npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.49 → 2.0.0-next.50 - Mend

@lobehub/lobehub 2.0.0-next.49 → 2.0.0-next.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/packages/context-engine/src/providers/ToolSystemRole.ts CHANGED Viewed

@@ -38,7 +38,7 @@ export class ToolSystemRoleProvider extends BaseProvider {
   protected async doProcess(context: PipelineContext): Promise<PipelineContext> {
     const clonedContext = this.cloneContext(context);
-    // 检查工具相关条件
+    // Check tool-related conditions
     const toolSystemRole = this.getToolSystemRole();
     if (!toolSystemRole) {
@@ -46,10 +46,10 @@ export class ToolSystemRoleProvider extends BaseProvider {
       return this.markAsExecuted(clonedContext);
     }
-    // 注入工具系统角色
+    // Inject tool system role
     this.injectToolSystemRole(clonedContext, toolSystemRole);
-    // 更新元数据
+    // Update metadata
     clonedContext.metadata.toolSystemRole = {
       contentLength: toolSystemRole.length,
       injected: true,
@@ -67,21 +67,21 @@ export class ToolSystemRoleProvider extends BaseProvider {
   private getToolSystemRole(): string | undefined {
     const { tools, model, provider } = this.config;
-    // 检查是否有工具
+    // Check if tools are available
     const hasTools = tools && tools.length > 0;
     if (!hasTools) {
       log('No available tools');
       return undefined;
     }
-    // 检查是否支持函数调用
+    // Check if function calling is supported
     const hasFC = this.config.isCanUseFC(model, provider);
     if (!hasFC) {
       log(`Model ${model} (${provider}) does not support function calling`);
       return undefined;
     }
-    // 获取工具系统角色
+    // Get tool system role
     const toolSystemRole = this.config.getToolSystemRoles(tools);
     if (!toolSystemRole) {
       log('Failed to get tool system role content');
@@ -98,7 +98,7 @@ export class ToolSystemRoleProvider extends BaseProvider {
     const existingSystemMessage = context.messages.find((msg) => msg.role === 'system');
     if (existingSystemMessage) {
-      // 合并到现有系统消息
+      // Merge to existing system message
       existingSystemMessage.content = [existingSystemMessage.content, toolSystemRole]
         .filter(Boolean)
         .join('\n\n');

package/packages/context-engine/src/tools/ToolsEngine.ts CHANGED Viewed

@@ -274,28 +274,28 @@ export class ToolsEngine {
   }
   /**
-   * 获取可用的插件列表（用于调试和监控）
+   * Get available plugin list (for debugging and monitoring)
    */
   getAvailablePlugins(): string[] {
     return Array.from(this.manifestSchemas.keys());
   }
   /**
-   * 检查特定插件是否可用
+   * Check if a specific plugin is available
    */
   hasPlugin(pluginId: string): boolean {
     return this.manifestSchemas.has(pluginId);
   }
   /**
-   * 获取插件的 manifest
+   * Get plugin manifest
    */
   getPluginManifest(pluginId: string): LobeToolManifest | undefined {
     return this.manifestSchemas.get(pluginId);
   }
   /**
-   * 更新插件 manifest schemas（用于动态添加插件）
+   * Update plugin manifest schemas (for dynamically adding plugins)
    */
   updateManifestSchemas(manifestSchemas: LobeToolManifest[]): void {
     this.manifestSchemas.clear();
@@ -305,21 +305,21 @@ export class ToolsEngine {
   }
   /**
-   * 添加单个插件 manifest
+   * Add a single plugin manifest
    */
   addPluginManifest(manifest: LobeToolManifest): void {
     this.manifestSchemas.set(manifest.identifier, manifest);
   }
   /**
-   * 移除插件 manifest
+   * Remove plugin manifest
    */
   removePluginManifest(pluginId: string): boolean {
     return this.manifestSchemas.delete(pluginId);
   }
   /**
-   * 获取所有 enabled plugin 的 Manifest Map
+   * Get Manifest Map of all enabled plugins
    */
   getEnabledPluginManifests(toolIds: string[] = []): Map<string, LobeToolManifest> {
     // Merge user-provided tool IDs with default tool IDs
@@ -341,7 +341,7 @@ export class ToolsEngine {
   }
   /**
-   * 获取所有插件的 Manifest Map
+   * Get Manifest Map of all plugins
    */
   getAllPluginManifests(): Map<string, LobeToolManifest> {
     return new Map(this.manifestSchemas);

package/packages/context-engine/src/types.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { UIChatMessage } from '@lobechat/types';
 /**
- * 智能体状态 - 从原项目类型推断
+ * Agent state - inferred from original project types
  */
 export interface AgentState {
   [key: string]: any;
@@ -13,7 +13,7 @@ export interface AgentState {
 }
 /**
- * 聊天图像项
+ * Chat image item
  */
 export interface ChatImageItem {
   alt?: string;
@@ -22,7 +22,7 @@ export interface ChatImageItem {
 }
 /**
- * 消息工具调用
+ * Message tool call
  */
 export interface MessageToolCall {
   function: {
@@ -39,72 +39,72 @@ export interface Message {
 }
 /**
- * 管道上下文 - 在管道中流动的核心数据结构
+ * Pipeline context - core data structure flowing through the pipeline
  */
 export interface PipelineContext {
-  /** 中止原因 */
+  /** Abort reason */
   abortReason?: string;
-  /** 不可变的输入状态 */
+  /** Immutable input state */
   readonly initialState: AgentState;
-  /** 允许处理器提前终止管道 */
+  /** Allow processors to terminate pipeline early */
   isAborted: boolean;
-  /** 正在构建的可变消息列表 */
+  /** Mutable message list being built */
   messages: Message[];
-  /** 处理器间通信的元数据 */
+  /** Metadata for communication between processors */
   metadata: {
-    /** 其他自定义元数据 */
+    /** Other custom metadata */
     [key: string]: any;
-    /** 当前 token 估算值 */
+    /** Current token count estimate */
     currentTokenCount?: number;
-    /** 最大 token 限制 */
+    /** Maximum token limit */
     maxTokens?: number;
-    /** 模型标识 */
+    /** Model identifier */
     model?: string;
   };
 }
 /**
- * 上下文处理器接口 - 管道中处理站的标准化接口
+ * Context processor interface - standardized interface for processing stations in the pipeline
  */
 export interface ContextProcessor {
-  /** 处理器名称，用于调试和日志 */
+  /** Processor name, used for debugging and logging */
   name: string;
-  /** 核心处理方法 */
+  /** Core processing method */
   process: (context: PipelineContext) => Promise<PipelineContext>;
 }
 /**
- * 处理器配置选项
+ * Processor configuration options
  */
 export interface ProcessorOptions {
-  /** 是否启用调试模式 */
+  /** Whether to enable debug mode */
   debug?: boolean;
-  /** 自定义日志函数 */
+  /** Custom logging function */
   logger?: (message: string, level?: 'info' | 'warn' | 'error') => void;
 }
 /**
- * 管道执行结果
+ * Pipeline execution result
  */
 export interface PipelineResult {
-  /** 中止原因 */
+  /** Abort reason */
   abortReason?: string;
-  /** 是否被中止 */
+  /** Whether aborted */
   isAborted: boolean;
-  /** 最终处理的消息 */
+  /** Final processed messages */
   messages: any[];
-  /** 处理过程中的元数据 */
+  /** Metadata from processing */
   metadata: Record<string, any>;
-  /** 执行统计 */
+  /** Execution statistics */
   stats: {
-    /** 处理的处理器数量 */
+    /** Number of processors processed */
     processedCount: number;
-    /** 各处理器执行时间 */
+    /** Execution time for each processor */
     processorDurations: Record<string, number>;
-    /** 总处理时间 */
+    /** Total processing time */
     totalDuration: number;
   };
 }
@@ -126,14 +126,14 @@ export type ProcessorTypeLegacy =
   | 'processor';
 /**
- * Token 计数器接口
+ * Token counter interface
  */
 export interface TokenCounter {
   count: (messages: UIChatMessage[] | string) => Promise<number>;
 }
 /**
- * 文件上下文信息
+ * File context information
  */
 export interface FileContext {
   addUrl?: boolean;
@@ -142,7 +142,7 @@ export interface FileContext {
 }
 /**
- * RAG 检索块
+ * RAG retrieval chunk
  */
 export interface RetrievalChunk {
   content: string;
@@ -152,7 +152,7 @@ export interface RetrievalChunk {
 }
 /**
- * RAG 上下文
+ * RAG context
  */
 export interface RAGContext {
   chunks: RetrievalChunk[];
@@ -161,7 +161,7 @@ export interface RAGContext {
 }
 /**
- * 模型能力
+ * Model capabilities
  */
 export interface ModelCapabilities {
   supportsFunctionCall: boolean;
@@ -171,7 +171,7 @@ export interface ModelCapabilities {
 }
 /**
- * 处理器错误
+ * Processor error
  */
 export class ProcessorError extends Error {
   constructor(
@@ -185,7 +185,7 @@ export class ProcessorError extends Error {
 }
 /**
- * 管道错误
+ * Pipeline error
  */
 export class PipelineError extends Error {
   constructor(

package/packages/utils/src/server/validateRedirectHost.test.ts ADDED Viewed

@@ -0,0 +1,352 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+import { validateRedirectHost } from './validateRedirectHost';
+describe('validateRedirectHost', () => {
+  let originalAppUrl: string | undefined;
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Store original APP_URL and set default for tests
+    originalAppUrl = process.env.APP_URL;
+    process.env.APP_URL = 'https://example.com';
+  });
+  afterEach(() => {
+    // Restore original APP_URL
+    if (originalAppUrl === undefined) {
+      delete process.env.APP_URL;
+    } else {
+      process.env.APP_URL = originalAppUrl;
+    }
+  });
+  describe('invalid inputs', () => {
+    it('should return false when targetHost is empty string', () => {
+      const result = validateRedirectHost('');
+      expect(result).toBe(false);
+    });
+    it('should return false when targetHost is "null" string', () => {
+      const result = validateRedirectHost('null');
+      expect(result).toBe(false);
+    });
+    it('should return false when APP_URL is not configured', () => {
+      delete process.env.APP_URL;
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(false);
+    });
+    it('should return false when APP_URL is malformed', () => {
+      process.env.APP_URL = 'not-a-valid-url';
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(false);
+    });
+  });
+  describe('exact host match', () => {
+    it('should return true when targetHost exactly matches APP_URL host', () => {
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(true);
+    });
+    it('should return true when targetHost matches APP_URL host with port', () => {
+      process.env.APP_URL = 'https://example.com:8080';
+      const result = validateRedirectHost('example.com:8080');
+      expect(result).toBe(true);
+    });
+    it('should return true when targetHost matches APP_URL with different protocols', () => {
+      process.env.APP_URL = 'http://example.com';
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(true);
+    });
+    it('should return false when targetHost port differs from APP_URL', () => {
+      process.env.APP_URL = 'https://example.com:8080';
+      const result = validateRedirectHost('example.com:9090');
+      expect(result).toBe(false);
+    });
+  });
+  describe('localhost validation', () => {
+    it('should allow localhost when APP_URL is localhost', () => {
+      process.env.APP_URL = 'http://localhost:3000';
+      const result = validateRedirectHost('localhost');
+      expect(result).toBe(true);
+    });
+    it('should allow localhost with port when APP_URL is localhost', () => {
+      process.env.APP_URL = 'http://localhost:3000';
+      const result = validateRedirectHost('localhost:8080');
+      expect(result).toBe(true);
+    });
+    it('should allow 127.0.0.1 when APP_URL is localhost', () => {
+      process.env.APP_URL = 'http://localhost:3000';
+      const result = validateRedirectHost('127.0.0.1');
+      expect(result).toBe(true);
+    });
+    it('should allow 127.0.0.1 with port when APP_URL is localhost', () => {
+      process.env.APP_URL = 'http://localhost:3000';
+      const result = validateRedirectHost('127.0.0.1:8080');
+      expect(result).toBe(true);
+    });
+    it('should allow 0.0.0.0 when APP_URL is localhost', () => {
+      process.env.APP_URL = 'http://localhost:3000';
+      const result = validateRedirectHost('0.0.0.0');
+      expect(result).toBe(true);
+    });
+    it('should allow 0.0.0.0 with port when APP_URL is localhost', () => {
+      process.env.APP_URL = 'http://localhost:3000';
+      const result = validateRedirectHost('0.0.0.0:8080');
+      expect(result).toBe(true);
+    });
+    it('should allow localhost when APP_URL is 127.0.0.1', () => {
+      process.env.APP_URL = 'http://127.0.0.1:3000';
+      const result = validateRedirectHost('localhost');
+      expect(result).toBe(true);
+    });
+    it('should allow localhost when APP_URL is 0.0.0.0', () => {
+      process.env.APP_URL = 'http://0.0.0.0:3000';
+      const result = validateRedirectHost('localhost');
+      expect(result).toBe(true);
+    });
+    it('should reject localhost when APP_URL is not a local address', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('localhost');
+      expect(result).toBe(false);
+    });
+    it('should reject 127.0.0.1 when APP_URL is not a local address', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('127.0.0.1');
+      expect(result).toBe(false);
+    });
+    it('should reject 0.0.0.0 when APP_URL is not a local address', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('0.0.0.0');
+      expect(result).toBe(false);
+    });
+  });
+  describe('subdomain validation', () => {
+    it('should allow valid subdomain of APP_URL domain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('api.example.com');
+      expect(result).toBe(true);
+    });
+    it('should allow multi-level subdomain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('api.v1.example.com');
+      expect(result).toBe(true);
+    });
+    it('should allow subdomain with port', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('api.example.com:8080');
+      expect(result).toBe(true);
+    });
+    it('should reject domain that is not a subdomain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('fakeexample.com');
+      expect(result).toBe(false);
+    });
+    it('should reject domain that contains but is not subdomain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('notexample.com');
+      expect(result).toBe(false);
+    });
+    it('should reject completely different domain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('evil.com');
+      expect(result).toBe(false);
+    });
+    it('should handle APP_URL with port when validating subdomains', () => {
+      process.env.APP_URL = 'https://example.com:8080';
+      const result = validateRedirectHost('api.example.com');
+      expect(result).toBe(true);
+    });
+    it('should handle APP_URL with subdomain when validating further subdomains', () => {
+      process.env.APP_URL = 'https://api.example.com';
+      const result = validateRedirectHost('v1.api.example.com');
+      expect(result).toBe(true);
+    });
+  });
+  describe('open redirect attack prevention', () => {
+    it('should block redirection to malicious external domain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('malicious.com');
+      expect(result).toBe(false);
+    });
+    it('should block redirection to similar-looking domain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('example.com.evil.com');
+      expect(result).toBe(false);
+    });
+    it('should block redirection to domain with extra TLD', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('example.com.br');
+      expect(result).toBe(false);
+    });
+    it('should block redirection using homograph attack attempt', () => {
+      process.env.APP_URL = 'https://example.com';
+      // Using similar-looking characters
+      const result = validateRedirectHost('examp1e.com');
+      expect(result).toBe(false);
+    });
+  });
+  describe('port handling', () => {
+    it('should handle standard HTTPS port (443) - normalized by URL API', () => {
+      // Note: URL API normalizes standard ports, so :443 is removed from https URLs
+      process.env.APP_URL = 'https://example.com:443';
+      // APP_URL becomes https://example.com (443 is default for https)
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(true);
+    });
+    it('should handle standard HTTP port (80) - normalized by URL API', () => {
+      // Note: URL API normalizes standard ports, so :80 is removed from http URLs
+      process.env.APP_URL = 'http://example.com:80';
+      // APP_URL becomes http://example.com (80 is default for http)
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(true);
+    });
+    it('should handle custom ports', () => {
+      process.env.APP_URL = 'https://example.com:3000';
+      const result = validateRedirectHost('example.com:3000');
+      expect(result).toBe(true);
+    });
+    it('should reject different ports on same domain', () => {
+      process.env.APP_URL = 'https://example.com:3000';
+      const result = validateRedirectHost('example.com:4000');
+      expect(result).toBe(false);
+    });
+    it('should allow subdomain with different port than APP_URL', () => {
+      process.env.APP_URL = 'https://example.com:3000';
+      const result = validateRedirectHost('api.example.com:8080');
+      expect(result).toBe(true);
+    });
+  });
+  describe('edge cases', () => {
+    it('should handle APP_URL with trailing slash', () => {
+      process.env.APP_URL = 'https://example.com/';
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(true);
+    });
+    it('should handle APP_URL with path', () => {
+      process.env.APP_URL = 'https://example.com/app';
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(true);
+    });
+    it('should handle uppercase in targetHost', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('EXAMPLE.COM');
+      expect(result).toBe(false);
+    });
+    it('should handle mixed case domains - URL API lowercases hostnames', () => {
+      // Note: URL API automatically lowercases hostnames
+      process.env.APP_URL = 'https://Example.Com';
+      // URL API converts it to example.com
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(true);
+    });
+    it('should handle IPv4 addresses in APP_URL', () => {
+      process.env.APP_URL = 'http://192.168.1.1:3000';
+      const result = validateRedirectHost('192.168.1.1:3000');
+      expect(result).toBe(true);
+    });
+    it('should reject different IPv4 addresses', () => {
+      process.env.APP_URL = 'http://192.168.1.1:3000';
+      const result = validateRedirectHost('192.168.1.2:3000');
+      expect(result).toBe(false);
+    });
+    it('should handle empty APP_URL gracefully', () => {
+      process.env.APP_URL = '';
+      const result = validateRedirectHost('example.com');
+      expect(result).toBe(false);
+    });
+    it('should handle whitespace in targetHost', () => {
+      const result = validateRedirectHost('  example.com  ');
+      expect(result).toBe(false);
+    });
+    it('should handle single dot in targetHost', () => {
+      const result = validateRedirectHost('.');
+      expect(result).toBe(false);
+    });
+    it('should handle double dots in targetHost', () => {
+      const result = validateRedirectHost('example..com');
+      expect(result).toBe(false);
+    });
+  });
+  describe('real-world scenarios', () => {
+    it('should validate production domain correctly', () => {
+      process.env.APP_URL = 'https://chat.lobehub.com';
+      const result = validateRedirectHost('chat.lobehub.com');
+      expect(result).toBe(true);
+    });
+    it('should allow API subdomain in production', () => {
+      process.env.APP_URL = 'https://chat.lobehub.com';
+      const result = validateRedirectHost('api.chat.lobehub.com');
+      expect(result).toBe(true);
+    });
+    it('should block redirect to competitor domain', () => {
+      process.env.APP_URL = 'https://chat.lobehub.com';
+      const result = validateRedirectHost('competitor.com');
+      expect(result).toBe(false);
+    });
+    it('should support development environment with port', () => {
+      process.env.APP_URL = 'http://localhost:3010';
+      const result = validateRedirectHost('localhost:3010');
+      expect(result).toBe(true);
+    });
+    it('should support staging environment', () => {
+      process.env.APP_URL = 'https://staging.example.com';
+      const result = validateRedirectHost('staging.example.com');
+      expect(result).toBe(true);
+    });
+    it('should allow preview deployment subdomain', () => {
+      process.env.APP_URL = 'https://example.com';
+      const result = validateRedirectHost('pr-123.example.com');
+      expect(result).toBe(true);
+    });
+  });
+});

package/src/app/[variants]/oauth/consent/[uid]/Consent/index.tsx CHANGED Viewed

@@ -42,11 +42,9 @@ const useStyles = createStyles(({ css, token }) => ({
     background-color: transparent;
   `,
   card: css`
-    width: 100%;
     max-width: 500px;
     border-color: ${token.colorBorderSecondary};
     border-radius: 12px;
     background-color: ${token.colorBgContainer};
   `,
   connector: css`

package/src/app/[variants]/oauth/consent/[uid]/Login.tsx CHANGED Viewed

@@ -29,11 +29,9 @@ const useStyles = createStyles(({ css, token, responsive }) => ({
     font-weight: 500;
   `,
   card: css`
-    width: 100%;
     max-width: 500px;
     border-color: ${token.colorBorderSecondary};
     border-radius: 12px;
     background: ${token.colorBgContainer};
     ${responsive.mobile} {