-
-
Notifications
You must be signed in to change notification settings - Fork 8.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ feat: Add NextAuth as authentication service in server database #2935
Conversation
@cy948 is attempting to deploy a commit to the LobeHub Pro Team on Vercel. A member of the Team first needs to authorize it. |
👍 @cy948 Thank you for raising your pull request and contributing to our Community |
249c8e3
to
27c9966
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2935 +/- ##
==========================================
- Coverage 94.18% 94.15% -0.04%
==========================================
Files 396 401 +5
Lines 24755 25404 +649
Branches 2806 2016 -790
==========================================
+ Hits 23316 23919 +603
- Misses 1439 1485 +46
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
冲突解决下? |
Conflict resolution? |
👍 期待这次更新 |
👍 Looking forward to this update |
rebase 下 |
rebase under |
125d0cc
to
50e3829
Compare
@arvinxx rebase完了,还在 |
@arvinxx The rebase is finished, and some prompts have been added to |
其他我没啥问题了,就是要一个配置流程的文档,我跟着走一遍看看行不行 |
I don't have any other questions. I just want a document on the configuration process. I'll go through it and see if it works. |
OK,可以先在PR讨论区里补一个简单的配置文档吗? |
OK, can you fill in a simple configuration document in the PR discussion forum first? |
@arvinxx 因为 Github 没授权用户的 email,所以没有合并账户。应该是和这个 provider 的 oauth scope 有关。 |
@arvinxx Because Github does not authorize the user’s email, there is no merged account |
使用 auth0 的这种方式看上去可以直接关联账户,而不仅是通过email匹配 |
@morningtzh 这种方式很不错,但目前 nextauth 的 account linking 是在后端处理的,没提供 ui 接入,以后可以通过 profile 页面实现。 |
@morningtzh This method is very good, but currently the account linking of nextauth is automatically processed and does not provide UI access. It can be implemented through the profile page in the future. |
感谢开发者的贡献!请问这次更新何时可以发布?NextAuth 的 Microsoft Entra ID SSO 登陆已经超过1个月不能使用了,期待尽快修复。 |
Thanks to the developers for their contributions! When will this update be released? NextAuth's Microsoft Entra ID SSO login has been unavailable for more than a month. We look forward to repairing it as soon as possible. |
@ykangw 这两天就会合并发布 |
@ykangw It will be merged and released in the next two days |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM now. Let's move forward.
❤️ Great PR @cy948 ❤️ The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world. |
## [Version 1.8.0](v1.7.10...v1.8.0) <sup>Released on **2024-08-02**</sup> #### ✨ Features - **misc**: Add NextAuth as authentication service in server database. <br/> <details> <summary><kbd>Improvements and Fixes</kbd></summary> #### What's improved * **misc**: Add NextAuth as authentication service in server database, closes [#2935](#2935) ([5a0b972](5a0b972)) </details> <div align="right"> [![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top) </div>
🎉 This PR is included in version 1.8.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
## [Version 1.51.0](v1.50.9...v1.51.0) <sup>Released on **2024-08-02**</sup> #### ✨ Features - **misc**: Add NextAuth as authentication service in server database. <br/> <details> <summary><kbd>Improvements and Fixes</kbd></summary> #### What's improved * **misc**: Add NextAuth as authentication service in server database, closes [lobehub#2935](https://github.com/bentwnghk/lobe-chat/issues/2935) ([5a0b972](5a0b972)) </details> <div align="right"> [![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top) </div>
|
|
@534002646 docker有两个镜像,有一个是server版本,遇到问题的是哪个? |
@534002646 Docker has two images, one of which is the server version. Which one is encountering the problem? |
没有问题了,重新拉了数据库版本的,感谢🙏 |
There is no problem anymore. I have re-pulled the database version. Thank you🙏 |
💻 变更类型 | Change Type
🔀 变更说明 | Description of Change
LobeNextAuthDBAdapter
。用于处理数据库操作。src/database/server/schemas/nextauth.ts
: 添加了仅用于 NextAuth 的数据表;src/database/server/schemas/lobechat.ts
: 在users
表中添加了 nextauth 需要的字段:email_verified
;src/database/server/models/user.ts
: 在userModel
中添加了新的 query 方法:findByEmail
;src/database/server/models/__tests__/user.test.ts
: 上述方法findByEmail
的测试;src/libs/next-auth/adapter/index.ts
: 基于NextAuth Drizzle Db adapter进行改进,使其接入已有用户系统;src/database/server/migrations
: 使用pnpm db:generate
生成 Migration SQLssrc/libs/next-auth/index.ts
: Nodejs Runtime 模块,含Server-side Database;src/libs/next-auth/edge.ts
: Edge Runtime 模块,所有package具有edge compatibility;src/libs/next-auth/auth.config.ts
: 迁移原有配置的同时,根据AuthJS文档处理在 DB 模式下的用户ID传递。src/middleware.ts
: 只使用 Edge Runtime 模块,作为NextJS中间件引入。src/app/api/auth/[...nextauth]/route.ts
: 只使用Node Runtime 模块,管理Session。src/server/context.ts
: 使用 Edge Runtime 模块,将NextAuth接入TRPC接口鉴权中。src/server/routers/edge/config/index.test.ts
: mock NextAuth importsrc/libs/trpc/middleware/userAuth.test.ts
: mock NextAuth importsrc/libs/trpc/middleware/password.test.ts
: mock NextAuth importsrc/layout/GlobalProvider/StoreInitialization.tsx
: 使用storeUpdater
将serverConfigStore
中与NextAuth相关变量更新到前端userStroe
中。 [Bug] OAuth SSO Disabled When Using Only NEXT_AUTH_SECRET #2986; [Bug] Microsoft Entra ID 正确配置后不显示SSO登录入口 #3136authEnv
的形式判断是否启用 Auth 重构为从userStore
中读取src/app/(main)/(mobile)/me/(home)/features/UserBanner.tsx
src/app/(main)/(mobile)/me/(home)/__tests__/UserBanner.test.tsx
: 改为从 userStore 中读取 enableAuth 状态src/app/(main)/(mobile)/me/(home)/features/useCategory.tsx
src/app/(main)/(mobile)/me/(home)/__tests__/useCategory.test.tsx
: 改为从 userStore 中读取 enableAuth 状态src/app/(main)/settings/_layout/Mobile/Header.tsx
src/app/(main)/settings/common/features/Theme/index.tsx
src/features/User/UserPanel/PanelContent.tsx
src/layout/GlobalProvider/StoreInitialization.tsx
: 未登陆时不获取 session 和 user state 。src/app/api/auth/error/AuthErrorPage.tsx
: 增加了 NextAuth 的错误 Page,页面出现时会在控制台打印 NextAuth 的错误信息及帮助开发者排查问题的日志。src/app/api/auth/error/page.tsx
: 覆盖NextAuth原有的ErrorPage。src/app/(main)/(mobile)/me/(home)/features/UserBanner.tsx
: 当使用NextAuth时,在/me
页面点击头像时不跳转/me/profile
。📝 补充信息
serverConfigStore
或userStore
,后端只能使用authEnv
变量判断。src/libs/next-auth/edge.ts
中引入;src/libs/next-auth/
中引入;📝 Additional Information
serverConfigStore
oruserStore
, while backend can only use theauthEnv
variable to determine.src/libs/next-auth/edge.ts
;src/libs/next-auth/
;🦮 运行指南
Docker镜像部署指南
1. 配置数据库
在部署之前,请确保已准备好 Postgres 数据库实例。你可以选择以下方式之一:
环境变量:
2. 配置NextAuth身份验证服务
请参考NextAuth接入文档进行配置。
环境变量:
3. 配置S3存储服务
LobeChat支持多模态AI会话,如果你需要用到S3服务,请配置S3存储服务用于存储图片文件。
参考文档:
配置并获取S3存储桶
环境变量:
以上是Docker镜像部署 NextAuth 的配置的相关信息和环境变量设置。接下来请使用上述环境变量按照Docker部署文档的步骤运行镜像。