✨ feat: Add NextAuth as authentication service in server database

[cy948]

💻 变更类型 | Change Type

• ✨ feat
• 🐛 fix
• ♻️ refactor
• 💄 style
• 🔨 chore
• ⚡️ perf
• 📝 docs

🔀 变更说明 | Description of Change

1. 实现 LobeNextAuthDBAdapter。用于处理数据库操作。

• 🗃️ src/database/server/schemas/nextauth.ts: 添加了仅用于 NextAuth 的数据表；
• 🗃️ src/database/server/schemas/lobechat.ts: 在 users 表中添加了 nextauth 需要的字段：email_verified；
• 🗃️ src/database/server/models/user.ts: 在 userModel 中添加了新的 query 方法： findByEmail；
• 🧪 src/database/server/models/__tests__/user.test.ts: 上述方法 findByEmail 的测试；
• ✨ src/libs/next-auth/adapter/index.ts: 基于NextAuth Drizzle Db adapter进行改进，使其接入已有用户系统；
• 🗃️ src/database/server/migrations: 使用 pnpm db:generate生成 Migration SQLs

2. 实现 middleware, trpc 中的鉴权逻辑

• ♻️ 按照Authjs文档将NextAuth配置文件进行抽离，拆分为 Nodejs Runtime, Edge Runtime 两个模块。
  • ♻️ src/libs/next-auth/index.ts: Nodejs Runtime 模块，含Server-side Database；
  • ♻️ src/libs/next-auth/edge.ts: Edge Runtime 模块，所有package具有edge compatibility；
  • ♻️ src/libs/next-auth/auth.config.ts: 迁移原有配置的同时，根据AuthJS文档处理在 DB 模式下的用户ID传递。
• ♻️ 分别将两类NextAuth模块引入鉴权逻辑中。
  • ♻️ src/middleware.ts: 只使用 Edge Runtime 模块，作为NextJS中间件引入。
  • ♻️ src/app/api/auth/[...nextauth]/route.ts: 只使用Node Runtime 模块，管理Session。
  • ✨ src/server/context.ts: 使用 Edge Runtime 模块，将NextAuth接入TRPC接口鉴权中。
  • 🧪 src/server/routers/edge/config/index.test.ts: mock NextAuth import
  • 🧪 src/libs/trpc/middleware/userAuth.test.ts: mock NextAuth import
  • 🧪 src/libs/trpc/middleware/password.test.ts: mock NextAuth import

3. 将NextAuth启用状态注入前端

• 🐛 src/layout/GlobalProvider/StoreInitialization.tsx: 使用storeUpdater将 serverConfigStore 中与NextAuth相关变量更新到前端 userStroe 中。 [Bug] OAuth SSO Disabled When Using Only NEXT_AUTH_SECRET #2986; [Bug] Microsoft Entra ID 正确配置后不显示SSO登录入口 #3136
• ♻️ 前端将使用 authEnv 的形式判断是否启用 Auth 重构为从userStore中读取
  • ♻️ src/app/(main)/(mobile)/me/(home)/features/UserBanner.tsx
  • 🧪 src/app/(main)/(mobile)/me/(home)/__tests__/UserBanner.test.tsx: 改为从 userStore 中读取 enableAuth 状态
  • ♻️ src/app/(main)/(mobile)/me/(home)/features/useCategory.tsx
  • 🧪 src/app/(main)/(mobile)/me/(home)/__tests__/useCategory.test.tsx: 改为从 userStore 中读取 enableAuth 状态
  • ♻️ src/app/(main)/settings/_layout/Mobile/Header.tsx
  • ♻️ src/app/(main)/settings/common/features/Theme/index.tsx
  • ♻️ src/features/User/UserPanel/PanelContent.tsx
• ♻️ src/layout/GlobalProvider/StoreInitialization.tsx: 未登陆时不获取 session 和 user state 。

4. 自定义 NextAuth 错误Page，避免PWA应用在登陆时出现错误后无法回退

• ✨ src/app/api/auth/error/AuthErrorPage.tsx: 增加了 NextAuth 的错误 Page，页面出现时会在控制台打印 NextAuth 的错误信息及帮助开发者排查问题的日志。
• ♻️ src/app/api/auth/error/page.tsx: 覆盖NextAuth原有的ErrorPage。

5. 杂项

• ♻️src/app/(main)/(mobile)/me/(home)/features/UserBanner.tsx: 当使用NextAuth时，在/me页面点击头像时不跳转/me/profile。

📝 补充信息

• 关于判断是否启用 NextAuth：前端只能使用 serverConfigStore 或 userStore ，后端只能使用 authEnv 变量判断。

// In some component which would rendered on client side
// use UserStore
const [enabledNextAuth] = useUserStore((s) => [
    s.enabledNextAuth,
  ]);
// use ServerConfigStore
const enabledNextAuth = useServerConfigStore(serverConfigSelectors.enabledOAuthSSO);

// Backend logic  
// use autnEnv
const enabledNextAuth = authEnv.NEXT_PUBLIC_ENABLE_NEXT_AUTH

⚠️ 当前尚不支持 NextAuth 的 Database Session，原因可参考AuthJS文档。

• 关于 NextAuth 模块的引入：
  • 模块运行在 edge 运行时：只能从src/libs/next-auth/edge.ts中引入；
  • 模块运行在 node 运行时：建议从src/libs/next-auth/中引入；

📝 Additional Information

• About determining whether NextAuth is enabled: Frontend can only use serverConfigStore or userStore, while backend can only use the authEnv variable to determine.

// In some component which would rendered on client side
// use UserStore
const [enabledNextAuth] = useUserStore((s) => [
    s.enabledNextAuth,
  ]);
// use ServerConfigStore
const enabledNextAuth = useServerConfigStore(serverConfigSelectors.enabledOAuthSSO);

// Backend logic  
// use autnEnv
const enabledNextAuth = authEnv.NEXT_PUBLIC_ENABLE_NEXT_AUTH

⚠️ The Database Session for NextAuth is not yet supported, the reason can be found in the AuthJS documentation.

• About NextAuth module import：
  • Modules on edge: Counld only import from src/libs/next-auth/edge.ts;
  • Modules on node: Recommend to import from src/libs/next-auth/;

🦮 运行指南

Docker镜像部署指南

1. 配置数据库

在部署之前，请确保已准备好 Postgres 数据库实例。你可以选择以下方式之一：

• 使用 Vercel / Neon 等 Serverless Postgres 实例；
• 使用 Docker 等自部署 Postgres 实例。

环境变量：

KEY_VAULTS_SECRET= # 必选，访问 https://generate-secret.vercel.app/32 生成秘钥。
DATABASE_DRIVER= # 可选，若使用自部署数据库实例，请指定为`node`；
DATABASE_URL= # 必选，数据库连接 URL 格式为 `postgres:https://username:password@host:port/database`；
NEXT_PUBLIC_SERVICE_MODE= # 可选，若构建Docker镜像，请指定为`server`。

2. 配置NextAuth身份验证服务

请参考NextAuth接入文档进行配置。

环境变量：

NEXT_AUTH_SECRET= # 必选，访问 https://generate-secret.vercel.app/32 生成秘钥。
ACCESS_CODE= # 必选，随机生成。
NEXTAUTH_URL= # 必选，格式为`<protocol>:https://<domain>:<port>/api/auth`，示例： `https://example.com/api/auth`。
NEXT_AUTH_SSO_PROVIDERS = # 可选，指定要使用的SSO提供者。

3. 配置S3存储服务

LobeChat支持多模态AI会话，如果你需要用到S3服务，请配置S3存储服务用于存储图片文件。

参考文档：

配置并获取S3存储桶

环境变量：

S3_BUCKET= # 存储桶名称
S3_ENDPOINT= # 存储桶请求端点
NEXT_PUBLIC_S3_DOMAIN= # 存储桶对外访问域名
S3_ACCESS_KEY_ID= # S3访问密钥ID
S3_SECRET_ACCESS_KEY= # S3访问密钥

以上是Docker镜像部署 NextAuth 的配置的相关信息和环境变量设置。接下来请使用上述环境变量按照Docker部署文档的步骤运行镜像。

[vercel]

@cy948 is attempting to deploy a commit to the LobeHub Pro Team on Vercel.

A member of the Team first needs to authorize it.

[lobehubbot]

👍 @cy948

Thank you for raising your pull request and contributing to our Community
Please make sure you have followed our contributing guidelines. We will review it as soon as possible.
If you encounter any problems, please feel free to connect with us.
非常感谢您提出拉取请求并为我们的社区做出贡献，请确保您已经遵循了我们的贡献指南，我们会尽快审查它。
如果您遇到任何问题，请随时与我们联系。

[codecov]

Codecov Report

Attention: Patch coverage is 93.09623% with 33 lines in your changes missing coverage. Please review.

Project coverage is 94.15%. Comparing base (ef54191) to head (9952fa5).
Report is 49 commits behind head on main.

Files	Patch %	Lines
.../(main)/(mobile)/me/(home)/features/UserBanner.tsx	36.36%	14 Missing ⚠️
src/server/context.ts	40.90%	13 Missing ⚠️
src/libs/next-auth/adapter/index.ts	97.72%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2935      +/-   ##
==========================================
- Coverage   94.18%   94.15%   -0.04%     
==========================================
  Files         396      401       +5     
  Lines       24755    25404     +649     
  Branches     2806     2016     -790     
==========================================
+ Hits        23316    23919     +603     
- Misses       1439     1485      +46     

Flag	Coverage Δ
app	94.15% <93.09%> (-0.04%)	⬇️
server	70.40% <98.59%> (+2.10%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[arvinxx]

冲突解决下？

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Conflict resolution?

[ykangw]

👍 期待这次更新

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

👍 Looking forward to this update

[arvinxx]

rebase 下

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

rebase under

[cy948]

@arvinxx rebase完了，还在 src/config/auth.ts 加了些提示方便用户迁移环境变量。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@arvinxx The rebase is finished, and some prompts have been added to src/config/auth.ts to facilitate users to migrate environment variables.

[arvinxx]

其他我没啥问题了，就是要一个配置流程的文档，我跟着走一遍看看行不行

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

I don't have any other questions. I just want a document on the configuration process. I'll go through it and see if it works.

[cy948]

其他我没啥问题了，就是要一个配置流程的文档，我跟着走一遍看看行不行

OK，可以先在PR讨论区里补一个简单的配置文档吗？

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

I don’t have any other questions. I just want a document on the configuration process. I’ll go through it and see if it works.

OK, can you fill in a simple configuration document in the PR discussion forum first?

[cy948]

@arvinxx 因为 Github 没授权用户的 email，所以没有合并账户。应该是和这个 provider 的 oauth scope 有关。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@arvinxx Because Github does not authorize the user’s email, there is no merged account

[morningtzh]

@arvinxx 因为 Github 没授权用户的 email，所以没有合并账户。应该是和这个 provider 的 oauth scope 有关。

使用 auth0 的这种方式看上去可以直接关联账户，而不仅是通过email匹配
https://auth0.com/docs/manage-users/user-accounts/user-account-linking#advantages-of-linking-accounts

[cy948]

@morningtzh 这种方式很不错，但目前 nextauth 的 account linking 是在后端处理的，没提供 ui 接入，以后可以通过 profile 页面实现。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@morningtzh This method is very good, but currently the account linking of nextauth is automatically processed and does not provide UI access. It can be implemented through the profile page in the future.

[ykangw]

感谢开发者的贡献！请问这次更新何时可以发布？NextAuth 的 Microsoft Entra ID SSO 登陆已经超过1个月不能使用了，期待尽快修复。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Thanks to the developers for their contributions! When will this update be released? NextAuth's Microsoft Entra ID SSO login has been unavailable for more than a month. We look forward to repairing it as soon as possible.

[arvinxx]

@ykangw 这两天就会合并发布

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@ykangw It will be merged and released in the next two days

[arvinxx]

LGTM now. Let's move forward.

[lobehubbot]

❤️ Great PR @cy948 ❤️

The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world.
项目的成长离不开用户反馈和贡献，感谢您的贡献! 如果您对 LobeHub 开发者社区感兴趣，请加入我们的 discord，然后私信 @arvinxx 或 @canisminor1990。他们会邀请您加入我们的私密开发者频道。我们将会讨论关于 Lobe Chat 的开发，分享和讨论全球范围内的 AI 消息。

[lobehubbot]

🎉 This PR is included in version 1.8.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[534002646]

LGTM now. Let's move forward.

报错信息："Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details."
我之前就是github登录，docker更新到最新版本1.8后，打开显示的是正常登陆状态，退出登陆后再次通过github登陆会报错，提示环境变量不正确，我确认环境变量跟之前相同

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

LGTM now. Let's move forward.

Error message: "Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details."
I used to log in to github. After updating docker to the latest version 1.8, the normal login status was displayed when I opened it. After logging out and logging in again through github, an error was reported, prompting that the environment variables were incorrect. I confirmed that the environment variables were the same as before.

[cy948]

@534002646 docker有两个镜像，有一个是server版本，遇到问题的是哪个？

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@534002646 Docker has two images, one of which is the server version. Which one is encountering the problem?

[534002646]

@534002646 docker有两个镜像，有一个是server版本，遇到问题的是哪个？

没有问题了，重新拉了数据库版本的，感谢🙏

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@534002646 Docker has two images, one of which is the server version. Which one is encountering the problem?

There is no problem anymore. I have re-pulled the database version. Thank you🙏