Skip to content

Latest commit

 

History

History
156 lines (116 loc) · 7.02 KB

casdoor.mdx

File metadata and controls

156 lines (116 loc) · 7.02 KB
title description tags
Configuring Casdoor Authentication Service in LobeChat
Learn how to configure the Casdoor authentication service in LobeChat, including deployment, creation, permission settings, and environment variables.
Casdoor Authentication
Environment Variable Configuration
Single Sign-On
LobeChat

Configuring Casdoor Authentication Service

Casdoor is an open-source authentication service that is rich in features and easy to use.

<Callout type={'tip'}> If you want to privately deploy Casdoor, we recommend using Docker Compose to deploy it together with the LobeChat database version, allowing LobeChat to share the same Postgres instance.

Casdoor Configuration Process

If you are deploying using a local network IP, the following assumptions apply:

  • Your LobeChat database version IP/port is http://LOBECHAT_IP:3210.
  • You privately deploy Casdoor, and its domain is http://CASDOOR_IP:8000.

If you are deploying using a public network, the following assumptions apply:

  • Your LobeChat database version domain is https://lobe.example.com.
  • You privately deploy Casdoor, and its domain is https://lobe-auth-api.example.com.
### Create a Casdoor Application

Access your privately deployed Casdoor WebUI (default is http://localhost:8000/) to enter the console. The default account is admin, and the password is 123.

Go to Authentication -> Applications, create a LobeChat application or directly modify the built-in built-in application. You can explore other fields, but you must configure at least the following fields:

  • Name, Display Name: LobeChat
  • Redirect URLs:
    • Local Development Environment: http://localhost:3210/api/auth/callback/casdoor
    • Local Network IP Deployment: http://LOBECHAT_IP:3210/api/auth/callback/casdoor
    • Public Network Environment: https://lobe.example.com/api/auth/callback/casdoor

There are also some optional fields that can enhance user experience:

  • Logo: https://lobehub.com/icon-192x192.png
  • Form CSS, Form CSS (Mobile):
<style>
  .login-panel {
    padding: 40px 70px 0 70px;
    border-radius: 10px;
    background-color: #ffffff;
    box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px;
  }
  .panel-logo {
    width: 64px;
  }
  .login-logo-box {
    margin-top: 20px;
  }

  #parent-area
    > main
    > div
    > div.login-content
    > div.login-panel
    > div.login-form
    > div
    > div
    > button {
    box-shadow: none !important;
    border-radius: 10px !important;
    transition-property: all;
    transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
    transition-duration: 150ms;
    border: 1px solid #eee !important;
  }

  @media (max-width: 640px) {
    .login-panel {
      padding: 40px 0 0 0;
      box-shadow: none;
    }
  }



</style>

Then, copy the Client ID and Client Secret and save them.

Disable User Registration

Go to Identity -> Applications, select the LobeChat application, and set Allow Register to false.

<Callout type={'warning'}> Disabling user registration is necessary to prevent users from registering through the Casdoor login page.

Configure Webhook (Optional)

Available on Casdoor >=1.843.0.

Configure the Casdoor webhook so that LobeChat can receive notifications when user information is updated.

Go to Admin -> Webhooks, add a webhook, and fill in the following fields:

  • URL: https://lobe.example.com/api/webhooks/casdoor
  • Method: POST
  • Content Type: application/json
  • Headers: casdoor-secret: Your Webhook Secret

The secret is generated by yourself, you can visit https://generate-secret.vercel.app/10 to generate a 10 bit secret.

  • Event: update-user

Save and Exit, then copy the Webhook secret and fill it in the environment variable `CASDOOR_WEBHOOK_SECRET.

Configure Environment Variables

Set the obtained Client ID and Client Secret as AUTH_CASDOOR_ID and AUTH_CASDOOR_SECRET in the LobeChat environment variables.

Configure AUTH_CASDOOR_ISSUER in the LobeChat environment variables as follows:

  • http://localhost:8000/ if you are in a local development environment.
  • http://CASDOOR_IP:8000/ if you are privately deploying Casdoor in a local network.
  • https://lobe-auth-api.example.com/ if you are deploying Casdoor in a public network environment.

When deploying LobeChat, you need to configure the following environment variables:

Environment Variable Type Description
NEXT_AUTH_SECRET Required A key for encrypting Auth.js session tokens. You can generate a key using the command: openssl rand -base64 32.
NEXT_AUTH_SSO_PROVIDERS Required Select the single sign-on provider for LobeChat. Fill in casdoor for using Casdoor.
AUTH_CASDOOR_ID Required The client ID from the Casdoor application details page.
AUTH_CASDOOR_SECRET Required The client secret from the Casdoor application details page.
AUTH_CASDOOR_ISSUER Required The OpenID Connect issuer for the Casdoor provider.
NEXTAUTH_URL Required This URL specifies the callback address for Auth.js during OAuth verification and needs to be set only if the default generated redirect address is incorrect. https://lobe.example.com/api/auth
CASDOOR_WEBHOOK_SECRET Optional A key used to verify whether the request sent by Casdoor is legal.

<Callout type={'tip'}> Visit 📘 Environment Variables for details on related variables.

<Callout type={'info'}> Once deployed successfully, users will be able to authenticate via Casdoor and use LobeChat.