npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.331 → 2.0.0-next.333 - Mend

@lobehub/lobehub 2.0.0-next.331 → 2.0.0-next.333

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/docs/self-hosting/advanced/auth/better-auth/apple.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,127 @@
+---
+title: 在 LobeChat 中配置 Apple 身份验证
+description: 学习如何在 LobeChat 中配置 Apple 登录，包括在 Apple Developer Portal 创建凭证和设置环境变量。
+tags:
+  - Apple
+  - 身份验证
+  - LobeChat
+  - 单点登录
+---
+# 配置 Apple 身份验证
+<Callout type={'warning'}>
+  Apple 登录需要付费的 Apple Developer 账户（$99 / 年），且不支持
+  localhost。开发和生产环境都必须使用 HTTPS 域名。
+</Callout>
+<Steps>
+  ### 创建 App ID
+  1. 前往 [Apple Developer Portal](https://developer.apple.com/account/resources/identifiers/list)
+  2. 导航到 **Certificates, Identifiers & Profiles** > **Identifiers**
+  3. 点击 **+** 注册新标识符
+  4. 选择 **App IDs** > **App** 类型 > **Continue**
+  5. 填写：
+     - **Description**: 如 `LobeChat`
+     - **Bundle ID**: 如 `com.yourcompany.lobechat`
+  6. 启用 **Sign In with Apple** 功能
+  7. 点击 **Continue** > **Register**
+  ### 创建 Services ID
+  1. 返回 **Identifiers**，点击 **+**
+  2. 选择 **Services IDs** > **Continue**
+  3. 填写：
+     - **Description**: 如 `LobeChat Web`
+     - **Identifier**: 如 `com.yourcompany.lobechat.web`（这是你的 Client ID）
+  4. 点击 **Continue** > **Register**
+  ### 配置 Services ID
+  1. 点击已创建的 Services ID
+  2. 启用 **Sign In with Apple**
+  3. 点击 **Configure**
+  4. 选择 Primary App ID
+  5. 添加域名和回调 URL：
+     - **Domains**: `your-domain.com`
+     - **Return URLs**: `https://your-domain.com/api/auth/callback/apple`
+  6. 点击 **Save** > **Continue** > **Save**
+  <Callout type={'info'}>
+    回调 URL 格式：
+    - 生产环境: `https://your-domain.com/api/auth/callback/apple`
+    - Apple **不支持** localhost 或 HTTP URL
+  </Callout>
+  ### 创建登录密钥
+  1. 导航到 **Keys**，点击 **+**
+  2. 填写密钥名称
+  3. 启用 **Sign In with Apple**，点击 **Configure**
+  4. 选择 Primary App ID
+  5. 点击 **Save** > **Continue** > **Register**
+  6. **下载密钥文件**（`.p8`）- 只能下载一次
+  7. 记录：
+     - **Key ID**: 密钥页面显示
+     - **Team ID**: 开发者门户右上角显示
+  ### 生成 Client Secret
+  Apple 要求使用 JWT 作为 client secret。使用 `.p8` 密钥文件生成：
+  ```js
+  // Node.js 示例
+  const jwt = require('jsonwebtoken');
+  const fs = require('fs');
+  const privateKey = fs.readFileSync('AuthKey_XXXXX.p8');
+  const token = jwt.sign({}, privateKey, {
+    algorithm: 'ES256',
+    expiresIn: '180d', // 最长 6 个月
+    issuer: 'YOUR_TEAM_ID',
+    audience: 'https://appleid.apple.com',
+    subject: 'YOUR_SERVICES_ID', // Client ID
+    keyid: 'YOUR_KEY_ID',
+  });
+  ```
+  <Callout type={'warning'}>
+    JWT 最长有效期为 180 天。需要在过期前重新生成并更新。
+  </Callout>
+  ### 配置环境变量
+  | 环境变量                               | 类型 | 描述                                     |
+  | ---------------------------------- | -- | -------------------------------------- |
+  | `AUTH_SECRET`                      | 必选 | 会话加密密钥，使用 `openssl rand -base64 32` 生成 |
+  | `AUTH_SSO_PROVIDERS`               | 必选 | 填写 `apple`                             |
+  | `AUTH_APPLE_CLIENT_ID`             | 必选 | 你的 Services ID                         |
+  | `AUTH_APPLE_CLIENT_SECRET`         | 必选 | 生成的 JWT                                |
+  | `AUTH_APPLE_APP_BUNDLE_IDENTIFIER` | 可选 | App Bundle ID（用于原生应用集成）                |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#apple)
+    可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  部署成功后，用户将可以通过 Apple 身份认证并使用 LobeChat。
+</Callout>
+## 常见问题
+### 不支持 localhost
+Apple 登录不支持 localhost 或非 HTTPS URL。本地开发请使用 ngrok 等隧道服务或部署到带有 HTTPS 的测试环境。
+### 密钥过期
+JWT client secret 最长有效期为 180 天。请设置提醒在过期前重新生成。
+## 相关资源
+- [Apple Developer Portal](https://developer.apple.com/account)
+- [Sign In with Apple 文档](https://developer.apple.com/sign-in-with-apple/)

package/docs/self-hosting/advanced/auth/better-auth/auth0.mdx ADDED Viewed

@@ -0,0 +1,111 @@
+---
+title: Configuring Auth0 Authentication for LobeChat
+description: >-
+  Learn how to configure Auth0 SSO for LobeChat, including creating
+  applications, adding users, and setting up environment variables.
+tags:
+  - Auth0
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+---
+# Configuring Auth0 Authentication
+<Steps>
+  ### Create Auth0 Application
+  1. Go to [Auth0 Dashboard](https://manage.auth0.com/dashboard)
+  2. Click **Applications** > **Create Application**
+  <Image alt="Create Auth0 Application S1" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/f068190f-0027-4d3b-8667-d632e43d5a86" />
+  3. Fill in the application name
+  4. Select **Regular Web Applications** as the application type
+  5. Click **Create**
+  <Image alt="Create Auth0 Application S2" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/3e0082df-9b6f-46f3-b67f-bdc79e1eb2cc" />
+  ### Configure Application Settings
+  After creation, go to the **Settings** tab:
+  <Image alt="Create Auth0 Application S3" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/df4cea85-616a-46f5-b2de-42725d9b82a6" />
+  Note down:
+  - **Domain** (e.g., `your-tenant.auth0.com`)
+  - **Client ID**
+  - **Client Secret**
+  ### Configure Callback URL
+  In **Allowed Callback URLs**, add:
+  <Callout type={'info'}>
+    Callback URL format:
+    - Local development: `http://localhost:3210/api/auth/callback/auth0`
+    - Production: `https://your-domain.com/api/auth/callback/auth0`
+  </Callout>
+  <Image alt="Create Auth0 Application S4" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/62fbd09f-a69a-4460-949b-0f6285fa65b9" />
+  ### Add Users (Optional)
+  Click **User Management** to create users for your organization.
+  <Image alt="Add Users" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/0beda150-d0b6-43cf-a9f1-fce928b83a96" />
+  ### Configure Environment Variables
+  | Environment Variable             | Type     | Description                                                     |
+  | -------------------------------- | -------- | --------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Session encryption key, generate with `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | Set to `auth0`                                                  |
+  | `AUTH_AUTH0_ID`                  | Required | Client ID                                                       |
+  | `AUTH_AUTH0_SECRET`              | Required | Client Secret                                                   |
+  | `AUTH_AUTH0_ISSUER`              | Required | `https://your-tenant.auth0.com`                                 |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#auth0)
+    for detailed information.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Auth0 and
+  use LobeChat.
+</Callout>
+## Advanced Configuration
+### Connect Existing SSO Services
+If your organization has existing identity infrastructure, connect to SSO services in **Applications** > **SSO Integrations**.
+Auth0 supports Azure AD, Slack, Google Workspace, Office 365, Zoom, and more. See [Auth0 SSO Integrations](https://marketplace.auth0.com/features/sso-integrations).
+<Image alt="Connecting to Existing SSO Service" src="https://github.com/lobehub/lobe-chat/assets/30863298/9891347e-a338-4aa9-8714-f16c8dbcfcec" />
+### Configure Social Login
+Configure social login in **Authentication** > **Social**.
+<Image alt="Configuring Social Login" src="https://github.com/lobehub/lobe-chat/assets/30863298/880749a6-5ba4-4e20-a968-b583a54de7fa" />
+<Callout type={'warning'}>
+  Social login by default allows anyone to authenticate. Configure blocking
+  policies to restrict access.
+</Callout>
+<Callout type={'warning'}>
+  When creating a GitHub connection, make sure to enable the **Email Address** permission in the **Attributes** section. LobeChat requires user email for authentication.
+  <Image alt="GitHub Connection Email Permission" src="https://hub-apac-1.lobeobjects.space/docs/afdf22891dda3e5e44c690db184c548e.png" />
+</Callout>
+## Related Resources
+- [Auth0 Dashboard](https://manage.auth0.com/dashboard)
+- [Auth0 Documentation](https://auth0.com/docs)

package/docs/self-hosting/advanced/auth/better-auth/auth0.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,107 @@
+---
+title: 在 LobeChat 中配置 Auth0 身份验证
+description: 学习如何在 LobeChat 中配置 Auth0 SSO，包括创建应用、添加用户和设置环境变量。
+tags:
+  - Auth0
+  - 身份验证
+  - LobeChat
+  - 单点登录
+---
+# 配置 Auth0 身份验证
+<Steps>
+  ### 创建 Auth0 应用
+  1. 前往 [Auth0 Dashboard](https://manage.auth0.com/dashboard)
+  2. 点击 **Applications** > **Create Application**
+  <Image alt="创建 Auth0 应用 S1" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/f068190f-0027-4d3b-8667-d632e43d5a86" />
+  3. 填写应用名称
+  4. 选择 **Regular Web Applications** 作为应用类型
+  5. 点击 **Create**
+  <Image alt="创建 Auth0 应用 S2" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/3e0082df-9b6f-46f3-b67f-bdc79e1eb2cc" />
+  ### 配置应用设置
+  创建后，进入 **Settings** 标签页：
+  <Image alt="创建 Auth0 应用 S3" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/df4cea85-616a-46f5-b2de-42725d9b82a6" />
+  记录：
+  - **Domain**（如 `your-tenant.auth0.com`）
+  - **Client ID**
+  - **Client Secret**
+  ### 配置回调 URL
+  在 **Allowed Callback URLs** 中添加：
+  <Callout type={'info'}>
+    回调 URL 格式：
+    - 本地开发: `http://localhost:3210/api/auth/callback/auth0`
+    - 生产环境: `https://your-domain.com/api/auth/callback/auth0`
+  </Callout>
+  <Image alt="创建 Auth0 应用 S4" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/62fbd09f-a69a-4460-949b-0f6285fa65b9" />
+  ### 添加用户（可选）
+  点击 **User Management** 为组织创建用户。
+  <Image alt="添加用户" inStep src="https://github.com/lobehub/lobe-chat/assets/30863298/0beda150-d0b6-43cf-a9f1-fce928b83a96" />
+  ### 配置环境变量
+  | 环境变量                             | 类型 | 描述                                     |
+  | -------------------------------- | -- | -------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 会话加密密钥，使用 `openssl rand -base64 32` 生成 |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | 填写 `auth0`                             |
+  | `AUTH_AUTH0_ID`                  | 必选 | Client ID                              |
+  | `AUTH_AUTH0_SECRET`              | 必选 | Client Secret                          |
+  | `AUTH_AUTH0_ISSUER`              | 必选 | `https://your-tenant.auth0.com`        |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#auth0)
+    可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  部署成功后，用户将可以通过 Auth0 身份认证并使用 LobeChat。
+</Callout>
+## 高级配置
+### 连接现有 SSO 服务
+如果组织已有身份认证基础设施，在 **Applications** > **SSO Integrations** 中连接 SSO 服务。
+Auth0 支持 Azure AD、Slack、Google Workspace、Office 365、Zoom 等。详见 [Auth0 SSO Integrations](https://marketplace.auth0.com/features/sso-integrations)。
+<Image alt="连接现有 SSO 服务" src="https://github.com/lobehub/lobe-chat/assets/30863298/9891347e-a338-4aa9-8714-f16c8dbcfcec" />
+### 配置社交登录
+在 **Authentication** > **Social** 中配置社交登录。
+<Image alt="配置社交登录" src="https://github.com/lobehub/lobe-chat/assets/30863298/880749a6-5ba4-4e20-a968-b583a54de7fa" />
+<Callout type={'warning'}>
+  默认社交登录允许任何人认证。请配置阻止策略以限制访问。
+</Callout>
+<Callout type={'warning'}>
+  创建 GitHub 连接时，务必在 **Attributes** 部分勾选 **Email Address** 权限。LobeChat 需要用户邮箱进行身份认证。
+  <Image alt="GitHub 连接邮箱权限" src="https://hub-apac-1.lobeobjects.space/docs/afdf22891dda3e5e44c690db184c548e.png" />
+</Callout>
+## 相关资源
+- [Auth0 Dashboard](https://manage.auth0.com/dashboard)
+- [Auth0 文档](https://auth0.com/docs)

package/docs/self-hosting/advanced/auth/better-auth/authelia.mdx ADDED Viewed

@@ -0,0 +1,66 @@
+---
+title: Configuring Authelia Authentication for LobeChat
+description: >-
+  Learn how to configure Authelia SSO for LobeChat, including setting up OIDC
+  client and environment variables.
+tags:
+  - Authelia
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+  - OIDC
+---
+# Configuring Authelia Authentication
+[Authelia](https://www.authelia.com/) is an open-source authentication and authorization server providing two-factor authentication and single sign-on.
+<Steps>
+  ### Configure OIDC Client in Authelia
+  Add a new OIDC client in your Authelia configuration file:
+  ```yaml
+  identity_providers:
+    oidc:
+      clients:
+        - client_id: 'lobechat'
+          client_name: 'LobeChat'
+          client_secret: 'your-client-secret'
+          redirect_uris:
+            - 'https://your-domain.com/api/auth/callback/authelia'
+          scopes:
+            - 'openid'
+            - 'profile'
+            - 'email'
+  ```
+  <Callout type={'info'}>
+    **Callback URL Format**: `https://your-domain.com/api/auth/callback/authelia`
+  </Callout>
+  ### Configure Environment Variables
+  When deploying LobeChat, you need to configure the following environment variables:
+  | Environment Variable             | Type     | Description                                                                   |
+  | -------------------------------- | -------- | ----------------------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | SSO provider for LobeChat. Use `authelia` for Authelia                        |
+  | `AUTH_AUTHELIA_ID`               | Required | Client ID configured in Authelia                                              |
+  | `AUTH_AUTHELIA_SECRET`           | Required | Client Secret configured in Authelia                                          |
+  | `AUTH_AUTHELIA_ISSUER`           | Required | Authelia issuer URL (e.g., `https://auth.your-domain.com`)                    |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#authelia) for detailed information on these variables.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Authelia and use LobeChat.
+</Callout>
+## Related Resources
+- [Authelia Documentation](https://www.authelia.com/docs/)
+- [Authelia OIDC Configuration](https://www.authelia.com/configuration/identity-providers/openid-connect/)

package/docs/self-hosting/advanced/auth/better-auth/authelia.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,62 @@
+---
+title: 在 LobeChat 中配置 Authelia 身份验证
+description: 学习如何在 LobeChat 中配置 Authelia SSO，包括设置 OIDC 客户端和环境变量。
+tags:
+  - Authelia
+  - 身份验证
+  - LobeChat
+  - 单点登录
+  - OIDC
+---
+# 配置 Authelia 身份验证
+[Authelia](https://www.authelia.com/) 是一个开源的身份验证和授权服务器，提供双因素认证和单点登录功能。
+<Steps>
+  ### 在 Authelia 中配置 OIDC 客户端
+  在 Authelia 配置文件中添加新的 OIDC 客户端：
+  ```yaml
+  identity_providers:
+    oidc:
+      clients:
+        - client_id: 'lobechat'
+          client_name: 'LobeChat'
+          client_secret: 'your-client-secret'
+          redirect_uris:
+            - 'https://your-domain.com/api/auth/callback/authelia'
+          scopes:
+            - 'openid'
+            - 'profile'
+            - 'email'
+  ```
+  <Callout type={'info'}>
+    **回调 URL 格式**: `https://your-domain.com/api/auth/callback/authelia`
+  </Callout>
+  ### 配置环境变量
+  在部署 LobeChat 时，你需要配置以下环境变量：
+  | 环境变量                             | 类型 | 描述                                                     |
+  | -------------------------------- | -- | ------------------------------------------------------ |
+  | `AUTH_SECRET`                    | 必选 | 用于加密会话令牌的密钥。使用以下命令生成：`openssl rand -base64 32`         |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | SSO 提供商。使用 Authelia 请填写 `authelia`                     |
+  | `AUTH_AUTHELIA_ID`               | 必选 | Authelia 中配置的 Client ID                                |
+  | `AUTH_AUTHELIA_SECRET`           | 必选 | Authelia 中配置的 Client Secret                            |
+  | `AUTH_AUTHELIA_ISSUER`           | 必选 | Authelia Issuer URL（例如 `https://auth.your-domain.com`） |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#authelia) 可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>部署成功后，用户将可以通过 Authelia 身份认证并使用 LobeChat。</Callout>
+## 相关资源
+- [Authelia 文档](https://www.authelia.com/docs/)
+- [Authelia OIDC 配置](https://www.authelia.com/configuration/identity-providers/openid-connect/)

package/docs/self-hosting/advanced/auth/better-auth/authentik.mdx ADDED Viewed

@@ -0,0 +1,67 @@
+---
+title: Configuring Authentik Authentication for LobeChat
+description: >-
+  Learn how to configure Authentik SSO for LobeChat, including creating an
+  OAuth2 provider and application.
+tags:
+  - Authentik
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+  - OIDC
+---
+# Configuring Authentik Authentication
+[Authentik](https://goauthentik.io/) is an open-source Identity Provider focused on flexibility and versatility.
+<Steps>
+  ### Create OAuth2 Provider in Authentik
+  1. In Authentik admin interface, go to **Applications** > **Providers**
+  2. Click **Create** and select **OAuth2/OpenID Provider**
+  3. Configure the provider:
+     - Name: `LobeChat`
+     - Authorization flow: Select your authorization flow
+     - Client type: `Confidential`
+     - Redirect URIs: Add your callback URL
+  <Callout type={'info'}>
+    **Callback URL Format**: `https://your-domain.com/api/auth/callback/authentik`
+  </Callout>
+  ### Create Application
+  1. Go to **Applications** > **Applications**
+  2. Click **Create** and link it to the OAuth2 provider you created
+  3. Note down the **Client ID** and **Client Secret**
+  ### Get Issuer URL
+  The issuer URL is typically: `https://your-authentik-domain/application/o/your-app-slug/`
+  ### Configure Environment Variables
+  When deploying LobeChat, you need to configure the following environment variables:
+  | Environment Variable             | Type     | Description                                                                   |
+  | -------------------------------- | -------- | ----------------------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | SSO provider for LobeChat. Use `authentik` for Authentik                      |
+  | `AUTH_AUTHENTIK_ID`              | Required | Client ID from Authentik provider                                             |
+  | `AUTH_AUTHENTIK_SECRET`          | Required | Client Secret from Authentik provider                                         |
+  | `AUTH_AUTHENTIK_ISSUER`          | Required | Authentik issuer URL                                                          |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#authentik) for detailed information on these variables.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Authentik and use LobeChat.
+</Callout>
+## Related Resources
+- [Authentik Documentation](https://docs.goauthentik.io/)
+- [Authentik OAuth2 Provider](https://docs.goauthentik.io/docs/providers/oauth2/)

package/docs/self-hosting/advanced/auth/better-auth/authentik.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,63 @@
+---
+title: 在 LobeChat 中配置 Authentik 身份验证
+description: 学习如何在 LobeChat 中配置 Authentik SSO，包括创建 OAuth2 提供商和应用。
+tags:
+  - Authentik
+  - 身份验证
+  - LobeChat
+  - 单点登录
+  - OIDC
+---
+# 配置 Authentik 身份验证
+[Authentik](https://goauthentik.io/) 是一个开源身份提供商，专注于灵活性和多功能性。
+<Steps>
+  ### 在 Authentik 中创建 OAuth2 提供商
+  1. 在 Authentik 管理界面，前往 **Applications** > **Providers**
+  2. 点击 **Create**，选择 **OAuth2/OpenID Provider**
+  3. 配置提供商：
+     - Name: `LobeChat`
+     - Authorization flow: 选择授权流程
+     - Client type: `Confidential`
+     - Redirect URIs: 添加回调 URL
+  <Callout type={'info'}>
+    **回调 URL 格式**: `https://your-domain.com/api/auth/callback/authentik`
+  </Callout>
+  ### 创建应用
+  1. 前往 **Applications** > **Applications**
+  2. 点击 **Create**，关联到刚创建的 OAuth2 提供商
+  3. 记下 **Client ID** 和 **Client Secret**
+  ### 获取 Issuer URL
+  Issuer URL 通常为：`https://your-authentik-domain/application/o/your-app-slug/`
+  ### 配置环境变量
+  在部署 LobeChat 时，你需要配置以下环境变量：
+  | 环境变量                             | 类型 | 描述                                             |
+  | -------------------------------- | -- | ---------------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 用于加密会话令牌的密钥。使用以下命令生成：`openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | SSO 提供商。使用 Authentik 请填写 `authentik`           |
+  | `AUTH_AUTHENTIK_ID`              | 必选 | Authentik 提供商的 Client ID                       |
+  | `AUTH_AUTHENTIK_SECRET`          | 必选 | Authentik 提供商的 Client Secret                   |
+  | `AUTH_AUTHENTIK_ISSUER`          | 必选 | Authentik Issuer URL                           |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#authentik) 可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>部署成功后，用户将可以通过 Authentik 身份认证并使用 LobeChat。</Callout>
+## 相关资源
+- [Authentik 文档](https://docs.goauthentik.io/)
+- [Authentik OAuth2 提供商](https://docs.goauthentik.io/docs/providers/oauth2/)

package/docs/self-hosting/advanced/auth/better-auth/casdoor.mdx ADDED Viewed

@@ -0,0 +1,62 @@
+---
+title: Configuring Casdoor Authentication for LobeChat
+description: >-
+  Learn how to configure Casdoor SSO for LobeChat, including creating an
+  application and setting up environment variables.
+tags:
+  - Casdoor
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+  - OIDC
+---
+# Configuring Casdoor Authentication
+[Casdoor](https://casdoor.org/) is an open-source Identity Access Management (IAM) platform with web UI for SSO.
+<Steps>
+  ### Create Application in Casdoor
+  1. Log in to your Casdoor admin console
+  2. Go to **Applications** and click **Add**
+  3. Configure the application:
+     - Name: `LobeChat`
+     - Organization: Select your organization
+     - Redirect URLs: Add your callback URL
+  <Callout type={'info'}>
+    **Callback URL Format**: `https://your-domain.com/api/auth/callback/casdoor`
+  </Callout>
+  4. Save and note down the **Client ID** and **Client Secret**
+  ### Get Issuer URL
+  The issuer URL is your Casdoor server URL, typically: `https://your-casdoor-domain`
+  ### Configure Environment Variables
+  When deploying LobeChat, you need to configure the following environment variables:
+  | Environment Variable             | Type     | Description                                                                   |
+  | -------------------------------- | -------- | ----------------------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | SSO provider for LobeChat. Use `casdoor` for Casdoor                          |
+  | `AUTH_CASDOOR_ID`                | Required | Client ID from Casdoor application                                            |
+  | `AUTH_CASDOOR_SECRET`            | Required | Client Secret from Casdoor application                                        |
+  | `AUTH_CASDOOR_ISSUER`            | Required | Casdoor server URL (e.g., `https://your-casdoor-domain`)                      |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#casdoor) for detailed information on these variables.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Casdoor and use LobeChat.
+</Callout>
+## Related Resources
+- [Casdoor Documentation](https://casdoor.org/docs/overview)
+- [Casdoor Application Configuration](https://casdoor.org/docs/application/config)