@lobehub/lobehub 2.0.0-next.355 → 2.0.0-next.356

package/src/libs/next-auth/sso-providers/casdoor.ts

@@ -1,50 +0,0 @@
-import { type OIDCConfig, type OIDCUserConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-interface CasdoorProfile extends Record<string, any> {
-  avatar: string;
-  displayName: string;
-  email: string;
-  emailVerified: boolean;
-  firstName: string;
-  id: string;
-  lastName: string;
-  name: string;
-  owner: string;
-  permanentAvatar: string;
-}
-
-function LobeCasdoorProvider(config: OIDCUserConfig<CasdoorProfile>): OIDCConfig<CasdoorProfile> {
-  return {
-    ...CommonProviderConfig,
-    ...config,
-    id: 'casdoor',
-    name: 'Casdoor',
-    profile(profile) {
-      return {
-        email: profile.email,
-        emailVerified: profile.emailVerified ? new Date() : null,
-        id: profile.id,
-        image: profile.avatar,
-        name: profile.displayName ?? profile.firstName ?? profile.lastName,
-        providerAccountId: profile.id,
-      };
-    },
-    type: 'oidc',
-  };
-}
-
-const provider = {
-  id: 'casdoor',
-  provider: LobeCasdoorProvider({
-    authorization: {
-      params: { scope: 'openid profile email' },
-    },
-    clientId: process.env.AUTH_CASDOOR_ID,
-    clientSecret: process.env.AUTH_CASDOOR_SECRET,
-    issuer: process.env.AUTH_CASDOOR_ISSUER,
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/cloudflare-zero-trust.ts

@@ -1,34 +0,0 @@
-import type { OIDCConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-export type CloudflareZeroTrustProfile = {
-  email: string;
-  name: string;
-  sub: string;
-};
-
-const provider = {
-  id: 'cloudflare-zero-trust',
-  provider: {
-    ...CommonProviderConfig,
-    authorization: { params: { scope: 'openid email profile' } },
-    checks: ['state', 'pkce'],
-    clientId: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ID,
-    clientSecret: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_SECRET,
-    id: 'cloudflare-zero-trust',
-    issuer: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER,
-    name: 'Cloudflare Zero Trust',
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        name: profile.name ?? profile.email,
-        providerAccountId: profile.sub,
-      };
-    },
-    type: 'oidc',
-  } satisfies OIDCConfig<CloudflareZeroTrustProfile>,
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/cognito.ts

@@ -1,8 +0,0 @@
-import Cognito from 'next-auth/providers/cognito';
-
-const provider = {
-  id: 'cognito',
-  provider: Cognito({}),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/feishu.ts

@@ -1,83 +0,0 @@
-import { customFetch } from 'next-auth';
-import type { OAuthConfig } from 'next-auth/providers';
-
-interface FeishuProfile {
-  avatar_big: string;
-  avatar_middle: string;
-  avatar_thumb: string;
-  avatar_url: string;
-  en_name: string;
-  name: string;
-  open_id: string;
-  tenant_key: string;
-  union_id: string;
-}
-
-interface FeishuProfileResponse {
-  data: FeishuProfile;
-}
-
-function Feishu(): OAuthConfig<FeishuProfileResponse> {
-  return {
-    authorization: {
-      params: {
-        scope: '',
-      },
-      url: 'https://accounts.feishu.cn/open-apis/authen/v1/authorize',
-    },
-    checks: ['state'],
-    client: {
-      token_endpoint_auth_method: 'client_secret_post',
-    },
-    clientId: process.env.AUTH_FEISHU_APP_ID,
-    clientSecret: process.env.AUTH_FEISHU_APP_SECRET,
-    [customFetch]: (url, options = {}) => {
-      if (
-        url === 'https://open.feishu.cn/open-apis/authen/v2/oauth/token' &&
-        options.method === 'POST'
-      ) {
-        if (options?.headers) {
-          options.headers = {
-            ...options.headers,
-            'content-type': 'application/json; charset=utf-8',
-          };
-        } else {
-          options.headers = {
-            'content-type': 'application/json; charset=utf-8',
-          };
-        }
-
-        if (options.body instanceof URLSearchParams) {
-          options.body = JSON.stringify(Object.fromEntries(options.body));
-        }
-      }
-
-      return fetch(url, options);
-    },
-    id: 'feishu',
-    name: 'Feishu',
-    profile(profileResponse) {
-      const profile = profileResponse.data;
-
-      return {
-        id: profile.union_id,
-        image: profile.avatar_url,
-        name: profile.name,
-        providerAccountId: profile.union_id,
-      };
-    },
-    style: {
-      logo: 'https://p1-hera.feishucdn.com/tos-cn-i-jbbdkfciu3/268ec674a56a4510889f7f5ca14f1ba1~tplv-jbbdkfciu3-image:0:0.image',
-    },
-    token: 'https://open.feishu.cn/open-apis/authen/v2/oauth/token',
-    type: 'oauth',
-    userinfo: 'https://open.feishu.cn/open-apis/authen/v1/user_info',
-  };
-}
-
-const provider = {
-  id: 'feishu',
-  provider: Feishu(),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/generic-oidc.ts

@@ -1,38 +0,0 @@
-import type { OIDCConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-export type GenericOIDCProfile = {
-  email: string;
-  id?: string;
-  name?: string;
-  picture?: string;
-  sub: string;
-  username?: string;
-};
-
-const provider = {
-  id: 'generic-oidc',
-  provider: {
-    ...CommonProviderConfig,
-    authorization: { params: { scope: 'email openid profile' } },
-    checks: ['state', 'pkce'],
-    clientId: process.env.AUTH_GENERIC_OIDC_ID,
-    clientSecret: process.env.AUTH_GENERIC_OIDC_SECRET,
-    id: 'generic-oidc',
-    issuer: process.env.AUTH_GENERIC_OIDC_ISSUER,
-    name: 'Generic OIDC',
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        image: profile.picture,
-        name: profile.name ?? profile.username ?? profile.email,
-        providerAccountId: profile.sub,
-      };
-    },
-    type: 'oidc',
-  } satisfies OIDCConfig<GenericOIDCProfile>,
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/github.ts

@@ -1,23 +0,0 @@
-import GitHub from 'next-auth/providers/github';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'github',
-  provider: GitHub({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    authorization: { params: { scope: 'read:user user:email' } },
-    profile: (profile) => {
-      return {
-        email: profile.email,
-        id: profile.id.toString(),
-        image: profile.avatar_url,
-        name: profile.name,
-        providerAccountId: profile.id.toString(),
-      };
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/google.ts

@@ -1,18 +0,0 @@
-import Google from 'next-auth/providers/google';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'google',
-  provider: Google({
-    ...CommonProviderConfig,
-    authorization: {
-      params: {
-        scope:
-          'openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email openid',
-      },
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/index.ts

@@ -1,35 +0,0 @@
-import Auth0 from './auth0';
-import Authelia from './authelia';
-import Authentik from './authentik';
-import Casdoor from './casdoor';
-import CloudflareZeroTrust from './cloudflare-zero-trust';
-import Cognito from './cognito';
-import Feishu from './feishu';
-import GenericOIDC from './generic-oidc';
-import Github from './github';
-import Google from './google';
-import Keycloak from './keycloak';
-import Logto from './logto';
-import MicrosoftEntraID from './microsoft-entra-id';
-import Okta from './okta';
-import WeChat from './wechat';
-import Zitadel from './zitadel';
-
-export const ssoProviders = [
-  Auth0,
-  Authentik,
-  GenericOIDC,
-  Github,
-  Zitadel,
-  Authelia,
-  Logto,
-  CloudflareZeroTrust,
-  Casdoor,
-  MicrosoftEntraID,
-  WeChat,
-  Keycloak,
-  Google,
-  Cognito,
-  Okta,
-  Feishu,
-];

package/src/libs/next-auth/sso-providers/keycloak.ts

@@ -1,22 +0,0 @@
-import Keycloak from 'next-auth/providers/keycloak';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'keycloak',
-  provider: Keycloak({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    authorization: { params: { scope: 'openid email profile' } },
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        name: profile.name,
-        providerAccountId: profile.sub,
-      };
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/logto.ts

@@ -1,48 +0,0 @@
-import { type OIDCConfig, type OIDCUserConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-interface LogtoProfile extends Record<string, any> {
-  email: string;
-  id: string;
-  name?: string;
-  picture: string;
-  sub: string;
-  username: string;
-}
-
-function LobeLogtoProvider(config: OIDCUserConfig<LogtoProfile>): OIDCConfig<LogtoProfile> {
-  return {
-    ...CommonProviderConfig,
-    ...config,
-    id: 'logto',
-    name: 'Logto',
-    profile(profile) {
-      // You can customize the user profile mapping here
-      return {
-        email: profile.email,
-        id: profile.sub,
-        image: profile.picture,
-        name: profile.name ?? profile.username ?? profile.email,
-        providerAccountId: profile.sub,
-      };
-    },
-    type: 'oidc',
-  };
-}
-
-const provider = {
-  id: 'logto',
-  provider: LobeLogtoProvider({
-    authorization: {
-      params: { scope: 'openid offline_access profile email' },
-    },
-    // You can get the issuer value from the Logto Application Details page,
-    // in the field "Issuer endpoint"
-    clientId: process.env.AUTH_LOGTO_ID,
-    clientSecret: process.env.AUTH_LOGTO_SECRET,
-    issuer: process.env.AUTH_LOGTO_ISSUER,
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts

@@ -1,29 +0,0 @@
-import { authEnv } from '@/envs/auth';
-
-function getTenantId() {
-  return (
-    process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID ??
-    process.env.AUTH_AZURE_AD_TENANT_ID ??
-    authEnv.AZURE_AD_TENANT_ID
-  );
-}
-
-function getClientLoginBaseUrl() {
-  return process.env.AUTH_MICROSOFT_ENTRA_ID_BASE_URL ?? 'https://login.microsoftonline.com';
-}
-
-function getIssuer() {
-  const issuer = process.env.MICROSOFT_ENTRA_ID_ISSUER;
-  if (issuer) {
-    return issuer;
-  }
-  const tenantId = getTenantId();
-  if (tenantId) {
-    // refs: https://github.com/nextauthjs/next-auth/discussions/9154#discussioncomment-10583104
-    return `${getClientLoginBaseUrl()}/${tenantId}/v2.0`;
-  } else {
-    return undefined;
-  }
-}
-
-export { getIssuer as getMicrosoftEntraIdIssuer, getTenantId as getMicrosoftEntraIdTenantId };

package/src/libs/next-auth/sso-providers/microsoft-entra-id.ts

@@ -1,19 +0,0 @@
-import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';
-
-import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'microsoft-entra-id',
-  provider: MicrosoftEntraID({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
-    authorization: { params: { scope: 'openid email profile' } },
-    clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_AZURE_AD_ID,
-    clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
-    issuer: getMicrosoftEntraIdIssuer(),
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/okta.ts

@@ -1,22 +0,0 @@
-import Okta from 'next-auth/providers/okta';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'okta',
-  provider: Okta({
-    ...CommonProviderConfig,
-    authorization: { params: { scope: 'openid email profile' } },
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        image: profile.picture,
-        name: profile.name ?? profile.preferred_username,
-        providerAccountId: profile.sub,
-      };
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/sso.config.ts

@@ -1,8 +0,0 @@
-import { type OAuth2Config } from '@auth/core/providers';
-import type { Profile } from 'next-auth';
-
-export const CommonProviderConfig = {
-  // Auth.js does not allow email account linking by default cause it's dangerous
-  // ref: https://authjs.dev/reference/core/providers#allowdangerousemailaccountlinking
-  allowDangerousEmailAccountLinking: true,
-} satisfies Partial<OAuth2Config<Profile>>;

package/src/libs/next-auth/sso-providers/wechat.ts

@@ -1,36 +0,0 @@
-import WeChat, { type WeChatProfile } from '@auth/core/providers/wechat';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'wechat',
-  provider: WeChat({
-    ...CommonProviderConfig,
-    clientId: process.env.AUTH_WECHAT_ID,
-    clientSecret: process.env.AUTH_WECHAT_SECRET,
-    platformType: 'WebsiteApp',
-    profile: (profile: WeChatProfile) => {
-      return {
-        email: null,
-        id: profile.unionid,
-        image: profile.headimgurl,
-        name: profile.nickname,
-        providerAccountId: profile.unionid,
-      };
-    },
-    style: { bg: '#fff', logo: 'https://authjs.dev/img/providers/wechat.svg', text: '#000' },
-    token: {
-      async conform(response: Response) {
-        const data = await response.json();
-        console.log('wechat data:', data);
-        return new Response(JSON.stringify({ ...data, token_type: 'bearer' }), {
-          headers: { 'Content-Type': 'application/json' },
-        });
-      },
-      params: { appid: process.env.AUTH_WECHAT_ID, secret: process.env.AUTH_WECHAT_SECRET },
-      url: 'https://api.weixin.qq.com/sns/oauth2/access_token',
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/zitadel.ts

@@ -1,21 +0,0 @@
-import Zitadel from 'next-auth/providers/zitadel';
-
-const provider = {
-  id: 'zitadel',
-  provider: Zitadel({
-    // Available scopes in ZITADEL: https://zitadel.com/docs/apis/openidoauth/scopes
-    authorization: { params: { scope: 'openid email profile' } },
-    // TODO(NextAuth): map unique user id to `providerAccountId` field
-    // profile(profile) {
-    //   return {
-    //     email: profile.email,
-    //     image: profile.picture,
-    //     name: profile.name,
-    //     providerAccountId: profile.user_id,
-    //     id: profile.user_id,
-    //   };
-    // },
-  }),
-};
-
-export default provider;

package/src/libs/redis/upstash.test.ts

@@ -1,158 +0,0 @@
-// @vitest-environment node
-// NOTICE: here due to the reason we are using [`happy-dom`](https://github.com/lobehub/lobe-chat/blob/13753145557a9dede98b1f5489f93ac570ef2956/vitest.config.mts#L45)
-// for Vitest environment, and in fact that this is a known bug for happy-dom not including
-// Authorization header in fetch requests.
-//
-// Read more here: https://github.com/capricorn86/happy-dom/issues/1042#issuecomment-3585851354
-import { Buffer } from 'node:buffer';
-import { afterEach, describe, expect, it, vi } from 'vitest';
-
-import { UpstashConfig } from './types';
-
-const buildUpstashConfig = (): UpstashConfig | null => {
-  const url = process.env.UPSTASH_REDIS_REST_URL;
-  const token = process.env.UPSTASH_REDIS_REST_TOKEN;
-
-  if (!url || !token) return null;
-
-  return {
-    enabled: true,
-    prefix: process.env.REDIS_PREFIX ?? 'lobe-chat-test',
-    provider: 'upstash',
-    token,
-    url,
-  };
-};
-
-const loadUpstashProvider = async () => (await import('./upstash')).UpstashRedisProvider;
-
-const createMockedProvider = async () => {
-  const mocks = {
-    mockSet: vi.fn().mockResolvedValue('OK'),
-    mockGet: vi.fn().mockResolvedValue('mock-value'),
-    mockDel: vi.fn().mockResolvedValue(1),
-    mockSetex: vi.fn().mockResolvedValue('OK'),
-    mockMset: vi.fn().mockResolvedValue('OK'),
-    mockHset: vi.fn().mockResolvedValue(1),
-    mockHdel: vi.fn().mockResolvedValue(1),
-    mockHgetall: vi.fn().mockResolvedValue({ a: '1' }),
-    mockPing: vi.fn().mockResolvedValue('PONG'),
-    mockExists: vi.fn().mockResolvedValue(1),
-    mockExpire: vi.fn().mockResolvedValue(1),
-    mockTtl: vi.fn().mockResolvedValue(50),
-    mockIncr: vi.fn().mockResolvedValue(2),
-    mockDecr: vi.fn().mockResolvedValue(0),
-    mockMget: vi.fn().mockResolvedValue(['a', 'b']),
-    mockHget: vi.fn().mockResolvedValue('field'),
-  };
-
-  vi.resetModules();
-  vi.doMock('@upstash/redis', () => {
-    class FakeRedis {
-      constructor(public config: any) {}
-      ping = mocks.mockPing;
-      set = mocks.mockSet;
-      get = mocks.mockGet;
-      del = mocks.mockDel;
-      setex = mocks.mockSetex;
-      exists = mocks.mockExists;
-      expire = mocks.mockExpire;
-      ttl = mocks.mockTtl;
-      incr = mocks.mockIncr;
-      decr = mocks.mockDecr;
-      mget = mocks.mockMget;
-      mset = mocks.mockMset;
-      hget = mocks.mockHget;
-      hset = mocks.mockHset;
-      hdel = mocks.mockHdel;
-      hgetall = mocks.mockHgetall;
-    }
-
-    return { Redis: FakeRedis };
-  });
-
-  const UpstashRedisProvider = await loadUpstashProvider();
-  const provider = new UpstashRedisProvider({
-    enabled: true,
-    prefix: 'mock',
-    provider: 'upstash',
-    token: 'token',
-    url: 'https://example.upstash.io',
-  });
-
-  await provider.initialize();
-
-  return { mocks, provider };
-};
-
-const shouldSkipIntegration = (error: unknown) =>
-  error instanceof Error &&
-  ['ENOTFOUND', 'ECONNREFUSED', 'EAI_AGAIN', 'Connection is closed'].some((msg) =>
-    error.message.includes(msg),
-  );
-
-afterEach(() => {
-  vi.clearAllMocks();
-  vi.resetModules();
-  vi.unmock('@upstash/redis');
-});
-
-describe('integrated', (test) => {
-  const config = buildUpstashConfig();
-  if (!config) {
-    test.skip('UPSTASH_REDIS_REST_URL/TOKEN not provided; skip integrated upstash tests');
-    return;
-  }
-
-  it('set -> get -> del roundtrip', async () => {
-    vi.unmock('@upstash/redis');
-    vi.resetModules();
-
-    const UpstashRedisProvider = await loadUpstashProvider();
-    const provider = new UpstashRedisProvider(config);
-    try {
-      await provider.initialize();
-
-      const key = `upstash:test:${Date.now()}`;
-      await provider.set(key, 'value', { ex: 60 });
-      expect(await provider.get(key)).toBe('value');
-      expect(await provider.del(key)).toBe(1);
-    } catch (error) {
-      if (shouldSkipIntegration(error)) {
-        // Remote Upstash Redis unavailable in current environment; treat as skipped.
-        return;
-      }
-
-      throw error;
-    } finally {
-      await provider.disconnect();
-    }
-  });
-});
-
-describe('mocked', () => {
-  it('normalizes buffer keys to strings', async () => {
-    const { mocks, provider } = await createMockedProvider();
-
-    const bufKey = Buffer.from('buffer-key');
-    await provider.set(bufKey, 'value');
-    await provider.hset(bufKey, 'field', 'value');
-    await provider.del(bufKey);
-
-    expect(mocks.mockSet).toHaveBeenCalledWith('mock:buffer-key', 'value', undefined);
-    expect(mocks.mockHset).toHaveBeenCalledWith('mock:buffer-key', { field: 'value' });
-    expect(mocks.mockDel).toHaveBeenCalledWith('mock:buffer-key');
-  });
-
-  it('passes set options through to upstash client', async () => {
-    const { mocks, provider } = await createMockedProvider();
-
-    await provider.set('key', 'value', { ex: 10, nx: true, get: true });
-
-    expect(mocks.mockSet).toHaveBeenCalledWith('mock:key', 'value', {
-      ex: 10,
-      nx: true,
-      get: true,
-    });
-  });
-});