@lobehub/lobehub 2.0.0-next.123 → 2.0.0-next.125

package/GEMINI.md

@@ -0,0 +1,63 @@
+# GEMINI.md
+
+This document serves as a shared guideline for all team members when using Gemini CLI in this repository.
+
+## Tech Stack
+
+read @.cursor/rules/project-introduce.mdc
+
+## Directory Structure
+
+read @.cursor/rules/project-structure.mdc
+
+## Development
+
+### Git Workflow
+
+- use rebase for git pull
+- git commit message should prefix with gitmoji
+- git branch name format example: tj/feat/feature-name
+- use .github/PULL_REQUEST_TEMPLATE.md to generate pull request description
+
+### Package Management
+
+This repository adopts a monorepo structure.
+
+- Use `pnpm` as the primary package manager for dependency management
+- Use `bun` to run npm scripts
+- Use `bunx` to run executable npm packages
+
+### TypeScript Code Style Guide
+
+see @.cursor/rules/typescript.mdc
+
+### Testing
+
+- **Required Rule**: read `@.cursor/rules/testing-guide/testing-guide.mdc` before writing tests
+- **Command**:
+  - web: `bunx vitest run --silent='passed-only' '[file-path-pattern]'`
+  - packages(eg: database): `cd packages/database && bunx vitest run --silent='passed-only' '[file-path-pattern]'`
+
+**Important**:
+
+- wrap the file path in single quotes to avoid shell expansion
+- Never run `bun run test` etc to run tests, this will run all tests and cost about 10mins
+- If trying to fix the same test twice, but still failed, stop and ask for help.
+
+### Typecheck
+
+- use `bun run type-check` to check type errors.
+
+### i18n
+
+- **Keys**: Add to `src/locales/default/namespace.ts`
+- **Dev**: Translate `locales/zh-CN/namespace.json` and `locales/en-US/namespace.json` locales file only for dev preview
+- DON'T run `pnpm i18n`, let CI auto handle it
+
+## 🚨 Quality Checks
+
+**MANDATORY**: After completing code changes, always run `mcp__vscode-mcp__get_diagnostics` on the modified files to identify any errors introduced by your changes and fix them.
+
+## Rules Index
+
+Some useful project rules are listed in @.cursor/rules/rules-index.mdc

package/README.md

@@ -345,14 +345,14 @@ In addition, these plugins are not limited to news aggregation, but can also ext
 
 <!-- PLUGIN LIST -->
 
-| Recent Submits                                                                                                             | Description                                                                                                                               |
-| -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
-| [SEO](https://lobechat.com/discover/plugin/SEO)<br/><sup>By **orrenprunckun** on **2025-11-14**</sup>                      | Enter any URL and keyword and get an On-Page SEO analysis & insights!<br/>`seo`                                                           |
-| [Shopping tools](https://lobechat.com/discover/plugin/ShoppingTools)<br/><sup>By **shoppingtools** on **2025-10-27**</sup> | Search for products on eBay & AliExpress, find eBay events & coupons. Get prompt examples.<br/>`shopping` `e-bay` `ali-express` `coupons` |
-| [PortfolioMeta](https://lobechat.com/discover/plugin/StockData)<br/><sup>By **portfoliometa** on **2025-09-27**</sup>      | Analyze stocks and get comprehensive real-time investment data and analytics.<br/>`stock`                                                 |
-| [Web](https://lobechat.com/discover/plugin/web)<br/><sup>By **Proghit** on **2025-01-24**</sup>                            | Smart web search that reads and analyzes pages to deliver comprehensive answers from Google results.<br/>`web` `search`                   |
-
-> 📊 Total plugins: [<kbd>**42**</kbd>](https://lobechat.com/discover/plugins)
+| Recent Submits                                                                                                               | Description                                                                                                                               |
+| ---------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| [SEO](https://lobechat.com/discover/plugin/SEO)<br/><sup>By **orrenprunckun** on **2025-11-14**</sup>                        | Enter any URL and keyword and get an On-Page SEO analysis & insights!<br/>`seo`                                                           |
+| [Shopping tools](https://lobechat.com/discover/plugin/ShoppingTools)<br/><sup>By **shoppingtools** on **2025-10-27**</sup>   | Search for products on eBay & AliExpress, find eBay events & coupons. Get prompt examples.<br/>`shopping` `e-bay` `ali-express` `coupons` |
+| [Web](https://lobechat.com/discover/plugin/web)<br/><sup>By **Proghit** on **2025-01-24**</sup>                              | Smart web search that reads and analyzes pages to deliver comprehensive answers from Google results.<br/>`web` `search`                   |
+| [Bing_websearch](https://lobechat.com/discover/plugin/Bingsearch-identifier)<br/><sup>By **FineHow** on **2024-12-22**</sup> | Search for information from the internet base BingApi<br/>`bingsearch`                                                                    |
+
+> 📊 Total plugins: [<kbd>**41**</kbd>](https://lobechat.com/discover/plugins)
 
  <!-- PLUGIN LIST -->
 

package/README.zh-CN.md

@@ -338,14 +338,14 @@ LobeChat 的插件生态系统是其核心功能的重要扩展，它极大地
 
 <!-- PLUGIN LIST -->
 
-| 最近新增                                                                                                              | 描述                                                                                                               |
-| --------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
-| [SEO](https://lobechat.com/discover/plugin/SEO)<br/><sup>By **orrenprunckun** on **2025-11-14**</sup>                 | 输入任何 URL 和关键词，获取页面 SEO 分析和见解！<br/>`seo`                                                         |
-| [购物工具](https://lobechat.com/discover/plugin/ShoppingTools)<br/><sup>By **shoppingtools** on **2025-10-27**</sup>  | 在 eBay 和 AliExpress 上搜索产品，查找 eBay 活动和优惠券。获取快速示例。<br/>`购物` `e-bay` `ali-express` `优惠券` |
-| [PortfolioMeta](https://lobechat.com/discover/plugin/StockData)<br/><sup>By **portfoliometa** on **2025-09-27**</sup> | 分析股票并获取全面的实时投资数据和分析。<br/>`股票`                                                                |
-| [网页](https://lobechat.com/discover/plugin/web)<br/><sup>By **Proghit** on **2025-01-24**</sup>                      | 智能网页搜索，读取和分析页面，以提供来自 Google 结果的全面答案。<br/>`网页` `搜索`                                 |
-
-> 📊 Total plugins: [<kbd>**42**</kbd>](https://lobechat.com/discover/plugins)
+| 最近新增                                                                                                                   | 描述                                                                                                               |
+| -------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
+| [SEO](https://lobechat.com/discover/plugin/SEO)<br/><sup>By **orrenprunckun** on **2025-11-14**</sup>                      | 输入任何 URL 和关键词，获取页面 SEO 分析和见解！<br/>`seo`                                                         |
+| [购物工具](https://lobechat.com/discover/plugin/ShoppingTools)<br/><sup>By **shoppingtools** on **2025-10-27**</sup>       | 在 eBay 和 AliExpress 上搜索产品，查找 eBay 活动和优惠券。获取快速示例。<br/>`购物` `e-bay` `ali-express` `优惠券` |
+| [网页](https://lobechat.com/discover/plugin/web)<br/><sup>By **Proghit** on **2025-01-24**</sup>                           | 智能网页搜索，读取和分析页面，以提供来自 Google 结果的全面答案。<br/>`网页` `搜索`                                 |
+| [必应网页搜索](https://lobechat.com/discover/plugin/Bingsearch-identifier)<br/><sup>By **FineHow** on **2024-12-22**</sup> | 通过 BingApi 搜索互联网上的信息<br/>`bingsearch`                                                                   |
+
+> 📊 Total plugins: [<kbd>**41**</kbd>](https://lobechat.com/discover/plugins)
 
  <!-- PLUGIN LIST -->
 

package/changelog/v1.json

@@ -1,4 +1,22 @@
 [
+  {
+    "children": {
+      "features": [
+        "Support better-auth."
+      ]
+    },
+    "date": "2025-11-27",
+    "version": "2.0.0-next.125"
+  },
+  {
+    "children": {
+      "fixes": [
+        "Fixed the agent settings plugins pages error problem, improve topic item interaction and editing behavior."
+      ]
+    },
+    "date": "2025-11-27",
+    "version": "2.0.0-next.124"
+  },
   {
     "children": {
       "improvements": [

package/docs/development/database-schema.dbml

@@ -4,6 +4,7 @@ table agents {
   title varchar(255)
   description varchar(1000)
   tags jsonb [default: `[]`]
+  editor_data jsonb
   avatar text
   background_color text
   market_identifier text
@@ -136,6 +137,42 @@ table async_tasks {
   updated_at "timestamp with time zone" [not null, default: `now()`]
 }
 
+table accounts {
+  access_token text
+  access_token_expires_at timestamp
+  account_id text [not null]
+  created_at timestamp [not null, default: `now()`]
+  id text [pk, not null]
+  id_token text
+  password text
+  provider_id text [not null]
+  refresh_token text
+  refresh_token_expires_at timestamp
+  scope text
+  updated_at timestamp [not null]
+  user_id text [not null]
+}
+
+table auth_sessions {
+  created_at timestamp [not null, default: `now()`]
+  expires_at timestamp [not null]
+  id text [pk, not null]
+  ip_address text
+  token text [not null, unique]
+  updated_at timestamp [not null]
+  user_agent text
+  user_id text [not null]
+}
+
+table verifications {
+  created_at timestamp [not null, default: `now()`]
+  expires_at timestamp [not null]
+  id text [pk, not null]
+  identifier text [not null]
+  updated_at timestamp [not null, default: `now()`]
+  value text [not null]
+}
+
 table chat_groups {
   id text [pk, not null]
   title text
@@ -980,6 +1017,7 @@ table users {
   full_name text
   is_onboarded boolean [default: false]
   clerk_created_at "timestamp with time zone"
+  email_verified boolean [not null, default: false]
   email_verified_at "timestamp with time zone"
   preference jsonb
   accessed_at "timestamp with time zone" [not null, default: `now()`]

package/docs/self-hosting/advanced/auth.mdx

@@ -1,10 +1,11 @@
 ---
 title: LobeChat Authentication Service Configuration
 description: >-
-  Learn how to configure external authentication services using Clerk or Next Auth for centralized user authorization management. Supported authentication services include Auth0, Azure ID, etc.
+  Learn how to configure external authentication services using Better Auth, Clerk, or Next Auth for centralized user authorization management. Supported authentication services include Auth0, Azure ID, etc.
 
 tags:
   - Authentication Service
+  - Better Auth
   - Next Auth
   - SSO
   - Clerk
@@ -12,7 +13,7 @@ tags:
 
 # Authentication Service
 
-LobeChat supports the configuration of external authentication services using Clerk or Next Auth for internal use within enterprises/organizations to centrally manage user authorization.
+LobeChat supports the configuration of external authentication services using Better Auth, Clerk, or Next Auth for internal use within enterprises/organizations to centrally manage user authorization.
 
 ## Clerk
 
@@ -22,6 +23,78 @@ LobeChat has deeply integrated with Clerk to provide users with a more secure an
 
 By setting the environment variables `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` and `CLERK_SECRET_KEY` in LobeChat's environment, you can enable and use Clerk.
 
+## Better Auth
+
+[Better Auth](https://www.better-auth.com) is a modern, framework-agnostic authentication library designed to provide comprehensive, secure, and flexible authentication solutions. It supports various authentication methods including email/password, magic links, and multiple OAuth/SSO providers.
+
+### Key Features
+
+- **Email/Password Authentication**: Built-in support for traditional email and password login with secure password hashing
+- **Email Verification**: Optional email verification flow with customizable email templates
+- **Magic Link Login**: Passwordless authentication via email magic links
+- **OAuth/SSO Support**: Integration with popular identity providers including Google, GitHub, Microsoft, AWS Cognito, and more
+- **Generic OIDC/OAuth**: Support for any OpenID Connect or OAuth 2.0 compliant provider
+
+### Getting Started
+
+To enable Better Auth in LobeChat, set the following environment variables:
+
+| Environment Variable             | Type     | Description                                                                                                            |
+| -------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------- |
+| `NEXT_PUBLIC_ENABLE_BETTER_AUTH` | Required | Set to `1` to enable Better Auth service                                                                               |
+| `AUTH_SECRET`                    | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32`                                          |
+| `NEXT_PUBLIC_AUTH_URL`           | Optional | The URL accessible from the browser for Better Auth callbacks. Only set this if the default generated URL is incorrect |
+| `AUTH_SSO_PROVIDERS`             | Optional | Comma-separated list of enabled SSO providers, e.g., `google,github,microsoft`                                         |
+
+### Supported SSO Providers
+
+| Provider              | Value                   | Environment Variables                                                                                     |
+| --------------------- | ----------------------- | --------------------------------------------------------------------------------------------------------- |
+| Google                | `google`                | `AUTH_GOOGLE_ID`, `AUTH_GOOGLE_SECRET`                                                                    |
+| GitHub                | `github`                | `AUTH_GITHUB_ID`, `AUTH_GITHUB_SECRET`                                                                    |
+| Microsoft             | `microsoft`             | `AUTH_MICROSOFT_ID`, `AUTH_MICROSOFT_SECRET`                                                              |
+| AWS Cognito           | `cognito`               | `AUTH_COGNITO_ID`, `AUTH_COGNITO_SECRET`, `AUTH_COGNITO_ISSUER`                                           |
+| Auth0                 | `auth0`                 | `AUTH_AUTH0_ID`, `AUTH_AUTH0_SECRET`, `AUTH_AUTH0_ISSUER`                                                 |
+| Authelia              | `authelia`              | `AUTH_AUTHELIA_ID`, `AUTH_AUTHELIA_SECRET`, `AUTH_AUTHELIA_ISSUER`                                        |
+| Authentik             | `authentik`             | `AUTH_AUTHENTIK_ID`, `AUTH_AUTHENTIK_SECRET`, `AUTH_AUTHENTIK_ISSUER`                                     |
+| Casdoor               | `casdoor`               | `AUTH_CASDOOR_ID`, `AUTH_CASDOOR_SECRET`, `AUTH_CASDOOR_ISSUER`                                           |
+| Cloudflare Zero Trust | `cloudflare-zero-trust` | `AUTH_CLOUDFLARE_ZERO_TRUST_ID`, `AUTH_CLOUDFLARE_ZERO_TRUST_SECRET`, `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` |
+| Keycloak              | `keycloak`              | `AUTH_KEYCLOAK_ID`, `AUTH_KEYCLOAK_SECRET`, `AUTH_KEYCLOAK_ISSUER`                                        |
+| Logto                 | `logto`                 | `AUTH_LOGTO_ID`, `AUTH_LOGTO_SECRET`, `AUTH_LOGTO_ISSUER`                                                 |
+| Okta                  | `okta`                  | `AUTH_OKTA_ID`, `AUTH_OKTA_SECRET`, `AUTH_OKTA_ISSUER`                                                    |
+| ZITADEL               | `zitadel`               | `AUTH_ZITADEL_ID`, `AUTH_ZITADEL_SECRET`, `AUTH_ZITADEL_ISSUER`                                           |
+| Generic OIDC          | `generic-oidc`          | `AUTH_GENERIC_OIDC_ID`, `AUTH_GENERIC_OIDC_SECRET`, `AUTH_GENERIC_OIDC_ISSUER`                            |
+| Feishu                | `feishu`                | `AUTH_FEISHU_APP_ID`, `AUTH_FEISHU_APP_SECRET`                                                            |
+| WeChat                | `wechat`                | `AUTH_WECHAT_ID`, `AUTH_WECHAT_SECRET`                                                                    |
+
+### Callback URL Format
+
+When configuring OAuth providers, use the following callback URL format:
+
+- **Development**: `http://localhost:3210/api/auth/callback/{provider}`
+- **Production**: `https://yourdomain.com/api/auth/callback/{provider}`
+
+### Email Service Configuration
+
+If you want to enable email verification or password reset features, you need to configure SMTP settings:
+
+| Environment Variable                  | Type     | Description                                                       |
+| ------------------------------------- | -------- | ----------------------------------------------------------------- |
+| `NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION` | Optional | Set to `1` to require email verification before users can sign in |
+| `SMTP_HOST`                           | Required | SMTP server hostname (e.g., `smtp.gmail.com`)                     |
+| `SMTP_PORT`                           | Required | SMTP server port (usually `587` for TLS, `465` for SSL)           |
+| `SMTP_SECURE`                         | Optional | Set to `true` for SSL (port 465), `false` for TLS (port 587)      |
+| `SMTP_USER`                           | Required | SMTP authentication username                                      |
+| `SMTP_PASS`                           | Required | SMTP authentication password                                      |
+
+<Callout type={'tip'}>
+  For detailed provider configuration, refer to the [Next Auth provider documentation](/docs/self-hosting/advanced/auth/next-auth) as most configurations are compatible, or visit the official [Better Auth documentation](https://www.better-auth.com/docs/introduction).
+</Callout>
+
+<Callout type={'tip'}>
+  Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#better-auth) for detailed information on all Better Auth variables.
+</Callout>
+
 ## Next Auth
 
 Before using NextAuth, please set the following variables in LobeChat's environment variables:

package/docs/self-hosting/advanced/auth.zh-CN.mdx

@@ -1,8 +1,9 @@
 ---
 title: LobeChat 身份验证服务配置
-description: 了解如何使用 Clerk 或 Next Auth 配置外部身份验证服务，以统一管理用户授权。支持的身份验证服务包括 Auth0、 Azure ID 等。
+description: 了解如何使用 Better Auth、Clerk 或 Next Auth 配置外部身份验证服务，以统一管理用户授权。支持的身份验证服务包括 Auth0、 Azure ID 等。
 tags:
   - 身份验证服务
+  - Better Auth
   - LobeChat
   - SSO
   - Clerk
@@ -10,7 +11,7 @@ tags:
 
 # 身份验证服务
 
-LobeChat 支持使用 Clerk 或者 Next Auth 配置外部身份验证服务，供企业 / 组织内部使用，统一管理用户授权。
+LobeChat 支持使用 Better Auth、Clerk 或者 Next Auth 配置外部身份验证服务，供企业 / 组织内部使用，统一管理用户授权。
 
 ## Clerk
 
@@ -20,6 +21,78 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 
 在 LobeChat 的环境变量中设置 `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` 和 `CLERK_SECRET_KEY`，即可开启和使用 Clerk。
 
+## Better Auth
+
+[Better Auth](https://www.better-auth.com) 是一个现代化、框架无关的身份验证库，旨在提供全面、安全、灵活的身份验证解决方案。它支持多种认证方式，包括邮箱 / 密码登录、魔法链接登录以及多种 OAuth/SSO 提供商。
+
+### 主要特性
+
+- **邮箱 / 密码认证**：内置支持传统的邮箱和密码登录，采用安全的密码哈希算法
+- **邮箱验证**：可选的邮箱验证流程，支持自定义邮件模板
+- **魔法链接登录**：通过邮件魔法链接实现无密码认证
+- **OAuth/SSO 支持**：集成 Google、GitHub、Microsoft、AWS Cognito 等主流身份提供商
+- **通用 OIDC/OAuth**：支持任何符合 OpenID Connect 或 OAuth 2.0 标准的提供商
+
+### 快速开始
+
+要在 LobeChat 中启用 Better Auth，请设置以下环境变量：
+
+| 环境变量                             | 类型 | 描述                                               |
+| -------------------------------- | -- | ------------------------------------------------ |
+| `NEXT_PUBLIC_ENABLE_BETTER_AUTH` | 必选 | 设置为 `1` 以启用 Better Auth 服务                       |
+| `AUTH_SECRET`                    | 必选 | 用于加密会话令牌的密钥。使用以下命令生成：`openssl rand -base64 32`   |
+| `NEXT_PUBLIC_AUTH_URL`           | 可选 | 浏览器可访问的 Better Auth 回调 URL。仅在默认生成的 URL 不正确时设置    |
+| `AUTH_SSO_PROVIDERS`             | 可选 | 启用的 SSO 提供商列表，以逗号分隔，例如 `google,github,microsoft` |
+
+### 支持的 SSO 提供商
+
+| 提供商                   | 值                       | 环境变量                                                                                                      |
+| --------------------- | ----------------------- | --------------------------------------------------------------------------------------------------------- |
+| Google                | `google`                | `AUTH_GOOGLE_ID`, `AUTH_GOOGLE_SECRET`                                                                    |
+| GitHub                | `github`                | `AUTH_GITHUB_ID`, `AUTH_GITHUB_SECRET`                                                                    |
+| Microsoft             | `microsoft`             | `AUTH_MICROSOFT_ID`, `AUTH_MICROSOFT_SECRET`                                                              |
+| AWS Cognito           | `cognito`               | `AUTH_COGNITO_ID`, `AUTH_COGNITO_SECRET`, `AUTH_COGNITO_ISSUER`                                           |
+| Auth0                 | `auth0`                 | `AUTH_AUTH0_ID`, `AUTH_AUTH0_SECRET`, `AUTH_AUTH0_ISSUER`                                                 |
+| Authelia              | `authelia`              | `AUTH_AUTHELIA_ID`, `AUTH_AUTHELIA_SECRET`, `AUTH_AUTHELIA_ISSUER`                                        |
+| Authentik             | `authentik`             | `AUTH_AUTHENTIK_ID`, `AUTH_AUTHENTIK_SECRET`, `AUTH_AUTHENTIK_ISSUER`                                     |
+| Casdoor               | `casdoor`               | `AUTH_CASDOOR_ID`, `AUTH_CASDOOR_SECRET`, `AUTH_CASDOOR_ISSUER`                                           |
+| Cloudflare Zero Trust | `cloudflare-zero-trust` | `AUTH_CLOUDFLARE_ZERO_TRUST_ID`, `AUTH_CLOUDFLARE_ZERO_TRUST_SECRET`, `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` |
+| Keycloak              | `keycloak`              | `AUTH_KEYCLOAK_ID`, `AUTH_KEYCLOAK_SECRET`, `AUTH_KEYCLOAK_ISSUER`                                        |
+| Logto                 | `logto`                 | `AUTH_LOGTO_ID`, `AUTH_LOGTO_SECRET`, `AUTH_LOGTO_ISSUER`                                                 |
+| Okta                  | `okta`                  | `AUTH_OKTA_ID`, `AUTH_OKTA_SECRET`, `AUTH_OKTA_ISSUER`                                                    |
+| ZITADEL               | `zitadel`               | `AUTH_ZITADEL_ID`, `AUTH_ZITADEL_SECRET`, `AUTH_ZITADEL_ISSUER`                                           |
+| Generic OIDC          | `generic-oidc`          | `AUTH_GENERIC_OIDC_ID`, `AUTH_GENERIC_OIDC_SECRET`, `AUTH_GENERIC_OIDC_ISSUER`                            |
+| 飞书                    | `feishu`                | `AUTH_FEISHU_APP_ID`, `AUTH_FEISHU_APP_SECRET`                                                            |
+| 微信                    | `wechat`                | `AUTH_WECHAT_ID`, `AUTH_WECHAT_SECRET`                                                                    |
+
+### 回调 URL 格式
+
+配置 OAuth 提供商时，请使用以下回调 URL 格式：
+
+- **开发环境**：`http://localhost:3210/api/auth/callback/{provider}`
+- **生产环境**：`https://yourdomain.com/api/auth/callback/{provider}`
+
+### 邮件服务配置
+
+如果需要启用邮箱验证或密码重置功能，需要配置 SMTP 设置：
+
+| 环境变量                                  | 类型 | 描述                                             |
+| ------------------------------------- | -- | ---------------------------------------------- |
+| `NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION` | 可选 | 设置为 `1` 以要求用户在登录前验证邮箱                          |
+| `SMTP_HOST`                           | 必选 | SMTP 服务器主机名（例如 `smtp.gmail.com`）               |
+| `SMTP_PORT`                           | 必选 | SMTP 服务器端口（TLS 通常为 `587`，SSL 为 `465`）          |
+| `SMTP_SECURE`                         | 可选 | SSL 设置为 `true`（端口 465），TLS 设置为 `false`（端口 587） |
+| `SMTP_USER`                           | 必选 | SMTP 认证用户名                                     |
+| `SMTP_PASS`                           | 必选 | SMTP 认证密码                                      |
+
+<Callout type={'tip'}>
+  详细的提供商配置可参考 [Next Auth 提供商文档](/zh/docs/self-hosting/advanced/auth/next-auth)（大部分配置兼容），或访问官方 [Better Auth 文档](https://www.better-auth.com/docs/introduction)。
+</Callout>
+
+<Callout type={'tip'}>
+  前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#better-auth) 可查阅所有 Better Auth 相关变量详情。
+</Callout>
+
 ## Next Auth
 
 在使用 NextAuth 之前，请先在 LobeChat 的环境变量中设置以下变量：

package/docs/self-hosting/environment-variables/auth.mdx

@@ -1,11 +1,12 @@
 ---
 title: LobeChat Authentication Service Environment Variables
 description: >-
-  Explore the essential environment variables for configuring authentication services in LobeChat, including OAuth SSO, NextAuth settings, and provider-specific details.
+  Explore the essential environment variables for configuring authentication services in LobeChat, including Better Auth, OAuth SSO, NextAuth settings, and provider-specific details.
 
 
 tags:
   - Authentication Service
+  - Better Auth
   - OAuth SSO
   - Clerk
   - NextAuth
@@ -15,6 +16,191 @@ tags:
 
 LobeChat provides a complete authentication service capability when deployed. The following are the relevant environment variables. You can use these environment variables to easily define the identity verification services that need to be enabled in LobeChat.
 
+## Better Auth
+
+### General Settings
+
+#### `NEXT_PUBLIC_ENABLE_BETTER_AUTH`
+
+- Type: Required
+- Description: Set to `1` to enable Better Auth service. When enabled, Better Auth will be used for authentication instead of Next Auth or Clerk.
+- Default: `-`
+- Example: `1`
+
+#### `AUTH_SECRET`
+
+- Type: Required
+- Description: Key used to encrypt session tokens. Shared between Better Auth and Next Auth. You can generate the key using the command: `openssl rand -base64 32`.
+- Default: `-`
+- Example: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=`
+
+#### `NEXT_PUBLIC_AUTH_URL`
+
+- Type: Optional
+- Description: The URL accessible from the browser for Better Auth callbacks. Only set this if the default generated URL is incorrect.
+- Default: `-`
+- Example: `https://example.com`
+
+#### `NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION`
+
+- Type: Optional
+- Description: Set to `1` to require email verification before users can sign in. Users must verify their email address after registration.
+- Default: `0`
+- Example: `1`
+
+#### `AUTH_SSO_PROVIDERS`
+
+- Type: Optional
+- Description: Comma-separated list of enabled SSO providers. The order determines the display order of providers on the login page.
+- Default: `-`
+- Example: `google,github,microsoft,cognito`
+
+### Email Service (SMTP)
+
+These settings are required for email verification and password reset features.
+
+#### `SMTP_HOST`
+
+- Type: Required (for email features)
+- Description: SMTP server hostname.
+- Default: `-`
+- Example: `smtp.gmail.com`
+
+#### `SMTP_PORT`
+
+- Type: Required (for email features)
+- Description: SMTP server port. Usually `587` for TLS or `465` for SSL.
+- Default: `-`
+- Example: `587`
+
+#### `SMTP_SECURE`
+
+- Type: Optional
+- Description: Use secure connection. Set to `true` for port 465 (SSL), `false` for port 587 (TLS).
+- Default: `false`
+- Example: `false`
+
+#### `SMTP_USER`
+
+- Type: Required (for email features)
+- Description: SMTP authentication username, usually your email address.
+- Default: `-`
+- Example: `your-email@example.com`
+
+#### `SMTP_PASS`
+
+- Type: Required (for email features)
+- Description: SMTP authentication password. For Gmail, use an app-specific password.
+- Default: `-`
+- Example: `your-app-specific-password`
+
+### Google
+
+#### `AUTH_GOOGLE_ID`
+
+- Type: Required
+- Description: Client ID of the Google OAuth application. Get it from [Google Cloud Console](https://console.cloud.google.com/apis/credentials).
+- Default: `-`
+- Example: `123456789.apps.googleusercontent.com`
+
+#### `AUTH_GOOGLE_SECRET`
+
+- Type: Required
+- Description: Client Secret of the Google OAuth application.
+- Default: `-`
+- Example: `GOCSPX-xxxxxxxxxxxxxxxxxxxx`
+
+### GitHub
+
+#### `AUTH_GITHUB_ID`
+
+- Type: Required
+- Description: Client ID of the GitHub OAuth application. Get it from [GitHub Developer Settings](https://github.com/settings/developers).
+- Default: `-`
+- Example: `Ov23xxxxxxxxxxxxx`
+
+#### `AUTH_GITHUB_SECRET`
+
+- Type: Required
+- Description: Client Secret of the GitHub OAuth application.
+- Default: `-`
+- Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+### Microsoft
+
+#### `AUTH_MICROSOFT_ID`
+
+- Type: Required
+- Description: Client ID of the Microsoft Entra ID (Azure AD) application. Get it from [Azure Portal](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade).
+- Default: `-`
+- Example: `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+
+#### `AUTH_MICROSOFT_SECRET`
+
+- Type: Required
+- Description: Client Secret of the Microsoft Entra ID application.
+- Default: `-`
+- Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+### AWS Cognito
+
+#### `AUTH_COGNITO_ID`
+
+- Type: Required
+- Description: Client ID of the AWS Cognito User Pool App Client. Get it from [AWS Cognito Console](https://console.aws.amazon.com/cognito).
+- Default: `-`
+- Example: `xxxxxxxxxxxxxxxxxxxxx`
+
+#### `AUTH_COGNITO_SECRET`
+
+- Type: Required
+- Description: Client Secret of the AWS Cognito App Client.
+- Default: `-`
+- Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+#### `AUTH_COGNITO_ISSUER`
+
+- Type: Required
+- Description: The Cognito User Pool issuer URL. Format: `https://cognito-idp.{region}.amazonaws.com/{userPoolId}`
+- Default: `-`
+- Example: `https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxxx`
+
+### Feishu
+
+#### `AUTH_FEISHU_APP_ID`
+
+- Type: Required
+- Description: App ID of the Feishu application. Get it from [Feishu Open Platform](https://open.feishu.cn/app).
+- Default: `-`
+- Example: `cli_xxxxxxxxxxxxxxxx`
+
+#### `AUTH_FEISHU_APP_SECRET`
+
+- Type: Required
+- Description: App Secret of the Feishu application.
+- Default: `-`
+- Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+### WeChat
+
+#### `AUTH_WECHAT_ID`
+
+- Type: Required
+- Description: App ID of the WeChat Open Platform application. Get it from [WeChat Open Platform](https://open.weixin.qq.com/).
+- Default: `-`
+- Example: `wxxxxxxxxxxxxxxxxxxx`
+
+#### `AUTH_WECHAT_SECRET`
+
+- Type: Required
+- Description: App Secret of the WeChat application.
+- Default: `-`
+- Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+<Callout type={'info'}>
+  For other OIDC-based providers (Auth0, Authelia, Authentik, Casdoor, Cloudflare Zero Trust, Keycloak, Logto, Okta, ZITADEL, Generic OIDC), the environment variables follow the same pattern as Next Auth. See the [Next Auth section](#next-auth) below for details.
+</Callout>
+
 ## Next Auth
 
 ### General Settings