@lobehub/lobehub 2.0.0-next.142 → 2.0.0-next.144

package/src/layout/AuthProvider/MarketAuth/MarketAuthConfirmModal.tsx

@@ -0,0 +1,158 @@
+'use client';
+
+import { Modal } from '@lobehub/ui';
+import { createStyles } from 'antd-style';
+import { ArrowRight, ShieldCheck } from 'lucide-react';
+import { memo } from 'react';
+import { useTranslation } from 'react-i18next';
+
+const useStyles = createStyles(({ css, token }) => ({
+  content: css`
+    .ant-modal-content {
+      overflow: hidden;
+      padding: 0;
+    }
+
+    .ant-modal-header {
+      margin-block-end: 0;
+      padding: 0;
+      border-block-end: none;
+    }
+
+    .ant-modal-body {
+      padding: 0;
+    }
+
+    .ant-modal-footer {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+
+      margin-block-start: 0;
+      padding-block: 16px;
+      padding-inline: 24px;
+      border-block-start: 1px solid ${token.colorBorder};
+
+      background: ${token.colorBgContainer};
+
+      .ant-btn {
+        margin: 0;
+      }
+    }
+  `,
+  description: css`
+    font-size: 14px;
+    line-height: 1.5;
+    color: ${token.colorTextSecondary};
+    text-align: center;
+
+    a {
+      color: ${token.colorPrimary};
+      text-decoration: none;
+
+      &:hover {
+        text-decoration: underline;
+      }
+    }
+
+    .highlight {
+      font-weight: 500;
+      color: ${token.colorText};
+    }
+  `,
+  header: css`
+    padding-block: 24px 16px;
+    padding-inline: 24px;
+    text-align: center;
+  `,
+  iconWrapper: css`
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+
+    padding-block: 32px 0;
+    padding-inline: 0;
+  `,
+  okButton: css`
+    display: flex;
+    gap: 8px;
+    align-items: center;
+  `,
+  shieldIcon: css`
+    display: flex;
+    align-items: center;
+    justify-content: center;
+
+    width: 64px;
+    height: 64px;
+    border-radius: 50%;
+
+    background: ${token.colorPrimaryBg};
+
+    svg {
+      width: 36px;
+      height: 36px;
+      color: ${token.colorPrimary};
+    }
+  `,
+  title: css`
+    margin-block-end: 24px;
+    font-size: 18px;
+    font-weight: 600;
+    color: ${token.colorText};
+  `,
+}));
+
+interface MarketAuthConfirmModalProps {
+  onCancel: () => void;
+  onConfirm: () => void;
+  open: boolean;
+}
+
+const MarketAuthConfirmModal = memo<MarketAuthConfirmModalProps>(
+  ({ open, onConfirm, onCancel }) => {
+    const { t } = useTranslation('marketAuth');
+    const { styles } = useStyles();
+
+    return (
+      <Modal
+        cancelText={t('authorize.cancel')}
+        className={styles.content}
+        okButtonProps={{
+          className: styles.okButton,
+          icon: <ArrowRight size={16} />,
+        }}
+        okText={t('authorize.confirm')}
+        onCancel={onCancel}
+        onOk={onConfirm}
+        open={open}
+        title={null}
+        width={440}
+      >
+        <div className={styles.iconWrapper}>
+          <div className={styles.shieldIcon}>
+            <ShieldCheck />
+          </div>
+        </div>
+
+        <div className={styles.header}>
+          <div className={styles.title}>{t('authorize.title')}</div>
+          <div className={styles.description}>
+            {t('authorize.description.prefix')} <span className="highlight">LobeHub</span>{' '}
+            <a href="https://lobehub.com/terms" rel="noopener noreferrer" target="_blank">
+              {t('authorize.description.terms')}
+            </a>{' '}
+            {t('authorize.description.and')}{' '}
+            <a href="https://lobehub.com/privacy" rel="noopener noreferrer" target="_blank">
+              {t('authorize.description.privacy')}
+            </a>
+          </div>
+        </div>
+      </Modal>
+    );
+  },
+);
+
+MarketAuthConfirmModal.displayName = 'MarketAuthConfirmModal';
+
+export default MarketAuthConfirmModal;

package/src/layout/AuthProvider/MarketAuth/MarketAuthProvider.tsx

@@ -1,11 +1,14 @@
 'use client';
 
+import { App } from 'antd';
 import { ReactNode, createContext, useContext, useEffect, useState } from 'react';
+import { useTranslation } from 'react-i18next';
 
 import { MARKET_OIDC_ENDPOINTS } from '@/services/_url';
 import { useUserStore } from '@/store/user';
 import { settingsSelectors } from '@/store/user/slices/settings/selectors/settings';
 
+import MarketAuthConfirmModal from './MarketAuthConfirmModal';
 import { MarketAuthError } from './errors';
 import { MarketOIDC } from './oidc';
 import { MarketAuthContextType, MarketAuthSession, MarketUserInfo, OIDCConfig } from './types';
@@ -165,10 +168,20 @@ const refreshToken = async (): Promise<boolean> => {
  * Market 授权上下文提供者
  */
 export const MarketAuthProvider = ({ children, isDesktop }: MarketAuthProviderProps) => {
+  const { message } = App.useApp();
+  const { t } = useTranslation('marketAuth');
+
   const [session, setSession] = useState<MarketAuthSession | null>(null);
   const [status, setStatus] = useState<'loading' | 'authenticated' | 'unauthenticated'>('loading');
   const [oidcClient, setOidcClient] = useState<MarketOIDC | null>(null);
   const [shouldReauthorize, setShouldReauthorize] = useState(false);
+  const [showConfirmModal, setShowConfirmModal] = useState(false);
+  const [pendingSignInResolve, setPendingSignInResolve] = useState<
+    ((value: number | null) => void) | null
+  >(null);
+  const [pendingSignInReject, setPendingSignInReject] = useState<((reason?: any) => void) | null>(
+    null,
+  );
 
   // 初始化 OIDC 客户端（仅在客户端）
   useEffect(() => {
@@ -196,8 +209,56 @@ export const MarketAuthProvider = ({ children, isDesktop }: MarketAuthProviderPr
    */
   const restoreSession = () => {
     console.log('[MarketAuth] Attempting to restore session');
-    const token = getTokenFromCookie();
 
+    // 优先级 1: 从 DB 中获取 token（优先级最高）
+    const dbTokens = getMarketTokensFromDB();
+    if (dbTokens?.accessToken && dbTokens?.expiresAt) {
+      // 检查 DB 中的 token 是否过期
+      if (dbTokens.expiresAt > Date.now()) {
+        console.log('[MarketAuth] Session restored from DB');
+
+        // 尝试从 sessionStorage 获取用户信息（如果有的话）
+        let userInfo: MarketUserInfo | undefined;
+        const userInfoData = sessionStorage.getItem('market_user_info');
+        if (userInfoData) {
+          try {
+            userInfo = JSON.parse(userInfoData);
+          } catch (error) {
+            console.error('[MarketAuth] Failed to parse stored user info:', error);
+          }
+        }
+
+        // 创建会话对象
+        const restoredSession: MarketAuthSession = {
+          accessToken: dbTokens.accessToken,
+          expiresAt: dbTokens.expiresAt,
+          expiresIn: Math.floor((dbTokens.expiresAt - Date.now()) / 1000),
+          scope: 'openid profile email',
+          tokenType: 'Bearer',
+          userInfo,
+        };
+
+        // 同步到 cookie 和 sessionStorage
+        setTokenToCookie(dbTokens.accessToken, restoredSession.expiresIn);
+        sessionStorage.setItem('market_auth_session', JSON.stringify(restoredSession));
+
+        setSession(restoredSession);
+        setStatus('authenticated');
+        return;
+      } else {
+        console.log('[MarketAuth] DB token has expired, will trigger re-authorization');
+        // 清理过期的 DB tokens
+        clearMarketTokensFromDB();
+        sessionStorage.removeItem('market_auth_session');
+        removeTokenFromCookie();
+        // 标记需要重新授权，等待 oidcClient 准备好
+        setShouldReauthorize(true);
+        return;
+      }
+    }
+
+    // 优先级 2: 从 cookie 和 sessionStorage 中获取（DB 中没有时的备选方案）
+    const token = getTokenFromCookie();
     if (token) {
       // 从 sessionStorage 中获取完整的会话信息
       const sessionData = sessionStorage.getItem('market_auth_session');
@@ -207,14 +268,7 @@ export const MarketAuthProvider = ({ children, isDesktop }: MarketAuthProviderPr
 
           // 检查 token 是否过期
           if (parsedSession.expiresAt > Date.now()) {
-            console.log('[MarketAuth] Session restored from storage');
-
-            console.log('parsedSession', parsedSession);
-            console.log('parsedSession.userInfo', parsedSession.userInfo);
-            console.log(
-              "sessionStorage.getItem('market_user_info')",
-              sessionStorage.getItem('market_user_info'),
-            );
+            console.log('[MarketAuth] Session restored from cookie/sessionStorage');
 
             // 如果 session 中没有 userInfo，尝试从单独的存储中获取
             if (!parsedSession.userInfo) {
@@ -230,6 +284,9 @@ export const MarketAuthProvider = ({ children, isDesktop }: MarketAuthProviderPr
               }
             }
 
+            // 同步到 DB
+            saveMarketTokensToDB(parsedSession.accessToken, undefined, parsedSession.expiresAt);
+
             setSession(parsedSession);
             setStatus('authenticated');
             return;
@@ -254,9 +311,9 @@ export const MarketAuthProvider = ({ children, isDesktop }: MarketAuthProviderPr
   };
 
   /**
-   * 登录方法
+   * 实际执行登录的方法（内部使用）
    */
-  const signIn = async (): Promise<number | null> => {
+  const handleActualSignIn = async (): Promise<number | null> => {
     console.log('[MarketAuth] Starting sign in process');
 
     if (!oidcClient) {
@@ -311,15 +368,65 @@ export const MarketAuthProvider = ({ children, isDesktop }: MarketAuthProviderPr
       setSession(newSession);
       setStatus('authenticated');
 
-      console.log('[MarketAuth] Sign in completed successfully');
       return userInfo?.accountId ?? null;
     } catch (error) {
-      console.error('[MarketAuth] Sign in failed:', error);
       setStatus('unauthenticated');
+
+      // 根据错误类型显示不同的错误消息
+      if (error instanceof MarketAuthError) {
+        message.error(t(`errors.${error.code}`) || t('errors.general'));
+      } else {
+        message.error(t('errors.general'));
+      }
+
       throw error;
     }
   };
 
+  /**
+   * 登录方法（会先弹出确认对话框）
+   */
+  const signIn = async (): Promise<number | null> => {
+    return new Promise<number | null>((resolve, reject) => {
+      setPendingSignInResolve(() => resolve);
+      setPendingSignInReject(() => reject);
+      setShowConfirmModal(true);
+    });
+  };
+
+  /**
+   * 处理确认授权
+   */
+  const handleConfirmAuth = async () => {
+    setShowConfirmModal(false);
+    try {
+      const result = await handleActualSignIn();
+      if (pendingSignInResolve) {
+        pendingSignInResolve(result);
+        setPendingSignInResolve(null);
+        setPendingSignInReject(null);
+      }
+    } catch (error) {
+      if (pendingSignInReject) {
+        pendingSignInReject(error);
+        setPendingSignInResolve(null);
+        setPendingSignInReject(null);
+      }
+    }
+  };
+
+  /**
+   * 处理取消授权
+   */
+  const handleCancelAuth = () => {
+    setShowConfirmModal(false);
+    if (pendingSignInReject) {
+      pendingSignInReject(new Error('User cancelled authorization'));
+      setPendingSignInResolve(null);
+      setPendingSignInReject(null);
+    }
+  };
+
   /**
    * 登出方法
    */
@@ -468,7 +575,16 @@ export const MarketAuthProvider = ({ children, isDesktop }: MarketAuthProviderPr
     status,
   };
 
-  return <MarketAuthContext.Provider value={contextValue}>{children}</MarketAuthContext.Provider>;
+  return (
+    <MarketAuthContext.Provider value={contextValue}>
+      {children}
+      <MarketAuthConfirmModal
+        onCancel={handleCancelAuth}
+        onConfirm={handleConfirmAuth}
+        open={showConfirmModal}
+      />
+    </MarketAuthContext.Provider>
+  );
 };
 
 /**

package/src/libs/mcp/types.ts

@@ -149,6 +149,14 @@ export interface StdioMCPParams {
   type: 'stdio';
 }
 
+export interface CloudMCPParams {
+  auth?: AuthConfig;
+  headers?: Record<string, string>;
+  name: string;
+  type: 'cloud';
+  url: string;
+}
+
 export type MCPClientParams = HttpMCPClientParams | StdioMCPParams;
 
 export type MCPErrorType =

package/src/locales/default/marketAuth.ts

@@ -1,4 +1,15 @@
 export default {
+  authorize: {
+    cancel: '取消',
+    confirm: '授权使用',
+    description: {
+      and: '和',
+      prefix: '点击授权使用即视为同意',
+      privacy: '隐私协议',
+      terms: '服务条款',
+    },
+    title: '确认授权',
+  },
   callback: {
     buttons: {
       close: '关闭窗口',
@@ -33,8 +44,10 @@ export default {
     stateMissing: '未找到授权状态，请重试。',
   },
   messages: {
+    authorized: 'LobeHub 服务授权成功',
     loading: '正在启动授权流程...',
     success: {
+      cloudMcpInstall: '授权成功！现在可以安装 Cloud MCP 插件了。',
       submit: '授权成功！现在可以发布助手了。',
       upload: '授权成功！现在可以发布新版本了。',
     },

package/src/server/routers/lambda/market/index.ts

@@ -4,8 +4,14 @@ import { serialize } from 'cookie';
 import debug from 'debug';
 import { z } from 'zod';
 
-import { publicProcedure, router } from '@/libs/trpc/lambda';
+import { authedProcedure, publicProcedure, router } from '@/libs/trpc/lambda';
+import { serverDatabase } from '@/libs/trpc/lambda/middleware';
 import { DiscoverService } from '@/server/services/discover';
+import { FileService } from '@/server/services/file';
+import {
+  contentBlocksToString,
+  processContentBlocks,
+} from '@/server/services/mcp/contentProcessor';
 import {
   AssistantSorts,
   McpConnectionType,
@@ -27,7 +33,85 @@ const marketProcedure = publicProcedure.use(async ({ ctx, next }) => {
   });
 });
 
+// Procedure with user authentication for operations requiring user access token
+const authedMarketProcedure = authedProcedure.use(serverDatabase).use(async ({ ctx, next }) => {
+  const { UserModel } = await import('@/database/models/user');
+  const userModel = new UserModel(ctx.serverDB, ctx.userId);
+
+  return next({
+    ctx: {
+      discoverService: new DiscoverService({ accessToken: ctx.marketAccessToken }),
+      fileService: new FileService(ctx.serverDB, ctx.userId),
+      userModel,
+    },
+  });
+});
+
 export const marketRouter = router({
+  // ============================== Cloud MCP Gateway ==============================
+  callCloudMcpEndpoint: authedMarketProcedure
+    .input(
+      z.object({
+        apiParams: z.record(z.any()),
+        identifier: z.string(),
+        toolName: z.string(),
+      }),
+    )
+    .mutation(async ({ input, ctx }) => {
+      log('callCloudMcpEndpoint input: %O', input);
+
+      try {
+        // Query user_settings to get market.accessToken
+        const userState = await ctx.userModel.getUserState(async () => ({}));
+        const userAccessToken = userState.settings?.market?.accessToken;
+
+        log('callCloudMcpEndpoint: userAccessToken exists=%s', !!userAccessToken);
+
+        if (!userAccessToken) {
+          throw new TRPCError({
+            code: 'UNAUTHORIZED',
+            message: 'User access token not found. Please sign in to Market first.',
+          });
+        }
+
+        const cloudResult = await ctx.discoverService.callCloudMcpEndpoint({
+          apiParams: input.apiParams,
+          identifier: input.identifier,
+          toolName: input.toolName,
+          userAccessToken,
+        });
+
+        // Format the cloud result to MCPToolCallResult format
+        // Process content blocks (upload images, etc.)
+        const newContent =
+          cloudResult?.isError || !ctx.fileService
+            ? cloudResult?.content
+            : await processContentBlocks(cloudResult?.content, ctx.fileService);
+
+        // Convert content blocks to string
+        const content = contentBlocksToString(newContent);
+        const state = { ...cloudResult, content: newContent };
+
+        if (cloudResult?.isError) {
+          return { content, state, success: true };
+        }
+
+        return { content, state, success: true };
+      } catch (error) {
+        log('Error calling cloud MCP endpoint: %O', error);
+
+        // Re-throw TRPCError as-is
+        if (error instanceof TRPCError) {
+          throw error;
+        }
+
+        throw new TRPCError({
+          code: 'INTERNAL_SERVER_ERROR',
+          message: 'Failed to call cloud MCP endpoint',
+        });
+      }
+    }),
+
   // ============================== Assistant Market ==============================
   getAssistantCategories: marketProcedure
     .input(
@@ -558,7 +642,6 @@ export const marketRouter = router({
     }),
 
   // ============================== Analytics ==============================
-
   reportCall: marketProcedure
     .input(
       z.object({

package/src/server/services/discover/index.ts

@@ -119,6 +119,44 @@ export class DiscoverService {
     };
   }
 
+  // ============================== Call Cloud Mcp Endpoint Methods ==============================
+
+  async callCloudMcpEndpoint(params: {
+    apiParams: Record<string, any>;
+    identifier: string;
+    toolName: string;
+    userAccessToken: string;
+  }) {
+    log('callCloudMcpEndpoint: params=%O', {
+      apiParams: params.apiParams,
+      hasUserAccessToken: !!params.userAccessToken,
+      identifier: params.identifier,
+      toolName: params.toolName,
+    });
+
+    try {
+      // Call cloud gateway with user access token in Authorization header
+      const result = await this.market.plugins.callCloudGateway(
+        {
+          apiParams: params.apiParams,
+          identifier: params.identifier,
+          toolName: params.toolName,
+        },
+        {
+          headers: {
+            Authorization: `Bearer ${params.userAccessToken}`,
+          },
+        },
+      );
+
+      log('callCloudMcpEndpoint: success, result=%O', result);
+      return result;
+    } catch (error) {
+      log('callCloudMcpEndpoint: error=%O', error);
+      throw error;
+    }
+  }
+
   // ============================== Helper Methods ==============================
 
   /**
@@ -539,9 +577,9 @@ export class DiscoverService {
         description: (data as any).description || data.summary,
         examples: Array.isArray((data as any).examples)
           ? (data as any).examples.map((example: any) => ({
-            content: typeof example === 'string' ? example : example.content || '',
-            role: example.role || 'user',
-          }))
+              content: typeof example === 'string' ? example : example.content || '',
+              role: example.role || 'user',
+            }))
           : [],
         homepage:
           (data as any).homepage ||
@@ -886,7 +924,10 @@ export class DiscoverService {
     const all = await this._getPluginList(locale);
     let raw = all.find((item) => item.identifier === identifier);
     if (!raw) {
-      log('getPluginDetail: plugin not found in default store for identifier=%s, trying MCP plugin', identifier);
+      log(
+        'getPluginDetail: plugin not found in default store for identifier=%s, trying MCP plugin',
+        identifier,
+      );
       try {
         const mcpDetail = await this.getMcpDetail({ identifier, locale });
         const convertedMcp: Partial<DiscoverPluginDetail> = {

package/src/services/discover.ts

@@ -291,7 +291,7 @@ class DiscoverService {
 
   // ============================== Helpers ==============================
 
-  private async injectMPToken() {
+  async injectMPToken() {
     if (typeof localStorage === 'undefined') return;
 
     // Check server-set status flag cookie

package/src/services/mcp.ts

@@ -5,7 +5,7 @@ import { PluginManifest } from '@lobehub/market-sdk';
 import { CallReportRequest } from '@lobehub/market-types';
 
 import { MCPToolCallResult } from '@/libs/mcp';
-import { desktopClient, toolsClient } from '@/libs/trpc/client';
+import { desktopClient, lambdaClient, toolsClient } from '@/libs/trpc/client';
 
 import { discoverService } from './discover';
 
@@ -84,6 +84,7 @@ class MCPService {
     };
 
     const isStdio = plugin?.customParams?.mcp?.type === 'stdio';
+    const isCloud = plugin?.customParams?.mcp?.type === 'cloud';
 
     // Record call start time
     const callStartTime = Date.now();
@@ -93,10 +94,24 @@ class MCPService {
     let result: MCPToolCallResult | undefined;
 
     try {
-      // For desktop and stdio, use the desktopClient
-      if (isDesktop && isStdio) {
+      // For cloud type, call via cloud gateway
+      if (isCloud) {
+        // Parse args
+        const apiParams = safeParseJSON(args) || {};
+
+        // Call cloud gateway via lambda market endpoint
+        // Server will automatically get user access token from database
+        // and format the result to MCPToolCallResult
+        result = await lambdaClient.market.callCloudMcpEndpoint.mutate({
+          apiParams,
+          identifier,
+          toolName: apiName,
+        });
+      } else if (isDesktop && isStdio) {
+        // For desktop and stdio, use the desktopClient
         result = await desktopClient.mcp.callTool.mutate(data, { signal });
       } else {
+        // For other types, use the toolsClient
         result = await toolsClient.mcp.callTool.mutate(data, { signal });
       }