Callout>
 </Steps>
 
-<Callout type={'info'}>部署成功后，用户将可以通过 Logto 身份认证并使用 LobeChat。</Callout>
+<Callout type={'info'}>部署成功后，用户将可以通过 Logto 身份认证并使用 LobeChat。</Callout>

package/docs/self-hosting/server-database/docker-compose.mdx

@@ -186,6 +186,7 @@ And the service port without reverse proxy:
 
 <Callout type="warning">
   Please note that CORS cross-origin is configured internally in MinIO / Logto service, do not configure CORS additionally in your reverse proxy, as this will cause errors.
+  For minio ports other than 443, Host must be $http_host (with port number), otherwise a 403 error will occur: proxy_set_header Host $http_host.
 
 If you need to configure SSL certificates, please configure them uniformly in the outer Nginx reverse proxy, rather than in MinIO.
 

package/docs/self-hosting/server-database/docker-compose.zh-CN.mdx

@@ -185,6 +185,7 @@ docker compose up -d
 
 <Callout type="warning">
   请务必注意，CORS 跨域是在 MinIO / Logto 服务端内部配置的，请勿在你的反向代理中额外配置 CORS，这会导致错误。
+  对于minio非443端口时，Host必须是$http_host（带端口号），否则会403错误：proxy_set_header Host $http_host。
 
 如果你需要配置 SSL 证书，请统一在外层的 Nginx 反向代理中配置，而不是在 MinIO 中配置。
 

package/locales/ar/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "إذا كنت تستخدم AWS SSO/STS، يرجى إدخال رمز جلسة AWS الخاص بك",
+      "placeholder": "رمز جلسة AWS",
+      "title": "رمز جلسة AWS (اختياري)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "منطقة خدمة مخصصة",
+      "customSessionToken": "رمز الجلسة المخصص",
       "description": "أدخل معرف الوصول / مفتاح الوصول السري الخاص بك في AWS لبدء الجلسة. لن يتم تسجيل تكوين المصادقة الخاص بك من قبل التطبيق",
       "title": "استخدام معلومات المصادقة الخاصة بـ Bedrock المخصصة"
     }

package/locales/bg-BG/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Ако използвате AWS SSO/STS, моля, въведете вашия AWS Session Token",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (по избор)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Персонализиран регион за услуги",
+      "customSessionToken": "Персонализиран токен за сесия",
       "description": "Въведете вашия AWS AccessKeyId / SecretAccessKey, за да започнете сесия. Приложението няма да запази вашата удостоверителна конфигурация",
       "title": "Използване на персонализирана информация за удостоверяване на Bedrock"
     }

package/locales/de-DE/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Wenn Sie AWS SSO/STS verwenden, geben Sie Ihr AWS Session Token ein",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (optional)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Benutzerdefinierter Regionsservice",
+      "customSessionToken": "Benutzerdefiniertes Sitzungstoken",
       "description": "Geben Sie Ihren AWS AccessKeyId / SecretAccessKey ein, um das Gespräch zu beginnen. Die App speichert Ihre Authentifizierungsinformationen nicht.",
       "title": "Verwenden Sie benutzerdefinierte Bedrock-Authentifizierungsinformationen"
     }

package/locales/en-US/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "If you are using AWS SSO/STS, please enter your AWS Session Token",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (optional)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Custom Service Region",
+      "customSessionToken": "Custom Session Token",
       "description": "Enter your AWS AccessKeyId / SecretAccessKey to start the session. The app will not store your authentication configuration",
       "title": "Use Custom Bedrock Authentication Information"
     }

package/locales/es-ES/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Si estás utilizando AWS SSO/STS, introduce tu Token de Sesión de AWS",
+      "placeholder": "Token de Sesión de AWS",
+      "title": "Token de Sesión de AWS (opcional)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Región de servicio personalizada",
+      "customSessionToken": "Token de sesión personalizado",
       "description": "Introduce tu AWS AccessKeyId / SecretAccessKey para comenzar la sesión. La aplicación no guardará tu configuración de autenticación.",
       "title": "Usar información de autenticación de Bedrock personalizada"
     }

package/locales/fr-FR/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "Clé d'accès secrète AWS",
       "title": "Clé d'accès secrète AWS"
     },
+    "sessionToken": {
+      "desc": "Si vous utilisez AWS SSO/STS, veuillez entrer votre jeton de session AWS",
+      "placeholder": "Jeton de session AWS",
+      "title": "Jeton de session AWS (facultatif)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Région de service personnalisée",
+      "customSessionToken": "Jeton de session personnalisé",
       "description": "Entrez votre ID de clé d'accès AWS / SecretAccessKey pour commencer la session. L'application ne stockera pas votre configuration d'authentification.",
       "title": "Utiliser des informations d'authentification Bedrock personnalisées"
     }

package/locales/it-IT/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "Chiave di accesso segreta AWS",
       "title": "Chiave di accesso segreta AWS"
     },
+    "sessionToken": {
+      "desc": "Se stai utilizzando AWS SSO/STS, inserisci il tuo AWS Session Token",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (opzionale)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Regione del servizio personalizzata",
+      "customSessionToken": "Token di sessione personalizzato",
       "description": "Inserisci la tua chiave di accesso AWS AccessKeyId / SecretAccessKey per avviare la sessione. L'applicazione non memorizzerà la tua configurazione di autenticazione",
       "title": "Usa le informazioni di autenticazione Bedrock personalizzate"
     }

package/locales/ja-JP/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "AWS SSO/STSを使用している場合は、AWSセッショントークンを入力してください。",
+      "placeholder": "AWSセッショントークン",
+      "title": "AWSセッショントークン（オプション）"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "カスタムサービスリージョン",
+      "customSessionToken": "カスタムセッショントークン",
       "description": "AWS AccessKeyId / SecretAccessKey を入力するとセッションを開始できます。アプリは認証情報を記録しません",
       "title": "使用カスタム Bedrock 認証情報"
     }

package/locales/ko-KR/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS 비밀 액세스 키",
       "title": "AWS 비밀 액세스 키"
     },
+    "sessionToken": {
+      "desc": "AWS SSO/STS를 사용 중이라면 AWS 세션 토큰을 입력하세요.",
+      "placeholder": "AWS 세션 토큰",
+      "title": "AWS 세션 토큰 (선택 사항)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "사용자 정의 서비스 지역",
+      "customSessionToken": "사용자 정의 세션 토큰",
       "description": "AWS AccessKeyId / SecretAccessKey를 입력하면 세션이 시작됩니다. 애플리케이션은 인증 구성을 기록하지 않습니다.",
       "title": "사용자 정의 Bedrock 인증 정보 사용"
     }

package/locales/nl-NL/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Als je AWS SSO/STS gebruikt, voer dan je AWS Sessie Token in",
+      "placeholder": "AWS Sessie Token",
+      "title": "AWS Sessie Token (optioneel)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Aangepaste regio",
+      "customSessionToken": "Aangepaste sessietoken",
       "description": "Voer uw AWS AccessKeyId / SecretAccessKey in om een sessie te starten. De app zal uw verificatiegegevens niet opslaan",
       "title": "Gebruik aangepaste Bedrock-verificatiegegevens"
     }

package/locales/pl-PL/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Jeśli korzystasz z AWS SSO/STS, wprowadź swój token sesji AWS",
+      "placeholder": "Token sesji AWS",
+      "title": "Token sesji AWS (opcjonalnie)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Niestandardowy region usługi",
+      "customSessionToken": "Niestandardowy token sesji",
       "description": "Wprowadź swój AWS AccessKeyId / SecretAccessKey, aby rozpocząć sesję. Aplikacja nie będzie przechowywać Twojej konfiguracji uwierzytelniania",
       "title": "Użyj niestandardowych informacji uwierzytelniających Bedrock"
     }

package/locales/pt-BR/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Se você estiver usando AWS SSO/STS, insira seu Token de Sessão da AWS",
+      "placeholder": "Token de Sessão da AWS",
+      "title": "Token de Sessão da AWS (opcional)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Região de serviço personalizada",
+      "customSessionToken": "Token de Sessão Personalizado",
       "description": "Digite sua AWS AccessKeyId / SecretAccessKey para iniciar a sessão. O aplicativo não irá armazenar suas configurações de autenticação",
       "title": "Usar informações de autenticação Bedrock personalizadas"
     }

package/locales/ru-RU/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Если вы используете AWS SSO/STS, введите ваш AWS Session Token",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (необязательно)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Пользовательский регион обслуживания",
+      "customSessionToken": "Пользовательский токен сессии",
       "description": "Введите свой ключ доступа AWS AccessKeyId / SecretAccessKey, чтобы начать сеанс. Приложение не будет сохранять вашу конфигурацию аутентификации",
       "title": "Использовать пользовательскую информацию аутентификации Bedrock"
     }

package/locales/tr-TR/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "AWS SSO/STS kullanıyorsanız, lütfen AWS Oturum Tokeninizi girin",
+      "placeholder": "AWS Oturum Tokeni",
+      "title": "AWS Oturum Tokeni (isteğe bağlı)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Özel Bölge",
+      "customSessionToken": "Özel Oturum Tokeni",
       "description": "AWS AccessKeyId / SecretAccessKey bilgilerinizi girerek oturumu başlatabilirsiniz. Uygulama kimlik doğrulama bilgilerinizi kaydetmez.",
       "title": "Özel Bedrock Kimlik Bilgilerini Kullan"
     }

package/locales/vi-VN/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "Nếu bạn đang sử dụng AWS SSO/STS, hãy nhập AWS Session Token của bạn",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (tùy chọn)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "Vùng Dịch vụ Tùy chỉnh",
+      "customSessionToken": "Mã thông báo phiên tùy chỉnh",
       "description": "Nhập AWS AccessKeyId / SecretAccessKey của bạn để bắt đầu phiên làm việc. Ứng dụng sẽ không lưu trữ cấu hình xác thực của bạn",
       "title": "Sử dụng Thông tin Xác thực Bedrock tùy chỉnh"
     }

package/locales/zh-CN/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "如果你正在使用 AWS SSO/STS，请输入你的 AWS Session Token",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (可选)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "自定义服务区域",
+      "customSessionToken": "自定义 Session Token",
       "description": "输入你的 AWS AccessKeyId / SecretAccessKey 即可开始会话。应用不会记录你的鉴权配置",
       "title": "使用自定义 Bedrock 鉴权信息"
     }

package/locales/zh-TW/modelProvider.json

@@ -38,9 +38,15 @@
       "placeholder": "AWS Secret Access Key",
       "title": "AWS Secret Access Key"
     },
+    "sessionToken": {
+      "desc": "如果你正在使用 AWS SSO/STS，請輸入你的 AWS Session Token",
+      "placeholder": "AWS Session Token",
+      "title": "AWS Session Token (可選)"
+    },
     "title": "Bedrock",
     "unlock": {
       "customRegion": "自定義服務區域",
+      "customSessionToken": "自訂 Session Token",
       "description": "輸入你的 AWS AccessKeyId / SecretAccessKey 即可開始會話。應用程式不會記錄你的驗證配置",
       "title": "使用自定義 Bedrock 驗證資訊"
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.16.10",
+  "version": "1.16.12",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/src/app/(main)/settings/llm/ProviderList/Bedrock/index.tsx

@@ -39,6 +39,17 @@ export const useBedrockProvider = (): ProviderItem => {
         label: t(`${providerKey}.secretAccessKey.title`),
         name: [KeyVaultsConfigKey, providerKey, 'secretAccessKey'],
       },
+      {
+        children: (
+          <Input.Password
+            autoComplete={'new-password'}
+            placeholder={t(`${providerKey}.sessionToken.placeholder`)}
+          />
+        ),
+        desc: t(`${providerKey}.sessionToken.desc`),
+        label: t(`${providerKey}.sessionToken.title`),
+        name: [KeyVaultsConfigKey, providerKey, 'sessionToken'],
+      },
       {
         children: (
           <Select

package/src/app/api/chat/agentRuntime.test.ts

@@ -43,6 +43,7 @@ vi.mock('@/config/llm', () => ({
     AWS_SECRET_ACCESS_KEY: 'test-aws-secret',
     AWS_ACCESS_KEY_ID: 'test-aws-id',
     AWS_REGION: 'test-aws-region',
+    AWS_SESSION_TOKEN: 'test-aws-session-token',
     OLLAMA_PROXY_URL: 'https://test-ollama-url.local',
     PERPLEXITY_API_KEY: 'test-perplexity-key',
     DEEPSEEK_API_KEY: 'test-deepseek-key',

package/src/app/api/chat/agentRuntime.ts

@@ -75,17 +75,20 @@ const getLlmOptionsFromPayload = (provider: string, payload: JWTPayload) => {
       };
     }
     case ModelProvider.Bedrock: {
-      const { AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_REGION } = getLLMConfig();
+      const { AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_REGION, AWS_SESSION_TOKEN } =
+        getLLMConfig();
       let accessKeyId: string | undefined = AWS_ACCESS_KEY_ID;
       let accessKeySecret: string | undefined = AWS_SECRET_ACCESS_KEY;
       let region = AWS_REGION;
+      let sessionToken: string | undefined = AWS_SESSION_TOKEN;
       // if the payload has the api key, use user
       if (payload.apiKey) {
         accessKeyId = payload?.awsAccessKeyId;
         accessKeySecret = payload?.awsSecretAccessKey;
+        sessionToken = payload?.awsSessionToken;
         region = payload?.awsRegion;
       }
-      return { accessKeyId, accessKeySecret, region };
+      return { accessKeyId, accessKeySecret, region, sessionToken };
     }
     case ModelProvider.Ollama: {
       const { OLLAMA_PROXY_URL } = getLLMConfig();

package/src/app/api/webhooks/logto/__tests__/route.test.ts

@@ -0,0 +1,92 @@
+import { createHmac } from 'node:crypto';
+import { describe, expect, it } from 'vitest';
+
+interface UserDataUpdatedEvent {
+  event: string;
+  createdAt: string;
+  userAgent: string;
+  ip: string;
+  path: string;
+  method: string;
+  status: number;
+  params: {
+    userId: string;
+  };
+  matchedRoute: string;
+  data: {
+    id: string;
+    username: string;
+    primaryEmail: string;
+    primaryPhone: string | null;
+    name: string;
+    avatar: string | null;
+    customData: Record<string, unknown>;
+    identities: Record<string, unknown>;
+    lastSignInAt: number;
+    createdAt: number;
+    updatedAt: number;
+    profile: Record<string, unknown>;
+    applicationId: string;
+    isSuspended: boolean;
+  };
+  hookId: string;
+}
+
+const userDataUpdatedEvent: UserDataUpdatedEvent = {
+  event: 'User.Data.Updated',
+  createdAt: '2024-09-07T08:29:09.381Z',
+  userAgent:
+    'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0',
+  ip: '223.104.76.217',
+  path: '/users/rra41h9vmpnd',
+  method: 'PATCH',
+  status: 200,
+  params: {
+    userId: 'rra41h9vmpnd',
+  },
+  matchedRoute: '/users/:userId',
+  data: {
+    id: 'uid',
+    username: 'test',
+    primaryEmail: 'user@example.com',
+    primaryPhone: null,
+    name: 'test',
+    avatar: null,
+    customData: {},
+    identities: {},
+    lastSignInAt: 1725446291545,
+    createdAt: 1725440405556,
+    updatedAt: 1725697749337,
+    profile: {},
+    applicationId: 'appid',
+    isSuspended: false,
+  },
+  hookId: 'hookId',
+};
+
+const LOGTO_WEBHOOK_SIGNING_KEY = 'logto-signing-key';
+
+// Test Logto Webhooks in Local dev, here is some tips:
+// - Replace the var `LOGTO_WEBHOOK_SIGNING_KEY` with the actual value in your `.env` file
+// - Start web request: If you want to run the test, replace `describe.skip` with `describe` below
+
+describe.skip('Test Logto Webhooks in Local dev', () => {
+  // describe('Test Logto Webhooks in Local dev', () => {
+  it('should send a POST request with logto headers', async () => {
+    const url = 'http://localhost:3010/api/webhooks/logto'; // 替换为目标URL
+    const data = userDataUpdatedEvent;
+    //  Generate data signature
+    const hmac = createHmac('sha256', LOGTO_WEBHOOK_SIGNING_KEY!);
+    hmac.update(JSON.stringify(data));
+    const signature = hmac.digest('hex');
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'logto-signature-sha-256': signature,
+      },
+      body: JSON.stringify(data),
+    });
+    expect(response.status).toBe(200); // 检查响应状态
+  });
+});

package/src/app/api/webhooks/logto/route.ts

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server';
+
+import { authEnv } from '@/config/auth';
+import { pino } from '@/libs/logger';
+import { NextAuthUserService } from '@/server/services/nextAuthUser';
+
+import { validateRequest } from './validateRequest';
+
+export const POST = async (req: Request): Promise<NextResponse> => {
+  const payload = await validateRequest(req, authEnv.LOGTO_WEBHOOK_SIGNING_KEY!);
+
+  if (!payload) {
+    return NextResponse.json(
+      { error: 'webhook verification failed or payload was malformed' },
+      { status: 400 },
+    );
+  }
+
+  const { event, data } = payload;
+
+  pino.trace(`logto webhook payload: ${{ data, event }}`);
+
+  const nextAuthUserService = new NextAuthUserService();
+  switch (event) {
+    case 'User.Data.Updated': {
+      return nextAuthUserService.safeUpdateUser(data.id, {
+        avatar: data?.avatar,
+        email: data?.primaryEmail,
+        fullName: data?.name,
+      });
+    }
+
+    default: {
+      pino.warn(
+        `${req.url} received event type "${event}", but no handler is defined for this type`,
+      );
+      return NextResponse.json({ error: `unrecognised payload type: ${event}` }, { status: 400 });
+    }
+  }
+};

package/src/app/api/webhooks/logto/validateRequest.ts

@@ -0,0 +1,50 @@
+import { headers } from 'next/headers';
+import { createHmac } from 'node:crypto';
+
+import { authEnv } from '@/config/auth';
+
+export type LogtToUserEntity = {
+  applicationId?: string;
+  avatar?: string;
+  createdAt?: string;
+  customData?: object;
+  id: string;
+  identities?: object;
+  isSuspended?: boolean;
+  lastSignInAt?: string;
+  name?: string;
+  primaryEmail?: string;
+  primaryPhone?: string;
+  username?: string;
+};
+
+interface LogtoWebhookPayload {
+  // Only support user event currently
+  data: LogtToUserEntity;
+  event: string;
+}
+
+export const validateRequest = async (request: Request, signingKey: string) => {
+  const payloadString = await request.text();
+  const headerPayload = headers();
+  const logtoHeaderSignature = headerPayload.get('logto-signature-sha-256')!;
+  try {
+    const hmac = createHmac('sha256', signingKey);
+    hmac.update(payloadString);
+    const signature = hmac.digest('hex');
+    if (signature === logtoHeaderSignature) {
+      return JSON.parse(payloadString) as LogtoWebhookPayload;
+    } else {
+      console.warn(
+        '[logto]: signature verify failed, please check your logto signature in `LOGTO_WEBHOOK_SIGNING_KEY`',
+      );
+      return;
+    }
+  } catch (e) {
+    if (!authEnv.LOGTO_WEBHOOK_SIGNING_KEY) {
+      throw new Error('`LOGTO_WEBHOOK_SIGNING_KEY` environment variable is missing.');
+    }
+    console.error('[logto]: incoming webhook failed in verification.\n', e);
+    return;
+  }
+};

package/src/config/auth.ts

@@ -200,6 +200,7 @@ export const getAuthConfig = () => {
       LOGTO_CLIENT_ID: z.string().optional(),
       LOGTO_CLIENT_SECRET: z.string().optional(),
       LOGTO_ISSUER: z.string().optional(),
+      LOGTO_WEBHOOK_SIGNING_KEY: z.string().optional(),
     },
 
     runtimeEnv: {
@@ -257,6 +258,7 @@ export const getAuthConfig = () => {
       LOGTO_CLIENT_ID: process.env.LOGTO_CLIENT_ID,
       LOGTO_CLIENT_SECRET: process.env.LOGTO_CLIENT_SECRET,
       LOGTO_ISSUER: process.env.LOGTO_ISSUER,
+      LOGTO_WEBHOOK_SIGNING_KEY: process.env.LOGTO_WEBHOOK_SIGNING_KEY,
     },
   });
 };

package/src/config/llm.ts

@@ -73,6 +73,7 @@ export const getLLMConfig = () => {
       AWS_REGION: z.string().optional(),
       AWS_ACCESS_KEY_ID: z.string().optional(),
       AWS_SECRET_ACCESS_KEY: z.string().optional(),
+      AWS_SESSION_TOKEN: z.string().optional(),
 
       ENABLED_OLLAMA: z.boolean(),
       OLLAMA_PROXY_URL: z.string().optional(),
@@ -178,6 +179,7 @@ export const getLLMConfig = () => {
       AWS_REGION: process.env.AWS_REGION,
       AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,
       AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY,
+      AWS_SESSION_TOKEN: process.env.AWS_SESSION_TOKEN,
 
       ENABLED_OLLAMA: process.env.ENABLED_OLLAMA !== '0',
       OLLAMA_PROXY_URL: process.env.OLLAMA_PROXY_URL || '',

package/src/config/modelProviders/bedrock.ts

@@ -40,6 +40,20 @@ const Bedrock: ModelProviderCard = {
       tokens: 200_000,
       vision: true,
     },
+    {
+      description:
+        'Claude 3 Haiku 是 Anthropic 最快、最紧凑的模型，提供近乎即时的响应速度。它可以快速回答简单的查询和请求。客户将能够构建模仿人类互动的无缝 AI 体验。Claude 3 Haiku 可以处理图像并返回文本输出，具有 200K 的上下文窗口。',
+      displayName: 'Claude 3 Haiku',
+      enabled: true,
+      functionCall: true,
+      id: 'anthropic.claude-3-haiku-20240307-v1:0',
+      pricing: {
+        input: 0.25,
+        output: 1.25,
+      },
+      tokens: 200_000,
+      vision: true,
+    },
     {
       description:
         'Anthropic 的 Claude 3 Sonnet 在智能和速度之间达到了理想的平衡——特别适合企业工作负载。它以低于竞争对手的价格提供最大的效用，并被设计成为可靠的、高耐用的主力机，适用于规模化的 AI 部署。Claude 3 Sonnet 可以处理图像并返回文本输出，具有 200K 的上下文窗口。',
@@ -68,20 +82,6 @@ const Bedrock: ModelProviderCard = {
       tokens: 200_000,
       vision: true,
     },
-    {
-      description:
-        'Claude 3 Haiku 是 Anthropic 最快、最紧凑的模型，提供近乎即时的响应速度。它可以快速回答简单的查询和请求。客户将能够构建模仿人类互动的无缝 AI 体验。Claude 3 Haiku 可以处理图像并返回文本输出，具有 200K 的上下文窗口。',
-      displayName: 'Claude 3 Haiku',
-      enabled: true,
-      functionCall: true,
-      id: 'anthropic.claude-3-haiku-20240307-v1:0',
-      pricing: {
-        input: 0.25,
-        output: 1.25,
-      },
-      tokens: 200_000,
-      vision: true,
-    },
     {
       description:
         'Claude 2 的更新版，具有双倍的上下文窗口，以及在长文档和 RAG 上下文中的可靠性、幻觉率和基于证据的准确性的改进。',

package/src/config/modelProviders/mistral.ts

@@ -8,7 +8,6 @@ const Mistral: ModelProviderCard = {
       description:
         'Mistral 7B是一款紧凑但高性能的模型，擅长批量处理和简单任务，如分类和文本生成，具有良好的推理能力。',
       displayName: 'Mistral 7B',
-      enabled: true,
       id: 'open-mistral-7b',
       tokens: 32_768,
     },
@@ -16,7 +15,6 @@ const Mistral: ModelProviderCard = {
       description:
         'Mixtral 8x7B是一个稀疏专家模型，利用多个参数提高推理速度，适合处理多语言和代码生成任务。',
       displayName: 'Mixtral 8x7B',
-      enabled: true,
       id: 'open-mixtral-8x7b',
       tokens: 32_768,
     },
@@ -57,7 +55,6 @@ const Mistral: ModelProviderCard = {
       description:
         'Codestral Mamba是专注于代码生成的Mamba 2语言模型，为先进的代码和推理任务提供强力支持。',
       displayName: 'Codestral Mamba',
-      enabled: true,
       id: 'open-codestral-mamba',
       tokens: 256_000,
     },

package/src/config/modelProviders/openai.ts

@@ -35,7 +35,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         'ChatGPT-4o 是一款动态模型，实时更新以保持当前最新版本。它结合了强大的语言理解与生成能力，适合于大规模应用场景，包括客户服务、教育和技术支持。',
-      displayName: 'GPT-4o (240806)',
+      displayName: 'GPT-4o 0806',
       enabled: true,
       functionCall: true,
       id: 'gpt-4o-2024-08-06',
@@ -49,7 +49,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         'ChatGPT-4o 是一款动态模型，实时更新以保持当前最新版本。它结合了强大的语言理解与生成能力，适合于大规模应用场景，包括客户服务、教育和技术支持。',
-      displayName: 'GPT-4o (240513)',
+      displayName: 'GPT-4o 0513',
       functionCall: true,
       id: 'gpt-4o-2024-05-13',
       pricing: {
@@ -88,7 +88,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         '最新的 GPT-4 Turbo 模型具备视觉功能。现在，视觉请求可以使用 JSON 模式和函数调用。 GPT-4 Turbo 是一个增强版本，为多模态任务提供成本效益高的支持。它在准确性和效率之间找到平衡，适合需要进行实时交互的应用程序场景。',
-      displayName: 'GPT-4 Turbo Vision (240409)',
+      displayName: 'GPT-4 Turbo Vision 0409',
       functionCall: true,
       id: 'gpt-4-turbo-2024-04-09',
       pricing: {
@@ -113,7 +113,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         '最新的 GPT-4 Turbo 模型具备视觉功能。现在，视觉请求可以使用 JSON 模式和函数调用。 GPT-4 Turbo 是一个增强版本，为多模态任务提供成本效益高的支持。它在准确性和效率之间找到平衡，适合需要进行实时交互的应用程序场景。',
-      displayName: 'GPT-4 Turbo Preview (0125)',
+      displayName: 'GPT-4 Turbo Preview 0125',
       functionCall: true,
       id: 'gpt-4-0125-preview',
       pricing: {
@@ -148,7 +148,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         '最新的 GPT-4 Turbo 模型具备视觉功能。现在，视觉请求可以使用 JSON 模式和函数调用。 GPT-4 Turbo 是一个增强版本，为多模态任务提供成本效益高的支持。它在准确性和效率之间找到平衡，适合需要进行实时交互的应用程序场景。',
-      displayName: 'GPT-4 Turbo Preview (1106)',
+      displayName: 'GPT-4 Turbo Preview 1106',
       functionCall: true,
       id: 'gpt-4-1106-preview',
       pricing: {
@@ -172,7 +172,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         'GPT-4 提供了一个更大的上下文窗口，能够处理更长的文本输入，适用于需要广泛信息整合和数据分析的场景。',
-      displayName: 'GPT-4 (0613)',
+      displayName: 'GPT-4 0613',
       functionCall: true,
       id: 'gpt-4-0613',
       pricing: {
@@ -197,7 +197,7 @@ const OpenAI: ModelProviderCard = {
       // Will be discontinued on June 6, 2025
       description:
         'GPT-4 提供了一个更大的上下文窗口，能够处理更长的文本输入，适用于需要广泛信息整合和数据分析的场景。',
-      displayName: 'GPT-4 32K (0613)',
+      displayName: 'GPT-4 32K 0613',
       functionCall: true,
       id: 'gpt-4-32k-0613',
       pricing: {
@@ -221,7 +221,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         'GPT 3.5 Turbo，适用于各种文本生成和理解任务，Currently points to gpt-3.5-turbo-0125',
-      displayName: 'GPT-3.5 Turbo (0125)',
+      displayName: 'GPT-3.5 Turbo 0125',
       functionCall: true,
       id: 'gpt-3.5-turbo-0125',
       pricing: {
@@ -233,7 +233,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         'GPT 3.5 Turbo，适用于各种文本生成和理解任务，Currently points to gpt-3.5-turbo-0125',
-      displayName: 'GPT-3.5 Turbo (1106)',
+      displayName: 'GPT-3.5 Turbo 1106',
       functionCall: true,
       id: 'gpt-3.5-turbo-1106',
       pricing: {
@@ -269,7 +269,7 @@ const OpenAI: ModelProviderCard = {
     {
       description:
         'GPT-3.5 Turbo 是 OpenAI 的一款基础模型，结合了高效性和经济性，广泛用于文本生成、理解和分析，专为指导性提示进行调整，去除了与聊天相关的优化。',
-      displayName: 'GPT-3.5 Turbo (0613)',
+      displayName: 'GPT-3.5 Turbo 0613',
       // Will be discontinued on September 13, 2024
       id: 'gpt-3.5-turbo-0613',
       legacy: true,

package/src/const/auth.ts

@@ -35,6 +35,7 @@ export interface JWTPayload {
   awsAccessKeyId?: string;
   awsRegion?: string;
   awsSecretAccessKey?: string;
+  awsSessionToken?: string;
   /**
    * user id
    * in client db mode it's a uuid

package/src/features/Conversation/Error/APIKeyForm/Bedrock.tsx

@@ -2,7 +2,7 @@ import { Aws } from '@lobehub/icons';
 import { Icon } from '@lobehub/ui';
 import { Button, Input, Select } from 'antd';
 import { useTheme } from 'antd-style';
-import { Network } from 'lucide-react';
+import { Network, ShieldPlus } from 'lucide-react';
 import { memo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
@@ -15,10 +15,12 @@ import { FormAction } from '../style';
 const BedrockForm = memo(() => {
   const { t } = useTranslation('modelProvider');
   const [showRegion, setShow] = useState(false);
+  const [showSessionToken, setShowSessionToken] = useState(false);
 
-  const [accessKeyId, secretAccessKey, region, setConfig] = useUserStore((s) => [
+  const [accessKeyId, secretAccessKey, sessionToken, region, setConfig] = useUserStore((s) => [
     keyVaultsConfigSelectors.bedrockConfig(s).accessKeyId,
     keyVaultsConfigSelectors.bedrockConfig(s).secretAccessKey,
+    keyVaultsConfigSelectors.bedrockConfig(s).sessionToken,
     keyVaultsConfigSelectors.bedrockConfig(s).region,
     s.updateKeyVaultConfig,
   ]);
@@ -48,6 +50,28 @@ const BedrockForm = memo(() => {
         type={'block'}
         value={secretAccessKey}
       />
+      {showSessionToken ? (
+        <Input.Password
+          autoComplete={'new-password'}
+          onChange={(e) => {
+            setConfig(ModelProvider.Bedrock, { sessionToken: e.target.value });
+          }}
+          placeholder={'Aws Session Token'}
+          type={'block'}
+          value={sessionToken}
+        />
+      ) : (
+        <Button
+          block
+          icon={<Icon icon={ShieldPlus} />}
+          onClick={() => {
+            setShowSessionToken(true);
+          }}
+          type={'text'}
+        >
+          {t('bedrock.unlock.customSessionToken')}
+        </Button>
+      )}
       {showRegion ? (
         <Select
           onChange={(region) => {

package/src/libs/agent-runtime/AgentRuntime.ts

@@ -26,7 +26,6 @@ import { LobeSparkAI } from './spark';
 import { LobeStepfunAI } from './stepfun';
 import { LobeTaichuAI } from './taichu';
 import { LobeTogetherAI } from './togetherai';
-import { LobeUpstageAI } from './upstage';
 import {
   ChatCompetitionOptions,
   ChatStreamPayload,
@@ -35,6 +34,7 @@ import {
   ModelProvider,
   TextToImagePayload,
 } from './types';
+import { LobeUpstageAI } from './upstage';
 import { LobeZeroOneAI } from './zeroone';
 import { LobeZhipuAI } from './zhipu';
 
@@ -230,7 +230,7 @@ class AgentRuntime {
 
       case ModelProvider.FireworksAI: {
         runtimeModel = new LobeFireworksAI(params.fireworksai);
-        break
+        break;
       }
 
       case ModelProvider.ZeroOne: {
@@ -275,12 +275,12 @@ class AgentRuntime {
 
       case ModelProvider.Upstage: {
         runtimeModel = new LobeUpstageAI(params.upstage);
-        break
+        break;
       }
 
       case ModelProvider.Spark: {
         runtimeModel = new LobeSparkAI(params.spark);
-        break
+        break;
       }
     }
 

package/src/libs/agent-runtime/baichuan/index.ts

@@ -9,14 +9,11 @@ export const LobeBaichuanAI = LobeOpenAICompatibleFactory({
     handlePayload: (payload: ChatStreamPayload) => {
       const { temperature, ...rest } = payload;
 
-      return { 
-        ...rest, 
+      return {
+        ...rest,
         // [baichuan] frequency_penalty must be between 1 and 2.
         frequency_penalty: undefined,
-        temperature: 
-          temperature !== undefined 
-          ? temperature / 2
-          : undefined,
+        temperature: temperature !== undefined ? temperature / 2 : undefined,
       } as OpenAI.ChatCompletionCreateParamsStreaming;
     },
   },

package/src/libs/agent-runtime/bedrock/index.ts

@@ -21,6 +21,7 @@ export interface LobeBedrockAIParams {
   accessKeyId?: string;
   accessKeySecret?: string;
   region?: string;
+  sessionToken?: string;
 }
 
 export class LobeBedrockAI implements LobeRuntimeAI {
@@ -28,7 +29,7 @@ export class LobeBedrockAI implements LobeRuntimeAI {
 
   region: string;
 
-  constructor({ region, accessKeyId, accessKeySecret }: LobeBedrockAIParams = {}) {
+  constructor({ region, accessKeyId, accessKeySecret, sessionToken }: LobeBedrockAIParams = {}) {
     if (!(accessKeyId && accessKeySecret))
       throw AgentRuntimeError.createError(AgentRuntimeErrorType.InvalidBedrockCredentials);
 
@@ -38,6 +39,7 @@ export class LobeBedrockAI implements LobeRuntimeAI {
       credentials: {
         accessKeyId: accessKeyId,
         secretAccessKey: accessKeySecret,
+        sessionToken: sessionToken,
       },
       region: this.region,
     });

package/src/libs/agent-runtime/openai/__snapshots__/index.test.ts.snap

@@ -49,7 +49,7 @@ exports[`LobeOpenAI > models > should get models 1`] = `
   },
   {
     "description": "最新的 GPT-4 Turbo 模型具备视觉功能。现在，视觉请求可以使用 JSON 模式和函数调用。 GPT-4 Turbo 是一个增强版本，为多模态任务提供成本效益高的支持。它在准确性和效率之间找到平衡，适合需要进行实时交互的应用程序场景。",
-    "displayName": "GPT-4 Turbo Preview (0125)",
+    "displayName": "GPT-4 Turbo Preview 0125",
     "functionCall": true,
     "id": "gpt-4-0125-preview",
     "pricing": {
@@ -84,7 +84,7 @@ exports[`LobeOpenAI > models > should get models 1`] = `
   },
   {
     "description": "GPT-3.5 Turbo 是 OpenAI 的一款基础模型，结合了高效性和经济性，广泛用于文本生成、理解和分析，专为指导性提示进行调整，去除了与聊天相关的优化。",
-    "displayName": "GPT-3.5 Turbo (0613)",
+    "displayName": "GPT-3.5 Turbo 0613",
     "id": "gpt-3.5-turbo-0613",
     "legacy": true,
     "pricing": {
@@ -95,7 +95,7 @@ exports[`LobeOpenAI > models > should get models 1`] = `
   },
   {
     "description": "GPT 3.5 Turbo，适用于各种文本生成和理解任务，Currently points to gpt-3.5-turbo-0125",
-    "displayName": "GPT-3.5 Turbo (1106)",
+    "displayName": "GPT-3.5 Turbo 1106",
     "functionCall": true,
     "id": "gpt-3.5-turbo-1106",
     "pricing": {
@@ -106,7 +106,7 @@ exports[`LobeOpenAI > models > should get models 1`] = `
   },
   {
     "description": "最新的 GPT-4 Turbo 模型具备视觉功能。现在，视觉请求可以使用 JSON 模式和函数调用。 GPT-4 Turbo 是一个增强版本，为多模态任务提供成本效益高的支持。它在准确性和效率之间找到平衡，适合需要进行实时交互的应用程序场景。",
-    "displayName": "GPT-4 Turbo Preview (1106)",
+    "displayName": "GPT-4 Turbo Preview 1106",
     "functionCall": true,
     "id": "gpt-4-1106-preview",
     "pricing": {
@@ -139,7 +139,7 @@ exports[`LobeOpenAI > models > should get models 1`] = `
   },
   {
     "description": "GPT 3.5 Turbo，适用于各种文本生成和理解任务，Currently points to gpt-3.5-turbo-0125",
-    "displayName": "GPT-3.5 Turbo (0125)",
+    "displayName": "GPT-3.5 Turbo 0125",
     "functionCall": true,
     "id": "gpt-3.5-turbo-0125",
     "pricing": {
@@ -150,7 +150,7 @@ exports[`LobeOpenAI > models > should get models 1`] = `
   },
   {
     "description": "GPT-4 提供了一个更大的上下文窗口，能够处理更长的文本输入，适用于需要广泛信息整合和数据分析的场景。",
-    "displayName": "GPT-4 (0613)",
+    "displayName": "GPT-4 0613",
     "functionCall": true,
     "id": "gpt-4-0613",
     "pricing": {

package/src/libs/agent-runtime/qwen/index.test.ts

@@ -213,7 +213,7 @@ describe('LobeQwenAI', () => {
           expect.any(Object),
         );
         const callArgs = createMock.mock.calls[0][0];
-        expect(Number.isInteger(callArgs.temperature)).toBe(false); // Temperature is always not an integer 
+        expect(Number.isInteger(callArgs.temperature)).toBe(false); // Temperature is always not an integer
       });
     });
 

package/src/libs/agent-runtime/qwen/index.ts

@@ -108,10 +108,8 @@ export class LobeQwenAI implements LobeRuntimeAI {
       messages,
       result_format: 'message',
       stream: !!tools?.length ? false : (stream ?? true),
-      temperature: 
-        temperature === 0 || temperature >= 2 
-        ? undefined 
-        : (temperature === 1 ? 0.999 : temperature), // 'temperature' must be Float
+      temperature:
+        temperature === 0 || temperature >= 2 ? undefined : temperature === 1 ? 0.999 : temperature, // 'temperature' must be Float
       top_p: top_p && top_p >= 1 ? 0.999 : top_p,
     };
 

package/src/libs/agent-runtime/utils/openaiCompatibleFactory/index.ts

@@ -18,9 +18,9 @@ import { AgentRuntimeError } from '../createError';
 import { debugResponse, debugStream } from '../debugStream';
 import { desensitizeUrl } from '../desensitizeUrl';
 import { handleOpenAIError } from '../handleOpenAIError';
+import { convertOpenAIMessages } from '../openaiHelpers';
 import { StreamingResponse } from '../response';
 import { OpenAIStream } from '../streams';
-import { convertOpenAIMessages } from '../openaiHelpers';
 
 // the model contains the following keywords is not a chat model, so we should filter them out
 const CHAT_MODELS_BLOCK_LIST = [

package/src/locales/default/modelProvider.ts

@@ -38,9 +38,15 @@ export default {
       placeholder: 'AWS Secret Access Key',
       title: 'AWS Secret Access Key',
     },
+    sessionToken: {
+      desc: '如果你正在使用 AWS SSO/STS，请输入你的 AWS Session Token',
+      placeholder: 'AWS Session Token',
+      title: 'AWS Session Token (可选)',
+    },
     title: 'Bedrock',
     unlock: {
       customRegion: '自定义服务区域',
+      customSessionToken: '自定义 Session Token',
       description:
         '输入你的 AWS AccessKeyId / SecretAccessKey 即可开始会话。应用不会记录你的鉴权配置',
       title: '使用自定义 Bedrock 鉴权信息',

package/src/server/globalConfig/index.ts

@@ -211,12 +211,12 @@ export const getServerGlobalConfig = () => {
           modelString: ZEROONE_MODEL_LIST,
         }),
       },
-      zhipu: { 
-        enabled: ENABLED_ZHIPU, 
-        enabledModels: extractEnabledModels(ZHIPU_MODEL_LIST), 
-        serverModelCards: transformToChatModelCards({ 
-          defaultChatModels: ZhiPuProviderCard.chatModels, 
-          modelString: ZHIPU_MODEL_LIST 
+      zhipu: {
+        enabled: ENABLED_ZHIPU,
+        enabledModels: extractEnabledModels(ZHIPU_MODEL_LIST),
+        serverModelCards: transformToChatModelCards({
+          defaultChatModels: ZhiPuProviderCard.chatModels,
+          modelString: ZHIPU_MODEL_LIST,
         }),
       },
     },

package/src/server/routers/edge/config/__snapshots__/index.test.ts.snap

@@ -39,7 +39,7 @@ exports[`configRouter > getGlobalConfig > Model Provider env > OPENAI_MODEL_LIST
 [
   {
     "description": "GPT 3.5 Turbo，适用于各种文本生成和理解任务，Currently points to gpt-3.5-turbo-0125",
-    "displayName": "GPT-3.5 Turbo (1106)",
+    "displayName": "GPT-3.5 Turbo 1106",
     "enabled": true,
     "functionCall": true,
     "id": "gpt-3.5-turbo-1106",
@@ -99,7 +99,7 @@ exports[`configRouter > getGlobalConfig > Model Provider env > OPENAI_MODEL_LIST
   },
   {
     "description": "最新的 GPT-4 Turbo 模型具备视觉功能。现在，视觉请求可以使用 JSON 模式和函数调用。 GPT-4 Turbo 是一个增强版本，为多模态任务提供成本效益高的支持。它在准确性和效率之间找到平衡，适合需要进行实时交互的应用程序场景。",
-    "displayName": "GPT-4 Turbo Preview (1106)",
+    "displayName": "GPT-4 Turbo Preview 1106",
     "enabled": true,
     "functionCall": true,
     "id": "gpt-4-1106-preview",
@@ -127,7 +127,7 @@ exports[`configRouter > getGlobalConfig > Model Provider env > OPENAI_MODEL_LIST
 exports[`configRouter > getGlobalConfig > Model Provider env > OPENAI_MODEL_LIST > show the hidden model 1`] = `
 {
   "description": "最新的 GPT-4 Turbo 模型具备视觉功能。现在，视觉请求可以使用 JSON 模式和函数调用。 GPT-4 Turbo 是一个增强版本，为多模态任务提供成本效益高的支持。它在准确性和效率之间找到平衡，适合需要进行实时交互的应用程序场景。",
-  "displayName": "GPT-4 Turbo Preview (1106)",
+  "displayName": "GPT-4 Turbo Preview 1106",
   "enabled": true,
   "functionCall": true,
   "id": "gpt-4-1106-preview",

package/src/server/services/nextAuthUser/index.ts

@@ -0,0 +1,42 @@
+import { NextResponse } from 'next/server';
+
+import { serverDB } from '@/database/server';
+import { UserModel } from '@/database/server/models/user';
+import { UserItem } from '@/database/server/schemas/lobechat';
+import { pino } from '@/libs/logger';
+import { LobeNextAuthDbAdapter } from '@/libs/next-auth/adapter';
+
+export class NextAuthUserService {
+  userModel;
+  adapter;
+
+  constructor() {
+    this.userModel = new UserModel();
+    this.adapter = LobeNextAuthDbAdapter(serverDB);
+  }
+
+  safeUpdateUser = async (providerAccountId: string, data: Partial<UserItem>) => {
+    pino.info('updating user due to webhook');
+    // 1. Find User by account
+    // @ts-expect-error: Already impl in `LobeNextauthDbAdapter`
+    const user = await this.adapter.getUserByAccount({
+      provider: 'logto',
+      providerAccountId,
+    });
+
+    // 2. If found, Update user data from provider
+    if (user?.id) {
+      // Perform update
+      await this.userModel.updateUser(user.id, {
+        avatar: data?.avatar,
+        email: data?.email,
+        fullName: data?.fullName,
+      });
+    } else {
+      pino.warn(
+        `[logto]: Webhooks handler user update for "${JSON.stringify(data)}", but no user was found by the providerAccountId.`,
+      );
+    }
+    return NextResponse.json({ message: 'user updated', success: true }, { status: 200 });
+  };
+}

package/src/services/_auth.ts

@@ -8,16 +8,21 @@ import { createJWT } from '@/utils/jwt';
 export const getProviderAuthPayload = (provider: string) => {
   switch (provider) {
     case ModelProvider.Bedrock: {
-      const { accessKeyId, region, secretAccessKey } = keyVaultsConfigSelectors.bedrockConfig(
-        useUserStore.getState(),
-      );
+      const { accessKeyId, region, secretAccessKey, sessionToken } =
+        keyVaultsConfigSelectors.bedrockConfig(useUserStore.getState());
 
       const awsSecretAccessKey = secretAccessKey;
       const awsAccessKeyId = accessKeyId;
 
       const apiKey = (awsSecretAccessKey || '') + (awsAccessKeyId || '');
 
-      return { apiKey, awsAccessKeyId, awsRegion: region, awsSecretAccessKey };
+      return {
+        apiKey,
+        awsAccessKeyId,
+        awsRegion: region,
+        awsSecretAccessKey,
+        awsSessionToken: sessionToken,
+      };
     }
 
     case ModelProvider.Azure: {

package/src/services/chat.ts

@@ -114,6 +114,7 @@ export function initializeWithClientStore(provider: string, payload: any) {
           accessKeyId: providerAuthPayload?.awsAccessKeyId,
           accessKeySecret: providerAuthPayload?.awsSecretAccessKey,
           region: providerAuthPayload?.awsRegion,
+          sessionToken: providerAuthPayload?.awsSessionToken,
         };
       }
       break;

package/src/types/user/settings/keyVaults.ts

@@ -13,6 +13,7 @@ export interface AWSBedrockKeyVault {
   accessKeyId?: string;
   region?: string;
   secretAccessKey?: string;
+  sessionToken?: string;
 }
 
 export interface UserKeyVaults {

package/src/utils/format.ts

@@ -59,7 +59,7 @@ export const formatTokenNumber = (num: number): string => {
   if (num > 0 && num < 1024) return '1K';
 
   let kiloToken = Math.floor(num / 1024);
-  if (num >= 1024 && num < 1024 * 41 || num >= 128_000) {
+  if ((num >= 1024 && num < 1024 * 41) || num >= 128_000) {
     kiloToken = Math.floor(num / 1000);
   }
   if (num === 131_072) return '128K';