📝docs: add casdoor docker compose document

docker-compose/local-logto/.env.example → docker-compose/local/logto/.env.example

@@ -1,6 +1,6 @@
 # Logto secret
-LOGTO_CLIENT_ID=
-LOGTO_CLIENT_SECRET=
+AUTH_LOGTO_CLIENT_ID=
+AUTH_LOGTO_CLIENT_SECRET=
 
 # MinIO S3 configuration
 MINIO_ROOT_USER=YOUR_MINIO_USER

docker-compose/local-logto/.env.zh-CN.example → docker-compose/local/logto/.env.zh-CN.example

@@ -1,6 +1,6 @@
-# Logto secret
-LOGTO_CLIENT_ID=
-LOGTO_CLIENT_SECRET=
+# Logto 鉴权相关
+AUTH_LOGTO_CLIENT_ID=
+AUTH_LOGTO_CLIENT_SECRET=
 
 # MinIO S3 配置
 MINIO_ROOT_USER=YOUR_MINIO_USER

docker-compose/local-logto/docker-compose.yml → docker-compose/local/logto/docker-compose.yml

@@ -81,7 +81,7 @@ services:
  - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
  - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
  - 'NEXTAUTH_URL=http://localhost:${LOBE_PORT}/api/auth'
- - 'LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
+ - 'AUTH_LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
  - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
  - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
  - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'

docker-compose/local/setup.sh

@@ -232,6 +232,7 @@ download_file "$SOURCE_URL/${FILES[3]}" "s3_data.tar.gz"
 
 # Extract .tar.gz file without output
 extract_file "s3_data.tar.gz" "."
+rm s3_data.tar.gz
 
 # Display final message
 printf "\n%s\n\n" "$(show_message "tips_run_command")"

docker-compose/production/.env.example → docker-compose/production/logto/.env.example

@@ -23,9 +23,9 @@ NEXTAUTH_URL=https://lobe.example.com/api/auth
 
 # NextAuth providers configuration (example using Logto)
 # For other providers, see: https://lobehub.com/docs/self-hosting/environment-variables/auth
-LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
-LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
-LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
+AUTH_LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
+AUTH_LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
+AUTH_LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
 
 # Proxy settings (if needed, e.g., when using GitHub as an auth provider)
 # HTTP_PROXY=http://localhost:7890

docker-compose/production/.env.zh-CN.example → docker-compose/production/logto/.env.zh-CN.example

@@ -22,9 +22,9 @@ NEXTAUTH_URL=https://lobe.example.com/api/auth
 
 # NextAuth 鉴权服务提供商部分，以 Logto 为例
 # 其他鉴权服务提供商所需的环境变量，请参考：https://lobehub.com/zh/docs/self-hosting/environment-variables/auth
-LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
-LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
-LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
+AUTH_LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
+AUTH_LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
+AUTH_LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
 
 # 代理相关，如果你需要的话（比如你使用 GitHub 作为鉴权服务提供商）
 # HTTP_PROXY=http://localhost:7890

docs/self-hosting/advanced/auth.mdx

@@ -63,9 +63,13 @@ The order corresponds to the display order of the SSO providers.
 | SSO Provider | Value |
 | ------------------ | ----------- |
 | Auth0 | `auth0` |
-| Microsoft Entra ID | `azure-ad`  |
+| Authenlia | `authenlia` |
 | Authentik | `authentik` |
+| Casdoor | `casdoor` |
+| Cloudflare Zero Trust | `cloudflare-zero-trust` |
 | Github | `github` |
+| Logto | `logto` |
+| Microsoft Entra ID | `azure-ad` |
 | ZITADEL | `zitadel` |
 
 ## Other SSO Providers

docs/self-hosting/advanced/auth.zh-CN.mdx

@@ -60,9 +60,13 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 | SSO 提供商 | 值 |
 | ------------------ | ----------- |
 | Auth0 | `auth0` |
-| Microsoft Entra ID | `azure-ad`  |
+| Authenlia | `authenlia` |
 | Authentik | `authentik` |
+| Casdoor | `casdoor` |
+| Cloudflare Zero Trust | `cloudflare-zero-trust` |
 | Github | `github` |
+| Logto | `logto` |
+| Microsoft Entra ID | `azure-ad` |
 | ZITADEL | `zitadel` |
 
 ## 其他 SSO 提供商

docs/self-hosting/advanced/auth/next-auth/authentik.zh-CN.mdx

@@ -27,8 +27,8 @@ https://your-domain/api/auth/callback/authentik
 ```
 
 <Callout type={'info'}>
- - 可以之后再填写或修改 `重定向 URL/Origin（正则）`，但是务必保证填写的 URL 与部署的 URL 一致。 -
- your-domain 请替换为自己的域名
+ - 可以之后再填写或修改 `重定向 URL/Origin（正则）`，但是务必保证填写的 URL 与部署的 URL 一致。 
+ - your-domain 请替换为自己的域名
 </Callout>
 
 <Image

docs/self-hosting/advanced/auth/next-auth/casdoor.mdx

@@ -0,0 +1,120 @@
+---
+title: Configuring Casdoor Authentication Service in LobeChat
+description: Learn how to configure the Casdoor authentication service in LobeChat, including deployment, creation, permission settings, and environment variables.
+tags:
+ - Casdoor Authentication
+ - Environment Variable Configuration
+ - Single Sign-On
+ - LobeChat
+---
+
+# Configuring Casdoor Authentication Service
+
+[Casdoor](https://github.com/casdoor/casdoor) is an open-source authentication service that is rich in features and easy to use.
+
+<Callout type={'tip'}>
+ If you want to privately deploy Casdoor, we recommend using Docker Compose to deploy it together with the LobeChat database version, allowing LobeChat to share the same Postgres instance.
+</Callout>
+
+## Casdoor Configuration Process
+
+If you are deploying using a local network IP, the following assumptions apply:
+
+- Your LobeChat database version IP/port is `http://LOBECHAT_IP:3210`.
+- You privately deploy Casdoor, and its domain is `http://CASDOOR_IP:8000`.
+
+If you are deploying using a public network, the following assumptions apply:
+
+- Your LobeChat database version domain is `https://lobe.example.com`.
+- You privately deploy Casdoor, and its domain is `https://lobe-auth-api.example.com`.
+
+<Steps>
+ ### Create a Casdoor Application
+
+Access your privately deployed Casdoor WebUI (default is `http://localhost:8000/`) to enter the console. The default account is `admin`, and the password is `123`.
+
+Go to `Authentication` -> `Applications`, create a `LobeChat` application or directly modify the built-in `built-in` application. You can explore other fields, but you must configure at least the following fields:
+
+- Name, Display Name: `LobeChat`
+- Redirect URLs:
+ - Local Development Environment: `http://localhost:3210/api/auth/callback/casdoor`
+ - Local Network IP Deployment: `http://LOBECHAT_IP:3210/api/auth/callback/casdoor`
+ - Public Network Environment: `https://lobe.example.com/api/auth/callback/casdoor`
+
+There are also some optional fields that can enhance user experience:
+
+- Logo: `https://lobehub.com/icon-192x192.png`
+- Form CSS, Form CSS (Mobile):
+
+ ```html
+ <style>
+ .login-panel {
+ padding: 40px 70px 0 70px;
+ border-radius: 10px;
+ background-color: #ffffff;
+ box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px;
+ }
+ .panel-logo {
+ width: 64px;
+ }
+ .login-logo-box {
+ margin-top: 20px;
+ }
+
+ #parent-area
+ > main
+ > div
+ > div.login-content
+ > div.login-panel
+ > div.login-form
+ > div
+ > div
+ > button {
+ box-shadow: none !important;
+ border-radius: 10px !important;
+ transition-property: all;
+ transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+ transition-duration: 150ms;
+ border: 1px solid #eee !important;
+ }
+
+ @media (max-width: 640px) {
+ .login-panel {
+ padding: 40px 0 0 0;
+ box-shadow: none;
+ }
+ }
+
+ </style>
+ ```
+
+Then, copy the `Client ID` and `Client Secret` and save them.
+
+### Configure Environment Variables
+
+Set the obtained `Client ID` and `Client Secret` as `AUTH_CASDOOR_ID` and `AUTH_CASDOOR_SECRET` in the LobeChat environment variables.
+
+Configure `AUTH_CASDOOR_ISSUER` in the LobeChat environment variables as follows:
+
+- `http://localhost:8000/` if you are in a local development environment.
+- `http://CASDOOR_IP:8000/` if you are privately deploying Casdoor in a local network.
+- `https://lobe-auth-api.example.com/` if you are deploying Casdoor in a public network environment.
+
+When deploying LobeChat, you need to configure the following environment variables:
+
+| Environment Variable | Type | Description |
+| --- | --- | --- |
+| `NEXT_AUTH_SECRET` | Required | A key for encrypting Auth.js session tokens. You can generate a key using the command: `openssl rand -base64 32`. |
+| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LobeChat. Fill in `casdoor` for using Casdoor. |
+| `AUTH_CASDOOR_ID` | Required | The client ID from the Casdoor application details page. |
+| `AUTH_CASDOOR_SECRET` | Required | The client secret from the Casdoor application details page. |
+| `AUTH_CASDOOR_ISSUER` | Required | The OpenID Connect issuer for the Casdoor provider. |
+| `NEXTAUTH_URL` | Required | This URL specifies the callback address for Auth.js during OAuth verification and needs to be set only if the default generated redirect address is incorrect. `https://lobe.example.com/api/auth` |
+
+ <Callout type={'tip'}>
+ Visit [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#casdoor) for details on related variables.
+
+</Callout>
+</Steps>
+
+<Callout type={'info'}>Once deployed successfully, users will be able to authenticate via Casdoor and use LobeChat.</Callout>

docs/self-hosting/advanced/auth/next-auth/casdoor.zh-CN.mdx

@@ -0,0 +1,121 @@
+---
+title: 在 LobeChat 中配置 Casdoor 身份验证服务
+description: 学习如何在 LobeChat 中配置 Casdoor 身份验证服务，包括部署、创建、设置权限和环境变量。
+tags:
+ - Casdoor 身份验证
+ - 环境变量配置
+ - 单点登录
+ - LobeChat
+---
+
+# 配置 Casdoor 身份验证服务
+
+[Casdoor](https://github.com/casdoor/casdoor) 是一个开源的身份验证服务，功能配置丰富且易于上手。
+
+<Callout type={'tip'}>
+ 若你想要私有部署 Casdoor，我们建议你将之与 LobeChat 数据库版本一同使用 Docker Compose 部署，此时
+ LobeChat 可以与之共用同一个 Postgres 实例。
+</Callout>
+
+## Casdoor 配置流程
+
+若你使用局域网 IP 部署，下文假设：
+
+- 你的 LobeChat 数据库版本 IP / 端口为 `http://LOBECHAT_IP:3210`。
+- 你私有部署 Casdoor，其域名为 `http://CASDOOR_IP:8000`。
+
+若你使用公网部署，下文假设：
+
+- 你的 LobeChat 数据库版本域名为 `https://lobe.example.com`。
+- 你私有部署 Casdoor，其域名为 `https://lobe-auth-api.example.com`。
+
+<Steps>
+ ### 创建 Casdoor 应用
+
+访问你私有部署的 Casdoor WebUI（默认为 `http://localhost:8000/`） 进入控制台，默认账号为 `admin`，密码为 `123`。
+
+前往 `身份认证` -> `应用`，创建一个 `LobeChat` 应用或直接修改内置的 `built-in` 应用，其他字段可以自行探索，但你至少需要配置以下字段：
+
+- 名称、显示名称：`LobeChat`
+- 重定向 URLs：
+ - 本地开发环境：`http://localhost:3210/api/auth/callback/casdoor`
+ - 局域网 IP 部署：`http://LOBECHAT_IP:3210/api/auth/callback/casdoor`
+ - 公网环境：`https://lobe.example.com/api/auth/callback/casdoor`
+
+还有一些不必需但是可以提高用户体验的字段：
+
+- Logo：`https://lobehub.com/icon-192x192.png`
+- 表单 CSS、表单 CSS（移动端）：
+
+ ```html
+ <style>
+ .login-panel {
+ padding: 40px 70px 0 70px;
+ border-radius: 10px;
+ background-color: #ffffff;
+ box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px;
+ }
+ .panel-logo {
+ width: 64px;
+ }
+ .login-logo-box {
+ margin-top: 20px;
+ }
+
+ #parent-area
+ > main
+ > div
+ > div.login-content
+ > div.login-panel
+ > div.login-form
+ > div
+ > div
+ > button {
+ box-shadow: none !important;
+ border-radius: 10px !important;
+ transition-property: all;
+ transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+ transition-duration: 150ms;
+ border: 1px solid #eee !important;
+ }
+
+ @media (max-width: 640px) {
+ .login-panel {
+ padding: 40px 0 0 0;
+ box-shadow: none;
+ }
+ }
+
+</style>
+ ```
+
+随后，复制 `客户端 ID` 和 `客户端密钥`，并保存。
+
+### 配置环境变量
+
+将获取到的 `客户端 ID` 和 `客户端`，设为 LobeChat 环境变量中的 `AUTH_CASDOOR_ID` 和 `AUTH_CASDOOR_SECRET`。
+
+配置 LobeChat 环境变量中 `AUTH_CASDOOR_ISSUER` 为：
+
+- `http://localhost:8000/`，若你是本地开发环境
+- `http://CASDOOR_IP:8000/`，若你是局域网私有部署的 Casdoor
+- `https://lobe-auth-api.example.com/`，若你是公网环境部署的 Casdoor
+
+在部署 LobeChat 时，你需要配置以下环境变量：
+
+| 环境变量 | 类型 | 描述 |
+| --- | --- | --- |
+| `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
+| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Casdoor 请填写 `casdoor`。 |
+| `AUTH_CASDOOR_ID` | 必选 | Casdoor 应用详情页的客户端 ID |
+| `AUTH_CASDOOR_SECRET` | 必选 | Casdoor 应用详情页的客户端密钥 |
+| `AUTH_CASDOOR_ISSUER` | 必选 | Casdoor 提供程序的 OpenID Connect 颁发者。 |
+| `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://lobe.example.com/api/auth` |
+
+ <Callout type={'tip'}>
+ 前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#casdoor) 可查阅相关变量详情。
+
+</Callout>
+</Steps>
+
+<Callout type={'info'}>部署成功后，用户将可以通过 Casdoor 身份认证并使用 LobeChat。</Callout>

docs/self-hosting/advanced/auth/next-auth/cloudflare-zero-trust.zh-CN.mdx

@@ -49,9 +49,9 @@ tags:
 | --- | --- | --- |
 | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
 | `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Cloudflare Zero Trust 请填写 `cloudflare-zero-trust`。 |
-| `CLOUDFLARE_ZERO_TRUST_CLIENT_ID` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client ID`，示例值是 `lobe-chat` |
-| `CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client secret`，示例值是 `insecure_secret` |
-| `CLOUDFLARE_ZERO_TRUST_ISSUER` | 必选 | 在 Cloudflare Zero Trust 生成的 `Issuer`，例如 `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/7db0f` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_ID` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client ID`，示例值是 `lobe-chat` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client secret`，示例值是 `insecure_secret` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` | 必选 | 在 Cloudflare Zero Trust 生成的 `Issuer`，例如 `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/7db0f` |
 | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://chat.example.com/api/auth` |
 
  <Callout type={'tip'}>