修改用户版本号

源站支持客户端证书
WAF策略简要信息中增加serverId
2022-01-16 20:38:53 +08:00 · 2022-01-16 19:51:54 +08:00 · 2022-01-14 10:43:22 +08:00 · 2022-01-11 15:46:41 +08:00 · 2022-01-11 15:29:03 +08:00 · 2022-01-11 14:59:32 +08:00
55 changed files with 1150 additions and 219 deletions
--- a/internal/const/const.go
+++ b/internal/const/const.go
@@ -19,7 +19,7 @@ const (
 	// 其他节点版本号，用来检测是否有需要升级的节点

 	NodeVersion          = "0.4.0"
-	UserNodeVersion      = "0.2.1"
+	UserNodeVersion      = "0.3.0"
 	AuthorityNodeVersion = "0.0.2"
 	MonitorNodeVersion   = "0.0.3"
 	DNSNodeVersion       = "0.2.1"
--- a/internal/db/models/acme/acme_task_dao.go
+++ b/internal/db/models/acme/acme_task_dao.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	acmeutils "github.com/TeaOSLab/EdgeAPI/internal/acme"
+	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/dns"
 	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
@@ -400,6 +401,7 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
 					client := utils.SharedHttpClient(5 * time.Second)
 					req, err := http.NewRequest(http.MethodPost, task.AuthURL, bytes.NewReader(authJSON))
 					req.Header.Set("Content-Type", "application/json")
+					req.Header.Set("User-Agent", teaconst.ProductName+"/"+teaconst.Version)
 					if err != nil {
 						remotelogs.Error("ACME", "parse auth url failed '"+task.AuthURL+"': "+err.Error())
 					} else {
--- a/internal/db/models/http_access_log_dao.go
+++ b/internal/db/models/http_access_log_dao.go
@@ -233,6 +233,8 @@ func (this *HTTPAccessLogDAO) CreateHTTPAccessLog(tx *dbs.Tx, dao *HTTPAccessLog
 func (this *HTTPAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string,
 	size int64,
 	day string,
+	clusterId int64,
+	nodeId int64,
 	serverId int64,
 	reverse bool,
 	hasError bool,
@@ -253,18 +255,18 @@ func (this *HTTPAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string,
 		size = 1000
 	}

-	result, nextLastRequestId, err = this.listAccessLogs(tx, lastRequestId, size, day, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId, hasFirewallPolicy, userId, keyword, ip, domain)
+	result, nextLastRequestId, err = this.listAccessLogs(tx, lastRequestId, size, day, clusterId, nodeId, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId, hasFirewallPolicy, userId, keyword, ip, domain)
 	if err != nil || int64(len(result)) < size {
 		return
 	}

-	moreResult, _, _ := this.listAccessLogs(tx, nextLastRequestId, 1, day, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId, hasFirewallPolicy, userId, keyword, ip, domain)
+	moreResult, _, _ := this.listAccessLogs(tx, nextLastRequestId, 1, day, clusterId, nodeId, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId, hasFirewallPolicy, userId, keyword, ip, domain)
 	hasMore = len(moreResult) > 0
 	return
 }

 // 读取往前的单页访问日志
-func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, serverId int64, reverse bool, hasError bool, firewallPolicyId int64, firewallRuleGroupId int64, firewallRuleSetId int64, hasFirewallPolicy bool, userId int64, keyword string, ip string, domain string) (result []*HTTPAccessLog, nextLastRequestId string, err error) {
+func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, clusterId int64, nodeId int64, serverId int64, reverse bool, hasError bool, firewallPolicyId int64, firewallRuleGroupId int64, firewallRuleSetId int64, hasFirewallPolicy bool, userId int64, keyword string, ip string, domain string) (result []*HTTPAccessLog, nextLastRequestId string, err error) {
 	if size <= 0 {
 		return nil, lastRequestId, nil
 	}
@@ -318,6 +320,30 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, s
 			query := dao.Query(tx)

 			// 条件
+			if nodeId > 0 {
+				query.Attr("nodeId", nodeId)
+			} else if clusterId > 0 {
+				nodeIds, err := SharedNodeDAO.FindAllEnabledNodeIdsWithClusterId(tx, clusterId)
+				if err != nil {
+					remotelogs.Error("DBNODE", err.Error())
+					return
+				}
+				if len(nodeIds) > 0 {
+					sort.Slice(nodeIds, func(i, j int) bool {
+						return nodeIds[i] < nodeIds[j]
+					})
+					var nodeIdStrings = []string{}
+					for _, subNodeId := range nodeIds {
+						nodeIdStrings = append(nodeIdStrings, types.String(subNodeId))
+					}
+
+					query.Where("nodeId IN (" + strings.Join(nodeIdStrings, ",") + ")")
+					query.Reuse(false)
+				} else {
+					// 如果没有节点，则直接返回空
+					return
+				}
+			}
 			if serverId > 0 {
 				query.Attr("serverId", serverId)
 			} else if userId > 0 && len(serverIds) > 0 {
--- a/internal/db/models/http_cache_policy_dao.go
+++ b/internal/db/models/http_cache_policy_dao.go
@@ -300,9 +300,13 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 }

 // CountAllEnabledHTTPCachePolicies 计算可用缓存策略数量
-func (this *HTTPCachePolicyDAO) CountAllEnabledHTTPCachePolicies(tx *dbs.Tx, keyword string) (int64, error) {
+func (this *HTTPCachePolicyDAO) CountAllEnabledHTTPCachePolicies(tx *dbs.Tx, clusterId int64, keyword string) (int64, error) {
 	query := this.Query(tx).
 		State(HTTPCachePolicyStateEnabled)
+	if clusterId > 0 {
+		query.Where("id IN (SELECT cachePolicyId FROM " + SharedNodeClusterDAO.Table + " WHERE id=:clusterId)")
+		query.Param("clusterId", clusterId)
+	}
 	if len(keyword) > 0 {
 		query.Where("(name LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
@@ -311,9 +315,13 @@ func (this *HTTPCachePolicyDAO) CountAllEnabledHTTPCachePolicies(tx *dbs.Tx, key
 }

 // ListEnabledHTTPCachePolicies 列出单页的缓存策略
-func (this *HTTPCachePolicyDAO) ListEnabledHTTPCachePolicies(tx *dbs.Tx, keyword string, offset int64, size int64) ([]*serverconfigs.HTTPCachePolicy, error) {
+func (this *HTTPCachePolicyDAO) ListEnabledHTTPCachePolicies(tx *dbs.Tx, clusterId int64, keyword string, offset int64, size int64) ([]*serverconfigs.HTTPCachePolicy, error) {
 	query := this.Query(tx).
 		State(HTTPCachePolicyStateEnabled)
+	if clusterId > 0 {
+		query.Where("id IN (SELECT cachePolicyId FROM " + SharedNodeClusterDAO.Table + " WHERE id=:clusterId)")
+		query.Param("clusterId", clusterId)
+	}
 	if len(keyword) > 0 {
 		query.Where("(name LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -130,6 +130,16 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 	if len(outboundJSON) > 0 {
 		op.Outbound = outboundJSON
 	}
+	op.UseLocalFirewall = true
+
+	{
+		synFloodJSON, err := json.Marshal(firewallconfigs.DefaultSYNFloodConfig())
+		if err != nil {
+			return 0, err
+		}
+		op.SynFlood = synFloodJSON
+	}
+
 	err := this.Save(tx, op)
 	return types.Int64(op.Id), err
 }
@@ -249,7 +259,7 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInbound(tx *dbs.Tx, polic
 }

 // UpdateFirewallPolicy 修改策略
-func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte, mode firewallconfigs.FirewallMode) error {
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte, mode firewallconfigs.FirewallMode, useLocalFirewall bool, synFloodConfig *firewallconfigs.SYNFloodConfig) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -272,6 +282,18 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int
 	if len(blockOptionsJSON) > 0 {
 		op.BlockOptions = blockOptionsJSON
 	}
+
+	if synFloodConfig != nil {
+		synFloodConfigJSON, err := json.Marshal(synFloodConfig)
+		if err != nil {
+			return err
+		}
+		op.SynFlood = synFloodConfigJSON
+	} else {
+		op.SynFlood = "null"
+	}
+
+	op.UseLocalFirewall = useLocalFirewall
 	err := this.Save(tx, op)
 	if err != nil {
 		return err
@@ -281,8 +303,12 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int
 }

 // CountAllEnabledFirewallPolicies 计算所有可用的策略数量
-func (this *HTTPFirewallPolicyDAO) CountAllEnabledFirewallPolicies(tx *dbs.Tx, keyword string) (int64, error) {
+func (this *HTTPFirewallPolicyDAO) CountAllEnabledFirewallPolicies(tx *dbs.Tx, clusterId int64, keyword string) (int64, error) {
 	query := this.Query(tx)
+	if clusterId > 0 {
+		query.Where("id IN (SELECT httpFirewallPolicyId FROM " + SharedNodeClusterDAO.Table + " WHERE id=:clusterId)")
+		query.Param("clusterId", clusterId)
+	}
 	if len(keyword) > 0 {
 		query.Where("(name LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
@@ -296,8 +322,12 @@ func (this *HTTPFirewallPolicyDAO) CountAllEnabledFirewallPolicies(tx *dbs.Tx, k
 }

 // ListEnabledFirewallPolicies 列出单页的策略
-func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx *dbs.Tx, keyword string, offset int64, size int64) (result []*HTTPFirewallPolicy, err error) {
+func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx *dbs.Tx, clusterId int64, keyword string, offset int64, size int64) (result []*HTTPFirewallPolicy, err error) {
 	query := this.Query(tx)
+	if clusterId > 0 {
+		query.Where("id IN (SELECT httpFirewallPolicyId FROM " + SharedNodeClusterDAO.Table + " WHERE id=:clusterId)")
+		query.Param("clusterId", clusterId)
+	}
 	if len(keyword) > 0 {
 		query.Where("(name LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
@@ -339,6 +369,7 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 	config.IsOn = policy.IsOn == 1
 	config.Name = policy.Name
 	config.Description = policy.Description
+	config.UseLocalFirewall = policy.UseLocalFirewall == 1

 	if len(policy.Mode) == 0 {
 		policy.Mode = firewallconfigs.FirewallModeDefend
@@ -411,6 +442,16 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 		config.BlockOptions = blockAction
 	}

+	// syn flood
+	if len(policy.SynFlood) > 0 {
+		var synFloodConfig = &firewallconfigs.SYNFloodConfig{}
+		err = json.Unmarshal([]byte(policy.SynFlood), synFloodConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.SYNFlood = synFloodConfig
+	}
+
 	if cacheMap != nil {
 		cacheMap.Put(cacheKey, config)
 	}
--- a/internal/db/models/http_firewall_policy_model.go
+++ b/internal/db/models/http_firewall_policy_model.go
@@ -2,39 +2,43 @@ package models

 // HTTPFirewallPolicy HTTP防火墙
 type HTTPFirewallPolicy struct {
-	Id           uint32 `field:"id"`           // ID
-	TemplateId   uint32 `field:"templateId"`   // 模版ID
-	AdminId      uint32 `field:"adminId"`      // 管理员ID
-	UserId       uint32 `field:"userId"`       // 用户ID
-	ServerId     uint32 `field:"serverId"`     // 服务ID
-	GroupId      uint32 `field:"groupId"`      // 服务分组ID
-	State        uint8  `field:"state"`        // 状态
-	CreatedAt    uint64 `field:"createdAt"`    // 创建时间
-	IsOn         uint8  `field:"isOn"`         // 是否启用
-	Name         string `field:"name"`         // 名称
-	Description  string `field:"description"`  // 描述
-	Inbound      string `field:"inbound"`      // 入站规则
-	Outbound     string `field:"outbound"`     // 出站规则
-	BlockOptions string `field:"blockOptions"` // BLOCK选项
-	Mode         string `field:"mode"`         // 模式
+	Id               uint32 `field:"id"`               // ID
+	TemplateId       uint32 `field:"templateId"`       // 模版ID
+	AdminId          uint32 `field:"adminId"`          // 管理员ID
+	UserId           uint32 `field:"userId"`           // 用户ID
+	ServerId         uint32 `field:"serverId"`         // 服务ID
+	GroupId          uint32 `field:"groupId"`          // 服务分组ID
+	State            uint8  `field:"state"`            // 状态
+	CreatedAt        uint64 `field:"createdAt"`        // 创建时间
+	IsOn             uint8  `field:"isOn"`             // 是否启用
+	Name             string `field:"name"`             // 名称
+	Description      string `field:"description"`      // 描述
+	Inbound          string `field:"inbound"`          // 入站规则
+	Outbound         string `field:"outbound"`         // 出站规则
+	BlockOptions     string `field:"blockOptions"`     // BLOCK选项
+	Mode             string `field:"mode"`             // 模式
+	UseLocalFirewall uint8  `field:"useLocalFirewall"` // 是否自动使用本地防火墙
+	SynFlood         string `field:"synFlood"`         // SynFlood防御设置
 }

 type HTTPFirewallPolicyOperator struct {
-	Id           interface{} // ID
-	TemplateId   interface{} // 模版ID
-	AdminId      interface{} // 管理员ID
-	UserId       interface{} // 用户ID
-	ServerId     interface{} // 服务ID
-	GroupId      interface{} // 服务分组ID
-	State        interface{} // 状态
-	CreatedAt    interface{} // 创建时间
-	IsOn         interface{} // 是否启用
-	Name         interface{} // 名称
-	Description  interface{} // 描述
-	Inbound      interface{} // 入站规则
-	Outbound     interface{} // 出站规则
-	BlockOptions interface{} // BLOCK选项
-	Mode         interface{} // 模式
+	Id               interface{} // ID
+	TemplateId       interface{} // 模版ID
+	AdminId          interface{} // 管理员ID
+	UserId           interface{} // 用户ID
+	ServerId         interface{} // 服务ID
+	GroupId          interface{} // 服务分组ID
+	State            interface{} // 状态
+	CreatedAt        interface{} // 创建时间
+	IsOn             interface{} // 是否启用
+	Name             interface{} // 名称
+	Description      interface{} // 描述
+	Inbound          interface{} // 入站规则
+	Outbound         interface{} // 出站规则
+	BlockOptions     interface{} // BLOCK选项
+	Mode             interface{} // 模式
+	UseLocalFirewall interface{} // 是否自动使用本地防火墙
+	SynFlood         interface{} // SynFlood防御设置
 }

 func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator {
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -434,6 +434,18 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, cacheMap *util
 		}
 	}

+	// 请求脚本
+	if len(web.RequestScripts) > 0 {
+		var requestScriptsConfig = &serverconfigs.HTTPRequestScriptsConfig{}
+		if len(web.RequestScripts) > 0 {
+			err = json.Unmarshal([]byte(web.RequestScripts), requestScriptsConfig)
+			if err != nil {
+				return nil, err
+			}
+			config.RequestScripts = requestScriptsConfig
+		}
+	}
+
 	if cacheMap != nil {
 		cacheMap.Put(cacheKey, config)
 	}
@@ -1119,6 +1131,43 @@ func (this *HTTPWebDAO) FindWebRequestLimit(tx *dbs.Tx, webId int64) (*servercon
 	return config, nil
 }

+// UpdateWebRequestScripts 修改服务的请求脚本设置
+func (this *HTTPWebDAO) UpdateWebRequestScripts(tx *dbs.Tx, webId int64, config *serverconfigs.HTTPRequestScriptsConfig) error {
+	configJSON, err := json.Marshal(config)
+	if err != nil {
+		return err
+	}
+	err = this.Query(tx).
+		Pk(webId).
+		Set("requestScripts", configJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, webId)
+}
+
+// FindWebRequestScripts 查找服务的脚本设置
+func (this *HTTPWebDAO) FindWebRequestScripts(tx *dbs.Tx, webId int64) (*serverconfigs.HTTPRequestScriptsConfig, error) {
+	configString, err := this.Query(tx).
+		Pk(webId).
+		Result("requestScripts").
+		FindStringCol("")
+	if err != nil {
+		return nil, err
+	}
+
+	var config = &serverconfigs.HTTPRequestScriptsConfig{}
+	if len(configString) == 0 {
+		return config, nil
+	}
+	err = json.Unmarshal([]byte(configString), config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
 // NotifyUpdate 通知更新
 func (this *HTTPWebDAO) NotifyUpdate(tx *dbs.Tx, webId int64) error {
 	// server
--- a/internal/db/models/http_web_model.go
+++ b/internal/db/models/http_web_model.go
@@ -34,6 +34,7 @@ type HTTPWeb struct {
 	RemoteAddr         string `field:"remoteAddr"`         // 客户端IP配置
 	MergeSlashes       uint8  `field:"mergeSlashes"`       // 是否合并路径中的斜杠
 	RequestLimit       string `field:"requestLimit"`       // 请求限制
+	RequestScripts     string `field:"requestScripts"`     // 请求脚本
 }

 type HTTPWebOperator struct {
@@ -69,6 +70,7 @@ type HTTPWebOperator struct {
 	RemoteAddr         interface{} // 客户端IP配置
 	MergeSlashes       interface{} // 是否合并路径中的斜杠
 	RequestLimit       interface{} // 请求限制
+	RequestScripts     interface{} // 请求脚本
 }

 func NewHTTPWebOperator() *HTTPWebOperator {
--- a/internal/db/models/ip_item_dao.go
+++ b/internal/db/models/ip_item_dao.go
@@ -156,7 +156,7 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx,
 		return 0, err
 	}

-	op := NewIPItemOperator()
+	var op = NewIPItemOperator()
 	op.ListId = listId
 	op.IpFrom = ipFrom
 	op.IpTo = ipTo
@@ -179,6 +179,11 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx,
 	op.SourceHTTPFirewallRuleGroupId = sourceHTTPFirewallRuleGroupId
 	op.SourceHTTPFirewallRuleSetId = sourceHTTPFirewallRuleSetId

+	var autoAdded = listId == firewallconfigs.GlobalListId || sourceNodeId > 0 || sourceServerId > 0 || sourceHTTPFirewallPolicyId > 0
+	if autoAdded {
+		op.IsRead = 0
+	}
+
 	op.State = IPItemStateEnabled
 	err = this.Save(tx, op)
 	if err != nil {
@@ -186,8 +191,8 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx,
 	}
 	itemId := types.Int64(op.Id)

-	// 全局名单不需要即时更新，防止数量过多而导致性能问题
-	if listId == firewallconfigs.GlobalListId {
+	// 自动加入名单不需要即时更新，防止数量过多而导致性能问题
+	if autoAdded {
 		return itemId, nil
 	}

@@ -379,7 +384,7 @@ func (this *IPItemDAO) ExistsEnabledItem(tx *dbs.Tx, itemId int64) (bool, error)
 }

 // CountAllEnabledIPItems 计算数量
-func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, ip string, listId int64) (int64, error) {
+func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, ip string, listId int64, unread bool) (int64, error) {
 	var query = this.Query(tx)
 	if len(ip) > 0 {
 		query.Attr("ipFrom", ip)
@@ -389,6 +394,9 @@ func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, ip string, listId int6
 	} else {
 		query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
 	}
+	if unread {
+		query.Attr("isRead", 0)
+	}
 	return query.
 		State(IPItemStateEnabled).
 		Where("(expiredAt=0 OR expiredAt>:expiredAt)").
@@ -397,7 +405,7 @@ func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, ip string, listId int6
 }

 // ListAllEnabledIPItems 搜索所有IP
-func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, ip string, listId int64, offset int64, size int64) (result []*IPItem, err error) {
+func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, ip string, listId int64, unread bool, offset int64, size int64) (result []*IPItem, err error) {
 	var query = this.Query(tx)
 	if len(ip) > 0 {
 		query.Attr("ipFrom", ip)
@@ -407,6 +415,9 @@ func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, ip string, listId int64
 	} else {
 		query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
 	}
+	if unread {
+		query.Attr("isRead", 0)
+	}
 	_, err = query.
 		State(IPItemStateEnabled).
 		Where("(expiredAt=0 OR expiredAt>:expiredAt)").
@@ -419,6 +430,14 @@ func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, ip string, listId int64
 	return
 }

+// UpdateItemsRead 设置所有未已读
+func (this *IPItemDAO) UpdateItemsRead(tx *dbs.Tx) error {
+	return this.Query(tx).
+		Attr("isRead", 0).
+		Set("isRead", 1).
+		UpdateQuickly()
+}
+
 // NotifyUpdate 通知更新
 func (this *IPItemDAO) NotifyUpdate(tx *dbs.Tx, itemId int64) error {
 	// 获取ListId
--- a/internal/db/models/ip_item_model.go
+++ b/internal/db/models/ip_item_model.go
@@ -23,6 +23,7 @@ type IPItem struct {
 	SourceHTTPFirewallPolicyId    uint32 `field:"sourceHTTPFirewallPolicyId"`    // 来源策略ID
 	SourceHTTPFirewallRuleGroupId uint32 `field:"sourceHTTPFirewallRuleGroupId"` // 来源规则集分组ID
 	SourceHTTPFirewallRuleSetId   uint32 `field:"sourceHTTPFirewallRuleSetId"`   // 来源规则集ID
+	IsRead                        uint8  `field:"isRead"`                        // 是否已读
 }

 type IPItemOperator struct {
@@ -47,6 +48,7 @@ type IPItemOperator struct {
 	SourceHTTPFirewallPolicyId    interface{} // 来源策略ID
 	SourceHTTPFirewallRuleGroupId interface{} // 来源规则集分组ID
 	SourceHTTPFirewallRuleSetId   interface{} // 来源规则集ID
+	IsRead                        interface{} // 是否已读
 }

 func NewIPItemOperator() *IPItemOperator {
--- a/internal/db/models/node_cluster_dao.go
+++ b/internal/db/models/node_cluster_dao.go
@@ -178,7 +178,7 @@ func (this *NodeClusterDAO) CreateCluster(tx *dbs.Tx, adminId int64, name string
 }

 // UpdateCluster 修改集群
-func (this *NodeClusterDAO) UpdateCluster(tx *dbs.Tx, clusterId int64, name string, grantId int64, installDir string, timezone string, nodeMaxThreads int32, nodeTCPMaxConnections int32) error {
+func (this *NodeClusterDAO) UpdateCluster(tx *dbs.Tx, clusterId int64, name string, grantId int64, installDir string, timezone string, nodeMaxThreads int32, nodeTCPMaxConnections int32, autoOpenPorts bool) error {
 	if clusterId <= 0 {
 		return errors.New("invalid clusterId")
 	}
@@ -198,6 +198,7 @@ func (this *NodeClusterDAO) UpdateCluster(tx *dbs.Tx, clusterId int64, name stri
 		nodeTCPMaxConnections = 0
 	}
 	op.NodeTCPMaxConnections = nodeTCPMaxConnections
+	op.AutoOpenPorts = autoOpenPorts

 	err := this.Save(tx, op)
 	if err != nil {
@@ -887,7 +888,7 @@ func (this *NodeClusterDAO) FindClusterBasicInfo(tx *dbs.Tx, clusterId int64, ca

 	cluster, err := this.Query(tx).
 		Pk(clusterId).
-		Result("timeZone", "nodeMaxThreads", "nodeTCPMaxConnections", "cachePolicyId", "httpFirewallPolicyId").
+		Result("timeZone", "nodeMaxThreads", "nodeTCPMaxConnections", "cachePolicyId", "httpFirewallPolicyId", "autoOpenPorts").
 		Find()
 	if err != nil || cluster == nil {
 		return nil, err
--- a/internal/db/models/node_cluster_model.go
+++ b/internal/db/models/node_cluster_model.go
@@ -29,6 +29,7 @@ type NodeCluster struct {
 	TimeZone              string `field:"timeZone"`              // 时区
 	NodeMaxThreads        uint32 `field:"nodeMaxThreads"`        // 节点最大线程数
 	NodeTCPMaxConnections uint32 `field:"nodeTCPMaxConnections"` // TCP最大连接数
+	AutoOpenPorts         uint8  `field:"autoOpenPorts"`         // 是否自动尝试开放端口
 }

 type NodeClusterOperator struct {
@@ -59,6 +60,7 @@ type NodeClusterOperator struct {
 	TimeZone              interface{} // 时区
 	NodeMaxThreads        interface{} // 节点最大线程数
 	NodeTCPMaxConnections interface{} // TCP最大连接数
+	AutoOpenPorts         interface{} // 是否自动尝试开放端口
 }

 func NewNodeClusterOperator() *NodeClusterOperator {
--- a/internal/db/models/node_dao.go
+++ b/internal/db/models/node_dao.go
@@ -827,6 +827,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap *utils
 		if clusterIndex == 0 {
 			config.MaxThreads = int(nodeCluster.NodeMaxThreads)
 			config.TCPMaxConnections = int(nodeCluster.NodeTCPMaxConnections)
+			config.AutoOpenPorts = nodeCluster.AutoOpenPorts == 1
 		}

 		clusterIndex++
@@ -916,6 +917,18 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap *utils

 	config.MetricItems = metricItems

+	// 产品
+	adminUIConfig, err := SharedSysSettingDAO.ReadAdminUIConfig(tx, cacheMap)
+	if err != nil {
+		return nil, err
+	}
+	if adminUIConfig != nil {
+		config.ProductConfig = &nodeconfigs.ProductConfig{
+			Name:    adminUIConfig.ProductName,
+			Version: adminUIConfig.Version,
+		}
+	}
+
 	return config, nil
 }

--- a/internal/db/models/node_log_dao.go
+++ b/internal/db/models/node_log_dao.go
@@ -135,6 +135,7 @@ func (this *NodeLogDAO) DeleteExpiredLogs(tx *dbs.Tx, days int) error {
 // CountNodeLogs 计算节点日志数量
 func (this *NodeLogDAO) CountNodeLogs(tx *dbs.Tx,
 	role string,
+	nodeClusterId int64,
 	nodeId int64,
 	serverId int64,
 	originId int64,
@@ -142,7 +143,8 @@ func (this *NodeLogDAO) CountNodeLogs(tx *dbs.Tx,
 	dayTo string,
 	keyword string,
 	level string,
-	isUnread bool) (int64, error) {
+	isUnread bool,
+	tag string) (int64, error) {
 	query := this.Query(tx)
 	if len(role) > 0 {
 		query.Attr("role", role)
@@ -150,11 +152,16 @@ func (this *NodeLogDAO) CountNodeLogs(tx *dbs.Tx,
 	if nodeId > 0 {
 		query.Attr("nodeId", nodeId)
 	} else {
-		switch role {
-		case nodeconfigs.NodeRoleNode:
-			query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE state=1 AND clusterId>0)")
-		case nodeconfigs.NodeRoleDNS:
-			query.Where("nodeId IN (SELECT id FROM edgeNSNodes WHERE state=1 AND clusterId > 0)") // 没有用 SharedNSNodeDAO() 因为有包循环引用的问题
+		if nodeClusterId > 0 {
+			query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE clusterId=:nodeClusterId AND state=1)")
+			query.Param("nodeClusterId", nodeClusterId)
+		} else {
+			switch role {
+			case nodeconfigs.NodeRoleNode:
+				query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE state=1 AND clusterId>0)")
+			case nodeconfigs.NodeRoleDNS:
+				query.Where("nodeId IN (SELECT id FROM edgeNSNodes WHERE state=1 AND clusterId > 0)") // 没有用 SharedNSNodeDAO() 因为有包循环引用的问题
+			}
 		}
 	}
 	if serverId > 0 {
@@ -181,6 +188,9 @@ func (this *NodeLogDAO) CountNodeLogs(tx *dbs.Tx,
 	if isUnread {
 		query.Attr("isRead", 0)
 	}
+	if len(tag) > 0 {
+		query.Like("tag", "%"+tag+"%")
+	}

 	return query.Count()
 }
@@ -188,6 +198,7 @@ func (this *NodeLogDAO) CountNodeLogs(tx *dbs.Tx,
 // ListNodeLogs 列出单页日志
 func (this *NodeLogDAO) ListNodeLogs(tx *dbs.Tx,
 	role string,
+	nodeClusterId int64,
 	nodeId int64,
 	serverId int64,
 	originId int64,
@@ -198,6 +209,7 @@ func (this *NodeLogDAO) ListNodeLogs(tx *dbs.Tx,
 	level string,
 	fixedState configutils.BoolState,
 	isUnread bool,
+	tag string,
 	offset int64,
 	size int64) (result []*NodeLog, err error) {
 	query := this.Query(tx)
@@ -207,11 +219,16 @@ func (this *NodeLogDAO) ListNodeLogs(tx *dbs.Tx,
 	if nodeId > 0 {
 		query.Attr("nodeId", nodeId)
 	} else {
-		switch role {
-		case nodeconfigs.NodeRoleNode:
-			query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE state=1 AND clusterId>0)")
-		case nodeconfigs.NodeRoleDNS:
-			query.Where("nodeId IN (SELECT id FROM edgeNSNodes WHERE state=1 AND clusterId>0)") // 没有用 SharedNSNodeDAO() 因为有包循环引用的问题
+		if nodeClusterId > 0 {
+			query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE clusterId=:nodeClusterId AND state=1)")
+			query.Param("nodeClusterId", nodeClusterId)
+		} else {
+			switch role {
+			case nodeconfigs.NodeRoleNode:
+				query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE state=1 AND clusterId>0)")
+			case nodeconfigs.NodeRoleDNS:
+				query.Where("nodeId IN (SELECT id FROM edgeNSNodes WHERE state=1 AND clusterId>0)") // 没有用 SharedNSNodeDAO() 因为有包循环引用的问题
+			}
 		}
 	}
 	if serverId > 0 {
@@ -240,11 +257,19 @@ func (this *NodeLogDAO) ListNodeLogs(tx *dbs.Tx,
 			Param("keyword", "%"+keyword+"%")
 	}
 	if len(level) > 0 {
-		query.Attr("level", level)
+		var pieces = strings.Split(level, ",")
+		if len(pieces) == 1 {
+			query.Attr("level", pieces[0])
+		} else {
+			query.Attr("level", pieces)
+		}
 	}
 	if isUnread {
 		query.Attr("isRead", 0)
 	}
+	if len(tag) > 0 {
+		query.Like("tag", "%"+tag+"%")
+	}
 	_, err = query.
 		Offset(offset).
 		Limit(size).
--- a/internal/db/models/node_value_dao.go
+++ b/internal/db/models/node_value_dao.go
@@ -57,12 +57,10 @@ func (this *NodeValueDAO) CreateValue(tx *dbs.Tx, clusterId int64, role nodeconf

 // Clean 清除数据
 func (this *NodeValueDAO) Clean(tx *dbs.Tx) error {
-	// 删除N天之前的所有数据
-	expiredDays := 2
-	day := timeutil.Format("Ymd", time.Now().AddDate(0, 0, -expiredDays))
+	var hour = timeutil.Format("YmdH", time.Now().Add(-2*time.Hour))
 	_, err := this.Query(tx).
-		Where("day<=:day").
-		Param("day", day).
+		Where("hour<=:hour").
+		Param("hour", hour).
 		Delete()
 	if err != nil {
 		return err
--- a/internal/db/models/node_value_dao_test.go
+++ b/internal/db/models/node_value_dao_test.go
@@ -10,7 +10,7 @@ import (
 )

 func TestNodeValueDAO_CreateValue(t *testing.T) {
-	dao := NewNodeValueDAO()
+	var dao = NewNodeValueDAO()
 	m := maps.Map{
 		"hello": "world12344",
 	}
@@ -20,3 +20,12 @@ func TestNodeValueDAO_CreateValue(t *testing.T) {
 	}
 	t.Log("ok")
 }
+
+func TestNodeValueDAO_Clean(t *testing.T) {
+	var dao = NewNodeValueDAO()
+	err := dao.Clean(nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
--- a/internal/db/models/origin_dao.go
+++ b/internal/db/models/origin_dao.go
@@ -87,7 +87,20 @@ func (this *OriginDAO) FindOriginName(tx *dbs.Tx, id int64) (string, error) {
 }

 // CreateOrigin 创建源站
-func (this *OriginDAO) CreateOrigin(tx *dbs.Tx, adminId int64, userId int64, name string, addrJSON string, description string, weight int32, isOn bool, connTimeout *shared.TimeDuration, readTimeout *shared.TimeDuration, idleTimeout *shared.TimeDuration, maxConns int32, maxIdleConns int32, domains []string) (originId int64, err error) {
+func (this *OriginDAO) CreateOrigin(tx *dbs.Tx,
+	adminId int64,
+	userId int64,
+	name string,
+	addrJSON string,
+	description string,
+	weight int32, isOn bool,
+	connTimeout *shared.TimeDuration,
+	readTimeout *shared.TimeDuration,
+	idleTimeout *shared.TimeDuration,
+	maxConns int32,
+	maxIdleConns int32,
+	certRef *sslconfigs.SSLCertRef,
+	domains []string) (originId int64, err error) {
 	op := NewOriginOperator()
 	op.AdminId = adminId
 	op.UserId = userId
@@ -133,6 +146,15 @@ func (this *OriginDAO) CreateOrigin(tx *dbs.Tx, adminId int64, userId int64, nam
 	}
 	op.Weight = weight

+	// cert
+	if certRef != nil {
+		certRefJSON, err := json.Marshal(certRef)
+		if err != nil {
+			return 0, err
+		}
+		op.Cert = certRefJSON
+	}
+
 	if len(domains) > 0 {
 		domainsJSON, err := json.Marshal(domains)
 		if err != nil {
@@ -152,7 +174,20 @@ func (this *OriginDAO) CreateOrigin(tx *dbs.Tx, adminId int64, userId int64, nam
 }

 // UpdateOrigin 修改源站
-func (this *OriginDAO) UpdateOrigin(tx *dbs.Tx, originId int64, name string, addrJSON string, description string, weight int32, isOn bool, connTimeout *shared.TimeDuration, readTimeout *shared.TimeDuration, idleTimeout *shared.TimeDuration, maxConns int32, maxIdleConns int32, domains []string) error {
+func (this *OriginDAO) UpdateOrigin(tx *dbs.Tx,
+	originId int64,
+	name string,
+	addrJSON string,
+	description string,
+	weight int32,
+	isOn bool,
+	connTimeout *shared.TimeDuration,
+	readTimeout *shared.TimeDuration,
+	idleTimeout *shared.TimeDuration,
+	maxConns int32,
+	maxIdleConns int32,
+	certRef *sslconfigs.SSLCertRef,
+	domains []string) error {
 	if originId <= 0 {
 		return errors.New("invalid originId")
 	}
@@ -201,6 +236,17 @@ func (this *OriginDAO) UpdateOrigin(tx *dbs.Tx, originId int64, name string, add
 	op.IsOn = isOn
 	op.Version = dbs.SQL("version+1")

+	// cert
+	if certRef != nil {
+		certRefJSON, err := json.Marshal(certRef)
+		if err != nil {
+			return err
+		}
+		op.Cert = certRefJSON
+	} else {
+		op.Cert = dbs.SQL("NULL")
+	}
+
 	if len(domains) > 0 {
 		domainsJSON, err := json.Marshal(domains)
 		if err != nil {
--- a/internal/db/models/regions/region_city_dao.go
+++ b/internal/db/models/regions/region_city_dao.go
@@ -38,7 +38,7 @@ func init() {
 	})
 }

-// 启用条目
+// EnableRegionCity 启用条目
 func (this *RegionCityDAO) EnableRegionCity(tx *dbs.Tx, id uint32) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -47,7 +47,7 @@ func (this *RegionCityDAO) EnableRegionCity(tx *dbs.Tx, id uint32) error {
 	return err
 }

-// 禁用条目
+// DisableRegionCity 禁用条目
 func (this *RegionCityDAO) DisableRegionCity(tx *dbs.Tx, id uint32) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -56,7 +56,7 @@ func (this *RegionCityDAO) DisableRegionCity(tx *dbs.Tx, id uint32) error {
 	return err
 }

-// 查找启用中的条目
+// FindEnabledRegionCity 查找启用中的条目
 func (this *RegionCityDAO) FindEnabledRegionCity(tx *dbs.Tx, id int64) (*RegionCity, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -68,7 +68,7 @@ func (this *RegionCityDAO) FindEnabledRegionCity(tx *dbs.Tx, id int64) (*RegionC
 	return result.(*RegionCity), err
 }

-// 根据主键查找名称
+// FindRegionCityName 根据主键查找名称
 func (this *RegionCityDAO) FindRegionCityName(tx *dbs.Tx, id uint32) (string, error) {
 	return this.Query(tx).
 		Pk(id).
@@ -76,7 +76,7 @@ func (this *RegionCityDAO) FindRegionCityName(tx *dbs.Tx, id uint32) (string, er
 		FindStringCol("")
 }

-// 根据数据ID查找城市
+// FindCityWithDataId 根据数据ID查找城市
 func (this *RegionCityDAO) FindCityWithDataId(tx *dbs.Tx, dataId string) (int64, error) {
 	return this.Query(tx).
 		Attr("dataId", dataId).
@@ -84,7 +84,7 @@ func (this *RegionCityDAO) FindCityWithDataId(tx *dbs.Tx, dataId string) (int64,
 		FindInt64Col(0)
 }

-// 创建城市
+// CreateCity 创建城市
 func (this *RegionCityDAO) CreateCity(tx *dbs.Tx, provinceId int64, name string, dataId string) (int64, error) {
 	op := NewRegionCityOperator()
 	op.ProvinceId = provinceId
@@ -105,7 +105,7 @@ func (this *RegionCityDAO) CreateCity(tx *dbs.Tx, provinceId int64, name string,
 	return types.Int64(op.Id), nil
 }

-// 根据城市名查找城市ID
+// FindCityIdWithNameCacheable 根据城市名查找城市ID
 func (this *RegionCityDAO) FindCityIdWithNameCacheable(tx *dbs.Tx, provinceId int64, cityName string) (int64, error) {
 	key := cityName + "@" + numberutils.FormatInt64(provinceId)

@@ -132,3 +132,12 @@ func (this *RegionCityDAO) FindCityIdWithNameCacheable(tx *dbs.Tx, provinceId in

 	return cityId, nil
 }
+
+// FindAllEnabledCities 获取所有城市信息
+func (this *RegionCityDAO) FindAllEnabledCities(tx *dbs.Tx) (result []*RegionCity, err error) {
+	_, err = this.Query(tx).
+		State(RegionCityStateEnabled).
+		Slice(&result).
+		FindAll()
+	return
+}
--- a/internal/db/models/regions/region_city_model_ext.go
+++ b/internal/db/models/regions/region_city_model_ext.go
@@ -1 +1,18 @@
 package regions
+
+import (
+	"encoding/json"
+	"github.com/iwind/TeaGo/logs"
+)
+
+func (this *RegionCity) DecodeCodes() []string {
+	if len(this.Codes) == 0 {
+		return []string{}
+	}
+	result := []string{}
+	err := json.Unmarshal([]byte(this.Codes), &result)
+	if err != nil {
+		logs.Error(err)
+	}
+	return result
+}
--- a/internal/db/models/regions/region_provider_dao.go
+++ b/internal/db/models/regions/region_provider_dao.go
@@ -36,7 +36,7 @@ func init() {
 	})
 }

-// 启用条目
+// EnableRegionProvider 启用条目
 func (this *RegionProviderDAO) EnableRegionProvider(tx *dbs.Tx, id uint32) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -45,7 +45,7 @@ func (this *RegionProviderDAO) EnableRegionProvider(tx *dbs.Tx, id uint32) error
 	return err
 }

-// 禁用条目
+// DisableRegionProvider 禁用条目
 func (this *RegionProviderDAO) DisableRegionProvider(tx *dbs.Tx, id uint32) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -54,8 +54,8 @@ func (this *RegionProviderDAO) DisableRegionProvider(tx *dbs.Tx, id uint32) erro
 	return err
 }

-// 查找启用中的条目
-func (this *RegionProviderDAO) FindEnabledRegionProvider(tx *dbs.Tx, id uint32) (*RegionProvider, error) {
+// FindEnabledRegionProvider 查找启用中的条目
+func (this *RegionProviderDAO) FindEnabledRegionProvider(tx *dbs.Tx, id int64) (*RegionProvider, error) {
 	result, err := this.Query(tx).
 		Pk(id).
 		Attr("state", RegionProviderStateEnabled).
@@ -66,7 +66,7 @@ func (this *RegionProviderDAO) FindEnabledRegionProvider(tx *dbs.Tx, id uint32)
 	return result.(*RegionProvider), err
 }

-// 根据主键查找名称
+// FindRegionProviderName 根据主键查找名称
 func (this *RegionProviderDAO) FindRegionProviderName(tx *dbs.Tx, id uint32) (string, error) {
 	return this.Query(tx).
 		Pk(id).
@@ -74,7 +74,7 @@ func (this *RegionProviderDAO) FindRegionProviderName(tx *dbs.Tx, id uint32) (st
 		FindStringCol("")
 }

-// 根据服务商名称查找服务商ID
+// FindProviderIdWithNameCacheable 根据服务商名称查找服务商ID
 func (this *RegionProviderDAO) FindProviderIdWithNameCacheable(tx *dbs.Tx, providerName string) (int64, error) {
 	SharedCacheLocker.RLock()
 	providerId, ok := regionProviderNameAndIdCacheMap[providerName]
@@ -100,7 +100,7 @@ func (this *RegionProviderDAO) FindProviderIdWithNameCacheable(tx *dbs.Tx, provi
 	return providerId, nil
 }

-// 创建Provider
+// CreateProvider 创建Provider
 func (this *RegionProviderDAO) CreateProvider(tx *dbs.Tx, name string) (int64, error) {
 	op := NewRegionProviderOperator()
 	op.Name = name
@@ -112,3 +112,12 @@ func (this *RegionProviderDAO) CreateProvider(tx *dbs.Tx, name string) (int64, e
 	op.Codes = codesJSON
 	return this.SaveInt64(tx, op)
 }
+
+// FindAllEnabledProviders 查找所有服务商
+func (this *RegionProviderDAO) FindAllEnabledProviders(tx *dbs.Tx) (result []*RegionProvider, err error) {
+	_, err = this.Query(tx).
+		State(RegionProviderStateEnabled).
+		Slice(&result).
+		FindAll()
+	return
+}
--- a/internal/db/models/regions/region_provider_model_ext.go
+++ b/internal/db/models/regions/region_provider_model_ext.go
@@ -1 +1,18 @@
 package regions
+
+import (
+	"encoding/json"
+	"github.com/iwind/TeaGo/logs"
+)
+
+func (this *RegionProvider) DecodeCodes() []string {
+	if len(this.Codes) == 0 {
+		return []string{}
+	}
+	result := []string{}
+	err := json.Unmarshal([]byte(this.Codes), &result)
+	if err != nil {
+		logs.Error(err)
+	}
+	return result
+}
--- a/internal/db/models/server_dao.go
+++ b/internal/db/models/server_dao.go
@@ -1262,9 +1262,13 @@ func (this *ServerDAO) CountAllEnabledServersWithNodeClusterId(tx *dbs.Tx, clust
 }

 // CountAllEnabledServersWithGroupId 计算使用某个分组的服务数量
-func (this *ServerDAO) CountAllEnabledServersWithGroupId(tx *dbs.Tx, groupId int64) (int64, error) {
-	return this.Query(tx).
-		State(ServerStateEnabled).
+func (this *ServerDAO) CountAllEnabledServersWithGroupId(tx *dbs.Tx, groupId int64, userId int64) (int64, error) {
+	var query = this.Query(tx).
+		State(ServerStateEnabled)
+	if userId > 0 {
+		query.Attr("userId", userId)
+	}
+	return query.
 		Where("JSON_CONTAINS(groupIds, :groupId)").
 		Param("groupId", numberutils.FormatInt64(groupId)).
 		Count()
--- a/internal/db/models/server_group_dao.go
+++ b/internal/db/models/server_group_dao.go
@@ -77,10 +77,11 @@ func (this *ServerGroupDAO) FindServerGroupName(tx *dbs.Tx, id int64) (string, e
 }

 // CreateGroup 创建分组
-func (this *ServerGroupDAO) CreateGroup(tx *dbs.Tx, name string) (groupId int64, err error) {
+func (this *ServerGroupDAO) CreateGroup(tx *dbs.Tx, name string, userId int64) (groupId int64, err error) {
 	op := NewServerGroupOperator()
 	op.State = ServerGroupStateEnabled
 	op.Name = name
+	op.UserId = userId
 	op.IsOn = true
 	err = this.Save(tx, op)
 	if err != nil {
@@ -102,9 +103,15 @@ func (this *ServerGroupDAO) UpdateGroup(tx *dbs.Tx, groupId int64, name string)
 }

 // FindAllEnabledGroups 查找所有分组
-func (this *ServerGroupDAO) FindAllEnabledGroups(tx *dbs.Tx) (result []*ServerGroup, err error) {
-	_, err = this.Query(tx).
-		State(ServerGroupStateEnabled).
+func (this *ServerGroupDAO) FindAllEnabledGroups(tx *dbs.Tx, userId int64) (result []*ServerGroup, err error) {
+	var query = this.Query(tx).
+		State(ServerGroupStateEnabled)
+	if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		query.Attr("userId", 0)
+	}
+	_, err = query.
 		Desc("order").
 		AscPk().
 		Slice(&result).
@@ -113,9 +120,13 @@ func (this *ServerGroupDAO) FindAllEnabledGroups(tx *dbs.Tx) (result []*ServerGr
 }

 // UpdateGroupOrders 修改分组排序
-func (this *ServerGroupDAO) UpdateGroupOrders(tx *dbs.Tx, groupIds []int64) error {
+func (this *ServerGroupDAO) UpdateGroupOrders(tx *dbs.Tx, groupIds []int64, userId int64) error {
 	for index, groupId := range groupIds {
-		_, err := this.Query(tx).
+		var query = this.Query(tx)
+		if userId > 0 {
+			query.Attr("userId", userId)
+		}
+		_, err := query.
 			Pk(groupId).
 			Set("order", len(groupIds)-index).
 			Update()
@@ -383,6 +394,22 @@ func (this *ServerGroupDAO) FindEnabledGroupIdWithReverseProxyId(tx *dbs.Tx, rev
 		FindInt64Col(0)
 }

+// CheckUserGroup 检查用户分组
+func (this *ServerGroupDAO) CheckUserGroup(tx *dbs.Tx, userId int64, groupId int64) error {
+	b, err := this.Query(tx).
+		Pk(groupId).
+		Attr("userId", userId).
+		State(ServerGroupStateEnabled).
+		Exist()
+	if err != nil {
+		return err
+	}
+	if !b {
+		return ErrNotFound
+	}
+	return nil
+}
+
 // NotifyUpdate 通知更新
 func (this *ServerGroupDAO) NotifyUpdate(tx *dbs.Tx, groupId int64) error {
 	serverIds, err := SharedServerDAO.FindAllEnabledServerIdsWithGroupId(tx, groupId)
--- a/internal/db/models/sys_setting_dao.go
+++ b/internal/db/models/sys_setting_dao.go
@@ -4,9 +4,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/zero"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/userconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -138,6 +140,54 @@ func (this *SysSettingDAO) ReadGlobalConfig(tx *dbs.Tx) (*serverconfigs.GlobalCo
 	return config, nil
 }

+// ReadUserServerConfig 读取用户服务配置
+func (this *SysSettingDAO) ReadUserServerConfig(tx *dbs.Tx) (*userconfigs.UserServerConfig, error) {
+	valueJSON, err := this.ReadSetting(tx, systemconfigs.SettingCodeUserServerConfig)
+	if err != nil {
+		return nil, err
+	}
+	if len(valueJSON) == 0 {
+		return userconfigs.DefaultUserServerConfig(), nil
+	}
+
+	var config = userconfigs.DefaultUserServerConfig()
+	err = json.Unmarshal(valueJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// ReadAdminUIConfig 读取管理员界面配置
+func (this *SysSettingDAO) ReadAdminUIConfig(tx *dbs.Tx, cacheMap *utils.CacheMap) (*systemconfigs.AdminUIConfig, error) {
+	var cacheKey = this.Table + ":ReadAdminUIConfig"
+	if cacheMap != nil {
+		cache, ok := cacheMap.Get(cacheKey)
+		if ok && cache != nil {
+			return cache.(*systemconfigs.AdminUIConfig), nil
+		}
+	}
+
+	valueJSON, err := this.ReadSetting(tx, systemconfigs.SettingCodeAdminUIConfig)
+	if err != nil {
+		return nil, err
+	}
+	if len(valueJSON) > 0 {
+		var config = &systemconfigs.AdminUIConfig{}
+		err = json.Unmarshal(valueJSON, config)
+		if err != nil {
+			return nil, err
+		}
+
+		if cacheMap != nil {
+			cacheMap.Put(cacheKey, config)
+		}
+
+		return config, nil
+	}
+	return &systemconfigs.AdminUIConfig{}, nil
+}
+
 // NotifyUpdate 通知更改
 func (this *SysSettingDAO) NotifyUpdate(tx *dbs.Tx, code string) error {
 	switch code {
--- a/internal/db/models/user_dao.go
+++ b/internal/db/models/user_dao.go
@@ -104,7 +104,18 @@ func (this *UserDAO) FindUserFullname(tx *dbs.Tx, userId int64) (string, error)
 }

 // CreateUser 创建用户
-func (this *UserDAO) CreateUser(tx *dbs.Tx, username string, password string, fullname string, mobile string, tel string, email string, remark string, source string, clusterId int64) (int64, error) {
+func (this *UserDAO) CreateUser(tx *dbs.Tx, username string,
+	password string,
+	fullname string,
+	mobile string,
+	tel string,
+	email string,
+	remark string,
+	source string,
+	clusterId int64,
+	features []string,
+	registeredIP string,
+	isVerified bool) (int64, error) {
 	op := NewUserOperator()
 	op.Username = username
 	op.Password = stringutil.Md5(password)
@@ -112,10 +123,24 @@ func (this *UserDAO) CreateUser(tx *dbs.Tx, username string, password string, fu
 	op.Mobile = mobile
 	op.Tel = tel
 	op.Email = email
+	op.EmailIsVerified = false
 	op.Remark = remark
 	op.Source = source
 	op.ClusterId = clusterId
 	op.Day = timeutil.Format("Ymd")
+	op.IsVerified = isVerified
+	op.RegisteredIP = registeredIP
+
+	// features
+	if len(features) == 0 {
+		op.Features = "[]"
+	} else {
+		featuresJSON, err := json.Marshal(features)
+		if err != nil {
+			return 0, err
+		}
+		op.Features = featuresJSON
+	}

 	op.IsOn = true
 	op.State = UserStateEnabled
@@ -149,13 +174,15 @@ func (this *UserDAO) UpdateUser(tx *dbs.Tx, userId int64, username string, passw
 }

 // UpdateUserInfo 修改用户基本信息
-func (this *UserDAO) UpdateUserInfo(tx *dbs.Tx, userId int64, fullname string) error {
+func (this *UserDAO) UpdateUserInfo(tx *dbs.Tx, userId int64, fullname string, mobile string, email string) error {
 	if userId <= 0 {
 		return errors.New("invalid userId")
 	}
 	op := NewUserOperator()
 	op.Id = userId
 	op.Fullname = fullname
+	op.Mobile = mobile
+	op.Email = email
 	return this.Save(tx, op)
 }

@@ -175,7 +202,7 @@ func (this *UserDAO) UpdateUserLogin(tx *dbs.Tx, userId int64, username string,
 }

 // CountAllEnabledUsers 计算用户数量
-func (this *UserDAO) CountAllEnabledUsers(tx *dbs.Tx, clusterId int64, keyword string) (int64, error) {
+func (this *UserDAO) CountAllEnabledUsers(tx *dbs.Tx, clusterId int64, keyword string, isVerifying bool) (int64, error) {
 	query := this.Query(tx)
 	query.State(UserStateEnabled)
 	if clusterId > 0 {
@@ -185,11 +212,22 @@ func (this *UserDAO) CountAllEnabledUsers(tx *dbs.Tx, clusterId int64, keyword s
 		query.Where("(username LIKE :keyword OR fullname LIKE :keyword OR mobile LIKE :keyword OR email LIKE :keyword OR tel LIKE :keyword OR remark LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
 	}
+	if isVerifying {
+		query.Attr("isVerified", 0)
+	}
+	return query.Count()
+}
+
+// CountAllVerifyingUsers 获取等待审核的用户数
+func (this *UserDAO) CountAllVerifyingUsers(tx *dbs.Tx) (int64, error) {
+	query := this.Query(tx)
+	query.State(UserStateEnabled)
+	query.Attr("isVerified", 0)
 	return query.Count()
 }

 // ListEnabledUsers 列出单页用户
-func (this *UserDAO) ListEnabledUsers(tx *dbs.Tx, clusterId int64, keyword string, offset int64, size int64) (result []*User, err error) {
+func (this *UserDAO) ListEnabledUsers(tx *dbs.Tx, clusterId int64, keyword string, isVerifying bool, offset int64, size int64) (result []*User, err error) {
 	query := this.Query(tx)
 	query.State(UserStateEnabled)
 	if clusterId > 0 {
@@ -199,6 +237,9 @@ func (this *UserDAO) ListEnabledUsers(tx *dbs.Tx, clusterId int64, keyword strin
 		query.Where("(username LIKE :keyword OR fullname LIKE :keyword OR mobile LIKE :keyword OR email LIKE :keyword OR tel LIKE :keyword OR remark LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
 	}
+	if isVerifying {
+		query.Attr("isVerified", 0)
+	}
 	_, err = query.
 		DescPk().
 		Offset(offset).
@@ -355,3 +396,16 @@ func (this *UserDAO) CountDailyUsers(tx *dbs.Tx, dayFrom string, dayTo string) (

 	return result, nil
 }
+
+// UpdateUserIsVerified 审核用户
+func (this *UserDAO) UpdateUserIsVerified(tx *dbs.Tx, userId int64, isRejected bool, rejectReason string) error {
+	if userId <= 0 {
+		return errors.New("invalid userId")
+	}
+	var op = NewUserOperator()
+	op.Id = userId
+	op.IsRejected = isRejected
+	op.RejectReason = rejectReason
+	op.IsVerified = true
+	return this.Save(tx, op)
+}
--- a/internal/db/models/user_model.go
+++ b/internal/db/models/user_model.go
@@ -2,43 +2,55 @@ package models

 // User 用户
 type User struct {
-	Id           uint32 `field:"id"`           // ID
-	IsOn         uint8  `field:"isOn"`         // 是否启用
-	Username     string `field:"username"`     // 用户名
-	Password     string `field:"password"`     // 密码
-	Fullname     string `field:"fullname"`     // 真实姓名
-	Mobile       string `field:"mobile"`       // 手机号
-	Tel          string `field:"tel"`          // 联系电话
-	Remark       string `field:"remark"`       // 备注
-	Email        string `field:"email"`        // 邮箱地址
-	AvatarFileId uint64 `field:"avatarFileId"` // 头像文件ID
-	CreatedAt    uint64 `field:"createdAt"`    // 创建时间
-	Day          string `field:"day"`          // YYYYMMDD
-	UpdatedAt    uint64 `field:"updatedAt"`    // 修改时间
-	State        uint8  `field:"state"`        // 状态
-	Source       string `field:"source"`       // 来源
-	ClusterId    uint32 `field:"clusterId"`    // 集群ID
-	Features     string `field:"features"`     // 允许操作的特征
+	Id              uint32 `field:"id"`              // ID
+	IsOn            uint8  `field:"isOn"`            // 是否启用
+	Username        string `field:"username"`        // 用户名
+	Password        string `field:"password"`        // 密码
+	Fullname        string `field:"fullname"`        // 真实姓名
+	Mobile          string `field:"mobile"`          // 手机号
+	Tel             string `field:"tel"`             // 联系电话
+	Remark          string `field:"remark"`          // 备注
+	Email           string `field:"email"`           // 邮箱地址
+	EmailIsVerified uint8  `field:"emailIsVerified"` // 邮箱是否已验证
+	AvatarFileId    uint64 `field:"avatarFileId"`    // 头像文件ID
+	CreatedAt       uint64 `field:"createdAt"`       // 创建时间
+	Day             string `field:"day"`             // YYYYMMDD
+	UpdatedAt       uint64 `field:"updatedAt"`       // 修改时间
+	State           uint8  `field:"state"`           // 状态
+	Source          string `field:"source"`          // 来源
+	ClusterId       uint32 `field:"clusterId"`       // 集群ID
+	Features        string `field:"features"`        // 允许操作的特征
+	RegisteredIP    string `field:"registeredIP"`    // 注册使用的IP
+	IsRejected      uint8  `field:"isRejected"`      // 是否已拒绝
+	RejectReason    string `field:"rejectReason"`    // 拒绝理由
+	IsVerified      uint8  `field:"isVerified"`      // 是否验证通过
+	RequirePlans    uint8  `field:"requirePlans"`    // 是否需要购买套餐
 }

 type UserOperator struct {
-	Id           interface{} // ID
-	IsOn         interface{} // 是否启用
-	Username     interface{} // 用户名
-	Password     interface{} // 密码
-	Fullname     interface{} // 真实姓名
-	Mobile       interface{} // 手机号
-	Tel          interface{} // 联系电话
-	Remark       interface{} // 备注
-	Email        interface{} // 邮箱地址
-	AvatarFileId interface{} // 头像文件ID
-	CreatedAt    interface{} // 创建时间
-	Day          interface{} // YYYYMMDD
-	UpdatedAt    interface{} // 修改时间
-	State        interface{} // 状态
-	Source       interface{} // 来源
-	ClusterId    interface{} // 集群ID
-	Features     interface{} // 允许操作的特征
+	Id              interface{} // ID
+	IsOn            interface{} // 是否启用
+	Username        interface{} // 用户名
+	Password        interface{} // 密码
+	Fullname        interface{} // 真实姓名
+	Mobile          interface{} // 手机号
+	Tel             interface{} // 联系电话
+	Remark          interface{} // 备注
+	Email           interface{} // 邮箱地址
+	EmailIsVerified interface{} // 邮箱是否已验证
+	AvatarFileId    interface{} // 头像文件ID
+	CreatedAt       interface{} // 创建时间
+	Day             interface{} // YYYYMMDD
+	UpdatedAt       interface{} // 修改时间
+	State           interface{} // 状态
+	Source          interface{} // 来源
+	ClusterId       interface{} // 集群ID
+	Features        interface{} // 允许操作的特征
+	RegisteredIP    interface{} // 注册使用的IP
+	IsRejected      interface{} // 是否已拒绝
+	RejectReason    interface{} // 拒绝理由
+	IsVerified      interface{} // 是否验证通过
+	RequirePlans    interface{} // 是否需要购买套餐
 }

 func NewUserOperator() *UserOperator {
--- a/internal/dnsclients/provider_cloud_flare.go
+++ b/internal/dnsclients/provider_cloud_flare.go
@@ -6,6 +6,7 @@ import (
 	"bytes"
 	"crypto/tls"
 	"encoding/json"
+	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/cloudflare"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
@@ -257,6 +258,7 @@ func (this *CloudFlareProvider) doAPI(method string, apiPath string, args map[st
 	if err != nil {
 		return err
 	}
+	req.Header.Set("User-Agent", teaconst.ProductName+"/"+teaconst.Version)
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("X-Auth-Key", this.apiKey)
 	req.Header.Set("x-Auth-Email", this.email)
--- a/internal/dnsclients/provider_custom_http.go
+++ b/internal/dnsclients/provider_custom_http.go
@@ -165,7 +165,7 @@ func (this *CustomHTTPProvider) post(params maps.Map) (respData []byte, err erro
 	timestamp := strconv.FormatInt(time.Now().Unix(), 10)
 	req.Header.Set("Timestamp", timestamp)
 	req.Header.Set("Token", fmt.Sprintf("%x", sha1.Sum([]byte(this.secret+"@"+timestamp))))
-	req.Header.Set("User-Agent", "GoEdge/"+teaconst.Version)
+	req.Header.Set("User-Agent", teaconst.ProductName+"/"+teaconst.Version)

 	resp, err := customHTTPClient.Do(req)
 	if err != nil {
--- a/internal/installers/deploy_manager.go
+++ b/internal/installers/deploy_manager.go
@@ -9,19 +9,30 @@ import (

 var SharedDeployManager = NewDeployManager()

+// DeployManager 节点部署文件管理器
+// 如果节点部署文件有变化，需要重启API节点以便于生效
 type DeployManager struct {
-	dir string
+	dir         string
+	nodeFiles   []*DeployFile
+	nsNodeFiles []*DeployFile
 }

-// NewDeployManager 节点部署文件管理器
+// NewDeployManager 获取新节点部署文件管理器
 func NewDeployManager() *DeployManager {
-	return &DeployManager{
+	var manager = &DeployManager{
 		dir: Tea.Root + "/deploy",
 	}
+	manager.LoadNodeFiles()
+	manager.LoadNSNodeFiles()
+	return manager
 }

 // LoadNodeFiles 加载所有边缘节点文件
 func (this *DeployManager) LoadNodeFiles() []*DeployFile {
+	if len(this.nodeFiles) > 0 {
+		return this.nodeFiles
+	}
+
 	keyMap := map[string]*DeployFile{} // key => File

 	reg := regexp.MustCompile(`^edge-node-(\w+)-(\w+)-v([0-9.]+)\.zip$`)
@@ -52,6 +63,9 @@ func (this *DeployManager) LoadNodeFiles() []*DeployFile {
 	for _, v := range keyMap {
 		result = append(result, v)
 	}
+
+	this.nodeFiles = result
+
 	return result
 }

@@ -67,6 +81,10 @@ func (this *DeployManager) FindNodeFile(os string, arch string) *DeployFile {

 // LoadNSNodeFiles 加载所有NS节点安装文件
 func (this *DeployManager) LoadNSNodeFiles() []*DeployFile {
+	if len(this.nsNodeFiles) > 0 {
+		return this.nsNodeFiles
+	}
+
 	keyMap := map[string]*DeployFile{} // key => File

 	reg := regexp.MustCompile(`^edge-dns-(\w+)-(\w+)-v([0-9.]+)\.zip$`)
@@ -97,6 +115,9 @@ func (this *DeployManager) LoadNSNodeFiles() []*DeployFile {
 	for _, v := range keyMap {
 		result = append(result, v)
 	}
+
+	this.nsNodeFiles = result
+
 	return result
 }

--- a/internal/nodes/api_node_services.go
+++ b/internal/nodes/api_node_services.go
@@ -263,6 +263,16 @@ func (this *APINode) registerServices(server *grpc.Server) {
 		pb.RegisterRegionProvinceServiceServer(server, instance)
 		this.rest(instance)
 	}
+	{
+		instance := this.serviceInstance(&services.RegionCityService{}).(*services.RegionCityService)
+		pb.RegisterRegionCityServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.RegionProviderService{}).(*services.RegionProviderService)
+		pb.RegisterRegionProviderServiceServer(server, instance)
+		this.rest(instance)
+	}
 	{
 		instance := this.serviceInstance(&services.IPListService{}).(*services.IPListService)
 		pb.RegisterIPListServiceServer(server, instance)
--- a/internal/rpc/services/service_admin.go
+++ b/internal/rpc/services/service_admin.go
@@ -520,7 +520,7 @@ func (this *AdminService) ComposeAdminDashboard(ctx context.Context, req *pb.Com
 	result.CountAuditingServers = countAuditingServers

 	// 用户数
-	countUsers, err := models.SharedUserDAO.CountAllEnabledUsers(tx, 0, "")
+	countUsers, err := models.SharedUserDAO.CountAllEnabledUsers(tx, 0, "", false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_base.go
+++ b/internal/rpc/services/service_base.go
@@ -102,6 +102,11 @@ func (this *BaseService) ValidateAuthorityNode(ctx context.Context) (nodeId int6

 // ValidateNodeId 获取节点ID
 func (this *BaseService) ValidateNodeId(ctx context.Context, roles ...rpcutils.UserType) (role rpcutils.UserType, nodeIntId int64, err error) {
+	// 默认包含大部分节点
+	if len(roles) == 0 {
+		roles = []rpcutils.UserType{rpcutils.UserTypeNode, rpcutils.UserTypeCluster, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser, rpcutils.UserTypeDNS, rpcutils.UserTypeReport, rpcutils.UserTypeMonitor, rpcutils.UserTypeLog}
+	}
+
 	if ctx == nil {
 		err = errors.New("context should not be nil")
 		role = rpcutils.UserTypeNone
--- a/internal/rpc/services/service_firewall.go
+++ b/internal/rpc/services/service_firewall.go
@@ -299,3 +299,21 @@ func (this *FirewallService) NotifyHTTPFirewallEvent(ctx context.Context, req *p
 	}
 	return this.Success()
 }
+
+// CountFirewallDailyBlocks 读取当前Block动作次数
+func (this *FirewallService) CountFirewallDailyBlocks(ctx context.Context, req *pb.CountFirewallDailyBlocksRequest) (*pb.CountFirewallDailyBlocksResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	var day = timeutil.Format("Ymd")
+	countDailyBlock, err := stats.SharedServerHTTPFirewallDailyStatDAO.SumDailyCount(tx, 0, 0, "block", day, day)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.CountFirewallDailyBlocksResponse{
+		CountBlocks: countDailyBlock,
+	}, nil
+}
--- a/internal/rpc/services/service_http_access_log.go
+++ b/internal/rpc/services/service_http_access_log.go
@@ -72,7 +72,7 @@ func (this *HTTPAccessLogService) ListHTTPAccessLogs(ctx context.Context, req *p
 		}
 	}

-	accessLogs, requestId, hasMore, err := models.SharedHTTPAccessLogDAO.ListAccessLogs(tx, req.RequestId, req.Size, req.Day, req.ServerId, req.Reverse, req.HasError, req.FirewallPolicyId, req.FirewallRuleGroupId, req.FirewallRuleSetId, req.HasFirewallPolicy, req.UserId, req.Keyword, req.Ip, req.Domain)
+	accessLogs, requestId, hasMore, err := models.SharedHTTPAccessLogDAO.ListAccessLogs(tx, req.RequestId, req.Size, req.Day, req.NodeClusterId, req.NodeId, req.ServerId, req.Reverse, req.HasError, req.FirewallPolicyId, req.FirewallRuleGroupId, req.FirewallRuleSetId, req.HasFirewallPolicy, req.UserId, req.Keyword, req.Ip, req.Domain)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_cache_policy.go
+++ b/internal/rpc/services/service_http_cache_policy.go
@@ -99,7 +99,7 @@ func (this *HTTPCachePolicyService) CountAllEnabledHTTPCachePolicies(ctx context

 	tx := this.NullTx()

-	count, err := models.SharedHTTPCachePolicyDAO.CountAllEnabledHTTPCachePolicies(tx, req.Keyword)
+	count, err := models.SharedHTTPCachePolicyDAO.CountAllEnabledHTTPCachePolicies(tx, req.NodeClusterId, req.Keyword)
 	if err != nil {
 		return nil, err
 	}
@@ -116,7 +116,7 @@ func (this *HTTPCachePolicyService) ListEnabledHTTPCachePolicies(ctx context.Con

 	tx := this.NullTx()

-	cachePolicies, err := models.SharedHTTPCachePolicyDAO.ListEnabledHTTPCachePolicies(tx, req.Keyword, req.Offset, req.Size)
+	cachePolicies, err := models.SharedHTTPCachePolicyDAO.ListEnabledHTTPCachePolicies(tx, req.NodeClusterId, req.Keyword, req.Offset, req.Size)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -37,13 +37,14 @@ func (this *HTTPFirewallPolicyService) FindAllEnabledHTTPFirewallPolicies(ctx co
 	result := []*pb.HTTPFirewallPolicy{}
 	for _, p := range policies {
 		result = append(result, &pb.HTTPFirewallPolicy{
-			Id:           int64(p.Id),
-			Name:         p.Name,
-			Description:  p.Description,
-			IsOn:         p.IsOn == 1,
-			InboundJSON:  []byte(p.Inbound),
-			OutboundJSON: []byte(p.Outbound),
-			Mode:         p.Mode,
+			Id:               int64(p.Id),
+			Name:             p.Name,
+			Description:      p.Description,
+			IsOn:             p.IsOn == 1,
+			InboundJSON:      []byte(p.Inbound),
+			OutboundJSON:     []byte(p.Outbound),
+			Mode:             p.Mode,
+			UseLocalFirewall: p.UseLocalFirewall == 1,
 		})
 	}

@@ -284,7 +285,15 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 		return nil, err
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode)
+	var synFloodConfig = &firewallconfigs.SYNFloodConfig{}
+	if len(req.SynFloodJSON) > 0 {
+		err = json.Unmarshal(req.SynFloodJSON, synFloodConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -352,7 +361,7 @@ func (this *HTTPFirewallPolicyService) CountAllEnabledHTTPFirewallPolicies(ctx c

 	tx := this.NullTx()

-	count, err := models.SharedHTTPFirewallPolicyDAO.CountAllEnabledFirewallPolicies(tx, req.Keyword)
+	count, err := models.SharedHTTPFirewallPolicyDAO.CountAllEnabledFirewallPolicies(tx, req.NodeClusterId, req.Keyword)
 	if err != nil {
 		return nil, err
 	}
@@ -369,7 +378,7 @@ func (this *HTTPFirewallPolicyService) ListEnabledHTTPFirewallPolicies(ctx conte

 	tx := this.NullTx()

-	policies, err := models.SharedHTTPFirewallPolicyDAO.ListEnabledFirewallPolicies(tx, req.Keyword, req.Offset, req.Size)
+	policies, err := models.SharedHTTPFirewallPolicyDAO.ListEnabledFirewallPolicies(tx, req.NodeClusterId, req.Keyword, req.Offset, req.Size)
 	if err != nil {
 		return nil, err
 	}
@@ -377,13 +386,14 @@ func (this *HTTPFirewallPolicyService) ListEnabledHTTPFirewallPolicies(ctx conte
 	result := []*pb.HTTPFirewallPolicy{}
 	for _, p := range policies {
 		result = append(result, &pb.HTTPFirewallPolicy{
-			Id:           int64(p.Id),
-			Name:         p.Name,
-			Description:  p.Description,
-			IsOn:         p.IsOn == 1,
-			InboundJSON:  []byte(p.Inbound),
-			OutboundJSON: []byte(p.Outbound),
-			Mode:         p.Mode,
+			Id:               int64(p.Id),
+			Name:             p.Name,
+			Description:      p.Description,
+			IsOn:             p.IsOn == 1,
+			InboundJSON:      []byte(p.Inbound),
+			OutboundJSON:     []byte(p.Outbound),
+			Mode:             p.Mode,
+			UseLocalFirewall: p.UseLocalFirewall == 1,
 		})
 	}

@@ -468,12 +478,14 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicy(ctx context
 	}
 	return &pb.FindEnabledHTTPFirewallPolicyResponse{HttpFirewallPolicy: &pb.HTTPFirewallPolicy{
 		Id:           int64(policy.Id),
+		ServerId:     int64(policy.ServerId),
 		Name:         policy.Name,
 		Description:  policy.Description,
 		IsOn:         policy.IsOn == 1,
 		InboundJSON:  []byte(policy.Inbound),
 		OutboundJSON: []byte(policy.Outbound),
 		Mode:         policy.Mode,
+		SynFloodJSON: []byte(policy.SynFlood),
 	}}, nil
 }

--- a/internal/rpc/services/service_http_web.go
+++ b/internal/rpc/services/service_http_web.go
@@ -704,3 +704,46 @@ func (this *HTTPWebService) FindHTTPWebRequestLimit(ctx context.Context, req *pb

 	return &pb.FindHTTPWebRequestLimitResponse{RequestLimitJSON: configJSON}, nil
 }
+
+// UpdateHTTPWebRequestScripts 修改请求脚本
+func (this *HTTPWebService) UpdateHTTPWebRequestScripts(ctx context.Context, req *pb.UpdateHTTPWebRequestScriptsRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	var config = &serverconfigs.HTTPRequestScriptsConfig{}
+	err = json.Unmarshal(req.RequestScriptsJSON, config)
+	if err != nil {
+		return nil, err
+	}
+
+	err = models.SharedHTTPWebDAO.UpdateWebRequestScripts(tx, req.HttpWebId, config)
+	if err != nil {
+		return nil, err
+	}
+
+	return this.Success()
+}
+
+// FindHTTPWebRequestScripts 查找请求脚本
+func (this *HTTPWebService) FindHTTPWebRequestScripts(ctx context.Context, req *pb.FindHTTPWebRequestScriptsRequest) (*pb.FindHTTPWebRequestScriptsResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	config, err := models.SharedHTTPWebDAO.FindWebRequestScripts(tx, req.HttpWebId)
+	if err != nil {
+		return nil, err
+	}
+	configJSON, err := json.Marshal(config)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.FindHTTPWebRequestScriptsResponse{
+		RequestScriptsJSON: configJSON,
+	}, nil
+}
--- a/internal/rpc/services/service_ip_item.go
+++ b/internal/rpc/services/service_ip_item.go
@@ -280,6 +280,7 @@ func (this *IPItemService) ListIPItemsWithListId(ctx context.Context, req *pb.Li
 			SourceHTTPFirewallPolicy:      pbSourcePolicy,
 			SourceHTTPFirewallRuleGroup:   pbSourceGroup,
 			SourceHTTPFirewallRuleSet:     pbSourceSet,
+			IsRead:                        item.IsRead == 1,
 		})
 	}

@@ -483,7 +484,7 @@ func (this *IPItemService) CountAllEnabledIPItems(ctx context.Context, req *pb.C
 	if req.GlobalOnly {
 		listId = firewallconfigs.GlobalListId
 	}
-	count, err := models.SharedIPItemDAO.CountAllEnabledIPItems(tx, req.Ip, listId)
+	count, err := models.SharedIPItemDAO.CountAllEnabledIPItems(tx, req.Ip, listId, req.Unread)
 	if err != nil {
 		return nil, err
 	}
@@ -503,7 +504,7 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li
 	if req.GlobalOnly {
 		listId = firewallconfigs.GlobalListId
 	}
-	items, err := models.SharedIPItemDAO.ListAllEnabledIPItems(tx, req.Ip, listId, req.Offset, req.Size)
+	items, err := models.SharedIPItemDAO.ListAllEnabledIPItems(tx, req.Ip, listId, req.Unread, req.Offset, req.Size)
 	if err != nil {
 		return nil, err
 	}
@@ -565,6 +566,22 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li
 			}
 		}

+		// 节点
+		var pbSourceNode *pb.Node
+		if item.SourceNodeId > 0 {
+			node, err := models.SharedNodeDAO.FindEnabledBasicNode(tx, int64(item.SourceNodeId))
+			if err != nil {
+				return nil, err
+			}
+			if node != nil {
+				pbSourceNode = &pb.Node{
+					Id:          int64(node.Id),
+					Name:        node.Name,
+					NodeCluster: &pb.NodeCluster{Id: int64(node.ClusterId)},
+				}
+			}
+		}
+
 		var pbItem = &pb.IPItem{
 			Id:                            int64(item.Id),
 			IpFrom:                        item.IpFrom,
@@ -586,6 +603,8 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li
 			SourceHTTPFirewallPolicy:      pbSourcePolicy,
 			SourceHTTPFirewallRuleGroup:   pbSourceGroup,
 			SourceHTTPFirewallRuleSet:     pbSourceSet,
+			SourceNode:                    pbSourceNode,
+			IsRead:                        item.IsRead == 1,
 		}

 		// 所属名单
@@ -656,3 +675,18 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li

 	return &pb.ListAllEnabledIPItemsResponse{Results: results}, nil
 }
+
+// UpdateIPItemsRead 设置所有为已读
+func (this *IPItemService) UpdateIPItemsRead(ctx context.Context, req *pb.UpdateIPItemsReadRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	err = models.SharedIPItemDAO.UpdateItemsRead(tx)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
--- a/internal/rpc/services/service_node_cluster.go
+++ b/internal/rpc/services/service_node_cluster.go
@@ -83,7 +83,7 @@ func (this *NodeClusterService) UpdateNodeCluster(ctx context.Context, req *pb.U

 	tx := this.NullTx()

-	err = models.SharedNodeClusterDAO.UpdateCluster(tx, req.NodeClusterId, req.Name, req.NodeGrantId, req.InstallDir, req.TimeZone, req.NodeMaxThreads, req.NodeTCPMaxConnections)
+	err = models.SharedNodeClusterDAO.UpdateCluster(tx, req.NodeClusterId, req.Name, req.NodeGrantId, req.InstallDir, req.TimeZone, req.NodeMaxThreads, req.NodeTCPMaxConnections, req.AutoOpenPorts)
 	if err != nil {
 		return nil, err
 	}
@@ -163,6 +163,7 @@ func (this *NodeClusterService) FindEnabledNodeCluster(ctx context.Context, req
 		TimeZone:              cluster.TimeZone,
 		NodeMaxThreads:        int32(cluster.NodeMaxThreads),
 		NodeTCPMaxConnections: int32(cluster.NodeTCPMaxConnections),
+		AutoOpenPorts:         cluster.AutoOpenPorts == 1,
 	}}, nil
 }

--- a/internal/rpc/services/service_node_log.go
+++ b/internal/rpc/services/service_node_log.go
@@ -41,7 +41,7 @@ func (this *NodeLogService) CountNodeLogs(ctx context.Context, req *pb.CountNode

 	tx := this.NullTx()

-	count, err := models.SharedNodeLogDAO.CountNodeLogs(tx, req.Role, req.NodeId, req.ServerId, req.OriginId, req.DayFrom, req.DayTo, req.Keyword, req.Level, req.IsUnread)
+	count, err := models.SharedNodeLogDAO.CountNodeLogs(tx, req.Role, req.NodeClusterId, req.NodeId, req.ServerId, req.OriginId, req.DayFrom, req.DayTo, req.Keyword, req.Level, req.IsUnread, req.Tag)
 	if err != nil {
 		return nil, err
 	}
@@ -57,7 +57,7 @@ func (this *NodeLogService) ListNodeLogs(ctx context.Context, req *pb.ListNodeLo

 	tx := this.NullTx()

-	logs, err := models.SharedNodeLogDAO.ListNodeLogs(tx, req.Role, req.NodeId, req.ServerId, req.OriginId, req.AllServers, req.DayFrom, req.DayTo, req.Keyword, req.Level, types.Int8(req.FixedState), req.IsUnread, req.Offset, req.Size)
+	logs, err := models.SharedNodeLogDAO.ListNodeLogs(tx, req.Role, req.NodeClusterId, req.NodeId, req.ServerId, req.OriginId, req.AllServers, req.DayFrom, req.DayTo, req.Keyword, req.Level, types.Int8(req.FixedState), req.IsUnread, req.Tag, req.Offset, req.Size)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_origin.go
+++ b/internal/rpc/services/service_origin.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/maps"
 )

@@ -58,7 +59,20 @@ func (this *OriginService) CreateOrigin(ctx context.Context, req *pb.CreateOrigi
 		}
 	}

-	originId, err := models.SharedOriginDAO.CreateOrigin(tx, adminId, userId, req.Name, string(addrMap.AsJSON()), req.Description, req.Weight, req.IsOn, connTimeout, readTimeout, idleTimeout, req.MaxConns, req.MaxIdleConns, req.Domains)
+	// cert
+	var certRef *sslconfigs.SSLCertRef
+	if len(req.CertRefJSON) > 0 {
+		certRef = &sslconfigs.SSLCertRef{}
+		err = json.Unmarshal(req.CertRefJSON, certRef)
+		if err != nil {
+			return nil, err
+		}
+		if certRef.CertId <= 0 {
+			certRef = nil
+		}
+	}
+
+	originId, err := models.SharedOriginDAO.CreateOrigin(tx, adminId, userId, req.Name, string(addrMap.AsJSON()), req.Description, req.Weight, req.IsOn, connTimeout, readTimeout, idleTimeout, req.MaxConns, req.MaxIdleConns, certRef, req.Domains)
 	if err != nil {
 		return nil, err
 	}
@@ -112,7 +126,20 @@ func (this *OriginService) UpdateOrigin(ctx context.Context, req *pb.UpdateOrigi
 		}
 	}

-	err = models.SharedOriginDAO.UpdateOrigin(tx, req.OriginId, req.Name, string(addrMap.AsJSON()), req.Description, req.Weight, req.IsOn, connTimeout, readTimeout, idleTimeout, req.MaxConns, req.MaxIdleConns, req.Domains)
+	// cert
+	var certRef *sslconfigs.SSLCertRef
+	if len(req.CertRefJSON) > 0 {
+		certRef = &sslconfigs.SSLCertRef{}
+		err = json.Unmarshal(req.CertRefJSON, certRef)
+		if err != nil {
+			return nil, err
+		}
+		if certRef.CertId <= 0 {
+			certRef = nil
+		}
+	}
+
+	err = models.SharedOriginDAO.UpdateOrigin(tx, req.OriginId, req.Name, string(addrMap.AsJSON()), req.Description, req.Weight, req.IsOn, connTimeout, readTimeout, idleTimeout, req.MaxConns, req.MaxIdleConns, certRef, req.Domains)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_region_city.go
+++ b/internal/rpc/services/service_region_city.go
@@ -0,0 +1,70 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package services
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/regions"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+// RegionCityService 城市相关服务
+type RegionCityService struct {
+	BaseService
+}
+
+// FindAllEnabledRegionCities 查找所有城市
+func (this *RegionCityService) FindAllEnabledRegionCities(ctx context.Context, req *pb.FindAllEnabledRegionCitiesRequest) (*pb.FindAllEnabledRegionCitiesResponse, error) {
+	_, _, err := this.ValidateNodeId(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	cities, err := regions.SharedRegionCityDAO.FindAllEnabledCities(tx)
+	if err != nil {
+		return nil, err
+	}
+
+	var pbCities = []*pb.RegionCity{}
+	for _, city := range cities {
+		pbCities = append(pbCities, &pb.RegionCity{
+			Id:               int64(city.Id),
+			Name:             city.Name,
+			Codes:            city.DecodeCodes(),
+			RegionProvinceId: int64(city.ProvinceId),
+		})
+	}
+
+	return &pb.FindAllEnabledRegionCitiesResponse{
+		RegionCities: pbCities,
+	}, nil
+}
+
+// FindEnabledRegionCity 查找单个城市信息
+func (this *RegionCityService) FindEnabledRegionCity(ctx context.Context, req *pb.FindEnabledRegionCityRequest) (*pb.FindEnabledRegionCityResponse, error) {
+	_, _, err := this.ValidateNodeId(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	city, err := regions.SharedRegionCityDAO.FindEnabledRegionCity(tx, req.RegionCityId)
+	if err != nil {
+		return nil, err
+	}
+	if city == nil {
+		return &pb.FindEnabledRegionCityResponse{
+			RegionCity: nil,
+		}, nil
+	}
+
+	return &pb.FindEnabledRegionCityResponse{
+		RegionCity: &pb.RegionCity{
+			Id:               int64(city.Id),
+			Name:             city.Name,
+			Codes:            city.DecodeCodes(),
+			RegionProvinceId: int64(city.ProvinceId),
+		},
+	}, nil
+}
--- a/internal/rpc/services/service_region_country.go
+++ b/internal/rpc/services/service_region_country.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/regions"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )

@@ -16,7 +15,7 @@ type RegionCountryService struct {
 // FindAllEnabledRegionCountries 查找所有的国家列表
 func (this *RegionCountryService) FindAllEnabledRegionCountries(ctx context.Context, req *pb.FindAllEnabledRegionCountriesRequest) (*pb.FindAllEnabledRegionCountriesResponse, error) {
 	// 校验请求
-	_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeNode)
+	_, _, err := this.ValidateNodeId(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -47,29 +46,29 @@ func (this *RegionCountryService) FindAllEnabledRegionCountries(ctx context.Cont
 		})
 	}
 	return &pb.FindAllEnabledRegionCountriesResponse{
-		Countries: result,
+		RegionCountries: result,
 	}, nil
 }

 // FindEnabledRegionCountry 查找单个国家信息
 func (this *RegionCountryService) FindEnabledRegionCountry(ctx context.Context, req *pb.FindEnabledRegionCountryRequest) (*pb.FindEnabledRegionCountryResponse, error) {
 	// 校验请求
-	_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeNode)
+	_, _, err := this.ValidateNodeId(ctx)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

-	country, err := regions.SharedRegionCountryDAO.FindEnabledRegionCountry(tx, req.CountryId)
+	country, err := regions.SharedRegionCountryDAO.FindEnabledRegionCountry(tx, req.RegionCountryId)
 	if err != nil {
 		return nil, err
 	}
 	if country == nil {
-		return &pb.FindEnabledRegionCountryResponse{Country: nil}, nil
+		return &pb.FindEnabledRegionCountryResponse{RegionCountry: nil}, nil
 	}

-	return &pb.FindEnabledRegionCountryResponse{Country: &pb.RegionCountry{
+	return &pb.FindEnabledRegionCountryResponse{RegionCountry: &pb.RegionCountry{
 		Id:    int64(country.Id),
 		Name:  country.Name,
 		Codes: country.DecodeCodes(),
--- a/internal/rpc/services/service_region_provider.go
+++ b/internal/rpc/services/service_region_provider.go
@@ -0,0 +1,68 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package services
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/regions"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+// RegionProviderService ISP相关服务
+type RegionProviderService struct {
+	BaseService
+}
+
+// FindAllEnabledRegionProviders 查找所有ISP
+func (this *RegionProviderService) FindAllEnabledRegionProviders(ctx context.Context, req *pb.FindAllEnabledRegionProvidersRequest) (*pb.FindAllEnabledRegionProvidersResponse, error) {
+	_, _, err := this.ValidateNodeId(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	providers, err := regions.SharedRegionProviderDAO.FindAllEnabledProviders(tx)
+	if err != nil {
+		return nil, err
+	}
+
+	var pbProviders = []*pb.RegionProvider{}
+	for _, provider := range providers {
+		pbProviders = append(pbProviders, &pb.RegionProvider{
+			Id:    int64(provider.Id),
+			Name:  provider.Name,
+			Codes: provider.DecodeCodes(),
+		})
+	}
+
+	return &pb.FindAllEnabledRegionProvidersResponse{
+		RegionProviders: pbProviders,
+	}, nil
+}
+
+// FindEnabledRegionProvider 查找单个ISP信息
+func (this *RegionProviderService) FindEnabledRegionProvider(ctx context.Context, req *pb.FindEnabledRegionProviderRequest) (*pb.FindEnabledRegionProviderResponse, error) {
+	_, _, err := this.ValidateNodeId(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	provider, err := regions.SharedRegionProviderDAO.FindEnabledRegionProvider(tx, req.RegionProviderId)
+	if err != nil {
+		return nil, err
+	}
+	if provider == nil {
+		return &pb.FindEnabledRegionProviderResponse{
+			RegionProvider: nil,
+		}, nil
+	}
+
+	return &pb.FindEnabledRegionProviderResponse{
+		RegionProvider: &pb.RegionProvider{
+			Id:    int64(provider.Id),
+			Name:  provider.Name,
+			Codes: provider.DecodeCodes(),
+		},
+	}, nil
+}
--- a/internal/rpc/services/service_region_province.go
+++ b/internal/rpc/services/service_region_province.go
@@ -3,7 +3,6 @@ package services
 import (
 	"context"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/regions"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )

@@ -15,14 +14,14 @@ type RegionProvinceService struct {
 // FindAllEnabledRegionProvincesWithCountryId 查找所有省份
 func (this *RegionProvinceService) FindAllEnabledRegionProvincesWithCountryId(ctx context.Context, req *pb.FindAllEnabledRegionProvincesWithCountryIdRequest) (*pb.FindAllEnabledRegionProvincesWithCountryIdResponse, error) {
 	// 校验请求
-	_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeNode)
+	_, _, err := this.ValidateNodeId(ctx)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

-	provinces, err := regions.SharedRegionProvinceDAO.FindAllEnabledProvincesWithCountryId(tx, req.CountryId)
+	provinces, err := regions.SharedRegionProvinceDAO.FindAllEnabledProvincesWithCountryId(tx, req.RegionCountryId)
 	if err != nil {
 		return nil, err
 	}
@@ -36,30 +35,30 @@ func (this *RegionProvinceService) FindAllEnabledRegionProvincesWithCountryId(ct
 	}

 	return &pb.FindAllEnabledRegionProvincesWithCountryIdResponse{
-		Provinces: result,
+		RegionProvinces: result,
 	}, nil
 }

 // FindEnabledRegionProvince 查找单个省份信息
 func (this *RegionProvinceService) FindEnabledRegionProvince(ctx context.Context, req *pb.FindEnabledRegionProvinceRequest) (*pb.FindEnabledRegionProvinceResponse, error) {
 	// 校验请求
-	_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeNode)
+	_, _, err := this.ValidateNodeId(ctx)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

-	province, err := regions.SharedRegionProvinceDAO.FindEnabledRegionProvince(tx, req.ProvinceId)
+	province, err := regions.SharedRegionProvinceDAO.FindEnabledRegionProvince(tx, req.RegionProvinceId)
 	if err != nil {
 		return nil, err
 	}
 	if province == nil {
-		return &pb.FindEnabledRegionProvinceResponse{Province: nil}, nil
+		return &pb.FindEnabledRegionProvinceResponse{RegionProvince: nil}, nil
 	}

 	return &pb.FindEnabledRegionProvinceResponse{
-		Province: &pb.RegionProvince{
+		RegionProvince: &pb.RegionProvince{
 			Id:    int64(province.Id),
 			Name:  province.Name,
 			Codes: province.DecodeCodes(),
--- a/internal/rpc/services/service_server.go
+++ b/internal/rpc/services/service_server.go
@@ -12,6 +12,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/messageconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	timeutil "github.com/iwind/TeaGo/utils/time"
@@ -71,6 +72,20 @@ func (this *ServerService) CreateServer(ctx context.Context, req *pb.CreateServe
 		if nodeClusterId > 0 {
 			req.NodeClusterId = nodeClusterId
 		}
+
+		// 服务分组
+		for _, groupId := range req.ServerGroupIds {
+			err := models.SharedServerGroupDAO.CheckUserGroup(tx, userId, groupId)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// 增加默认分组
+		config, err := models.SharedSysSettingDAO.ReadUserServerConfig(tx)
+		if err == nil && config.GroupId > 0 && !lists.ContainsInt64(req.ServerGroupIds, config.GroupId) {
+			req.ServerGroupIds = append(req.ServerGroupIds, config.GroupId)
+		}
 	} else if req.UserId > 0 {
 		// 集群
 		nodeClusterId, err := models.SharedUserDAO.FindUserClusterId(tx, req.UserId)
@@ -691,6 +706,7 @@ func (this *ServerService) ListEnabledServersMatch(ctx context.Context, req *pb.
 			AuditingResult:          auditingResult,
 			CreatedAt:               int64(server.CreatedAt),
 			DnsName:                 server.DnsName,
+			UserPlanId:              int64(server.UserPlanId),
 			NodeCluster: &pb.NodeCluster{
 				Id:   int64(server.ClusterId),
 				Name: clusterName,
@@ -1085,14 +1101,14 @@ func (this *ServerService) CountAllEnabledServersWithNodeClusterId(ctx context.C
 // CountAllEnabledServersWithServerGroupId 计算使用某个分组的服务数量
 func (this *ServerService) CountAllEnabledServersWithServerGroupId(ctx context.Context, req *pb.CountAllEnabledServersWithServerGroupIdRequest) (*pb.RPCCountResponse, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

-	count, err := models.SharedServerDAO.CountAllEnabledServersWithGroupId(tx, req.ServerGroupId)
+	count, err := models.SharedServerDAO.CountAllEnabledServersWithGroupId(tx, req.ServerGroupId, userId)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_server_group.go
+++ b/internal/rpc/services/service_server_group.go
@@ -16,14 +16,14 @@ type ServerGroupService struct {
 // CreateServerGroup 创建分组
 func (this *ServerGroupService) CreateServerGroup(ctx context.Context, req *pb.CreateServerGroupRequest) (*pb.CreateServerGroupResponse, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

-	groupId, err := models.SharedServerGroupDAO.CreateGroup(tx, req.Name)
+	groupId, err := models.SharedServerGroupDAO.CreateGroup(tx, req.Name, userId)
 	if err != nil {
 		return nil, err
 	}
@@ -33,13 +33,21 @@ func (this *ServerGroupService) CreateServerGroup(ctx context.Context, req *pb.C
 // UpdateServerGroup 修改分组
 func (this *ServerGroupService) UpdateServerGroup(ctx context.Context, req *pb.UpdateServerGroupRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

+	// 检查用户权限
+	if userId > 0 {
+		err = models.SharedServerGroupDAO.CheckUserGroup(tx, userId, req.ServerGroupId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	err = models.SharedServerGroupDAO.UpdateGroup(tx, req.ServerGroupId, req.Name)
 	if err != nil {
 		return nil, err
@@ -51,13 +59,21 @@ func (this *ServerGroupService) UpdateServerGroup(ctx context.Context, req *pb.U
 // DeleteServerGroup 删除分组
 func (this *ServerGroupService) DeleteServerGroup(ctx context.Context, req *pb.DeleteServerGroupRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

+	// 检查用户权限
+	if userId > 0 {
+		err = models.SharedServerGroupDAO.CheckUserGroup(tx, userId, req.ServerGroupId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	err = models.SharedServerGroupDAO.DisableServerGroup(tx, req.ServerGroupId)
 	if err != nil {
 		return nil, err
@@ -69,14 +85,14 @@ func (this *ServerGroupService) DeleteServerGroup(ctx context.Context, req *pb.D
 // FindAllEnabledServerGroups 查询所有分组
 func (this *ServerGroupService) FindAllEnabledServerGroups(ctx context.Context, req *pb.FindAllEnabledServerGroupsRequest) (*pb.FindAllEnabledServerGroupsResponse, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

-	groups, err := models.SharedServerGroupDAO.FindAllEnabledGroups(tx)
+	groups, err := models.SharedServerGroupDAO.FindAllEnabledGroups(tx, userId)
 	if err != nil {
 		return nil, err
 	}
@@ -93,14 +109,14 @@ func (this *ServerGroupService) FindAllEnabledServerGroups(ctx context.Context,
 // UpdateServerGroupOrders 修改分组排序
 func (this *ServerGroupService) UpdateServerGroupOrders(ctx context.Context, req *pb.UpdateServerGroupOrdersRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

-	err = models.SharedServerGroupDAO.UpdateGroupOrders(tx, req.ServerGroupIds)
+	err = models.SharedServerGroupDAO.UpdateGroupOrders(tx, req.ServerGroupIds, userId)
 	if err != nil {
 		return nil, err
 	}
@@ -110,7 +126,7 @@ func (this *ServerGroupService) UpdateServerGroupOrders(ctx context.Context, req
 // FindEnabledServerGroup 查找单个分组信息
 func (this *ServerGroupService) FindEnabledServerGroup(ctx context.Context, req *pb.FindEnabledServerGroupRequest) (*pb.FindEnabledServerGroupResponse, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -127,6 +143,13 @@ func (this *ServerGroupService) FindEnabledServerGroup(ctx context.Context, req
 		}, nil
 	}

+	// 检查用户权限
+	if userId > 0 && int64(group.UserId) != userId {
+		return &pb.FindEnabledServerGroupResponse{
+			ServerGroup: nil,
+		}, nil
+	}
+
 	return &pb.FindEnabledServerGroupResponse{
 		ServerGroup: &pb.ServerGroup{
 			Id:   int64(group.Id),
@@ -354,13 +377,30 @@ func (this *ServerGroupService) UpdateServerGroupUDPReverseProxy(ctx context.Con
 // FindEnabledServerGroupConfigInfo 取得分组的配置概要信息
 func (this *ServerGroupService) FindEnabledServerGroupConfigInfo(ctx context.Context, req *pb.FindEnabledServerGroupConfigInfoRequest) (*pb.FindEnabledServerGroupConfigInfoResponse, error) {
 	// 校验请求
-	_, err := this.ValidateAdmin(ctx, 0)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

 	tx := this.NullTx()

+	// 检查用户权限
+	if userId > 0 {
+		if req.ServerId > 0 {
+			err = models.SharedServerDAO.CheckUserServer(tx, userId, req.ServerId)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if req.ServerGroupId > 0 {
+			err = models.SharedServerGroupDAO.CheckUserGroup(tx, userId, req.ServerGroupId)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
 	var group *models.ServerGroup
 	if req.ServerGroupId > 0 {
 		group, err = models.SharedServerGroupDAO.FindEnabledServerGroup(tx, req.ServerGroupId)
--- a/internal/rpc/services/service_server_region_provider_monthly_stat.go
+++ b/internal/rpc/services/service_server_region_provider_monthly_stat.go
@@ -37,7 +37,7 @@ func (this *ServerRegionProviderMonthlyStatService) FindTopServerRegionProviderM
 		pbStat := &pb.FindTopServerRegionProviderMonthlyStatsResponse_Stat{
 			Count: int64(stat.Count),
 		}
-		provider, err := regions.SharedRegionProviderDAO.FindEnabledRegionProvider(tx, stat.ProviderId)
+		provider, err := regions.SharedRegionProviderDAO.FindEnabledRegionProvider(tx, int64(stat.ProviderId))
 		if err != nil {
 			return nil, err
 		}
--- a/internal/rpc/services/service_server_stat_board.go
+++ b/internal/rpc/services/service_server_stat_board.go
@@ -74,7 +74,7 @@ func (this *ServerStatBoardService) ComposeServerStatNodeClusterBoard(ctx contex
 	}
 	result.CountInactiveNodes = countInactiveNodes

-	countUsers, err := models.SharedUserDAO.CountAllEnabledUsers(tx, req.NodeClusterId, "")
+	countUsers, err := models.SharedUserDAO.CountAllEnabledUsers(tx, req.NodeClusterId, "", false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_user.go
+++ b/internal/rpc/services/service_user.go
@@ -5,12 +5,15 @@ import (
 	"encoding/json"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/userconfigs"
+	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/types"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"time"
@@ -30,13 +33,82 @@ func (this *UserService) CreateUser(ctx context.Context, req *pb.CreateUserReque

 	tx := this.NullTx()

-	userId, err := models.SharedUserDAO.CreateUser(tx, req.Username, req.Password, req.Fullname, req.Mobile, req.Tel, req.Email, req.Remark, req.Source, req.NodeClusterId)
+	userId, err := models.SharedUserDAO.CreateUser(tx, req.Username, req.Password, req.Fullname, req.Mobile, req.Tel, req.Email, req.Remark, req.Source, req.NodeClusterId, nil, "", true)
 	if err != nil {
 		return nil, err
 	}
 	return &pb.CreateUserResponse{UserId: userId}, nil
 }

+// RegisterUser 注册用户
+func (this *UserService) RegisterUser(ctx context.Context, req *pb.RegisterUserRequest) (*pb.RPCSuccess, error) {
+	userId, err := this.ValidateUserNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if userId > 0 {
+		return nil, this.PermissionError()
+	}
+
+	// 注册配置
+	configJSON, err := models.SharedSysSettingDAO.ReadSetting(nil, systemconfigs.SettingCodeUserRegisterConfig)
+	if err != nil {
+		return nil, err
+	}
+	if len(configJSON) == 0 {
+		return nil, errors.New("the registration has been disabled")
+	}
+	var config = userconfigs.DefaultUserRegisterConfig()
+	err = json.Unmarshal(configJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	if !config.IsOn {
+		return nil, errors.New("the registration has been disabled")
+	}
+
+	err = this.RunTx(func(tx *dbs.Tx) error {
+		// 检查用户名
+		exists, err := models.SharedUserDAO.ExistUser(tx, 0, req.Username)
+		if err != nil {
+			return err
+		}
+		if exists {
+			return errors.New("the username exists already")
+		}
+
+		// 创建用户
+		_, err = models.SharedUserDAO.CreateUser(tx, req.Username, req.Password, req.Fullname, req.Mobile, "", req.Email, "", req.Source, config.ClusterId, config.Features, req.Ip, !config.RequireVerification)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
+
+// VerifyUser 审核用户
+func (this *UserService) VerifyUser(ctx context.Context, req *pb.VerifyUserRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	err = models.SharedUserDAO.UpdateUserIsVerified(tx, req.UserId, req.IsRejected, req.RejectReason)
+	if err != nil {
+		return nil, err
+	}
+
+	return this.Success()
+}
+
 // UpdateUser 修改用户
 func (this *UserService) UpdateUser(ctx context.Context, req *pb.UpdateUserRequest) (*pb.RPCSuccess, error) {
 	_, err := this.ValidateAdmin(ctx, 0)
@@ -103,7 +175,7 @@ func (this *UserService) CountAllEnabledUsers(ctx context.Context, req *pb.Count

 	tx := this.NullTx()

-	count, err := models.SharedUserDAO.CountAllEnabledUsers(tx, 0, req.Keyword)
+	count, err := models.SharedUserDAO.CountAllEnabledUsers(tx, 0, req.Keyword, req.IsVerifying)
 	if err != nil {
 		return nil, err
 	}
@@ -119,7 +191,7 @@ func (this *UserService) ListEnabledUsers(ctx context.Context, req *pb.ListEnabl

 	tx := this.NullTx()

-	users, err := models.SharedUserDAO.ListEnabledUsers(tx, 0, req.Keyword, req.Offset, req.Size)
+	users, err := models.SharedUserDAO.ListEnabledUsers(tx, 0, req.Keyword, req.IsVerifying, req.Offset, req.Size)
 	if err != nil {
 		return nil, err
 	}
@@ -140,16 +212,19 @@ func (this *UserService) ListEnabledUsers(ctx context.Context, req *pb.ListEnabl
 		}

 		result = append(result, &pb.User{
-			Id:          int64(user.Id),
-			Username:    user.Username,
-			Fullname:    user.Fullname,
-			Mobile:      user.Mobile,
-			Tel:         user.Tel,
-			Email:       user.Email,
-			Remark:      user.Remark,
-			IsOn:        user.IsOn == 1,
-			CreatedAt:   int64(user.CreatedAt),
-			NodeCluster: pbCluster,
+			Id:           int64(user.Id),
+			Username:     user.Username,
+			Fullname:     user.Fullname,
+			Mobile:       user.Mobile,
+			Tel:          user.Tel,
+			Email:        user.Email,
+			Remark:       user.Remark,
+			IsOn:         user.IsOn == 1,
+			RegisteredIP: user.RegisteredIP,
+			IsVerified:   user.IsVerified == 1,
+			IsRejected:   user.IsRejected == 1,
+			CreatedAt:    int64(user.CreatedAt),
+			NodeCluster:  pbCluster,
 		})
 	}

@@ -187,16 +262,20 @@ func (this *UserService) FindEnabledUser(ctx context.Context, req *pb.FindEnable
 	}

 	return &pb.FindEnabledUserResponse{User: &pb.User{
-		Id:          int64(user.Id),
-		Username:    user.Username,
-		Fullname:    user.Fullname,
-		Mobile:      user.Mobile,
-		Tel:         user.Tel,
-		Email:       user.Email,
-		Remark:      user.Remark,
-		IsOn:        user.IsOn == 1,
-		CreatedAt:   int64(user.CreatedAt),
-		NodeCluster: pbCluster,
+		Id:           int64(user.Id),
+		Username:     user.Username,
+		Fullname:     user.Fullname,
+		Mobile:       user.Mobile,
+		Tel:          user.Tel,
+		Email:        user.Email,
+		Remark:       user.Remark,
+		IsOn:         user.IsOn == 1,
+		CreatedAt:    int64(user.CreatedAt),
+		RegisteredIP: user.RegisteredIP,
+		IsVerified:   user.IsVerified == 1,
+		IsRejected:   user.IsRejected == 1,
+		RejectReason: user.RejectReason,
+		NodeCluster:  pbCluster,
 	}}, nil
 }

@@ -279,7 +358,7 @@ func (this *UserService) UpdateUserInfo(ctx context.Context, req *pb.UpdateUserI

 	tx := this.NullTx()

-	err = models.SharedUserDAO.UpdateUserInfo(tx, req.UserId, req.Fullname)
+	err = models.SharedUserDAO.UpdateUserInfo(tx, req.UserId, req.Fullname, req.Mobile, req.Email)
 	if err != nil {
 		return nil, err
 	}
@@ -469,12 +548,19 @@ func (this *UserService) ComposeUserGlobalBoard(ctx context.Context, req *pb.Com

 	var result = &pb.ComposeUserGlobalBoardResponse{}
 	var tx = this.NullTx()
-	totalUsers, err := models.SharedUserDAO.CountAllEnabledUsers(tx, 0, "")
+	totalUsers, err := models.SharedUserDAO.CountAllEnabledUsers(tx, 0, "", false)
 	if err != nil {
 		return nil, err
 	}
 	result.TotalUsers = totalUsers

+	// 等待审核的用户
+	countVerifyingUsers, err := models.SharedUserDAO.CountAllVerifyingUsers(tx)
+	if err != nil {
+		return nil, err
+	}
+	result.CountVerifyingUsers = countVerifyingUsers
+
 	countTodayUsers, err := models.SharedUserDAO.SumDailyUsers(tx, timeutil.Format("Ymd"), timeutil.Format("Ymd"))
 	if err != nil {
 		return nil, err
--- a/internal/setup/sql.go
+++ b/internal/setup/sql.go
--- a/internal/setup/sql_upgrade.go
+++ b/internal/setup/sql_upgrade.go
@@ -62,6 +62,9 @@ var upgradeFuncs = []*upgradeVersion{
 	{
 		"0.3.7", upgradeV0_3_7,
 	},
+	{
+		"0.4.0", upgradeV0_4_0,
+	},
 }

 // UpgradeSQLData 升级SQL数据
@@ -552,3 +555,17 @@ func upgradeV0_3_7(db *dbs.DB) error {

 	return nil
 }
+
+// v0.4.0
+func upgradeV0_4_0(db *dbs.DB) error {
+	// 升级SYN Flood配置
+	synFloodJSON, err := json.Marshal(firewallconfigs.DefaultSYNFloodConfig())
+	if err == nil {
+		_, err := db.Exec("UPDATE edgeHTTPFirewallPolicies SET synFlood=? WHERE synFlood IS NULL AND state=1", string(synFloodJSON))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
--- a/internal/setup/sql_upgrade_test.go
+++ b/internal/setup/sql_upgrade_test.go
@@ -84,3 +84,20 @@ func TestUpgradeSQLData_v0_3_7(t *testing.T) {
 	}
 	t.Log("ok")
 }
+
+
+func TestUpgradeSQLData_v0_4_0(t *testing.T) {
+	db, err := dbs.NewInstanceFromConfig(&dbs.DBConfig{
+		Driver: "mysql",
+		Dsn:    "root:123456@tcp(127.0.0.1:3306)/db_edge?charset=utf8mb4&timeout=30s",
+		Prefix: "edge",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = upgradeV0_4_0(db)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
--- a/internal/tasks/monitor_item_value_task.go
+++ b/internal/tasks/monitor_item_value_task.go
@@ -29,7 +29,7 @@ func NewMonitorItemValueTask() *MonitorItemValueTask {
 }

 func (this *MonitorItemValueTask) Start() {
-	ticker := time.NewTicker(24 * time.Hour)
+	ticker := time.NewTicker(1 * time.Hour)
 	if Tea.IsTesting() {
 		ticker = time.NewTicker(1 * time.Minute)
 	}
--- a/internal/tasks/node_log_cleaner_task.go
+++ b/internal/tasks/node_log_cleaner_task.go
@@ -38,12 +38,12 @@ func (this *NodeLogCleanerTask) Start() {
 }

 func (this *NodeLogCleanerTask) loop() error {
-	// 删除7天以前的info日志
-	err := models.SharedNodeLogDAO.DeleteExpiredLogsWithLevel(nil, "info", 7)
+	// 删除 N天 以前的info日志
+	err := models.SharedNodeLogDAO.DeleteExpiredLogsWithLevel(nil, "info", 3)
 	if err != nil {
 		return err
 	}

-	// TODO 14天这个数值改成可以设置
-	return models.SharedNodeLogDAO.DeleteExpiredLogs(nil, 14)
+	// TODO 7天这个数值改成可以设置
+	return models.SharedNodeLogDAO.DeleteExpiredLogs(nil, 7)
 }
Author	SHA1	Message	Date
刘祥超	5789b1afb9	修改用户版本号	2022-01-16 20:38:53 +08:00
刘祥超	6f9f9dfb6f	源站支持客户端证书	2022-01-16 19:51:54 +08:00
刘祥超	171bafce6a	WAF策略简要信息中增加serverId	2022-01-14 10:43:22 +08:00
刘祥超	7c7fecab26	可以使用集群搜索WAF策略、缓存策略	2022-01-11 15:46:41 +08:00
刘祥超	7afdf5a2d9	上传SQL	2022-01-11 15:29:03 +08:00
刘祥超	ee9718ac77	运行日志可以使用集群、节点筛选	2022-01-11 14:59:32 +08:00
刘祥超	15e10182da	访问日志可以使用集群和节点搜索	2022-01-11 12:03:20 +08:00
刘祥超	4341c5b738	增加读取当日拦截数API	2022-01-11 09:46:37 +08:00
刘祥超	cf9b31b8eb	自动升级SYN Flood配置	2022-01-10 20:07:26 +08:00
刘祥超	564d440cd1	实现自动SYN Flood防护	2022-01-10 19:54:37 +08:00
刘祥超	bad9231ab3	API相关HTTP请求增加User-Agent	2022-01-10 09:58:34 +08:00
刘祥超	a78333c490	上传SQL	2022-01-09 20:13:30 +08:00
刘祥超	ace44173ec	WAF策略增加是否使用本地防火墙设置	2022-01-09 17:05:36 +08:00
刘祥超	5155ce97af	节点统计数据只保留两个小时	2022-01-09 11:14:05 +08:00
刘祥超	e2bf3ba1a4	节点配置增加产品信息	2022-01-09 10:44:17 +08:00
刘祥超	9abc65bd2b	IP名单增加未读状态	2022-01-08 16:48:17 +08:00
刘祥超	a99156ea49	自动加入名单不需要即时更新	2022-01-08 15:24:51 +08:00
刘祥超	d35db163ae	增加城市/ISP查询接口	2022-01-06 16:25:23 +08:00
刘祥超	e7b0f0df90	部分API支持用户平台调用	2022-01-05 20:12:37 +08:00
刘祥超	eab09fa37a	用户创建服务时刻自动添加到分组	2022-01-05 15:55:02 +08:00
刘祥超	ec3f89ecf5	用户列表可以使用待审核、关键词搜索	2022-01-05 11:12:24 +08:00
刘祥超	d58106c7ca	实现用户注册/审核功能	2022-01-05 10:45:19 +08:00
刘祥超	5da924118d	更新数据库	2022-01-04 18:29:25 +08:00
刘祥超	51e37f0c52	可以在集群中配置是否自动在firewalld中开放端口	2022-01-03 16:27:50 +08:00
刘祥超	7e9e764322	节点日志可以使用标签筛选/级别可以填写多个，用逗号分隔	2022-01-03 11:04:14 +08:00
刘祥超	75e41fff4d	缩短节点运行日志保存时间	2022-01-03 10:19:17 +08:00
刘祥超	8a9842edaf	优化检查节点更新代码	2022-01-01 17:36:01 +08:00
刘祥超	4e8629d74a	实现初版边缘脚本	2021-12-31 15:21:27 +08:00
刘祥超	2e02aa556e	修改版本为0.4.0	2021-12-31 15:19:32 +08:00
刘祥超	974c95c20a	修改版本号0.3.8	2021-12-31 11:38:00 +08:00