@lobehub/lobehub 2.0.2 → 2.0.4

package/docs/self-hosting/advanced/auth.zh-CN.mdx

@@ -152,7 +152,19 @@ LobeHub 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 
 ### 通用配置
 
-在使用 NextAuth 之前，请先在 LobeHub 的环境变量中设置以下变量：
+在使用 Better Auth 之前，请先在 LobeHub 的环境变量中设置以下变量：
+
+## 邮箱验证
+
+启用邮箱验证以确保用户拥有其注册的邮箱地址（默认关闭）：
+
+| 环境变量                      | 类型 | 描述                   |
+| ------------------------- | -- | -------------------- |
+| `AUTH_EMAIL_VERIFICATION` | 可选 | 设置为 `1` 以要求注册后进行邮箱验证 |
+
+<Callout type={'info'}>
+  邮箱验证需要上方已配置好的邮件服务（SMTP 或 Resend）。启用后，用户必须验证其邮箱地址才能登录。
+</Callout>
 
 ## 魔法链接（免密）登录
 
@@ -194,6 +206,17 @@ Better Auth 支持内置提供商（Google、GitHub、Microsoft、Apple、AWS Co
 当前身份验证方案强依赖 email。请在 Casdoor 中为用户配置有效的 email 地址。
 强烈建议使用真实有效的邮箱，否则密码重置、魔法链接登录等功能将无法使用。
 
+### 邮箱可以随便乱填吗？
+
+**强烈不建议**。请务必填写真实有效的邮箱地址。使用虚假邮箱会导致以下问题：
+
+- 密码重置功能无法使用
+- 魔法链接登录无法使用
+- 邮箱验证无法通过
+- 忘记密码时可能无法找回账户
+
+这适用于所有身份验证方式，包括 Casdoor 等 SSO 提供商。请确保用户配置了有效的邮箱地址。
+
 ### 如何限制只允许特定邮箱或域名注册？
 
 设置 `AUTH_ALLOWED_EMAILS` 环境变量，支持完整邮箱地址或域名，以逗号分隔。例如：
@@ -201,6 +224,10 @@ Better Auth 支持内置提供商（Google、GitHub、Microsoft、Apple、AWS Co
 - 只允许 `example.com` 域名：`AUTH_ALLOWED_EMAILS=example.com`
 - 允许多个域名和特定邮箱：`AUTH_ALLOWED_EMAILS=example.com,company.org,admin@other.com`
 
+<Callout type={'info'}>
+  注意：`AUTH_ALLOWED_EMAILS` 仅限制哪些邮箱地址可以注册，但不会验证邮箱所有权。如果需要确保用户确实拥有其注册的邮箱地址，请设置 `AUTH_EMAIL_VERIFICATION=1` 以启用邮箱验证。这需要配置邮件服务（SMTP）。
+</Callout>
+
 ### Webhook 支持
 
 允许 LobeHub 在身份提供商中用户信息更新时接收通知。支持的提供商包括 Casdoor 和 Logto。请参考具体提供商文档进行配置。
@@ -211,4 +238,4 @@ Better Auth 支持内置提供商（Google、GitHub、Microsoft、Apple、AWS Co
 
 ## 其他 SSO 提供商
 
-请参考 [NextAuth.js](https://next-auth.js.org/providers) 文档，欢迎提交 Pull Request。
+请参考 [Auth.js](https://authjs.dev/getting-started/authentication/oauth) 文档，欢迎提交 Pull Request。

package/docs/self-hosting/advanced/upstream-sync.mdx

@@ -106,7 +106,7 @@ If you wish to automate the above steps, you can follow the method below and use
   export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890
 
   # Pull the latest image and store the output in a variable
-  output=$(docker pull lobehub/lobe-chat:latest 2>&1)
+  output=$(docker pull lobehub/lobehub:latest 2>&1)
 
   # Check if the pull command was executed successfully
   if [ $? -ne 0 ]; then
@@ -114,7 +114,7 @@ If you wish to automate the above steps, you can follow the method below and use
   fi
 
   # Check if the output contains a specific string
-  echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest"
+  echo "$output" | grep -q "Image is up to date for lobehub/lobehub:latest"
 
   # If the image is already up to date, do nothing
   if [ $? -eq 0 ]; then
@@ -127,14 +127,14 @@ If you wish to automate the above steps, you can follow the method below and use
   echo "Removed: $(docker rm -f lobe-chat)"
 
   # Run the new container(Please change the path to the env file)
-  echo "Started: $(docker run -d --network=host --env-file /path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobe-chat)"
+  echo "Started: $(docker run -d --network=host --env-file /path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobehub)"
 
   # Print the update time and version
   echo "Update time: $(date)"
-  echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')"
+  echo "Version: $(docker inspect lobehub/lobehub:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')"
 
   # Clean up unused images
-  docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1
+  docker images | grep 'lobehub/lobehub' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1
   echo "Removed old images."
   ```
 

package/docs/self-hosting/advanced/upstream-sync.zh-CN.mdx

@@ -101,7 +101,7 @@ Docker 部署版本的升级非常简单，只需要重新部署 LobeHub 的最
   # export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890
 
   # 拉取最新的镜像并将输出存储在变量中
-  output=$(docker pull lobehub/lobe-chat:latest 2>&1)
+  output=$(docker pull lobehub/lobehub:latest 2>&1)
 
   # 检查拉取命令是否成功执行
   if [ $? -ne 0 ]; then
@@ -109,7 +109,7 @@ Docker 部署版本的升级非常简单，只需要重新部署 LobeHub 的最
   fi
 
   # 检查输出中是否包含特定的字符串
-  echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest"
+  echo "$output" | grep -q "Image is up to date for lobehub/lobehub:latest"
 
   # 如果镜像已经是最新的，则不执行任何操作
   if [ $? -eq 0 ]; then
@@ -122,14 +122,14 @@ Docker 部署版本的升级非常简单，只需要重新部署 LobeHub 的最
   echo "Removed: $(docker rm -f lobe-chat)"
 
   # 运行新的容器(请将env配置文件地址改为你的实际地址)
-  echo "Started: $(docker run -d --network=host --env-file path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobe-chat)"
+  echo "Started: $(docker run -d --network=host --env-file path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobehub)"
 
   # 打印更新的时间和版本
   echo "Update time: $(date)"
-  echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')"
+  echo "Version: $(docker inspect lobehub/lobehub:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')"
 
   # 清理不再使用的镜像
-  docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1
+  docker images | grep 'lobehub/lobehub' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1
   echo "Removed old images."
   ```
 

package/docs/self-hosting/environment-variables/auth.mdx

@@ -2,14 +2,12 @@
 title: LobeHub Authentication Service Environment Variables
 description: >-
   Explore the essential environment variables for configuring authentication
-  services in LobeHub, including Better Auth, OAuth SSO, NextAuth settings, and
+  services in LobeHub, including Better Auth, OAuth SSO, and
   provider-specific details.
 tags:
   - Authentication Service
   - Better Auth
   - OAuth SSO
-  - Clerk
-  - NextAuth
 ---
 
 # Authentication Service
@@ -23,7 +21,7 @@ LobeHub provides a complete authentication service capability when deployed. The
 #### `AUTH_SECRET`
 
 - Type: Required
-- Description: Key used to encrypt session tokens. Shared between Better Auth and Next Auth. You can generate the key using the command: `openssl rand -base64 32`.
+- Description: Key used to encrypt session tokens. You can generate the key using the command: `openssl rand -base64 32`.
 - Default: `-`
 - Example: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=`
 
@@ -211,333 +209,3 @@ These settings are required for email verification and password reset features.
 - Description: App Secret of the WeChat application.
 - Default: `-`
 - Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
-
-<Callout type={'info'}>
-  For other OIDC-based providers (Auth0, Authelia, Authentik, Casdoor, Cloudflare Zero Trust, Keycloak, Logto, Okta, ZITADEL, Generic OIDC), the environment variables follow the same pattern as Next Auth. See the [Next Auth section](#next-auth) below for details.
-</Callout>
-
-## Next Auth
-
-### General Settings
-
-#### `NEXT_PUBLIC_ENABLE_NEXT_AUTH`
-
-- Changes after v1.52.0.
-
-- For users who deploy with Vercel using Next Auth, it is necessary to add the environment variable NEXT\_PUBLIC\_ENABLE\_NEXT\_AUTH=1 to ensure that Next Auth is enabled.
-
-- For users who use Clerk in their self-built image, it is necessary to configure the environment variable NEXT\_PUBLIC\_ENABLE\_NEXT\_AUTH=0 to disable Next Auth.\n
-
-- Other standard deployment scenarios (using Clerk on Vercel and next-auth in Docker) are not affected
-
-#### `NEXT_AUTH_SECRET`
-
-- Type: Required
-- Description: Key used to encrypt the session tokens in Auth.js. You can generate the key using the following command: `openssl rand -base64 32`.
-- Default: `-`
-- Example: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=`
-
-#### `NEXT_AUTH_SSO_PROVIDERS`
-
-- Type: Optional
-- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,microsoft-entra-id,authentik`.
-- Default: `auth0`
-- Example: `auth0,microsoft-entra-id,authentik`
-
-#### `NEXTAUTH_URL`
-
-- Type: Optional
-- Description: This URL is used to specify the callback address for Auth.js during OAuth authentication. It does not need to be set when deploying on Vercel.
-- Default: `-`
-- Example: `https://example.com/api/auth`
-
-### Auth0
-
-#### `AUTH_AUTH0_ID`
-
-- Type: Required
-- Description: Client ID of the Auth0 application. You can access it [here](https://manage.auth0.com/dashboard) and navigate to the application settings to view.
-- Default: `-`
-- Example: `evCnOJP1UX8FMnXR9Xkj5t0NyFn5p70P`
-
-#### `AUTH_AUTH0_SECRET`
-
-- Type: Required
-- Description: Client Secret of the Auth0 application.
-- Default: `-`
-- Example: `wnX7UbZg85ZUzF6ioxPLnJVEQa1Elbs7aqBUSF16xleBS5AdkVfASS49-fQIC8Rm`
-
-#### `AUTH_AUTH0_ISSUER`
-
-- Type: Required
-- Description: Issuer/domain of the Auth0 application.
-- Default: `-`
-- Example: `https://example.auth0.com`
-
-### Authelia
-
-#### `AUTH_AUTHELIA_ID`
-
-- Type: Required
-- Description: Client ID of the Authelia provider application.
-- Default: `-`
-- Example: `lobe-chat`
-
-#### `AUTH_AUTHELIA_SECRET`
-
-- Type: Required
-- Description: The plaintext of the Client Secret for the Authelia provider
-- Default: `-`
-- Example: `insecure_secret`
-
-#### `AUTH_AUTHELIA_ISSUER`
-
-- Type: Required
-- Description: Issuer of the Authelia provider application.
-- Default: `-`
-- Example: `https://sso.example.com`
-
-### Authentik
-
-#### `AUTH_AUTHENTIK_ID`
-
-- Type: Required
-- Description: Client ID of the Authentik provider application.
-- Default: `-`
-- Example: `evCnOJP1UX8FMnXR9Xkj5t0NyFn5p70P`
-
-#### `AUTH_AUTHENTIK_SECRET`
-
-- Type: Required
-- Description: Client Secret of the Authentik provider application.
-- Default: `-`
-- Example: `wnX7UbZg85ZUzF6ioxPLnJVEQa1Elbs7aqBUSF16xleBS5AdkVfASS49-fQIC8Rm`
-
-#### `AUTH_AUTHENTIK_ISSUER`
-
-- Type: Required
-- Description: Issuer/domain of the Authentik provider application.
-- Default: `-`
-- Example: `https://your-authentik-domain.com/application/o/slug/`
-
-### Casdoor
-
-#### `AUTH_CASDOOR_ID`
-
-- Type: Required
-- Description: Client ID provided by Casdoor
-- Default: `-`
-- Example: `570bfa85a21800a25198`
-
-#### `AUTH_CASDOOR_SECRET`
-
-- Type: Required
-- Description: Plaintext Client Secret provided by Casdoor
-- Default: `-`
-- Example: `233a623a15eac2db2e43bb8a323eda729552c405`
-
-#### `AUTH_CASDOOR_ISSUER`
-
-- Type: Required
-- Description: OpenID Connect issuer provided by Casdoor
-- Default: `-`
-- Example: `https://lobe-auth-api.example.com/`
-
-### Cloudflare Zero Trust
-
-#### `AUTH_CLOUDFLARE_ZERO_TRUST_ID`
-
-- Type: Required
-- Description: Client ID of the Cloudflare Zero Trust provider application.
-- Default: `-`
-- Example: `711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c`
-
-#### `AUTH_CLOUDFLARE_ZERO_TRUST_SECRET`
-
-- Type: Required
-- Description: The plaintext of the Client Secret for the Cloudflare Zero Trust provider
-- Default: `-`
-- Example: `8f26d4ef834a828045b401e032ae128dbb00471bca53f0d25332323f525dfa30`
-
-#### `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER`
-
-- Type: Required
-- Description: Issuer of the Cloudflare Zero Trust provider application.
-- Default: `-`
-- Example: `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c`
-
-### Github
-
-#### `AUTH_GITHUB_ID`
-
-- Type: Required
-- Description: Client ID of the Github application. You can access it [here](https://github.com/settings/apps) and navigate to the application settings to view.
-- Default: `-`
-- Example: `abd94200333283550508`
-
-#### `AUTH_GITHUB_SECRET`
-
-- Type: Required
-- Description: Client Secret of the Github application.
-- Default: `-`
-- Example: `dd262976ac0931d947e104891586a053f3d3750b`
-
-### Logto
-
-#### `AUTH_LOGTO_ID`
-
-- Type: Required
-- Description: The Client ID of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode.
-- Default value: `-`
-- Example: `123456789012345678@your-project`
-
-#### `AUTH_LOGTO_SECRET`
-
-- Type: Required
-- Description: The Client Secret of the Logto application.
-- Default value: `-`
-- Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A`
-
-#### `AUTH_LOGTO_ISSUER`
-
-- Type: Required
-- Description: The OpenID Connect issuer of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode.
-- Default value: `-`
-- Example: `https://lobe-auth-api.example.com/oidc`
-
-### Microsoft Entra ID
-
-#### `AUTH_MICROSOFT_ENTRA_ID_BASE_URL`
-
-- Type: Required
-- Description: - Description: Base URL for Azure login. Use when authenticating against other Microsoft sovereignty clouds like Azure US Government.
-- Default: `https://login.microsoftonline.com`
-- Example: `https://login.microsoftonline.us`
-
-#### `AUTH_AZURE_AD_ID`
-
-- Type: Required
-- Description: Client ID of the Microsoft Entra ID application.
-- Default: `-`
-- Example: `be8f6da1-58c3-4f16-ff1b-78f5148e10df`
-
-#### `AUTH_AZURE_AD_SECRET`
-
-- Type: Required
-- Description: Client Secret of the Microsoft Entra ID application.
-- Default: `-`
-- Example: `~gI8Q.pTiN1vwB6Gl.E1yFT1ojcXABkdACfJXaNj`
-
-#### `AUTH_AZURE_AD_TENANT_ID`
-
-- Type: Required
-- Description: Tenant ID of the Microsoft Entra ID application.
-- Default: `-`
-- Example: `c8ae2f36-edf6-4cda-96b9-d3e198a47cba`
-
-### ZITADEL
-
-#### `AUTH_ZITADEL_ID`
-
-- Type: Required
-- Description: Client ID of the ZITADEL application. This can be found under your application in the ZITADEL console.
-- Default: `-`
-- Example: `123456789012345678@your-project`
-
-#### `AUTH_ZITADEL_SECRET`
-
-- Type: Required
-- Description: Client Secret of the ZITADEL application.
-- Default: `-`
-- Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A`
-
-#### `AUTH_ZITADEL_ISSUER`
-
-- Type: Required
-- Description: Issuer of the ZITADEL application. This is usually the URL of the ZITADEL instance, and can be found in `URLs` tab of your application in the console.
-- Default: `-`
-- Example: `https://your-instance-abc123.zitadel.cloud`
-
-### Okta
-
-#### `AUTH_OKTA_ID`
-
-- Type: Required
-- Description: Client ID of the Okta application. This can be found under your application settings in the Okta console.
-- Default: `-`
-- Example: `ac12c950f3ce48c8a45a`
-
-#### `AUTH_OKTA_SECRET`
-
-- Type: Required
-- Description: Client Secret of the Okta application. This can be found under your application settings in the Okta console.
-- Default: `-`
-- Example: `ex1HqvSOOkC5INqo42grOSqNvHoD4p84em1yy5QU7v88IZlaWGywFjYkrkpkSopt`
-
-#### `AUTH_OKTA_ISSUER`
-
-- Type: Required
-- Description: Issuer of the Okta application. This is the URL of the Okta instance -- If branding is set up, it can be your custom domain.
-- Default: `-`
-- Example: `https://your-instance.okta.com`
-
-### Feishu
-
-#### `AUTH_FEISHU_APP_ID`
-
-- Type: Required
-- Description: App ID of the Feishu application.
-- Default: `-`
-- Example: `cli_9f7b1e1e1e1e1e1e`
-
-#### `AUTH_FEISHU_APP_SECRET`
-
-- Type: Required
-- Description: App Secret of the Feishu application.
-- Default: `-`
-- Example: `AlHxxX1e1e1e1e1e1e1e1e1e1e1e1e1e`
-
-### Generic OIDC
-
-#### `AUTH_GENERIC_OIDC_ID`
-
-- Type: Required
-- Description: Client ID of the Generic OIDC provider application.
-- Default: `-`
-- Example: `_client_id_for_lobe_chat_`
-
-#### `AUTH_GENERIC_OIDC_SECRET`
-
-- Type: Required
-- Description: The plaintext of the Client Secret for the Generic OIDC provider
-- Default: `-`
-- Example: `_client_secret_for_lobe_chat_`
-
-#### `AUTH_GENERIC_OIDC_ISSUER`
-
-- Type: Required
-- Description: Issuer of the Generic OIDC provider application.
-- Default: `-`
-- Example: `https://sso.example.com`
-
-<Callout>
-  Currently, we only support providers above. If you need to use other identity verification service
-  providers, you can submit a [feature
-  request](https://github.com/lobehub/lobe-chat/issues/new/choose) or Pull Request.
-</Callout>
-
-## Clerk
-
-### `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY`
-
-- Type: Required
-- Description: Publishable key of the Clerk application. You can access it [here](https://dashboard.clerk.com) and navigate to the API Keys to view.
-- Default: `-`
-- Example: `pk_test_Zmxvd4luZy1wdW1hLTIyLmNsXXJrTmFjY291bnRzLmRldiQ` in dev / `pk_live_Y2xlcdsubG9iZWh1Yi1cbmMuY24k` in production
-
-### `CLERK_SECRET_KEY`
-
-- Type: Required
-- Description: Secret key of the Clerk application.
-- Default: `-`
-- Example: `sk_test_513Ma0P7IAWM1XMv4waxZjRYRajWTaCfJLjpEO3SD2` in dev / `sk_live_eMMlHjwJvZFUfczFljSKqZdwQtLvmczmsJSNmdrpeZ` in production