@lobehub/chat 1.89.0 → 1.90.0

package/CHANGELOG.md

@@ -2,6 +2,31 @@
 
 # Changelog
 
+## [Version 1.90.0](https://github.com/lobehub/lobe-chat/compare/v1.89.0...v1.90.0)
+
+<sup>Released on **2025-06-01**</sup>
+
+#### ✨ Features
+
+- **misc**: Support protect page.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's improved
+
+- **misc**: Support protect page, closes [#8024](https://github.com/lobehub/lobe-chat/issues/8024) ([d61a9f5](https://github.com/lobehub/lobe-chat/commit/d61a9f5))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ## [Version 1.89.0](https://github.com/lobehub/lobe-chat/compare/v1.88.23...v1.89.0)
 
 <sup>Released on **2025-06-01**</sup>

package/README.md

@@ -196,7 +196,7 @@ We have implemented support for the following model service providers:
 - **[OpenRouter](https://lobechat.com/discover/provider/openrouter)**: OpenRouter is a service platform providing access to various cutting-edge large model interfaces, supporting OpenAI, Anthropic, LLaMA, and more, suitable for diverse development and application needs. Users can flexibly choose the optimal model and pricing based on their requirements, enhancing the AI experience.
 - **[Cloudflare Workers AI](https://lobechat.com/discover/provider/cloudflare)**: Run serverless GPU-powered machine learning models on Cloudflare's global network.
 
-<details><summary><kbd>See more providers (+31)</kbd></summary>
+<details><summary><kbd>See more providers (+32)</kbd></summary>
 
 - **[GitHub](https://lobechat.com/discover/provider/github)**: With GitHub Models, developers can become AI engineers and leverage the industry's leading AI models.
 - **[Novita](https://lobechat.com/discover/provider/novita)**: Novita AI is a platform providing a variety of large language models and AI image generation API services, flexible, reliable, and cost-effective. It supports the latest open-source models like Llama3 and Mistral, offering a comprehensive, user-friendly, and auto-scaling API solution for generative AI application development, suitable for the rapid growth of AI startups.
@@ -206,6 +206,7 @@ We have implemented support for the following model service providers:
 - **[Groq](https://lobechat.com/discover/provider/groq)**: Groq's LPU inference engine has excelled in the latest independent large language model (LLM) benchmarks, redefining the standards for AI solutions with its remarkable speed and efficiency. Groq represents instant inference speed, demonstrating strong performance in cloud-based deployments.
 - **[Perplexity](https://lobechat.com/discover/provider/perplexity)**: Perplexity is a leading provider of conversational generation models, offering various advanced Llama 3.1 models that support both online and offline applications, particularly suited for complex natural language processing tasks.
 - **[Mistral](https://lobechat.com/discover/provider/mistral)**: Mistral provides advanced general, specialized, and research models widely used in complex reasoning, multilingual tasks, and code generation. Through functional calling interfaces, users can integrate custom functionalities for specific applications.
+- **[ModelScope](https://lobechat.com/discover/provider/modelscope)**:
 - **[Ai21Labs](https://lobechat.com/discover/provider/ai21)**: AI21 Labs builds foundational models and AI systems for enterprises, accelerating the application of generative AI in production.
 - **[Upstage](https://lobechat.com/discover/provider/upstage)**: Upstage focuses on developing AI models for various business needs, including Solar LLM and document AI, aiming to achieve artificial general intelligence (AGI) for work. It allows for the creation of simple conversational agents through Chat API and supports functional calling, translation, embedding, and domain-specific applications.
 - **[xAI](https://lobechat.com/discover/provider/xai)**: xAI is a company dedicated to building artificial intelligence to accelerate human scientific discovery. Our mission is to advance our collective understanding of the universe.
@@ -232,7 +233,7 @@ We have implemented support for the following model service providers:
 
 </details>
 
-> 📊 Total providers: [<kbd>**41**</kbd>](https://lobechat.com/discover/providers)
+> 📊 Total providers: [<kbd>**42**</kbd>](https://lobechat.com/discover/providers)
 
  <!-- PROVIDER LIST -->
 

package/README.zh-CN.md

@@ -196,7 +196,7 @@ LobeChat 支持文件上传与知识库功能，你可以上传文件、图片
 - **[OpenRouter](https://lobechat.com/discover/provider/openrouter)**: OpenRouter 是一个提供多种前沿大模型接口的服务平台，支持 OpenAI、Anthropic、LLaMA 及更多，适合多样化的开发和应用需求。用户可根据自身需求灵活选择最优的模型和价格，助力 AI 体验的提升。
 - **[Cloudflare Workers AI](https://lobechat.com/discover/provider/cloudflare)**: 在 Cloudflare 的全球网络上运行由无服务器 GPU 驱动的机器学习模型。
 
-<details><summary><kbd>See more providers (+31)</kbd></summary>
+<details><summary><kbd>See more providers (+32)</kbd></summary>
 
 - **[GitHub](https://lobechat.com/discover/provider/github)**: 通过 GitHub 模型，开发人员可以成为 AI 工程师，并使用行业领先的 AI 模型进行构建。
 - **[Novita](https://lobechat.com/discover/provider/novita)**: Novita AI 是一个提供多种大语言模型与 AI 图像生成的 API 服务的平台，灵活、可靠且具有成本效益。它支持 Llama3、Mistral 等最新的开源模型，并为生成式 AI 应用开发提供了全面、用户友好且自动扩展的 API 解决方案，适合 AI 初创公司的快速发展。
@@ -206,6 +206,7 @@ LobeChat 支持文件上传与知识库功能，你可以上传文件、图片
 - **[Groq](https://lobechat.com/discover/provider/groq)**: Groq 的 LPU 推理引擎在最新的独立大语言模型（LLM）基准测试中表现卓越，以其惊人的速度和效率重新定义了 AI 解决方案的标准。Groq 是一种即时推理速度的代表，在基于云的部署中展现了良好的性能。
 - **[Perplexity](https://lobechat.com/discover/provider/perplexity)**: Perplexity 是一家领先的对话生成模型提供商，提供多种先进的 Llama 3.1 模型，支持在线和离线应用，特别适用于复杂的自然语言处理任务。
 - **[Mistral](https://lobechat.com/discover/provider/mistral)**: Mistral 提供先进的通用、专业和研究型模型，广泛应用于复杂推理、多语言任务、代码生成等领域，通过功能调用接口，用户可以集成自定义功能，实现特定应用。
+- **[ModelScope](https://lobechat.com/discover/provider/modelscope)**:
 - **[Ai21Labs](https://lobechat.com/discover/provider/ai21)**: AI21 Labs 为企业构建基础模型和人工智能系统，加速生成性人工智能在生产中的应用。
 - **[Upstage](https://lobechat.com/discover/provider/upstage)**: Upstage 专注于为各种商业需求开发 AI 模型，包括 Solar LLM 和文档 AI，旨在实现工作的人造通用智能（AGI）。通过 Chat API 创建简单的对话代理，并支持功能调用、翻译、嵌入以及特定领域应用。
 - **[xAI](https://lobechat.com/discover/provider/xai)**: xAI 是一家致力于构建人工智能以加速人类科学发现的公司。我们的使命是推动我们对宇宙的共同理解。
@@ -232,7 +233,7 @@ LobeChat 支持文件上传与知识库功能，你可以上传文件、图片
 
 </details>
 
-> 📊 Total providers: [<kbd>**41**</kbd>](https://lobechat.com/discover/providers)
+> 📊 Total providers: [<kbd>**42**</kbd>](https://lobechat.com/discover/providers)
 
  <!-- PROVIDER LIST -->
 

package/changelog/v1.json

@@ -1,4 +1,13 @@
 [
+  {
+    "children": {
+      "features": [
+        "Support protect page."
+      ]
+    },
+    "date": "2025-06-01",
+    "version": "1.90.0"
+  },
   {
     "children": {
       "features": [

package/docs/self-hosting/environment-variables/basic.mdx

@@ -146,6 +146,13 @@ For specific content, please refer to the [Feature Flags](/docs/self-hosting/adv
 - Default: -
 - Example: `198.18.1.62,224.0.0.3`
 
+### `ENABLE_AUTH_PROTECTION`
+
+- Type: Optional
+- Description: Controls whether to enable route protection. When set to `1`, all routes except public routes (like `/api/auth`, `/next-auth/*`, `/login`, `/signup`) will require authentication. When set to `0` or not set, only specific protected routes (like `/settings`, `/files`) will require authentication.
+- Default: `0`
+- Example: `1` or `0`
+
 ## Plugin Service
 
 ### `PLUGINS_INDEX_URL`

package/docs/self-hosting/environment-variables/basic.zh-CN.mdx

@@ -123,7 +123,7 @@ LobeChat 在部署时提供了一些额外的配置项，你可以使用环境
 ### `ENABLE_PROXY_DNS`
 
 - 类型：可选
-- 描述：用于控制是否将DNS发送到代理服务器，配置为 `0` 时所有 DNS 查询在本地完成，当你的网络环境无法访问 API 或访问超时，请尝试将该项配置为 `1`。
+- 描述：用于控制是否将 DNS 发送到代理服务器，配置为 `0` 时所有 DNS 查询在本地完成，当你的网络环境无法访问 API 或访问超时，请尝试将该项配置为 `1`。
 - 默认值：`0`
 - 示例：`1` or `0`
 
@@ -137,10 +137,17 @@ LobeChat 在部署时提供了一些额外的配置项，你可以使用环境
 ### `SSRF_ALLOW_IP_ADDRESS_LIST`
 
 - 类型：可选
-- 描述：允许连接的私有 IP 地址列表，多个 IP 地址时使用逗号分隔。当 `SSRF_ALLOW_PRIVATE_IP_ADDRESS` 为 `0` 时才会生效。
+- 说明：允许的私有 IP 地址列表，多个 IP 地址用逗号分隔。仅在 `SSRF_ALLOW_PRIVATE_IP_ADDRESS` 为 `0` 时生效。
 - 默认值：-
 - 示例：`198.18.1.62,224.0.0.3`
 
+### `ENABLE_AUTH_PROTECTION`
+
+- 类型：可选
+- 说明：控制是否启用路由保护。当设置为 `1` 时，除了公共路由（如 `/api/auth`、`/next-auth/*`、`/login`、`/signup`）外，所有路由都需要认证。当设置为 `0` 或未设置时，只有特定的受保护路由（如 `/settings`、`/files` 等）需要认证。
+- 默认值：`0`
+- 示例：`1` 或 `0`
+
 ## 插件服务
 
 ### `PLUGINS_INDEX_URL`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.89.0",
+  "version": "1.90.0",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/src/app/(backend)/_deprecated/createBizOpenAI/auth.ts

@@ -1,4 +1,4 @@
-import { getAppConfig } from '@/config/app';
+import { getAppConfig } from '@/envs/app';
 import { ChatErrorType } from '@/types/fetch';
 
 interface AuthConfig {

package/src/app/(backend)/middleware/auth/utils.test.ts

@@ -1,7 +1,7 @@
 import { type AuthObject } from '@clerk/backend';
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 
-import { getAppConfig } from '@/config/app';
+import { getAppConfig } from '@/envs/app';
 
 import { checkAuthMethod } from './utils';
 
@@ -22,7 +22,7 @@ vi.mock('@/const/auth', async (importOriginal) => {
   };
 });
 
-vi.mock('@/config/app', () => ({
+vi.mock('@/envs/app', () => ({
   getAppConfig: vi.fn(),
 }));
 

package/src/app/(backend)/middleware/auth/utils.ts

@@ -1,7 +1,7 @@
 import { type AuthObject } from '@clerk/backend';
 
-import { getAppConfig } from '@/config/app';
 import { enableClerk, enableNextAuth } from '@/const/auth';
+import { getAppConfig } from '@/envs/app';
 import { AgentRuntimeError } from '@/libs/model-runtime';
 import { ChatErrorType } from '@/types/fetch';
 

package/src/app/(backend)/webapi/plugin/gateway/route.ts

@@ -1,9 +1,9 @@
 import { PluginRequestPayload } from '@lobehub/chat-plugin-sdk';
 import { createGatewayOnEdgeRuntime } from '@lobehub/chat-plugins-gateway';
 
-import { getAppConfig } from '@/config/app';
 import { LOBE_CHAT_AUTH_HEADER, OAUTH_AUTHORIZED, enableNextAuth } from '@/const/auth';
 import { LOBE_CHAT_TRACE_ID, TraceNameMap } from '@/const/trace';
+import { getAppConfig } from '@/envs/app';
 import { AgentRuntimeError } from '@/libs/model-runtime';
 import { TraceClient } from '@/libs/traces';
 import { ChatErrorType, ErrorType } from '@/types/fetch';

package/src/app/(backend)/webapi/proxy/route.ts

@@ -2,7 +2,7 @@ import { NextResponse } from 'next/server';
 import fetch from 'node-fetch';
 import { RequestFilteringAgentOptions, useAgent as ssrfAgent } from 'request-filtering-agent';
 
-import { appEnv } from '@/config/app';
+import { appEnv } from '@/envs/app';
 
 /**
  * just for a proxy

package/src/app/[variants]/metadata.ts

@@ -1,8 +1,8 @@
-import { appEnv } from '@/config/app';
 import { BRANDING_LOGO_URL, BRANDING_NAME, ORG_NAME } from '@/const/branding';
 import { DEFAULT_LANG } from '@/const/locale';
 import { OFFICIAL_URL, OG_URL } from '@/const/url';
 import { isCustomBranding, isCustomORG } from '@/const/version';
+import { appEnv } from '@/envs/app';
 import { translation } from '@/server/translation';
 import { DynamicLayoutProps } from '@/types/next';
 import { RouteVariants } from '@/utils/server/routeVariants';

package/src/components/Error/sentryCaptureException.ts

@@ -1,4 +1,4 @@
-import { appEnv } from '@/config/app';
+import { appEnv } from '@/envs/app';
 
 export type ErrorType = Error & { digest?: string };
 

package/src/config/__tests__/app.test.ts

@@ -1,7 +1,7 @@
 // @vitest-environment node
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 
-import { getAppConfig } from '../app';
+import { getAppConfig } from '../../envs/app';
 
 // Stub the global process object to safely mock environment variables
 vi.stubGlobal('process', {

package/src/{config → envs}/app.ts

@@ -49,6 +49,7 @@ export const getAppConfig = () => {
       APP_URL: z.string().optional(),
       VERCEL_EDGE_CONFIG: z.string().optional(),
       MIDDLEWARE_REWRITE_THROUGH_LOCAL: z.boolean().optional(),
+      ENABLE_AUTH_PROTECTION: z.boolean().optional(),
 
       CDN_USE_GLOBAL: z.boolean().optional(),
       CUSTOM_FONT_FAMILY: z.string().optional(),
@@ -82,6 +83,7 @@ export const getAppConfig = () => {
 
       APP_URL,
       MIDDLEWARE_REWRITE_THROUGH_LOCAL: process.env.MIDDLEWARE_REWRITE_THROUGH_LOCAL === '1',
+      ENABLE_AUTH_PROTECTION: process.env.ENABLE_AUTH_PROTECTION === '1',
 
       CUSTOM_FONT_FAMILY: process.env.CUSTOM_FONT_FAMILY,
       CUSTOM_FONT_URL: process.env.CUSTOM_FONT_URL,

package/src/layout/GlobalProvider/index.tsx

@@ -1,7 +1,7 @@
 import { ReactNode, Suspense } from 'react';
 
-import { appEnv } from '@/config/app';
 import { getServerFeatureFlagsValue } from '@/config/featureFlags';
+import { appEnv } from '@/envs/app';
 import DevPanel from '@/features/DevPanel';
 import { getServerGlobalConfig } from '@/server/globalConfig';
 import { ServerConfigStoreProvider } from '@/store/serverConfig/Provider';

package/src/libs/oidc-provider/http-adapter.ts

@@ -4,7 +4,7 @@ import { NextRequest } from 'next/server';
 import { IncomingMessage, ServerResponse } from 'node:http';
 import urlJoin from 'url-join';
 
-import { appEnv } from '@/config/app';
+import { appEnv } from '@/envs/app';
 
 const log = debug('lobe-oidc:http-adapter');
 

package/src/libs/oidc-provider/provider.ts

@@ -2,10 +2,10 @@ import debug from 'debug';
 import Provider, { Configuration, KoaContextWithOIDC } from 'oidc-provider';
 import urlJoin from 'url-join';
 
-import { appEnv } from '@/config/app';
 import { serverDBEnv } from '@/config/db';
 import { UserModel } from '@/database/models/user';
 import { LobeChatDatabase } from '@/database/type';
+import { appEnv } from '@/envs/app';
 import { oidcEnv } from '@/envs/oidc';
 
 import { DrizzleAdapter } from './adapter';

package/src/middleware.ts

@@ -4,10 +4,10 @@ import { NextRequest, NextResponse } from 'next/server';
 import { UAParser } from 'ua-parser-js';
 import urlJoin from 'url-join';
 
-import { appEnv } from '@/config/app';
 import { authEnv } from '@/config/auth';
 import { LOBE_LOCALE_COOKIE } from '@/const/locale';
 import { LOBE_THEME_APPEARANCE } from '@/const/theme';
+import { appEnv } from '@/envs/app';
 import NextAuthEdge from '@/libs/next-auth/edge';
 import { Locales } from '@/locales/resources';
 import { parseBrowserLanguage } from '@/utils/locale';
@@ -134,6 +134,16 @@ const defaultMiddleware = (request: NextRequest) => {
   return NextResponse.rewrite(url, { status: 200 });
 };
 
+const isPublicRoute = createRouteMatcher([
+  '/api/auth(.*)',
+  '/trpc/edge(.*)',
+  // next auth
+  '/next-auth/(.*)',
+  // clerk
+  '/login',
+  '/signup',
+]);
+
 const isProtectedRoute = createRouteMatcher([
   '/settings(.*)',
   '/files(.*)',
@@ -148,7 +158,9 @@ const nextAuthMiddleware = NextAuthEdge.auth((req) => {
 
   const response = defaultMiddleware(req);
 
-  const isProtected = isProtectedRoute(req);
+  // when enable auth protection, only public route is not protected, others are all protected
+  const isProtected = appEnv.ENABLE_AUTH_PROTECTION ? !isPublicRoute(req) : isProtectedRoute(req);
+
   logNextAuth('Route protection status: %s, %s', req.url, isProtected ? 'protected' : 'public');
 
   // Just check if session exists
@@ -181,7 +193,7 @@ const nextAuthMiddleware = NextAuthEdge.auth((req) => {
     if (isProtected) {
       logNextAuth('Request a protected route, redirecting to sign-in page');
       const nextLoginUrl = new URL('/next-auth/signin', req.nextUrl.origin);
-      nextLoginUrl.searchParams.set('callbackUrl', req.nextUrl.pathname);
+      nextLoginUrl.searchParams.set('callbackUrl', req.nextUrl.href);
       return Response.redirect(nextLoginUrl);
     }
     logNextAuth('Request a free route but not login, allow visit without auth header');
@@ -229,6 +241,7 @@ const clerkAuthMiddleware = clerkMiddleware(
 );
 
 logDefault('Middleware configuration: %O', {
+  enableAuthProtection: appEnv.ENABLE_AUTH_PROTECTION,
   enableClerk: authEnv.NEXT_PUBLIC_ENABLE_CLERK_AUTH,
   enableNextAuth: authEnv.NEXT_PUBLIC_ENABLE_NEXT_AUTH,
   enableOIDC: oidcEnv.ENABLE_OIDC,

package/src/server/globalConfig/index.test.ts

@@ -1,7 +1,7 @@
 import { describe, expect, it, vi } from 'vitest';
 
-import { getAppConfig } from '@/config/app';
 import { knowledgeEnv } from '@/config/knowledge';
+import { getAppConfig } from '@/envs/app';
 import { SystemEmbeddingConfig } from '@/types/knowledgeBase';
 import { FilesConfigItem } from '@/types/user/settings/filesConfig';
 
@@ -9,7 +9,7 @@ import { getServerDefaultAgentConfig, getServerDefaultFilesConfig } from './inde
 import { parseAgentConfig } from './parseDefaultAgent';
 import { parseFilesConfig } from './parseFilesConfig';
 
-vi.mock('@/config/app', () => ({
+vi.mock('@/envs/app', () => ({
   getAppConfig: vi.fn(),
 }));
 

package/src/server/globalConfig/index.ts

@@ -1,10 +1,10 @@
-import { appEnv, getAppConfig } from '@/config/app';
 import { authEnv } from '@/config/auth';
 import { fileEnv } from '@/config/file';
 import { knowledgeEnv } from '@/config/knowledge';
 import { langfuseEnv } from '@/config/langfuse';
 import { enableNextAuth } from '@/const/auth';
 import { isDesktop } from '@/const/version';
+import { appEnv, getAppConfig } from '@/envs/app';
 import { parseSystemAgent } from '@/server/globalConfig/parseSystemAgent';
 import { GlobalServerConfig } from '@/types/serverConfig';
 

package/src/server/modules/AssistantStore/index.ts

@@ -1,7 +1,7 @@
 import urlJoin from 'url-join';
 
-import { appEnv } from '@/config/app';
 import { DEFAULT_LANG, isLocaleNotSupport } from '@/const/locale';
+import { appEnv } from '@/envs/app';
 import { Locales, normalizeLocale } from '@/locales/resources';
 import { EdgeConfig } from '@/server/modules/EdgeConfig';
 import { AgentStoreIndex } from '@/types/discover';

package/src/server/modules/EdgeConfig/index.ts

@@ -1,6 +1,6 @@
 import { EdgeConfigClient, createClient } from '@vercel/edge-config';
 
-import { appEnv } from '@/config/app';
+import { appEnv } from '@/envs/app';
 
 const EdgeConfigKeys = {
   /**

package/src/server/modules/PluginStore/index.ts

@@ -1,7 +1,7 @@
 import urlJoin from 'url-join';
 
-import { appEnv } from '@/config/app';
 import { DEFAULT_LANG, isLocaleNotSupport } from '@/const/locale';
+import { appEnv } from '@/envs/app';
 import { Locales, normalizeLocale } from '@/locales/resources';
 
 export class PluginStore {

package/src/server/routers/async/caller.ts

@@ -2,9 +2,9 @@ import { createTRPCClient, httpBatchLink } from '@trpc/client';
 import superjson from 'superjson';
 import urlJoin from 'url-join';
 
-import { appEnv } from '@/config/app';
 import { serverDBEnv } from '@/config/db';
 import { JWTPayload, LOBE_CHAT_AUTH_HEADER } from '@/const/auth';
+import { appEnv } from '@/envs/app';
 import { KeyVaultsGateKeeper } from '@/server/modules/KeyVaultsEncrypt';
 
 import type { AsyncRouter } from './index';

package/src/server/services/agent/index.test.ts

@@ -6,7 +6,7 @@ import { parseAgentConfig } from '@/server/globalConfig/parseDefaultAgent';
 
 import { AgentService } from './index';
 
-vi.mock('@/config/app', () => ({
+vi.mock('@/envs/app', () => ({
   appEnv: {
     DEFAULT_AGENT_CONFIG: 'model=gpt-4;temperature=0.7',
   },

package/src/utils/basePath.ts

@@ -1,3 +1,3 @@
-import { appEnv } from '@/config/app';
+import { appEnv } from '@/envs/app';
 
 export const withBasePath = (path: string) => appEnv.NEXT_PUBLIC_BASE_PATH + path;

package/src/utils/server/jwt.test.ts

@@ -21,7 +21,7 @@ vi.mock('@/const/auth', async (importOriginal) => {
   };
 });
 
-vi.mock('@/config/app', () => ({
+vi.mock('@/envs/app', () => ({
   getAppConfig: vi.fn(),
 }));