✨ feat: support GitHub OAuth (lobehub#1850)

docs/self-hosting/advanced/authentication.mdx

@@ -7,6 +7,7 @@ Currently supported identity verification services include:
 - [Auth0](/en/self-hosting/advanced/sso-providers/auth0)
 - [Microsoft Entra ID](/en/self-hosting/advanced/sso-providers/microsoft-entra-id)
 - [Authentik](/en/self-hosting/advanced/sso-providers/authentik)
+- [Github](/en/self-hosting/advanced/sso-providers/github
 
 Click on the links to view the corresponding platform's configuration documentation.
 
@@ -21,6 +22,7 @@ The order corresponds to the display order of the SSO providers.
 | Auth0              | `auth0`    |
 | Microsoft Entra ID | `azure-ad` |
 | Authentik          | `authentik` |
+| Github             |  `github`  |
 
 ## Other SSO Providers
 

docs/self-hosting/advanced/authentication.zh-CN.mdx

@@ -7,6 +7,7 @@ LobeChat 支持配置外部身份验证服务，供企业 / 组织内部使用
 - [Auth0](/zh/self-hosting/advanced/sso-providers/auth0)
 - [Microsoft Entra ID](/zh/self-hosting/advanced/sso-providers/microsoft-entra-id)
 - [Authentik](/zh/self-hosting/advanced/sso-providers/authentik)
+- [Github](/zh/self-hosting/advanced/sso-providers/github)
 
 点击链接可以查看对应平台的配置文档。
 
@@ -21,6 +22,7 @@ LobeChat 支持配置外部身份验证服务，供企业 / 组织内部使用
 | Auth0              | `auth0`    |
 | Microsoft Entra ID | `azure-ad` |
 | Authentik          | `authentik` |
+| Github             |  `github`  |
 
 ## 其他 SSO 提供商
 

docs/self-hosting/advanced/sso-providers/github.mdx

@@ -0,0 +1,61 @@
+# Configuring Github Authentication Service
+
+## Github Configuration Process
+
+<Steps>
+  ### Create a Github Provider
+
+Click [here][github-create-app] to create a new Github App.
+
+Fill in the Github App name, Homepage URL, and Callback URL.
+
+  <Image alt="Create a Github Provider" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/2f919f99-2aaa-4fa7-9938-169d3ed09db7" />
+
+Set the webhook callback URL according to your needs.
+
+  <Image alt="Fill in other fields" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/d7ef5ad1-b1a3-435e-b1bc-4436d2b6fecd" />
+
+Set the permission to read email addresses.
+
+  <Image alt="Set required permissions" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/23131ca1-9e84-4a89-a840-ef79c4bc0251" />
+  <Image alt="Set permission to read email addresses" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/358bca8d-3d82-4e76-9a5e-90d16a39efde" />
+
+Set whether it is accessible publicly or only accessible to yourself.
+
+  <Image alt="Set whether it is accessible publicly or only accessible to yourself" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/995780cb-9096-4a36-ab17-d422703ab970" />
+
+Click "Create Github App".
+
+After successful creation, click "Generate a new client secret" to create a client secret.
+
+  <Image alt="Create a new client secret" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/6d69bdca-7d18-4cbc-b3e0-220d8815cd29" />
+
+After successful creation, save the `Client ID` and `Client Secret`.
+
+  <Image alt="Create a new client secret" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/c6108133-a918-48b0-ab1a-e3fa607572a4" />
+
+### Configure Environment Variables
+
+When deploying LobeChat, you need to configure the following environment variables:
+
+| Environment Variable   | Type | Description                                                                                |
+| ---------------------- | ---- | ------------------------------------------------------------------------------------------ |
+| `ENABLE_OAUTH_SSO`     | Required | Enable Single Sign-On (SSO) for LobeChat. Set to `1` to enable SSO.                                                        |
+| `NEXTAUTH_SECRET`      | Required | Key used to encrypt Auth.js session tokens. You can generate the key using the command: `openssl rand -base64 32`                               |
+| `SSO_PROVIDERS`        | Required | Select the Single Sign-On provider for LobeChat. Use `github` for Github.                                                |
+| `GITHUB_CLIENT_ID`     | Required | Client ID in the Github App details page.                                                                       |
+| `GITHUB_CLIENT_SECRET` | Required | Client Secret in the Github App details page.                                                                   |
+| `ACCESS_CODE`          | Required | Add a password for accessing this service. You can set a long random password to "disable" access code authorization.                                                      |
+| `NEXTAUTH_URL`         | Optional | This URL is used to specify the callback address for Auth.js when performing OAuth authentication. Only set it if the default generated redirect address is incorrect. `https://example.com/api/auth` |
+
+<Callout type={'tip'}>
+Go to [📘 Environment Variables](/en/self-hosting/environment-variable#Github) for detailed information on these variables. 
+</Callout> 
+
+</Steps>
+
+<Callout type={'info'}>
+After successful deployment, users will be able to authenticate with Github and use LobeChat. 
+</Callout>
+
+[github-create-app]: https://github.com/settings/apps/new

docs/self-hosting/advanced/sso-providers/github.zh-CN.mdx

@@ -0,0 +1,61 @@
+# 配置 Github 身份验证服务
+
+## Github 配置流程
+
+<Steps>
+  ### 创建 Github 提供应用
+
+  点击[这里][github-create-app]创建一个新的Gituhb App。
+
+  填写Github App name、Homepage URL、Callbak URL 
+
+  <Image alt="创建 Github 提供程序" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/2f919f99-2aaa-4fa7-9938-169d3ed09db7" />
+
+  按照自己所需设置Webhook回调地址
+
+  <Image alt="填写其他字段" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/d7ef5ad1-b1a3-435e-b1bc-4436d2b6fecd" />
+
+  设置读取邮件地址权限
+
+  <Image alt="设置所需权限" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/23131ca1-9e84-4a89-a840-ef79c4bc0251" />
+  <Image alt="设置读取邮件地址权限" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/358bca8d-3d82-4e76-9a5e-90d16a39efde" />
+
+  设置公开访问还是仅自己访问
+
+  <Image alt="设置公开访问还是仅自己访问" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/995780cb-9096-4a36-ab17-d422703ab970" />
+
+  点击「Create Github App」
+
+  创建成功后，点击「Generate a new client secret」创建客户端Secret
+
+  <Image alt="创建新的客户端密钥" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/6d69bdca-7d18-4cbc-b3e0-220d8815cd29" />
+
+  创建成功后， 将 `客户端 ID` 和 `客户端 Secret` 保存下来。
+
+  <Image alt="创建新的客户端密钥" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/c6108133-a918-48b0-ab1a-e3fa607572a4" />
+
+  ### 配置环境变量
+
+  在部署 LobeChat 时，你需要配置以下环境变量：
+
+  | 环境变量                     | 类型 | 描述                                                                                          |
+  | ------------------------ | -- | ------------------------------------------------------------------------------------------- |
+  | `ENABLE_OAUTH_SSO`       | 必选 | 为 LobeChat 启用单点登录 (SSO)。设置为 `1` 以启用单点登录。                                                    |
+  | `NEXTAUTH_SECRET`        | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32`                               |
+  | `SSO_PROVIDERS`          | 必选 | 选择 LoboChat 的单点登录提供商。使用 Github 请填写 `github`。                                  |
+  | `GITHUB_CLIENT_ID`     | 必选 | Github App详情页的 客户端 ID                                                          |
+  | `GITHUB_CLIENT_SECRET` | 必选 | Github App详情页的 客户端 Secret                                                      |
+  | `ACCESS_CODE`            | 必选 | 添加访问此服务的密码，你可以设置一个足够长的随机密码以 “禁用” 访问码授权                                                      |
+  | `NEXTAUTH_URL`           | 可选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/self-hosting/environment-variable#Github) 可查阅相关变量详情。
+  </Callout>
+</Steps>
+
+<Callout type={'info'}>
+  部署成功后，用户将可以通过Github身份认证并使用 LobeChat。
+</Callout>
+
+
+[github-create-app]: https://github.com/settings/apps/new

docs/self-hosting/environment-variables/basic.mdx

@@ -168,6 +168,27 @@ Further reading:
 - Default: `-`
 - Example: `https://your-authentik-domain.com/application/o/slug/`
 
+### Github
+
+<Callout>
+  Currently, we only support the Auth0, Microsoft Entra ID, Authentik, Github identity verification service providers.
+  If you need to use other identity verification service providers, you can submit a [feature request](https://github.com/lobehub/lobe-chat/issues/new/choose) or Pull Request.
+</Callout>
+
+#### `GITHUB_CLIENT_ID`
+
+- Type: Required
+- Description: Client ID of the Github application. You can access it [here][github-client-page] and navigate to the application settings to view.
+- Default: `-`
+- Example: `abd94200333283550508`
+
+#### `GITHUB_CLIENT_SECRET`
+
+- Type: Required
+- Description: Client Secret of the Github application.
+- Default: `-`
+- Example: `dd262976ac0931d947e104891586a053f3d3750b`
+
 ## Plugin Service
 
 ### `PLUGINS_INDEX_URL`
@@ -206,3 +227,4 @@ The above example sets the `SERPAPI_API_KEY` of the `search-engine` plugin to `x
 - Default: `https://chat-agents.lobehub.com`
 
 [auth0-client-page]: https://manage.auth0.com/dashboard
+[github-client-page]: https://github.com/settings/apps

docs/self-hosting/environment-variables/basic.zh-CN.mdx

@@ -167,6 +167,29 @@ LobeChat 在部署时提供了一些额外的配置项，你可以使用环境
 - 默认值: `-`
 - 示例: `https://your-authentik-domain.com/application/o/slug/`
 
+
+### Github
+
+<Callout>
+  目前，我们仅支持 Auth0,Microsoft Entra ID,Authentik,Github 作为身份验证服务提供商。如果您需要使用其他身份验证服务提供商，可以提交
+  [功能请求](https://github.com/lobehub/lobe-chat/issues/new/choose) 或 Pull Request。
+</Callout>
+
+#### `GITHUB_CLIENT_ID`
+
+- Type: Required
+- Description: Github应用的客户端ID。您可以在[这里][github-client-page]访问，并导航到应用程序设置以查看。
+- Default: `-`
+- Example: `abd94200333283550508`
+
+#### `GITHUB_CLIENT_SECRET`
+
+- Type: Required
+- Description: Github应用的客户端密钥。
+- Default: `-`
+- Example: `dd262976ac0931d947e104891586a053f3d3750b`
+
+
 ## 插件服务
 
 ### `PLUGINS_INDEX_URL`
@@ -205,3 +228,4 @@ LobeChat 在部署时提供了一些额外的配置项，你可以使用环境
 - 默认值：`https://chat-agents.lobehub.com`
 
 [auth0-client-page]: https://manage.auth0.com/dashboard
+[github-client-page]: https://github.com/settings/apps

src/app/api/auth/next-auth.ts

@@ -2,6 +2,7 @@ import NextAuth from 'next-auth';
 import Auth0 from 'next-auth/providers/auth0';
 import Authentik from 'next-auth/providers/authentik';
 import AzureAd from 'next-auth/providers/azure-ad';
+import Github from 'next-auth/providers/github';
 
 import { getServerConfig } from '@/config/server';
 
@@ -11,6 +12,8 @@ const {
   AUTH0_CLIENT_ID,
   AUTH0_CLIENT_SECRET,
   AUTH0_ISSUER,
+  GITHUB_CLIENT_ID,
+  GITHUB_CLIENT_SECRET,
   AZURE_AD_CLIENT_ID,
   AZURE_AD_CLIENT_SECRET,
   AZURE_AD_TENANT_ID,
@@ -59,6 +62,14 @@ const nextAuth = NextAuth({
               issuer: AUTH0_ISSUER,
             });
           }
+          case 'github': {
+            return Github({
+              // Specify auth scope, at least include 'openid email'
+              authorization: { params: { scope: 'read:user user:email' } },
+              clientId: GITHUB_CLIENT_ID,
+              clientSecret: GITHUB_CLIENT_SECRET,
+            });
+          }
           case 'azure-ad': {
             return AzureAd({
               // Specify auth scope, at least include 'openid email'

src/config/server/app.ts

@@ -62,6 +62,8 @@ export const getAppConfig = () => {
     AUTH0_CLIENT_ID: process.env.AUTH0_CLIENT_ID || '',
     AUTH0_CLIENT_SECRET: process.env.AUTH0_CLIENT_SECRET || '',
     AUTH0_ISSUER: process.env.AUTH0_ISSUER || '',
+    GITHUB_CLIENT_ID: process.env.GITHUB_CLIENT_ID || '',
+    GITHUB_CLIENT_SECRET: process.env.GITHUB_CLIENT_SECRET || '',
     AZURE_AD_CLIENT_ID: process.env.AZURE_AD_CLIENT_ID || '',
     AZURE_AD_CLIENT_SECRET: process.env.AZURE_AD_CLIENT_SECRET || '',
     AZURE_AD_TENANT_ID: process.env.AZURE_AD_TENANT_ID || '',