@lobehub/chat 1.99.6 → 1.100.0

package/locales/zh-TW/electron.json

@@ -101,7 +101,10 @@
   "waitingOAuth": {
     "cancel": "取消",
     "description": "瀏覽器已打開授權頁面，請在瀏覽器中完成授權",
+    "error": "授權失敗: {{error}}",
+    "errorTitle": "授權連接失敗",
     "helpText": "如果瀏覽器沒有自動打開，請點擊取消後重新嘗試",
+    "retry": "重試",
     "title": "等待授權連接"
   }
 }

package/locales/zh-TW/oauth.json

@@ -28,10 +28,14 @@
     },
     "title": "授權 {{clientName}}"
   },
-  "failed": {
+  "error": {
     "backToHome": "返回首頁",
-    "subTitle": "您已拒絕授權應用訪問您的 LobeChat 帳戶",
-    "title": "授權被拒絕"
+    "desc": "OAuth 授權失敗，失敗原因：{{reason}}",
+    "reason": {
+      "internal_error": "服務端錯誤",
+      "invalid_request": "無效的請求參數"
+    },
+    "title": "授權失敗"
   },
   "handoff": {
     "desc": {
@@ -50,7 +54,7 @@
     "userWelcome": "歡迎回來，"
   },
   "success": {
-    "subTitle": "您已成功授權應用訪問您的 LobeChat 帳戶，可以關閉該頁面了",
+    "subTitle": "您已成功授權應用訪問您的帳戶，可以關閉該頁面了",
     "title": "授權成功"
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.99.6",
+  "version": "1.100.0",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",
@@ -218,7 +218,7 @@
     "numeral": "^2.0.6",
     "nuqs": "^2.4.3",
     "officeparser": "5.1.1",
-    "oidc-provider": "^8.8.1",
+    "oidc-provider": "^9.2.0",
     "ollama": "^0.5.16",
     "openai": "^4.104.0",
     "openapi-fetch": "^0.9.8",
@@ -306,7 +306,7 @@
     "@types/lodash-es": "^4.17.12",
     "@types/node": "^22.15.29",
     "@types/numeral": "^2.0.5",
-    "@types/oidc-provider": "^8.8.1",
+    "@types/oidc-provider": "^9.1.1",
     "@types/pg": "^8.15.4",
     "@types/react": "^19.1.6",
     "@types/react-dom": "^19.1.5",

package/packages/electron-client-ipc/src/dispatch.ts

@@ -1,7 +1,19 @@
-import { DispatchInvoke } from './types';
+import { DispatchInvoke, type ProxyTRPCRequestParams } from './types';
+
+interface StreamerCallbacks {
+  onData: (chunk: Uint8Array) => void;
+  onEnd: () => void;
+  onError: (error: Error) => void;
+  onResponse: (response: {
+    headers: Record<string, string>;
+    status: number;
+    statusText: string;
+  }) => void;
+}
 
 interface IElectronAPI {
   invoke: DispatchInvoke;
+  onStreamInvoke: (params: ProxyTRPCRequestParams, callbacks: StreamerCallbacks) => () => void;
 }
 
 declare global {
@@ -11,7 +23,7 @@ declare global {
 }
 
 /**
- * client 端请求 sketch 端 event 数据的方法
+ * client 端请求 main 端 event 数据的方法
  */
 export const dispatch: DispatchInvoke = async (event, ...data) => {
   if (!window.electronAPI || !window.electronAPI.invoke)

package/packages/electron-client-ipc/src/index.ts

@@ -1,4 +1,5 @@
 export * from './dispatch';
 export * from './events';
+export * from './streamInvoke';
 export * from './types';
 export * from './useWatchBroadcast';

package/packages/electron-client-ipc/src/streamInvoke.ts

@@ -0,0 +1,62 @@
+import { ProxyTRPCRequestParams } from './types';
+import { headersToRecord } from './utils/headers';
+import { getRequestBody } from './utils/request';
+
+// eslint-disable-next-line no-undef
+export const streamInvoke = async (input: RequestInfo | URL, init?: RequestInit) => {
+  const url = input.toString();
+  const parsedUrl = new URL(url, window.location.origin);
+  const urlPath = parsedUrl.pathname + parsedUrl.search;
+  const method = init?.method?.toUpperCase() || 'GET';
+  const headers = headersToRecord(init?.headers);
+  const body = await getRequestBody(init?.body);
+
+  const params: ProxyTRPCRequestParams = {
+    body,
+    headers,
+    method,
+    urlPath,
+  };
+
+  return new Promise<Response>((resolve, reject) => {
+    let streamController: ReadableStreamDefaultController<any>;
+    let responseResolved = false;
+
+    const stream = new ReadableStream({
+      cancel() {
+        // This will be called if the consumer of the stream calls .cancel()
+        // We should clean up the IPC listeners
+        // eslint-disable-next-line @typescript-eslint/no-use-before-define
+        cleanup?.();
+      },
+      start(controller) {
+        streamController = controller;
+      },
+    });
+
+    const cleanup = window.electronAPI.onStreamInvoke(params, {
+      onData: (chunk) => {
+        if (streamController) streamController.enqueue(chunk);
+      },
+      onEnd: () => {
+        if (streamController) streamController.close();
+      },
+      onError: (error) => {
+        console.error('[streamInvoke] Error during IPC stream proxy call:', error);
+        if (!responseResolved) {
+          responseResolved = true;
+          reject(error); // Reject the main promise if response not yet sent
+        } else if (streamController) {
+          streamController.error(error); // Otherwise, propagate error through the stream
+        }
+      },
+      onResponse: (meta) => {
+        if (responseResolved) return;
+        responseResolved = true;
+
+        const response = new Response(stream, meta);
+        resolve(response);
+      },
+    });
+  });
+};

package/packages/electron-client-ipc/src/types/proxyTRPCRequest.ts

@@ -9,6 +9,11 @@ export type ProxyTRPCRequestParams = {
   urlPath: string;
 };
 
+export interface ProxyTRPCStreamRequestParams extends Omit<ProxyTRPCRequestParams, 'body'> {
+  body?: ArrayBuffer;
+  requestId: string;
+}
+
 export interface ProxyTRPCRequestResult {
   /** Response body (likely as ArrayBuffer or string) */
   body: ArrayBuffer | string;

package/packages/electron-client-ipc/src/utils/headers.ts

@@ -0,0 +1,27 @@
+/**
+ * 将 HeadersInit 转换为 Record<string, string>
+ * @param headersInit - Headers 初始化对象
+ * @returns 转换后的记录对象
+ */
+// eslint-disable-next-line no-undef
+export const headersToRecord = (headersInit?: HeadersInit): Record<string, string> => {
+  const record: Record<string, string> = {};
+  if (!headersInit) {
+    return record;
+  }
+  if (headersInit instanceof Headers) {
+    headersInit.forEach((value, key) => {
+      record[key] = value;
+    });
+  } else if (Array.isArray(headersInit)) {
+    headersInit.forEach(([key, value]) => {
+      record[key] = value;
+    });
+  } else {
+    Object.assign(record, headersInit);
+  }
+  delete record['host'];
+  delete record['connection'];
+  delete record['content-length'];
+  return record;
+};

package/packages/electron-client-ipc/src/utils/request.ts

@@ -0,0 +1,28 @@
+/**
+ * 从请求体中获取数据
+ * @param body - 请求体
+ * @returns 转换后的请求体数据
+ */
+export const getRequestBody = async (
+  // eslint-disable-next-line no-undef
+  body?: BodyInit | null,
+): Promise<string | ArrayBuffer | undefined> => {
+  if (!body) {
+    return undefined;
+  }
+  if (typeof body === 'string') {
+    return body;
+  }
+  if (body instanceof ArrayBuffer) {
+    return body;
+  }
+  if (ArrayBuffer.isView(body)) {
+    return body.buffer.slice(body.byteOffset, body.byteOffset + body.byteLength) as ArrayBuffer;
+  }
+  if (body instanceof Blob) {
+    return await body.arrayBuffer();
+  }
+
+  console.warn('不支持的 IPC 代理请求体类型:', typeof body);
+  throw new Error('不支持的 IPC 代理请求体类型');
+};

package/src/app/(backend)/oidc/callback/desktop/route.ts

@@ -0,0 +1,58 @@
+import debug from 'debug';
+import { NextRequest, NextResponse, after } from 'next/server';
+
+import { OAuthHandoffModel } from '@/database/models/oauthHandoff';
+import { serverDB } from '@/database/server';
+
+const log = debug('lobe-oidc:callback:desktop');
+
+export const GET = async (req: NextRequest) => {
+  try {
+    const searchParams = req.nextUrl.searchParams;
+    const code = searchParams.get('code');
+    const state = searchParams.get('state'); // This `state` is the handoff ID
+
+    if (!code || !state || typeof code !== 'string' || typeof state !== 'string') {
+      log('Missing code or state in form data');
+      const errorUrl = req.nextUrl.clone();
+      errorUrl.pathname = '/oauth/callback/error';
+      errorUrl.searchParams.set('reason', 'invalid_request');
+      return NextResponse.redirect(errorUrl);
+    }
+
+    log('Received OIDC callback. state(handoffId): %s', state);
+
+    // The 'client' is 'desktop' because this redirect_uri is for the desktop client.
+    const client = 'desktop';
+    const payload = { code, state };
+    const id = state;
+
+    const authHandoffModel = new OAuthHandoffModel(serverDB);
+    await authHandoffModel.create({ client, id, payload });
+    log('Handoff record created successfully for id: %s', id);
+
+    // Redirect to a generic success page. The desktop app will poll for the result.
+    const successUrl = req.nextUrl.clone();
+    successUrl.pathname = '/oauth/callback/success';
+
+    // cleanup expired
+    after(async () => {
+      const cleanedCount = await authHandoffModel.cleanupExpired();
+
+      log('Cleaned up %d expired handoff records', cleanedCount);
+    });
+
+    return NextResponse.redirect(successUrl);
+  } catch (error) {
+    log('Error in OIDC callback: %O', error);
+    const errorUrl = req.nextUrl.clone();
+    errorUrl.pathname = '/oauth/callback/error';
+    errorUrl.searchParams.set('reason', 'internal_error');
+
+    if (error instanceof Error) {
+      errorUrl.searchParams.set('errorMessage', error.message);
+    }
+
+    return NextResponse.redirect(errorUrl);
+  }
+};

package/src/app/(backend)/oidc/handoff/route.ts

@@ -0,0 +1,46 @@
+import debug from 'debug';
+import { NextRequest, NextResponse } from 'next/server';
+
+import { OAuthHandoffModel } from '@/database/models/oauthHandoff';
+import { serverDB } from '@/database/server';
+
+const log = debug('lobe-oidc:handoff');
+
+/**
+ * GET /oidc/handoff?id=xxx&client=xxx
+ * 轮询获取并消费认证凭证
+ */
+export async function GET(request: NextRequest) {
+  log('Received GET request for /oidc/handoff');
+
+  try {
+    const { searchParams } = new URL(request.url);
+    const id = searchParams.get('id');
+    const client = searchParams.get('client');
+
+    if (!id || !client) {
+      return NextResponse.json(
+        { error: 'Missing required parameters: id and client' },
+        { status: 400 },
+      );
+    }
+
+    log('Fetching handoff record - id=%s, client=%s', id, client);
+
+    const authHandoffModel = new OAuthHandoffModel(serverDB);
+    const result = await authHandoffModel.fetchAndConsume(id, client);
+
+    if (!result) {
+      log('Handoff record not found or expired - id=%s', id);
+      return NextResponse.json({ error: 'Handoff record not found or expired' }, { status: 404 });
+    }
+
+    log('Handoff record found and consumed - id=%s', id);
+
+    return NextResponse.json({ data: result, success: true });
+  } catch (error) {
+    log('Error fetching handoff record: %O', error);
+
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
+  }
+}

package/src/app/[variants]/oauth/callback/error/page.tsx

@@ -0,0 +1,55 @@
+'use client';
+
+import { Button, Highlighter, Icon } from '@lobehub/ui';
+import { Card, Result } from 'antd';
+import { ShieldX } from 'lucide-react';
+import Link from 'next/link';
+import { parseAsString, useQueryState } from 'nuqs';
+import React, { memo } from 'react';
+import { useTranslation } from 'react-i18next';
+import { Center, Flexbox } from 'react-layout-kit';
+
+const FailedPage = memo(() => {
+  const { t } = useTranslation('oauth');
+  const [reason] = useQueryState('reason');
+  const [errorMessage] = useQueryState<string>('errorMessage', parseAsString);
+
+  return (
+    <Center height="100vh">
+      <Card
+        style={{
+          alignItems: 'center',
+          display: 'flex',
+          justifyContent: 'center',
+          minHeight: 280,
+          minWidth: 500,
+          width: '100%',
+        }}
+      >
+        <Result
+          extra={
+            <Link href="/">
+              <Button type="primary">{t('error.backToHome')}</Button>
+            </Link>
+          }
+          icon={<Icon icon={ShieldX} />}
+          status="error"
+          subTitle={
+            <Flexbox gap={8}>
+              {t('error.desc', {
+                reason: t(`error.reason.${reason}` as any, { defaultValue: reason }),
+              })}
+
+              {!!errorMessage && <Highlighter language={'log'}>{errorMessage}</Highlighter>}
+            </Flexbox>
+          }
+          title={t('error.title')}
+        />
+      </Card>
+    </Center>
+  );
+});
+
+FailedPage.displayName = 'FailedPage';
+
+export default FailedPage;

package/src/app/[variants]/oauth/callback/layout.tsx

@@ -0,0 +1,12 @@
+import { notFound } from 'next/navigation';
+import { PropsWithChildren } from 'react';
+
+import { oidcEnv } from '@/envs/oidc';
+
+const Layout = ({ children }: PropsWithChildren) => {
+  if (!oidcEnv.ENABLE_OIDC) return notFound();
+
+  return children;
+};
+
+export default Layout;

package/src/app/[variants]/oauth/callback/loading.tsx

@@ -0,0 +1,3 @@
+'use client';
+
+export { default } from '@/components/Loading/BrandTextLoading';

package/src/app/[variants]/oauth/{consent/[uid] → callback}/success/page.tsx

@@ -12,7 +12,16 @@ const SuccessPage = memo(() => {
 
   return (
     <Center height="100vh">
-      <Card style={{ maxWidth: 500, width: '100%' }}>
+      <Card
+        style={{
+          alignItems: 'center',
+          display: 'flex',
+          justifyContent: 'center',
+          minHeight: 280,
+          minWidth: 500,
+          width: '100%',
+        }}
+      >
         <Result
           icon={<Icon icon={CheckCircle} />}
           status="success"

package/src/app/[variants]/oauth/consent/[uid]/Consent.tsx

@@ -3,7 +3,7 @@
 import { Button, Text } from '@lobehub/ui';
 import { Card, Divider } from 'antd';
 import { createStyles } from 'antd-style';
-import { memo } from 'react';
+import { memo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { Center, Flexbox } from 'react-layout-kit';
 
@@ -122,6 +122,8 @@ const ConsentClient = memo<ClientProps>(
     const { styles, theme } = useStyles();
     const { t } = useTranslation('oauth');
 
+    const [isLoading, setIsLoading] = useState(false);
+
     const clientDisplayName = clientMetadata?.clientName || clientId;
     return (
       <Center className={styles.container} gap={16}>
@@ -165,7 +167,11 @@ const ConsentClient = memo<ClientProps>(
                     <Button
                       className={styles.authButton}
                       htmlType="submit"
+                      loading={isLoading}
                       name="consent"
+                      onClick={() => {
+                        setIsLoading(true);
+                      }}
                       type="primary"
                       value="accept"
                     >

package/src/database/client/migrations.json

@@ -541,5 +541,13 @@
     "bps": true,
     "folderMillis": 1752413805765,
     "hash": "abed92b1356df6d7eb35c03f47fbbdcdaf25aefda750dc3e4963c1c2a0d38b54"
+  },
+  {
+    "sql": [
+      "CREATE TABLE \"oauth_handoffs\" (\n\t\"id\" text PRIMARY KEY NOT NULL,\n\t\"client\" varchar(50) NOT NULL,\n\t\"payload\" jsonb NOT NULL,\n\t\"accessed_at\" timestamp with time zone DEFAULT now() NOT NULL,\n\t\"created_at\" timestamp with time zone DEFAULT now() NOT NULL,\n\t\"updated_at\" timestamp with time zone DEFAULT now() NOT NULL\n);\n"
+    ],
+    "bps": true,
+    "folderMillis": 1752567402506,
+    "hash": "8ba3ae52ed72e8aad1623dbcf47ca26a8406ebffc6d5284abff94ea994b59c04"
   }
 ]

package/src/database/migrations/0028_oauth_handoffs.sql

@@ -0,0 +1,8 @@
+CREATE TABLE "oauth_handoffs" (
+	"id" text PRIMARY KEY NOT NULL,
+	"client" varchar(50) NOT NULL,
+	"payload" jsonb NOT NULL,
+	"accessed_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
+);