@lobehub/lobehub 2.0.0-next.276 → 2.0.0-next.278

package/packages/database/migrations/meta/_journal.json

@@ -483,6 +483,13 @@
       "when": 1768189437504,
       "tag": "0068_update_group_data",
       "breakpoints": true
+    },
+    {
+      "idx": 69,
+      "version": "7",
+      "when": 1768303764632,
+      "tag": "0069_add_topic_shares_table",
+      "breakpoints": true
     }
   ],
   "version": "6"

package/packages/database/src/models/__tests__/topicShare.test.ts

@@ -0,0 +1,318 @@
+// @vitest-environment node
+import { TRPCError } from '@trpc/server';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+
+import { getTestDB } from '../../core/getTestDB';
+import { agents, sessions, topicShares, topics, users } from '../../schemas';
+import { LobeChatDatabase } from '../../type';
+import { TopicShareModel } from '../topicShare';
+
+const serverDB: LobeChatDatabase = await getTestDB();
+
+const userId = 'topic-share-test-user-id';
+const userId2 = 'topic-share-test-user-id-2';
+const sessionId = 'topic-share-test-session';
+const topicId = 'topic-share-test-topic';
+const topicId2 = 'topic-share-test-topic-2';
+const agentId = 'topic-share-test-agent';
+
+const topicShareModel = new TopicShareModel(serverDB, userId);
+const topicShareModel2 = new TopicShareModel(serverDB, userId2);
+
+describe('TopicShareModel', () => {
+  beforeEach(async () => {
+    await serverDB.delete(users);
+
+    // Create test users, sessions, agents and topics
+    await serverDB.transaction(async (tx) => {
+      await tx.insert(users).values([{ id: userId }, { id: userId2 }]);
+      await tx.insert(sessions).values([
+        { id: sessionId, userId },
+        { id: `${sessionId}-2`, userId: userId2 },
+      ]);
+      await tx.insert(agents).values([{ id: agentId, userId }]);
+      await tx.insert(topics).values([
+        { id: topicId, sessionId, userId, agentId, title: 'Test Topic' },
+        { id: topicId2, sessionId, userId, title: 'Test Topic 2' },
+        { id: 'user2-topic', sessionId: `${sessionId}-2`, userId: userId2, title: 'User 2 Topic' },
+      ]);
+    });
+  });
+
+  afterEach(async () => {
+    await serverDB.delete(topicShares);
+    await serverDB.delete(topics);
+    await serverDB.delete(agents);
+    await serverDB.delete(sessions);
+    await serverDB.delete(users);
+  });
+
+  describe('create', () => {
+    it('should create a share for a topic with default visibility', async () => {
+      const result = await topicShareModel.create(topicId);
+
+      expect(result).toBeDefined();
+      expect(result.topicId).toBe(topicId);
+      expect(result.userId).toBe(userId);
+      expect(result.visibility).toBe('private');
+      expect(result.id).toBeDefined();
+    });
+
+    it('should create a share with link visibility', async () => {
+      const result = await topicShareModel.create(topicId, 'link');
+
+      expect(result.visibility).toBe('link');
+    });
+
+    it('should throw error when topic does not exist', async () => {
+      await expect(topicShareModel.create('non-existent-topic')).rejects.toThrow(
+        'Topic not found or not owned by user',
+      );
+    });
+
+    it('should throw error when trying to share another users topic', async () => {
+      await expect(topicShareModel.create('user2-topic')).rejects.toThrow(
+        'Topic not found or not owned by user',
+      );
+    });
+  });
+
+  describe('updateVisibility', () => {
+    it('should update share visibility', async () => {
+      await topicShareModel.create(topicId, 'private');
+
+      const result = await topicShareModel.updateVisibility(topicId, 'link');
+
+      expect(result).toBeDefined();
+      expect(result!.visibility).toBe('link');
+    });
+
+    it('should return null when share does not exist', async () => {
+      const result = await topicShareModel.updateVisibility('non-existent-topic', 'link');
+
+      expect(result).toBeNull();
+    });
+
+    it('should not update other users share', async () => {
+      // Create share for user2
+      await topicShareModel2.create('user2-topic', 'private');
+
+      // User1 tries to update user2's share
+      const result = await topicShareModel.updateVisibility('user2-topic', 'link');
+
+      expect(result).toBeNull();
+
+      // Verify user2's share is unchanged
+      const share = await topicShareModel2.getByTopicId('user2-topic');
+      expect(share!.visibility).toBe('private');
+    });
+  });
+
+  describe('deleteByTopicId', () => {
+    it('should delete share by topic id', async () => {
+      await topicShareModel.create(topicId);
+
+      await topicShareModel.deleteByTopicId(topicId);
+
+      const share = await topicShareModel.getByTopicId(topicId);
+      expect(share).toBeNull();
+    });
+
+    it('should not delete other users share', async () => {
+      await topicShareModel2.create('user2-topic');
+
+      // User1 tries to delete user2's share
+      await topicShareModel.deleteByTopicId('user2-topic');
+
+      // User2's share should still exist
+      const share = await topicShareModel2.getByTopicId('user2-topic');
+      expect(share).not.toBeNull();
+    });
+  });
+
+  describe('getByTopicId', () => {
+    it('should get share info by topic id', async () => {
+      const created = await topicShareModel.create(topicId, 'link');
+
+      const result = await topicShareModel.getByTopicId(topicId);
+
+      expect(result).toBeDefined();
+      expect(result!.id).toBe(created.id);
+      expect(result!.topicId).toBe(topicId);
+      expect(result!.visibility).toBe('link');
+    });
+
+    it('should return null when share does not exist', async () => {
+      const result = await topicShareModel.getByTopicId(topicId);
+
+      expect(result).toBeNull();
+    });
+
+    it('should not return other users share', async () => {
+      await topicShareModel2.create('user2-topic');
+
+      const result = await topicShareModel.getByTopicId('user2-topic');
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('findByShareId (static)', () => {
+    it('should find share by share id with topic and agent info', async () => {
+      const created = await topicShareModel.create(topicId, 'link');
+
+      const result = await TopicShareModel.findByShareId(serverDB, created.id);
+
+      expect(result).toBeDefined();
+      expect(result!.shareId).toBe(created.id);
+      expect(result!.topicId).toBe(topicId);
+      expect(result!.title).toBe('Test Topic');
+      expect(result!.ownerId).toBe(userId);
+      expect(result!.visibility).toBe('link');
+      expect(result!.agentId).toBe(agentId);
+    });
+
+    it('should return null when share does not exist', async () => {
+      const result = await TopicShareModel.findByShareId(serverDB, 'non-existent-share');
+
+      expect(result).toBeNull();
+    });
+
+    it('should return share without agent info when topic has no agent', async () => {
+      const created = await topicShareModel.create(topicId2);
+
+      const result = await TopicShareModel.findByShareId(serverDB, created.id);
+
+      expect(result).toBeDefined();
+      expect(result!.agentId).toBeNull();
+    });
+  });
+
+  describe('incrementPageViewCount (static)', () => {
+    it('should increment page view count', async () => {
+      const created = await topicShareModel.create(topicId);
+
+      // Initial page view count is 0
+      const initial = await serverDB.query.topicShares.findFirst({
+        where: (t, { eq }) => eq(t.id, created.id),
+      });
+      expect(initial!.pageViewCount).toBe(0);
+
+      // Increment page view count
+      await TopicShareModel.incrementPageViewCount(serverDB, created.id);
+
+      const after = await serverDB.query.topicShares.findFirst({
+        where: (t, { eq }) => eq(t.id, created.id),
+      });
+      expect(after!.pageViewCount).toBe(1);
+    });
+
+    it('should increment page view count multiple times', async () => {
+      const created = await topicShareModel.create(topicId);
+
+      await TopicShareModel.incrementPageViewCount(serverDB, created.id);
+      await TopicShareModel.incrementPageViewCount(serverDB, created.id);
+      await TopicShareModel.incrementPageViewCount(serverDB, created.id);
+
+      const result = await serverDB.query.topicShares.findFirst({
+        where: (t, { eq }) => eq(t.id, created.id),
+      });
+      expect(result!.pageViewCount).toBe(3);
+    });
+  });
+
+  describe('findByShareIdWithAccessCheck (static)', () => {
+    it('should return share for owner regardless of visibility', async () => {
+      const created = await topicShareModel.create(topicId, 'private');
+
+      const result = await TopicShareModel.findByShareIdWithAccessCheck(
+        serverDB,
+        created.id,
+        userId,
+      );
+
+      expect(result).toBeDefined();
+      expect(result.shareId).toBe(created.id);
+    });
+
+    it('should return share for anonymous user when visibility is link', async () => {
+      const created = await topicShareModel.create(topicId, 'link');
+
+      const result = await TopicShareModel.findByShareIdWithAccessCheck(
+        serverDB,
+        created.id,
+        undefined,
+      );
+
+      expect(result).toBeDefined();
+      expect(result.shareId).toBe(created.id);
+    });
+
+    it('should throw NOT_FOUND when share does not exist', async () => {
+      await expect(
+        TopicShareModel.findByShareIdWithAccessCheck(serverDB, 'non-existent', userId),
+      ).rejects.toThrow(TRPCError);
+
+      try {
+        await TopicShareModel.findByShareIdWithAccessCheck(serverDB, 'non-existent', userId);
+      } catch (error) {
+        expect((error as TRPCError).code).toBe('NOT_FOUND');
+      }
+    });
+
+    it('should throw FORBIDDEN when visibility is private and user is not owner', async () => {
+      const created = await topicShareModel.create(topicId, 'private');
+
+      await expect(
+        TopicShareModel.findByShareIdWithAccessCheck(serverDB, created.id, userId2),
+      ).rejects.toThrow(TRPCError);
+
+      try {
+        await TopicShareModel.findByShareIdWithAccessCheck(serverDB, created.id, userId2);
+      } catch (error) {
+        expect((error as TRPCError).code).toBe('FORBIDDEN');
+      }
+    });
+
+    it('should throw FORBIDDEN when visibility is private and user is anonymous', async () => {
+      const created = await topicShareModel.create(topicId, 'private');
+
+      await expect(
+        TopicShareModel.findByShareIdWithAccessCheck(serverDB, created.id, undefined),
+      ).rejects.toThrow(TRPCError);
+
+      try {
+        await TopicShareModel.findByShareIdWithAccessCheck(serverDB, created.id, undefined);
+      } catch (error) {
+        expect((error as TRPCError).code).toBe('FORBIDDEN');
+      }
+    });
+  });
+
+  describe('user isolation', () => {
+    it('should enforce user data isolation for all operations', async () => {
+      // User1 creates a share
+      await topicShareModel.create(topicId, 'private');
+
+      // User2 creates a share
+      await topicShareModel2.create('user2-topic', 'link');
+
+      // User1 cannot access user2's share via getByTopicId
+      const user1Access = await topicShareModel.getByTopicId('user2-topic');
+      expect(user1Access).toBeNull();
+
+      // User2 cannot access user1's share via getByTopicId
+      const user2Access = await topicShareModel2.getByTopicId(topicId);
+      expect(user2Access).toBeNull();
+
+      // User1 cannot update user2's share
+      const updateResult = await topicShareModel.updateVisibility('user2-topic', 'private');
+      expect(updateResult).toBeNull();
+
+      // User1 cannot delete user2's share
+      await topicShareModel.deleteByTopicId('user2-topic');
+      const stillExists = await topicShareModel2.getByTopicId('user2-topic');
+      expect(stillExists).not.toBeNull();
+    });
+  });
+});

package/packages/database/src/models/topicShare.ts

@@ -0,0 +1,177 @@
+import type { ShareVisibility } from '@lobechat/types';
+import { TRPCError } from '@trpc/server';
+import { and, asc, eq, sql } from 'drizzle-orm';
+
+import { agents, chatGroups, chatGroupsAgents, topicShares, topics } from '../schemas';
+import { LobeChatDatabase } from '../type';
+
+export type TopicShareData = NonNullable<
+  Awaited<ReturnType<(typeof TopicShareModel)['findByShareId']>>
+>;
+
+export class TopicShareModel {
+  private userId: string;
+  private db: LobeChatDatabase;
+
+  constructor(db: LobeChatDatabase, userId: string) {
+    this.userId = userId;
+    this.db = db;
+  }
+
+  /**
+   * Create a new share for a topic.
+   * Each topic can only have one share record (enforced by unique constraint).
+   */
+  create = async (topicId: string, visibility: ShareVisibility = 'private') => {
+    // First verify the topic belongs to the user
+    const topic = await this.db.query.topics.findFirst({
+      where: and(eq(topics.id, topicId), eq(topics.userId, this.userId)),
+    });
+
+    if (!topic) {
+      throw new Error('Topic not found or not owned by user');
+    }
+
+    const [result] = await this.db
+      .insert(topicShares)
+      .values({
+        topicId,
+        userId: this.userId,
+        visibility,
+      })
+      .returning();
+
+    return result;
+  };
+
+  /**
+   * Update share visibility
+   */
+  updateVisibility = async (topicId: string, visibility: ShareVisibility) => {
+    const [result] = await this.db
+      .update(topicShares)
+      .set({ updatedAt: new Date(), visibility })
+      .where(and(eq(topicShares.topicId, topicId), eq(topicShares.userId, this.userId)))
+      .returning();
+
+    return result || null;
+  };
+
+  /**
+   * Delete a share by topic ID
+   */
+  deleteByTopicId = async (topicId: string) => {
+    return this.db
+      .delete(topicShares)
+      .where(and(eq(topicShares.topicId, topicId), eq(topicShares.userId, this.userId)));
+  };
+
+  /**
+   * Get share info by topic ID (for the owner)
+   */
+  getByTopicId = async (topicId: string) => {
+    const result = await this.db
+      .select({
+        id: topicShares.id,
+        topicId: topicShares.topicId,
+        visibility: topicShares.visibility,
+      })
+      .from(topicShares)
+      .where(and(eq(topicShares.topicId, topicId), eq(topicShares.userId, this.userId)))
+      .limit(1);
+
+    return result[0] || null;
+  };
+
+  /**
+   * Find shared topic by share ID.
+   * Returns share info including ownerId for permission checking by caller.
+   */
+  static findByShareId = async (db: LobeChatDatabase, shareId: string) => {
+    const result = await db
+      .select({
+        agentAvatar: agents.avatar,
+        agentBackgroundColor: agents.backgroundColor,
+        agentId: topics.agentId,
+        agentMarketIdentifier: agents.marketIdentifier,
+        agentSlug: agents.slug,
+        agentTitle: agents.title,
+        groupAvatar: chatGroups.avatar,
+        groupBackgroundColor: chatGroups.backgroundColor,
+        groupId: topics.groupId,
+        groupTitle: chatGroups.title,
+        ownerId: topicShares.userId,
+        shareId: topicShares.id,
+        title: topics.title,
+        topicId: topics.id,
+        visibility: topicShares.visibility,
+      })
+      .from(topicShares)
+      .innerJoin(topics, eq(topicShares.topicId, topics.id))
+      .leftJoin(agents, eq(topics.agentId, agents.id))
+      .leftJoin(chatGroups, eq(topics.groupId, chatGroups.id))
+      .where(eq(topicShares.id, shareId))
+      .limit(1);
+
+    if (!result[0]) return null;
+
+    const share = result[0];
+
+    // Fetch group members if this is a group topic
+    let groupMembers: { avatar: string | null; backgroundColor: string | null }[] | undefined;
+    if (share.groupId) {
+      const members = await db
+        .select({
+          avatar: agents.avatar,
+          backgroundColor: agents.backgroundColor,
+        })
+        .from(chatGroupsAgents)
+        .innerJoin(agents, eq(chatGroupsAgents.agentId, agents.id))
+        .where(eq(chatGroupsAgents.chatGroupId, share.groupId))
+        .orderBy(asc(chatGroupsAgents.order))
+        .limit(4);
+
+      groupMembers = members;
+    }
+
+    return { ...share, groupMembers };
+  };
+
+  /**
+   * Increment page view count for a share.
+   * Should be called after permission check passes.
+   */
+  static incrementPageViewCount = async (db: LobeChatDatabase, shareId: string) => {
+    await db
+      .update(topicShares)
+      .set({ pageViewCount: sql`${topicShares.pageViewCount} + 1` })
+      .where(eq(topicShares.id, shareId));
+  };
+
+  /**
+   * Find shared topic by share ID with visibility check.
+   * Throws TRPCError if access is denied.
+   */
+  static findByShareIdWithAccessCheck = async (
+    db: LobeChatDatabase,
+    shareId: string,
+    accessUserId?: string,
+  ): Promise<TopicShareData> => {
+    const share = await TopicShareModel.findByShareId(db, shareId);
+
+    if (!share) {
+      throw new TRPCError({ code: 'NOT_FOUND', message: 'Share not found' });
+    }
+
+    const isOwner = accessUserId && share.ownerId === accessUserId;
+
+    // Only check visibility for non-owners
+    // 'private' - only owner can view
+    // 'link' - anyone with the link can view
+    if (!isOwner && share.visibility === 'private') {
+      throw new TRPCError({ code: 'FORBIDDEN', message: 'This share is private' });
+    }
+
+    return share;
+  };
+}

package/packages/database/src/schemas/topic.ts

@@ -1,10 +1,19 @@
 /* eslint-disable sort-keys-fix/sort-keys-fix  */
 import type { ChatTopicMetadata, ThreadMetadata } from '@lobechat/types';
 import { sql } from 'drizzle-orm';
-import { boolean, index, jsonb, pgTable, primaryKey, text, uniqueIndex } from 'drizzle-orm/pg-core';
+import {
+  boolean,
+  index,
+  integer,
+  jsonb,
+  pgTable,
+  primaryKey,
+  text,
+  uniqueIndex,
+} from 'drizzle-orm/pg-core';
 import { createInsertSchema } from 'drizzle-zod';
 
-import { idGenerator } from '../utils/idGenerator';
+import { createNanoId, idGenerator } from '../utils/idGenerator';
 import { createdAt, timestamps, timestamptz } from './_helpers';
 import { agents } from './agent';
 import { chatGroups } from './chatGroup';
@@ -133,3 +142,36 @@ export const topicDocuments = pgTable(
 
 export type NewTopicDocument = typeof topicDocuments.$inferInsert;
 export type TopicDocumentItem = typeof topicDocuments.$inferSelect;
+
+/**
+ * Topic sharing table - Manages public sharing links for topics
+ */
+export const topicShares = pgTable(
+  'topic_shares',
+  {
+    id: text('id')
+      .$defaultFn(() => createNanoId(8)())
+      .primaryKey(),
+
+    topicId: text('topic_id')
+      .notNull()
+      .references(() => topics.id, { onDelete: 'cascade' }),
+
+    userId: text('user_id')
+      .references(() => users.id, { onDelete: 'cascade' })
+      .notNull(),
+
+    visibility: text('visibility').default('private').notNull(), // 'private' | 'link'
+
+    pageViewCount: integer('page_view_count').default(0).notNull(),
+
+    ...timestamps,
+  },
+  (t) => [
+    uniqueIndex('topic_shares_topic_id_unique').on(t.topicId),
+    index('topic_shares_user_id_idx').on(t.userId),
+  ],
+);
+
+export type NewTopicShare = typeof topicShares.$inferInsert;
+export type TopicShareItem = typeof topicShares.$inferSelect;

package/packages/types/src/agentCronJob/index.ts

@@ -21,25 +21,6 @@ export const cronPatternSchema = z
 // Minimum 30 minutes validation (using standard cron format)
 export const minimumIntervalSchema = z.string().refine((pattern) => {
   // Standard cron format: minute hour day month weekday
-  const allowedPatterns = [
-    '*/30 * * * *', // Every 30 minutes
-    '0 * * * *', // Every hour
-    '0 */2 * * *', // Every 2 hours
-    '0 */3 * * *', // Every 3 hours
-    '0 */4 * * *', // Every 4 hours
-    '0 */6 * * *', // Every 6 hours
-    '0 */8 * * *', // Every 8 hours
-    '0 */12 * * *', // Every 12 hours
-    '0 0 * * *', // Daily at midnight
-    '0 0 * * 0', // Weekly on Sunday
-    '0 0 1 * *', // Monthly on 1st
-  ];
-
-  // Check if it matches allowed patterns
-  if (allowedPatterns.includes(pattern)) {
-    return true;
-  }
-
   // Parse pattern to validate minimum 30-minute interval
   const parts = pattern.split(' ');
   if (parts.length !== 5) {
@@ -48,24 +29,39 @@ export const minimumIntervalSchema = z.string().refine((pattern) => {
 
   const [minute, hour] = parts;
 
+  // Validate minute is 0 or 30 (we only allow 30-minute intervals)
+  const isValidMinute = minute === '0' || minute === '30' || minute === '*/30';
+
+  if (!isValidMinute) {
+    return false;
+  }
+
   // Allow minute intervals >= 30 (e.g., */30, */45, */60)
   if (minute.startsWith('*/')) {
     const interval = parseInt(minute.slice(2));
     if (!isNaN(interval) && interval >= 30) {
       return true;
     }
+    return false;
   }
 
-  // Allow hourly patterns: 0 */N * * * where N >= 1
-  if (minute === '0' && hour.startsWith('*/')) {
+  // Allow hourly patterns: {0|30} */N * * * where N >= 1
+  if ((minute === '0' || minute === '30') && hour.startsWith('*/')) {
     const interval = parseInt(hour.slice(2));
     if (!isNaN(interval) && interval >= 1) {
       return true;
     }
+    return false;
+  }
+
+  // Allow hourly patterns: {0|30} * * * * (every hour at :00 or :30)
+  if ((minute === '0' || minute === '30') && hour === '*') {
+    return true;
   }
 
-  // Allow specific hour patterns: 0 N * * * (runs once per day)
-  if (minute === '0' && /^\d+$/.test(hour)) {
+  // Allow specific hour patterns: {0|30} N * * * (runs once per day)
+  // or {0|30} N * * {weekdays} (runs on specific weekdays)
+  if ((minute === '0' || minute === '30') && /^\d+$/.test(hour)) {
     const h = parseInt(hour);
     if (!isNaN(h) && h >= 0 && h <= 23) {
       return true;

package/packages/types/src/conversation.ts

@@ -182,4 +182,9 @@ export interface ConversationContext {
    * Topic ID
    */
   topicId?: string | null;
+  /**
+   * Topic share ID for public access (used by shared topic pages)
+   * When present, allows unauthenticated access to topic messages
+   */
+  topicShareId?: string;
 }

package/packages/types/src/serverConfig.ts

@@ -49,6 +49,7 @@ export type ServerLanguageModel = Partial<Record<GlobalLLMProviderKey, ServerMod
 export interface GlobalServerConfig {
   aiProvider: ServerLanguageModel;
   defaultAgent?: PartialDeep<UserDefaultAgent>;
+  enableBusinessFeatures?: boolean;
   enableEmailVerification?: boolean;
   enableKlavis?: boolean;
   enableLobehubSkill?: boolean;