✨ feat(auth): add WeChat authentication support (#5195)

* ✨ feat(auth): add WeChat authentication support * 🐛 fix(auth): remove WeChat client ID and secret warnings from auth config * 🐛 fix(auth): remove WeChat client ID and secret from auth config; add WeChat authentication documentation * 📝 docs(auth): update WeChat authentication documentation with additional environment variables and descriptions * 📝 docs(auth): update WeChat authentication documentation for clarity and consistency in terminology
lobehub · Dec 28, 2024 · 95153a4 · 95153a4
1 parent 90bb20d
commit 95153a4
Show file tree

Hide file tree

Showing 4 changed files with 115 additions and 0 deletions.
diff --git a/docs/self-hosting/advanced/auth/next-auth/wechat.mdx b/docs/self-hosting/advanced/auth/next-auth/wechat.mdx
@@ -0,0 +1,46 @@
+---
+title: Configure Wechat Authentication Service in LobeChat
+description: Learn how to configure Wechat authentication service in LobeChat, including creating a new Wechat App, setting permissions, and environment variables.
+tags:
+  - Wechat Authentication
+  - Wechat App
+  - Environment Variable Configuration
+  - Single Sign-On
+  - LobeChat
+---
+
+# Configure Wechat Authentication Service
+
+## Wechat Configuration Process
+
+<Steps>
+  ### Create a Wechat Application
+
+Click [here](https://open.weixin.qq.com/cgi-bin/index) and then click "Management Center", "Website Application", and "Create Website Application" in sequence.
+
+Fill in the information as required by the official website prompts and submit for review.
+
+After successful creation, click "Application Details" to obtain the AppID and AppSecret.
+
+### Configure Environment Variables
+
+When deploying LobeChat, you need to configure the following environment variables:
+
+| Environment Variable | Type | Description |
+| --- | --- | --- |
+| `NEXT_AUTH_SECRET` | Required | Key used to encrypt Auth.js session tokens. You can generate the key using the command: `openssl rand -base64 32` |
+| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the Single Sign-On provider for LobeChat. Use `github` for Github. |
+| `WECHAT_CLIENT_ID` | Required | Client ID from the Wechat website application details page |
+| `WECHAT_CLIENT_SECRET` | Required | Client Secret from the Wechat website application details page |
+| `NEXTAUTH_URL` | Required | This URL is used to specify the callback address for Auth.js when performing OAuth authentication. Only set it if the default generated redirect address is incorrect. `https://example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/en/docs/self-hosting/environment-variables/auth#wechat) for more details about related variables.
+
+</Callout>
+</Steps>
+
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate through the WeChat Open Platform
+  and use LobeChat.
+</Callout>
diff --git a/docs/self-hosting/advanced/auth/next-auth/wechat.zh-CN.mdx b/docs/self-hosting/advanced/auth/next-auth/wechat.zh-CN.mdx
@@ -0,0 +1,43 @@
+---
+title: 在 LobeChat 中配置微信身份验证服务
+description: 学习如何在 LobeChat 中配置微信身份验证服务，包括创建新的微信网站应用、设置权限和环境变量。
+tags:
+  -微信身份验证
+  -微信网站应用
+  - 环境变量配置
+  - 单点登录
+  - LobeChat
+---
+
+# 配置微信身份验证服务
+
+##微信配置流程
+
+<Steps>
+  ### 创建微信网站应用
+
+点击 [这里](https://open.weixin.qq.com/cgi-bin/index) 依次点击“管理中心”、“网站应用”、“创建网站应用”
+
+按照管网提示要求填写信息并提交审核。
+
+创建成功后，点击“应用详情”，可获知AppID和AppSecret。
+
+### 配置环境变量
+
+在部署 LobeChat 时，你需要配置以下环境变量：
+
+| 环境变量 | 类型 | 描述 |
+| --- | --- | --- |
+| `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
+| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Github 请填写 `github`。 |
+| `WECHAT_CLIENT_ID` | 必选 |微信网站应用详情页的 客户端 ID |
+| `WECHAT_CLIENT_SECRET` | 必选 |微信网站应用详情页的 客户端 Secret |
+| `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#wechat) 可查阅相关变量详情。
+
+</Callout>
+</Steps>
+
+<Callout type={'info'}>部署成功后，用户将可以通过微信开放平台身份认证并使用 LobeChat。</Callout>
diff --git a/src/libs/next-auth/sso-providers/index.ts b/src/libs/next-auth/sso-providers/index.ts
@@ -8,6 +8,7 @@ import GenericOIDC from './generic-oidc';
 import Github from './github';
 import Logto from './logto';
 import MicrosoftEntraID from './microsoft-entra-id';
+import WeChat from './wechat';
 import Zitadel from './zitadel';
 
 export const ssoProviders = [
@@ -22,4 +23,5 @@ export const ssoProviders = [
   CloudflareZeroTrust,
   Casdoor,
   MicrosoftEntraID,
+  WeChat,
 ];
diff --git a/src/libs/next-auth/sso-providers/wechat.ts b/src/libs/next-auth/sso-providers/wechat.ts
@@ -0,0 +1,24 @@
+import WeChat from '@auth/core/providers/wechat';
+
+import { CommonProviderConfig } from './sso.config';
+
+const provider = {
+  id: 'wechat',
+  provider: WeChat({
+    ...CommonProviderConfig,
+    clientId: process.env.AUTH_WECHAT_ID,
+    clientSecret: process.env.AUTH_WECHAT_SECRET,
+    platformType: 'WebsiteApp',
+    profile: (profile) => {
+      return {
+        email: null,
+        id: profile.unionid,
+        image: profile.headimgurl,
+        name: profile.nickname,
+        providerAccountId: profile.unionid,
+      };
+    },
+  }),
+};
+
+export default provider;