@lobehub/lobehub 2.0.0-next.355 → 2.0.0-next.357

package/src/layout/AuthProvider/NextAuth/UserUpdater.tsx

@@ -1,44 +0,0 @@
-'use client';
-
-import { useSession } from 'next-auth/react';
-import { memo, useEffect } from 'react';
-import { createStoreUpdater } from 'zustand-utils';
-
-import { useUserStore } from '@/store/user';
-import { type LobeUser } from '@/types/user';
-
-// update the user data into the context
-const UserUpdater = memo(() => {
-  const { data: session, status } = useSession();
-  const isLoaded = status !== 'loading';
-
-  const isSignedIn = (status === 'authenticated' && session && !!session.user) || false;
-
-  const nextUser = session?.user;
-  const useStoreUpdater = createStoreUpdater(useUserStore);
-
-  useStoreUpdater('isLoaded', isLoaded);
-  useStoreUpdater('isSignedIn', isSignedIn);
-  useStoreUpdater('nextSession', session!);
-
-  // 使用 useEffect 处理需要保持同步的用户数据
-  useEffect(() => {
-    if (nextUser) {
-      const userAvatar = useUserStore.getState().user?.avatar;
-
-      const lobeUser = {
-        // 头像使用设置的，而不是从 next-auth 中获取
-        avatar: userAvatar || '',
-        email: nextUser.email,
-        fullName: nextUser.name,
-        id: nextUser.id,
-      } as LobeUser;
-
-      // 更新用户相关数据
-      useUserStore.setState({ nextUser: nextUser, user: lobeUser });
-    }
-  }, [nextUser]);
-  return null;
-});
-
-export default UserUpdater;

package/src/layout/AuthProvider/NextAuth/index.tsx

@@ -1,17 +0,0 @@
-import { SessionProvider } from 'next-auth/react';
-import { type PropsWithChildren } from 'react';
-
-import { API_ENDPOINTS } from '@/services/_url';
-
-import UserUpdater from './UserUpdater';
-
-const NextAuth = ({ children }: PropsWithChildren) => {
-  return (
-    <SessionProvider basePath={API_ENDPOINTS.oauth}>
-      {children}
-      <UserUpdater />
-    </SessionProvider>
-  );
-};
-
-export default NextAuth;

package/src/libs/next-auth/adapter/index.ts

@@ -1,177 +0,0 @@
-import type {
-  AdapterAuthenticator,
-  AdapterSession,
-  AdapterUser,
-  VerificationToken,
-} from '@auth/core/adapters';
-import debug from 'debug';
-import { type Adapter, type AdapterAccount } from 'next-auth/adapters';
-import urlJoin from 'url-join';
-
-import { serverDBEnv } from '@/config/db';
-import { appEnv } from '@/envs/app';
-
-const log = debug('lobe-next-auth:adapter');
-
-interface BackendAdapterResponse {
-  data?: any;
-  error?: string;
-  success: boolean;
-}
-
-// Due to use direct HTTP Post, the date string cannot parse automatically
-export const dateKeys = ['expires', 'emailVerified'];
-
-/**
- * @description LobeNextAuthDbAdapter is implemented to handle the database operations for NextAuth
- * @returns {Adapter}
- */
-export function LobeNextAuthDbAdapter(): Adapter {
-  const baseUrl = appEnv.APP_URL;
-
-  // Ensure the baseUrl is set, otherwise throw an error
-  if (!baseUrl) {
-    throw new Error('LobeNextAuthDbAdapter: APP_URL is not set in environment variables');
-  }
-  const interactionUrl = urlJoin(baseUrl, '/api/auth/adapter');
-  log(`LobeNextAuthDbAdapter initialized with url: ${interactionUrl}`);
-
-  // Ensure serverDBEnv.KEY_VAULTS_SECRET is set, otherwise throw an error
-  if (!serverDBEnv.KEY_VAULTS_SECRET) {
-    throw new Error('LobeNextAuthDbAdapter: KEY_VAULTS_SECRET is not set in environment variables');
-  }
-
-  const fetcher = (action: string, data: any) =>
-    fetch(interactionUrl, {
-      body: JSON.stringify({ action, data }),
-      headers: {
-        'Authorization': `Bearer ${serverDBEnv.KEY_VAULTS_SECRET}`,
-        'Content-Type': 'application/json',
-      },
-      method: 'POST',
-    });
-  const postProcessor = async (res: Response) => {
-    const data = (await res.json()) as BackendAdapterResponse;
-    log('LobeNextAuthDbAdapter: postProcessor called with data:', data);
-    if (!data.success) {
-      log('LobeNextAuthDbAdapter: Error in postProcessor:');
-      log(data);
-      throw new Error(`LobeNextAuthDbAdapter: ${data.error}`);
-    }
-    if (data?.data) {
-      for (const key of dateKeys) {
-        if (data.data[key]) {
-          data.data[key] = new Date(data.data[key]);
-          continue;
-        }
-      }
-    }
-    return data.data;
-  };
-
-  return {
-    async createAuthenticator(authenticator): Promise<AdapterAuthenticator> {
-      const data = await fetcher('createAuthenticator', authenticator);
-      return await postProcessor(data);
-    },
-    async createSession(session): Promise<AdapterSession> {
-      const data = await fetcher('createSession', session);
-      return await postProcessor(data);
-    },
-    async createUser(user): Promise<AdapterUser> {
-      const data = await fetcher('createUser', user);
-      return await postProcessor(data);
-    },
-    async createVerificationToken(data): Promise<VerificationToken | null | undefined> {
-      const result = await fetcher('createVerificationToken', data);
-      return await postProcessor(result);
-    },
-    async deleteSession(sessionToken): Promise<AdapterSession | null | undefined> {
-      const result = await fetcher('deleteSession', sessionToken);
-      await postProcessor(result);
-      return;
-    },
-    async deleteUser(id): Promise<AdapterUser | null | undefined> {
-      const result = await fetcher('deleteUser', id);
-      await postProcessor(result);
-      return;
-    },
-
-    async getAccount(providerAccountId, provider): Promise<AdapterAccount | null> {
-      const data = await fetcher('getAccount', {
-        provider,
-        providerAccountId,
-      });
-      return await postProcessor(data);
-    },
-
-    async getAuthenticator(credentialID): Promise<AdapterAuthenticator | null> {
-      const result = await fetcher('getAuthenticator', credentialID);
-      return await postProcessor(result);
-    },
-
-    async getSessionAndUser(sessionToken): Promise<{
-      session: AdapterSession;
-      user: AdapterUser;
-    } | null> {
-      const result = await fetcher('getSessionAndUser', sessionToken);
-      return await postProcessor(result);
-    },
-
-    async getUser(id): Promise<AdapterUser | null> {
-      log('getUser called with id:', id);
-      const result = await fetcher('getUser', id);
-      return await postProcessor(result);
-    },
-
-    async getUserByAccount(account): Promise<AdapterUser | null> {
-      const data = await fetcher('getUserByAccount', account);
-      return await postProcessor(data);
-    },
-
-    async getUserByEmail(email): Promise<AdapterUser | null> {
-      const data = await fetcher('getUserByEmail', email);
-      return await postProcessor(data);
-    },
-
-    async linkAccount(data): Promise<AdapterAccount | null | undefined> {
-      const result = await fetcher('linkAccount', data);
-      return await postProcessor(result);
-    },
-
-    async listAuthenticatorsByUserId(userId): Promise<AdapterAuthenticator[]> {
-      const result = await fetcher('listAuthenticatorsByUserId', userId);
-      return await postProcessor(result);
-    },
-
-    // @ts-ignore: The return type is {Promise<void> | Awaitable<AdapterAccount | undefined>}
-    async unlinkAccount(account): Promise<void | AdapterAccount | undefined> {
-      const result = await fetcher('unlinkAccount', account);
-      await postProcessor(result);
-      return;
-    },
-
-    async updateAuthenticatorCounter(credentialID, counter): Promise<AdapterAuthenticator> {
-      const result = await fetcher('updateAuthenticatorCounter', {
-        counter,
-        credentialID,
-      });
-      return await postProcessor(result);
-    },
-
-    async updateSession(data): Promise<AdapterSession | null | undefined> {
-      const result = await fetcher('updateSession', data);
-      return await postProcessor(result);
-    },
-
-    async updateUser(user): Promise<AdapterUser> {
-      const result = await fetcher('updateUser', user);
-      return await postProcessor(result);
-    },
-
-    async useVerificationToken(identifier_token): Promise<VerificationToken | null> {
-      const result = await fetcher('useVerificationToken', identifier_token);
-      return await postProcessor(result);
-    },
-  };
-}

package/src/libs/next-auth/auth.config.ts

@@ -1,64 +0,0 @@
-import type { NextAuthConfig } from 'next-auth';
-
-import { getAuthConfig } from '@/envs/auth';
-
-import { LobeNextAuthDbAdapter } from './adapter';
-import { ssoProviders } from './sso-providers';
-
-const {
-  NEXT_AUTH_DEBUG,
-  NEXT_AUTH_SECRET,
-  NEXT_AUTH_SSO_SESSION_STRATEGY,
-  NEXT_AUTH_SSO_PROVIDERS,
-  NEXT_PUBLIC_ENABLE_NEXT_AUTH,
-} = getAuthConfig();
-
-export const initSSOProviders = () => {
-  return NEXT_PUBLIC_ENABLE_NEXT_AUTH
-    ? NEXT_AUTH_SSO_PROVIDERS.split(/[,，]/).map((provider) => {
-        const validProvider = ssoProviders.find((item) => item.id === provider.trim());
-
-        if (validProvider) return validProvider.provider;
-
-        throw new Error(`[NextAuth] provider ${provider} is not supported`);
-      })
-    : [];
-};
-
-// Notice this is only an object, not a full Auth.js instance
-export default {
-  adapter: NEXT_PUBLIC_ENABLE_NEXT_AUTH ? LobeNextAuthDbAdapter() : undefined,
-  callbacks: {
-    // Note: Data processing order of callback: authorize --> jwt --> session
-    async jwt({ token, user }) {
-      // ref: https://authjs.dev/guides/extending-the-session#with-jwt
-      if (user?.id) {
-        token.userId = user?.id;
-      }
-      return token;
-    },
-    async session({ session, token, user }) {
-      if (session.user) {
-        // ref: https://authjs.dev/guides/extending-the-session#with-database
-        if (user) {
-          session.user.id = user.id;
-        } else {
-          session.user.id = (token.userId ?? session.user.id) as string;
-        }
-      }
-      return session;
-    },
-  },
-  debug: NEXT_AUTH_DEBUG,
-  pages: {
-    error: '/next-auth/error',
-    signIn: '/next-auth/signin',
-  },
-  providers: initSSOProviders(),
-  secret: NEXT_AUTH_SECRET ?? process.env.AUTH_SECRET,
-  session: {
-    // Force use JWT if server service is disabled
-    strategy: NEXT_AUTH_SSO_SESSION_STRATEGY,
-  },
-  trustHost: process.env?.AUTH_TRUST_HOST ? process.env.AUTH_TRUST_HOST === 'true' : true,
-} satisfies NextAuthConfig;

package/src/libs/next-auth/index.ts

@@ -1,20 +0,0 @@
-import NextAuth from 'next-auth';
-
-import authConfig from './auth.config';
-
-/**
- * NextAuth initialization without Database adapter
- *
- * @note
- * We currently use `jwt` strategy for session management.
- * So you don't need to import `signIn` or `signOut` from
- * this module, just import from `next-auth` directly.
- *
- * Inside react component
- * @example
- * ```ts
- * import { signOut } from 'next-auth/react';
- * signOut();
- * ```
- */
-export default NextAuth(authConfig);

package/src/libs/next-auth/sso-providers/auth0.ts

@@ -1,24 +0,0 @@
-import Auth0 from 'next-auth/providers/auth0';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'auth0',
-  provider: Auth0({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    // all scopes in Auth0 ref: https://auth0.com/docs/get-started/apis/scopes/openid-connect-scopes#standard-claims
-    authorization: { params: { scope: 'openid email profile' } },
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        image: profile.picture,
-        name: profile.name,
-        providerAccountId: profile.sub,
-      };
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/authelia.ts

@@ -1,39 +0,0 @@
-import type { OIDCConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-export type AutheliaProfile = {
-  // The users display name
-  email: string;
-  // The users email
-  groups: string[];
-  // The username the user used to login with
-  name: string;
-  preferred_username: string; // The users groups
-  sub: string; // The users id
-};
-
-const provider = {
-  id: 'authelia',
-  provider: {
-    ...CommonProviderConfig,
-    authorization: { params: { scope: 'openid email profile' } },
-    checks: ['state', 'pkce'],
-    clientId: process.env.AUTH_AUTHELIA_ID,
-    clientSecret: process.env.AUTH_AUTHELIA_SECRET,
-    id: 'authelia',
-    issuer: process.env.AUTH_AUTHELIA_ISSUER,
-    name: 'Authelia',
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        name: profile.name,
-        providerAccountId: profile.sub,
-      };
-    },
-    type: 'oidc',
-  } satisfies OIDCConfig<AutheliaProfile>,
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/authentik.ts

@@ -1,25 +0,0 @@
-import Authentik from 'next-auth/providers/authentik';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'authentik',
-  provider: Authentik({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    // all scopes in Authentik ref: https://goauthentik.io/docs/providers/oauth2
-    authorization: { params: { scope: 'openid email profile' } },
-    // TODO(NextAuth): map unique user id to `providerAccountId` field
-    //  profile(profile) {
-    //   return {
-    //     email: profile.email,
-    //     image: profile.picture,
-    //     name: profile.name,
-    //     providerAccountId: profile.user_id,
-    //     id: profile.user_id,
-    //   };
-    // },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/casdoor.ts

@@ -1,50 +0,0 @@
-import { type OIDCConfig, type OIDCUserConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-interface CasdoorProfile extends Record<string, any> {
-  avatar: string;
-  displayName: string;
-  email: string;
-  emailVerified: boolean;
-  firstName: string;
-  id: string;
-  lastName: string;
-  name: string;
-  owner: string;
-  permanentAvatar: string;
-}
-
-function LobeCasdoorProvider(config: OIDCUserConfig<CasdoorProfile>): OIDCConfig<CasdoorProfile> {
-  return {
-    ...CommonProviderConfig,
-    ...config,
-    id: 'casdoor',
-    name: 'Casdoor',
-    profile(profile) {
-      return {
-        email: profile.email,
-        emailVerified: profile.emailVerified ? new Date() : null,
-        id: profile.id,
-        image: profile.avatar,
-        name: profile.displayName ?? profile.firstName ?? profile.lastName,
-        providerAccountId: profile.id,
-      };
-    },
-    type: 'oidc',
-  };
-}
-
-const provider = {
-  id: 'casdoor',
-  provider: LobeCasdoorProvider({
-    authorization: {
-      params: { scope: 'openid profile email' },
-    },
-    clientId: process.env.AUTH_CASDOOR_ID,
-    clientSecret: process.env.AUTH_CASDOOR_SECRET,
-    issuer: process.env.AUTH_CASDOOR_ISSUER,
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/cloudflare-zero-trust.ts

@@ -1,34 +0,0 @@
-import type { OIDCConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-export type CloudflareZeroTrustProfile = {
-  email: string;
-  name: string;
-  sub: string;
-};
-
-const provider = {
-  id: 'cloudflare-zero-trust',
-  provider: {
-    ...CommonProviderConfig,
-    authorization: { params: { scope: 'openid email profile' } },
-    checks: ['state', 'pkce'],
-    clientId: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ID,
-    clientSecret: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_SECRET,
-    id: 'cloudflare-zero-trust',
-    issuer: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER,
-    name: 'Cloudflare Zero Trust',
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        name: profile.name ?? profile.email,
-        providerAccountId: profile.sub,
-      };
-    },
-    type: 'oidc',
-  } satisfies OIDCConfig<CloudflareZeroTrustProfile>,
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/cognito.ts

@@ -1,8 +0,0 @@
-import Cognito from 'next-auth/providers/cognito';
-
-const provider = {
-  id: 'cognito',
-  provider: Cognito({}),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/feishu.ts

@@ -1,83 +0,0 @@
-import { customFetch } from 'next-auth';
-import type { OAuthConfig } from 'next-auth/providers';
-
-interface FeishuProfile {
-  avatar_big: string;
-  avatar_middle: string;
-  avatar_thumb: string;
-  avatar_url: string;
-  en_name: string;
-  name: string;
-  open_id: string;
-  tenant_key: string;
-  union_id: string;
-}
-
-interface FeishuProfileResponse {
-  data: FeishuProfile;
-}
-
-function Feishu(): OAuthConfig<FeishuProfileResponse> {
-  return {
-    authorization: {
-      params: {
-        scope: '',
-      },
-      url: 'https://accounts.feishu.cn/open-apis/authen/v1/authorize',
-    },
-    checks: ['state'],
-    client: {
-      token_endpoint_auth_method: 'client_secret_post',
-    },
-    clientId: process.env.AUTH_FEISHU_APP_ID,
-    clientSecret: process.env.AUTH_FEISHU_APP_SECRET,
-    [customFetch]: (url, options = {}) => {
-      if (
-        url === 'https://open.feishu.cn/open-apis/authen/v2/oauth/token' &&
-        options.method === 'POST'
-      ) {
-        if (options?.headers) {
-          options.headers = {
-            ...options.headers,
-            'content-type': 'application/json; charset=utf-8',
-          };
-        } else {
-          options.headers = {
-            'content-type': 'application/json; charset=utf-8',
-          };
-        }
-
-        if (options.body instanceof URLSearchParams) {
-          options.body = JSON.stringify(Object.fromEntries(options.body));
-        }
-      }
-
-      return fetch(url, options);
-    },
-    id: 'feishu',
-    name: 'Feishu',
-    profile(profileResponse) {
-      const profile = profileResponse.data;
-
-      return {
-        id: profile.union_id,
-        image: profile.avatar_url,
-        name: profile.name,
-        providerAccountId: profile.union_id,
-      };
-    },
-    style: {
-      logo: 'https://p1-hera.feishucdn.com/tos-cn-i-jbbdkfciu3/268ec674a56a4510889f7f5ca14f1ba1~tplv-jbbdkfciu3-image:0:0.image',
-    },
-    token: 'https://open.feishu.cn/open-apis/authen/v2/oauth/token',
-    type: 'oauth',
-    userinfo: 'https://open.feishu.cn/open-apis/authen/v1/user_info',
-  };
-}
-
-const provider = {
-  id: 'feishu',
-  provider: Feishu(),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/generic-oidc.ts

@@ -1,38 +0,0 @@
-import type { OIDCConfig } from '@auth/core/providers';
-
-import { CommonProviderConfig } from './sso.config';
-
-export type GenericOIDCProfile = {
-  email: string;
-  id?: string;
-  name?: string;
-  picture?: string;
-  sub: string;
-  username?: string;
-};
-
-const provider = {
-  id: 'generic-oidc',
-  provider: {
-    ...CommonProviderConfig,
-    authorization: { params: { scope: 'email openid profile' } },
-    checks: ['state', 'pkce'],
-    clientId: process.env.AUTH_GENERIC_OIDC_ID,
-    clientSecret: process.env.AUTH_GENERIC_OIDC_SECRET,
-    id: 'generic-oidc',
-    issuer: process.env.AUTH_GENERIC_OIDC_ISSUER,
-    name: 'Generic OIDC',
-    profile(profile) {
-      return {
-        email: profile.email,
-        id: profile.sub,
-        image: profile.picture,
-        name: profile.name ?? profile.username ?? profile.email,
-        providerAccountId: profile.sub,
-      };
-    },
-    type: 'oidc',
-  } satisfies OIDCConfig<GenericOIDCProfile>,
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/github.ts

@@ -1,23 +0,0 @@
-import GitHub from 'next-auth/providers/github';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'github',
-  provider: GitHub({
-    ...CommonProviderConfig,
-    // Specify auth scope, at least include 'openid email'
-    authorization: { params: { scope: 'read:user user:email' } },
-    profile: (profile) => {
-      return {
-        email: profile.email,
-        id: profile.id.toString(),
-        image: profile.avatar_url,
-        name: profile.name,
-        providerAccountId: profile.id.toString(),
-      };
-    },
-  }),
-};
-
-export default provider;

package/src/libs/next-auth/sso-providers/google.ts

@@ -1,18 +0,0 @@
-import Google from 'next-auth/providers/google';
-
-import { CommonProviderConfig } from './sso.config';
-
-const provider = {
-  id: 'google',
-  provider: Google({
-    ...CommonProviderConfig,
-    authorization: {
-      params: {
-        scope:
-          'openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email openid',
-      },
-    },
-  }),
-};
-
-export default provider;