@lobehub/chat 1.22.1 → 1.22.2

package/CHANGELOG.md

@@ -2,6 +2,31 @@
 
 # Changelog
 
+### [Version 1.22.2](https://github.com/lobehub/lobe-chat/compare/v1.22.1...v1.22.2)
+
+<sup>Released on **2024-10-13**</sup>
+
+#### 🐛 Bug Fixes
+
+- **misc**: Allow use email as name in logto.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's fixed
+
+- **misc**: Allow use email as name in logto, closes [#4350](https://github.com/lobehub/lobe-chat/issues/4350) ([d5a046a](https://github.com/lobehub/lobe-chat/commit/d5a046a))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.22.1](https://github.com/lobehub/lobe-chat/compare/v1.22.0...v1.22.1)
 
 <sup>Released on **2024-10-12**</sup>

package/docker-compose/local/docker-compose.yml

@@ -1,10 +1,11 @@
+name: lobe-chat-database
 services:
   network-service:
     image: alpine
     container_name: lobe-network
     ports:
-      - '${MINIO_PORT}:${MINIO_PORT}'  # MinIO API
-      - '9001:9001'  # MinIO Console
+      - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API
+      - '9001:9001' # MinIO Console
       - '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor
       - '${LOBE_PORT}:3210' # LobeChat
     command: tail -f /dev/null
@@ -15,7 +16,7 @@ services:
     image: pgvector/pgvector:pg16
     container_name: lobe-postgres
     ports:
-      - "5432:5432"
+      - '5432:5432'
     volumes:
       - './data:/var/lib/postgresql/data'
     environment:
@@ -44,6 +45,7 @@ services:
     command: >
       server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001"
 
+
   casdoor:
     image: casbin/casdoor
     container_name: lobe-casdoor
@@ -53,17 +55,17 @@ services:
       postgresql:
         condition: service_healthy
     environment:
-      RUNNING_IN_DOCKER: "true"
-      driverName: "postgres"
-      dataSourceName: "user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor"
-      origin: "http://localhost:${CASDOOR_PORT}"
-      runmode: "dev"
+      RUNNING_IN_DOCKER: 'true'
+      driverName: 'postgres'
+      dataSourceName: 'user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor'
+      origin: 'http://localhost:${CASDOOR_PORT}'
+      runmode: 'dev'
     volumes:
       - ./init_data.json:/init_data.json
 
   lobe:
     image: lobehub/lobe-chat-database
-    container_name: lobe-database
+    container_name: lobe-chat
     network_mode: 'service:network-service'
     depends_on:
       postgresql:

package/docker-compose/{local-logto → local/logto}/.env.example

@@ -1,6 +1,6 @@
 # Logto secret
-LOGTO_CLIENT_ID=
-LOGTO_CLIENT_SECRET=
+AUTH_LOGTO_CLIENT_ID=
+AUTH_LOGTO_CLIENT_SECRET=
 
 # MinIO S3 configuration
 MINIO_ROOT_USER=YOUR_MINIO_USER

package/docker-compose/{local-logto → local/logto}/.env.zh-CN.example

@@ -1,6 +1,6 @@
-# Logto secret
-LOGTO_CLIENT_ID=
-LOGTO_CLIENT_SECRET=
+# Logto 鉴权相关
+AUTH_LOGTO_CLIENT_ID=
+AUTH_LOGTO_CLIENT_SECRET=
 
 # MinIO S3 配置
 MINIO_ROOT_USER=YOUR_MINIO_USER

package/docker-compose/{local-logto → local/logto}/docker-compose.yml

@@ -1,12 +1,13 @@
+name: lobe-chat-database
 services:
   network-service:
     image: alpine
     container_name: lobe-network
     ports:
-      - '${MINIO_PORT}:${MINIO_PORT}'  # MinIO API
-      - '9001:9001'  # MinIO Console
+      - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API
+      - '9001:9001' # MinIO Console
       - '${LOGTO_PORT}:${LOGTO_PORT}' # Logto
-      - '3002:3002'  # Logto Admin
+      - '3002:3002' # Logto Admin
       - '${LOBE_PORT}:3210' # LobeChat
     command: tail -f /dev/null
     networks:
@@ -16,7 +17,7 @@ services:
     image: pgvector/pgvector:pg16
     container_name: lobe-postgres
     ports:
-      - "5432:5432"
+      - '5432:5432'
     volumes:
       - './data:/var/lib/postgresql/data'
     environment:
@@ -45,6 +46,7 @@ services:
     command: >
       server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001"
 
+
   logto:
     image: svhd/logto
     container_name: lobe-logto
@@ -60,10 +62,9 @@ services:
       - 'ADMIN_ENDPOINT=http://localhost:3002'
     entrypoint: ['sh', '-c', 'npm run cli db seed -- --swe && npm start']
 
-
   lobe:
     image: lobehub/lobe-chat-database
-    container_name: lobe-database
+    container_name: lobe-chat
     network_mode: 'service:network-service'
     depends_on:
       postgresql:
@@ -81,7 +82,7 @@ services:
       - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
       - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
       - 'NEXTAUTH_URL=http://localhost:${LOBE_PORT}/api/auth'
-      - 'LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
+      - 'AUTH_LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
       - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
       - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
       - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'

package/docker-compose/local/setup.sh

@@ -9,7 +9,7 @@
 # ======================
 
 # 1. Default values of arguments
-# Arg: -f 
+# Arg: -f
 # Determine force download asserts, default is not
 FORCE_DOWNLOAD=false
 
@@ -33,10 +33,12 @@ while getopts "fl:-:" opt; do
     -)
       case "${OPTARG}" in
         lang)
-          LANGUAGE="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
+          LANGUAGE="${!OPTIND}"
+          OPTIND=$(($OPTIND + 1))
           ;;
         url)
-          SOURCE_URL="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 ))
+          SOURCE_URL="${!OPTIND}"
+          OPTIND=$(($OPTIND + 1))
           ;;
         *)
           echo "Usage: $0 [-f] [-l language|--lang language] [--url source]" >&2
@@ -51,7 +53,6 @@ while getopts "fl:-:" opt; do
   esac
 done
 
-
 # ===============
 # == Variables ==
 # ===============
@@ -161,7 +162,7 @@ show_message() {
           ;;
       esac
       ;;
-    esac
+  esac
 }
 
 # Function to download files
@@ -186,7 +187,7 @@ extract_file() {
     if [ $? -eq 0 ]; then
       echo "$file_name" $(show_message "extracted_success") "$target_dir"
     else
-      echo "$file_name" $(show_message "extracted_failed") 
+      echo "$file_name" $(show_message "extracted_failed")
       exit 1
     fi
   else
@@ -198,30 +199,30 @@ extract_file() {
 # Define colors
 declare -A colors
 colors=(
-    [black]="\e[30m"
-    [red]="\e[31m"
-    [green]="\e[32m"
-    [yellow]="\e[33m"
-    [blue]="\e[34m"
-    [magenta]="\e[35m"
-    [cyan]="\e[36m"
-    [white]="\e[37m"
-    [reset]="\e[0m"
+  [black]="\e[30m"
+  [red]="\e[31m"
+  [green]="\e[32m"
+  [yellow]="\e[33m"
+  [blue]="\e[34m"
+  [magenta]="\e[35m"
+  [cyan]="\e[36m"
+  [white]="\e[37m"
+  [reset]="\e[0m"
 )
 
 print_centered() {
-    local text="$1"  # Get input texts
-    local color="${2:-reset}"  # Get color, default to reset
-    local term_width=$(tput cols)  # Get terminal width
-    local text_length=${#text}  # Get text length
-    local padding=$(( (term_width - text_length) / 2 ))  # Get padding
-    # Check if the color is valid
-    if [[ -z "${colors[$color]}" ]]; then
-        echo "Invalid color specified. Available colors: ${!colors[@]}"
-        return 1
-    fi
-    # Print the text with padding
-    printf "%*s${colors[$color]}%s${colors[reset]}\n" $padding "" "$text"
+  local text="$1"                                   # Get input texts
+  local color="${2:-reset}"                         # Get color, default to reset
+  local term_width=$(tput cols)                     # Get terminal width
+  local text_length=${#text}                        # Get text length
+  local padding=$(((term_width - text_length) / 2)) # Get padding
+  # Check if the color is valid
+  if [[ -z "${colors[$color]}" ]]; then
+    echo "Invalid color specified. Available colors: ${!colors[@]}"
+    return 1
+  fi
+  # Print the text with padding
+  printf "%*s${colors[$color]}%s${colors[reset]}\n" $padding "" "$text"
 }
 
 # Download files asynchronously
@@ -232,10 +233,11 @@ download_file "$SOURCE_URL/${FILES[3]}" "s3_data.tar.gz"
 
 # Extract .tar.gz file without output
 extract_file "s3_data.tar.gz" "."
+rm s3_data.tar.gz
 
 # Display final message
 printf "\n%s\n\n" "$(show_message "tips_run_command")"
-print_centered "docker compose -p lobechat-starter up -d" "green"
+print_centered "docker compose up -d" "green"
 printf "\n%s" "$(show_message "tips_show_documentation")"
 printf "%s\n" $(show_message "tips_show_documentation_url")
-printf "\n\e[33m%s\e[0m\n" "$(show_message "tips_warning")"
+printf "\n\e[33m%s\e[0m\n" "$(show_message "tips_warning")"

package/docker-compose/local/zitadel/docker-compose.yml

@@ -1,10 +1,11 @@
+name: lobe-chat-database
 services:
   network-service:
     image: alpine
     container_name: lobe-network
     ports:
-      - '9000:9000'  # MinIO API
-      - '9001:9001'  # MinIO Console
+      - '9000:9000' # MinIO API
+      - '9001:9001' # MinIO Console
       - '8080:8080' # Zitadel Console
       - '3210:3210' # LobeChat
     command: tail -f /dev/null
@@ -15,7 +16,7 @@ services:
     image: pgvector/pgvector:pg16
     container_name: lobe-postgres
     ports:
-      - "5432:5432"
+      - '5432:5432'
     volumes:
       - './data:/var/lib/postgresql/data'
     environment:
@@ -44,24 +45,23 @@ services:
     command: >
       server /etc/minio/data --address ":9000" --console-address ":9001"
 
+
   zitadel:
     restart: 'always'
     image: 'ghcr.io/zitadel/zitadel:latest'
     container_name: lobe-zitadel
     network_mode: 'service:network-service'
-    command: start-from-init --config /zitadel-config.yaml --steps
-      /zitadel-init-steps.yaml --masterkey "cft3Tekr/rQBOqwoQSCPoncA9BHbn7QJ"
-      --tlsMode disabled  #MasterkeyNeedsToHave32Characters
+    command: start-from-init --config /zitadel-config.yaml --steps /zitadel-init-steps.yaml --masterkey "cft3Tekr/rQBOqwoQSCPoncA9BHbn7QJ" --tlsMode disabled #MasterkeyNeedsToHave32Characters
     volumes:
       - ./zitadel-config.yaml:/zitadel-config.yaml:ro
-      - ./zitadel-init-steps.yaml:/zitadel-init-steps.yaml:ro     
+      - ./zitadel-init-steps.yaml:/zitadel-init-steps.yaml:ro
     depends_on:
       postgresql:
         condition: service_healthy
 
   lobe:
     image: lobehub/lobe-chat-database
-    container_name: lobe-database
+    container_name: lobe-chat
     network_mode: 'service:network-service'
     depends_on:
       postgresql:

package/docker-compose/production/{.env.example → logto/.env.example}

@@ -23,9 +23,9 @@ NEXTAUTH_URL=https://lobe.example.com/api/auth
 
 # NextAuth providers configuration (example using Logto)
 # For other providers, see: https://lobehub.com/docs/self-hosting/environment-variables/auth
-LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
-LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
-LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
+AUTH_LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
+AUTH_LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
+AUTH_LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
 
 # Proxy settings (if needed, e.g., when using GitHub as an auth provider)
 # HTTP_PROXY=http://localhost:7890

package/docker-compose/production/{.env.zh-CN.example → logto/.env.zh-CN.example}

@@ -22,9 +22,9 @@ NEXTAUTH_URL=https://lobe.example.com/api/auth
 
 # NextAuth 鉴权服务提供商部分，以 Logto 为例
 # 其他鉴权服务提供商所需的环境变量，请参考：https://lobehub.com/zh/docs/self-hosting/environment-variables/auth
-LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
-LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
-LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
+AUTH_LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
+AUTH_LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
+AUTH_LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
 
 # 代理相关，如果你需要的话（比如你使用 GitHub 作为鉴权服务提供商）
 # HTTP_PROXY=http://localhost:7890

package/docker-compose/production/{docker-compose.yml → logto/docker-compose.yml}

@@ -1,3 +1,4 @@
+name: lobe-chat-database
 services:
   postgresql:
     image: pgvector/pgvector:pg16
@@ -52,7 +53,7 @@ services:
 
   lobe:
     image: lobehub/lobe-chat-database
-    container_name: lobe-database
+    container_name: lobe-chat
     ports:
       - '3210:3210'
     depends_on:

package/docker-compose/production/zitadel/docker-compose.yml

@@ -1,3 +1,4 @@
+name: lobe-chat-database
 services:
   postgresql:
     image: pgvector/pgvector:pg16
@@ -32,14 +33,13 @@ services:
     restart: always
     command: >
       server /etc/minio/data --address ":9000" --console-address ":9001"
-      
+
+
   zitadel:
     restart: always
     image: ghcr.io/zitadel/zitadel:latest
     container_name: lobe-zitadel
-    command: start-from-init --config /zitadel-config.yaml --steps
-      /zitadel-init-steps.yaml --masterkey "cft3Tekr/rQBOqwoQSCPoncA9BHbn7QJ"
-      --tlsMode external  #MasterkeyNeedsToHave32Characters
+    command: start-from-init --config /zitadel-config.yaml --steps /zitadel-init-steps.yaml --masterkey "cft3Tekr/rQBOqwoQSCPoncA9BHbn7QJ" --tlsMode external #MasterkeyNeedsToHave32Characters
     ports:
       - 8080:8080
     volumes:
@@ -51,7 +51,7 @@ services:
 
   lobe:
     image: lobehub/lobe-chat-database
-    container_name: lobe-database
+    container_name: lobe-chat
     ports:
       - '3210:3210'
     depends_on:

package/docs/self-hosting/advanced/auth/next-auth/authentik.zh-CN.mdx

@@ -27,8 +27,8 @@ https://your-domain/api/auth/callback/authentik
 ```
 
 <Callout type={'info'}>
-  - 可以之后再填写或修改 `重定向 URL/Origin（正则）`，但是务必保证填写的 URL 与部署的 URL 一致。 -
-  your-domain 请替换为自己的域名
+  - 可以之后再填写或修改 `重定向 URL/Origin（正则）`，但是务必保证填写的 URL 与部署的 URL 一致。 
+  - your-domain 请替换为自己的域名
 </Callout>
 
 <Image

package/docs/self-hosting/advanced/auth/next-auth/casdoor.mdx

@@ -0,0 +1,120 @@
+---
+title: Configuring Casdoor Authentication Service in LobeChat
+description: Learn how to configure the Casdoor authentication service in LobeChat, including deployment, creation, permission settings, and environment variables.
+tags:
+  - Casdoor Authentication
+  - Environment Variable Configuration
+  - Single Sign-On
+  - LobeChat
+---
+
+# Configuring Casdoor Authentication Service
+
+[Casdoor](https://github.com/casdoor/casdoor) is an open-source authentication service that is rich in features and easy to use.
+
+<Callout type={'tip'}>
+  If you want to privately deploy Casdoor, we recommend using Docker Compose to deploy it together with the LobeChat database version, allowing LobeChat to share the same Postgres instance.
+</Callout>
+
+## Casdoor Configuration Process
+
+If you are deploying using a local network IP, the following assumptions apply:
+
+- Your LobeChat database version IP/port is `http://LOBECHAT_IP:3210`.
+- You privately deploy Casdoor, and its domain is `http://CASDOOR_IP:8000`.
+
+If you are deploying using a public network, the following assumptions apply:
+
+- Your LobeChat database version domain is `https://lobe.example.com`.
+- You privately deploy Casdoor, and its domain is `https://lobe-auth-api.example.com`.
+
+<Steps>
+  ### Create a Casdoor Application
+
+Access your privately deployed Casdoor WebUI (default is `http://localhost:8000/`) to enter the console. The default account is `admin`, and the password is `123`.
+
+Go to `Authentication` -> `Applications`, create a `LobeChat` application or directly modify the built-in `built-in` application. You can explore other fields, but you must configure at least the following fields:
+
+- Name, Display Name: `LobeChat`
+- Redirect URLs:
+  - Local Development Environment: `http://localhost:3210/api/auth/callback/casdoor`
+  - Local Network IP Deployment: `http://LOBECHAT_IP:3210/api/auth/callback/casdoor`
+  - Public Network Environment: `https://lobe.example.com/api/auth/callback/casdoor`
+
+There are also some optional fields that can enhance user experience:
+
+- Logo: `https://lobehub.com/icon-192x192.png`
+- Form CSS, Form CSS (Mobile):
+
+  ```html
+  <style>
+    .login-panel {
+      padding: 40px 70px 0 70px;
+      border-radius: 10px;
+      background-color: #ffffff;
+      box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px;
+    }
+    .panel-logo {
+      width: 64px;
+    }
+    .login-logo-box {
+      margin-top: 20px;
+    }
+
+    #parent-area
+      > main
+      > div
+      > div.login-content
+      > div.login-panel
+      > div.login-form
+      > div
+      > div
+      > button {
+      box-shadow: none !important;
+      border-radius: 10px !important;
+      transition-property: all;
+      transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+      transition-duration: 150ms;
+      border: 1px solid #eee !important;
+    }
+
+    @media (max-width: 640px) {
+      .login-panel {
+        padding: 40px 0 0 0;
+        box-shadow: none;
+      }
+    }
+ 
+  </style>
+  ```
+
+Then, copy the `Client ID` and `Client Secret` and save them.
+
+### Configure Environment Variables
+
+Set the obtained `Client ID` and `Client Secret` as `AUTH_CASDOOR_ID` and `AUTH_CASDOOR_SECRET` in the LobeChat environment variables.
+
+Configure `AUTH_CASDOOR_ISSUER` in the LobeChat environment variables as follows:
+
+- `http://localhost:8000/` if you are in a local development environment.
+- `http://CASDOOR_IP:8000/` if you are privately deploying Casdoor in a local network.
+- `https://lobe-auth-api.example.com/` if you are deploying Casdoor in a public network environment.
+
+When deploying LobeChat, you need to configure the following environment variables:
+
+| Environment Variable | Type | Description |
+| --- | --- | --- |
+| `NEXT_AUTH_SECRET` | Required | A key for encrypting Auth.js session tokens. You can generate a key using the command: `openssl rand -base64 32`. |
+| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LobeChat. Fill in `casdoor` for using Casdoor. |
+| `AUTH_CASDOOR_ID` | Required | The client ID from the Casdoor application details page. |
+| `AUTH_CASDOOR_SECRET` | Required | The client secret from the Casdoor application details page. |
+| `AUTH_CASDOOR_ISSUER` | Required | The OpenID Connect issuer for the Casdoor provider. |
+| `NEXTAUTH_URL` | Required | This URL specifies the callback address for Auth.js during OAuth verification and needs to be set only if the default generated redirect address is incorrect. `https://lobe.example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    Visit [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#casdoor) for details on related variables.
+ 
+</Callout>
+</Steps>
+
+<Callout type={'info'}>Once deployed successfully, users will be able to authenticate via Casdoor and use LobeChat.</Callout>

package/docs/self-hosting/advanced/auth/next-auth/casdoor.zh-CN.mdx

@@ -0,0 +1,121 @@
+---
+title: 在 LobeChat 中配置 Casdoor 身份验证服务
+description: 学习如何在 LobeChat 中配置 Casdoor 身份验证服务，包括部署、创建、设置权限和环境变量。
+tags:
+  - Casdoor 身份验证
+  - 环境变量配置
+  - 单点登录
+  - LobeChat
+---
+
+# 配置 Casdoor 身份验证服务
+
+[Casdoor](https://github.com/casdoor/casdoor) 是一个开源的身份验证服务，功能配置丰富且易于上手。
+
+<Callout type={'tip'}>
+  若你想要私有部署 Casdoor，我们建议你将之与 LobeChat 数据库版本一同使用 Docker Compose 部署，此时
+  LobeChat 可以与之共用同一个 Postgres 实例。
+</Callout>
+
+## Casdoor 配置流程
+
+若你使用局域网 IP 部署，下文假设：
+
+- 你的 LobeChat 数据库版本 IP / 端口为 `http://LOBECHAT_IP:3210`。
+- 你私有部署 Casdoor，其域名为 `http://CASDOOR_IP:8000`。
+
+若你使用公网部署，下文假设：
+
+- 你的 LobeChat 数据库版本域名为 `https://lobe.example.com`。
+- 你私有部署 Casdoor，其域名为 `https://lobe-auth-api.example.com`。
+
+<Steps>
+  ### 创建 Casdoor 应用
+
+访问你私有部署的 Casdoor WebUI（默认为 `http://localhost:8000/`） 进入控制台，默认账号为 `admin`，密码为 `123`。
+
+前往 `身份认证` -> `应用`，创建一个 `LobeChat` 应用或直接修改内置的 `built-in` 应用，其他字段可以自行探索，但你至少需要配置以下字段：
+
+- 名称、显示名称：`LobeChat`
+- 重定向 URLs：
+  - 本地开发环境：`http://localhost:3210/api/auth/callback/casdoor`
+  - 局域网 IP 部署：`http://LOBECHAT_IP:3210/api/auth/callback/casdoor`
+  - 公网环境：`https://lobe.example.com/api/auth/callback/casdoor`
+
+还有一些不必需但是可以提高用户体验的字段：
+
+- Logo：`https://lobehub.com/icon-192x192.png`
+- 表单 CSS、表单 CSS（移动端）：
+
+  ```html
+  <style>
+    .login-panel {
+      padding: 40px 70px 0 70px;
+      border-radius: 10px;
+      background-color: #ffffff;
+      box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px;
+    }
+    .panel-logo {
+      width: 64px;
+    }
+    .login-logo-box {
+      margin-top: 20px;
+    }
+
+    #parent-area
+      > main
+      > div
+      > div.login-content
+      > div.login-panel
+      > div.login-form
+      > div
+      > div
+      > button {
+      box-shadow: none !important;
+      border-radius: 10px !important;
+      transition-property: all;
+      transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+      transition-duration: 150ms;
+      border: 1px solid #eee !important;
+    }
+
+    @media (max-width: 640px) {
+      .login-panel {
+        padding: 40px 0 0 0;
+        box-shadow: none;
+      }
+    }
+ 
+</style>
+  ```
+
+随后，复制 `客户端 ID` 和 `客户端密钥`，并保存。
+
+### 配置环境变量
+
+将获取到的 `客户端 ID` 和 `客户端`，设为 LobeChat 环境变量中的 `AUTH_CASDOOR_ID` 和 `AUTH_CASDOOR_SECRET`。
+
+配置 LobeChat 环境变量中 `AUTH_CASDOOR_ISSUER` 为：
+
+- `http://localhost:8000/`，若你是本地开发环境
+- `http://CASDOOR_IP:8000/`，若你是局域网私有部署的 Casdoor
+- `https://lobe-auth-api.example.com/`，若你是公网环境部署的 Casdoor
+
+在部署 LobeChat 时，你需要配置以下环境变量：
+
+| 环境变量 | 类型 | 描述 |
+| --- | --- | --- |
+| `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
+| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Casdoor 请填写 `casdoor`。 |
+| `AUTH_CASDOOR_ID` | 必选 | Casdoor 应用详情页的客户端 ID |
+| `AUTH_CASDOOR_SECRET` | 必选 | Casdoor 应用详情页的客户端密钥 |
+| `AUTH_CASDOOR_ISSUER` | 必选 | Casdoor 提供程序的 OpenID Connect 颁发者。 |
+| `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://lobe.example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#casdoor) 可查阅相关变量详情。
+ 
+</Callout>
+</Steps>
+
+<Callout type={'info'}>部署成功后，用户将可以通过 Casdoor 身份认证并使用 LobeChat。</Callout>

package/docs/self-hosting/advanced/auth/next-auth/cloudflare-zero-trust.zh-CN.mdx

@@ -49,9 +49,9 @@ tags:
 | --- | --- | --- |
 | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
 | `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Cloudflare Zero Trust 请填写 `cloudflare-zero-trust`。 |
-| `CLOUDFLARE_ZERO_TRUST_CLIENT_ID` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client ID`，示例值是 `lobe-chat` |
-| `CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client secret`，示例值是 `insecure_secret` |
-| `CLOUDFLARE_ZERO_TRUST_ISSUER` | 必选 | 在 Cloudflare Zero Trust 生成的 `Issuer`，例如 `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/7db0f` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_ID` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client ID`，示例值是 `lobe-chat` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client secret`，示例值是 `insecure_secret` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` | 必选 | 在 Cloudflare Zero Trust 生成的 `Issuer`，例如 `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/7db0f` |
 | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://chat.example.com/api/auth` |
 
   <Callout type={'tip'}>