lobehub
diff --git a/‎.cursor/rules/i18n.mdc‎
Lines changed: 1 addition & 1 deletion b/‎.cursor/rules/i18n.mdc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.env.example‎
Lines changed: 0 additions & 14 deletions b/‎.env.example‎
Lines changed: 0 additions & 14 deletions
diff --git a/‎.eslintrc.js‎
Lines changed: 8 additions & 1 deletion b/‎.eslintrc.js‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎.npmrc‎
Lines changed: 0 additions & 2 deletions b/‎.npmrc‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎Dockerfile‎
Lines changed: 3 additions & 13 deletions b/‎Dockerfile‎
Lines changed: 3 additions & 13 deletions
diff --git a/‎README.md‎
Lines changed: 3 additions & 5 deletions b/‎README.md‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎README.zh-CN.md‎
Lines changed: 3 additions & 5 deletions b/‎README.zh-CN.md‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎apps/desktop/.npmrc‎
Lines changed: 0 additions & 2 deletions b/‎apps/desktop/.npmrc‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎docs/self-hosting/advanced/auth/clerk-to-betterauth.mdx‎
Lines changed: 11 additions & 42 deletions b/‎docs/self-hosting/advanced/auth/clerk-to-betterauth.mdx‎
Lines changed: 11 additions & 42 deletions
diff --git a/‎docs/self-hosting/advanced/auth/clerk-to-betterauth.zh-CN.mdx‎
Lines changed: 10 additions & 41 deletions b/‎docs/self-hosting/advanced/auth/clerk-to-betterauth.zh-CN.mdx‎
Lines changed: 10 additions & 41 deletions
@@ -79,6 +79,6 @@ t('common:save')
 
 ## Available Namespaces
 
-auth, authError, changelog, chat, clerk, color, **common**, components, discover, editor, electron, error, file, home, hotkey, image, knowledgeBase, labs, marketAuth, memory, metadata, migration, modelProvider, models, oauth, onboarding, plugin, portal, providers, ragEval, **setting**, subscription, thread, tool, topic, welcome
+auth, authError, changelog, chat, color, **common**, components, discover, editor, electron, error, file, home, hotkey, image, knowledgeBase, labs, marketAuth, memory, metadata, migration, modelProvider, models, oauth, onboarding, plugin, portal, providers, ragEval, **setting**, subscription, thread, tool, topic, welcome
 
 **Most used:** `common` (shared UI), `chat` (chat features), `setting` (settings)
@@ -277,20 +277,6 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # ########### Auth Service ##############
 # #######################################
 
-
-# Clerk related configurations
-
-# Clerk public key and secret key
-# NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_live_xxxxxxxxxxx
-# CLERK_SECRET_KEY=sk_live_xxxxxxxxxxxxxxxxxxxxxx
-
-# you need to config the clerk webhook secret key if you want to use the clerk with database
-# CLERK_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxx
-
-# Clear allow origin https://clerk.com/docs/guides/dashboard/dns-domains/satellite-domains
-# Authentication across different domains , use,to splite different origin
-# NEXT_PUBLIC_CLERK_AUTH_ALLOW_ORIGINS='https://market.lobehub.com,https://lobehub.com'
-
 # NextAuth related configurations
 # NEXT_PUBLIC_ENABLE_NEXT_AUTH=1
 # NEXT_AUTH_SECRET=
 
@@ -38,7 +38,6 @@ config.overrides = [
       'mdx/code-blocks': false,
     },
   },
-
   {
     files: ['src/store/image/**/*', 'src/types/generation/**/*'],
     rules: {
@@ -48,6 +47,14 @@ config.overrides = [
       'typescript-sort-keys/string-enum': 0,
     },
   },
+  // CLI scripts legitimately use process.exit() and async IIFE patterns
+  {
+    files: ['scripts/**/*'],
+    rules: {
+      'unicorn/no-process-exit': 0,
+      'unicorn/prefer-top-level-await': 0,
+    },
+  },
 ];
 
 module.exports = config;
@@ -16,6 +16,4 @@ public-hoist-pattern[]=*semantic-release*
 public-hoist-pattern[]=*stylelint*
 
 public-hoist-pattern[]=@auth/core
-public-hoist-pattern[]=@clerk/backend
-public-hoist-pattern[]=@clerk/types
 public-hoist-pattern[]=pdfjs-dist
@@ -32,10 +32,7 @@ FROM base AS builder
 
 ARG USE_CN_MIRROR
 ARG NEXT_PUBLIC_BASE_PATH
-ARG NEXT_PUBLIC_ENABLE_BETTER_AUTH
 ARG NEXT_PUBLIC_ENABLE_NEXT_AUTH
-ARG NEXT_PUBLIC_ENABLE_CLERK_AUTH
-ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
 ARG NEXT_PUBLIC_SENTRY_DSN
 ARG NEXT_PUBLIC_ANALYTICS_POSTHOG
 ARG NEXT_PUBLIC_POSTHOG_HOST
@@ -48,11 +45,7 @@ ARG FEATURE_FLAGS
 ENV NEXT_PUBLIC_BASE_PATH="${NEXT_PUBLIC_BASE_PATH}" \
     FEATURE_FLAGS="${FEATURE_FLAGS}"
 
-ENV NEXT_PUBLIC_ENABLE_BETTER_AUTH="${NEXT_PUBLIC_ENABLE_BETTER_AUTH:-0}" \
-    NEXT_PUBLIC_ENABLE_NEXT_AUTH="${NEXT_PUBLIC_ENABLE_NEXT_AUTH:-1}" \
-    NEXT_PUBLIC_ENABLE_CLERK_AUTH="${NEXT_PUBLIC_ENABLE_CLERK_AUTH:-0}" \
-    NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="${NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY}" \
-    CLERK_WEBHOOK_SECRET="whsec_xxx" \
+ENV NEXT_PUBLIC_ENABLE_NEXT_AUTH="${NEXT_PUBLIC_ENABLE_NEXT_AUTH:-0}" \
     APP_URL="http://app.com" \
     DATABASE_DRIVER="node" \
     DATABASE_URL="postgres://postgres:password@localhost:5432/postgres" \
@@ -142,8 +135,9 @@ COPY --from=builder /deps/node_modules/.pnpm /app/node_modules/.pnpm
 COPY --from=builder /deps/node_modules/pg /app/node_modules/pg
 COPY --from=builder /deps/node_modules/drizzle-orm /app/node_modules/drizzle-orm
 
-# Copy server launcher
+# Copy server launcher and shared scripts
 COPY --from=builder /app/scripts/serverLauncher/startServer.js /app/startServer.js
+COPY --from=builder /app/scripts/_shared /app/scripts/_shared
 
 RUN <<'EOF'
 set -e
@@ -191,10 +185,6 @@ ENV KEY_VAULTS_SECRET="" \
 ENV AUTH_SECRET="" \
     AUTH_SSO_PROVIDERS=""
 
-# Clerk
-ENV CLERK_SECRET_KEY="" \
-    CLERK_WEBHOOK_SECRET=""
-
 # S3
 ENV NEXT_PUBLIC_S3_DOMAIN="" \
     S3_PUBLIC_DOMAIN="" \
 
@@ -422,13 +422,11 @@ Regardless of which database you choose, LobeChat can provide you with an excell
 
 ### [Support Multi-User Management][docs-feat-auth]
 
-LobeChat supports multi-user management and provides two main user authentication and management solutions to meet different needs:
+LobeChat supports multi-user management and provides flexible user authentication solutions:
 
-- **next-auth**: LobeChat integrates `next-auth`, a flexible and powerful identity verification library that supports multiple authentication methods, including OAuth, email login, credential login, etc. With `next-auth`, you can easily implement user registration, login, session management, social login, and other functions to ensure the security and privacy of user data.
+- **Better Auth**: LobeChat integrates `Better Auth`, a modern and flexible authentication library that supports multiple authentication methods, including OAuth, email login, credential login, magic link, and more. With `Better Auth`, you can easily implement user registration, login, session management, social login, multi-factor authentication (MFA), and other functions to ensure the security and privacy of user data.
 
-- [**Clerk**](https://go.clerk.com/exgqLG0): For users who need more advanced user management features, LobeChat also supports `Clerk`, a modern user management platform. `Clerk` provides richer functions, such as multi-factor authentication (MFA), user profile management, login activity monitoring, etc. With `Clerk`, you can get higher security and flexibility, and easily cope with complex user management needs.
-
-Regardless of which user management solution you choose, LobeChat can provide you with an excellent user experience and powerful functional support.
+- **next-auth**: LobeChat also supports `next-auth`, a widely-used identity verification library with extensive OAuth provider support and flexible session management options.
 
 <div align="right">
 
 
@@ -411,13 +411,11 @@ LobeChat 支持同时使用服务端数据库和本地数据库。根据您的
 
 ### [支持多用户管理][docs-feat-auth]
 
-LobeChat 支持多用户管理，提供了两种主要的用户认证和管理方案，以满足不同需求：
+LobeChat 支持多用户管理，提供了灵活的用户认证方案：
 
-- **next-auth**：LobeChat 集成了 `next-auth`，一个灵活且强大的身份验证库，支持多种身份验证方式，包括 OAuth、邮件登录、凭证登录等。通过 `next-auth`，您可以轻松实现用户的注册、登录、会话管理以及社交登录等功能，确保用户数据的安全性和隐私性。
+- **Better Auth**：LobeChat 集成了 `Better Auth`，一个现代化且灵活的身份验证库，支持多种身份验证方式，包括 OAuth、邮件登录、凭证登录、魔法链接等。通过 `Better Auth`，您可以轻松实现用户的注册、登录、会话管理、社交登录、多因素认证 (MFA) 等功能，确保用户数据的安全性和隐私性。
 
-- [**Clerk**](https://go.clerk.com/exgqLG0)：对于需要更高级用户管理功能的用户，LobeChat 还支持 `Clerk`，一个现代化的用户管理平台。`Clerk` 提供了更丰富的功能，如多因素认证 (MFA)、白名单、用户管理、登录活动监控等。通过 `Clerk`，您可以获得更高的安全性和灵活性，轻松应对生产级的用户管理需求。
-
-您可以根据自己的需求，选择合适的用户管理方案。
+- **next-auth**：LobeChat 还支持 `next-auth`，一个广泛使用的身份验证库，具有丰富的 OAuth 提供商支持和灵活的会话管理选项。
 
 <div align="right">
 
 
@@ -17,6 +17,4 @@ public-hoist-pattern[]=*semantic-release*
 public-hoist-pattern[]=*stylelint*
 
 public-hoist-pattern[]=@auth/core
-public-hoist-pattern[]=@clerk/backend
-public-hoist-pattern[]=@clerk/types
 public-hoist-pattern[]=pdfjs-dist
@@ -24,15 +24,15 @@ This guide helps you migrate your existing Clerk-based LobeChat deployment to Be
   - **Always backup your database first!** For Neon users, create a backup via [Fork Branch](https://neon.tech/docs/manage/branches#create-a-branch)
   - LobeChat is not responsible for any data loss or issues that may occur during the migration process
   - This guide is intended for users with development experience; not recommended for users without technical background
-  - If you have any questions, feel free to ask in our [Discord](https://discord.com/invite/AYFPHvv2jT) community
+  - If you have any questions, feel free to ask in our [Discord](https://discord.com/invite/AYFPHvv2jT) community or [GitHub Issue](https://github.com/lobehub/lobe-chat/issues/11707)
 </Callout>
 
 ## Choose Your Migration Path
 
-| Method                                | Best For                         | User Impact           | Data Preserved                 |
-| ------------------------------------- | -------------------------------- | --------------------- | ------------------------------ |
-| [Simple Migration](#simple-migration) | Small deployments (\< 100 users) | Users reset passwords | Chat history, settings         |
-| [Full Migration](#full-migration)     | Large deployments                | Seamless for users    | Everything including passwords |
+| Method                                | Best For                       | User Impact           | Data Preserved                 |
+| ------------------------------------- | ------------------------------ | --------------------- | ------------------------------ |
+| [Simple Migration](#simple-migration) | Small deployments (≤ 10 users) | Users reset passwords | Chat history, settings         |
+| [Full Migration](#full-migration)     | Large deployments              | Seamless for users    | Everything including passwords |
 
 ## Simple Migration
 
@@ -41,6 +41,8 @@ For small self-hosted deployments, the simplest approach is to let users reset t
 <Callout type={'warning'}>
   **Limitation**: This method loses SSO connection data. Use [Full Migration](#full-migration) to preserve SSO connections.
 
+  Although SSO connections are lost, users can manually re-link their social accounts from the Profile page after logging in with email and password.
+
   **Example scenario**: If your previous account had two SSO accounts linked:
 
   - Primary email (Google): `mail1@google.com`
@@ -118,19 +120,13 @@ For larger deployments or when you need to preserve user passwords and SSO conne
 <Callout type={'error'}>
   **Important Notice**:
 
+  - **Always backup your database first!** For Neon users, create a backup via [Fork Branch](https://neon.tech/docs/manage/branches#create-a-branch)
   - Migration scripts must be **run locally after cloning the repository**, not in the deployment environment
   - Due to the high-risk nature of user data migration, **we do not provide automatic migration during deployment**
+  - Always use dry-run mode first to verify the script runs successfully before executing
   - Always verify in a test environment before operating on production database
 </Callout>
 
-<Callout type={'warning'}>
-  **Before Migration**:
-
-  - Use a [Neon Fork Branch](https://neon.tech/docs/manage/branches#create-a-branch) to create a test database
-  - Use Clerk Development environment API keys
-  - Verify in test mode first, then switch to prod mode after confirming success
-</Callout>
-
 ### Prerequisites
 
 **Environment Requirements:**
@@ -288,37 +284,10 @@ npx tsx scripts/clerk-to-betterauth/verify.ts
 
 ### Step 7: Configure Better Auth and Redeploy
 
-After migration is complete, configure Better Auth environment variables and redeploy:
-
-1. **Remove Clerk environment variables**:
-
-   ```bash
-   # Remove these
-   # NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=xxx
-   # CLERK_SECRET_KEY=xxx
-   ```
-
-2. **Add Better Auth environment variables**:
-
-   ```bash
-   # Required
-   AUTH_SECRET=your-secret-key  # openssl rand -base64 32
-
-   # Optional: Configure SSO providers (example)
-   AUTH_SSO_PROVIDERS=google,github
-   AUTH_GOOGLE_ID=your-google-client-id
-   AUTH_GOOGLE_SECRET=your-google-client-secret
-   AUTH_GITHUB_ID=your-github-client-id
-   AUTH_GITHUB_SECRET=your-github-client-secret
-
-   # Optional: Configure email service (for password reset, email verification, etc.)
-   # See Authentication Service Configuration documentation for details
-   ```
-
-3. **Redeploy LobeChat**
+After migration is complete, follow [Simple Migration - Step 2](#steps) to configure Better Auth environment variables and redeploy.
 
 <Callout type={'tip'}>
-  For complete Better Auth configuration, see [Authentication Service Configuration](/docs/self-hosting/advanced/auth), including all supported SSO providers and email service configuration.
+  For complete Better Auth configuration, see [Authentication Service Configuration](/docs/self-hosting/advanced/auth).
 </Callout>
 
 ## What Gets Migrated
 
@@ -22,15 +22,15 @@ tags:
   - **务必先备份数据库**！如使用 Neon，可通过 [Fork 分支](https://neon.tech/docs/manage/branches#create-a-branch) 创建备份
   - 迁移过程中可能出现的任何数据丢失或问题，LobeChat 概不负责
   - 本指南适合有一定开发背景的用户，不建议无技术经验的用户自行操作
-  - 如有任何疑问，欢迎到 [Discord](https://discord.com/invite/AYFPHvv2jT) 社区提问
+  - 如有任何疑问，欢迎到 [Discord](https://discord.com/invite/AYFPHvv2jT) 社区或 [GitHub Issue](https://github.com/lobehub/lobe-chat/issues/11707) 提问
 </Callout>
 
 ## 选择迁移方式
 
-| 方式            | 适用场景            | 用户影响    | 数据保留     |
-| ------------- | --------------- | ------- | -------- |
-| [简单迁移](#简单迁移) | 小型部署（\< 100 用户） | 用户需重置密码 | 聊天记录、设置  |
-| [完整迁移](#完整迁移) | 大型部署            | 对用户无感知  | 全部数据包括密码 |
+| 方式            | 适用场景          | 用户影响    | 数据保留     |
+| ------------- | ------------- | ------- | -------- |
+| [简单迁移](#简单迁移) | 小型部署（≤ 10 用户） | 用户需重置密码 | 聊天记录、设置  |
+| [完整迁移](#完整迁移) | 大型部署          | 对用户无感知  | 全部数据包括密码 |
 
 ## 简单迁移
 
@@ -39,6 +39,8 @@ tags:
 <Callout type={'warning'}>
   **限制**：此方法会丢失 SSO 连接数据。如需保留 SSO 连接，请使用 [完整迁移](#完整迁移)。
 
+  虽然 SSO 连接会丢失，但用户可以在使用邮箱密码登录后，通过个人资料页手动重新绑定社交账号。
+
   **示例场景**：假设你之前的账户绑定了两个 SSO 账户：
 
   - 主邮箱（Google）：`mail1@google.com`
@@ -113,19 +115,13 @@ tags:
 <Callout type={'error'}>
   **重要说明**：
 
+  - **务必先备份数据库**！如使用 Neon，可通过 [Fork 分支](https://neon.tech/docs/manage/branches#create-a-branch) 创建备份
   - 迁移脚本需要 **clone 仓库后在本地运行**，不是在部署环境中执行
   - 由于迁移涉及用户数据，风险较高，**官方不提供部署时自动迁移功能**
+  - 请务必先使用 dry-run 模式测试脚本能够顺利运行再正式执行
   - 请务必在测试环境验证后再操作生产数据库
 </Callout>
 
-<Callout type={'warning'}>
-  **迁移前准备**：
-
-  - 使用 [Neon Fork 分支](https://neon.tech/docs/manage/branches#create-a-branch) 创建测试数据库
-  - 使用 Clerk Development 环境的 API 密钥
-  - 先在 test 模式下验证，确认成功后再切换到 prod 模式
-</Callout>
-
 ### 前置条件
 
 **环境要求：**
@@ -282,34 +278,7 @@ npx tsx scripts/clerk-to-betterauth/verify.ts
 
 ### 步骤 7：配置 Better Auth 并重新部署
 
-迁移完成后，需要配置 Better Auth 环境变量并重新部署：
-
-1. **移除 Clerk 环境变量**：
-
-   ```bash
-   # 移除这些
-   # NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=xxx
-   # CLERK_SECRET_KEY=xxx
-   ```
-
-2. **添加 Better Auth 环境变量**：
-
-   ```bash
-   # 必需
-   AUTH_SECRET=your-secret-key  # openssl rand -base64 32
-
-   # 可选：配置 SSO 提供商（示例）
-   AUTH_SSO_PROVIDERS=google,github
-   AUTH_GOOGLE_ID=your-google-client-id
-   AUTH_GOOGLE_SECRET=your-google-client-secret
-   AUTH_GITHUB_ID=your-github-client-id
-   AUTH_GITHUB_SECRET=your-github-client-secret
-
-   # 可选：配置邮件服务（用于密码重置、邮箱验证等）
-   # 参阅身份验证服务配置文档了解详情
-   ```
-
-3. **重新部署 LobeChat**
+迁移完成后，参照 [简单迁移 - 步骤 2](#步骤) 配置 Better Auth 环境变量并重新部署。
 
 <Callout type={'tip'}>
   完整的 Better Auth 配置请参阅 [身份验证服务配置](/zh/docs/self-hosting/advanced/auth)，包括所有支持的 SSO 提供商和邮件服务配置。