@lobehub/chat 1.79.8 → 1.79.10

package/src/app/(backend)/oidc/[...oidc]/route.ts

@@ -1,188 +1,17 @@
 import debug from 'debug';
 import { NextRequest, NextResponse } from 'next/server';
-import { randomUUID } from 'node:crypto';
 import { URL } from 'node:url';
 
-import { getDBInstance } from '@/database/core/web-server';
 import { oidcEnv } from '@/envs/oidc';
-import { DrizzleAdapter } from '@/libs/oidc-provider/adapter';
 import { createNodeRequest, createNodeResponse } from '@/libs/oidc-provider/http-adapter';
 import { getOIDCProvider } from '@/server/services/oidc/oidcProvider';
 
 const log = debug('lobe-oidc:route'); // Create a debug instance with a namespace
 
-// 会话同步标头
-const OIDC_SESSION_HEADER = 'x-oidc-session-sync';
-
-/**
- * 处理会话同步
- * 如果请求中包含 x-oidc-session-sync 头，预先创建一个 OIDC 会话
- */
-const syncOIDCSession = async (req: NextRequest): Promise<void> => {
-  const externalUserId = req.headers.get(OIDC_SESSION_HEADER);
-
-  if (!externalUserId) {
-    log('没有找到 x-oidc-session-sync 头，跳过会话同步');
-    return;
-  }
-
-  log('找到会话同步请求，外部用户 ID: %s', externalUserId);
-
-  try {
-    const db = getDBInstance();
-    const sessionAdapter = new DrizzleAdapter('Session', db);
-
-    // 查找是否已有对应的 OIDC 会话
-    // 使用新方法按用户 ID 查找会话
-    const existingSession = await sessionAdapter.findSessionByUserId(externalUserId);
-
-    if (existingSession) {
-      log(
-        '已找到与用户 %s 关联的现有 OIDC 会话，ID: %s',
-        externalUserId,
-        existingSession.uid || existingSession.jti,
-      );
-      return;
-    }
-
-    // 创建新的会话
-    const sessionId = randomUUID();
-    const now = Math.floor(Date.now() / 1000);
-    const expiresIn = 30 * 24 * 60 * 60; // 30 天，与 provider.ts 中的 TTL 配置一致
-
-    // 创建基本会话数据
-    const sessionData = {
-      accountId: externalUserId,
-
-      // 添加额外会话信息
-      authTime: now,
-
-      // 添加所有必要的 OIDC 会话字段
-      cookie: `oidc.session.${sessionId}`,
-
-      exp: now + expiresIn,
-
-      iat: now,
-
-      jti: sessionId,
-
-      // 为 findAccount 添加必要的字段
-      login: {
-        accountId: externalUserId,
-        remember: true,
-      },
-
-      uid: sessionId,
-      username: externalUserId,
-    };
-
-    // 使用适配器创建会话
-    await sessionAdapter.upsert(sessionId, sessionData, expiresIn);
-    log('成功为外部用户 %s 创建 OIDC 会话 %s', externalUserId, sessionId);
-  } catch (error) {
-    log('同步 OIDC 会话时出错: %O', error);
-    console.error('同步 OIDC 会话错误:', error);
-    // 不抛出错误，让请求继续处理
-  }
-};
-
-/**
- * 处理 catch-all 路由下的所有 OIDC 请求
- * 这个处理器会捕获所有 /oauth/[...oidc] 的请求
- * 例如: /oauth/auth, /oauth/token, /oauth/userinfo 等
- */
-export async function GET(req: NextRequest) {
+const handler = async (req: NextRequest) => {
   const requestUrl = new URL(req.url);
-  log('Received GET request: %s %s', req.method, req.url);
+  log(`Received ${req.method.toUpperCase()} request: %s %s`, req.method, req.url);
   log('Path: %s, Pathname: %s', requestUrl.pathname, requestUrl.pathname);
-  log('Headers: %O', Object.fromEntries(req.headers.entries())); // Log headers object
-
-  // 声明响应收集器
-  let responseCollector;
-
-  try {
-    if (!oidcEnv.ENABLE_OIDC) {
-      log('OIDC is not enabled');
-      return new NextResponse('OIDC is not enabled', { status: 404 });
-    }
-
-    // 在获取 OIDC 提供者实例前同步会话
-    await syncOIDCSession(req);
-
-    // 获取 OIDC Provider 实例
-    const provider = await getOIDCProvider();
-
-    log('Calling provider.callback() for GET');
-    await new Promise<void>((resolve, reject) => {
-      let middleware: any;
-      try {
-        log('Attempting to get middleware from provider.callback()');
-        middleware = provider.callback();
-        log('Successfully obtained middleware function.');
-      } catch (syncError) {
-        log('SYNC ERROR during provider.callback() call itself: %O', syncError);
-        reject(syncError);
-        return;
-      }
-
-      // 使用辅助方法创建响应收集器
-      responseCollector = createNodeResponse(resolve);
-      const nodeResponse = responseCollector.nodeResponse;
-
-      // 使用辅助方法创建 Node.js 请求对象
-      const nodeRequest = createNodeRequest(req);
-
-      log('Calling the obtained middleware...');
-      middleware(nodeRequest, nodeResponse, (error?: Error) => {
-        log('Middleware callback function HAS BEEN EXECUTED.');
-        if (error) {
-          log('Middleware error reported via callback: %O', error);
-          reject(error); // Reject if callback reports error
-        } else {
-          log(
-            'Middleware completed successfully via callback (may be redundant if .end() was called).',
-          );
-          // Ensure promise resolves even if end() wasn't called but callback was
-          resolve();
-        }
-      });
-      log('Middleware call initiated, waiting for its callback OR nodeResponse.end()...');
-    });
-
-    log('Promise surrounding middleware call resolved.');
-
-    if (!responseCollector) {
-      throw new Error('ResponseCollector was not initialized.');
-    }
-
-    const {
-      responseStatus: finalStatus,
-      responseBody: finalBody,
-      responseHeaders: finalHeaders,
-    } = responseCollector;
-
-    log('Final Response Status: %d', finalStatus);
-    log('Final Response Headers: %O', finalHeaders);
-
-    return new NextResponse(finalBody, {
-      // eslint-disable-next-line no-undef
-      headers: finalHeaders as HeadersInit,
-      status: finalStatus,
-    });
-  } catch (error) {
-    log('Error handling OIDC GET request: %O', error); // Log the full error object
-    // Ensure responseCollector is checked even in catch block if needed, though error likely occurred before/during promise
-    return new NextResponse(`Internal Server Error: ${(error as Error).message}`, { status: 500 });
-  }
-}
-
-/**
- * 处理 POST 请求 (用于令牌端点等)
- */
-export async function POST(req: NextRequest) {
-  log('Received POST request: %s %s', req.method, req.url);
-  const bodyText = await req.text(); // Read body first
-  log('Body: %s', bodyText); // Log body as string
 
   // 声明响应收集器
   let responseCollector;
@@ -193,14 +22,12 @@ export async function POST(req: NextRequest) {
       return new NextResponse('OIDC is not enabled', { status: 404 });
     }
 
-    // 在获取 OIDC 提供者实例前同步会话
-    await syncOIDCSession(req);
-
     // 获取 OIDC Provider 实例
     const provider = await getOIDCProvider();
 
-    log('Calling provider.callback() for POST');
+    log(`Calling provider.callback() for ${req.method}`); // Log the method
     await new Promise<void>((resolve, reject) => {
+      // <-- Make promise callback async
       let middleware: any;
       try {
         log('Attempting to get middleware from provider.callback()');
@@ -216,23 +43,23 @@ export async function POST(req: NextRequest) {
       responseCollector = createNodeResponse(resolve);
       const nodeResponse = responseCollector.nodeResponse;
 
-      // 使用辅助方法创建 Node.js 请求对象，包含 POST 请求体
-      const nodeRequest = createNodeRequest(req, '/oauth', bodyText);
-
-      log('Calling the obtained middleware...');
-      middleware(nodeRequest, nodeResponse, (error?: Error) => {
-        log('Middleware callback function HAS BEEN EXECUTED.');
-        if (error) {
-          log('Middleware error reported via callback: %O', error);
-          reject(error);
-        } else {
-          log(
-            'Middleware completed successfully via callback (may be redundant if .end() was called).',
-          );
-          resolve();
-        }
+      // 使用辅助方法创建 Node.js 请求对象，现在需要 await
+      createNodeRequest(req).then((nodeRequest) => {
+        log('Calling the obtained middleware...');
+        middleware(nodeRequest, nodeResponse, (error?: Error) => {
+          log('Middleware callback function HAS BEEN EXECUTED.');
+          if (error) {
+            log('Middleware error reported via callback: %O', error);
+            reject(error);
+          } else {
+            log(
+              'Middleware completed successfully via callback (may be redundant if .end() was called).',
+            );
+            resolve();
+          }
+        });
+        log('Middleware call initiated, waiting for its callback OR nodeResponse.end()...');
       });
-      log('Middleware call initiated, waiting for its callback OR nodeResponse.end()...');
     });
 
     log('Promise surrounding middleware call resolved.');
@@ -257,14 +84,13 @@ export async function POST(req: NextRequest) {
       status: finalStatus,
     });
   } catch (error) {
-    log('Error handling OIDC POST request: %O', error); // Log the full error object
+    log(`Error handling OIDC ${req.method} request: %O`, error); // Log method in error
     return new NextResponse(`Internal Server Error: ${(error as Error).message}`, { status: 500 });
   }
-}
+};
 
-/**
- * 同样处理其他 HTTP 方法
- */
-export const PUT = POST;
-export const DELETE = POST;
-export const PATCH = POST;
+export const GET = handler;
+export const POST = handler;
+export const PUT = handler;
+export const DELETE = handler;
+export const PATCH = handler;

package/src/app/(backend)/oidc/consent/route.ts

@@ -1,13 +1,13 @@
 import debug from 'debug';
 import { NextRequest, NextResponse } from 'next/server';
-import urlJoin from 'url-join';
 
-import { appEnv } from '@/config/app';
 import { OIDCService } from '@/server/services/oidc';
+import { getUserAuth } from '@/utils/server/auth';
 
 const log = debug('lobe-oidc:consent');
 
 export async function POST(request: NextRequest) {
+  log('Received POST request for /oidc/consent, URL: %s', request.url);
   try {
     const formData = await request.formData();
     const consent = formData.get('consent') as string;
@@ -43,22 +43,64 @@ export async function POST(request: NextRequest) {
       throw error;
     }
 
+    const { prompt } = details;
     let result;
     if (consent === 'accept') {
+      log(`User accepted the request, Handling 'login' prompt`);
+      const { userId } = await getUserAuth();
+      log('Obtained userId: %s', userId);
+
       if (details.prompt.name === 'login') {
         result = {
-          login: { accountId: details.session?.accountId, remember: true },
+          login: { accountId: userId, remember: true },
         };
       } else {
-        result = {
-          consent: {
-            rejectedClaims: [],
-            rejectedScopes: [],
-          },
-        };
+        log(`Handling 'consent' prompt`);
+
+        // 1. 获取必要的 ID
+        const clientId = details.params.client_id as string;
+
+        // 2. 查找或创建 Grant 对象
+        const grant = await oidcService.findOrCreateGrants(userId!, clientId, details.grantId);
+
+        // 3. 将用户同意的 scopes 和 claims 添加到 Grant 对象
+        //    这些信息通常在 details.prompt.details 中
+        const missingOIDCScope = (prompt.details.missingOIDCScope as string[]) || [];
+        if (missingOIDCScope) {
+          grant.addOIDCScope(missingOIDCScope.join(' '));
+          log('Added OIDC scopes to grant: %s', missingOIDCScope.join(' '));
+        }
+        const missingOIDCClaims = (prompt.details.missingOIDCClaims as string[]) || [];
+        if (missingOIDCClaims) {
+          grant.addOIDCClaims(missingOIDCClaims);
+          log('Added OIDC claims to grant: %s', missingOIDCClaims.join(' '));
+        }
+
+        const missingResourceScopes =
+          (prompt.details.missingResourceScopes as Record<string, string[]>) || {};
+        if (missingResourceScopes) {
+          for (const [indicator, scopes] of Object.entries(missingResourceScopes)) {
+            grant.addResourceScope(indicator, scopes.join(' '));
+            log('Added resource scopes for %s to grant: %s', indicator, scopes.join(' '));
+          }
+        }
+        // 如果使用了 RAR (Rich Authorization Requests)，也需要添加到 grant
+        // if (prompt.details.rar) {
+        //   prompt.details.rar.forEach(detail => grant.addRar(detail));
+        // }
+
+        // 4. 保存 Grant 对象以获取其 jti (grantId)
+        const newGrantId = await grant.save();
+        log('Saved grant with ID: %s', newGrantId);
+
+        // 5. 准备包含 grantId 的 result
+        result = { consent: { grantId: newGrantId } };
+
+        log('Consent result prepared with grantId');
       }
       log('User %s the authorization', consent);
     } else {
+      log('User rejected the request');
       result = {
         error: 'access_denied',
         error_description: 'User denied the authorization request',
@@ -66,23 +108,15 @@ export async function POST(request: NextRequest) {
       log('User %s the authorization', consent);
     }
 
-    // 获取OIDC提供商的默认重定向URL，但不会直接使用它
-    const redirectUrl = await oidcService.getInteractionResult(uid, result);
-    log('Default redirectUrl: %s', redirectUrl);
+    log('Interaction Result: %O', result);
 
-    // 根据用户选择定制重定向地址
+    const internalRedirectUrlString = await oidcService.getInteractionResult(uid, result);
+    log('OIDC Provider internal redirect URL string: %s', internalRedirectUrlString);
 
-    if (consent === 'accept') {
-      // 用户同意授权，跳转到success页面
-      const successUrl = urlJoin(appEnv.APP_URL!, `/oauth/consent/${uid}/success`);
-      log('Redirecting to success page: %s', successUrl);
-      return NextResponse.redirect(successUrl);
-    } else {
-      // 用户拒绝授权，跳转到failed页面
-      const failedUrl = urlJoin(appEnv.APP_URL!, `/oauth/consent/${uid}/failed`);
-      log('Redirecting to failed page: %s', failedUrl);
-      return NextResponse.redirect(failedUrl);
-    }
+    return NextResponse.redirect(internalRedirectUrlString, {
+      headers: request.headers,
+      status: 303,
+    });
   } catch (error) {
     log('Error processing consent: %s', error instanceof Error ? error.message : 'unknown error');
     console.error('Error processing consent:', error);

package/src/app/(backend)/trpc/async/[trpc]/route.ts

@@ -2,7 +2,7 @@ import { fetchRequestHandler } from '@trpc/server/adapters/fetch';
 import type { NextRequest } from 'next/server';
 
 import { pino } from '@/libs/logger';
-import { createAsyncRouteContext } from '@/server/asyncContext';
+import { createAsyncRouteContext } from '@/libs/trpc/async/context';
 import { asyncRouter } from '@/server/routers/async';
 
 export const maxDuration = 60;

package/src/app/(backend)/trpc/edge/[trpc]/route.ts

@@ -2,7 +2,7 @@ import { fetchRequestHandler } from '@trpc/server/adapters/fetch';
 import type { NextRequest } from 'next/server';
 
 import { pino } from '@/libs/logger';
-import { createContext } from '@/server/context';
+import { createEdgeContext } from '@/libs/trpc/edge/context';
 import { edgeRouter } from '@/server/routers/edge';
 
 export const runtime = 'edge';
@@ -12,7 +12,7 @@ const handler = (req: NextRequest) =>
     /**
      * @link https://trpc.io/docs/v11/context
      */
-    createContext: () => createContext(req),
+    createContext: () => createEdgeContext(req),
 
     endpoint: '/trpc/edge',
 

package/src/app/(backend)/trpc/lambda/[trpc]/route.ts

@@ -2,7 +2,7 @@ import { fetchRequestHandler } from '@trpc/server/adapters/fetch';
 import type { NextRequest } from 'next/server';
 
 import { pino } from '@/libs/logger';
-import { createContext } from '@/server/context';
+import { createLambdaContext } from '@/libs/trpc/lambda/context';
 import { lambdaRouter } from '@/server/routers/lambda';
 
 const handler = (req: NextRequest) =>
@@ -10,7 +10,7 @@ const handler = (req: NextRequest) =>
     /**
      * @link https://trpc.io/docs/v11/context
      */
-    createContext: () => createContext(req),
+    createContext: () => createLambdaContext(req),
 
     endpoint: '/trpc/lambda',
 

package/src/app/(backend)/trpc/tools/[trpc]/route.ts

@@ -2,7 +2,7 @@ import { fetchRequestHandler } from '@trpc/server/adapters/fetch';
 import type { NextRequest } from 'next/server';
 
 import { pino } from '@/libs/logger';
-import { createContext } from '@/server/context';
+import { createLambdaContext } from '@/libs/trpc/lambda/context';
 import { toolsRouter } from '@/server/routers/tools';
 
 const handler = (req: NextRequest) =>
@@ -10,7 +10,7 @@ const handler = (req: NextRequest) =>
     /**
      * @link https://trpc.io/docs/v11/context
      */
-    createContext: () => createContext(req),
+    createContext: () => createLambdaContext(req),
 
     endpoint: '/trpc/tools',
 

package/src/app/[variants]/(main)/files/[id]/page.tsx

@@ -2,7 +2,7 @@ import { notFound } from 'next/navigation';
 import { Flexbox } from 'react-layout-kit';
 
 import FileViewer from '@/features/FileViewer';
-import { createCallerFactory } from '@/libs/trpc';
+import { createCallerFactory } from '@/libs/trpc/lambda';
 import { lambdaRouter } from '@/server/routers/lambda';
 import { PagePropsWithId } from '@/types/next';
 import { getUserAuth } from '@/utils/server/auth';