@lobehub/chat 1.82.10 → 1.83.1

package/apps/desktop/src/main/const/dir.ts

@@ -0,0 +1,29 @@
+import { app } from 'electron';
+import { join } from 'node:path';
+
+export const mainDir = join(__dirname);
+
+export const preloadDir = join(mainDir, '../preload');
+
+export const resourcesDir = join(mainDir, '../../resources');
+
+export const buildDir = join(mainDir, '../../build');
+
+const appPath = app.getAppPath();
+
+export const nextStandaloneDir = join(appPath, 'dist', 'next');
+
+export const userDataDir = app.getPath('userData');
+
+export const appStorageDir = join(userDataDir, 'lobehub-storage');
+
+// ------  Application storage directory ---- //
+
+// db schema hash
+export const DB_SCHEMA_HASH_FILENAME = 'lobehub-local-db-schema-hash';
+// pglite database dir
+export const LOCAL_DATABASE_DIR = 'lobehub-local-db';
+// 本地存储文件（模拟 S3）
+export const FILE_STORAGE_DIR = 'file-storage';
+// Plugin 安装目录
+export const INSTALL_PLUGINS_DIR = 'plugins';

package/apps/desktop/src/main/const/env.ts

@@ -0,0 +1,3 @@
+export const isDev = process.env.NODE_ENV === 'development';
+
+export const OFFICIAL_CLOUD_SERVER = process.env.OFFICIAL_CLOUD_SERVER || 'https://lobechat.com';

package/apps/desktop/src/main/const/store.ts

@@ -0,0 +1,22 @@
+/**
+ * 应用设置存储相关常量
+ */
+import { appStorageDir } from '@/const/dir';
+import { DEFAULT_SHORTCUTS_CONFIG } from '@/shortcuts';
+import { ElectronMainStore } from '@/types/store';
+
+/**
+ * 存储名称
+ */
+export const STORE_NAME = 'lobehub-settings';
+
+/**
+ * 存储默认值
+ */
+export const STORE_DEFAULTS: ElectronMainStore = {
+  dataSyncConfig: { storageMode: 'local' },
+  encryptedTokens: {},
+  locale: 'auto',
+  shortcuts: DEFAULT_SHORTCUTS_CONFIG,
+  storagePath: appStorageDir,
+};

package/apps/desktop/src/main/controllers/AuthCtr.ts

@@ -0,0 +1,390 @@
+import { DataSyncConfig } from '@lobechat/electron-client-ipc';
+import { BrowserWindow, app, shell } from 'electron';
+import crypto from 'node:crypto';
+import querystring from 'node:querystring';
+import { URL } from 'node:url';
+
+import { name } from '@/../../package.json';
+import { createLogger } from '@/utils/logger';
+
+import RemoteServerConfigCtr from './RemoteServerConfigCtr';
+import { ControllerModule, ipcClientEvent } from './index';
+
+// Create logger
+const logger = createLogger('controllers:AuthCtr');
+
+const protocolPrefix = `com.lobehub.${name}`;
+/**
+ * Authentication Controller
+ * Used to implement the OAuth authorization flow
+ */
+export default class AuthCtr extends ControllerModule {
+  /**
+   * 远程服务器配置控制器
+   */
+  private get remoteServerConfigCtr() {
+    return this.app.getController(RemoteServerConfigCtr);
+  }
+
+  /**
+   * 当前的 PKCE 参数
+   */
+  private codeVerifier: string | null = null;
+  private authRequestState: string | null = null;
+
+  beforeAppReady = () => {
+    this.registerProtocolHandler();
+  };
+
+  /**
+   * Request OAuth authorization
+   */
+  @ipcClientEvent('requestAuthorization')
+  async requestAuthorization(config: DataSyncConfig) {
+    const remoteUrl = await this.remoteServerConfigCtr.getRemoteServerUrl(config);
+
+    logger.info(
+      `Requesting OAuth authorization, storageMode:${config.storageMode} server URL: ${remoteUrl}`,
+    );
+    try {
+      // Generate PKCE parameters
+      logger.debug('Generating PKCE parameters');
+      const codeVerifier = this.generateCodeVerifier();
+      const codeChallenge = await this.generateCodeChallenge(codeVerifier);
+      this.codeVerifier = codeVerifier;
+
+      // Generate state parameter to prevent CSRF attacks
+      this.authRequestState = crypto.randomBytes(16).toString('hex');
+      logger.debug(`Generated state parameter: ${this.authRequestState}`);
+
+      // Construct authorization URL
+      const authUrl = new URL('/oidc/auth', remoteUrl);
+
+      // Add query parameters
+      authUrl.search = querystring.stringify({
+        client_id: 'lobehub-desktop',
+        code_challenge: codeChallenge,
+        code_challenge_method: 'S256',
+        prompt: 'consent',
+        redirect_uri: `${protocolPrefix}://auth/callback`,
+        response_type: 'code',
+        scope: 'profile email offline_access',
+        state: this.authRequestState,
+      });
+
+      logger.info(`Constructed authorization URL: ${authUrl.toString()}`);
+
+      // Open authorization URL in the default browser
+      await shell.openExternal(authUrl.toString());
+      logger.debug('Opening authorization URL in default browser');
+
+      return { success: true };
+    } catch (error) {
+      logger.error('Authorization request failed:', error);
+      return { error: error.message, success: false };
+    }
+  }
+
+  /**
+   * Handle authorization callback
+   * This method is called when the browser redirects to our custom protocol
+   */
+  async handleAuthCallback(callbackUrl: string) {
+    logger.info(`Handling authorization callback: ${callbackUrl}`);
+    try {
+      const url = new URL(callbackUrl);
+      const params = new URLSearchParams(url.search);
+
+      // Get authorization code
+      const code = params.get('code');
+      const state = params.get('state');
+      logger.debug(`Got parameters from callback URL: code=${code}, state=${state}`);
+
+      // Validate state parameter to prevent CSRF attacks
+      if (state !== this.authRequestState) {
+        logger.error(
+          `Invalid state parameter: expected ${this.authRequestState}, received ${state}`,
+        );
+        throw new Error('Invalid state parameter');
+      }
+      logger.debug('State parameter validation passed');
+
+      if (!code) {
+        logger.error('No authorization code received');
+        throw new Error('No authorization code received');
+      }
+
+      // Get configuration information
+      const config = await this.remoteServerConfigCtr.getRemoteServerConfig();
+      logger.debug(`Getting remote server configuration: url=${config.remoteServerUrl}`);
+
+      if (!config.remoteServerUrl) {
+        logger.error('Server URL not configured');
+        throw new Error('No server URL configured');
+      }
+
+      // Get the previously saved code_verifier
+      const codeVerifier = this.codeVerifier;
+      if (!codeVerifier) {
+        logger.error('Code verifier not found');
+        throw new Error('No code verifier found');
+      }
+      logger.debug('Found code verifier');
+
+      // Exchange authorization code for token
+      logger.debug('Starting to exchange authorization code for token');
+      const result = await this.exchangeCodeForToken(code, codeVerifier);
+
+      if (result.success) {
+        logger.info('Authorization successful');
+        // Notify render process of successful authorization
+        this.broadcastAuthorizationSuccessful();
+      } else {
+        logger.warn(`Authorization failed: ${result.error || 'Unknown error'}`);
+        // Notify render process of failed authorization
+        this.broadcastAuthorizationFailed(result.error || 'Unknown error');
+      }
+
+      return result;
+    } catch (error) {
+      logger.error('Handling authorization callback failed:', error);
+
+      // Notify render process of failed authorization
+      this.broadcastAuthorizationFailed(error.message);
+
+      return { error: error.message, success: false };
+    } finally {
+      // Clear authorization request state
+      logger.debug('Clearing authorization request state');
+      this.authRequestState = null;
+      this.codeVerifier = null;
+    }
+  }
+
+  /**
+   * Refresh access token
+   */
+  @ipcClientEvent('refreshAccessToken')
+  async refreshAccessToken() {
+    logger.info('Starting to refresh access token');
+    try {
+      // Call the centralized refresh logic in RemoteServerConfigCtr
+      const result = await this.remoteServerConfigCtr.refreshAccessToken();
+
+      if (result.success) {
+        logger.info('Token refresh successful via AuthCtr call.');
+        // Notify render process that token has been refreshed
+        this.broadcastTokenRefreshed();
+        return { success: true };
+      } else {
+        // Throw an error to be caught by the catch block below
+        // This maintains the existing behavior of clearing tokens on failure
+        logger.error(`Token refresh failed via AuthCtr call: ${result.error}`);
+        throw new Error(result.error || 'Token refresh failed');
+      }
+    } catch (error) {
+      // Keep the existing logic to clear tokens and require re-auth on failure
+      logger.error('Token refresh operation failed via AuthCtr, initiating cleanup:', error);
+
+      // Refresh failed, clear tokens and disable remote server
+      logger.warn('Refresh failed, clearing tokens and disabling remote server');
+      await this.remoteServerConfigCtr.clearTokens();
+      await this.remoteServerConfigCtr.setRemoteServerConfig({ active: false });
+
+      // Notify render process that re-authorization is required
+      this.broadcastAuthorizationRequired();
+
+      return { error: error.message, success: false };
+    }
+  }
+
+  /**
+   * Register custom protocol handler
+   */
+  private registerProtocolHandler() {
+    logger.info(`Registering custom protocol handler ${protocolPrefix}://`);
+    app.setAsDefaultProtocolClient(protocolPrefix);
+
+    // Register custom protocol handler
+    if (process.platform === 'darwin') {
+      // Handle open-url event on macOS
+      logger.debug('Registering open-url event handler for macOS');
+      app.on('open-url', (event, url) => {
+        event.preventDefault();
+        logger.info(`Received open-url event: ${url}`);
+        this.handleAuthCallback(url);
+      });
+    } else {
+      // Handle protocol callback via second-instance event on Windows and Linux
+      logger.debug('Registering second-instance event handler for Windows/Linux');
+      app.on('second-instance', (event, commandLine) => {
+        // Find the URL from command line arguments
+        const url = commandLine.find((arg) => arg.startsWith(`${protocolPrefix}://`));
+        if (url) {
+          logger.info(`Found URL from second-instance command line arguments: ${url}`);
+          this.handleAuthCallback(url);
+        } else {
+          logger.warn('Protocol URL not found in second-instance command line arguments');
+        }
+      });
+    }
+
+    logger.info(`Registered ${protocolPrefix}:// custom protocol handler`);
+  }
+
+  /**
+   * Exchange authorization code for token
+   */
+  private async exchangeCodeForToken(code: string, codeVerifier: string) {
+    const remoteUrl = await this.remoteServerConfigCtr.getRemoteServerUrl();
+    logger.info('Starting to exchange authorization code for token');
+    try {
+      const tokenUrl = new URL('/oidc/token', remoteUrl);
+      logger.debug(`Constructed token exchange URL: ${tokenUrl.toString()}`);
+
+      // Construct request body
+      const body = querystring.stringify({
+        client_id: 'lobehub-desktop',
+        code,
+        code_verifier: codeVerifier,
+        grant_type: 'authorization_code',
+        redirect_uri: `${protocolPrefix}://auth/callback`,
+      });
+
+      logger.debug('Sending token exchange request');
+      // Send request to get token
+      const response = await fetch(tokenUrl.toString(), {
+        body,
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        method: 'POST',
+      });
+
+      if (!response.ok) {
+        // Try parsing the error response
+        const errorData = await response.json().catch(() => ({}));
+        const errorMessage = `Failed to get token: ${response.status} ${response.statusText} ${errorData.error_description || errorData.error || ''}`;
+        logger.error(errorMessage);
+        throw new Error(errorMessage);
+      }
+
+      // Parse response
+      const data = await response.json();
+      logger.debug('Successfully received token exchange response');
+      // console.log(data); // Keep original log for debugging, or remove/change to logger.debug as needed
+
+      // Ensure response contains necessary fields
+      if (!data.access_token || !data.refresh_token) {
+        logger.error('Invalid token response: missing access_token or refresh_token');
+        throw new Error('Invalid token response: missing required fields');
+      }
+
+      // Save tokens
+      logger.debug('Starting to save exchanged tokens');
+      await this.remoteServerConfigCtr.saveTokens(data.access_token, data.refresh_token);
+      logger.info('Successfully saved exchanged tokens');
+
+      // Set server to active state
+      logger.debug(`Setting remote server to active state: ${remoteUrl}`);
+      await this.remoteServerConfigCtr.setRemoteServerConfig({ active: true });
+
+      return { success: true };
+    } catch (error) {
+      logger.error('Exchanging authorization code failed:', error);
+      return { error: error.message, success: false };
+    }
+  }
+
+  /**
+   * Broadcast token refreshed event
+   */
+  private broadcastTokenRefreshed() {
+    logger.debug('Broadcasting tokenRefreshed event to all windows');
+    const allWindows = BrowserWindow.getAllWindows();
+
+    for (const win of allWindows) {
+      if (!win.isDestroyed()) {
+        win.webContents.send('tokenRefreshed');
+      }
+    }
+  }
+
+  /**
+   * Broadcast authorization successful event
+   */
+  private broadcastAuthorizationSuccessful() {
+    logger.debug('Broadcasting authorizationSuccessful event to all windows');
+    const allWindows = BrowserWindow.getAllWindows();
+
+    for (const win of allWindows) {
+      if (!win.isDestroyed()) {
+        win.webContents.send('authorizationSuccessful');
+      }
+    }
+  }
+
+  /**
+   * Broadcast authorization failed event
+   */
+  private broadcastAuthorizationFailed(error: string) {
+    logger.debug(`Broadcasting authorizationFailed event to all windows, error: ${error}`);
+    const allWindows = BrowserWindow.getAllWindows();
+
+    for (const win of allWindows) {
+      if (!win.isDestroyed()) {
+        win.webContents.send('authorizationFailed', { error });
+      }
+    }
+  }
+
+  /**
+   * Broadcast authorization required event
+   */
+  private broadcastAuthorizationRequired() {
+    logger.debug('Broadcasting authorizationRequired event to all windows');
+    const allWindows = BrowserWindow.getAllWindows();
+
+    for (const win of allWindows) {
+      if (!win.isDestroyed()) {
+        win.webContents.send('authorizationRequired');
+      }
+    }
+  }
+
+  /**
+   * Generate PKCE codeVerifier
+   */
+  private generateCodeVerifier(): string {
+    logger.debug('Generating PKCE code verifier');
+    // Generate a random string of at least 43 characters
+    const verifier = crypto
+      .randomBytes(32)
+      .toString('base64')
+      .replaceAll('+', '-')
+      .replaceAll('/', '_')
+      .replace(/=+$/, '');
+    logger.debug('Generated code verifier (partial): ' + verifier.slice(0, 10) + '...'); // Avoid logging full sensitive info
+    return verifier;
+  }
+
+  /**
+   * Generate codeChallenge from codeVerifier (S256 method)
+   */
+  private async generateCodeChallenge(codeVerifier: string): Promise<string> {
+    logger.debug('Generating PKCE code challenge (S256)');
+    // Hash codeVerifier using SHA-256
+    const encoder = new TextEncoder();
+    const data = encoder.encode(codeVerifier);
+    const digest = await crypto.subtle.digest('SHA-256', data);
+
+    // Convert hash result to base64url encoding
+    const challenge = Buffer.from(digest)
+      .toString('base64')
+      .replaceAll('+', '-')
+      .replaceAll('/', '_')
+      .replace(/=+$/, '');
+    logger.debug('Generated code challenge (partial): ' + challenge.slice(0, 10) + '...'); // Avoid logging full sensitive info
+    return challenge;
+  }
+}

package/apps/desktop/src/main/controllers/BrowserWindowsCtr.ts

@@ -0,0 +1,95 @@
+import { InterceptRouteParams } from '@lobechat/electron-client-ipc';
+import { extractSubPath, findMatchingRoute } from '~common/routes';
+
+import { AppBrowsersIdentifiers, BrowsersIdentifiers } from '@/appBrowsers';
+
+import { ControllerModule, ipcClientEvent, shortcut } from './index';
+
+export default class BrowserWindowsCtr extends ControllerModule {
+  @shortcut('toggleMainWindow')
+  async toggleMainWindow() {
+    const mainWindow = this.app.browserManager.getMainWindow();
+    mainWindow.toggleVisible();
+  }
+
+  @ipcClientEvent('openSettingsWindow')
+  async openSettingsWindow(tab?: string) {
+    console.log('[BrowserWindowsCtr] Received request to open settings window', tab);
+
+    try {
+      await this.app.browserManager.showSettingsWindowWithTab(tab);
+
+      return { success: true };
+    } catch (error) {
+      console.error('[BrowserWindowsCtr] Failed to open settings window:', error);
+      return { error: error.message, success: false };
+    }
+  }
+
+  /**
+   * Handle route interception requests
+   * Responsible for handling route interception requests from the renderer process
+   */
+  @ipcClientEvent('interceptRoute')
+  async interceptRoute(params: InterceptRouteParams) {
+    const { path, source } = params;
+    console.log(
+      `[BrowserWindowsCtr] Received route interception request: ${path}, source: ${source}`,
+    );
+
+    // Find matching route configuration
+    const matchedRoute = findMatchingRoute(path);
+
+    // If no matching route found, return not intercepted
+    if (!matchedRoute) {
+      console.log(`[BrowserWindowsCtr] No matching route configuration found: ${path}`);
+      return { intercepted: false, path, source };
+    }
+
+    console.log(
+      `[BrowserWindowsCtr] Intercepted route: ${path}, target window: ${matchedRoute.targetWindow}`,
+    );
+
+    try {
+      if (matchedRoute.targetWindow === BrowsersIdentifiers.settings) {
+        const subPath = extractSubPath(path, matchedRoute.pathPrefix);
+
+        await this.app.browserManager.showSettingsWindowWithTab(subPath);
+
+        return {
+          intercepted: true,
+          path,
+          source,
+          subPath,
+          targetWindow: matchedRoute.targetWindow,
+        };
+      } else {
+        await this.openTargetWindow(matchedRoute.targetWindow as AppBrowsersIdentifiers);
+
+        return {
+          intercepted: true,
+          path,
+          source,
+          targetWindow: matchedRoute.targetWindow,
+        };
+      }
+    } catch (error) {
+      console.error('[BrowserWindowsCtr] Error while processing route interception:', error);
+      return {
+        error: error.message,
+        intercepted: false,
+        path,
+        source,
+      };
+    }
+  }
+
+  /**
+   * Open target window and navigate to specified sub-path
+   */
+  private async openTargetWindow(targetWindow: AppBrowsersIdentifiers) {
+    // Ensure the window can always be created or reopened
+    const browser = this.app.browserManager.retrieveByIdentifier(targetWindow);
+    browser.show();
+  }
+}

package/apps/desktop/src/main/controllers/DevtoolsCtr.ts

@@ -0,0 +1,9 @@
+import { ControllerModule, ipcClientEvent } from './index';
+
+export default class DevtoolsCtr extends ControllerModule {
+  @ipcClientEvent('openDevtools')
+  async openDevtools() {
+    const devtoolsBrowser = this.app.browserManager.retrieveByIdentifier('devtools');
+    devtoolsBrowser.show();
+  }
+}