@lobehub/lobehub 2.0.0-next.123 → 2.0.0-next.125

package/docs/self-hosting/environment-variables/auth.zh-CN.mdx

@@ -1,9 +1,10 @@
 ---
 title: LobeChat 身份验证服务设置
-description: 了解如何配置 LobeChat 的身份验证服务环境变量。
+description: 了解如何配置 LobeChat 的身份验证服务环境变量，包括 Better Auth、OAuth SSO、NextAuth 设置等。
 tags:
   - LobeChat
   - 身份验证服务
+  - Better Auth
   - 单点登录
   - Next Auth
   - Clerk
@@ -13,6 +14,191 @@ tags:
 
 LobeChat 在部署时提供了完善的身份验证服务能力，以下是相关的环境变量，你可以使用这些环境变量轻松定义需要在 LobeChat 中开启的身份验证服务。
 
+## Better Auth
+
+### 通用设置
+
+#### `NEXT_PUBLIC_ENABLE_BETTER_AUTH`
+
+- 类型：必选
+- 描述：设置为 `1` 以启用 Better Auth 服务。启用后，将使用 Better Auth 进行身份验证，而非 Next Auth 或 Clerk。
+- 默认值：`-`
+- 示例：`1`
+
+#### `AUTH_SECRET`
+
+- 类型：必选
+- 描述：用于加密会话令牌的密钥，Better Auth 和 Next Auth 共享。使用以下命令生成：`openssl rand -base64 32`
+- 默认值：`-`
+- 示例：`Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=`
+
+#### `NEXT_PUBLIC_AUTH_URL`
+
+- 类型：可选
+- 描述：浏览器可访问的 Better Auth 回调 URL。仅在默认生成的 URL 不正确时设置。
+- 默认值：`-`
+- 示例：`https://example.com`
+
+#### `NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION`
+
+- 类型：可选
+- 描述：设置为 `1` 以要求用户在登录前验证邮箱。用户注册后必须验证邮箱地址。
+- 默认值：`0`
+- 示例：`1`
+
+#### `AUTH_SSO_PROVIDERS`
+
+- 类型：可选
+- 描述：启用的 SSO 提供商列表，以逗号分隔。顺序决定了登录页面上提供商的显示顺序。
+- 默认值：`-`
+- 示例：`google,github,microsoft,cognito`
+
+### 邮件服务（SMTP）
+
+启用邮箱验证和密码重置功能需要配置以下设置。
+
+#### `SMTP_HOST`
+
+- 类型：必选（用于邮件功能）
+- 描述：SMTP 服务器主机名。
+- 默认值：`-`
+- 示例：`smtp.gmail.com`
+
+#### `SMTP_PORT`
+
+- 类型：必选（用于邮件功能）
+- 描述：SMTP 服务器端口。TLS 通常为 `587`，SSL 为 `465`。
+- 默认值：`-`
+- 示例：`587`
+
+#### `SMTP_SECURE`
+
+- 类型：可选
+- 描述：是否使用安全连接。端口 465（SSL）设置为 `true`，端口 587（TLS）设置为 `false`。
+- 默认值：`false`
+- 示例：`false`
+
+#### `SMTP_USER`
+
+- 类型：必选（用于邮件功能）
+- 描述：SMTP 认证用户名，通常是您的邮箱地址。
+- 默认值：`-`
+- 示例：`your-email@example.com`
+
+#### `SMTP_PASS`
+
+- 类型：必选（用于邮件功能）
+- 描述：SMTP 认证密码。Gmail 需使用应用专用密码。
+- 默认值：`-`
+- 示例：`your-app-specific-password`
+
+### Google
+
+#### `AUTH_GOOGLE_ID`
+
+- 类型：必选
+- 描述：Google OAuth 应用的 Client ID。在 [Google Cloud Console](https://console.cloud.google.com/apis/credentials) 获取。
+- 默认值：`-`
+- 示例：`123456789.apps.googleusercontent.com`
+
+#### `AUTH_GOOGLE_SECRET`
+
+- 类型：必选
+- 描述：Google OAuth 应用的 Client Secret。
+- 默认值：`-`
+- 示例：`GOCSPX-xxxxxxxxxxxxxxxxxxxx`
+
+### GitHub
+
+#### `AUTH_GITHUB_ID`
+
+- 类型：必选
+- 描述：GitHub OAuth 应用的 Client ID。在 [GitHub Developer Settings](https://github.com/settings/developers) 获取。
+- 默认值：`-`
+- 示例：`Ov23xxxxxxxxxxxxx`
+
+#### `AUTH_GITHUB_SECRET`
+
+- 类型：必选
+- 描述：GitHub OAuth 应用的 Client Secret。
+- 默认值：`-`
+- 示例：`xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+### Microsoft
+
+#### `AUTH_MICROSOFT_ID`
+
+- 类型：必选
+- 描述：Microsoft Entra ID（Azure AD）应用的 Client ID。在 [Azure 门户](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) 获取。
+- 默认值：`-`
+- 示例：`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+
+#### `AUTH_MICROSOFT_SECRET`
+
+- 类型：必选
+- 描述：Microsoft Entra ID 应用的 Client Secret。
+- 默认值：`-`
+- 示例：`xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+### AWS Cognito
+
+#### `AUTH_COGNITO_ID`
+
+- 类型：必选
+- 描述：AWS Cognito 用户池应用客户端的 Client ID。在 [AWS Cognito 控制台](https://console.aws.amazon.com/cognito) 获取。
+- 默认值：`-`
+- 示例：`xxxxxxxxxxxxxxxxxxxxx`
+
+#### `AUTH_COGNITO_SECRET`
+
+- 类型：必选
+- 描述：AWS Cognito 应用客户端的 Client Secret。
+- 默认值：`-`
+- 示例：`xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+#### `AUTH_COGNITO_ISSUER`
+
+- 类型：必选
+- 描述：Cognito 用户池的颁发者 URL。格式：`https://cognito-idp.{region}.amazonaws.com/{userPoolId}`
+- 默认值：`-`
+- 示例：`https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxxx`
+
+### 飞书
+
+#### `AUTH_FEISHU_APP_ID`
+
+- 类型：必选
+- 描述：飞书应用的 App ID。在 [飞书开放平台](https://open.feishu.cn/app) 获取。
+- 默认值：`-`
+- 示例：`cli_xxxxxxxxxxxxxxxx`
+
+#### `AUTH_FEISHU_APP_SECRET`
+
+- 类型：必选
+- 描述：飞书应用的 App Secret。
+- 默认值：`-`
+- 示例：`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+### 微信
+
+#### `AUTH_WECHAT_ID`
+
+- 类型：必选
+- 描述：微信开放平台应用的 App ID。在 [微信开放平台](https://open.weixin.qq.com/) 获取。
+- 默认值：`-`
+- 示例：`wxxxxxxxxxxxxxxxxxxx`
+
+#### `AUTH_WECHAT_SECRET`
+
+- 类型：必选
+- 描述：微信应用的 App Secret。
+- 默认值：`-`
+- 示例：`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
+
+<Callout type={'info'}>
+  其他基于 OIDC 的提供商（Auth0、Authelia、Authentik、Casdoor、Cloudflare Zero Trust、Keycloak、Logto、Okta、ZITADEL、Generic OIDC）的环境变量配置与 Next Auth 相同。详情请参阅下方的 [Next Auth 章节](#next-auth)。
+</Callout>
+
 ## Next Auth
 
 ### 通用设置

package/locales/en-US/auth.json

@@ -52,6 +52,84 @@
       "required": "This field cannot be empty"
     }
   },
+  "betterAuth": {
+    "errors": {
+      "emailInvalid": "Please enter a valid email address",
+      "emailNotRegistered": "This email is not registered",
+      "emailNotVerified": "Email not verified, please verify your email first",
+      "emailRequired": "Please enter your email address",
+      "firstNameRequired": "Please enter your first name",
+      "lastNameRequired": "Please enter your last name",
+      "loginFailed": "Login failed, please check your email and password",
+      "passwordFormat": "Password must contain both letters and numbers",
+      "passwordMaxLength": "Password must not exceed 64 characters",
+      "passwordMinLength": "Password must be at least 8 characters",
+      "passwordRequired": "Please enter your password",
+      "usernameRequired": "Please enter your username"
+    },
+    "signin": {
+      "backToEmail": "Back to change email",
+      "continueWithCognito": "Continue with AWS Cognito",
+      "continueWithGithub": "Continue with GitHub",
+      "continueWithGoogle": "Continue with Google",
+      "continueWithMicrosoft": "Continue with Microsoft",
+      "emailPlaceholder": "Enter your email address",
+      "emailStep": {
+        "subtitle": "Enter your email address to continue",
+        "title": "Sign In"
+      },
+      "error": "Sign in failed, please check your email and password",
+      "forgotPassword": "Forgot password?",
+      "forgotPasswordError": "Failed to send password reset link",
+      "forgotPasswordSent": "Password reset link sent, please check your email",
+      "nextStep": "Next",
+      "noAccount": "Don't have an account?",
+      "orContinueWith": "OR",
+      "passwordPlaceholder": "Enter your password",
+      "passwordStep": {
+        "subtitle": "Enter your password to continue"
+      },
+      "signupLink": "Sign up now",
+      "socialError": "Social sign in failed, please try again",
+      "magicLinkButton": "Send sign-in link",
+      "magicLinkSent": "Sign-in link sent, please check your email",
+      "magicLinkError": "Failed to send sign-in link, please try again later",
+      "submit": "Sign In"
+    },
+    "signup": {
+      "emailPlaceholder": "Enter your email address",
+      "error": "Sign up failed, please try again",
+      "firstNamePlaceholder": "First Name",
+      "hasAccount": "Already have an account?",
+      "lastNamePlaceholder": "Last Name",
+      "passwordPlaceholder": "Enter your password",
+      "signinLink": "Sign in now",
+      "submit": "Sign Up",
+      "success": "Sign up successful! Please check your email for verification",
+      "subtitle": "Join LobeChat Community",
+      "title": "Create Account",
+      "usernamePlaceholder": "Enter your username"
+    },
+    "verifyEmail": {
+      "backToSignIn": "Back to Sign In",
+      "checkSpam": "If you don't receive the email, please check your spam folder",
+      "description": "We've sent a verification email to {{email}}",
+      "title": "Verify Your Email"
+    },
+    "resetPassword": {
+      "backToSignIn": "Back to Sign In",
+      "confirmPasswordPlaceholder": "Confirm new password",
+      "confirmPasswordRequired": "Please confirm your new password",
+      "description": "Please enter your new password",
+      "error": "Failed to reset password, please try again",
+      "invalidToken": "Invalid or expired reset link",
+      "newPasswordPlaceholder": "Enter new password",
+      "passwordMismatch": "Passwords do not match",
+      "submit": "Reset Password",
+      "success": "Password reset successful, please sign in with your new password",
+      "title": "Reset Password"
+    }
+  },
   "date": {
     "prevMonth": "Last Month",
     "recent30Days": "Last 30 Days"
@@ -86,8 +164,23 @@
   "loginOrSignup": "Log In / Sign Up",
   "profile": {
     "avatar": "Avatar",
+    "cancel": "Cancel",
+    "changePassword": "Reset password",
     "email": "Email Address",
+    "fullName": "Fullname",
+    "fullNameInputHint": "Please enter your new fullname",
+    "password": "Password",
+    "resetPasswordError": "Failed to send password reset link",
+    "resetPasswordSent": "Password reset link sent, please check your email",
+    "save": "Save",
+    "title": "Profile Details",
+    "updateAvatar": "Update avatar",
+    "updateFullName": "Update fullname",
     "sso": {
+      "link": {
+        "button": "Connect Account",
+        "success": "Account linked successfully"
+      },
       "loading": "Loading linked third-party accounts",
       "providers": "Connected Accounts",
       "unlink": {

package/locales/zh-CN/auth.json

@@ -52,6 +52,97 @@
       "required": "内容不得为空"
     }
   },
+  "betterAuth": {
+    "errors": {
+      "emailInvalid": "请输入有效的邮箱地址",
+      "emailNotRegistered": "该邮箱尚未注册",
+      "emailNotVerified": "邮箱尚未验证，请先验证邮箱",
+      "emailRequired": "请输入邮箱地址",
+      "firstNameRequired": "请输入名字",
+      "lastNameRequired": "请输入姓氏",
+      "loginFailed": "登录失败，请检查邮箱和密码",
+      "passwordFormat": "密码必须同时包含字母和数字",
+      "passwordMaxLength": "密码最多不超过 64 个字符",
+      "passwordMinLength": "密码至少需要 8 个字符",
+      "passwordRequired": "请输入密码",
+      "usernameRequired": "请输入用户名"
+    },
+    "signin": {
+      "backToEmail": "返回修改邮箱",
+      "continueWithCognito": "使用 AWS Cognito 登录",
+      "continueWithGithub": "使用 GitHub 登录",
+      "continueWithGoogle": "使用 Google 登录",
+      "continueWithMicrosoft": "使用 Microsoft 登录",
+      "continueWithAuth0": "使用 Auth0 登录",
+      "continueWithAuthelia": "使用 Authelia 登录",
+      "continueWithAuthentik": "使用 Authentik 登录",
+      "continueWithCasdoor": "使用 Casdoor 登录",
+      "continueWithCloudflareZeroTrust": "使用 Cloudflare Zero Trust 登录",
+      "continueWithOIDC": "使用 OIDC 登录",
+      "continueWithKeycloak": "使用 Keycloak 登录",
+      "continueWithLogto": "使用 Logto 登录",
+      "continueWithOkta": "使用 Okta 登录",
+      "continueWithZitadel": "使用 Zitadel 登录",
+      "continueWithFeishu": "使用飞书登录",
+      "continueWithWechat": "使用微信登录",
+      "emailPlaceholder": "请输入邮箱地址",
+      "emailStep": {
+        "subtitle": "请输入您的邮箱地址以继续",
+        "title": "登录"
+      },
+      "error": "登录失败，请检查邮箱和密码",
+      "forgotPassword": "忘记密码？",
+      "forgotPasswordError": "发送重置密码链接失败",
+      "forgotPasswordSent": "重置密码链接已发送，请检查邮箱",
+      "nextStep": "下一步",
+      "noAccount": "还没有账号？",
+      "orContinueWith": "或",
+      "passwordPlaceholder": "请输入密码",
+      "passwordStep": {
+        "subtitle": "请输入密码以继续"
+      },
+      "signupLink": "立即注册",
+      "socialError": "社交登录失败，请重试",
+      "socialOnlyHint": "该邮箱使用社交账号注册，请使用社交账号登录",
+      "magicLinkButton": "发送登录链接",
+      "magicLinkSent": "登录链接已发送，请检查邮箱",
+      "magicLinkError": "发送登录链接失败，请稍后再试",
+      "submit": "登录"
+    },
+    "signup": {
+      "emailPlaceholder": "请输入邮箱地址",
+      "error": "注册失败，请重试",
+      "firstNamePlaceholder": "名字",
+      "hasAccount": "已有账号？",
+      "lastNamePlaceholder": "姓氏",
+      "passwordPlaceholder": "请输入密码",
+      "signinLink": "立即登录",
+      "submit": "注册",
+      "success": "注册成功！请检查您的邮箱验证邮件",
+      "subtitle": "加入 LobeChat 社区",
+      "title": "创建账号",
+      "usernamePlaceholder": "请输入用户名"
+    },
+    "verifyEmail": {
+      "backToSignIn": "返回登录",
+      "checkSpam": "如果没有收到邮件，请检查垃圾邮件文件夹",
+      "description": "我们已向 {{email}} 发送了验证邮件",
+      "title": "验证您的邮箱"
+    },
+    "resetPassword": {
+      "backToSignIn": "返回登录",
+      "confirmPasswordPlaceholder": "确认新密码",
+      "confirmPasswordRequired": "请确认新密码",
+      "description": "请输入您的新密码",
+      "error": "重置密码失败，请重试",
+      "invalidToken": "无效或已过期的重置链接",
+      "newPasswordPlaceholder": "输入新密码",
+      "passwordMismatch": "两次输入的密码不一致",
+      "submit": "重置密码",
+      "success": "密码重置成功，请使用新密码登录",
+      "title": "重置密码"
+    }
+  },
   "date": {
     "prevMonth": "上个月",
     "recent30Days": "最近30天"
@@ -86,12 +177,27 @@
   "loginOrSignup": "登录 / 注册",
   "profile": {
     "avatar": "头像",
+    "cancel": "取消",
+    "changePassword": "重置密码",
     "email": "电子邮件地址",
+    "fullName": "全名",
+    "fullNameInputHint": "请输入新的全名",
+    "password": "密码",
+    "resetPasswordError": "发送密码重置链接失败",
+    "resetPasswordSent": "密码重置链接已发送，请检查邮箱",
+    "save": "保存",
+    "title": "个人资料详情",
+    "updateAvatar": "更新头像",
+    "updateFullName": "更新全名",
     "sso": {
+      "link": {
+        "button": "连接帐户",
+        "success": "账户关联成功"
+      },
       "loading": "正在加载已绑定的第三方账户",
       "providers": "连接的帐户",
       "unlink": {
-        "description": "解绑后，您将无法使用 {{provider}} 账户“{{providerAccountId}}”登录。如果您需要重新绑定 {{provider}} 账户到当前账户，请确保 {{provider}} 账户的邮件地址为 {{email}} ，我们会在登陆时为你自动绑定到当前登录账户。",
+        "description": "解绑后，您将无法使用 {{provider}} 账户 「{{providerAccountId}}」 登录。如果您需要重新绑定 {{provider}} 账户到当前账户，请确保 {{provider}} 账户的邮件地址为 {{email}} ，我们会在登陆时为你自动绑定到当前登录账户。",
         "forbidden": "您至少需要保留一个第三方账户绑定。",
         "title": "是否解绑该第三方账户 {{provider}} ？"
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/lobehub",
-  "version": "2.0.0-next.123",
+  "version": "2.0.0-next.125",
   "description": "LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",
@@ -71,7 +71,7 @@
     "prepare": "husky",
     "prettier": "prettier -c --write \"**/**\"",
     "pull": "git pull",
-    "reinstall": "rm -rf pnpm-lock.yaml && rm -rf node_modules && pnpm -r exec rm -rf node_modules && pnpm install",
+    "reinstall": "rm -rf .next && rm -rf node_modules && pnpm -r exec rm -rf node_modules && pnpm install",
     "reinstall:desktop": "rm -rf pnpm-lock.yaml && rm -rf node_modules && pnpm -r exec rm -rf node_modules && pnpm install --node-linker=hoisted",
     "release": "semantic-release",
     "self-hosting:docker": "docker build -t lobehub:local .",
@@ -199,6 +199,7 @@
     "ahooks": "^3.9.6",
     "antd": "^5.28.1",
     "antd-style": "^3.7.1",
+    "better-auth": "^1.4.1",
     "brotli-wasm": "^3.0.1",
     "chroma-js": "^3.1.2",
     "cmdk": "^1.1.1",
@@ -240,6 +241,7 @@
     "next-mdx-remote": "^5.0.0",
     "nextjs-toploader": "^3.9.17",
     "node-machine-id": "^1.1.12",
+    "nodemailer": "^7.0.10",
     "numeral": "^2.0.6",
     "nuqs": "^2.7.3",
     "officeparser": "5.1.1",
@@ -334,6 +336,7 @@
     "@types/lodash": "^4.17.20",
     "@types/lodash-es": "^4.17.12",
     "@types/node": "^24.10.1",
+    "@types/nodemailer": "^7.0.3",
     "@types/numeral": "^2.0.5",
     "@types/oidc-provider": "^9.5.0",
     "@types/pdfkit": "^0.17.3",

package/packages/const/src/auth.ts

@@ -1,6 +1,7 @@
 export const enableClerk = !!process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY;
+export const enableBetterAuth = process.env.NEXT_PUBLIC_ENABLE_BETTER_AUTH === '1';
 export const enableNextAuth = process.env.NEXT_PUBLIC_ENABLE_NEXT_AUTH === '1';
-export const enableAuth = enableClerk || enableNextAuth || false;
+export const enableAuth = enableClerk || enableBetterAuth || enableNextAuth || false;
 
 export const LOBE_CHAT_AUTH_HEADER = 'X-lobe-chat-auth';
 export const LOBE_CHAT_OIDC_AUTH_HEADER = 'Oidc-Auth';

package/packages/database/migrations/0048_add_editor_data.sql

@@ -0,0 +1 @@
+ALTER TABLE "agents" ADD COLUMN IF NOT EXISTS "editor_data" jsonb;

package/packages/database/migrations/0049_better_auth.sql

@@ -0,0 +1,49 @@
+CREATE TABLE IF NOT EXISTS "accounts" (
+	"access_token" text,
+	"access_token_expires_at" timestamp,
+	"account_id" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"id" text PRIMARY KEY NOT NULL,
+	"id_token" text,
+	"password" text,
+	"provider_id" text NOT NULL,
+	"refresh_token" text,
+	"refresh_token_expires_at" timestamp,
+	"scope" text,
+	"updated_at" timestamp NOT NULL,
+	"user_id" text NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "auth_sessions" (
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"id" text PRIMARY KEY NOT NULL,
+	"ip_address" text,
+	"token" text NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"user_agent" text,
+	"user_id" text NOT NULL,
+	CONSTRAINT "auth_sessions_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "verifications" (
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"id" text PRIMARY KEY NOT NULL,
+	"identifier" text NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	"value" text NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "users" ADD COLUMN IF NOT EXISTS "email_verified" boolean DEFAULT false NOT NULL;--> statement-breakpoint
+DO $$ BEGIN
+ ALTER TABLE "accounts" ADD CONSTRAINT "accounts_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE cascade ON UPDATE no action;
+EXCEPTION
+ WHEN duplicate_object THEN null;
+END $$;
+--> statement-breakpoint
+DO $$ BEGIN
+ ALTER TABLE "auth_sessions" ADD CONSTRAINT "auth_sessions_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE cascade ON UPDATE no action;
+EXCEPTION
+ WHEN duplicate_object THEN null;
+END $$;