@lobehub/chat 1.26.16 → 1.26.18

package/CHANGELOG.md

@@ -2,6 +2,56 @@
 
 # Changelog
 
+### [Version 1.26.18](https://github.com/lobehub/lobe-chat/compare/v1.26.17...v1.26.18)
+
+<sup>Released on **2024-11-03**</sup>
+
+#### 🐛 Bug Fixes
+
+- **misc**: Fix MS Entra ID and Azure AD authorization.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's fixed
+
+- **misc**: Fix MS Entra ID and Azure AD authorization, closes [#4579](https://github.com/lobehub/lobe-chat/issues/4579) ([ced8a08](https://github.com/lobehub/lobe-chat/commit/ced8a08))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
+### [Version 1.26.17](https://github.com/lobehub/lobe-chat/compare/v1.26.16...v1.26.17)
+
+<sup>Released on **2024-10-31**</sup>
+
+#### ♻ Code Refactoring
+
+- **misc**: Improve server log on chat api.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### Code refactoring
+
+- **misc**: Improve server log on chat api, closes [#4559](https://github.com/lobehub/lobe-chat/issues/4559) ([cd8a134](https://github.com/lobehub/lobe-chat/commit/cd8a134))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.26.16](https://github.com/lobehub/lobe-chat/compare/v1.26.15...v1.26.16)
 
 <sup>Released on **2024-10-31**</sup>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.26.16",
+  "version": "1.26.18",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",
@@ -102,7 +102,7 @@
   "dependencies": {
     "@ant-design/icons": "^5.5.1",
     "@ant-design/pro-components": "^2.7.18",
-    "@anthropic-ai/sdk": "^0.30.0",
+    "@anthropic-ai/sdk": "^0.31.0",
     "@auth/core": "^0.37.0",
     "@aws-sdk/client-bedrock-runtime": "^3.675.0",
     "@aws-sdk/client-s3": "^3.675.0",
@@ -150,7 +150,7 @@
     "debug": "^4.3.7",
     "dexie": "^3.2.7",
     "diff": "^5.2.0",
-    "drizzle-orm": "^0.35.0",
+    "drizzle-orm": "^0.36.0",
     "drizzle-zod": "^0.5.1",
     "fast-deep-equal": "^3.1.3",
     "file-type": "^19.6.0",
@@ -224,7 +224,7 @@
     "url-join": "^5.0.0",
     "use-merge-value": "^1.2.0",
     "utility-types": "^3.11.0",
-    "uuid": "^10.0.0",
+    "uuid": "^11.0.0",
     "ws": "^8.18.0",
     "y-protocols": "^1.0.6",
     "y-webrtc": "^10.3.0",
@@ -248,7 +248,7 @@
     "@testing-library/react": "^16.0.1",
     "@types/chroma-js": "^2.4.4",
     "@types/debug": "^4.1.12",
-    "@types/diff": "^5.2.3",
+    "@types/diff": "^6.0.0",
     "@types/ip": "^1.1.3",
     "@types/json-schema": "^7.0.15",
     "@types/lodash": "^4.17.12",
@@ -271,7 +271,7 @@
     "consola": "^3.2.3",
     "dotenv": "^16.4.5",
     "dpdm-fast": "^1.0.4",
-    "drizzle-kit": "^0.26.0",
+    "drizzle-kit": "^0.27.0",
     "eslint": "^8.57.1",
     "eslint-plugin-mdx": "^2.3.4",
     "eslint-plugin-unused-imports": "4.0.1",
@@ -302,7 +302,7 @@
     "vitest": "~1.2.2",
     "vitest-canvas-mock": "^0.3.3"
   },
-  "packageManager": "pnpm@9.12.2",
+  "packageManager": "pnpm@9.12.3",
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org"

package/src/app/(backend)/webapi/chat/[provider]/route.ts

@@ -1,5 +1,9 @@
 import { checkAuth } from '@/app/(backend)/middleware/auth';
-import { AgentRuntime, ChatCompletionErrorPayload } from '@/libs/agent-runtime';
+import {
+  AGENT_RUNTIME_ERROR_SET,
+  AgentRuntime,
+  ChatCompletionErrorPayload,
+} from '@/libs/agent-runtime';
 import { createTraceOptions, initAgentRuntimeWithUserPayload } from '@/server/modules/AgentRuntime';
 import { ChatErrorType } from '@/types/fetch';
 import { ChatStreamPayload } from '@/types/openai/chat';
@@ -44,8 +48,10 @@ export const POST = checkAuth(async (req: Request, { params, jwtPayload, createR
     } = e as ChatCompletionErrorPayload;
 
     const error = errorContent || e;
+
+    const logMethod = AGENT_RUNTIME_ERROR_SET.has(errorType as string) ? 'warn' : 'error';
     // track the error at server side
-    console.error(`Route: [${provider}] ${errorType}:`, error);
+    console[logMethod](`Route: [${provider}] ${errorType}:`, error);
 
     return createErrorResponse(errorType, { error, ...res, provider });
   }

package/src/config/file.ts

@@ -31,6 +31,7 @@ export const getFileConfig = () => {
       S3_BUCKET: process.env.S3_BUCKET,
       S3_ENABLE_PATH_STYLE: process.env.S3_ENABLE_PATH_STYLE === '1',
       S3_ENDPOINT: process.env.S3_ENDPOINT,
+      S3_PREVIEW_URL_EXPIRE_IN: parseInt(process.env.S3_PREVIEW_URL_EXPIRE_IN || '7200'),
       S3_PUBLIC_DOMAIN,
       S3_REGION: process.env.S3_REGION,
       S3_SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY,
@@ -46,6 +47,7 @@ export const getFileConfig = () => {
       S3_ENABLE_PATH_STYLE: z.boolean(),
 
       S3_ENDPOINT: z.string().url().optional(),
+      S3_PREVIEW_URL_EXPIRE_IN: z.number(),
       S3_PUBLIC_DOMAIN: z.string().url().optional(),
       S3_REGION: z.string().optional(),
       S3_SECRET_ACCESS_KEY: z.string().optional(),

package/src/database/server/models/message.ts

@@ -127,10 +127,12 @@ export class MessageModel {
       .leftJoin(files, eq(files.id, messagesFiles.fileId))
       .where(inArray(messagesFiles.messageId, messageIds));
 
-    const relatedFileList = rawRelatedFileList.map((file) => ({
-      ...file,
-      url: getFullFileUrl(file.url),
-    }));
+    const relatedFileList = await Promise.all(
+      rawRelatedFileList.map(async (file) => ({
+        ...file,
+        url: await getFullFileUrl(file.url),
+      })),
+    );
 
     const imageList = relatedFileList.filter((i) => (i.fileType || '').startsWith('image'));
     const fileList = relatedFileList.filter((i) => !(i.fileType || '').startsWith('image'));

package/src/libs/agent-runtime/error.ts

@@ -27,5 +27,7 @@ export const AgentRuntimeErrorType = {
   OpenAIBizError: 'OpenAIBizError',
 } as const;
 
+export const AGENT_RUNTIME_ERROR_SET = new Set<string>(Object.values(AgentRuntimeErrorType));
+
 export type ILobeAgentRuntimeErrorType =
   (typeof AgentRuntimeErrorType)[keyof typeof AgentRuntimeErrorType];

package/src/libs/next-auth/sso-providers/azure-ad.ts

@@ -2,6 +2,7 @@ import AzureAD from 'next-auth/providers/azure-ad';
 
 import { authEnv } from '@/config/auth';
 
+import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
 import { CommonProviderConfig } from './sso.config';
 
 const provider = {
@@ -14,8 +15,7 @@ const provider = {
     // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
     clientId: authEnv.AZURE_AD_CLIENT_ID ?? process.env.AUTH_AZURE_AD_ID,
     clientSecret: authEnv.AZURE_AD_CLIENT_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
-    // @ts-ignore
-    tenantId: authEnv.AZURE_AD_TENANT_ID ?? process.env.AUTH_AZURE_AD_TENANT_ID,
+    issuer: getMicrosoftEntraIdIssuer(),
     // Remove end
     // TODO(NextAuth): map unique user id to `providerAccountId` field
     // profile(profile) {

package/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts

@@ -0,0 +1,25 @@
+import { authEnv } from '@/config/auth';
+
+function getTenantId() {
+  return (
+    process.env.MICROSOFT_ENTRA_ID_TENANT_ID ??
+    process.env.AUTH_AZURE_AD_TENANT_ID ??
+    authEnv.AZURE_AD_TENANT_ID
+  );
+}
+
+function getIssuer() {
+  const issuer = process.env.MICROSOFT_ENTRA_ID_ISSUER;
+  if (issuer) {
+    return issuer;
+  }
+  const tenantId = getTenantId();
+  if (tenantId) {
+    // refs: https://github.com/nextauthjs/next-auth/discussions/9154#discussioncomment-10583104
+    return `https://login.microsoftonline.com/${tenantId}/v2.0`;
+  } else {
+    return undefined;
+  }
+}
+
+export { getIssuer as getMicrosoftEntraIdIssuer, getTenantId as getMicrosoftEntraIdTenantId };

package/src/libs/next-auth/sso-providers/microsoft-entra-id.ts

@@ -1,5 +1,6 @@
 import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';
 
+import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
 import { CommonProviderConfig } from './sso.config';
 
 const provider = {
@@ -9,6 +10,9 @@ const provider = {
     // Specify auth scope, at least include 'openid email'
     // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
     authorization: { params: { scope: 'openid email profile' } },
+    clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_AZURE_AD_ID,
+    clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
+    issuer: getMicrosoftEntraIdIssuer(),
   }),
 };
 

package/src/server/modules/S3/index.ts

@@ -105,6 +105,17 @@ export class S3 {
     return getSignedUrl(this.client, command, { expiresIn: 3600 });
   }
 
+  public async createPreSignedUrlForPreview(key: string, expiresIn?: number): Promise<string> {
+    const command = new GetObjectCommand({
+      Bucket: this.bucket,
+      Key: key,
+    });
+
+    return getSignedUrl(this.client, command, {
+      expiresIn: expiresIn ?? fileEnv.S3_PREVIEW_URL_EXPIRE_IN,
+    });
+  }
+
   public async uploadContent(path: string, content: string) {
     const command = new PutObjectCommand({
       ACL: this.setAcl ? 'public-read' : undefined,

package/src/server/routers/lambda/file.ts

@@ -57,7 +57,7 @@ export const fileRouter = router({
         url: input.url,
       });
 
-      return { id, url: getFullFileUrl(input.url) };
+      return { id, url: await getFullFileUrl(input.url) };
     }),
   findById: fileProcedure
     .input(
@@ -69,7 +69,7 @@ export const fileRouter = router({
       const item = await ctx.fileModel.findById(input.id);
       if (!item) throw new TRPCError({ code: 'BAD_REQUEST', message: 'File not found' });
 
-      return { ...item, url: getFullFileUrl(item?.url) };
+      return { ...item, url: await getFullFileUrl(item?.url) };
     }),
 
   getFileItemById: fileProcedure
@@ -102,7 +102,7 @@ export const fileRouter = router({
         embeddingError: embeddingTask?.error,
         embeddingStatus: embeddingTask?.status as AsyncTaskStatus,
         finishEmbedding: embeddingTask?.status === AsyncTaskStatus.Success,
-        url: getFullFileUrl(item.url!),
+        url: await getFullFileUrl(item.url!),
       };
     }),
 
@@ -124,13 +124,14 @@ export const fileRouter = router({
       AsyncTaskType.Embedding,
     );
 
-    return fileList.map(({ chunkTaskId, embeddingTaskId, ...item }): FileListItem => {
+    const resultFiles = [] as any[];
+    for (const { chunkTaskId, embeddingTaskId, ...item } of fileList as any[]) {
       const chunkTask = chunkTaskId ? chunkTasks.find((task) => task.id === chunkTaskId) : null;
       const embeddingTask = embeddingTaskId
         ? embeddingTasks.find((task) => task.id === embeddingTaskId)
         : null;
 
-      return {
+      const fileItem = {
         ...item,
         chunkCount: chunks.find((chunk) => chunk.id === item.id)?.count ?? null,
         chunkingError: chunkTask?.error ?? null,
@@ -138,9 +139,12 @@ export const fileRouter = router({
         embeddingError: embeddingTask?.error ?? null,
         embeddingStatus: embeddingTask?.status as AsyncTaskStatus,
         finishEmbedding: embeddingTask?.status === AsyncTaskStatus.Success,
-        url: getFullFileUrl(item.url!),
-      };
-    });
+        url: await getFullFileUrl(item.url!),
+      } as FileListItem;
+      resultFiles.push(fileItem);
+    }
+
+    return resultFiles;
   }),
 
   removeAllFiles: fileProcedure.mutation(async ({ ctx }) => {

package/src/server/routers/lambda/ragEval.ts

@@ -263,7 +263,7 @@ export const ragEvalRouter = router({
         // 保存数据
         await ctx.evaluationModel.update(input.id, {
           status: EvalEvaluationStatus.Success,
-          evalRecordsUrl: getFullFileUrl(path),
+          evalRecordsUrl: await getFullFileUrl(path),
         });
       }
 

package/src/server/utils/files.test.ts

@@ -8,6 +8,7 @@ const config = {
   S3_ENABLE_PATH_STYLE: false,
   S3_PUBLIC_DOMAIN: 'https://example.com',
   S3_BUCKET: 'my-bucket',
+  S3_SET_ACL: true,
 };
 
 vi.mock('@/config/file', () => ({
@@ -17,20 +18,20 @@ vi.mock('@/config/file', () => ({
 }));
 
 describe('getFullFileUrl', () => {
-  it('should return empty string for null or undefined input', () => {
-    expect(getFullFileUrl(null)).toBe('');
-    expect(getFullFileUrl(undefined)).toBe('');
+  it('should return empty string for null or undefined input', async () => {
+    expect(await getFullFileUrl(null)).toBe('');
+    expect(await getFullFileUrl(undefined)).toBe('');
   });
 
-  it('should return correct URL when S3_ENABLE_PATH_STYLE is false', () => {
+  it('should return correct URL when S3_ENABLE_PATH_STYLE is false', async () => {
     const url = 'path/to/file.jpg';
-    expect(getFullFileUrl(url)).toBe('https://example.com/path/to/file.jpg');
+    expect(await getFullFileUrl(url)).toBe('https://example.com/path/to/file.jpg');
   });
 
-  it('should return correct URL when S3_ENABLE_PATH_STYLE is true', () => {
+  it('should return correct URL when S3_ENABLE_PATH_STYLE is true', async () => {
     config.S3_ENABLE_PATH_STYLE = true;
     const url = 'path/to/file.jpg';
-    expect(getFullFileUrl(url)).toBe('https://example.com/my-bucket/path/to/file.jpg');
+    expect(await getFullFileUrl(url)).toBe('https://example.com/my-bucket/path/to/file.jpg');
     config.S3_ENABLE_PATH_STYLE = false;
   });
 });

package/src/server/utils/files.ts

@@ -1,10 +1,17 @@
 import urlJoin from 'url-join';
 
 import { fileEnv } from '@/config/file';
+import { S3 } from '@/server/modules/S3';
 
-export const getFullFileUrl = (url?: string | null) => {
+export const getFullFileUrl = async (url?: string | null, expiresIn?: number) => {
   if (!url) return '';
 
+  // If bucket is not set public read, the preview address needs to be regenerated each time
+  if (!fileEnv.S3_SET_ACL) {
+    const s3 = new S3();
+    return await s3.createPreSignedUrlForPreview(url, expiresIn);
+  }
+
   if (fileEnv.S3_ENABLE_PATH_STYLE) {
     return urlJoin(fileEnv.S3_PUBLIC_DOMAIN!, fileEnv.S3_BUCKET!, url);
   }