lobehub
diff --git a/‎package.json
Lines changed: 1 addition & 1 deletion b/‎package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/app/(backend)/middleware/auth/index.test.ts
Lines changed: 5 additions & 5 deletions b/‎src/app/(backend)/middleware/auth/index.test.ts
Lines changed: 5 additions & 5 deletions
diff --git a/‎src/app/(backend)/middleware/auth/index.ts
Lines changed: 6 additions & 6 deletions b/‎src/app/(backend)/middleware/auth/index.ts
Lines changed: 6 additions & 6 deletions
diff --git a/‎src/app/(backend)/webapi/chat/[provider]/route.test.ts
Lines changed: 11 additions & 9 deletions b/‎src/app/(backend)/webapi/chat/[provider]/route.test.ts
Lines changed: 11 additions & 9 deletions
diff --git a/‎src/app/(backend)/webapi/plugin/gateway/route.ts
Lines changed: 2 additions & 2 deletions b/‎src/app/(backend)/webapi/plugin/gateway/route.ts
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/const/auth.ts
Lines changed: 2 additions & 3 deletions b/‎src/const/auth.ts
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/libs/model-runtime/ModelRuntime.test.ts
Lines changed: 3 additions & 3 deletions b/‎src/libs/model-runtime/ModelRuntime.test.ts
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/libs/trpc/async/context.ts
Lines changed: 3 additions & 3 deletions b/‎src/libs/trpc/async/context.ts
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/libs/trpc/edge/context.ts
Lines changed: 7 additions & 2 deletions b/‎src/libs/trpc/edge/context.ts
Lines changed: 7 additions & 2 deletions
diff --git a/‎src/libs/trpc/edge/middleware/jwtPayload.test.ts
Lines changed: 4 additions & 4 deletions b/‎src/libs/trpc/edge/middleware/jwtPayload.test.ts
Lines changed: 4 additions & 4 deletions
@@ -196,7 +196,7 @@
     "i18next-resources-to-backend": "^1.2.1",
     "idb-keyval": "^6.2.2",
     "immer": "^10.1.1",
-    "jose": "^5.10.0",
+    "jose": "^6.0.12",
     "js-sha256": "^0.11.1",
     "jsonl-parse-stringify": "^1.0.3",
     "keyv": "^4.5.4",
 
@@ -3,7 +3,7 @@ import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
 import { AgentRuntimeError } from '@/libs/model-runtime';
 import { ChatErrorType } from '@/types/fetch';
 import { createErrorResponse } from '@/utils/errorResponse';
-import { getJWTPayload } from '@/utils/server/jwt';
+import { getXorPayload } from '@/utils/server/xor';
 
 import { RequestHandler, checkAuth } from './index';
 import { checkAuthMethod } from './utils';
@@ -20,8 +20,8 @@ vi.mock('./utils', () => ({
   checkAuthMethod: vi.fn(),
 }));
 
-vi.mock('@/utils/server/jwt', () => ({
-  getJWTPayload: vi.fn(),
+vi.mock('@/utils/server/xor', () => ({
+  getXorPayload: vi.fn(),
 }));
 
 describe('checkAuth', () => {
@@ -50,7 +50,7 @@ describe('checkAuth', () => {
   it('should return error response on getJWTPayload error', async () => {
     const mockError = AgentRuntimeError.createError(ChatErrorType.Unauthorized);
     mockRequest.headers.set('Authorization', 'invalid');
-    vi.mocked(getJWTPayload).mockRejectedValueOnce(mockError);
+    vi.mocked(getXorPayload).mockRejectedValueOnce(mockError);
 
     await checkAuth(mockHandler)(mockRequest, mockOptions);
 
@@ -64,7 +64,7 @@ describe('checkAuth', () => {
   it('should return error response on checkAuthMethod error', async () => {
     const mockError = AgentRuntimeError.createError(ChatErrorType.Unauthorized);
     mockRequest.headers.set('Authorization', 'valid');
-    vi.mocked(getJWTPayload).mockResolvedValueOnce({});
+    vi.mocked(getXorPayload).mockResolvedValueOnce({});
     vi.mocked(checkAuthMethod).mockImplementationOnce(() => {
       throw mockError;
     });
 
@@ -2,7 +2,7 @@ import { AuthObject } from '@clerk/backend';
 import { NextRequest } from 'next/server';
 
 import {
-  JWTPayload,
+  ClientSecretPayload,
   LOBE_CHAT_AUTH_HEADER,
   LOBE_CHAT_OIDC_AUTH_HEADER,
   OAUTH_AUTHORIZED,
@@ -13,18 +13,18 @@ import { AgentRuntime, AgentRuntimeError, ChatCompletionErrorPayload } from '@/l
 import { validateOIDCJWT } from '@/libs/oidc-provider/jwt';
 import { ChatErrorType } from '@/types/fetch';
 import { createErrorResponse } from '@/utils/errorResponse';
-import { getJWTPayload } from '@/utils/server/jwt';
+import { getXorPayload } from '@/utils/server/xor';
 
 import { checkAuthMethod } from './utils';
 
-type CreateRuntime = (jwtPayload: JWTPayload) => AgentRuntime;
+type CreateRuntime = (jwtPayload: ClientSecretPayload) => AgentRuntime;
 type RequestOptions = { createRuntime?: CreateRuntime; params: Promise<{ provider: string }> };
 
 export type RequestHandler = (
   req: Request,
   options: RequestOptions & {
     createRuntime?: CreateRuntime;
-    jwtPayload: JWTPayload;
+    jwtPayload: ClientSecretPayload;
   },
 ) => Promise<Response>;
 
@@ -36,7 +36,7 @@ export const checkAuth =
       return handler(req, { ...options, jwtPayload: { userId: 'DEV_USER' } });
     }
 
-    let jwtPayload: JWTPayload;
+    let jwtPayload: ClientSecretPayload;
 
     try {
       // get Authorization from header
@@ -55,7 +55,7 @@ export const checkAuth =
         clerkAuth = data.clerkAuth;
       }
 
-      jwtPayload = await getJWTPayload(authorization);
+      jwtPayload = getXorPayload(authorization);
 
       const oidcAuthorization = req.headers.get(LOBE_CHAT_OIDC_AUTH_HEADER);
       let isUseOidcAuth = false;
 
@@ -6,7 +6,7 @@ import { checkAuthMethod } from '@/app/(backend)/middleware/auth/utils';
 import { LOBE_CHAT_AUTH_HEADER, OAUTH_AUTHORIZED } from '@/const/auth';
 import { AgentRuntime, LobeRuntimeAI } from '@/libs/model-runtime';
 import { ChatErrorType } from '@/types/fetch';
-import { getJWTPayload } from '@/utils/server/jwt';
+import { getXorPayload } from '@/utils/server/xor';
 
 import { POST } from './route';
 
@@ -18,8 +18,8 @@ vi.mock('@/app/(backend)/middleware/auth/utils', () => ({
   checkAuthMethod: vi.fn(),
 }));
 
-vi.mock('@/utils/server/jwt', () => ({
-  getJWTPayload: vi.fn(),
+vi.mock('@/utils/server/xor', () => ({
+  getXorPayload: vi.fn(),
 }));
 
 // 定义一个变量来存储 enableAuth 的值
@@ -61,7 +61,7 @@ describe('POST handler', () => {
       const mockParams = Promise.resolve({ provider: 'test-provider' });
 
       // 设置 getJWTPayload 和 initAgentRuntimeWithUserPayload 的模拟返回值
-      vi.mocked(getJWTPayload).mockResolvedValueOnce({
+      vi.mocked(getXorPayload).mockReturnValueOnce({
         accessCode: 'test-access-code',
         apiKey: 'test-api-key',
         azureApiVersion: 'v1',
@@ -78,7 +78,7 @@ describe('POST handler', () => {
       await POST(request as unknown as Request, { params: mockParams });
 
       // 验证是否正确调用了模拟函数
-      expect(getJWTPayload).toHaveBeenCalledWith('Bearer some-valid-token');
+      expect(getXorPayload).toHaveBeenCalledWith('Bearer some-valid-token');
       expect(spy).toHaveBeenCalledWith('test-provider', expect.anything());
     });
 
@@ -104,7 +104,7 @@ describe('POST handler', () => {
     it('should have pass clerk Auth when enable clerk', async () => {
       enableClerk = true;
 
-      vi.mocked(getJWTPayload).mockResolvedValueOnce({
+      vi.mocked(getXorPayload).mockReturnValueOnce({
         accessCode: 'test-access-code',
         apiKey: 'test-api-key',
         azureApiVersion: 'v1',
@@ -142,7 +142,9 @@ describe('POST handler', () => {
 
     it('should return InternalServerError error when throw a unknown error', async () => {
       const mockParams = Promise.resolve({ provider: 'test-provider' });
-      vi.mocked(getJWTPayload).mockRejectedValueOnce(new Error('unknown error'));
+      vi.mocked(getXorPayload).mockImplementationOnce(() => {
+        throw new Error('unknown error');
+      });
 
       const response = await POST(request, { params: mockParams });
 
@@ -159,7 +161,7 @@ describe('POST handler', () => {
 
   describe('chat', () => {
     it('should correctly handle chat completion with valid payload', async () => {
-      vi.mocked(getJWTPayload).mockResolvedValueOnce({
+      vi.mocked(getXorPayload).mockReturnValueOnce({
         accessCode: 'test-access-code',
         apiKey: 'test-api-key',
         azureApiVersion: 'v1',
@@ -189,7 +191,7 @@ describe('POST handler', () => {
 
     it('should return an error response when chat completion fails', async () => {
       // 设置 getJWTPayload 和 initAgentRuntimeWithUserPayload 的模拟返回值
-      vi.mocked(getJWTPayload).mockResolvedValueOnce({
+      vi.mocked(getXorPayload).mockReturnValueOnce({
         accessCode: 'test-access-code',
         apiKey: 'test-api-key',
         azureApiVersion: 'v1',
 
@@ -8,7 +8,7 @@ import { AgentRuntimeError } from '@/libs/model-runtime';
 import { TraceClient } from '@/libs/traces';
 import { ChatErrorType, ErrorType } from '@/types/fetch';
 import { createErrorResponse } from '@/utils/errorResponse';
-import { getJWTPayload } from '@/utils/server/jwt';
+import { getXorPayload } from '@/utils/server/xor';
 import { getTracePayload } from '@/utils/trace';
 
 import { parserPluginSettings } from './settings';
@@ -44,7 +44,7 @@ export const POST = async (req: Request) => {
   if (!authorization) throw AgentRuntimeError.createError(ChatErrorType.Unauthorized);
 
   const oauthAuthorized = !!req.headers.get(OAUTH_AUTHORIZED);
-  const payload = await getJWTPayload(authorization);
+  const payload = getXorPayload(authorization);
 
   const result = checkAuth(payload.accessCode!, oauthAuthorized);
 
 
@@ -9,11 +9,10 @@ export const LOBE_CHAT_OIDC_AUTH_HEADER = 'Oidc-Auth';
 
 export const OAUTH_AUTHORIZED = 'X-oauth-authorized';
 
-export const JWT_SECRET_KEY = 'LobeHub · LobeChat';
-export const NON_HTTP_PREFIX = 'http_nosafe';
+export const SECRET_XOR_KEY = 'LobeHub · LobeHub';
 
 /* eslint-disable typescript-sort-keys/interface */
-export interface JWTPayload {
+export interface ClientSecretPayload {
   /**
    * password
    */
 
@@ -4,7 +4,7 @@ import { LangfuseGenerationClient, LangfuseTraceClient } from 'langfuse-core';
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 
 import * as langfuseCfg from '@/config/langfuse';
-import { JWTPayload } from '@/const/auth';
+import { ClientSecretPayload } from '@/const/auth';
 import { TraceNameMap } from '@/const/trace';
 import { AgentRuntime, ChatStreamPayload, LobeOpenAI, ModelProvider } from '@/libs/model-runtime';
 import { providerRuntimeMap } from '@/libs/model-runtime/runtimeMap';
@@ -51,7 +51,7 @@ const specialProviders = [
 const testRuntime = (providerId: string, payload?: any) => {
   describe(`${providerId} provider runtime`, () => {
     it('should initialize correctly', async () => {
-      const jwtPayload: JWTPayload = { apiKey: 'user-key', ...payload };
+      const jwtPayload: ClientSecretPayload = { apiKey: 'user-key', ...payload };
       const runtime = await AgentRuntime.initializeWithProvider(providerId, jwtPayload);
 
       // @ts-ignore
@@ -66,7 +66,7 @@ const testRuntime = (providerId: string, payload?: any) => {
 
 let mockModelRuntime: AgentRuntime;
 beforeEach(async () => {
-  const jwtPayload: JWTPayload = { apiKey: 'user-openai-key', baseURL: 'user-endpoint' };
+  const jwtPayload: ClientSecretPayload = { apiKey: 'user-openai-key', baseURL: 'user-endpoint' };
   mockModelRuntime = await AgentRuntime.initializeWithProvider(ModelProvider.OpenAI, jwtPayload);
 });
 
 
@@ -1,14 +1,14 @@
 import debug from 'debug';
 import { NextRequest } from 'next/server';
 
-import { JWTPayload, LOBE_CHAT_AUTH_HEADER } from '@/const/auth';
+import { ClientSecretPayload, LOBE_CHAT_AUTH_HEADER } from '@/const/auth';
 import { LobeChatDatabase } from '@/database/type';
 import { KeyVaultsGateKeeper } from '@/server/modules/KeyVaultsEncrypt';
 
 const log = debug('lobe-async:context');
 
 export interface AsyncAuthContext {
-  jwtPayload: JWTPayload;
+  jwtPayload: ClientSecretPayload;
   secret: string;
   serverDB?: LobeChatDatabase;
   userId?: string | null;
@@ -19,7 +19,7 @@ export interface AsyncAuthContext {
  * This is useful for testing when we don't want to mock Next.js' request/response
  */
 export const createAsyncContextInner = async (params?: {
-  jwtPayload?: JWTPayload;
+  jwtPayload?: ClientSecretPayload;
   secret?: string;
   userId?: string | null;
 }): Promise<AsyncAuthContext> => ({
 
@@ -1,13 +1,18 @@
 import { User } from 'next-auth';
 import { NextRequest } from 'next/server';
 
-import { JWTPayload, LOBE_CHAT_AUTH_HEADER, enableClerk, enableNextAuth } from '@/const/auth';
+import {
+  ClientSecretPayload,
+  LOBE_CHAT_AUTH_HEADER,
+  enableClerk,
+  enableNextAuth,
+} from '@/const/auth';
 import { ClerkAuth, IClerkAuth } from '@/libs/clerk-auth';
 
 export interface AuthContext {
   authorizationHeader?: string | null;
   clerkAuth?: IClerkAuth;
-  jwtPayload?: JWTPayload | null;
+  jwtPayload?: ClientSecretPayload | null;
   nextAuth?: User;
   userId?: string | null;
 }
 
@@ -5,7 +5,7 @@ import { beforeEach, describe, expect, it, vi } from 'vitest';
 import { createCallerFactory } from '@/libs/trpc/edge';
 import { AuthContext, createContextInner } from '@/libs/trpc/edge/context';
 import { edgeTrpc as trpc } from '@/libs/trpc/edge/init';
-import * as utils from '@/utils/server/jwt';
+import * as utils from '@/utils/server/xor';
 
 import { jwtPayloadChecker } from './jwtPayload';
 
@@ -40,7 +40,7 @@ describe('passwordChecker middleware', () => {
   it('should call next with jwtPayload in context if access code is correct', async () => {
     const jwtPayload = { accessCode: '123' };
 
-    vi.spyOn(utils, 'getJWTPayload').mockResolvedValue(jwtPayload);
+    vi.spyOn(utils, 'getXorPayload').mockResolvedValue(jwtPayload);
 
     ctx = await createContextInner({ authorizationHeader: 'Bearer token' });
     router = createCaller(ctx);
@@ -52,7 +52,7 @@ describe('passwordChecker middleware', () => {
 
   it('should call next with jwtPayload in context if no access codes are set', async () => {
     const jwtPayload = {};
-    vi.spyOn(utils, 'getJWTPayload').mockResolvedValue(jwtPayload);
+    vi.spyOn(utils, 'getXorPayload').mockResolvedValue(jwtPayload);
 
     ctx = await createContextInner({ authorizationHeader: 'Bearer token' });
     router = createCaller(ctx);
@@ -63,7 +63,7 @@ describe('passwordChecker middleware', () => {
   });
   it('should call next with jwtPayload in context if  access codes is undefined', async () => {
     const jwtPayload = {};
-    vi.spyOn(utils, 'getJWTPayload').mockResolvedValue(jwtPayload);
+    vi.spyOn(utils, 'getXorPayload').mockResolvedValue(jwtPayload);
 
     ctx = await createContextInner({ authorizationHeader: 'Bearer token' });
     router = createCaller(ctx);