@lobehub/chat 1.80.1 → 1.80.3

package/src/server/services/oidc/index.ts

@@ -1,3 +1,4 @@
+import { TRPCError } from '@trpc/server';
 import debug from 'debug';
 
 import { createContextForInteractionDetails } from '@/libs/oidc-provider/http-adapter';
@@ -19,6 +20,76 @@ export class OIDCService {
     return new OIDCService(provider);
   }
 
+  /**
+   * 验证 OIDC Bearer Token 并返回用户信息
+   * 使用 oidc-provider 实例的 AccessToken.find 方法验证 token
+   *
+   * @param token - Bearer Token
+   * @returns 包含用户ID和Token数据的对象
+   * @throws 如果token无效或OIDC未启用则抛出 TRPCError
+   */
+  async validateToken(token: string) {
+    try {
+      log('Validating access token using AccessToken.find');
+
+      // 使用 oidc-provider 的 AccessToken 查找和验证方法
+      const accessToken = await this.provider.AccessToken.find(token);
+
+      if (!accessToken) {
+        log('Access token not found, expired, or consumed');
+        throw new TRPCError({
+          code: 'UNAUTHORIZED',
+          message: 'Access token 无效、已过期或已被使用',
+        });
+      }
+
+      // 从 accessToken 实例中获取必要的数据
+      // 注意：accessToken 没有 payload() 方法，而是直接访问其属性
+      const userId = accessToken.accountId; // 用户 ID 通常存储在 accountId 属性中
+      const clientId = accessToken.clientId;
+
+      // 如果需要更多的声明信息，可以从 accessToken 的其他属性中获取
+      // 例如，scopes、claims、exp 等
+      const tokenData = {
+        client_id: clientId,
+        exp: accessToken.exp,
+        iat: accessToken.iat,
+        jti: accessToken.jti,
+        scope: accessToken.scope,
+        // OIDC 标准中，sub 字段表示用户 ID
+        sub: userId,
+      };
+
+      if (!userId) {
+        log('Access token does not contain user ID (accountId)');
+        throw new TRPCError({
+          code: 'UNAUTHORIZED',
+          message: 'Access token 中未包含用户 ID',
+        });
+      }
+
+      log('Access token validated successfully for user: %s', userId);
+      return {
+        // 包含 token 原始数据，可用于获取更多信息
+        accessToken,
+        // 构建的 token 数据对象
+        tokenData,
+        // 用户 ID
+        userId,
+      };
+    } catch (error) {
+      if (error instanceof TRPCError) throw error;
+
+      // AccessToken.find 可能抛出特定错误
+      log('Error validating access token with AccessToken.find: %O', error);
+      console.error('OIDC 令牌验证错误:', error);
+      throw new TRPCError({
+        code: 'UNAUTHORIZED',
+        message: `OIDC 认证失败: ${(error as Error).message}`,
+      });
+    }
+  }
+
   async getInteractionDetails(uid: string) {
     const { req, res } = await createContextForInteractionDetails(uid);
     return this.provider.interactionDetails(req, res);

package/src/services/user/client.ts

@@ -39,18 +39,21 @@ export class ClientService extends BaseClientService implements IUserService {
       encryptKeyVaultsStr ? JSON.parse(encryptKeyVaultsStr) : {},
     );
 
-    const user = await UserModel.findById(clientDB as any, this.userId);
     const messageCount = await this.messageModel.count();
     const sessionCount = await this.sessionModel.count();
 
     return {
       ...state,
-      avatar: user?.avatar as string,
+      avatar: state.avatar ?? '',
       canEnablePWAGuide: messageCount >= 4,
       canEnableTrace: messageCount >= 4,
+      firstName: state.firstName,
+      fullName: state.fullName,
       hasConversation: messageCount > 0 || sessionCount > 0,
       isOnboard: true,
+      lastName: state.lastName,
       preference: await this.preferenceStorage.getFromLocalStorage(),
+      username: state.username,
     };
   };
 

package/src/store/user/slices/common/action.ts

@@ -7,7 +7,7 @@ import { useOnlyFetchOnceSWR } from '@/libs/swr';
 import { userService } from '@/services/user';
 import type { UserStore } from '@/store/user';
 import type { GlobalServerConfig } from '@/types/serverConfig';
-import { UserInitializationState } from '@/types/user';
+import { LobeUser, UserInitializationState } from '@/types/user';
 import type { UserSettings } from '@/types/user/settings';
 import { merge } from '@/utils/merge';
 import { setNamespace } from '@/utils/storeDebug';
@@ -91,7 +91,14 @@ export const createCommonSlice: StateCreator<
             // if there is avatar or userId (from client DB), update it into user
             const user =
               data.avatar || data.userId
-                ? merge(get().user, { avatar: data.avatar, id: data.userId })
+                ? merge(get().user, {
+                    avatar: data.avatar,
+                    firstName: data.firstName,
+                    fullName: data.fullName,
+                    id: data.userId,
+                    latestName: data.lastName,
+                    username: data.username,
+                  } as LobeUser)
                 : get().user;
 
             set(

package/src/types/user/index.ts

@@ -48,14 +48,19 @@ export interface UserInitializationState {
   avatar?: string;
   canEnablePWAGuide?: boolean;
   canEnableTrace?: boolean;
+  email?: string;
+  firstName?: string;
+  fullName?: string;
   hasConversation?: boolean;
   isOnboard?: boolean;
+  lastName?: string;
   preference: UserPreference;
   settings: DeepPartial<UserSettings>;
   userId?: string;
+  username?: string;
 }
 
 export const NextAuthAccountSchame = z.object({
   provider: z.string(),
   providerAccountId: z.string(),
-});
+});

package/src/utils/parseModels.test.ts

@@ -87,7 +87,9 @@ describe('parseModelString', () => {
     });
 
     it('token and image output', () => {
-      const result = parseModelString('gemini-2.0-flash-exp-image-generation=Gemini 2.0 Flash (Image Generation) Experimental<32768:imageOutput>');
+      const result = parseModelString(
+        'gemini-2.0-flash-exp-image-generation=Gemini 2.0 Flash (Image Generation) Experimental<32768:imageOutput>',
+      );
 
       expect(result.add[0]).toEqual({
         displayName: 'Gemini 2.0 Flash (Image Generation) Experimental',
@@ -565,7 +567,12 @@ describe('transformToChatModelCards', () => {
         displayName: 'GPT-4o',
         enabled: true,
         id: 'gpt-4o',
-        pricing: { input: 2.5, output: 10 },
+        maxOutput: 4096,
+        pricing: {
+          cachedInput: 1.25,
+          input: 2.5,
+          output: 10,
+        },
         providerId: 'azure',
         releasedAt: '2024-05-13',
         source: 'builtin',
@@ -582,6 +589,11 @@ describe('transformToChatModelCards', () => {
         enabled: true,
         id: 'gpt-4o-mini',
         maxOutput: 4096,
+        pricing: {
+          cachedInput: 0.075,
+          input: 0.15,
+          output: 0.6,
+        },
         type: 'chat',
       },
       {
@@ -596,7 +608,11 @@ describe('transformToChatModelCards', () => {
         source: 'builtin',
         id: 'o1-mini',
         maxOutput: 65536,
-        pricing: { input: 1.1, output: 4.4 },
+        pricing: {
+          cachedInput: 0.55,
+          input: 1.1,
+          output: 4.4,
+        },
         releasedAt: '2024-09-12',
         type: 'chat',
       },

package/src/utils/server/__tests__/auth.test.ts

@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 
-import { getUserAuth } from '../auth';
+import { extractBearerToken, getUserAuth } from '../auth';
 
 // Mock auth constants
 let mockEnableClerk = false;
@@ -93,3 +93,47 @@ describe('getUserAuth', () => {
     });
   });
 });
+
+describe('extractBearerToken', () => {
+  it('should return the token when authHeader is valid', () => {
+    const token = 'test-token';
+    const authHeader = `Bearer ${token}`;
+    expect(extractBearerToken(authHeader)).toBe(token);
+  });
+
+  it('should return null when authHeader is missing', () => {
+    expect(extractBearerToken()).toBeNull();
+  });
+
+  it('should return null when authHeader is null', () => {
+    expect(extractBearerToken(null)).toBeNull();
+  });
+
+  it('should return null when authHeader does not start with "Bearer "', () => {
+    const authHeader = 'Invalid format';
+    expect(extractBearerToken(authHeader)).toBeNull();
+  });
+
+  it('should return null when authHeader is only "Bearer"', () => {
+    const authHeader = 'Bearer';
+    expect(extractBearerToken(authHeader)).toBeNull();
+  });
+
+  it('should return null when authHeader is an empty string', () => {
+    const authHeader = '';
+    expect(extractBearerToken(authHeader)).toBeNull();
+  });
+
+  it('should handle extra spaces correctly', () => {
+    const token = 'test-token-with-spaces';
+    const authHeaderWithExtraSpaces = ` Bearer   ${token}  `;
+    const authHeaderLeadingSpace = ` Bearer ${token}`;
+    const authHeaderTrailingSpace = `Bearer ${token} `;
+    const authHeaderMultipleSpacesBetween = `Bearer    ${token}`;
+
+    expect(extractBearerToken(authHeaderWithExtraSpaces)).toBe(token);
+    expect(extractBearerToken(authHeaderLeadingSpace)).toBe(token);
+    expect(extractBearerToken(authHeaderTrailingSpace)).toBe(token);
+    expect(extractBearerToken(authHeaderMultipleSpacesBetween)).toBe(token);
+  });
+});

package/src/utils/server/auth.ts

@@ -1,15 +1,17 @@
 import { enableClerk, enableNextAuth } from '@/const/auth';
-import { ClerkAuth } from '@/libs/clerk-auth';
-import NextAuthEdge from '@/libs/next-auth/edge';
 
 export const getUserAuth = async () => {
   if (enableClerk) {
+    const { ClerkAuth } = await import('@/libs/clerk-auth');
+
     const clerkAuth = new ClerkAuth();
 
     return await clerkAuth.getAuth();
   }
 
   if (enableNextAuth) {
+    const { default: NextAuthEdge } = await import('@/libs/next-auth/edge');
+
     const session = await NextAuthEdge.auth();
 
     const userId = session?.user.id;
@@ -19,3 +21,25 @@ export const getUserAuth = async () => {
 
   throw new Error('Auth method is not enabled');
 };
+
+/**
+ * 从授权头中提取 Bearer Token
+ * @param authHeader - 授权头 (例如 "Bearer xxx")
+ * @returns Bearer Token 或 null（如果授权头无效或不存在）
+ */
+export const extractBearerToken = (authHeader?: string | null): string | null => {
+  if (!authHeader) return null;
+
+  const trimmedHeader = authHeader.trim(); // Trim leading/trailing spaces
+
+  // Check if it starts with 'Bearer ' (case-insensitive check might be desired depending on spec)
+  if (!trimmedHeader.toLowerCase().startsWith('bearer ')) {
+    return null;
+  }
+
+  // Extract the token part after "Bearer " and trim potential spaces around the token itself
+  const token = trimmedHeader.slice(7).trim();
+
+  // Return the token only if it's not an empty string after trimming
+  return token || null;
+};