@lobehub/lobehub 2.0.0-next.161 → 2.0.0-next.162

package/locales/tr-TR/authError.json

@@ -0,0 +1,40 @@
+{
+  "actions": {
+    "discord": "Geri bildirim için Discord'a git",
+    "home": "Ana sayfaya dön",
+    "retry": "Yeniden giriş yap"
+  },
+  "codes": {
+    "ACCOUNT_ALREADY_LINKED_TO_DIFFERENT_USER": "Bu hesap başka bir kullanıcıya zaten bağlı",
+    "ACCOUNT_NOT_FOUND": "İlgili hesap bulunamadı",
+    "CREDENTIAL_ACCOUNT_NOT_FOUND": "Kimlik bilgisi hesabı mevcut değil",
+    "EMAIL_CAN_NOT_BE_UPDATED": "Bu hesabın e-posta adresi değiştirilemez",
+    "EMAIL_NOT_VERIFIED": "Lütfen önce e-posta doğrulamasını tamamlayın",
+    "FAILED_TO_CREATE_SESSION": "Oturum oluşturulamadı",
+    "FAILED_TO_CREATE_USER": "Kullanıcı oluşturulamadı",
+    "FAILED_TO_GET_SESSION": "Oturum alınamadı",
+    "FAILED_TO_GET_USER_INFO": "Kullanıcı bilgileri alınamadı",
+    "FAILED_TO_UNLINK_LAST_ACCOUNT": "Son bağlı hesabın bağlantısı kaldırılamaz",
+    "FAILED_TO_UPDATE_USER": "Kullanıcı bilgileri güncellenemedi",
+    "ID_TOKEN_NOT_SUPPORTED": "Bu kimlik belirteci desteklenmiyor",
+    "INVALID_EMAIL": "Geçersiz e-posta formatı",
+    "INVALID_EMAIL_OR_PASSWORD": "E-posta veya şifre hatalı",
+    "INVALID_PASSWORD": "Geçersiz şifre formatı",
+    "INVALID_TOKEN": "Belirteç geçersiz veya süresi dolmuş",
+    "PASSWORD_TOO_LONG": "Şifre çok uzun",
+    "PASSWORD_TOO_SHORT": "Şifre çok kısa",
+    "PROVIDER_NOT_FOUND": "İlgili kimlik sağlayıcısı bulunamadı",
+    "RATE_LIMIT_EXCEEDED": "Çok fazla istek gönderildi, lütfen daha sonra tekrar deneyin",
+    "SESSION_EXPIRED": "Oturum süresi doldu, lütfen yeniden giriş yapın",
+    "SOCIAL_ACCOUNT_ALREADY_LINKED": "Bu sosyal medya hesabı başka bir kullanıcıya bağlı",
+    "UNEXPECTED_ERROR": "Bilinmeyen bir hata oluştu, lütfen tekrar deneyin",
+    "UNKNOWN": "Bilinmeyen bir hata oluştu, lütfen tekrar deneyin veya destekle iletişime geçin",
+    "USER_ALREADY_EXISTS": "Kullanıcı zaten mevcut",
+    "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "Bu e-posta zaten kullanılıyor, lütfen başka bir e-posta deneyin",
+    "USER_ALREADY_HAS_PASSWORD": "Bu hesap zaten bir şifreye sahip",
+    "USER_BANNED": "Bu kullanıcı engellenmiş",
+    "USER_EMAIL_NOT_FOUND": "İlgili e-posta bulunamadı",
+    "USER_NOT_FOUND": "Kullanıcı bulunamadı"
+  },
+  "title": "Kimlik doğrulama hatası"
+}

package/locales/vi-VN/authError.json

@@ -0,0 +1,40 @@
+{
+  "actions": {
+    "discord": "Gửi phản hồi qua Discord",
+    "home": "Quay về trang chủ",
+    "retry": "Đăng nhập lại"
+  },
+  "codes": {
+    "ACCOUNT_ALREADY_LINKED_TO_DIFFERENT_USER": "Tài khoản này đã được liên kết với người dùng khác",
+    "ACCOUNT_NOT_FOUND": "Không tìm thấy tài khoản tương ứng",
+    "CREDENTIAL_ACCOUNT_NOT_FOUND": "Tài khoản xác thực không tồn tại",
+    "EMAIL_CAN_NOT_BE_UPDATED": "Không thể thay đổi email của tài khoản hiện tại",
+    "EMAIL_NOT_VERIFIED": "Vui lòng xác minh email trước",
+    "FAILED_TO_CREATE_SESSION": "Tạo phiên làm việc thất bại",
+    "FAILED_TO_CREATE_USER": "Tạo người dùng thất bại",
+    "FAILED_TO_GET_SESSION": "Lấy thông tin phiên làm việc thất bại",
+    "FAILED_TO_GET_USER_INFO": "Lấy thông tin người dùng thất bại",
+    "FAILED_TO_UNLINK_LAST_ACCOUNT": "Không thể hủy liên kết tài khoản cuối cùng",
+    "FAILED_TO_UPDATE_USER": "Cập nhật thông tin người dùng thất bại",
+    "ID_TOKEN_NOT_SUPPORTED": "Mã định danh không được hỗ trợ",
+    "INVALID_EMAIL": "Định dạng email không hợp lệ",
+    "INVALID_EMAIL_OR_PASSWORD": "Email hoặc mật khẩu không đúng",
+    "INVALID_PASSWORD": "Định dạng mật khẩu không hợp lệ",
+    "INVALID_TOKEN": "Mã xác thực không hợp lệ hoặc đã hết hạn",
+    "PASSWORD_TOO_LONG": "Mật khẩu quá dài",
+    "PASSWORD_TOO_SHORT": "Mật khẩu quá ngắn",
+    "PROVIDER_NOT_FOUND": "Không tìm thấy cấu hình nhà cung cấp xác thực",
+    "RATE_LIMIT_EXCEEDED": "Yêu cầu quá nhiều, vui lòng thử lại sau",
+    "SESSION_EXPIRED": "Phiên làm việc đã hết hạn, vui lòng đăng nhập lại",
+    "SOCIAL_ACCOUNT_ALREADY_LINKED": "Tài khoản mạng xã hội này đã được liên kết với người dùng khác",
+    "UNEXPECTED_ERROR": "Đã xảy ra lỗi không xác định, vui lòng thử lại",
+    "UNKNOWN": "Đã xảy ra lỗi không xác định, vui lòng thử lại hoặc liên hệ hỗ trợ",
+    "USER_ALREADY_EXISTS": "Người dùng đã tồn tại",
+    "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "Email đã được sử dụng, vui lòng thử email khác",
+    "USER_ALREADY_HAS_PASSWORD": "Tài khoản này đã có mật khẩu",
+    "USER_BANNED": "Người dùng này đã bị cấm",
+    "USER_EMAIL_NOT_FOUND": "Không tìm thấy email tương ứng",
+    "USER_NOT_FOUND": "Không tìm thấy người dùng"
+  },
+  "title": "Lỗi xác thực"
+}

package/locales/zh-CN/authError.json

@@ -0,0 +1,40 @@
+{
+  "actions": {
+    "discord": "前往 Discord 反馈",
+    "home": "返回首页",
+    "retry": "重新登录"
+  },
+  "codes": {
+    "ACCOUNT_ALREADY_LINKED_TO_DIFFERENT_USER": "该账号已关联至其他用户",
+    "ACCOUNT_NOT_FOUND": "未找到对应账号",
+    "CREDENTIAL_ACCOUNT_NOT_FOUND": "凭证账号不存在",
+    "EMAIL_CAN_NOT_BE_UPDATED": "当前账号邮箱不可修改",
+    "EMAIL_NOT_VERIFIED": "请先完成邮箱验证",
+    "FAILED_TO_CREATE_SESSION": "创建会话失败",
+    "FAILED_TO_CREATE_USER": "创建用户失败",
+    "FAILED_TO_GET_SESSION": "获取会话失败",
+    "FAILED_TO_GET_USER_INFO": "获取用户信息失败",
+    "FAILED_TO_UNLINK_LAST_ACCOUNT": "无法解绑最后一个关联账号",
+    "FAILED_TO_UPDATE_USER": "更新用户信息失败",
+    "ID_TOKEN_NOT_SUPPORTED": "当前身份令牌不被支持",
+    "INVALID_EMAIL": "邮箱格式不正确",
+    "INVALID_EMAIL_OR_PASSWORD": "邮箱或密码错误",
+    "INVALID_PASSWORD": "密码格式无效",
+    "INVALID_TOKEN": "令牌无效或已过期",
+    "PASSWORD_TOO_LONG": "密码长度过长",
+    "PASSWORD_TOO_SHORT": "密码长度过短",
+    "PROVIDER_NOT_FOUND": "未找到对应的身份提供方配置",
+    "RATE_LIMIT_EXCEEDED": "请求过于频繁，请稍后再试",
+    "SESSION_EXPIRED": "会话已过期，请重新登录",
+    "SOCIAL_ACCOUNT_ALREADY_LINKED": "该社交账号已被其他用户绑定",
+    "UNEXPECTED_ERROR": "发生未知错误，请重试",
+    "UNKNOWN": "发生未知错误，请重试或联系支持",
+    "USER_ALREADY_EXISTS": "用户已存在",
+    "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "邮箱已被使用，请尝试其他邮箱",
+    "USER_ALREADY_HAS_PASSWORD": "该账号已设置密码",
+    "USER_BANNED": "该用户已被封禁",
+    "USER_EMAIL_NOT_FOUND": "未找到对应邮箱",
+    "USER_NOT_FOUND": "未找到用户"
+  },
+  "title": "身份验证出错"
+}

package/locales/zh-CN/setting.json

@@ -803,8 +803,8 @@
       "store": "插件商店"
     },
     "tabs": {
-      "installed": "已启用",
-      "all": "全部"
+      "all": "全部",
+      "installed": "已启用"
     },
     "title": "扩展插件"
   }

package/locales/zh-TW/authError.json

@@ -0,0 +1,40 @@
+{
+  "actions": {
+    "discord": "前往 Discord 回饋",
+    "home": "返回首頁",
+    "retry": "重新登入"
+  },
+  "codes": {
+    "ACCOUNT_ALREADY_LINKED_TO_DIFFERENT_USER": "該帳號已綁定至其他使用者",
+    "ACCOUNT_NOT_FOUND": "找不到對應帳號",
+    "CREDENTIAL_ACCOUNT_NOT_FOUND": "憑證帳號不存在",
+    "EMAIL_CAN_NOT_BE_UPDATED": "目前帳號的電子郵件無法修改",
+    "EMAIL_NOT_VERIFIED": "請先完成電子郵件驗證",
+    "FAILED_TO_CREATE_SESSION": "建立會話失敗",
+    "FAILED_TO_CREATE_USER": "建立使用者失敗",
+    "FAILED_TO_GET_SESSION": "取得會話失敗",
+    "FAILED_TO_GET_USER_INFO": "取得使用者資訊失敗",
+    "FAILED_TO_UNLINK_LAST_ACCOUNT": "無法解除綁定最後一個關聯帳號",
+    "FAILED_TO_UPDATE_USER": "更新使用者資訊失敗",
+    "ID_TOKEN_NOT_SUPPORTED": "目前的身份令牌不被支援",
+    "INVALID_EMAIL": "電子郵件格式不正確",
+    "INVALID_EMAIL_OR_PASSWORD": "電子郵件或密碼錯誤",
+    "INVALID_PASSWORD": "密碼格式無效",
+    "INVALID_TOKEN": "令牌無效或已過期",
+    "PASSWORD_TOO_LONG": "密碼長度過長",
+    "PASSWORD_TOO_SHORT": "密碼長度過短",
+    "PROVIDER_NOT_FOUND": "找不到對應的身份提供者設定",
+    "RATE_LIMIT_EXCEEDED": "請求過於頻繁，請稍後再試",
+    "SESSION_EXPIRED": "會話已過期，請重新登入",
+    "SOCIAL_ACCOUNT_ALREADY_LINKED": "該社群帳號已被其他使用者綁定",
+    "UNEXPECTED_ERROR": "發生未知錯誤，請重試",
+    "UNKNOWN": "發生未知錯誤，請重試或聯絡支援",
+    "USER_ALREADY_EXISTS": "使用者已存在",
+    "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL": "電子郵件已被使用，請嘗試其他電子郵件",
+    "USER_ALREADY_HAS_PASSWORD": "該帳號已設定密碼",
+    "USER_BANNED": "該使用者已被封鎖",
+    "USER_EMAIL_NOT_FOUND": "找不到對應的電子郵件",
+    "USER_NOT_FOUND": "找不到使用者"
+  },
+  "title": "身份驗證錯誤"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/lobehub",
-  "version": "2.0.0-next.161",
+  "version": "2.0.0-next.162",
   "description": "LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/src/app/[variants]/(auth)/auth-error/page.tsx

@@ -0,0 +1,59 @@
+'use client';
+
+import { SiDiscord } from '@icons-pack/react-simple-icons';
+import { Button, Icon } from '@lobehub/ui';
+import { Result, Tag, Typography } from 'antd';
+import { ShieldAlert } from 'lucide-react';
+import Link from 'next/link';
+import { parseAsString, useQueryState } from 'nuqs';
+import { memo } from 'react';
+import { useTranslation } from 'react-i18next';
+import { Flexbox } from 'react-layout-kit';
+
+const DISCORD_URL = 'https://discord.gg/AYFPHvv2jT';
+
+const normalizeErrorCode = (code?: string | null) =>
+  (code || 'UNKNOWN').trim().toUpperCase().replaceAll('-', '_');
+
+const AuthErrorPage = memo(() => {
+  const { t } = useTranslation('authError');
+  const [error] = useQueryState('error', parseAsString);
+
+  const code = normalizeErrorCode(error);
+  const description = t(`codes.${code}`, { defaultValue: t('codes.UNKNOWN') });
+
+  return (
+    <Result
+      extra={
+        <Flexbox align="center" gap={16}>
+          <Flexbox gap={12} horizontal justify="center" wrap="wrap">
+            <Link href="/signin">
+              <Button type="primary">{t('actions.retry')}</Button>
+            </Link>
+            <Link href="/">
+              <Button>{t('actions.home')}</Button>
+            </Link>
+          </Flexbox>
+          <Link href={DISCORD_URL} rel="noopener noreferrer" target="_blank">
+            <Button icon={<Icon icon={SiDiscord} />} type="text">
+              {t('actions.discord')}
+            </Button>
+          </Link>
+        </Flexbox>
+      }
+      icon={<Icon icon={ShieldAlert} />}
+      status="error"
+      subTitle={
+        <Flexbox align="center" gap={8}>
+          <Tag color="red">{error || 'UNKNOWN'}</Tag>
+          <Typography.Text type="secondary">{description}</Typography.Text>
+        </Flexbox>
+      }
+      title={t('title')}
+    />
+  );
+});
+
+AuthErrorPage.displayName = 'AuthErrorPage';
+
+export default AuthErrorPage;

package/src/auth.ts

@@ -1,8 +1,8 @@
 /* eslint-disable sort-keys-fix/sort-keys-fix, typescript-sort-keys/interface */
 import { createNanoId, idGenerator, serverDB } from '@lobechat/database';
-import { betterAuth } from 'better-auth/minimal';
 import { emailHarmony } from 'better-auth-harmony';
 import { drizzleAdapter } from 'better-auth/adapters/drizzle';
+import { betterAuth } from 'better-auth/minimal';
 import { admin, genericOAuth, magicLink } from 'better-auth/plugins';
 
 import { authEnv } from '@/envs/auth';
@@ -12,6 +12,7 @@ import {
   getVerificationEmailTemplate,
 } from '@/libs/better-auth/email-templates';
 import { initBetterAuthSSOProviders } from '@/libs/better-auth/sso';
+import { createSecondaryStorage, getTrustedOrigins } from '@/libs/better-auth/utils/config';
 import { parseSSOProviders } from '@/libs/better-auth/utils/server';
 import { EmailService } from '@/server/services/email';
 import { UserService } from '@/server/services/user';
@@ -21,55 +22,10 @@ import { UserService } from '@/server/services/user';
 const VERIFICATION_LINK_EXPIRES_IN = 3600;
 const MAGIC_LINK_EXPIRES_IN = 900;
 const enableMagicLink = authEnv.NEXT_PUBLIC_ENABLE_MAGIC_LINK;
-const APPLE_TRUSTED_ORIGIN = 'https://appleid.apple.com';
 const enabledSSOProviders = parseSSOProviders(authEnv.AUTH_SSO_PROVIDERS);
 
 const { socialProviders, genericOAuthProviders } = initBetterAuthSSOProviders();
 
-/**
- * Normalize a URL-like string to an origin with https fallback.
- */
-const normalizeOrigin = (url?: string) => {
-  if (!url) return undefined;
-
-  try {
-    const normalizedUrl = url.startsWith('http') ? url : `https://${url}`;
-
-    return new URL(normalizedUrl).origin;
-  } catch {
-    return undefined;
-  }
-};
-
-/**
- * Build trusted origins with env override and Vercel-aware defaults.
- */
-const getTrustedOrigins = () => {
-  if (authEnv.AUTH_TRUSTED_ORIGINS) {
-    const originsFromEnv = authEnv.AUTH_TRUSTED_ORIGINS.split(',')
-      .map((item) => normalizeOrigin(item.trim()))
-      .filter(Boolean) as string[];
-
-    if (originsFromEnv.length > 0) return Array.from(new Set(originsFromEnv));
-  }
-
-  const defaults = [
-    authEnv.NEXT_PUBLIC_AUTH_URL,
-    normalizeOrigin(process.env.APP_URL),
-    normalizeOrigin(process.env.VERCEL_BRANCH_URL),
-    normalizeOrigin(process.env.VERCEL_URL),
-  ].filter(Boolean) as string[];
-
-  const baseTrustedOrigins = defaults.length > 0 ? Array.from(new Set(defaults)) : undefined;
-
-  if (!enabledSSOProviders.includes('apple')) return baseTrustedOrigins;
-
-  const mergedOrigins = new Set(baseTrustedOrigins || []);
-  mergedOrigins.add(APPLE_TRUSTED_ORIGIN);
-
-  return Array.from(mergedOrigins);
-};
-
 export const auth = betterAuth({
   account: {
     accountLinking: {
@@ -82,7 +38,7 @@ export const auth = betterAuth({
   // Use renamed env vars (fallback to next-auth vars is handled in src/envs/auth.ts)
   baseURL: authEnv.NEXT_PUBLIC_AUTH_URL,
   secret: authEnv.AUTH_SECRET,
-  trustedOrigins: getTrustedOrigins(),
+  trustedOrigins: getTrustedOrigins(enabledSSOProviders),
 
   emailAndPassword: {
     autoSignIn: true,
@@ -118,10 +74,19 @@ export const auth = betterAuth({
       });
     },
   },
-
+  onAPIError: {
+    errorURL: '/auth-error',
+  },
+  session: {
+    cookieCache: {
+      enabled: true,
+      maxAge: 10 * 60, // Cache duration in seconds
+    },
+  },
   database: drizzleAdapter(serverDB, {
     provider: 'pg',
   }),
+  secondaryStorage: createSecondaryStorage(),
   /**
    * Database joins is useful when Better-Auth needs to fetch related data from multiple tables in a single query.
    * Endpoints like /get-session, /get-full-organization and many others benefit greatly from this feature,

package/src/envs/redis.ts

@@ -14,7 +14,7 @@ const parseNumber = (value?: string) => {
 
 const parseRedisTls = (value?: string) => {
   if (!value) {
-    return false
+    return false;
   }
 
   const normalized = value.trim().toLowerCase();

package/src/libs/better-auth/utils/config.ts

@@ -0,0 +1,91 @@
+import { authEnv } from '@/envs/auth';
+import { getRedisConfig } from '@/envs/redis';
+import { initializeRedis, isRedisEnabled } from '@/libs/redis';
+
+const APPLE_TRUSTED_ORIGIN = 'https://appleid.apple.com';
+
+/**
+ * Normalize a URL-like string to an origin with https fallback.
+ */
+export const normalizeOrigin = (url?: string) => {
+  if (!url) return undefined;
+
+  try {
+    const normalizedUrl = url.startsWith('http') ? url : `https://${url}`;
+
+    return new URL(normalizedUrl).origin;
+  } catch {
+    return undefined;
+  }
+};
+
+/**
+ * Build trusted origins with env override and Vercel-aware defaults.
+ */
+export const getTrustedOrigins = (enabledSSOProviders: string[]) => {
+  if (authEnv.AUTH_TRUSTED_ORIGINS) {
+    const originsFromEnv = authEnv.AUTH_TRUSTED_ORIGINS.split(',')
+      .map((item) => normalizeOrigin(item.trim()))
+      .filter(Boolean) as string[];
+
+    if (originsFromEnv.length > 0) return Array.from(new Set(originsFromEnv));
+  }
+
+  const defaults = [
+    authEnv.NEXT_PUBLIC_AUTH_URL,
+    normalizeOrigin(process.env.APP_URL),
+    normalizeOrigin(process.env.VERCEL_BRANCH_URL),
+    normalizeOrigin(process.env.VERCEL_URL),
+  ].filter(Boolean) as string[];
+
+  const baseTrustedOrigins = defaults.length > 0 ? Array.from(new Set(defaults)) : undefined;
+
+  if (!enabledSSOProviders.includes('apple')) return baseTrustedOrigins;
+
+  const mergedOrigins = new Set(baseTrustedOrigins || []);
+  mergedOrigins.add(APPLE_TRUSTED_ORIGIN);
+
+  return Array.from(mergedOrigins);
+};
+
+/**
+ * Build Better Auth secondaryStorage backed by Redis.
+ * Uses the shared Redis manager to avoid duplicate connections and prefixes keys to prevent clashes.
+ */
+export const createSecondaryStorage = () => {
+  const redisConfig = getRedisConfig();
+  if (!isRedisEnabled(redisConfig)) return undefined;
+
+  const secondaryStorageKeyPrefix = 'better-auth:';
+
+  const buildKey = (key: string) => `${secondaryStorageKeyPrefix}${key}`;
+
+  const getRedisClient = async () => {
+    const redisClient = await initializeRedis(redisConfig);
+    if (!redisClient) {
+      throw new Error('Redis secondary storage is enabled but failed to initialize');
+    }
+
+    return redisClient;
+  };
+
+  return {
+    delete: async (key: string) => {
+      const redisClient = await getRedisClient();
+      await redisClient.del(buildKey(key));
+    },
+    get: async (key: string) => {
+      const redisClient = await getRedisClient();
+      return (await redisClient.get(buildKey(key))) ?? null;
+    },
+    set: async (key: string, value: string, ttl?: number) => {
+      const redisClient = await getRedisClient();
+      if (typeof ttl === 'number') {
+        await redisClient.set(buildKey(key), value, { ex: ttl });
+        return;
+      }
+
+      await redisClient.set(buildKey(key), value);
+    },
+  };
+};

package/src/libs/redis/manager.ts

@@ -23,7 +23,11 @@ class RedisManager {
       if (config.provider === 'redis') {
         provider = new IoRedisRedisProvider(config);
       } else if (config.provider === 'upstash') {
-        provider = new UpstashRedisProvider({ token: config.token, url: config.url });
+        provider = new UpstashRedisProvider({
+          prefix: config.prefix,
+          token: config.token,
+          url: config.url,
+        });
       } else {
         throw new Error(`Unsupported redis provider: ${String((config as any).provider)}`);
       }

package/src/libs/redis/redis.test.ts

@@ -1,4 +1,4 @@
-import { describe, expect, it, vi } from 'vitest';
+import { afterEach, describe, expect, it, vi } from 'vitest';
 
 import { IoRedisConfig } from './types';
 

package/src/libs/redis/upstash.test.ts

@@ -5,7 +5,7 @@
 //
 // Read more here: https://github.com/capricorn86/happy-dom/issues/1042#issuecomment-3585851354
 import { Buffer } from 'node:buffer';
-import { describe, expect, it, vi } from 'vitest';
+import { afterEach, describe, expect, it, vi } from 'vitest';
 
 import { UpstashConfig } from './types';
 
@@ -139,9 +139,9 @@ describe('mocked', () => {
     await provider.hset(bufKey, 'field', 'value');
     await provider.del(bufKey);
 
-    expect(mocks.mockSet).toHaveBeenCalledWith('buffer-key', 'value', undefined);
-    expect(mocks.mockHset).toHaveBeenCalledWith('buffer-key', { field: 'value' });
-    expect(mocks.mockDel).toHaveBeenCalledWith('buffer-key');
+    expect(mocks.mockSet).toHaveBeenCalledWith('mock:buffer-key', 'value', undefined);
+    expect(mocks.mockHset).toHaveBeenCalledWith('mock:buffer-key', { field: 'value' });
+    expect(mocks.mockDel).toHaveBeenCalledWith('mock:buffer-key');
   });
 
   it('passes set options through to upstash client', async () => {
@@ -149,6 +149,10 @@ describe('mocked', () => {
 
     await provider.set('key', 'value', { ex: 10, nx: true, get: true });
 
-    expect(mocks.mockSet).toHaveBeenCalledWith('key', 'value', { ex: 10, nx: true, get: true });
+    expect(mocks.mockSet).toHaveBeenCalledWith('mock:key', 'value', {
+      ex: 10,
+      nx: true,
+      get: true,
+    });
   });
 });

package/src/libs/redis/upstash.ts

@@ -20,9 +20,28 @@ import {
 export class UpstashRedisProvider implements BaseRedisProvider {
   provider: 'upstash' = 'upstash';
   private client: Redis;
+  private readonly prefix: string;
 
   constructor(options: UpstashConfig | RedisConfigNodejs) {
-    this.client = new Redis(options as RedisConfigNodejs);
+    const { prefix, ...clientOptions } = options as UpstashConfig & RedisConfigNodejs;
+    this.prefix = prefix ? `${prefix}:` : '';
+    this.client = new Redis(clientOptions as RedisConfigNodejs);
+  }
+
+  /**
+   * Build a fully qualified key assuming the input was already normalized.
+   * Avoids re-running normalization when callers have normalized keys (e.g. mset).
+   */
+  private addPrefixToKey(normalizedKey: string) {
+    return `${this.prefix}${normalizedKey}`;
+  }
+
+  private buildKey(key: RedisKey) {
+    return this.addPrefixToKey(normalizeRedisKey(key));
+  }
+
+  private buildKeys(keys: RedisKey[]) {
+    return normalizeRedisKeys(keys).map((key) => `${this.prefix}${key}`);
   }
 
   async initialize(): Promise<void> {
@@ -34,15 +53,11 @@ export class UpstashRedisProvider implements BaseRedisProvider {
   }
 
   async get(key: RedisKey): Promise<string | null> {
-    return this.client.get(normalizeRedisKey(key));
+    return this.client.get(this.buildKey(key));
   }
 
   async set(key: RedisKey, value: RedisValue, options?: SetOptions): Promise<RedisSetResult> {
-    const res = await this.client.set(
-      normalizeRedisKey(key),
-      value,
-      buildUpstashSetOptions(options),
-    );
+    const res = await this.client.set(this.buildKey(key), value, buildUpstashSetOptions(options));
     if (Buffer.isBuffer(res)) {
       return res.toString();
     }
@@ -51,55 +66,64 @@ export class UpstashRedisProvider implements BaseRedisProvider {
   }
 
   async setex(key: RedisKey, seconds: number, value: RedisValue): Promise<'OK'> {
-    return this.client.setex(normalizeRedisKey(key), seconds, value);
+    return this.client.setex(this.buildKey(key), seconds, value);
   }
 
   async del(...keys: RedisKey[]): Promise<number> {
-    return this.client.del(...normalizeRedisKeys(keys));
+    return this.client.del(...this.buildKeys(keys));
   }
 
   async exists(...keys: RedisKey[]): Promise<number> {
-    return this.client.exists(...normalizeRedisKeys(keys));
+    return this.client.exists(...this.buildKeys(keys));
   }
 
   async expire(key: RedisKey, seconds: number): Promise<number> {
-    return this.client.expire(normalizeRedisKey(key), seconds);
+    return this.client.expire(this.buildKey(key), seconds);
   }
 
   async ttl(key: RedisKey): Promise<number> {
-    return this.client.ttl(normalizeRedisKey(key));
+    return this.client.ttl(this.buildKey(key));
   }
 
   async incr(key: RedisKey): Promise<number> {
-    return this.client.incr(normalizeRedisKey(key));
+    return this.client.incr(this.buildKey(key));
   }
 
   async decr(key: RedisKey): Promise<number> {
-    return this.client.decr(normalizeRedisKey(key));
+    return this.client.decr(this.buildKey(key));
   }
 
   async mget(...keys: RedisKey[]): Promise<(string | null)[]> {
-    return this.client.mget(...normalizeRedisKeys(keys));
+    return this.client.mget(...this.buildKeys(keys));
   }
 
   async mset(values: RedisMSetArgument): Promise<'OK'> {
-    return this.client.mset(normalizeMsetValues(values));
+    const normalized = normalizeMsetValues(values);
+    const prefixed = Object.entries(normalized).reduce<Record<string, RedisValue>>(
+      (acc, [key, value]) => {
+        acc[this.addPrefixToKey(key)] = value;
+        return acc;
+      },
+      {},
+    );
+
+    return this.client.mset(prefixed);
   }
 
   async hget(key: RedisKey, field: RedisKey): Promise<string | null> {
-    return this.client.hget(normalizeRedisKey(key), normalizeRedisKey(field));
+    return this.client.hget(this.buildKey(key), normalizeRedisKey(field));
   }
 
   async hset(key: RedisKey, field: RedisKey, value: RedisValue): Promise<number> {
-    return this.client.hset(normalizeRedisKey(key), { [normalizeRedisKey(field)]: value });
+    return this.client.hset(this.buildKey(key), { [normalizeRedisKey(field)]: value });
   }
 
   async hdel(key: RedisKey, ...fields: RedisKey[]): Promise<number> {
-    return this.client.hdel(normalizeRedisKey(key), ...normalizeRedisKeys(fields));
+    return this.client.hdel(this.buildKey(key), ...normalizeRedisKeys(fields));
   }
 
   async hgetall(key: RedisKey): Promise<Record<string, string>> {
-    const res = await this.client.hgetall(normalizeRedisKey(key));
+    const res = await this.client.hgetall(this.buildKey(key));
     if (!res) {
       return {};
     }