@lobehub/lobehub 2.0.0-next.355 → 2.0.0-next.357

package/src/libs/trpc/middleware/userAuth.ts

@@ -1,7 +1,5 @@
 import { TRPCError } from '@trpc/server';
 
-import { enableBetterAuth, enableNextAuth } from '@/envs/auth';
-
 import { trpc } from '../lambda/init';
 
 export const userAuth = trpc.middleware(async (opts) => {
@@ -9,11 +7,7 @@ export const userAuth = trpc.middleware(async (opts) => {
 
   // `ctx.user` is nullable
   if (!ctx.userId) {
-    if (enableBetterAuth) {
-      console.log('better auth: no session found in context');
-    } else if (enableNextAuth) {
-      console.log('next auth:', ctx.nextAuth);
-    }
+    console.log('better auth: no session found in context');
     throw new TRPCError({ code: 'UNAUTHORIZED' });
   }
 

package/src/libs/trusted-client/getSessionUser.ts

@@ -1,50 +1,30 @@
-import { enableBetterAuth, enableNextAuth } from '@/envs/auth';
+import { headers } from 'next/headers';
 
 import type { TrustedClientUserInfo } from './index';
 
 /**
  * Get user info from the current session for trusted client authentication
- * This works with different authentication providers (BetterAuth, NextAuth)
  *
  * @returns User info or undefined if not authenticated
  */
 export const getSessionUser = async (): Promise<TrustedClientUserInfo | undefined> => {
   try {
-    if (enableBetterAuth) {
-      const { headers } = await import('next/headers');
-      const { auth } = await import('@/auth');
-      const headersList = await headers();
-      const session = await auth.api.getSession({
-        headers: headersList,
-      });
-
-      if (!session?.user?.id || !session?.user?.email) {
-        return undefined;
-      }
-
-      return {
-        email: session.user.email,
-        name: session.user.name || undefined,
-        userId: session.user.id,
-      };
+    // Dynamic import to avoid validator ESM/CJS issue during sitemap generation
+    const { auth } = await import('@/auth');
+    const headersList = await headers();
+    const session = await auth.api.getSession({
+      headers: headersList,
+    });
+
+    if (!session?.user?.id || !session?.user?.email) {
+      return undefined;
     }
 
-    if (enableNextAuth) {
-      const { default: NextAuth } = await import('@/libs/next-auth');
-      const session = await NextAuth.auth();
-
-      if (!session?.user?.id || !session?.user?.email) {
-        return undefined;
-      }
-
-      return {
-        email: session.user.email,
-        name: session.user.name || undefined,
-        userId: session.user.id,
-      };
-    }
-
-    return undefined;
+    return {
+      email: session.user.email,
+      name: session.user.name || undefined,
+      userId: session.user.id,
+    };
   } catch {
     return undefined;
   }

package/src/server/globalConfig/index.ts

@@ -90,9 +90,7 @@ export const getServerGlobalConfig = async () => {
     memory: {
       userMemory: cleanObject(getPublicMemoryExtractionConfig()),
     },
-    oAuthSSOProviders: authEnv.NEXT_PUBLIC_ENABLE_BETTER_AUTH
-      ? getBetterAuthSSOProviders()
-      : authEnv.NEXT_AUTH_SSO_PROVIDERS.trim().split(/[,，]/),
+    oAuthSSOProviders: getBetterAuthSSOProviders(),
     systemAgent: parseSystemAgent(appEnv.SYSTEM_AGENT),
     telemetry: {
       langfuse: langfuseEnv.ENABLE_LANGFUSE,

package/src/server/routers/lambda/__tests__/user.test.ts

@@ -6,7 +6,6 @@ import { SessionModel } from '@/database/models/session';
 import { UserModel, UserNotFoundError } from '@/database/models/user';
 import { serverDB } from '@/database/server';
 import { KeyVaultsGateKeeper } from '@/server/modules/KeyVaultsEncrypt';
-import { NextAuthUserService } from '@/server/services/nextAuthUser';
 import { UserService } from '@/server/services/user';
 
 import { userRouter } from '../user';
@@ -22,11 +21,6 @@ vi.mock('@/database/models/user');
 vi.mock('@/server/modules/KeyVaultsEncrypt');
 vi.mock('@/server/modules/S3');
 vi.mock('@/server/services/user');
-vi.mock('@/server/services/nextAuthUser');
-vi.mock('@/envs/auth', () => ({
-  enableBetterAuth: false,
-  enableNextAuth: false,
-}));
 
 describe('userRouter', () => {
   const mockUserId = 'test-user-id';
@@ -122,7 +116,6 @@ describe('userRouter', () => {
         userId: mockUserId,
       });
     });
-
   });
 
   describe('makeUserOnboarded', () => {
@@ -140,47 +133,6 @@ describe('userRouter', () => {
     });
   });
 
-  describe('unlinkSSOProvider', () => {
-    it('should unlink SSO provider successfully', async () => {
-      const mockInput = {
-        provider: 'google',
-        providerAccountId: '123',
-      };
-
-      const mockAccount = {
-        userId: mockUserId,
-        provider: 'google',
-        providerAccountId: '123',
-        type: 'oauth',
-      };
-
-      vi.mocked(NextAuthUserService).mockReturnValue({
-        getAccount: vi.fn().mockResolvedValue(mockAccount),
-        unlinkAccount: vi.fn().mockResolvedValue(undefined),
-      } as any);
-
-      await expect(
-        userRouter.createCaller({ ...mockCtx }).unlinkSSOProvider(mockInput),
-      ).resolves.not.toThrow();
-    });
-
-    it('should throw error if account does not exist', async () => {
-      const mockInput = {
-        provider: 'google',
-        providerAccountId: '123',
-      };
-
-      vi.mocked(NextAuthUserService).mockReturnValue({
-        getAccount: vi.fn().mockResolvedValue(null),
-        unlinkAccount: vi.fn(),
-      } as any);
-
-      await expect(
-        userRouter.createCaller({ ...mockCtx }).unlinkSSOProvider(mockInput),
-      ).rejects.toThrow('The account does not exist');
-    });
-  });
-
   describe('updateSettings', () => {
     it('should update settings with encrypted key vaults', async () => {
       const mockSettings = {

package/src/server/routers/lambda/user.ts

@@ -1,6 +1,5 @@
 import { isDesktop } from '@lobechat/const';
 import {
-  NextAuthAccountSchame,
   Plans,
   UserGuideSchema,
   type UserInitializationState,
@@ -16,8 +15,8 @@ import { v4 as uuidv4 } from 'uuid';
 import { z } from 'zod';
 
 import {
-  getIsInviteCodeRequired,
   getIsInWaitList,
+  getIsInviteCodeRequired,
   getReferralStatus,
   getSubscriptionPlan,
 } from '@/business/server/user';
@@ -29,7 +28,6 @@ import { serverDatabase } from '@/libs/trpc/lambda/middleware';
 import { KeyVaultsGateKeeper } from '@/server/modules/KeyVaultsEncrypt';
 import { FileS3 } from '@/server/modules/S3';
 import { FileService } from '@/server/services/file';
-import { NextAuthUserService } from '@/server/services/nextAuthUser';
 
 const usernameSchema = z
   .string()
@@ -42,7 +40,6 @@ const userProcedure = authedProcedure.use(serverDatabase).use(async ({ ctx, next
     ctx: {
       fileService: new FileService(ctx.serverDB, ctx.userId),
       messageModel: new MessageModel(ctx.serverDB, ctx.userId),
-      nextAuthUserService: new NextAuthUserService(ctx.serverDB),
       sessionModel: new SessionModel(ctx.serverDB, ctx.userId),
       userModel: new UserModel(ctx.serverDB, ctx.userId),
     },
@@ -138,14 +135,6 @@ export const userRouter = router({
     return ctx.userModel.deleteSetting();
   }),
 
-  unlinkSSOProvider: userProcedure.input(NextAuthAccountSchame).mutation(async ({ ctx, input }) => {
-    const { provider, providerAccountId } = input;
-    const account = await ctx.nextAuthUserService.getAccount(providerAccountId, provider);
-    // The userId can either get from ctx.nextAuth?.id or ctx.userId
-    if (!account || account.userId !== ctx.userId) throw new Error('The account does not exist');
-    await ctx.nextAuthUserService.unlinkAccount({ provider, providerAccountId });
-  }),
-
   updateAvatar: userProcedure.input(z.string()).mutation(async ({ ctx, input }) => {
     // If it's Base64 data, need to upload to S3
     if (input.startsWith('data:image')) {

package/src/server/services/email/impls/nodemailer/index.ts

@@ -49,8 +49,8 @@ export class NodemailerImpl implements EmailServiceImpl {
   }
 
   async sendMail(payload: EmailPayload): Promise<EmailResponse> {
-    // Use SMTP_USER as default sender if not provided
-    const from = payload.from ?? emailEnv.SMTP_USER!;
+    // Use SMTP_FROM as default sender, fallback to SMTP_USER for backward compatibility
+    const from = payload.from ?? emailEnv.SMTP_FROM ?? emailEnv.SMTP_USER!;
 
     log('Sending email with payload: %o', {
       from,

package/src/server/services/webhookUser/index.ts

@@ -0,0 +1,88 @@
+import { type LobeChatDatabase } from '@lobechat/database';
+import { and, eq } from 'drizzle-orm';
+import { NextResponse } from 'next/server';
+
+import { UserModel } from '@/database/models/user';
+import { type UserItem, account, session } from '@/database/schemas';
+import { pino } from '@/libs/logger';
+
+export class WebhookUserService {
+  private db: LobeChatDatabase;
+
+  constructor(db: LobeChatDatabase) {
+    this.db = db;
+  }
+
+  /**
+   * Find user by provider account info
+   */
+  private getUserByAccount = async ({
+    providerId,
+    accountId,
+  }: {
+    accountId: string;
+    providerId: string;
+  }) => {
+    const result = await this.db.query.account.findFirst({
+      where: and(eq(account.providerId, providerId), eq(account.accountId, accountId)),
+    });
+
+    if (!result) return null;
+
+    return this.db.query.users.findFirst({
+      where: eq(account.userId, result.userId),
+    });
+  };
+
+  /**
+   * Safely update user data from webhook
+   */
+  safeUpdateUser = async (
+    { accountId, providerId }: { accountId: string; providerId: string },
+    data: Partial<UserItem>,
+  ) => {
+    pino.info(`updating user "${JSON.stringify({ accountId, providerId })}" due to webhook`);
+
+    const user = await this.getUserByAccount({ accountId, providerId });
+
+    if (user?.id) {
+      const userModel = new UserModel(this.db, user.id);
+      await userModel.updateUser({
+        avatar: data?.avatar,
+        email: data?.email,
+        fullName: data?.fullName,
+      });
+    } else {
+      pino.warn(
+        `[${providerId}]: Webhook user "${JSON.stringify({ accountId, providerId })}" update for "${JSON.stringify(data)}", but no user was found.`,
+      );
+    }
+
+    return NextResponse.json({ message: 'user updated', success: true }, { status: 200 });
+  };
+
+  /**
+   * Safely sign out user (delete all sessions)
+   */
+  safeSignOutUser = async ({
+    accountId,
+    providerId,
+  }: {
+    accountId: string;
+    providerId: string;
+  }) => {
+    pino.info(`Signing out user "${JSON.stringify({ accountId, providerId })}"`);
+
+    const user = await this.getUserByAccount({ accountId, providerId });
+
+    if (user?.id) {
+      await this.db.delete(session).where(eq(session.userId, user.id));
+    } else {
+      pino.warn(
+        `[${providerId}]: Webhook user "${JSON.stringify({ accountId, providerId })}" signout, but no user was found.`,
+      );
+    }
+
+    return NextResponse.json({ message: 'user signed out', success: true }, { status: 200 });
+  };
+}

package/src/services/user/index.test.ts

@@ -8,7 +8,6 @@ const mockLambdaClient = vi.hoisted(() => ({
     getUserRegistrationDuration: { query: vi.fn() },
     getUserState: { query: vi.fn() },
     getUserSSOProviders: { query: vi.fn() },
-    unlinkSSOProvider: { mutate: vi.fn() },
     makeUserOnboarded: { mutate: vi.fn() },
     updateAvatar: { mutate: vi.fn() },
     updateFullName: { mutate: vi.fn() },
@@ -64,19 +63,6 @@ describe('UserService', () => {
     });
   });
 
-  describe('unlinkSSOProvider', () => {
-    it('should call lambdaClient.user.unlinkSSOProvider.mutate with correct params', async () => {
-      mockLambdaClient.user.unlinkSSOProvider.mutate.mockResolvedValueOnce({ success: true });
-
-      await userService.unlinkSSOProvider('github', 'account-123');
-
-      expect(mockLambdaClient.user.unlinkSSOProvider.mutate).toHaveBeenCalledWith({
-        provider: 'github',
-        providerAccountId: 'account-123',
-      });
-    });
-  });
-
   describe('makeUserOnboarded', () => {
     it('should call lambdaClient.user.makeUserOnboarded.mutate', async () => {
       mockLambdaClient.user.makeUserOnboarded.mutate.mockResolvedValueOnce({ success: true });

package/src/services/user/index.ts

@@ -27,10 +27,6 @@ export class UserService {
     return lambdaClient.user.getUserSSOProviders.query();
   };
 
-  unlinkSSOProvider = async (provider: string, providerAccountId: string) => {
-    return lambdaClient.user.unlinkSSOProvider.mutate({ provider, providerAccountId });
-  };
-
   makeUserOnboarded = async () => {
     return lambdaClient.user.makeUserOnboarded.mutate();
   };

package/src/store/document/slices/document/action.ts

@@ -194,6 +194,7 @@ export const createDocumentSlice: StateCreator<
             // Check if this response is still for the current active document
             // This prevents race conditions when quickly switching between documents
             const currentActiveId = get().activeDocumentId;
+
             if (currentActiveId && currentActiveId !== documentId) {
               // User has already switched to another document, discard this stale response
               return;

package/src/store/user/slices/auth/action.test.ts

@@ -15,29 +15,6 @@ vi.mock('@/libs/swr', async () => {
   };
 });
 
-// Use vi.hoisted to ensure variables exist before vi.mock factory executes
-const { enableNextAuth, enableBetterAuth } = vi.hoisted(() => ({
-  enableNextAuth: { value: false },
-  enableBetterAuth: { value: false },
-}));
-
-vi.mock('@/envs/auth', () => ({
-  get enableNextAuth() {
-    return enableNextAuth.value;
-  },
-  get enableBetterAuth() {
-    return enableBetterAuth.value;
-  },
-}));
-
-const mockUserService = vi.hoisted(() => ({
-  getUserSSOProviders: vi.fn().mockResolvedValue([]),
-}));
-
-vi.mock('@/services/user', () => ({
-  userService: mockUserService,
-}));
-
 const mockBetterAuthClient = vi.hoisted(() => ({
   listAccounts: vi.fn().mockResolvedValue({ data: [] }),
   accountInfo: vi.fn().mockResolvedValue({ data: { user: {} } }),
@@ -50,9 +27,6 @@ afterEach(() => {
   vi.restoreAllMocks();
   vi.clearAllMocks();
 
-  enableNextAuth.value = false;
-  enableBetterAuth.value = false;
-
   // Reset store state
   useUserStore.setState({
     isLoadedAuthProviders: false,
@@ -61,16 +35,6 @@ afterEach(() => {
   });
 });
 
-/**
- * Mock nextauth 库相关方法
- */
-vi.mock('next-auth/react', async () => {
-  return {
-    signIn: vi.fn(),
-    signOut: vi.fn(),
-  };
-});
-
 describe('createAuthSlice', () => {
   describe('refreshUserState', () => {
     it('should refresh user config', async () => {
@@ -85,64 +49,19 @@ describe('createAuthSlice', () => {
   });
 
   describe('logout', () => {
-    it('should call next-auth signOut when NextAuth is enabled', async () => {
-      enableNextAuth.value = true;
-
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.logout();
-      });
-
-      const { signOut } = await import('next-auth/react');
-
-      expect(signOut).toHaveBeenCalled();
-      enableNextAuth.value = false;
-    });
-
-    it('should not call next-auth signOut when NextAuth is disabled', async () => {
+    it('should call better-auth signOut', async () => {
       const { result } = renderHook(() => useUserStore());
 
       await act(async () => {
         await result.current.logout();
       });
 
-      const { signOut } = await import('next-auth/react');
-
-      expect(signOut).not.toHaveBeenCalled();
+      expect(mockBetterAuthClient.signOut).toHaveBeenCalled();
     });
   });
 
   describe('openLogin', () => {
-    it('should call next-auth signIn when NextAuth is enabled', async () => {
-      enableNextAuth.value = true;
-
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.openLogin();
-      });
-
-      const { signIn } = await import('next-auth/react');
-
-      expect(signIn).toHaveBeenCalled();
-      enableNextAuth.value = false;
-    });
-    it('should not call next-auth signIn when NextAuth is disabled', async () => {
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.openLogin();
-      });
-
-      const { signIn } = await import('next-auth/react');
-
-      expect(signIn).not.toHaveBeenCalled();
-    });
-
-    it('should redirect to signin page when BetterAuth is enabled', async () => {
-      enableBetterAuth.value = true;
-
+    it('should redirect to signin page', async () => {
       const originalLocation = window.location;
       Object.defineProperty(window, 'location', {
         configurable: true,
@@ -171,18 +90,15 @@ describe('createAuthSlice', () => {
       });
     });
 
-    it('should call signIn with single provider when only one OAuth provider available', async () => {
-      enableNextAuth.value = true;
-      useUserStore.setState({ oAuthSSOProviders: ['github'] });
-
+    it('should not redirect when already on signin page', async () => {
       const originalLocation = window.location;
       Object.defineProperty(window, 'location', {
         configurable: true,
         value: {
           ...originalLocation,
           href: '',
-          pathname: '/chat',
-          toString: () => 'http://localhost/chat',
+          pathname: '/signin',
+          toString: () => 'http://localhost/signin',
         },
         writable: true,
       });
@@ -193,9 +109,7 @@ describe('createAuthSlice', () => {
         await result.current.openLogin();
       });
 
-      const { signIn } = await import('next-auth/react');
-
-      expect(signIn).toHaveBeenCalledWith('github');
+      expect(window.location.href).toBe('');
 
       Object.defineProperty(window, 'location', {
         configurable: true,
@@ -215,29 +129,10 @@ describe('createAuthSlice', () => {
         await result.current.fetchAuthProviders();
       });
 
-      expect(mockUserService.getUserSSOProviders).not.toHaveBeenCalled();
-    });
-
-    it('should fetch providers from NextAuth when BetterAuth is disabled', async () => {
-      enableBetterAuth.value = false;
-      const mockProviders = [
-        { provider: 'github', email: 'test@example.com', providerAccountId: '123' },
-      ];
-      mockUserService.getUserSSOProviders.mockResolvedValueOnce(mockProviders);
-
-      const { result } = renderHook(() => useUserStore());
-
-      await act(async () => {
-        await result.current.fetchAuthProviders();
-      });
-
-      expect(mockUserService.getUserSSOProviders).toHaveBeenCalled();
-      expect(result.current.isLoadedAuthProviders).toBe(true);
-      expect(result.current.authProviders).toEqual(mockProviders);
+      expect(mockBetterAuthClient.listAccounts).not.toHaveBeenCalled();
     });
 
-    it('should fetch providers from BetterAuth when enabled', async () => {
-      enableBetterAuth.value = true;
+    it('should fetch providers from BetterAuth', async () => {
       mockBetterAuthClient.listAccounts.mockResolvedValueOnce({
         data: [
           { providerId: 'github', accountId: 'gh-123' },
@@ -260,8 +155,7 @@ describe('createAuthSlice', () => {
     });
 
     it('should handle fetch error gracefully', async () => {
-      enableBetterAuth.value = false;
-      mockUserService.getUserSSOProviders.mockRejectedValueOnce(new Error('Network error'));
+      mockBetterAuthClient.listAccounts.mockRejectedValueOnce(new Error('Network error'));
 
       const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
 
@@ -277,12 +171,13 @@ describe('createAuthSlice', () => {
   });
 
   describe('refreshAuthProviders', () => {
-    it('should refresh providers from NextAuth', async () => {
-      enableBetterAuth.value = false;
-      const mockProviders = [
-        { provider: 'google', email: 'user@gmail.com', providerAccountId: 'g-1' },
-      ];
-      mockUserService.getUserSSOProviders.mockResolvedValueOnce(mockProviders);
+    it('should refresh providers from BetterAuth', async () => {
+      mockBetterAuthClient.listAccounts.mockResolvedValueOnce({
+        data: [{ providerId: 'google', accountId: 'g-1' }],
+      });
+      mockBetterAuthClient.accountInfo.mockResolvedValueOnce({
+        data: { user: { email: 'user@gmail.com' } },
+      });
 
       const { result } = renderHook(() => useUserStore());
 
@@ -290,13 +185,14 @@ describe('createAuthSlice', () => {
         await result.current.refreshAuthProviders();
       });
 
-      expect(mockUserService.getUserSSOProviders).toHaveBeenCalled();
-      expect(result.current.authProviders).toEqual(mockProviders);
+      expect(mockBetterAuthClient.listAccounts).toHaveBeenCalled();
+      expect(result.current.authProviders).toEqual([
+        { provider: 'google', email: 'user@gmail.com', providerAccountId: 'g-1' },
+      ]);
     });
 
     it('should handle refresh error gracefully', async () => {
-      enableBetterAuth.value = false;
-      mockUserService.getUserSSOProviders.mockRejectedValueOnce(new Error('Refresh failed'));
+      mockBetterAuthClient.listAccounts.mockRejectedValueOnce(new Error('Refresh failed'));
 
       const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});