@lobehub/lobehub 2.0.0-next.344 → 2.0.0-next.346

package/src/libs/next/proxy/createRouteMatcher.test.ts

@@ -0,0 +1,121 @@
+import { type NextRequest } from 'next/server';
+import { describe, expect, it } from 'vitest';
+
+import { createRouteMatcher } from './createRouteMatcher';
+
+// Helper to create a mock NextRequest with a given pathname
+const createMockRequest = (pathname: string): NextRequest =>
+  ({
+    nextUrl: { pathname },
+  }) as NextRequest;
+
+describe('createRouteMatcher', () => {
+  describe('exact path matching', () => {
+    it('should match exact paths', () => {
+      const matcher = createRouteMatcher(['/signin', '/signup']);
+
+      expect(matcher(createMockRequest('/signin'))).toBe(true);
+      expect(matcher(createMockRequest('/signup'))).toBe(true);
+      expect(matcher(createMockRequest('/login'))).toBe(false);
+    });
+
+    it('should not match partial paths without wildcard', () => {
+      const matcher = createRouteMatcher(['/api']);
+
+      expect(matcher(createMockRequest('/api'))).toBe(true);
+      expect(matcher(createMockRequest('/api/users'))).toBe(false);
+      expect(matcher(createMockRequest('/api/'))).toBe(false);
+    });
+  });
+
+  describe('wildcard pattern matching', () => {
+    it('should match paths with (.*) wildcard', () => {
+      const matcher = createRouteMatcher(['/api/auth(.*)']);
+
+      expect(matcher(createMockRequest('/api/auth'))).toBe(true);
+      expect(matcher(createMockRequest('/api/auth/'))).toBe(true);
+      expect(matcher(createMockRequest('/api/auth/callback'))).toBe(true);
+      expect(matcher(createMockRequest('/api/auth/callback/google'))).toBe(true);
+      expect(matcher(createMockRequest('/api/other'))).toBe(false);
+    });
+
+    it('should match /share(.*) pattern for public share pages', () => {
+      const matcher = createRouteMatcher(['/share(.*)']);
+
+      expect(matcher(createMockRequest('/share'))).toBe(true);
+      expect(matcher(createMockRequest('/share/'))).toBe(true);
+      expect(matcher(createMockRequest('/share/abc123'))).toBe(true);
+      expect(matcher(createMockRequest('/share/t/abc123'))).toBe(true);
+      // Note: /shared also matches because (.*) matches 'd' - use /share/(.*) for strict matching
+      expect(matcher(createMockRequest('/shared'))).toBe(true);
+    });
+
+    it('should match /trpc(.*) pattern', () => {
+      const matcher = createRouteMatcher(['/trpc(.*)']);
+
+      expect(matcher(createMockRequest('/trpc'))).toBe(true);
+      expect(matcher(createMockRequest('/trpc/user.get'))).toBe(true);
+      expect(matcher(createMockRequest('/trpc/chat.create'))).toBe(true);
+    });
+
+    it('should match /next-auth/(.*) pattern', () => {
+      const matcher = createRouteMatcher(['/next-auth/(.*)']);
+
+      expect(matcher(createMockRequest('/next-auth/'))).toBe(true);
+      expect(matcher(createMockRequest('/next-auth/signin'))).toBe(true);
+      expect(matcher(createMockRequest('/next-auth/callback/github'))).toBe(true);
+      expect(matcher(createMockRequest('/next-auth'))).toBe(false); // no trailing slash or path
+    });
+  });
+
+  describe('multiple patterns', () => {
+    it('should match any of multiple patterns', () => {
+      const matcher = createRouteMatcher(['/api/auth(.*)', '/signin', '/share(.*)']);
+
+      expect(matcher(createMockRequest('/api/auth/callback'))).toBe(true);
+      expect(matcher(createMockRequest('/signin'))).toBe(true);
+      expect(matcher(createMockRequest('/share/abc'))).toBe(true);
+      expect(matcher(createMockRequest('/other'))).toBe(false);
+    });
+  });
+
+  describe('special regex characters', () => {
+    it('should escape special regex characters in patterns', () => {
+      const matcher = createRouteMatcher(['/api/v1.0/users']);
+
+      expect(matcher(createMockRequest('/api/v1.0/users'))).toBe(true);
+      expect(matcher(createMockRequest('/api/v1X0/users'))).toBe(false); // . should not match any char
+    });
+
+    it('should handle patterns with multiple special characters', () => {
+      const matcher = createRouteMatcher(['/oauth/consent/(.*)']);
+
+      expect(matcher(createMockRequest('/oauth/consent/'))).toBe(true);
+      expect(matcher(createMockRequest('/oauth/consent/abc123'))).toBe(true);
+      expect(matcher(createMockRequest('/oauth/consent'))).toBe(false);
+    });
+  });
+
+  describe('edge cases', () => {
+    it('should handle root path', () => {
+      const matcher = createRouteMatcher(['/']);
+
+      expect(matcher(createMockRequest('/'))).toBe(true);
+      expect(matcher(createMockRequest('/anything'))).toBe(false);
+    });
+
+    it('should handle empty patterns array', () => {
+      const matcher = createRouteMatcher([]);
+
+      expect(matcher(createMockRequest('/'))).toBe(false);
+      expect(matcher(createMockRequest('/any/path'))).toBe(false);
+    });
+
+    it('should be case sensitive', () => {
+      const matcher = createRouteMatcher(['/API/auth(.*)']);
+
+      expect(matcher(createMockRequest('/API/auth/callback'))).toBe(true);
+      expect(matcher(createMockRequest('/api/auth/callback'))).toBe(false);
+    });
+  });
+});

package/src/libs/next/proxy/createRouteMatcher.ts

@@ -0,0 +1,18 @@
+import { type NextRequest } from 'next/server';
+
+/**
+ * Creates a route matcher function that checks if a request path matches any of the given patterns
+ * @param patterns Array of route patterns - supports `(.*)` as wildcard
+ * @returns Function that returns true if the request matches any pattern
+ */
+export function createRouteMatcher(patterns: string[]) {
+  const regexPatterns = patterns.map((pattern) => {
+    // Escape all special regex chars (including parentheses), then restore (.*) to wildcard
+    const regexStr = pattern
+      .replaceAll(/[$()*+.?[\\\]^{|}]/g, '\\$&')
+      .replaceAll('\\(\\.\\*\\)', '.*');
+    return new RegExp(`^${regexStr}$`);
+  });
+
+  return (req: NextRequest) => regexPatterns.some((regex) => regex.test(req.nextUrl.pathname));
+}

package/src/libs/next/proxy/define-config.ts

@@ -1,4 +1,3 @@
-import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server';
 import debug from 'debug';
 import { type NextRequest, NextResponse } from 'next/server';
 import { UAParser } from 'ua-parser-js';
@@ -14,10 +13,11 @@ import { type Locales } from '@/locales/resources';
 import { parseBrowserLanguage } from '@/utils/locale';
 import { RouteVariants } from '@/utils/server/routeVariants';
 
+import { createRouteMatcher } from './createRouteMatcher';
+
 // Create debug logger instances
 const logDefault = debug('middleware:default');
 const logNextAuth = debug('middleware:next-auth');
-const logClerk = debug('middleware:clerk');
 const logBetterAuth = debug('middleware:better-auth');
 
 // OIDC session pre-sync constant
@@ -171,11 +171,9 @@ export function defineConfig() {
     '/trpc(.*)',
     // next auth
     '/next-auth/(.*)',
-    // clerk
-    '/login',
-    '/signup',
     // better auth
     '/signin',
+    '/signup',
     '/verify-email',
     '/reset-password',
     // oauth
@@ -253,48 +251,6 @@ export function defineConfig() {
     return response;
   });
 
-  const clerkAuthMiddleware = clerkMiddleware(
-    async (auth, req) => {
-      logClerk('Clerk middleware processing request: %s %s', req.method, req.url);
-
-      // when enable auth protection, only public route is not protected, others are all protected
-      const isProtected = appEnv.ENABLE_AUTH_PROTECTION
-        ? !isPublicRoute(req)
-        : isProtectedRoute(req);
-
-      logClerk('Route protection status: %s, %s', req.url, isProtected ? 'protected' : 'public');
-
-      if (isProtected) {
-        logClerk('Protecting route: %s', req.url);
-        await auth.protect();
-      }
-
-      const response = defaultMiddleware(req);
-
-      const data = await auth();
-      logClerk('Clerk auth status: %O', {
-        isSignedIn: !!data.userId,
-        userId: data.userId,
-      });
-
-      // If OIDC is enabled and Clerk user is logged in, add OIDC session pre-sync header
-      if (authEnv.ENABLE_OIDC && data.userId) {
-        logClerk('OIDC session pre-sync: Setting %s = %s', OIDC_SESSION_HEADER, data.userId);
-        response.headers.set(OIDC_SESSION_HEADER, data.userId);
-      } else if (authEnv.ENABLE_OIDC) {
-        logClerk('No Clerk user detected, not setting OIDC session sync header');
-      }
-
-      return response;
-    },
-    {
-      // https://github.com/lobehub/lobe-chat/pull/3084
-      clockSkewInMs: 60 * 60 * 1000,
-      signInUrl: '/login',
-      signUpUrl: '/signup',
-    },
-  );
-
   const betterAuthMiddleware = async (req: NextRequest) => {
     logBetterAuth('BetterAuth middleware processing request: %s %s', req.method, req.url);
 
@@ -343,16 +299,11 @@ export function defineConfig() {
   logDefault('Middleware configuration: %O', {
     enableAuthProtection: appEnv.ENABLE_AUTH_PROTECTION,
     enableBetterAuth: authEnv.NEXT_PUBLIC_ENABLE_BETTER_AUTH,
-    enableClerk: authEnv.NEXT_PUBLIC_ENABLE_CLERK_AUTH,
     enableNextAuth: authEnv.NEXT_PUBLIC_ENABLE_NEXT_AUTH,
     enableOIDC: authEnv.ENABLE_OIDC,
   });
 
   return {
-    middleware: authEnv.NEXT_PUBLIC_ENABLE_CLERK_AUTH
-      ? clerkAuthMiddleware
-      : authEnv.NEXT_PUBLIC_ENABLE_NEXT_AUTH
-        ? nextAuthMiddleware
-        : betterAuthMiddleware,
+    middleware: authEnv.NEXT_PUBLIC_ENABLE_NEXT_AUTH ? nextAuthMiddleware : betterAuthMiddleware,
   };
 }

package/src/libs/next-auth/adapter/index.ts

@@ -23,8 +23,7 @@ interface BackendAdapterResponse {
 export const dateKeys = ['expires', 'emailVerified'];
 
 /**
- * @description LobeNextAuthDbAdapter is implemented to handle the database operations
- * for NextAuth, this function do the same things as `src/app/api/webhooks/clerk/route.ts`
+ * @description LobeNextAuthDbAdapter is implemented to handle the database operations for NextAuth
  * @returns {Adapter}
  */
 export function LobeNextAuthDbAdapter(): Adapter {

package/src/libs/oidc-provider/provider.test.ts

@@ -6,7 +6,6 @@ import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
 // Mock dependencies
 vi.mock('@/envs/auth', () => ({
   enableBetterAuth: false,
-  enableClerk: false,
   enableNextAuth: false,
 }));
 
@@ -38,280 +37,8 @@ describe('OIDC Provider - Market Client Integration', () => {
     vi.resetModules();
   });
 
-  describe('resolveClerkAccount', () => {
-    it('should return undefined when Clerk is disabled', async () => {
-      // Import with Clerk disabled
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: false,
-      }));
-
-      // Note: resolveClerkAccount is not exported, but we can test its behavior
-      // through the findAccount method with market client
-      // For now, we'll test the constants and basic setup
-      const module = await import('./provider');
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-    });
-
-    it('should handle market client ID constant', () => {
-      // The MARKET_CLIENT_ID should match the client in config
-      expect(MARKET_CLIENT_ID).toBe('lobehub-market');
-    });
-  });
-
-  describe('resolveClerkAccount - with Clerk enabled', () => {
-    it('should resolve Clerk user with full profile', async () => {
-      const mockClerkUser = {
-        id: 'user_123',
-        fullName: 'John Doe',
-        firstName: 'John',
-        lastName: 'Doe',
-        username: 'johndoe',
-        imageUrl: 'https://example.com/avatar.jpg',
-        primaryEmailAddressId: 'email_1',
-        emailAddresses: [
-          {
-            id: 'email_1',
-            emailAddress: 'john@example.com',
-            verification: { status: 'verified' },
-          },
-        ],
-      };
-
-      const mockClerkClient = {
-        users: {
-          getUser: vi.fn().mockResolvedValue(mockClerkUser),
-        },
-      };
-
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: true,
-      }));
-
-      vi.doMock('@clerk/nextjs/server', () => ({
-        clerkClient: vi.fn().mockResolvedValue(mockClerkClient),
-      }));
-
-      // Import the provider module to access resolveClerkAccount behavior
-      const module = await import('./provider');
-
-      // Verify the module loads correctly
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-      vi.doUnmock('@clerk/nextjs/server');
-    });
-
-    it('should handle Clerk user with only username', async () => {
-      const mockClerkUser = {
-        id: 'user_123',
-        fullName: null,
-        firstName: null,
-        lastName: null,
-        username: 'johndoe',
-        imageUrl: null,
-        primaryEmailAddressId: 'email_1',
-        emailAddresses: [
-          {
-            id: 'email_1',
-            emailAddress: 'john@example.com',
-            verification: { status: 'verified' },
-          },
-        ],
-      };
-
-      const mockClerkClient = {
-        users: {
-          getUser: vi.fn().mockResolvedValue(mockClerkUser),
-        },
-      };
-
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: true,
-      }));
-
-      vi.doMock('@clerk/nextjs/server', () => ({
-        clerkClient: vi.fn().mockResolvedValue(mockClerkClient),
-      }));
-
-      const module = await import('./provider');
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-      vi.doUnmock('@clerk/nextjs/server');
-    });
-
-    it('should handle Clerk user with firstName and lastName', async () => {
-      const mockClerkUser = {
-        id: 'user_123',
-        fullName: null,
-        firstName: 'John',
-        lastName: 'Doe',
-        username: null,
-        imageUrl: null,
-        primaryEmailAddressId: 'email_1',
-        emailAddresses: [
-          {
-            id: 'email_1',
-            emailAddress: 'john@example.com',
-            verification: { status: 'verified' },
-          },
-        ],
-      };
-
-      const mockClerkClient = {
-        users: {
-          getUser: vi.fn().mockResolvedValue(mockClerkUser),
-        },
-      };
-
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: true,
-      }));
-
-      vi.doMock('@clerk/nextjs/server', () => ({
-        clerkClient: vi.fn().mockResolvedValue(mockClerkClient),
-      }));
-
-      const module = await import('./provider');
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-      vi.doUnmock('@clerk/nextjs/server');
-    });
-
-    it('should handle Clerk user not found', async () => {
-      const mockClerkClient = {
-        users: {
-          getUser: vi.fn().mockResolvedValue(null),
-        },
-      };
-
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: true,
-      }));
-
-      vi.doMock('@clerk/nextjs/server', () => ({
-        clerkClient: vi.fn().mockResolvedValue(mockClerkClient),
-      }));
-
-      const module = await import('./provider');
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-      vi.doUnmock('@clerk/nextjs/server');
-    });
-
-    it('should handle Clerk API error', async () => {
-      const mockClerkClient = {
-        users: {
-          getUser: vi.fn().mockRejectedValue(new Error('Clerk API error')),
-        },
-      };
-
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: true,
-      }));
-
-      vi.doMock('@clerk/nextjs/server', () => ({
-        clerkClient: vi.fn().mockResolvedValue(mockClerkClient),
-      }));
-
-      const module = await import('./provider');
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-      vi.doUnmock('@clerk/nextjs/server');
-    });
-
-    it('should handle email without verification', async () => {
-      const mockClerkUser = {
-        id: 'user_123',
-        fullName: 'John Doe',
-        firstName: 'John',
-        lastName: 'Doe',
-        username: 'johndoe',
-        imageUrl: 'https://example.com/avatar.jpg',
-        primaryEmailAddressId: 'email_1',
-        emailAddresses: [
-          {
-            id: 'email_1',
-            emailAddress: 'john@example.com',
-            verification: null,
-          },
-        ],
-      };
-
-      const mockClerkClient = {
-        users: {
-          getUser: vi.fn().mockResolvedValue(mockClerkUser),
-        },
-      };
-
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: true,
-      }));
-
-      vi.doMock('@clerk/nextjs/server', () => ({
-        clerkClient: vi.fn().mockResolvedValue(mockClerkClient),
-      }));
-
-      const module = await import('./provider');
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-      vi.doUnmock('@clerk/nextjs/server');
-    });
-
-    it('should use first email when no primary email is set', async () => {
-      const mockClerkUser = {
-        id: 'user_123',
-        fullName: 'John Doe',
-        firstName: 'John',
-        lastName: 'Doe',
-        username: 'johndoe',
-        imageUrl: 'https://example.com/avatar.jpg',
-        primaryEmailAddressId: null,
-        emailAddresses: [
-          {
-            id: 'email_2',
-            emailAddress: 'john.first@example.com',
-            verification: { status: 'verified' },
-          },
-          {
-            id: 'email_3',
-            emailAddress: 'john.second@example.com',
-            verification: { status: 'verified' },
-          },
-        ],
-      };
-
-      const mockClerkClient = {
-        users: {
-          getUser: vi.fn().mockResolvedValue(mockClerkUser),
-        },
-      };
-
-      vi.doMock('@/const/auth', () => ({
-        enableClerk: true,
-      }));
-
-      vi.doMock('@clerk/nextjs/server', () => ({
-        clerkClient: vi.fn().mockResolvedValue(mockClerkClient),
-      }));
-
-      const module = await import('./provider');
-      expect(module.API_AUDIENCE).toBe('urn:lobehub:chat');
-
-      vi.doUnmock('@/const/auth');
-      vi.doUnmock('@clerk/nextjs/server');
-    });
-  });
-
   describe('Market Client Logic', () => {
     it('should identify market client correctly', () => {
-      // The market client should route to Clerk resolution
       expect(MARKET_CLIENT_ID).toBe('lobehub-market');
     });
 
@@ -445,32 +172,7 @@ describe('OIDC Provider - Market Client Integration', () => {
   });
 
   describe('Business Logic Scenarios', () => {
-    describe('Scenario 1: Market Client + Clerk Authentication', () => {
-      it('should route market client to Clerk when enableClerk is true', () => {
-        // Business: When user accesses from marketplace, use Clerk for SSO
-        const scenario = {
-          client: 'lobehub-market',
-          authProvider: 'Clerk',
-          useCase: 'Marketplace SSO - users login via Clerk on marketplace',
-        };
-
-        expect(scenario.client).toBe(MARKET_CLIENT_ID);
-        expect(scenario.authProvider).toBe('Clerk');
-      });
-
-      it('should return undefined for market client when Clerk is disabled', () => {
-        // Business: Market requires Clerk, if disabled, auth fails
-        const scenario = {
-          client: 'lobehub-market',
-          clerkEnabled: false,
-          expectedResult: 'undefined (auth fails)',
-        };
-
-        expect(scenario.expectedResult).toBe('undefined (auth fails)');
-      });
-    });
-
-    describe('Scenario 2: Desktop Client + Local Database', () => {
+    describe('Scenario 1: Desktop Client + Local Database', () => {
       it('should use local UserModel for desktop client', () => {
         // Business: Desktop app uses local database for user management
         const scenario = {
@@ -484,7 +186,7 @@ describe('OIDC Provider - Market Client Integration', () => {
       });
     });
 
-    describe('Scenario 3: Mobile Client + Local Database', () => {
+    describe('Scenario 2: Mobile Client + Local Database', () => {
       it('should use local UserModel for mobile client', () => {
         // Business: Mobile app uses local database for user management
         const scenario = {
@@ -498,22 +200,9 @@ describe('OIDC Provider - Market Client Integration', () => {
       });
     });
 
-    describe('Scenario 4: Claims Generation by Client Type', () => {
-      it('should generate Clerk-based claims for market client', () => {
-        // Business: Market users get profile/email from Clerk
-        const marketClaims = {
-          source: 'Clerk API',
-          fields: ['sub', 'name', 'picture', 'email', 'email_verified'],
-          nameResolution: 'fullName || firstName+lastName || username || id',
-        };
-
-        expect(marketClaims.source).toBe('Clerk API');
-        expect(marketClaims.fields).toContain('name');
-        expect(marketClaims.fields).toContain('email');
-      });
-
-      it('should generate database-based claims for non-market clients', () => {
-        // Business: Desktop/Mobile users get profile/email from local DB
+    describe('Scenario 3: Claims Generation', () => {
+      it('should generate database-based claims for clients', () => {
+        // Business: Users get profile/email from local DB
         const localClaims = {
           source: 'UserModel (PostgreSQL/PGLite)',
           fields: ['sub', 'name', 'picture', 'email', 'email_verified'],

package/src/libs/pdfjs/pdf.worker.ts

@@ -0,0 +1 @@
+import 'pdfjs-dist/build/pdf.worker.min.mjs';

package/src/libs/pdfjs/worker.ts

@@ -0,0 +1,12 @@
+'use client';
+
+import { pdfjs } from 'react-pdf';
+
+pdfjs.GlobalWorkerOptions.workerSrc = `https://registry.npmmirror.com/pdfjs-dist/${pdfjs.version}/files/build/pdf.worker.min.mjs`;
+
+// TODO: Re-enable module worker when fully on Turbopack.
+// if (typeof Worker !== 'undefined' && !pdfjs.GlobalWorkerOptions.workerPort) {
+//   pdfjs.GlobalWorkerOptions.workerPort = new Worker(new URL('./pdf.worker.ts', import.meta.url), {
+//     type: 'module',
+//   });
+// }

package/src/libs/trpc/lambda/context.test.ts

@@ -8,7 +8,6 @@ describe('createContextInner', () => {
 
     expect(context).toMatchObject({
       authorizationHeader: undefined,
-      clerkAuth: undefined,
       marketAccessToken: undefined,
       nextAuth: undefined,
       oidcAuth: undefined,
@@ -59,18 +58,6 @@ describe('createContextInner', () => {
     expect(context.oidcAuth).toEqual(oidcAuth);
   });
 
-  it('should create context with Clerk auth data', async () => {
-    const clerkAuth = {
-      userId: 'clerk-user-id',
-      sessionId: 'session-id',
-      getToken: async () => 'clerk-token',
-    } as any;
-
-    const context = await createContextInner({ clerkAuth });
-
-    expect(context.clerkAuth).toBe(clerkAuth);
-  });
-
   it('should create context with NextAuth user data', async () => {
     const nextAuth = {
       id: 'next-auth-user-id',