forked from lobehub/lobe-chat
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
📝docs: add casdoor docker compose document (lobehub#4338)
* 📝docs: Casdoor * 📝docs: Docker-compose * 📝docs: Docker-compose * 📝docs: English ver. * 📝docs: Incorporate review suggestions * 📝docs: Incorporate review suggestions
- Loading branch information
1 parent
1873cc2
commit 62cbf1c
Showing
29 changed files
with
710 additions
and
656 deletions.
There are no files selected for viewing
4 changes: 2 additions & 2 deletions
4
docker-compose/local-logto/.env.example → docker-compose/local/logto/.env.example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 3 additions & 3 deletions
6
...er-compose/local-logto/.env.zh-CN.example → ...er-compose/local/logto/.env.zh-CN.example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
--- | ||
title: Configuring Casdoor Authentication Service in LobeChat | ||
description: Learn how to configure the Casdoor authentication service in LobeChat, including deployment, creation, permission settings, and environment variables. | ||
tags: | ||
- Casdoor Authentication | ||
- Environment Variable Configuration | ||
- Single Sign-On | ||
- LobeChat | ||
--- | ||
|
||
# Configuring Casdoor Authentication Service | ||
|
||
[Casdoor](https://github.com/casdoor/casdoor) is an open-source authentication service that is rich in features and easy to use. | ||
|
||
<Callout type={'tip'}> | ||
If you want to privately deploy Casdoor, we recommend using Docker Compose to deploy it together with the LobeChat database version, allowing LobeChat to share the same Postgres instance. | ||
</Callout> | ||
|
||
## Casdoor Configuration Process | ||
|
||
If you are deploying using a local network IP, the following assumptions apply: | ||
|
||
- Your LobeChat database version IP/port is `http://LOBECHAT_IP:3210`. | ||
- You privately deploy Casdoor, and its domain is `http://CASDOOR_IP:8000`. | ||
|
||
If you are deploying using a public network, the following assumptions apply: | ||
|
||
- Your LobeChat database version domain is `https://lobe.example.com`. | ||
- You privately deploy Casdoor, and its domain is `https://lobe-auth-api.example.com`. | ||
|
||
<Steps> | ||
### Create a Casdoor Application | ||
|
||
Access your privately deployed Casdoor WebUI (default is `http://localhost:8000/`) to enter the console. The default account is `admin`, and the password is `123`. | ||
|
||
Go to `Authentication` -> `Applications`, create a `LobeChat` application or directly modify the built-in `built-in` application. You can explore other fields, but you must configure at least the following fields: | ||
|
||
- Name, Display Name: `LobeChat` | ||
- Redirect URLs: | ||
- Local Development Environment: `http://localhost:3210/api/auth/callback/casdoor` | ||
- Local Network IP Deployment: `http://LOBECHAT_IP:3210/api/auth/callback/casdoor` | ||
- Public Network Environment: `https://lobe.example.com/api/auth/callback/casdoor` | ||
|
||
There are also some optional fields that can enhance user experience: | ||
|
||
- Logo: `https://lobehub.com/icon-192x192.png` | ||
- Form CSS, Form CSS (Mobile): | ||
|
||
```html | ||
<style> | ||
.login-panel { | ||
padding: 40px 70px 0 70px; | ||
border-radius: 10px; | ||
background-color: #ffffff; | ||
box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px; | ||
} | ||
.panel-logo { | ||
width: 64px; | ||
} | ||
.login-logo-box { | ||
margin-top: 20px; | ||
} | ||
#parent-area | ||
> main | ||
> div | ||
> div.login-content | ||
> div.login-panel | ||
> div.login-form | ||
> div | ||
> div | ||
> button { | ||
box-shadow: none !important; | ||
border-radius: 10px !important; | ||
transition-property: all; | ||
transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1); | ||
transition-duration: 150ms; | ||
border: 1px solid #eee !important; | ||
} | ||
@media (max-width: 640px) { | ||
.login-panel { | ||
padding: 40px 0 0 0; | ||
box-shadow: none; | ||
} | ||
} | ||
</style> | ||
``` | ||
|
||
Then, copy the `Client ID` and `Client Secret` and save them. | ||
|
||
### Configure Environment Variables | ||
|
||
Set the obtained `Client ID` and `Client Secret` as `AUTH_CASDOOR_ID` and `AUTH_CASDOOR_SECRET` in the LobeChat environment variables. | ||
|
||
Configure `AUTH_CASDOOR_ISSUER` in the LobeChat environment variables as follows: | ||
|
||
- `http://localhost:8000/` if you are in a local development environment. | ||
- `http://CASDOOR_IP:8000/` if you are privately deploying Casdoor in a local network. | ||
- `https://lobe-auth-api.example.com/` if you are deploying Casdoor in a public network environment. | ||
|
||
When deploying LobeChat, you need to configure the following environment variables: | ||
|
||
| Environment Variable | Type | Description | | ||
| --- | --- | --- | | ||
| `NEXT_AUTH_SECRET` | Required | A key for encrypting Auth.js session tokens. You can generate a key using the command: `openssl rand -base64 32`. | | ||
| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LobeChat. Fill in `casdoor` for using Casdoor. | | ||
| `AUTH_CASDOOR_ID` | Required | The client ID from the Casdoor application details page. | | ||
| `AUTH_CASDOOR_SECRET` | Required | The client secret from the Casdoor application details page. | | ||
| `AUTH_CASDOOR_ISSUER` | Required | The OpenID Connect issuer for the Casdoor provider. | | ||
| `NEXTAUTH_URL` | Required | This URL specifies the callback address for Auth.js during OAuth verification and needs to be set only if the default generated redirect address is incorrect. `https://lobe.example.com/api/auth` | | ||
|
||
<Callout type={'tip'}> | ||
Visit [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#casdoor) for details on related variables. | ||
|
||
</Callout> | ||
</Steps> | ||
|
||
<Callout type={'info'}>Once deployed successfully, users will be able to authenticate via Casdoor and use LobeChat.</Callout> |
121 changes: 121 additions & 0 deletions
121
docs/self-hosting/advanced/auth/next-auth/casdoor.zh-CN.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
--- | ||
title: 在 LobeChat 中配置 Casdoor 身份验证服务 | ||
description: 学习如何在 LobeChat 中配置 Casdoor 身份验证服务,包括部署、创建、设置权限和环境变量。 | ||
tags: | ||
- Casdoor 身份验证 | ||
- 环境变量配置 | ||
- 单点登录 | ||
- LobeChat | ||
--- | ||
|
||
# 配置 Casdoor 身份验证服务 | ||
|
||
[Casdoor](https://github.com/casdoor/casdoor) 是一个开源的身份验证服务,功能配置丰富且易于上手。 | ||
|
||
<Callout type={'tip'}> | ||
若你想要私有部署 Casdoor,我们建议你将之与 LobeChat 数据库版本一同使用 Docker Compose 部署,此时 | ||
LobeChat 可以与之共用同一个 Postgres 实例。 | ||
</Callout> | ||
|
||
## Casdoor 配置流程 | ||
|
||
若你使用局域网 IP 部署,下文假设: | ||
|
||
- 你的 LobeChat 数据库版本 IP / 端口为 `http://LOBECHAT_IP:3210`。 | ||
- 你私有部署 Casdoor,其域名为 `http://CASDOOR_IP:8000`。 | ||
|
||
若你使用公网部署,下文假设: | ||
|
||
- 你的 LobeChat 数据库版本域名为 `https://lobe.example.com`。 | ||
- 你私有部署 Casdoor,其域名为 `https://lobe-auth-api.example.com`。 | ||
|
||
<Steps> | ||
### 创建 Casdoor 应用 | ||
|
||
访问你私有部署的 Casdoor WebUI(默认为 `http://localhost:8000/`) 进入控制台,默认账号为 `admin`,密码为 `123`。 | ||
|
||
前往 `身份认证` -> `应用`,创建一个 `LobeChat` 应用或直接修改内置的 `built-in` 应用,其他字段可以自行探索,但你至少需要配置以下字段: | ||
|
||
- 名称、显示名称:`LobeChat` | ||
- 重定向 URLs: | ||
- 本地开发环境:`http://localhost:3210/api/auth/callback/casdoor` | ||
- 局域网 IP 部署:`http://LOBECHAT_IP:3210/api/auth/callback/casdoor` | ||
- 公网环境:`https://lobe.example.com/api/auth/callback/casdoor` | ||
|
||
还有一些不必需但是可以提高用户体验的字段: | ||
|
||
- Logo:`https://lobehub.com/icon-192x192.png` | ||
- 表单 CSS、表单 CSS(移动端): | ||
|
||
```html | ||
<style> | ||
.login-panel { | ||
padding: 40px 70px 0 70px; | ||
border-radius: 10px; | ||
background-color: #ffffff; | ||
box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px; | ||
} | ||
.panel-logo { | ||
width: 64px; | ||
} | ||
.login-logo-box { | ||
margin-top: 20px; | ||
} | ||
#parent-area | ||
> main | ||
> div | ||
> div.login-content | ||
> div.login-panel | ||
> div.login-form | ||
> div | ||
> div | ||
> button { | ||
box-shadow: none !important; | ||
border-radius: 10px !important; | ||
transition-property: all; | ||
transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1); | ||
transition-duration: 150ms; | ||
border: 1px solid #eee !important; | ||
} | ||
@media (max-width: 640px) { | ||
.login-panel { | ||
padding: 40px 0 0 0; | ||
box-shadow: none; | ||
} | ||
} | ||
</style> | ||
``` | ||
|
||
随后,复制 `客户端 ID` 和 `客户端密钥`,并保存。 | ||
|
||
### 配置环境变量 | ||
|
||
将获取到的 `客户端 ID` 和 `客户端`,设为 LobeChat 环境变量中的 `AUTH_CASDOOR_ID` 和 `AUTH_CASDOOR_SECRET`。 | ||
|
||
配置 LobeChat 环境变量中 `AUTH_CASDOOR_ISSUER` 为: | ||
|
||
- `http://localhost:8000/`,若你是本地开发环境 | ||
- `http://CASDOOR_IP:8000/`,若你是局域网私有部署的 Casdoor | ||
- `https://lobe-auth-api.example.com/`,若你是公网环境部署的 Casdoor | ||
|
||
在部署 LobeChat 时,你需要配置以下环境变量: | ||
|
||
| 环境变量 | 类型 | 描述 | | ||
| --- | --- | --- | | ||
| `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32` | | ||
| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Casdoor 请填写 `casdoor`。 | | ||
| `AUTH_CASDOOR_ID` | 必选 | Casdoor 应用详情页的客户端 ID | | ||
| `AUTH_CASDOOR_SECRET` | 必选 | Casdoor 应用详情页的客户端密钥 | | ||
| `AUTH_CASDOOR_ISSUER` | 必选 | Casdoor 提供程序的 OpenID Connect 颁发者。 | | ||
| `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址,当默认生成的重定向地址发生不正确时才需要设置。`https://lobe.example.com/api/auth` | | ||
|
||
<Callout type={'tip'}> | ||
前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#casdoor) 可查阅相关变量详情。 | ||
|
||
</Callout> | ||
</Steps> | ||
|
||
<Callout type={'info'}>部署成功后,用户将可以通过 Casdoor 身份认证并使用 LobeChat。</Callout> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.