@lobehub/lobehub 2.0.0-next.355 → 2.0.0-next.356

package/src/libs/trpc/lambda/context.ts

@@ -1,16 +1,10 @@
 import { type ClientSecretPayload } from '@lobechat/types';
 import { parse } from 'cookie';
 import debug from 'debug';
-import { type User } from 'next-auth';
 import { type NextRequest } from 'next/server';
 
-import {
-  LOBE_CHAT_AUTH_HEADER,
-  LOBE_CHAT_OIDC_AUTH_HEADER,
-  authEnv,
-  enableBetterAuth,
-  enableNextAuth,
-} from '@/envs/auth';
+import { auth } from '@/auth';
+import { LOBE_CHAT_AUTH_HEADER, LOBE_CHAT_OIDC_AUTH_HEADER, authEnv } from '@/envs/auth';
 import { validateOIDCJWT } from '@/libs/oidc-provider/jwt';
 
 // Create context logger namespace
@@ -43,7 +37,6 @@ export interface AuthContext {
   clientIp?: string | null;
   jwtPayload?: ClientSecretPayload | null;
   marketAccessToken?: string;
-  nextAuth?: User;
   // Add OIDC authentication information
   oidcAuth?: OIDCAuth | null;
   resHeaders?: Headers;
@@ -59,7 +52,6 @@ export const createContextInner = async (params?: {
   authorizationHeader?: string | null;
   clientIp?: string | null;
   marketAccessToken?: string;
-  nextAuth?: User;
   oidcAuth?: OIDCAuth | null;
   userAgent?: string;
   userId?: string | null;
@@ -71,7 +63,6 @@ export const createContextInner = async (params?: {
     authorizationHeader: params?.authorizationHeader,
     clientIp: params?.clientIp,
     marketAccessToken: params?.marketAccessToken,
-    nextAuth: params?.nextAuth,
     oidcAuth: params?.oidcAuth,
     resHeaders: responseHeaders,
     userAgent: params?.userAgent,
@@ -120,7 +111,6 @@ export const createLambdaContext = async (request: NextRequest): Promise<LambdaC
   log('LobeChat Authorization header: %s', authorization ? 'exists' : 'not found');
 
   let userId;
-  let auth;
   let oidcAuth = null;
 
   // Prioritize checking for OIDC authentication (both standard Authorization and custom Oidc-Auth headers)
@@ -159,55 +149,27 @@ export const createLambdaContext = async (request: NextRequest): Promise<LambdaC
     }
   }
 
-  // If OIDC is not enabled or validation fails, try other authentication methods
-  if (enableBetterAuth) {
-    log('Attempting Better Auth authentication');
-    try {
-      const { auth: betterAuth } = await import('@/auth');
-
-      const session = await betterAuth.api.getSession({
-        headers: request.headers,
-      });
-
-      if (session && session?.user?.id) {
-        userId = session.user.id;
-        log('Better Auth authentication successful, userId: %s', userId);
-      } else {
-        log('Better Auth authentication failed, no valid session');
-      }
-
-      return createContextInner({
-        ...commonContext,
-        userId,
-      });
-    } catch (e) {
-      log('Better Auth authentication error: %O', e);
-      console.error('better auth err', e);
+  // If OIDC is not enabled or validation fails, try Better Auth authentication
+  log('Attempting Better Auth authentication');
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+
+    if (session && session?.user?.id) {
+      userId = session.user.id;
+      log('Better Auth authentication successful, userId: %s', userId);
+    } else {
+      log('Better Auth authentication failed, no valid session');
     }
-  }
 
-  if (enableNextAuth) {
-    log('Attempting NextAuth authentication');
-    try {
-      const { default: NextAuth } = await import('@/libs/next-auth');
-
-      const session = await NextAuth.auth();
-      if (session && session?.user?.id) {
-        auth = session.user;
-        userId = session.user.id;
-        log('NextAuth authentication successful, userId: %s', userId);
-      } else {
-        log('NextAuth authentication failed, no valid session');
-      }
-      return createContextInner({
-        nextAuth: auth,
-        ...commonContext,
-        userId,
-      });
-    } catch (e) {
-      log('NextAuth authentication error: %O', e);
-      console.error('next auth err', e);
-    }
+    return createContextInner({
+      ...commonContext,
+      userId,
+    });
+  } catch (e) {
+    log('Better Auth authentication error: %O', e);
+    console.error('better auth err', e);
   }
 
   // Final return, userId may be undefined

package/src/libs/trpc/middleware/userAuth.ts

@@ -1,7 +1,5 @@
 import { TRPCError } from '@trpc/server';
 
-import { enableBetterAuth, enableNextAuth } from '@/envs/auth';
-
 import { trpc } from '../lambda/init';
 
 export const userAuth = trpc.middleware(async (opts) => {
@@ -9,11 +7,7 @@ export const userAuth = trpc.middleware(async (opts) => {
 
   // `ctx.user` is nullable
   if (!ctx.userId) {
-    if (enableBetterAuth) {
-      console.log('better auth: no session found in context');
-    } else if (enableNextAuth) {
-      console.log('next auth:', ctx.nextAuth);
-    }
+    console.log('better auth: no session found in context');
     throw new TRPCError({ code: 'UNAUTHORIZED' });
   }
 

package/src/libs/trusted-client/getSessionUser.ts

@@ -1,50 +1,30 @@
-import { enableBetterAuth, enableNextAuth } from '@/envs/auth';
+import { headers } from 'next/headers';
 
 import type { TrustedClientUserInfo } from './index';
 
 /**
  * Get user info from the current session for trusted client authentication
- * This works with different authentication providers (BetterAuth, NextAuth)
  *
  * @returns User info or undefined if not authenticated
  */
 export const getSessionUser = async (): Promise<TrustedClientUserInfo | undefined> => {
   try {
-    if (enableBetterAuth) {
-      const { headers } = await import('next/headers');
-      const { auth } = await import('@/auth');
-      const headersList = await headers();
-      const session = await auth.api.getSession({
-        headers: headersList,
-      });
-
-      if (!session?.user?.id || !session?.user?.email) {
-        return undefined;
-      }
-
-      return {
-        email: session.user.email,
-        name: session.user.name || undefined,
-        userId: session.user.id,
-      };
+    // Dynamic import to avoid validator ESM/CJS issue during sitemap generation
+    const { auth } = await import('@/auth');
+    const headersList = await headers();
+    const session = await auth.api.getSession({
+      headers: headersList,
+    });
+
+    if (!session?.user?.id || !session?.user?.email) {
+      return undefined;
     }
 
-    if (enableNextAuth) {
-      const { default: NextAuth } = await import('@/libs/next-auth');
-      const session = await NextAuth.auth();
-
-      if (!session?.user?.id || !session?.user?.email) {
-        return undefined;
-      }
-
-      return {
-        email: session.user.email,
-        name: session.user.name || undefined,
-        userId: session.user.id,
-      };
-    }
-
-    return undefined;
+    return {
+      email: session.user.email,
+      name: session.user.name || undefined,
+      userId: session.user.id,
+    };
   } catch {
     return undefined;
   }

package/src/server/globalConfig/index.ts

@@ -90,9 +90,7 @@ export const getServerGlobalConfig = async () => {
     memory: {
       userMemory: cleanObject(getPublicMemoryExtractionConfig()),
     },
-    oAuthSSOProviders: authEnv.NEXT_PUBLIC_ENABLE_BETTER_AUTH
-      ? getBetterAuthSSOProviders()
-      : authEnv.NEXT_AUTH_SSO_PROVIDERS.trim().split(/[,，]/),
+    oAuthSSOProviders: getBetterAuthSSOProviders(),
     systemAgent: parseSystemAgent(appEnv.SYSTEM_AGENT),
     telemetry: {
       langfuse: langfuseEnv.ENABLE_LANGFUSE,

package/src/server/routers/lambda/__tests__/user.test.ts

@@ -6,7 +6,6 @@ import { SessionModel } from '@/database/models/session';
 import { UserModel, UserNotFoundError } from '@/database/models/user';
 import { serverDB } from '@/database/server';
 import { KeyVaultsGateKeeper } from '@/server/modules/KeyVaultsEncrypt';
-import { NextAuthUserService } from '@/server/services/nextAuthUser';
 import { UserService } from '@/server/services/user';
 
 import { userRouter } from '../user';
@@ -22,11 +21,6 @@ vi.mock('@/database/models/user');
 vi.mock('@/server/modules/KeyVaultsEncrypt');
 vi.mock('@/server/modules/S3');
 vi.mock('@/server/services/user');
-vi.mock('@/server/services/nextAuthUser');
-vi.mock('@/envs/auth', () => ({
-  enableBetterAuth: false,
-  enableNextAuth: false,
-}));
 
 describe('userRouter', () => {
   const mockUserId = 'test-user-id';
@@ -122,7 +116,6 @@ describe('userRouter', () => {
         userId: mockUserId,
       });
     });
-
   });
 
   describe('makeUserOnboarded', () => {
@@ -140,47 +133,6 @@ describe('userRouter', () => {
     });
   });
 
-  describe('unlinkSSOProvider', () => {
-    it('should unlink SSO provider successfully', async () => {
-      const mockInput = {
-        provider: 'google',
-        providerAccountId: '123',
-      };
-
-      const mockAccount = {
-        userId: mockUserId,
-        provider: 'google',
-        providerAccountId: '123',
-        type: 'oauth',
-      };
-
-      vi.mocked(NextAuthUserService).mockReturnValue({
-        getAccount: vi.fn().mockResolvedValue(mockAccount),
-        unlinkAccount: vi.fn().mockResolvedValue(undefined),
-      } as any);
-
-      await expect(
-        userRouter.createCaller({ ...mockCtx }).unlinkSSOProvider(mockInput),
-      ).resolves.not.toThrow();
-    });
-
-    it('should throw error if account does not exist', async () => {
-      const mockInput = {
-        provider: 'google',
-        providerAccountId: '123',
-      };
-
-      vi.mocked(NextAuthUserService).mockReturnValue({
-        getAccount: vi.fn().mockResolvedValue(null),
-        unlinkAccount: vi.fn(),
-      } as any);
-
-      await expect(
-        userRouter.createCaller({ ...mockCtx }).unlinkSSOProvider(mockInput),
-      ).rejects.toThrow('The account does not exist');
-    });
-  });
-
   describe('updateSettings', () => {
     it('should update settings with encrypted key vaults', async () => {
       const mockSettings = {

package/src/server/routers/lambda/user.ts

@@ -1,6 +1,5 @@
 import { isDesktop } from '@lobechat/const';
 import {
-  NextAuthAccountSchame,
   Plans,
   UserGuideSchema,
   type UserInitializationState,
@@ -16,8 +15,8 @@ import { v4 as uuidv4 } from 'uuid';
 import { z } from 'zod';
 
 import {
-  getIsInviteCodeRequired,
   getIsInWaitList,
+  getIsInviteCodeRequired,
   getReferralStatus,
   getSubscriptionPlan,
 } from '@/business/server/user';
@@ -29,7 +28,6 @@ import { serverDatabase } from '@/libs/trpc/lambda/middleware';
 import { KeyVaultsGateKeeper } from '@/server/modules/KeyVaultsEncrypt';
 import { FileS3 } from '@/server/modules/S3';
 import { FileService } from '@/server/services/file';
-import { NextAuthUserService } from '@/server/services/nextAuthUser';
 
 const usernameSchema = z
   .string()
@@ -42,7 +40,6 @@ const userProcedure = authedProcedure.use(serverDatabase).use(async ({ ctx, next
     ctx: {
       fileService: new FileService(ctx.serverDB, ctx.userId),
       messageModel: new MessageModel(ctx.serverDB, ctx.userId),
-      nextAuthUserService: new NextAuthUserService(ctx.serverDB),
       sessionModel: new SessionModel(ctx.serverDB, ctx.userId),
       userModel: new UserModel(ctx.serverDB, ctx.userId),
     },
@@ -138,14 +135,6 @@ export const userRouter = router({
     return ctx.userModel.deleteSetting();
   }),
 
-  unlinkSSOProvider: userProcedure.input(NextAuthAccountSchame).mutation(async ({ ctx, input }) => {
-    const { provider, providerAccountId } = input;
-    const account = await ctx.nextAuthUserService.getAccount(providerAccountId, provider);
-    // The userId can either get from ctx.nextAuth?.id or ctx.userId
-    if (!account || account.userId !== ctx.userId) throw new Error('The account does not exist');
-    await ctx.nextAuthUserService.unlinkAccount({ provider, providerAccountId });
-  }),
-
   updateAvatar: userProcedure.input(z.string()).mutation(async ({ ctx, input }) => {
     // If it's Base64 data, need to upload to S3
     if (input.startsWith('data:image')) {

package/src/server/services/email/impls/nodemailer/index.ts

@@ -49,8 +49,8 @@ export class NodemailerImpl implements EmailServiceImpl {
   }
 
   async sendMail(payload: EmailPayload): Promise<EmailResponse> {
-    // Use SMTP_USER as default sender if not provided
-    const from = payload.from ?? emailEnv.SMTP_USER!;
+    // Use SMTP_FROM as default sender, fallback to SMTP_USER for backward compatibility
+    const from = payload.from ?? emailEnv.SMTP_FROM ?? emailEnv.SMTP_USER!;
 
     log('Sending email with payload: %o', {
       from,

package/src/server/services/webhookUser/index.ts

@@ -0,0 +1,88 @@
+import { type LobeChatDatabase } from '@lobechat/database';
+import { and, eq } from 'drizzle-orm';
+import { NextResponse } from 'next/server';
+
+import { UserModel } from '@/database/models/user';
+import { type UserItem, account, session } from '@/database/schemas';
+import { pino } from '@/libs/logger';
+
+export class WebhookUserService {
+  private db: LobeChatDatabase;
+
+  constructor(db: LobeChatDatabase) {
+    this.db = db;
+  }
+
+  /**
+   * Find user by provider account info
+   */
+  private getUserByAccount = async ({
+    providerId,
+    accountId,
+  }: {
+    accountId: string;
+    providerId: string;
+  }) => {
+    const result = await this.db.query.account.findFirst({
+      where: and(eq(account.providerId, providerId), eq(account.accountId, accountId)),
+    });
+
+    if (!result) return null;
+
+    return this.db.query.users.findFirst({
+      where: eq(account.userId, result.userId),
+    });
+  };
+
+  /**
+   * Safely update user data from webhook
+   */
+  safeUpdateUser = async (
+    { accountId, providerId }: { accountId: string; providerId: string },
+    data: Partial<UserItem>,
+  ) => {
+    pino.info(`updating user "${JSON.stringify({ accountId, providerId })}" due to webhook`);
+
+    const user = await this.getUserByAccount({ accountId, providerId });
+
+    if (user?.id) {
+      const userModel = new UserModel(this.db, user.id);
+      await userModel.updateUser({
+        avatar: data?.avatar,
+        email: data?.email,
+        fullName: data?.fullName,
+      });
+    } else {
+      pino.warn(
+        `[${providerId}]: Webhook user "${JSON.stringify({ accountId, providerId })}" update for "${JSON.stringify(data)}", but no user was found.`,
+      );
+    }
+
+    return NextResponse.json({ message: 'user updated', success: true }, { status: 200 });
+  };
+
+  /**
+   * Safely sign out user (delete all sessions)
+   */
+  safeSignOutUser = async ({
+    accountId,
+    providerId,
+  }: {
+    accountId: string;
+    providerId: string;
+  }) => {
+    pino.info(`Signing out user "${JSON.stringify({ accountId, providerId })}"`);
+
+    const user = await this.getUserByAccount({ accountId, providerId });
+
+    if (user?.id) {
+      await this.db.delete(session).where(eq(session.userId, user.id));
+    } else {
+      pino.warn(
+        `[${providerId}]: Webhook user "${JSON.stringify({ accountId, providerId })}" signout, but no user was found.`,
+      );
+    }
+
+    return NextResponse.json({ message: 'user signed out', success: true }, { status: 200 });
+  };
+}

package/src/services/user/index.test.ts

@@ -8,7 +8,6 @@ const mockLambdaClient = vi.hoisted(() => ({
     getUserRegistrationDuration: { query: vi.fn() },
     getUserState: { query: vi.fn() },
     getUserSSOProviders: { query: vi.fn() },
-    unlinkSSOProvider: { mutate: vi.fn() },
     makeUserOnboarded: { mutate: vi.fn() },
     updateAvatar: { mutate: vi.fn() },
     updateFullName: { mutate: vi.fn() },
@@ -64,19 +63,6 @@ describe('UserService', () => {
     });
   });
 
-  describe('unlinkSSOProvider', () => {
-    it('should call lambdaClient.user.unlinkSSOProvider.mutate with correct params', async () => {
-      mockLambdaClient.user.unlinkSSOProvider.mutate.mockResolvedValueOnce({ success: true });
-
-      await userService.unlinkSSOProvider('github', 'account-123');
-
-      expect(mockLambdaClient.user.unlinkSSOProvider.mutate).toHaveBeenCalledWith({
-        provider: 'github',
-        providerAccountId: 'account-123',
-      });
-    });
-  });
-
   describe('makeUserOnboarded', () => {
     it('should call lambdaClient.user.makeUserOnboarded.mutate', async () => {
       mockLambdaClient.user.makeUserOnboarded.mutate.mockResolvedValueOnce({ success: true });

package/src/services/user/index.ts

@@ -27,10 +27,6 @@ export class UserService {
     return lambdaClient.user.getUserSSOProviders.query();
   };
 
-  unlinkSSOProvider = async (provider: string, providerAccountId: string) => {
-    return lambdaClient.user.unlinkSSOProvider.mutate({ provider, providerAccountId });
-  };
-
   makeUserOnboarded = async () => {
     return lambdaClient.user.makeUserOnboarded.mutate();
   };