@lobehub/lobehub 2.0.0-next.355 → 2.0.0-next.356

package/src/app/[variants]/(auth)/next-auth/signin/AuthSignInBox.tsx

@@ -1,167 +0,0 @@
-'use client';
-
-import { BRANDING_NAME } from '@lobechat/business-const';
-import { DOCUMENTS_REFER_URL, PRIVACY_URL, TERMS_URL } from '@lobechat/const';
-import { Button, Skeleton, Text } from '@lobehub/ui';
-import { LobeHub } from '@lobehub/ui/brand';
-import { Col, Flex, Row } from 'antd';
-import { createStaticStyles } from 'antd-style';
-import { AuthError } from 'next-auth';
-import { signIn } from 'next-auth/react';
-import { useRouter, useSearchParams } from '@/libs/next/navigation';
-import { memo, useState } from 'react';
-import { useTranslation } from 'react-i18next';
-
-import BrandWatermark from '@/components/BrandWatermark';
-import AuthIcons from '@/components/NextAuth/AuthIcons';
-import { useUserStore } from '@/store/user';
-
-const styles = createStaticStyles(({ css, cssVar }) => ({
-  button: css`
-    text-transform: capitalize;
-  `,
-  container: css`
-    min-width: 360px;
-    border: 1px solid ${cssVar.colorBorder};
-    border-radius: ${cssVar.borderRadiusLG}px;
-    background: ${cssVar.colorBgContainer};
-  `,
-  contentCard: css`
-    padding-block: 2.5rem;
-    padding-inline: 2rem;
-  `,
-  description: css`
-    margin: 0;
-    color: ${cssVar.colorTextSecondary};
-  `,
-  footer: css`
-    padding: 1rem;
-    border-block-start: 1px solid ${cssVar.colorBorder};
-    border-radius: 0 0 8px 8px;
-
-    color: ${cssVar.colorTextDescription};
-
-    background: ${cssVar.colorBgElevated};
-  `,
-  text: css`
-    text-align: center;
-  `,
-  title: css`
-    margin: 0;
-    color: ${cssVar.colorTextHeading};
-  `,
-}));
-
-const BtnListLoading = memo(() => {
-  return (
-    <Flex gap={'small'} vertical>
-      <Skeleton.Button active style={{ minWidth: 300 }} />
-      <Skeleton.Button active style={{ minWidth: 300 }} />
-      <Skeleton.Button active style={{ minWidth: 300 }} />
-    </Flex>
-  );
-});
-
-/**
- * Follow the implementation from AuthJS official documentation,
- * but using client components.
- * ref: https://authjs.dev/guides/pages/signin
- */
-export default memo(() => {
-  const { t } = useTranslation('auth');
-  const { t: tCommon } = useTranslation('common');
-  const router = useRouter();
-  const [loadingProvider, setLoadingProvider] = useState<string | null>(null);
-
-  const oAuthSSOProviders = useUserStore((s) => s.oAuthSSOProviders);
-
-  const searchParams = useSearchParams();
-
-  // Redirect back to the page url, fallback to '/' if failed
-  const callbackUrl = searchParams.get('callbackUrl') ?? '/';
-
-  const handleSignIn = async (provider: string) => {
-    setLoadingProvider(provider);
-    try {
-      await signIn(provider, { redirectTo: callbackUrl });
-    } catch (error) {
-      setLoadingProvider(null);
-      // Signin can fail for a number of reasons, such as the user
-      // not existing, or the user not having the correct role.
-      // In some cases, you may want to redirect to a custom error
-      if (error instanceof AuthError) {
-        return router.push(`/next-auth/?error=${error.type}`);
-      }
-
-      // Otherwise if a redirects happens Next.js can handle it
-      // so you can just re-thrown the error and let Next.js handle it.
-      // Docs: https://nextjs.org/docs/app/api-reference/functions/redirect#server-component
-      throw error;
-    }
-  };
-
-  const footerBtns = [
-    { href: DOCUMENTS_REFER_URL, id: 0, label: tCommon('document') },
-    { href: PRIVACY_URL, id: 1, label: t('footer.privacy') },
-    { href: TERMS_URL, id: 2, label: t('footer.terms') },
-  ];
-
-  return (
-    <div className={styles.container}>
-      <div className={styles.contentCard}>
-        {/* Card Body */}
-        <Flex gap="large" vertical>
-          {/* Header */}
-          <div className={styles.text}>
-            <Text as={'h4'} className={styles.title}>
-              <div>
-                <LobeHub size={48} />
-              </div>
-              {t('signin.title')}
-            </Text>
-            <Text as={'p'} className={styles.description}>
-              {t('signin.subtitle', { appName: BRANDING_NAME })}
-            </Text>
-          </div>
-          {/* Content */}
-          <Flex gap="small" vertical>
-            {oAuthSSOProviders ? (
-              oAuthSSOProviders.map((provider) => (
-                <Button
-                  className={styles.button}
-                  icon={AuthIcons(provider, 16)}
-                  key={provider}
-                  loading={loadingProvider === provider}
-                  onClick={() => handleSignIn(provider)}
-                >
-                  {provider}
-                </Button>
-              ))
-            ) : (
-              <BtnListLoading />
-            )}
-          </Flex>
-        </Flex>
-      </div>
-      <div className={styles.footer}>
-        {/* Footer */}
-        <Row>
-          <Col span={12}>
-            <Flex justify="left" style={{ height: '100%' }}>
-              <BrandWatermark />
-            </Flex>
-          </Col>
-          <Col offset={4} span={8}>
-            <Flex justify="right">
-              {footerBtns.map((btn) => (
-                <Button key={btn.id} onClick={() => router.push(btn.href)} size="small" type="text">
-                  {btn.label}
-                </Button>
-              ))}
-            </Flex>
-          </Col>
-        </Row>
-      </div>
-    </div>
-  );
-});

package/src/app/[variants]/(auth)/next-auth/signin/page.tsx

@@ -1,11 +0,0 @@
-import { Suspense } from 'react';
-
-import Loading from '@/components/Loading/BrandTextLoading';
-
-import AuthSignInBox from './AuthSignInBox';
-
-export default () => (
-  <Suspense fallback={<Loading debugId="Auth > SignIn" />}>
-    <AuthSignInBox />
-  </Suspense>
-);

package/src/app/[variants]/(auth)/reset-password/layout.tsx

@@ -1,12 +0,0 @@
-import { notFound } from '@/libs/next/navigation';
-import { type PropsWithChildren } from 'react';
-
-import { enableBetterAuth } from '@/envs/auth';
-
-const Layout = ({ children }: PropsWithChildren) => {
-  if (!enableBetterAuth) return notFound();
-
-  return children;
-};
-
-export default Layout;

package/src/app/[variants]/(auth)/signin/layout.tsx

@@ -1,12 +0,0 @@
-import { notFound } from '@/libs/next/navigation';
-import { type PropsWithChildren } from 'react';
-
-import { enableBetterAuth } from '@/envs/auth';
-
-const Layout = ({ children }: PropsWithChildren) => {
-  if (!enableBetterAuth) return notFound();
-
-  return children;
-};
-
-export default Layout;

package/src/app/[variants]/(auth)/verify-email/layout.tsx

@@ -1,12 +0,0 @@
-import { notFound } from '@/libs/next/navigation';
-import { type PropsWithChildren } from 'react';
-
-import { enableBetterAuth } from '@/envs/auth';
-
-const Layout = ({ children }: PropsWithChildren) => {
-  if (!enableBetterAuth) return notFound();
-
-  return children;
-};
-
-export default Layout;

package/src/envs/auth.test.ts

@@ -1,47 +0,0 @@
-import { afterEach, beforeEach, describe, expect, it } from 'vitest';
-
-import { getAuthConfig } from './auth';
-
-const ORIGINAL_ENV = { ...process.env };
-const ORIGINAL_WINDOW = globalThis.window;
-
-describe('getAuthConfig fallbacks', () => {
-  beforeEach(() => {
-    // reset env to a clean clone before each test
-    process.env = { ...ORIGINAL_ENV };
-    globalThis.window = ORIGINAL_WINDOW;
-  });
-
-  afterEach(() => {
-    process.env = { ...ORIGINAL_ENV };
-    globalThis.window = ORIGINAL_WINDOW;
-  });
-
-  it('should fall back to NEXT_AUTH_SSO_PROVIDERS when AUTH_SSO_PROVIDERS is empty string', () => {
-    process.env.AUTH_SSO_PROVIDERS = '';
-    process.env.NEXT_AUTH_SSO_PROVIDERS = 'logto,github';
-
-    // Simulate server runtime so @t3-oss/env treats this as server-side access
-    // (happy-dom sets window by default in Vitest)
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-expect-error - allow overriding for test
-    globalThis.window = undefined;
-
-    const config = getAuthConfig();
-
-    expect(config.AUTH_SSO_PROVIDERS).toBe('logto,github');
-  });
-
-  it('should fall back to NEXT_AUTH_SECRET when AUTH_SECRET is empty string', () => {
-    process.env.AUTH_SECRET = '';
-    process.env.NEXT_AUTH_SECRET = 'nextauth-secret';
-
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-expect-error - allow overriding for test
-    globalThis.window = undefined;
-
-    const config = getAuthConfig();
-
-    expect(config.AUTH_SECRET).toBe('nextauth-secret');
-  });
-});

package/src/layout/AuthProvider/NextAuth/UserUpdater.tsx

@@ -1,44 +0,0 @@
-'use client';
-
-import { useSession } from 'next-auth/react';
-import { memo, useEffect } from 'react';
-import { createStoreUpdater } from 'zustand-utils';
-
-import { useUserStore } from '@/store/user';
-import { type LobeUser } from '@/types/user';
-
-// update the user data into the context
-const UserUpdater = memo(() => {
-  const { data: session, status } = useSession();
-  const isLoaded = status !== 'loading';
-
-  const isSignedIn = (status === 'authenticated' && session && !!session.user) || false;
-
-  const nextUser = session?.user;
-  const useStoreUpdater = createStoreUpdater(useUserStore);
-
-  useStoreUpdater('isLoaded', isLoaded);
-  useStoreUpdater('isSignedIn', isSignedIn);
-  useStoreUpdater('nextSession', session!);
-
-  // 使用 useEffect 处理需要保持同步的用户数据
-  useEffect(() => {
-    if (nextUser) {
-      const userAvatar = useUserStore.getState().user?.avatar;
-
-      const lobeUser = {
-        // 头像使用设置的，而不是从 next-auth 中获取
-        avatar: userAvatar || '',
-        email: nextUser.email,
-        fullName: nextUser.name,
-        id: nextUser.id,
-      } as LobeUser;
-
-      // 更新用户相关数据
-      useUserStore.setState({ nextUser: nextUser, user: lobeUser });
-    }
-  }, [nextUser]);
-  return null;
-});
-
-export default UserUpdater;

package/src/layout/AuthProvider/NextAuth/index.tsx

@@ -1,17 +0,0 @@
-import { SessionProvider } from 'next-auth/react';
-import { type PropsWithChildren } from 'react';
-
-import { API_ENDPOINTS } from '@/services/_url';
-
-import UserUpdater from './UserUpdater';
-
-const NextAuth = ({ children }: PropsWithChildren) => {
-  return (
-    <SessionProvider basePath={API_ENDPOINTS.oauth}>
-      {children}
-      <UserUpdater />
-    </SessionProvider>
-  );
-};
-
-export default NextAuth;

package/src/libs/next-auth/adapter/index.ts

@@ -1,177 +0,0 @@
-import type {
-  AdapterAuthenticator,
-  AdapterSession,
-  AdapterUser,
-  VerificationToken,
-} from '@auth/core/adapters';
-import debug from 'debug';
-import { type Adapter, type AdapterAccount } from 'next-auth/adapters';
-import urlJoin from 'url-join';
-
-import { serverDBEnv } from '@/config/db';
-import { appEnv } from '@/envs/app';
-
-const log = debug('lobe-next-auth:adapter');
-
-interface BackendAdapterResponse {
-  data?: any;
-  error?: string;
-  success: boolean;
-}
-
-// Due to use direct HTTP Post, the date string cannot parse automatically
-export const dateKeys = ['expires', 'emailVerified'];
-
-/**
- * @description LobeNextAuthDbAdapter is implemented to handle the database operations for NextAuth
- * @returns {Adapter}
- */
-export function LobeNextAuthDbAdapter(): Adapter {
-  const baseUrl = appEnv.APP_URL;
-
-  // Ensure the baseUrl is set, otherwise throw an error
-  if (!baseUrl) {
-    throw new Error('LobeNextAuthDbAdapter: APP_URL is not set in environment variables');
-  }
-  const interactionUrl = urlJoin(baseUrl, '/api/auth/adapter');
-  log(`LobeNextAuthDbAdapter initialized with url: ${interactionUrl}`);
-
-  // Ensure serverDBEnv.KEY_VAULTS_SECRET is set, otherwise throw an error
-  if (!serverDBEnv.KEY_VAULTS_SECRET) {
-    throw new Error('LobeNextAuthDbAdapter: KEY_VAULTS_SECRET is not set in environment variables');
-  }
-
-  const fetcher = (action: string, data: any) =>
-    fetch(interactionUrl, {
-      body: JSON.stringify({ action, data }),
-      headers: {
-        'Authorization': `Bearer ${serverDBEnv.KEY_VAULTS_SECRET}`,
-        'Content-Type': 'application/json',
-      },
-      method: 'POST',
-    });
-  const postProcessor = async (res: Response) => {
-    const data = (await res.json()) as BackendAdapterResponse;
-    log('LobeNextAuthDbAdapter: postProcessor called with data:', data);
-    if (!data.success) {
-      log('LobeNextAuthDbAdapter: Error in postProcessor:');
-      log(data);
-      throw new Error(`LobeNextAuthDbAdapter: ${data.error}`);
-    }
-    if (data?.data) {
-      for (const key of dateKeys) {
-        if (data.data[key]) {
-          data.data[key] = new Date(data.data[key]);
-          continue;
-        }
-      }
-    }
-    return data.data;
-  };
-
-  return {
-    async createAuthenticator(authenticator): Promise<AdapterAuthenticator> {
-      const data = await fetcher('createAuthenticator', authenticator);
-      return await postProcessor(data);
-    },
-    async createSession(session): Promise<AdapterSession> {
-      const data = await fetcher('createSession', session);
-      return await postProcessor(data);
-    },
-    async createUser(user): Promise<AdapterUser> {
-      const data = await fetcher('createUser', user);
-      return await postProcessor(data);
-    },
-    async createVerificationToken(data): Promise<VerificationToken | null | undefined> {
-      const result = await fetcher('createVerificationToken', data);
-      return await postProcessor(result);
-    },
-    async deleteSession(sessionToken): Promise<AdapterSession | null | undefined> {
-      const result = await fetcher('deleteSession', sessionToken);
-      await postProcessor(result);
-      return;
-    },
-    async deleteUser(id): Promise<AdapterUser | null | undefined> {
-      const result = await fetcher('deleteUser', id);
-      await postProcessor(result);
-      return;
-    },
-
-    async getAccount(providerAccountId, provider): Promise<AdapterAccount | null> {
-      const data = await fetcher('getAccount', {
-        provider,
-        providerAccountId,
-      });
-      return await postProcessor(data);
-    },
-
-    async getAuthenticator(credentialID): Promise<AdapterAuthenticator | null> {
-      const result = await fetcher('getAuthenticator', credentialID);
-      return await postProcessor(result);
-    },
-
-    async getSessionAndUser(sessionToken): Promise<{
-      session: AdapterSession;
-      user: AdapterUser;
-    } | null> {
-      const result = await fetcher('getSessionAndUser', sessionToken);
-      return await postProcessor(result);
-    },
-
-    async getUser(id): Promise<AdapterUser | null> {
-      log('getUser called with id:', id);
-      const result = await fetcher('getUser', id);
-      return await postProcessor(result);
-    },
-
-    async getUserByAccount(account): Promise<AdapterUser | null> {
-      const data = await fetcher('getUserByAccount', account);
-      return await postProcessor(data);
-    },
-
-    async getUserByEmail(email): Promise<AdapterUser | null> {
-      const data = await fetcher('getUserByEmail', email);
-      return await postProcessor(data);
-    },
-
-    async linkAccount(data): Promise<AdapterAccount | null | undefined> {
-      const result = await fetcher('linkAccount', data);
-      return await postProcessor(result);
-    },
-
-    async listAuthenticatorsByUserId(userId): Promise<AdapterAuthenticator[]> {
-      const result = await fetcher('listAuthenticatorsByUserId', userId);
-      return await postProcessor(result);
-    },
-
-    // @ts-ignore: The return type is {Promise<void> | Awaitable<AdapterAccount | undefined>}
-    async unlinkAccount(account): Promise<void | AdapterAccount | undefined> {
-      const result = await fetcher('unlinkAccount', account);
-      await postProcessor(result);
-      return;
-    },
-
-    async updateAuthenticatorCounter(credentialID, counter): Promise<AdapterAuthenticator> {
-      const result = await fetcher('updateAuthenticatorCounter', {
-        counter,
-        credentialID,
-      });
-      return await postProcessor(result);
-    },
-
-    async updateSession(data): Promise<AdapterSession | null | undefined> {
-      const result = await fetcher('updateSession', data);
-      return await postProcessor(result);
-    },
-
-    async updateUser(user): Promise<AdapterUser> {
-      const result = await fetcher('updateUser', user);
-      return await postProcessor(result);
-    },
-
-    async useVerificationToken(identifier_token): Promise<VerificationToken | null> {
-      const result = await fetcher('useVerificationToken', identifier_token);
-      return await postProcessor(result);
-    },
-  };
-}

package/src/libs/next-auth/auth.config.ts

@@ -1,64 +0,0 @@
-import type { NextAuthConfig } from 'next-auth';
-
-import { getAuthConfig } from '@/envs/auth';
-
-import { LobeNextAuthDbAdapter } from './adapter';
-import { ssoProviders } from './sso-providers';
-
-const {
-  NEXT_AUTH_DEBUG,
-  NEXT_AUTH_SECRET,
-  NEXT_AUTH_SSO_SESSION_STRATEGY,
-  NEXT_AUTH_SSO_PROVIDERS,
-  NEXT_PUBLIC_ENABLE_NEXT_AUTH,
-} = getAuthConfig();
-
-export const initSSOProviders = () => {
-  return NEXT_PUBLIC_ENABLE_NEXT_AUTH
-    ? NEXT_AUTH_SSO_PROVIDERS.split(/[,，]/).map((provider) => {
-        const validProvider = ssoProviders.find((item) => item.id === provider.trim());
-
-        if (validProvider) return validProvider.provider;
-
-        throw new Error(`[NextAuth] provider ${provider} is not supported`);
-      })
-    : [];
-};
-
-// Notice this is only an object, not a full Auth.js instance
-export default {
-  adapter: NEXT_PUBLIC_ENABLE_NEXT_AUTH ? LobeNextAuthDbAdapter() : undefined,
-  callbacks: {
-    // Note: Data processing order of callback: authorize --> jwt --> session
-    async jwt({ token, user }) {
-      // ref: https://authjs.dev/guides/extending-the-session#with-jwt
-      if (user?.id) {
-        token.userId = user?.id;
-      }
-      return token;
-    },
-    async session({ session, token, user }) {
-      if (session.user) {
-        // ref: https://authjs.dev/guides/extending-the-session#with-database
-        if (user) {
-          session.user.id = user.id;
-        } else {
-          session.user.id = (token.userId ?? session.user.id) as string;
-        }
-      }
-      return session;
-    },
-  },
-  debug: NEXT_AUTH_DEBUG,
-  pages: {
-    error: '/next-auth/error',
-    signIn: '/next-auth/signin',
-  },
-  providers: initSSOProviders(),
-  secret: NEXT_AUTH_SECRET ?? process.env.AUTH_SECRET,
-  session: {
-    // Force use JWT if server service is disabled
-    strategy: NEXT_AUTH_SSO_SESSION_STRATEGY,
-  },
-  trustHost: process.env?.AUTH_TRUST_HOST ? process.env.AUTH_TRUST_HOST === 'true' : true,
-} satisfies NextAuthConfig;

package/src/libs/next-auth/index.ts

@@ -1,20 +0,0 @@
-import NextAuth from 'next-auth';
-
-import authConfig from './auth.config';
-
-/**
- * NextAuth initialization without Database adapter
- *
- * @note
- * We currently use `jwt` strategy for session management.
- * So you don't need to import `signIn` or `signOut` from
- * this module, just import from `next-auth` directly.
- *
- * Inside react component
- * @example
- * ```ts
- * import { signOut } from 'next-auth/react';
- * signOut();
- * ```
- */
-export default NextAuth(authConfig);

package/src/libs/next-auth/sso-providers/auth0.ts

@@ -1,24 +0,0 @@
-import Auth0 from 'next-auth/providers/auth0';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'auth0',
-  provider: Auth0({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    // all scopes in Auth0 ref: https://auth0.com/docs/get-started/apis/scopes/openid-connect-scopes#standard-claims
-    authorization: { params: { scope: 'openid email profile' } },
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        image: profile.picture,
-        name: profile.name,
-        providerAccountId: profile.sub,
-      };
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/authelia.ts

@@ -1,39 +0,0 @@
-import type { OIDCConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-export type AutheliaProfile = {
-  // The users display name
-  email: string;
-  // The users email
-  groups: string[];
-  // The username the user used to login with
-  name: string;
-  preferred_username: string; // The users groups
-  sub: string; // The users id
-};
-
-const provider = {
-  id: 'authelia',
-  provider: {
-    ...CommonProviderConfig,
-    authorization: { params: { scope: 'openid email profile' } },
-    checks: ['state', 'pkce'],
-    clientId: process.env.AUTH_AUTHELIA_ID,
-    clientSecret: process.env.AUTH_AUTHELIA_SECRET,
-    id: 'authelia',
-    issuer: process.env.AUTH_AUTHELIA_ISSUER,
-    name: 'Authelia',
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        name: profile.name,
-        providerAccountId: profile.sub,
-      };
-    },
-    type: 'oidc',
-  } satisfies OIDCConfig<AutheliaProfile>,
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/authentik.ts

@@ -1,25 +0,0 @@
-import Authentik from 'next-auth/providers/authentik';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'authentik',
-  provider: Authentik({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    // all scopes in Authentik ref: https://goauthentik.io/docs/providers/oauth2
-    authorization: { params: { scope: 'openid email profile' } },
-    // TODO(NextAuth): map unique user id to `providerAccountId` field
-    //  profile(profile) {
-    //   return {
-    //     email: profile.email,
-    //     image: profile.picture,
-    //     name: profile.name,
-    //     providerAccountId: profile.user_id,
-    //     id: profile.user_id,
-    //   };
-    // },
-  }),
-};
-
-export default provider;