@lobehub/lobehub 2.0.0-next.355 → 2.0.0-next.356

package/src/store/user/slices/auth/action.test.ts

@@ -15,29 +15,6 @@ vi.mock('@/libs/swr', async () => {
   };
 });
 
-// Use vi.hoisted to ensure variables exist before vi.mock factory executes
-const { enableNextAuth, enableBetterAuth } = vi.hoisted(() => ({
-  enableNextAuth: { value: false },
-  enableBetterAuth: { value: false },
-}));
-
-vi.mock('@/envs/auth', () => ({
-  get enableNextAuth() {
-    return enableNextAuth.value;
-  },
-  get enableBetterAuth() {
-    return enableBetterAuth.value;
-  },
-}));
-
-const mockUserService = vi.hoisted(() => ({
-  getUserSSOProviders: vi.fn().mockResolvedValue([]),
-}));
-
-vi.mock('@/services/user', () => ({
-  userService: mockUserService,
-}));
-
 const mockBetterAuthClient = vi.hoisted(() => ({
   listAccounts: vi.fn().mockResolvedValue({ data: [] }),
   accountInfo: vi.fn().mockResolvedValue({ data: { user: {} } }),
@@ -50,9 +27,6 @@ afterEach(() => {
   vi.restoreAllMocks();
   vi.clearAllMocks();
 
-  enableNextAuth.value = false;
-  enableBetterAuth.value = false;
-
   // Reset store state
   useUserStore.setState({
     isLoadedAuthProviders: false,
@@ -61,16 +35,6 @@ afterEach(() => {
   });
 });
 
-/**
- * Mock nextauth 库相关方法
- */
-vi.mock('next-auth/react', async () => {
-  return {
-    signIn: vi.fn(),
-    signOut: vi.fn(),
-  };
-});
-
 describe('createAuthSlice', () => {
   describe('refreshUserState', () => {
     it('should refresh user config', async () => {
@@ -85,64 +49,19 @@ describe('createAuthSlice', () => {
   });
 
   describe('logout', () => {
-    it('should call next-auth signOut when NextAuth is enabled', async () => {
-      enableNextAuth.value = true;
-
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.logout();
-      });
-
-      const { signOut } = await import('next-auth/react');
-
-      expect(signOut).toHaveBeenCalled();
-      enableNextAuth.value = false;
-    });
-
-    it('should not call next-auth signOut when NextAuth is disabled', async () => {
+    it('should call better-auth signOut', async () => {
       const { result } = renderHook(() => useUserStore());
 
       await act(async () => {
         await result.current.logout();
       });
 
-      const { signOut } = await import('next-auth/react');
-
-      expect(signOut).not.toHaveBeenCalled();
+      expect(mockBetterAuthClient.signOut).toHaveBeenCalled();
     });
   });
 
   describe('openLogin', () => {
-    it('should call next-auth signIn when NextAuth is enabled', async () => {
-      enableNextAuth.value = true;
-
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.openLogin();
-      });
-
-      const { signIn } = await import('next-auth/react');
-
-      expect(signIn).toHaveBeenCalled();
-      enableNextAuth.value = false;
-    });
-    it('should not call next-auth signIn when NextAuth is disabled', async () => {
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.openLogin();
-      });
-
-      const { signIn } = await import('next-auth/react');
-
-      expect(signIn).not.toHaveBeenCalled();
-    });
-
-    it('should redirect to signin page when BetterAuth is enabled', async () => {
-      enableBetterAuth.value = true;
-
+    it('should redirect to signin page', async () => {
       const originalLocation = window.location;
       Object.defineProperty(window, 'location', {
         configurable: true,
@@ -171,18 +90,15 @@ describe('createAuthSlice', () => {
       });
     });
 
-    it('should call signIn with single provider when only one OAuth provider available', async () => {
-      enableNextAuth.value = true;
-      useUserStore.setState({ oAuthSSOProviders: ['github'] });
-
+    it('should not redirect when already on signin page', async () => {
       const originalLocation = window.location;
       Object.defineProperty(window, 'location', {
         configurable: true,
         value: {
           ...originalLocation,
           href: '',
-          pathname: '/chat',
-          toString: () => 'http://localhost/chat',
+          pathname: '/signin',
+          toString: () => 'http://localhost/signin',
         },
         writable: true,
       });
@@ -193,9 +109,7 @@ describe('createAuthSlice', () => {
         await result.current.openLogin();
       });
 
-      const { signIn } = await import('next-auth/react');
-
-      expect(signIn).toHaveBeenCalledWith('github');
+      expect(window.location.href).toBe('');
 
       Object.defineProperty(window, 'location', {
         configurable: true,
@@ -215,29 +129,10 @@ describe('createAuthSlice', () => {
         await result.current.fetchAuthProviders();
       });
 
-      expect(mockUserService.getUserSSOProviders).not.toHaveBeenCalled();
-    });
-
-    it('should fetch providers from NextAuth when BetterAuth is disabled', async () => {
-      enableBetterAuth.value = false;
-      const mockProviders = [
-        { provider: 'github', email: 'test@example.com', providerAccountId: '123' },
-      ];
-      mockUserService.getUserSSOProviders.mockResolvedValueOnce(mockProviders);
-
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.fetchAuthProviders();
-      });
-
-      expect(mockUserService.getUserSSOProviders).toHaveBeenCalled();
-      expect(result.current.isLoadedAuthProviders).toBe(true);
-      expect(result.current.authProviders).toEqual(mockProviders);
+      expect(mockBetterAuthClient.listAccounts).not.toHaveBeenCalled();
     });
 
-    it('should fetch providers from BetterAuth when enabled', async () => {
-      enableBetterAuth.value = true;
+    it('should fetch providers from BetterAuth', async () => {
       mockBetterAuthClient.listAccounts.mockResolvedValueOnce({
         data: [
           { providerId: 'github', accountId: 'gh-123' },
@@ -260,8 +155,7 @@ describe('createAuthSlice', () => {
     });
 
     it('should handle fetch error gracefully', async () => {
-      enableBetterAuth.value = false;
-      mockUserService.getUserSSOProviders.mockRejectedValueOnce(new Error('Network error'));
+      mockBetterAuthClient.listAccounts.mockRejectedValueOnce(new Error('Network error'));
 
       const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
 
@@ -277,12 +171,13 @@ describe('createAuthSlice', () => {
   });
 
   describe('refreshAuthProviders', () => {
-    it('should refresh providers from NextAuth', async () => {
-      enableBetterAuth.value = false;
-      const mockProviders = [
-        { provider: 'google', email: 'user@gmail.com', providerAccountId: 'g-1' },
-      ];
-      mockUserService.getUserSSOProviders.mockResolvedValueOnce(mockProviders);
+    it('should refresh providers from BetterAuth', async () => {
+      mockBetterAuthClient.listAccounts.mockResolvedValueOnce({
+        data: [{ providerId: 'google', accountId: 'g-1' }],
+      });
+      mockBetterAuthClient.accountInfo.mockResolvedValueOnce({
+        data: { user: { email: 'user@gmail.com' } },
+      });
 
       const { result } = renderHook(() => useUserStore());
 
@@ -290,13 +185,14 @@ describe('createAuthSlice', () => {
         await result.current.refreshAuthProviders();
       });
 
-      expect(mockUserService.getUserSSOProviders).toHaveBeenCalled();
-      expect(result.current.authProviders).toEqual(mockProviders);
+      expect(mockBetterAuthClient.listAccounts).toHaveBeenCalled();
+      expect(result.current.authProviders).toEqual([
+        { provider: 'google', email: 'user@gmail.com', providerAccountId: 'g-1' },
+      ]);
     });
 
     it('should handle refresh error gracefully', async () => {
-      enableBetterAuth.value = false;
-      mockUserService.getUserSSOProviders.mockRejectedValueOnce(new Error('Refresh failed'));
+      mockBetterAuthClient.listAccounts.mockRejectedValueOnce(new Error('Refresh failed'));
 
       const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
 

package/src/store/user/slices/auth/action.ts

@@ -1,9 +1,6 @@
 import { type SSOProvider } from '@lobechat/types';
 import { type StateCreator } from 'zustand/vanilla';
 
-import { enableBetterAuth, enableNextAuth } from '@/envs/auth';
-import { userService } from '@/services/user';
-
 import type { UserStore } from '../../store';
 
 interface AuthProvidersData {
@@ -31,32 +28,26 @@ export interface UserAuthAction {
 }
 
 const fetchAuthProvidersData = async (): Promise<AuthProvidersData> => {
-  if (enableBetterAuth) {
-    const { accountInfo, listAccounts } = await import('@/libs/better-auth/auth-client');
-    const result = await listAccounts();
-    const accounts = result.data || [];
-    const hasPasswordAccount = accounts.some((account) => account.providerId === 'credential');
-    const providers = await Promise.all(
-      accounts
-        .filter((account) => account.providerId !== 'credential')
-        .map(async (account) => {
-          // In theory, the id_token could be decrypted from the accounts table, but I found that better-auth on GitHub does not save the id_token
-          const info = await accountInfo({
-            query: { accountId: account.accountId },
-          });
-          return {
-            email: info.data?.user?.email ?? undefined,
-            provider: account.providerId,
-            providerAccountId: account.accountId,
-          };
-        }),
-    );
-    return { hasPasswordAccount, providers };
-  }
-
-  // Fallback for NextAuth
-  const providers = await userService.getUserSSOProviders();
-  return { hasPasswordAccount: false, providers };
+  const { accountInfo, listAccounts } = await import('@/libs/better-auth/auth-client');
+  const result = await listAccounts();
+  const accounts = result.data || [];
+  const hasPasswordAccount = accounts.some((account) => account.providerId === 'credential');
+  const providers = await Promise.all(
+    accounts
+      .filter((account) => account.providerId !== 'credential')
+      .map(async (account) => {
+        // In theory, the id_token could be decrypted from the accounts table, but I found that better-auth on GitHub does not save the id_token
+        const info = await accountInfo({
+          query: { accountId: account.accountId },
+        });
+        return {
+          email: info.data?.user?.email ?? undefined,
+          provider: account.providerId,
+          providerAccountId: account.accountId,
+        };
+      }),
+  );
+  return { hasPasswordAccount, providers };
 };
 
 export const createAuthSlice: StateCreator<
@@ -78,50 +69,26 @@ export const createAuthSlice: StateCreator<
     }
   },
   logout: async () => {
-    if (enableBetterAuth) {
-      const { signOut } = await import('@/libs/better-auth/auth-client');
-      await signOut({
-        fetchOptions: {
-          onSuccess: () => {
-            // Use window.location.href to trigger a full page reload
-            // This ensures all client-side state (React, Zustand, cache) is cleared
-            window.location.href = '/signin';
-          },
+    const { signOut } = await import('@/libs/better-auth/auth-client');
+    await signOut({
+      fetchOptions: {
+        onSuccess: () => {
+          // Use window.location.href to trigger a full page reload
+          // This ensures all client-side state (React, Zustand, cache) is cleared
+          window.location.href = '/signin';
         },
-      });
-
-      return;
-    }
-
-    if (enableNextAuth) {
-      const { signOut } = await import('next-auth/react');
-      signOut();
-    }
+      },
+    });
   },
   openLogin: async () => {
-    // Skip if already on a Better Auth login page (/signin, /signup)
+    // Skip if already on a login page (/signin, /signup)
     const pathname = location.pathname;
     if (pathname.startsWith('/signin') || pathname.startsWith('/signup')) {
       return;
     }
 
-    if (enableBetterAuth) {
-      const currentUrl = location.toString();
-      window.location.href = `/signin?callbackUrl=${encodeURIComponent(currentUrl)}`;
-
-      return;
-    }
-
-    if (enableNextAuth) {
-      const { signIn } = await import('next-auth/react');
-      // Check if only one provider is available
-      const providers = get()?.oAuthSSOProviders;
-      if (providers && providers.length === 1) {
-        signIn(providers[0]);
-        return;
-      }
-      signIn();
-    }
+    const currentUrl = location.toString();
+    window.location.href = `/signin?callbackUrl=${encodeURIComponent(currentUrl)}`;
   },
   refreshAuthProviders: async () => {
     try {

package/src/store/user/slices/auth/initialState.ts

@@ -1,4 +1,3 @@
-import { type Session, type User } from '@auth/core/types';
 import { type SSOProvider } from '@lobechat/types';
 
 import { type LobeUser } from '@/types/user';
@@ -13,8 +12,6 @@ export interface UserAuthState {
   isLoadedAuthProviders?: boolean;
 
   isSignedIn?: boolean;
-  nextSession?: Session;
-  nextUser?: User;
   oAuthSSOProviders?: string[];
   user?: LobeUser;
 }

package/src/store/user/slices/auth/selectors.ts

@@ -1,7 +1,6 @@
 import { type LobeUser, type SSOProvider } from '@lobechat/types';
 import { t } from 'i18next';
 
-import { enableBetterAuth, enableNextAuth } from '@/envs/auth';
 import type { UserStore } from '@/store/user';
 
 const nickName = (s: UserStore) => {
@@ -37,6 +36,4 @@ export const authSelectors = {
   isLoadedAuthProviders: (s: UserStore) => s.isLoadedAuthProviders ?? false,
   isLogin: (s: UserStore) => s.isSignedIn,
   isLoginWithAuth: (s: UserStore) => s.isSignedIn,
-  isLoginWithBetterAuth: (s: UserStore): boolean => (s.isSignedIn && enableBetterAuth) || false,
-  isLoginWithNextAuth: (s: UserStore): boolean => (s.isSignedIn && !!enableNextAuth) || false,
 };

package/tests/setup.ts

@@ -24,6 +24,16 @@ vi.mock('@lobehub/analytics/react', () => ({
   }),
 }));
 
+// Global mock for @/auth to avoid better-auth validator module issue in tests
+// The validator package has ESM resolution issues in Vitest environment
+vi.mock('@/auth', () => ({
+  auth: {
+    api: {
+      getSession: vi.fn().mockResolvedValue(null),
+    },
+  },
+}));
+
 // node runtime
 if (typeof window === 'undefined') {
   // test with polyfill crypto

package/scripts/_shared/checkDeprecatedClerkEnv.js

@@ -1,42 +0,0 @@
-/**
- * Shared utility to check for deprecated Clerk environment variables.
- * Used by both prebuild.mts (build time) and startServer.js (Docker runtime).
- *
- * IMPORTANT: Keep this file as CommonJS (.js) for compatibility with startServer.js
- */
-
-const CLERK_MIGRATION_DOC_URL =
-  'https://lobehub.com/docs/self-hosting/advanced/auth/clerk-to-betterauth';
-
-const CLERK_ENV_VARS = [
-  'NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY',
-  'CLERK_SECRET_KEY',
-  'CLERK_WEBHOOK_SECRET',
-];
-
-/**
- * Check for deprecated Clerk environment variables and exit if found
- * @param {object} options
- * @param {string} [options.action='redeploy'] - Action hint in error message ('redeploy' or 'restart')
- */
-function checkDeprecatedClerkEnv(options = {}) {
-  const { action = 'redeploy' } = options;
-  const foundClerkEnvVars = CLERK_ENV_VARS.filter((envVar) => process.env[envVar]);
-
-  if (foundClerkEnvVars.length > 0) {
-    console.error('\n' + '═'.repeat(70));
-    console.error('❌ ERROR: Clerk authentication is no longer supported!');
-    console.error('═'.repeat(70));
-    console.error('\nDetected deprecated Clerk environment variables:');
-    for (const envVar of foundClerkEnvVars) {
-      console.error(`  • ${envVar}`);
-    }
-    console.error('\nClerk has been removed from LobeChat. Please migrate to Better Auth.');
-    console.error(`\n📖 Migration guide: ${CLERK_MIGRATION_DOC_URL}`);
-    console.error(`\nAfter migration, remove the Clerk environment variables and ${action}.`);
-    console.error('═'.repeat(70) + '\n');
-    process.exit(1);
-  }
-}
-
-module.exports = { checkDeprecatedClerkEnv };

package/src/app/(backend)/api/auth/adapter/route.ts

@@ -1,137 +0,0 @@
-import debug from 'debug';
-import { type NextRequest, NextResponse } from 'next/server';
-
-import { serverDBEnv } from '@/config/db';
-import { serverDB } from '@/database/server';
-import { dateKeys } from '@/libs/next-auth/adapter';
-import { NextAuthUserService } from '@/server/services/nextAuthUser';
-
-const log = debug('lobe-next-auth:api:auth:adapter');
-
-/**
- * @description Process the db query for the NextAuth adapter.
- * Returns the db query result directly and let NextAuth handle the raw results.
- * @returns {
- *  success: boolean; // Only return false if the database query fails or the action is invalid.
- *  data?: any;
- *  error?: string;
- * }
- */
-export async function POST(req: NextRequest) {
-  try {
-    // try validate the request
-    if (
-      !req.headers.get('Authorization') ||
-      req.headers.get('Authorization')?.trim() !== `Bearer ${serverDBEnv.KEY_VAULTS_SECRET}`
-    ) {
-      log('Unauthorized request, missing or invalid Authorization header');
-      return NextResponse.json({ error: 'Unauthorized', success: false }, { status: 401 });
-    }
-
-    // Parse the request body
-    const data = await req.json();
-    log('Received request data:', data);
-    // Preprocess
-    if (data?.data) {
-      for (const key of dateKeys) {
-        if (data?.data && data.data[key]) {
-          data.data[key] = new Date(data.data[key]);
-          continue;
-        }
-      }
-    }
-    const service = new NextAuthUserService(serverDB);
-    let result;
-    switch (data.action) {
-      case 'createAuthenticator': {
-        result = await service.createAuthenticator(data.data);
-        break;
-      }
-      case 'createSession': {
-        result = await service.createSession(data.data);
-        break;
-      }
-      case 'createUser': {
-        result = await service.createUser(data.data);
-        break;
-      }
-      case 'createVerificationToken': {
-        result = await service.createVerificationToken(data.data);
-        break;
-      }
-      case 'deleteSession': {
-        result = await service.deleteSession(data.data);
-        break;
-      }
-      case 'deleteUser': {
-        result = await service.deleteUser(data.data);
-        break;
-      }
-      case 'getAccount': {
-        result = await service.getAccount(data.data.providerAccountId, data.data.provider);
-        break;
-      }
-      case 'getAuthenticator': {
-        result = await service.getAuthenticator(data.data);
-        break;
-      }
-      case 'getSessionAndUser': {
-        result = await service.getSessionAndUser(data.data);
-        break;
-      }
-      case 'getUser': {
-        result = await service.getUser(data.data);
-        break;
-      }
-      case 'getUserByAccount': {
-        result = await service.getUserByAccount(data.data);
-        break;
-      }
-      case 'getUserByEmail': {
-        result = await service.getUserByEmail(data.data);
-        break;
-      }
-      case 'linkAccount': {
-        result = await service.linkAccount(data.data);
-        break;
-      }
-      case 'listAuthenticatorsByUserId': {
-        result = await service.listAuthenticatorsByUserId(data.data);
-        break;
-      }
-      case 'unlinkAccount': {
-        result = await service.unlinkAccount(data.data);
-        break;
-      }
-      case 'updateAuthenticatorCounter': {
-        result = await service.updateAuthenticatorCounter(
-          data.data.credentialID,
-          data.data.counter,
-        );
-        break;
-      }
-      case 'updateSession': {
-        result = await service.updateSession(data.data);
-        break;
-      }
-      case 'updateUser': {
-        result = await service.updateUser(data.data);
-        break;
-      }
-      case 'useVerificationToken': {
-        result = await service.useVerificationToken(data.data);
-        break;
-      }
-      default: {
-        return NextResponse.json({ error: 'Invalid action', success: false }, { status: 400 });
-      }
-    }
-    return NextResponse.json({ data: result, success: true });
-  } catch (error) {
-    log('Error processing request:');
-    log(error);
-    return NextResponse.json({ error, success: false }, { status: 400 });
-  }
-}
-
-export const runtime = 'nodejs';

package/src/app/[variants]/(auth)/next-auth/error/AuthErrorPage.tsx

@@ -1,40 +0,0 @@
-'use client';
-
-import { signIn } from 'next-auth/react';
-import { useSearchParams } from '@/libs/next/navigation';
-import { memo } from 'react';
-
-import ErrorCapture from '@/components/Error';
-
-enum ErrorEnum {
-  AccessDenied = 'AccessDenied',
-  Configuration = 'Configuration',
-  Default = 'Default',
-  Verification = 'Verification',
-}
-
-const errorMap = {
-  [ErrorEnum.Configuration]:
-    'Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details.',
-  [ErrorEnum.AccessDenied]:
-    'Access was denied. Visit https://authjs.dev/reference/core/errors#accessdenied for more details. ',
-  [ErrorEnum.Verification]:
-    'Verification error, visit https://authjs.dev/reference/core/errors#verification for more details.',
-  [ErrorEnum.Default]:
-    'There was a problem when trying to authenticate. Visit https://authjs.dev/reference/core/errors for more details.',
-};
-
-export default memo(() => {
-  const search = useSearchParams();
-  const error = search.get('error') as ErrorEnum;
-  const props = {
-    error: {
-      cause: error,
-      message: errorMap[error] || 'Unknown error type.',
-      name: 'NextAuth Error',
-    },
-    reset: () => signIn(undefined, { callbackUrl: '/' }),
-  };
-  console.log('[NextAuth] Error:', props.error);
-  return <ErrorCapture {...props} />;
-});

package/src/app/[variants]/(auth)/next-auth/error/page.tsx

@@ -1,11 +0,0 @@
-import { Suspense } from 'react';
-
-import Loading from '@/components/Loading/BrandTextLoading';
-
-import AuthErrorPage from './AuthErrorPage';
-
-export default () => (
-  <Suspense fallback={<Loading debugId="Auth > Error" />}>
-    <AuthErrorPage />
-  </Suspense>
-);