npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.354 → 2.0.0-next.356 - Mend

@lobehub/lobehub 2.0.0-next.354 → 2.0.0-next.356

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (176) hide show

package/docs/self-hosting/advanced/auth.mdx CHANGED Viewed

@@ -110,14 +110,15 @@ Used by email verification, password reset, and magic-link delivery. Two provide
 Send emails via SMTP protocol, suitable for users with existing email services. See [Nodemailer SMTP docs](https://nodemailer.com/smtp/).
-| Environment Variable     | Type     | Description                                             | Example             |
-| ------------------------ | -------- | ------------------------------------------------------- | ------------------- |
-| `EMAIL_SERVICE_PROVIDER` | Optional | Set to `nodemailer` (default)                           | `nodemailer`        |
-| `SMTP_HOST`              | Required | SMTP server hostname                                    | `smtp.gmail.com`    |
-| `SMTP_PORT`              | Required | SMTP server port (`587` for TLS, `465` for SSL)         | `587`               |
-| `SMTP_SECURE`            | Optional | `true` for SSL (port 465), `false` for TLS (port 587)   | `false`             |
-| `SMTP_USER`              | Required | SMTP auth username                                      | `user@gmail.com`    |
-| `SMTP_PASS`              | Required | SMTP auth password                                      | `your-app-password` |
+| Environment Variable     | Type     | Description                                                       | Example                |
+| ------------------------ | -------- | ----------------------------------------------------------------- | ---------------------- |
+| `EMAIL_SERVICE_PROVIDER` | Optional | Set to `nodemailer` (default)                                     | `nodemailer`           |
+| `SMTP_HOST`              | Required | SMTP server hostname                                              | `smtp.gmail.com`       |
+| `SMTP_PORT`              | Required | SMTP server port (`587` for TLS, `465` for SSL)                   | `587`                  |
+| `SMTP_SECURE`            | Optional | `true` for SSL (port 465), `false` for TLS (port 587)             | `false`                |
+| `SMTP_USER`              | Required | SMTP auth username                                                | `user@gmail.com`       |
+| `SMTP_PASS`              | Required | SMTP auth password                                                | `your-app-password`    |
+| `SMTP_FROM`              | Optional | Sender address (required for AWS SES), defaults to `SMTP_USER`    | `noreply@example.com`  |
 <Callout type={'warning'}>
   When using Gmail, you must use an App Password instead of your account password. Generate one at [Google App Passwords](https://myaccount.google.com/apppasswords).
@@ -127,11 +128,11 @@ Send emails via SMTP protocol, suitable for users with existing email services.
 [Resend](https://resend.com/) is a modern email API service with simple setup, recommended for new users.
-| Environment Variable     | Type        | Description                              | Example                     |
-| ------------------------ | ----------- | ---------------------------------------- | --------------------------- |
-| `EMAIL_SERVICE_PROVIDER` | Required    | Set to `resend`                          | `resend`                    |
-| `RESEND_API_KEY`         | Required    | Resend API Key                           | `re_xxxxxxxxxxxxxxxxxxxxxx` |
-| `RESEND_FROM`            | Recommended | Sender address, must be a verified domain| `noreply@your-domain.com`   |
+| Environment Variable     | Type        | Description                               | Example                     |
+| ------------------------ | ----------- | ----------------------------------------- | --------------------------- |
+| `EMAIL_SERVICE_PROVIDER` | Required    | Set to `resend`                           | `resend`                    |
+| `RESEND_API_KEY`         | Required    | Resend API Key                            | `re_xxxxxxxxxxxxxxxxxxxxxx` |
+| `RESEND_FROM`            | Recommended | Sender address, must be a verified domain | `noreply@your-domain.com`   |
 <Callout type={'info'}>
   Before using Resend, you need to [verify your sending domain](https://resend.com/docs/dashboard/domains/introduction), otherwise emails can only be sent to your own address.
@@ -139,9 +140,9 @@ Send emails via SMTP protocol, suitable for users with existing email services.
 ### Common Configuration
-| Environment Variable      | Type     | Description                                              | Example |
-| ------------------------- | -------- | -------------------------------------------------------- | ------- |
-| `AUTH_EMAIL_VERIFICATION` | Optional | Set to `1` to require email verification (off by default)| `1`     |
+| Environment Variable      | Type     | Description                                               | Example |
+| ------------------------- | -------- | --------------------------------------------------------- | ------- |
+| `AUTH_EMAIL_VERIFICATION` | Optional | Set to `1` to require email verification (off by default) | `1`     |
 ## Magic Link (Passwordless) Login
@@ -155,6 +156,19 @@ Enable magic-link login (depends on a working email provider above, off by defau
   Go to [Environment Variables](/docs/self-hosting/environment-variables/auth#better-auth) for detailed information on all Better Auth variables.
 </Callout>
+## Session Storage Configuration (Optional)
+By default, Better Auth uses the database to store session data. You can configure Redis as secondary storage for better performance and cross-instance session sharing.
+| Environment Variable | Type     | Description                                                  |
+| -------------------- | -------- | ------------------------------------------------------------ |
+| `REDIS_URL`          | Optional | Redis connection URL, enables Redis session storage when set |
+| `REDIS_PREFIX`       | Optional | Redis key prefix, defaults to `lobechat`                     |
+<Callout type={'info'}>
+  When Redis is configured, authentication session data will be stored in Redis, enabling session sharing across multiple service instances and faster session validation. See [Redis Cache Service](/docs/self-hosting/advanced/redis) for detailed configuration.
+</Callout>
 ## FAQ
 ### What SSO providers does Better Auth support?
@@ -164,3 +178,16 @@ Better Auth supports built-in providers (Google, GitHub, Microsoft, Apple, AWS C
 ### How do I enable multiple SSO providers?
 Set the `AUTH_SSO_PROVIDERS` environment variable with a comma-separated list, e.g., `google,github,microsoft`. The order determines the display order on the login page.
+### What if Casdoor users only have username without email?
+The current authentication system requires email. Please configure a valid email address for users in Casdoor. Using a real, valid email is strongly recommended, otherwise features like password reset and magic link login will not work.
+### How do I restrict registration to specific emails or domains?
+Set the `AUTH_ALLOWED_EMAILS` environment variable with a comma-separated list of allowed emails or domains. For example:
+- Allow only `example.com` domain: `AUTH_ALLOWED_EMAILS=example.com`
+- Allow multiple domains and specific emails: `AUTH_ALLOWED_EMAILS=example.com,company.org,admin@other.com`
+Leave empty to allow all emails. This restriction applies to both email registration and SSO login.

package/docs/self-hosting/advanced/auth.zh-CN.mdx CHANGED Viewed

@@ -107,14 +107,15 @@ LobeChat 使用 [Better Auth](https://www.better-auth.com) 作为身份验证解
 使用 SMTP 协议发送邮件，适合已有邮箱服务的用户。参考 [Nodemailer SMTP 文档](https://nodemailer.com/smtp/)。
-| 环境变量                     | 类型 | 描述                                              | 示例                 |
-| ------------------------- | -- | ----------------------------------------------- | ------------------ |
-| `EMAIL_SERVICE_PROVIDER`  | 可选 | 设置为 `nodemailer`（默认值）                           | `nodemailer`       |
-| `SMTP_HOST`               | 必选 | SMTP 服务器主机名                                     | `smtp.gmail.com`   |
-| `SMTP_PORT`               | 必选 | SMTP 服务器端口（TLS 通常为 `587`，SSL 为 `465`）           | `587`              |
-| `SMTP_SECURE`             | 可选 | SSL 设置为 `true`（端口 465），TLS 设置为 `false`（端口 587） | `false`            |
-| `SMTP_USER`               | 必选 | SMTP 认证用户名                                      | `user@gmail.com`   |
-| `SMTP_PASS`               | 必选 | SMTP 认证密码                                       | `your-app-password`|
+| 环境变量                     | 类型 | 描述                                             | 示例                     |
+| ------------------------ | -- | ---------------------------------------------- | ---------------------- |
+| `EMAIL_SERVICE_PROVIDER` | 可选 | 设置为 `nodemailer`（默认值）                          | `nodemailer`           |
+| `SMTP_HOST`              | 必选 | SMTP 服务器主机名                                    | `smtp.gmail.com`       |
+| `SMTP_PORT`              | 必选 | SMTP 服务器端口（TLS 通常为 `587`，SSL 为 `465`）          | `587`                  |
+| `SMTP_SECURE`            | 可选 | SSL 设置为 `true`（端口 465），TLS 设置为 `false`（端口 587） | `false`                |
+| `SMTP_USER`              | 必选 | SMTP 认证用户名                                     | `user@gmail.com`       |
+| `SMTP_PASS`              | 必选 | SMTP 认证密码                                      | `your-app-password`    |
+| `SMTP_FROM`              | 可选 | 发件人地址（AWS SES 必填），默认为 `SMTP_USER`             | `noreply@example.com`  |
 <Callout type={'warning'}>
   使用 Gmail 时，需使用应用专用密码而非账户密码。前往 [Google 应用专用密码](https://myaccount.google.com/apppasswords) 生成。
@@ -124,11 +125,11 @@ LobeChat 使用 [Better Auth](https://www.better-auth.com) 作为身份验证解
 [Resend](https://resend.com/) 是一个现代邮件 API 服务，配置简单，推荐新用户使用。
-| 环境变量                     | 类型 | 描述                                 | 示例                          |
-| ------------------------- | -- | ---------------------------------- | --------------------------- |
-| `EMAIL_SERVICE_PROVIDER`  | 必选 | 设置为 `resend`                       | `resend`                    |
-| `RESEND_API_KEY`          | 必选 | Resend API Key                     | `re_xxxxxxxxxxxxxxxxxxxxxx` |
-| `RESEND_FROM`             | 推荐 | 发件人地址，需为 Resend 已验证域名下的邮箱          | `noreply@your-domain.com`   |
+| 环境变量                     | 类型 | 描述                        | 示例                          |
+| ------------------------ | -- | ------------------------- | --------------------------- |
+| `EMAIL_SERVICE_PROVIDER` | 必选 | 设置为 `resend`              | `resend`                    |
+| `RESEND_API_KEY`         | 必选 | Resend API Key            | `re_xxxxxxxxxxxxxxxxxxxxxx` |
+| `RESEND_FROM`            | 推荐 | 发件人地址，需为 Resend 已验证域名下的邮箱 | `noreply@your-domain.com`   |
 <Callout type={'info'}>
   使用 Resend 前需先 [验证发件域名](https://resend.com/docs/dashboard/domains/introduction)，否则只能发送到自己的邮箱。
@@ -136,9 +137,9 @@ LobeChat 使用 [Better Auth](https://www.better-auth.com) 作为身份验证解
 ### 通用配置
-| 环境变量                      | 类型 | 描述                           | 示例 |
-| ------------------------- | -- | ---------------------------- | -- |
-| `AUTH_EMAIL_VERIFICATION` | 可选 | 设置为 `1` 以要求用户在登录前验证邮箱（默认关闭） | `1`|
+| 环境变量                      | 类型 | 描述                          | 示例  |
+| ------------------------- | -- | --------------------------- | --- |
+| `AUTH_EMAIL_VERIFICATION` | 可选 | 设置为 `1` 以要求用户在登录前验证邮箱（默认关闭） | `1` |
 ## 魔法链接（免密）登录
@@ -152,6 +153,19 @@ LobeChat 使用 [Better Auth](https://www.better-auth.com) 作为身份验证解
   前往 [环境变量](/zh/docs/self-hosting/environment-variables/auth#better-auth) 可查阅所有 Better Auth 相关变量详情。
 </Callout>
+## 会话存储配置（可选）
+默认情况下，Better Auth 使用数据库存储会话数据。你可以配置 Redis 作为二级存储，以获得更好的性能和跨实例会话共享能力。
+| 环境变量           | 类型 | 描述                              |
+| -------------- | -- | ------------------------------- |
+| `REDIS_URL`    | 可选 | Redis 连接 URL，配置后自动启用 Redis 会话存储 |
+| `REDIS_PREFIX` | 可选 | Redis 键前缀，默认为 `lobechat`        |
+<Callout type={'info'}>
+  配置 Redis 后，认证会话数据将存储在 Redis 中，可以实现跨多个服务实例的会话共享，并提升会话验证速度。详细配置请参阅 [Redis 缓存服务](/zh/docs/self-hosting/advanced/redis)。
+</Callout>
 ## 常见问题
 ### Better Auth 支持哪些 SSO 提供商？
@@ -161,3 +175,17 @@ Better Auth 支持内置提供商（Google、GitHub、Microsoft、Apple、AWS Co
 ### 如何启用多个 SSO 提供商？
 设置 `AUTH_SSO_PROVIDERS` 环境变量，使用逗号分隔多个提供商，例如 `google,github,microsoft`。顺序决定登录页面上的显示顺序。
+### Casdoor 用户只有 username 没有 email 怎么办？
+当前身份验证方案强依赖 email。请在 Casdoor 中为用户配置有效的 email 地址。
+强烈建议使用真实有效的邮箱，否则密码重置、魔法链接登录等功能将无法使用。
+### 如何限制只允许特定邮箱或域名注册？
+设置 `AUTH_ALLOWED_EMAILS` 环境变量，支持完整邮箱地址或域名，以逗号分隔。例如：
+- 只允许 `example.com` 域名：`AUTH_ALLOWED_EMAILS=example.com`
+- 允许多个域名和特定邮箱：`AUTH_ALLOWED_EMAILS=example.com,company.org,admin@other.com`
+留空表示允许所有邮箱注册。此限制对邮箱注册和 SSO 登录均有效。

package/docs/self-hosting/advanced/redis/upstash.mdx ADDED Viewed

@@ -0,0 +1,69 @@
+---
+title: Configuring Upstash Redis Service
+description: Step-by-step guide to configure Upstash Redis for LobeChat cache and session storage.
+tags:
+  - Upstash
+  - Redis
+  - Cache
+  - Configuration Guide
+---
+# Configuring Upstash Redis Service
+[Upstash](https://upstash.com/) is a serverless Redis service that provides a free tier and pay-as-you-go pricing, making it ideal for LobeChat deployments.
+## Configuration Steps
+<Steps>
+  ### Create Redis Database on Upstash
+  1. Visit [Upstash Console](https://console.upstash.com/) and sign up
+  2. Click **Create Database** and configure: name, region, enable TLS
+  3. Copy the **Redis URL** (TCP connection, not REST API) from the database details page:
+  <Image alt={'Copy Redis URL from Upstash'} src={'https://hub-apac-1.lobeobjects.space/docs/43d110283ba816c0c2b45408e4f9d344.png'} />
+  ### Configure Environment Variables
+  ```shell
+  # Upstash Redis URL (copy from Upstash console)
+  REDIS_URL=rediss://default:xxxxxxxxxxxxx@us1-xxxxx-xxxxx.upstash.io:6379
+  # Optional: Enable TLS (recommended for Upstash)
+  REDIS_TLS=1
+  # Optional: Set a prefix for Redis keys
+  REDIS_PREFIX=lobechat
+  ```
+  <Callout type={'info'}>
+    Upstash uses `rediss://` (with double 's') for TLS connections. LobeChat supports this format automatically.
+  </Callout>
+</Steps>
+## Environment Variables Overview
+```shell
+# Upstash Redis Connection URL
+REDIS_URL=rediss://default:xxxxxxxxxxxxx@us1-xxxxx-xxxxx.upstash.io:6379
+# Optional: Enable TLS encryption (recommended for Upstash)
+REDIS_TLS=1
+# Optional: Key prefix for data isolation
+REDIS_PREFIX=lobechat
+```
+## Notes
+<Callout type={'tip'}>
+  Upstash offers a generous free tier with 10,000 commands per day, which is sufficient for personal use and small deployments.
+</Callout>
+<Callout type={'warning'}>
+  Make sure to keep your Redis URL secure and never expose it in client-side code or public repositories.
+</Callout>
+- **Free Tier Limits**: 10,000 commands/day, 256MB storage
+- **TLS Required**: Upstash requires TLS connections, ensure `REDIS_TLS=1` is set
+- **Regional vs Global**: Choose Global for better latency if your users are distributed worldwide

package/docs/self-hosting/advanced/redis/upstash.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,69 @@
+---
+title: 配置 Upstash Redis 服务
+description: 详细指南：如何配置 Upstash Redis 用于 LobeChat 的缓存和会话存储。
+tags:
+  - Upstash
+  - Redis
+  - 缓存
+  - 配置指南
+---
+# 配置 Upstash Redis 服务
+[Upstash](https://upstash.com/) 是一个 Serverless Redis 服务，提供免费额度和按量付费模式，非常适合 LobeChat 部署使用。
+## 配置步骤
+<Steps>
+  ### 在 Upstash 创建 Redis 数据库
+  1. 访问 [Upstash 控制台](https://console.upstash.com/) 并注册
+  2. 点击 **Create Database**，配置：名称、区域、启用 TLS
+  3. 从数据库详情页复制 **Redis URL**（TCP 连接方式，不是 REST API）：
+  <Image alt={'从 Upstash 复制 Redis URL'} src={'https://hub-apac-1.lobeobjects.space/docs/43d110283ba816c0c2b45408e4f9d344.png'} />
+  ### 配置环境变量
+  ```shell
+  # Upstash Redis URL（从 Upstash 控制台复制）
+  REDIS_URL=rediss://default:xxxxxxxxxxxxx@us1-xxxxx-xxxxx.upstash.io:6379
+  # 可选：启用 TLS（Upstash 推荐）
+  REDIS_TLS=1
+  # 可选：设置 Redis 键前缀
+  REDIS_PREFIX=lobechat
+  ```
+  <Callout type={'info'}>
+    Upstash 使用 `rediss://`（双 's'）表示 TLS 连接，LobeChat 自动支持此格式。
+  </Callout>
+</Steps>
+## 环境变量概览
+```shell
+# Upstash Redis 连接 URL
+REDIS_URL=rediss://default:xxxxxxxxxxxxx@us1-xxxxx-xxxxx.upstash.io:6379
+# 可选：启用 TLS 加密（Upstash 推荐）
+REDIS_TLS=1
+# 可选：键前缀，用于数据隔离
+REDIS_PREFIX=lobechat
+```
+## 注意事项
+<Callout type={'tip'}>
+  Upstash 提供慷慨的免费额度：每天 10,000 次命令，足够个人使用和小规模部署。
+</Callout>
+<Callout type={'warning'}>
+  请确保安全保管你的 Redis URL，切勿在客户端代码或公开仓库中暴露。
+</Callout>
+- **免费额度限制**：每天 10,000 次命令，256MB 存储
+- **TLS 必需**：Upstash 要求 TLS 连接，确保设置 `REDIS_TLS=1`
+- **Regional vs Global**：如果用户分布全球，选择 Global 可获得更低延迟

package/docs/self-hosting/advanced/redis.mdx ADDED Viewed

@@ -0,0 +1,128 @@
+---
+title: Configure Redis Cache Service
+description: Learn how to configure Redis cache service to optimize LobeChat performance and session management.
+tags:
+  - Redis
+  - Cache
+  - Session Storage
+  - Performance
+---
+# Configure Redis Cache Service
+LobeChat uses Redis as a high-performance cache and session storage service to optimize system performance and manage user authentication state.
+<Callout type={'info'}>
+  LobeChat uses the standard Redis protocol (via ioredis library), supporting any Redis
+  protocol-compatible service, including official Redis, self-hosted Redis, and cloud provider Redis
+  services (such as AWS ElastiCache, Alibaba Cloud Redis, etc.).
+</Callout>
+## Use Cases
+Redis is used in LobeChat for the following scenarios:
+### Authentication Session Storage
+As secondary storage for Better Auth, used to store user authentication sessions and token data. This enables:
+- Sharing session state across multiple service instances
+- Faster session validation
+- Session revocation and management support
+### File Proxy Cache
+Caches S3 presigned URLs to reduce S3 API calls and optimize file access performance.
+### Agent Configuration Cache
+Caches Agent configuration data to reduce database queries and improve response speed.
+## Core Environment Variables
+<Steps>
+  ### `REDIS_URL`
+  The Redis server connection URL. This is required to enable Redis functionality.
+  ```shell
+  REDIS_URL=redis://localhost:6379
+  ```
+  Supported URL formats:
+  - Standard: `redis://localhost:6379`
+  - With authentication: `redis://username:password@localhost:6379`
+  - With database: `redis://localhost:6379/0`
+  ### `REDIS_PREFIX`
+  The prefix for Redis keys, used to isolate LobeChat data in a shared Redis instance.
+  - Default: `lobechat`
+  - Example: `REDIS_PREFIX=my-lobechat`
+  ### `REDIS_TLS`
+  Whether to enable TLS/SSL encrypted connection.
+  - Default: `false`
+  - Example: `REDIS_TLS=true`
+  <Callout type={'tip'}>
+    If you use Redis services from cloud providers, you usually need to enable TLS to ensure secure
+    data transmission.
+  </Callout>
+  ### `REDIS_PASSWORD`
+  Redis authentication password (optional). Set this if your Redis server is configured with password authentication.
+  ### `REDIS_USERNAME`
+  Redis authentication username (optional). Redis 6.0+ supports ACL user authentication. Set this if using username authentication.
+  ### `REDIS_DATABASE`
+  Redis database index (optional). Redis supports multiple databases (default 0-15), you can specify which database to use.
+  - Default: `0`
+  - Example: `REDIS_DATABASE=1`
+</Steps>
+## Configuration Examples
+### Local Development
+```shell
+REDIS_URL=redis://localhost:6379
+REDIS_PREFIX=lobechat-dev
+```
+### Production (with authentication)
+```shell
+REDIS_URL=redis://localhost:6379
+REDIS_PASSWORD=your-strong-password
+REDIS_PREFIX=lobechat
+REDIS_TLS=true
+```
+### Cloud Service (e.g., AWS ElastiCache)
+```shell
+REDIS_URL=redis://your-cluster.cache.amazonaws.com:6379
+REDIS_TLS=true
+REDIS_PREFIX=lobechat
+```
+## Notes
+<Callout type={'warning'}>
+  Redis is an optional service. If `REDIS_URL` is not configured, LobeChat will still function
+  normally, but will lose the caching and session management optimizations mentioned above.
+</Callout>
+- **Memory Management**: Redis is an in-memory database, ensure your server has sufficient memory
+- **Persistence**: Enable Redis RDB or AOF persistence to prevent data loss
+- **High Availability**: For production, consider using Redis Sentinel or Redis Cluster for high availability

package/docs/self-hosting/advanced/redis.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,126 @@
+---
+title: 配置 Redis 缓存服务
+description: 了解如何配置 Redis 缓存服务以优化 LobeChat 的性能和会话管理。
+tags:
+  - Redis
+  - 缓存
+  - 会话存储
+  - 性能优化
+---
+# 配置 Redis 缓存服务
+LobeChat 使用 Redis 作为高性能缓存和会话存储服务，用于优化系统性能和管理用户认证状态。
+<Callout type={'info'}>
+  LobeChat 使用标准 Redis 协议（通过 ioredis 库），支持任何兼容 Redis 协议的服务，包括 Redis
+  官方服务、自部署 Redis、以及云服务商提供的 Redis 服务（如 AWS ElastiCache、阿里云 Redis
+  等）。
+</Callout>
+## 使用场景
+Redis 在 LobeChat 中主要用于以下场景：
+### 认证会话存储
+作为 Better Auth 的二级存储，用于存储用户认证 session 和 token 数据。这可以实现：
+- 跨多个服务实例共享会话状态
+- 更快的会话验证速度
+- 支持会话撤销和管理
+### 文件代理缓存
+缓存 S3 预签名 URL，减少对 S3 API 的调用次数，优化文件访问性能。
+### Agent 配置缓存
+缓存 Agent 配置数据，减少数据库查询，提升响应速度。
+## 核心环境变量
+<Steps>
+  ### `REDIS_URL`
+  Redis 服务器的连接 URL，这是启用 Redis 功能的必需配置。
+  ```shell
+  REDIS_URL=redis://localhost:6379
+  ```
+  支持的 URL 格式：
+  - 标准格式：`redis://localhost:6379`
+  - 带认证：`redis://username:password@localhost:6379`
+  - 带数据库：`redis://localhost:6379/0`
+  ### `REDIS_PREFIX`
+  Redis 键的前缀，用于在共享 Redis 实例中隔离 LobeChat 的数据。
+  - 默认值：`lobechat`
+  - 示例：`REDIS_PREFIX=my-lobechat`
+  ### `REDIS_TLS`
+  是否启用 TLS/SSL 加密连接。
+  - 默认值：`false`
+  - 示例：`REDIS_TLS=true`
+  <Callout type={'tip'}>
+    如果你使用云服务商提供的 Redis 服务，通常需要启用 TLS 以确保数据传输安全。
+  </Callout>
+  ### `REDIS_PASSWORD`
+  Redis 认证密码（可选）。如果 Redis 服务器配置了密码认证，需要设置此变量。
+  ### `REDIS_USERNAME`
+  Redis 认证用户名（可选）。Redis 6.0+ 支持 ACL 用户认证，如果使用了用户名认证，需要设置此变量。
+  ### `REDIS_DATABASE`
+  Redis 数据库索引（可选）。Redis 支持多个数据库（默认 0-15），可以指定使用的数据库。
+  - 默认值：`0`
+  - 示例：`REDIS_DATABASE=1`
+</Steps>
+## 配置示例
+### 本地开发
+```shell
+REDIS_URL=redis://localhost:6379
+REDIS_PREFIX=lobechat-dev
+```
+### 生产环境（带认证）
+```shell
+REDIS_URL=redis://localhost:6379
+REDIS_PASSWORD=your-strong-password
+REDIS_PREFIX=lobechat
+REDIS_TLS=true
+```
+### 云服务（如 AWS ElastiCache）
+```shell
+REDIS_URL=redis://your-cluster.cache.amazonaws.com:6379
+REDIS_TLS=true
+REDIS_PREFIX=lobechat
+```
+## 注意事项
+<Callout type={'warning'}>
+  Redis 是可选服务。如果不配置 `REDIS_URL`，LobeChat 仍然可以正常运行，但会失去上述缓存和会话管理的优化功能。
+</Callout>
+- **内存管理**：Redis 是内存数据库，请确保服务器有足够的内存
+- **持久化**：建议启用 Redis 的 RDB 或 AOF 持久化，防止数据丢失
+- **高可用**：生产环境建议使用 Redis Sentinel 或 Redis Cluster 实现高可用

package/docs/self-hosting/environment-variables/auth.mdx CHANGED Viewed

@@ -27,7 +27,7 @@ LobeChat provides a complete authentication service capability when deployed. Th
 - Default: `-`
 - Example: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=`
-#### `NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION`
+#### `AUTH_EMAIL_VERIFICATION`
 - Type: Optional
 - Description: Set to `1` to require email verification before users can sign in. Users must verify their email address after registration.
@@ -41,6 +41,13 @@ LobeChat provides a complete authentication service capability when deployed. Th
 - Default: `-`
 - Example: `google,github,microsoft,cognito`
+#### `AUTH_ALLOWED_EMAILS`
+- Type: Optional
+- Description: Comma-separated list of allowed emails or domains for registration. Supports full email addresses (e.g., `user@example.com`) or domain names (e.g., `example.com`). Leave empty to allow all emails.
+- Default: `-`
+- Example: `example.com,admin@other.com`
 #### `JWKS_KEY`
 - Type: Required
@@ -95,6 +102,13 @@ These settings are required for email verification and password reset features.
 - Default: `-`
 - Example: `your-app-specific-password`
+#### `SMTP_FROM`
+- Type: Optional
+- Description: Sender email address. Required for AWS SES where `SMTP_USER` is not a valid email address. If not set, defaults to `SMTP_USER`.
+- Default: Value of `SMTP_USER`
+- Example: `noreply@example.com`
 ### Google
 #### `AUTH_GOOGLE_ID`

package/docs/self-hosting/environment-variables/auth.zh-CN.mdx CHANGED Viewed

@@ -25,7 +25,7 @@ LobeChat 在部署时提供了完善的身份验证服务能力，以下是相
 - 默认值：`-`
 - 示例：`Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=`
-#### `NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION`
+#### `AUTH_EMAIL_VERIFICATION`
 - 类型：可选
 - 描述：设置为 `1` 以要求用户在登录前验证邮箱。用户注册后必须验证邮箱地址。
@@ -39,6 +39,13 @@ LobeChat 在部署时提供了完善的身份验证服务能力，以下是相
 - 默认值：`-`
 - 示例：`google,github,microsoft,cognito`
+#### `AUTH_ALLOWED_EMAILS`
+- 类型：可选
+- 描述：允许注册的邮箱或域名白名单，以逗号分隔。支持完整邮箱地址（如 `user@example.com`）或域名（如 `example.com`）。留空表示允许所有邮箱。
+- 默认值：`-`
+- 示例：`example.com,admin@other.com`
 #### `JWKS_KEY`
 - 类型：必选
@@ -93,6 +100,13 @@ LobeChat 在部署时提供了完善的身份验证服务能力，以下是相
 - 默认值：`-`
 - 示例：`your-app-specific-password`
+#### `SMTP_FROM`
+- 类型：可选
+- 描述：发件人邮箱地址。AWS SES 等服务需要此配置（因为 `SMTP_USER` 不是有效邮箱地址）。若未设置，默认使用 `SMTP_USER`。
+- 默认值：`SMTP_USER` 的值
+- 示例：`noreply@example.com`
 ### Google
 #### `AUTH_GOOGLE_ID`

package/docs/self-hosting/environment-variables/basic.mdx CHANGED Viewed

@@ -19,6 +19,19 @@ LobeChat provides some additional configuration options during deployment, which
 ## Common Variables
+### `KEY_VAULTS_SECRET`
+- Type: Required (server database mode)
+- Description: Used to encrypt sensitive information stored by users in the database (such as API Keys, baseURL, etc.), preventing exposure of critical information in case of database breach
+- Default: -
+- Example: `Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=`
+<Callout type={'warning'}>
+  This key is used to encrypt sensitive data. Once set, do not change it, otherwise encrypted data cannot be decrypted.
+</Callout>
+<GenerateSecret envName="KEY_VAULTS_SECRET" />
 ### `API_KEY_SELECT_MODE`
 - Type：Optional