jaworldwideorg
diff --git a/‎.env.desktop‎
Lines changed: 0 additions & 1 deletion b/‎.env.desktop‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.env.example‎
Lines changed: 16 additions & 20 deletions b/‎.env.example‎
Lines changed: 16 additions & 20 deletions
diff --git a/‎.env.example.development‎
Lines changed: 1 addition & 4 deletions b/‎.env.example.development‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎.github/workflows/e2e.yml‎
Lines changed: 10 additions & 11 deletions b/‎.github/workflows/e2e.yml‎
Lines changed: 10 additions & 11 deletions
diff --git a/‎Dockerfile‎
Lines changed: 28 additions & 4 deletions b/‎Dockerfile‎
Lines changed: 28 additions & 4 deletions
diff --git a/‎docker-compose/local/docker-compose.yml‎
Lines changed: 2 additions & 2 deletions b/‎docker-compose/local/docker-compose.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docker-compose/local/grafana/docker-compose.yml‎
Lines changed: 2 additions & 2 deletions b/‎docker-compose/local/grafana/docker-compose.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docker-compose/local/logto/docker-compose.yml‎
Lines changed: 2 additions & 2 deletions b/‎docker-compose/local/logto/docker-compose.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docker-compose/local/zitadel/.env.example‎
Lines changed: 2 additions & 2 deletions b/‎docker-compose/local/zitadel/.env.example‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docker-compose/local/zitadel/.env.zh-CN.example‎
Lines changed: 2 additions & 2 deletions b/‎docker-compose/local/zitadel/.env.zh-CN.example‎
Lines changed: 2 additions & 2 deletions
@@ -5,4 +5,3 @@ KEY_VAULTS_SECRET=oLXWIiR/AKF+rWaqy9lHkrYgzpATbW3CtJp3UfkVgpE=
 DATABASE_URL=postgresql://postgres@localhost:5432/postgres
 SEARCH_PROVIDERS=search1api
 NEXT_PUBLIC_IS_DESKTOP_APP=1
-NEXT_PUBLIC_ENABLE_NEXT_AUTH=0
@@ -24,9 +24,9 @@
 # Example: Allow specific internal servers while keeping SSRF protection
 # SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50
 
-########################################
-############ Redis Settings ############
-########################################
+# #######################################
+# ########### Redis Settings ############
+# #######################################
 
 # Connection string for self-hosted Redis (Docker/K8s/managed). Use container hostname when running via docker-compose.
 # REDIS_URL=redis://localhost:6379
@@ -44,9 +44,9 @@
 # Namespace prefix for cache/queue keys.
 # REDIS_PREFIX=lobechat
 
-########################################
-########## AI Provider Service #########
-########################################
+# #######################################
+# ######### AI Provider Service #########
+# #######################################
 
 # ## OpenAI ###
 
@@ -277,32 +277,24 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # ########### Auth Service ##############
 # #######################################
 
-# NextAuth related configurations
-# NEXT_PUBLIC_ENABLE_NEXT_AUTH=1
-# NEXT_AUTH_SECRET=
-
-# Auth0 configurations
-# AUTH_AUTH0_ID=
-# AUTH_AUTH0_SECRET=
-# AUTH_AUTH0_ISSUER=https://your-domain.auth0.com
-
-# Better-Auth related configurations
-# NEXT_PUBLIC_ENABLE_BETTER_AUTH=1
-
 # Auth Secret (use `openssl rand -base64 32` to generate)
-# Shared between Better-Auth and Next-Auth
 # AUTH_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 # Require email verification before allowing users to sign in (default: false)
 # Set to '1' to force users to verify their email before signing in
-# NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION=0
+# AUTH_EMAIL_VERIFICATION=0
 
 # SSO Providers Configuration (for Better-Auth)
 # Comma-separated list of enabled OAuth providers
 # Supported providers: auth0, authelia, authentik, casdoor, cloudflare-zero-trust, cognito, generic-oidc, github, google, keycloak, logto, microsoft, microsoft-entra-id, okta, zitadel
 # Example: AUTH_SSO_PROVIDERS=google,github,auth0,microsoft-entra-id
 # AUTH_SSO_PROVIDERS=
 
+# Email whitelist for registration (comma-separated)
+# Supports full email (user@example.com) or domain (example.com)
+# Leave empty to allow all emails
+# AUTH_ALLOWED_EMAILS=example.com,admin@other.com
+
 # Google OAuth Configuration (for Better-Auth)
 # Get credentials from: https://console.cloud.google.com/apis/credentials
 # Authorized redirect URIs:
@@ -366,6 +358,10 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # SMTP authentication password (use app-specific password for Gmail)
 # SMTP_PASS=your-password-or-app-specific-password
 
+# Sender email address (optional, defaults to SMTP_USER)
+# Required for AWS SES where SMTP_USER is not a valid email address
+# SMTP_FROM=noreply@example.com
+
 # #######################################
 # ######### Server Database #############
 # #######################################
 
@@ -37,10 +37,7 @@ REDIS_PREFIX=lobechat
 REDIS_TLS=0
 
 # Authentication Configuration
-# Enable Better Auth authentication
-NEXT_PUBLIC_ENABLE_BETTER_AUTH=1
-
-# Better Auth secret for JWT signing (generate with: openssl rand -base64 32)
+# Auth secret for JWT signing (generate with: openssl rand -base64 32)
 AUTH_SECRET=${UNSAFE_SECRET}
 
 # SSO providers configuration - using Casdoor for development
 
@@ -14,9 +14,8 @@ env:
   DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres
   DATABASE_DRIVER: node
   KEY_VAULTS_SECRET: LA7n9k3JdEcbSgml2sxfw+4TV1AzaaFU5+R176aQz4s=
-  BETTER_AUTH_SECRET: e2e-test-secret-key-for-better-auth-32chars!
-  NEXT_PUBLIC_ENABLE_BETTER_AUTH: '1'
-  NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION: '0'
+  AUTH_SECRET: e2e-test-secret-key-for-better-auth-32chars!
+  AUTH_EMAIL_VERIFICATION: "0"
   # Mock S3 env vars to prevent initialization errors
   S3_ACCESS_KEY_ID: e2e-mock-access-key
   S3_SECRET_ACCESS_KEY: e2e-mock-secret-key
@@ -34,8 +33,8 @@ jobs:
       - id: skip_check
         uses: fkirc/skip-duplicate-actions@v5
         with:
-          concurrent_skipping: 'same_content_newer'
-          skip_after_successful_duplicate: 'true'
+          concurrent_skipping: "same_content_newer"
+          skip_after_successful_duplicate: "true"
           do_not_skip: '["workflow_dispatch", "schedule"]'
 
   e2e:
@@ -75,7 +74,7 @@ jobs:
       - name: Build application
         run: bun run build
         env:
-          SKIP_LINT: '1'
+          SKIP_LINT: "1"
 
       - name: Run E2E tests
         run: bun run e2e
@@ -84,8 +83,8 @@ jobs:
         if: failure()
         uses: actions/upload-artifact@v6
         with:
-            name: e2e-artifacts
-            path: |
-              e2e/reports
-              e2e/screenshots
-            if-no-files-found: ignore
+          name: e2e-artifacts
+          path: |
+            e2e/reports
+            e2e/screenshots
+          if-no-files-found: ignore
@@ -32,7 +32,6 @@ FROM base AS builder
 
 ARG USE_CN_MIRROR
 ARG NEXT_PUBLIC_BASE_PATH
-ARG NEXT_PUBLIC_ENABLE_NEXT_AUTH
 ARG NEXT_PUBLIC_SENTRY_DSN
 ARG NEXT_PUBLIC_ANALYTICS_POSTHOG
 ARG NEXT_PUBLIC_POSTHOG_HOST
@@ -45,8 +44,7 @@ ARG FEATURE_FLAGS
 ENV NEXT_PUBLIC_BASE_PATH="${NEXT_PUBLIC_BASE_PATH}" \
     FEATURE_FLAGS="${FEATURE_FLAGS}"
 
-ENV NEXT_PUBLIC_ENABLE_NEXT_AUTH="${NEXT_PUBLIC_ENABLE_NEXT_AUTH:-0}" \
-    APP_URL="http://app.com" \
+ENV APP_URL="http://app.com" \
     DATABASE_DRIVER="node" \
     DATABASE_URL="postgres://postgres:password@localhost:5432/postgres" \
     KEY_VAULTS_SECRET="use-for-build"
@@ -183,7 +181,33 @@ ENV KEY_VAULTS_SECRET="" \
 
 # Better Auth
 ENV AUTH_SECRET="" \
-    AUTH_SSO_PROVIDERS=""
+    AUTH_SSO_PROVIDERS="" \
+    AUTH_ALLOWED_EMAILS="" \
+    # Google
+    AUTH_GOOGLE_ID="" \
+    AUTH_GOOGLE_SECRET="" \
+    # GitHub
+    AUTH_GITHUB_ID="" \
+    AUTH_GITHUB_SECRET="" \
+    # Microsoft
+    AUTH_MICROSOFT_ID="" \
+    AUTH_MICROSOFT_SECRET=""
+
+# Redis
+ENV REDIS_URL="" \
+    REDIS_PREFIX="" \
+    REDIS_TLS=""
+
+# Email
+ENV EMAIL_SERVICE_PROVIDER="" \
+    SMTP_HOST="" \
+    SMTP_PORT="" \
+    SMTP_SECURE="" \
+    SMTP_USER="" \
+    SMTP_PASS="" \
+    SMTP_FROM="" \
+    RESEND_API_KEY="" \
+    RESEND_FROM=""
 
 # S3
 ENV NEXT_PUBLIC_S3_DOMAIN="" \
 
@@ -128,9 +128,9 @@ services:
         condition: service_healthy
 
     environment:
-      - 'NEXT_AUTH_SSO_PROVIDERS=casdoor'
+      - 'AUTH_SSO_PROVIDERS=casdoor'
       - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
-      - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
+      - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
       - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
       - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'
       - 'S3_ENABLE_PATH_STYLE=1'
 
@@ -173,9 +173,9 @@ services:
         condition: service_started
 
     environment:
-      - 'NEXT_AUTH_SSO_PROVIDERS=casdoor'
+      - 'AUTH_SSO_PROVIDERS=casdoor'
       - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
-      - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
+      - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
       - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
       - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'
       - 'S3_ENABLE_PATH_STYLE=1'
 
@@ -96,9 +96,9 @@ services:
 
     environment:
       - 'APP_URL=http://localhost:3210'
-      - 'NEXT_AUTH_SSO_PROVIDERS=logto'
+      - 'AUTH_SSO_PROVIDERS=logto'
       - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
-      - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
+      - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
       - 'NEXTAUTH_URL=http://localhost:${LOBE_PORT}/api/auth'
       - 'AUTH_LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
       - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
 
@@ -10,8 +10,8 @@ DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobechat
 
 # NEXT_AUTH related environment variables
 NEXTAUTH_URL=http://localhost:3210/api/auth
-NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
-NEXT_AUTH_SSO_PROVIDERS=zitadel
+AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
+AUTH_SSO_PROVIDERS=zitadel
 # ZiTADEL provider configuration
 # Please refer to：https://lobehub.com/zh/docs/self-hosting/advanced/auth/next-auth/zitadel
 AUTH_ZITADEL_ID=285945938244075523
 
@@ -9,8 +9,8 @@ DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobechat
 
 # NEXT_AUTH 相关
 NEXTAUTH_URL=http://localhost:3210/api/auth
-NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
-NEXT_AUTH_SSO_PROVIDERS=zitadel
+AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
+AUTH_SSO_PROVIDERS=zitadel
 # ZiTADEL 鉴权服务提供商部分
 # 请参考：https://lobehub.com/zh/docs/self-hosting/advanced/auth/next-auth/zitadel
 AUTH_ZITADEL_ID=285945938244075523