自动添加firewalld使用异步

优化代码
2022-09-04 06:36:22 +08:00 · 2022-09-03 22:23:16 +08:00 · 2022-09-03 22:03:22 +08:00 · 2022-09-03 12:43:06 +08:00 · 2022-08-30 11:40:01 +08:00 · 2022-08-30 11:23:35 +08:00
214 changed files with 5886 additions and 11001 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 *_plus.go
-*-plus.sh
+*-plus.sh
+*_plus_test.go
--- a/build/build.sh
+++ b/build/build.sh
@@ -88,15 +88,13 @@ function build() {
 		mkdir "$DIST"/bin
 		mkdir "$DIST"/configs
 		mkdir "$DIST"/logs
+		mkdir "$DIST"/data
 	fi
 	cp "$ROOT"/configs/api.template.yaml "$DIST"/configs/
 	cp "$ROOT"/configs/db.template.yaml "$DIST"/configs/
 	cp -R "$ROOT"/deploy "$DIST/"
 	rm -f "$DIST"/deploy/.gitignore
 	cp -R "$ROOT"/installers "$DIST"/
-	cp -R "$ROOT"/resources "$DIST"/
-	rm -f "$DIST"/resources/ipdata/ip2region/global_region.csv
-	rm -f "$DIST"/resources/ipdata/ip2region/ip.merge.txt

 	# building edge installer
 	echo "building node installer ..."
--- a/build/resources/ipdata/ip2region/global_region.csv
+++ b/build/resources/ipdata/ip2region/global_region.csv
--- a/build/resources/ipdata/ip2region/ip2region.db
+++ b/build/resources/ipdata/ip2region/ip2region.db
--- a/cmd/edge-api/main.go
+++ b/cmd/edge-api/main.go
@@ -14,7 +14,6 @@ import (
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	"github.com/iwind/gosock/pkg/gosock"
-	"io/ioutil"
 	"log"
 	"os"
 )
@@ -130,7 +129,7 @@ func main() {
 		flagSet.BoolVar(&formatJSON, "json", false, "")
 		_ = flagSet.Parse(os.Args[2:])

-		data, err := ioutil.ReadFile(Tea.LogFile("issues.log"))
+		data, err := os.ReadFile(Tea.LogFile("issues.log"))
 		if err != nil {
 			if formatJSON {
 				fmt.Print("[]")
--- a/cmd/ip2region/main.go
+++ b/cmd/ip2region/main.go
@@ -1,193 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models/regions"
-	"github.com/iwind/TeaGo/Tea"
-	_ "github.com/iwind/TeaGo/bootstrap"
-	"github.com/iwind/TeaGo/dbs"
-	"github.com/iwind/TeaGo/lists"
-	"github.com/iwind/TeaGo/logs"
-	"io/ioutil"
-	"os"
-	"regexp"
-	"strings"
-)
-
-func main() {
-	// 导入数据
-	if lists.ContainsString(os.Args, "import") {
-		dbs.NotifyReady()
-
-		data, err := ioutil.ReadFile(Tea.Root + "/resources/ipdata/ip2region/global_region.csv")
-		if err != nil {
-			logs.Println("[ERROR]" + err.Error())
-			return
-		}
-		if len(data) == 0 {
-			logs.Println("[ERROR]file content should not be empty")
-			return
-		}
-		lines := bytes.Split(data, []byte{'\n'})
-		for _, line := range lines {
-			line = bytes.TrimSpace(line)
-			if len(line) == 0 {
-				continue
-			}
-
-			s := string(line)
-			reg := regexp.MustCompile(`(?U)(\d+),(\d+),(.+),(\d+),`)
-			if !reg.MatchString(s) {
-				continue
-			}
-			result := reg.FindStringSubmatch(s)
-			dataId := result[1]
-			parentDataId := result[2]
-			name := result[3]
-			level := result[4]
-
-			switch level {
-			case "1": // 国家|地区
-				countryId, err := regions.SharedRegionCountryDAO.FindCountryIdWithDataId(nil, dataId)
-				if err != nil {
-					logs.Println("[ERROR]" + err.Error())
-					return
-				}
-				if countryId == 0 {
-					logs.Println("creating country or region ", name)
-					_, err = regions.SharedRegionCountryDAO.CreateCountry(nil, name, dataId)
-					if err != nil {
-						logs.Println("[ERROR]" + err.Error())
-						return
-					}
-				}
-			case "2": // 省份|地区
-				provinceId, err := regions.SharedRegionProvinceDAO.FindProvinceIdWithDataId(nil, dataId)
-				if err != nil {
-					logs.Println("[ERROR]" + err.Error())
-					return
-				}
-				if provinceId == 0 {
-					logs.Println("creating province", name)
-
-					countryId, err := regions.SharedRegionCountryDAO.FindCountryIdWithDataId(nil, parentDataId)
-					if err != nil {
-						logs.Println("[ERROR]" + err.Error())
-						return
-					}
-					if countryId == 0 {
-						logs.Println("[ERROR]can not find country from data id '" + parentDataId + "'")
-						return
-					}
-
-					_, err = regions.SharedRegionProvinceDAO.CreateProvince(nil, countryId, name, dataId)
-					if err != nil {
-						logs.Println("[ERROR]" + err.Error())
-						return
-					}
-				}
-			case "3": // 城市
-				cityId, err := regions.SharedRegionCityDAO.FindCityWithDataId(nil, dataId)
-				if err != nil {
-					logs.Println("[ERROR]" + err.Error())
-					return
-				}
-				if cityId == 0 {
-					logs.Println("creating city", name)
-
-					provinceId, err := regions.SharedRegionProvinceDAO.FindProvinceIdWithDataId(nil, parentDataId)
-					if err != nil {
-						logs.Println("[ERROR]" + err.Error())
-						return
-					}
-					_, err = regions.SharedRegionCityDAO.CreateCity(nil, provinceId, name, dataId)
-					if err != nil {
-						logs.Println("[ERROR]" + err.Error())
-						return
-					}
-				}
-			}
-		}
-
-		logs.Println("done")
-	}
-
-	// 检查数据
-	if lists.ContainsString(os.Args, "check") {
-		dbs.NotifyReady()
-
-		data, err := ioutil.ReadFile(Tea.Root + "/resources/ipdata/ip2region/ip.merge.txt")
-		if err != nil {
-			logs.Println("[ERROR]" + err.Error())
-			return
-		}
-		if len(data) == 0 {
-			logs.Println("[ERROR]file should not be empty")
-			return
-		}
-		lines := bytes.Split(data, []byte("\n"))
-		for index, line := range lines {
-			s := string(bytes.TrimSpace(line))
-			if len(s) == 0 {
-				continue
-			}
-			pieces := strings.Split(s, "|")
-			countryName := pieces[2]
-			provinceName := pieces[4]
-			providerName := pieces[6]
-
-			// 记录provider
-			if len(providerName) > 0 && providerName != "0" {
-				providerId, err := regions.SharedRegionProviderDAO.FindProviderIdWithNameCacheable(nil, providerName)
-				if err != nil {
-					logs.Println("[ERROR]find provider id failed: " + err.Error())
-					return
-				}
-				if providerId == 0 {
-					logs.Println("creating new provider '"+providerName+"' ... ", index, "line")
-					_, err = regions.SharedRegionProviderDAO.CreateProvider(nil, providerName)
-					if err != nil {
-						logs.Println("create new provider failed: " + providerName)
-						return
-					}
-					logs.Println("created new provider '" + providerName + "'")
-					return
-				}
-			}
-
-			if lists.ContainsString([]string{"0", "欧洲", "北美地区", "法国南部领地", "非洲地区", "亚太地区"}, countryName) {
-				continue
-			}
-
-			// 检查国家
-			countryId, err := regions.SharedRegionCountryDAO.FindCountryIdWithNameCacheable(nil, countryName)
-			if err != nil {
-				logs.Println("[ERROR]" + err.Error())
-				return
-			}
-			if countryId == 0 {
-				logs.Println("[ERROR]can not find country '"+countryName+"', index: ", index, "data: "+s)
-				return
-			}
-
-			// 检查省份
-			if countryName == "中国" {
-				if lists.ContainsString([]string{"0"}, provinceName) {
-					continue
-				}
-
-				provinceId, err := regions.SharedRegionProvinceDAO.FindProvinceIdWithNameCacheable(nil, countryId, provinceName)
-				if err != nil {
-					logs.Println("[ERROR]" + err.Error())
-					return
-				}
-				if provinceId == 0 {
-					logs.Println("[ERROR]can not find province '"+provinceName+"', index: ", index, "data: "+s)
-					return
-				}
-			}
-		}
-
-		logs.Println("done")
-	}
-}
--- a/cmd/sql-dump/main.go
+++ b/cmd/sql-dump/main.go
@@ -7,7 +7,6 @@ import (
 	_ "github.com/iwind/TeaGo/bootstrap"
 	"github.com/iwind/TeaGo/dbs"
 	"go/format"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -67,7 +66,7 @@ func init() {
 		return
 	}

-	err = ioutil.WriteFile(sqlFile, dst, 0666)
+	err = os.WriteFile(sqlFile, dst, 0666)
 	if err != nil {
 		fmt.Println("[ERROR]write file failed: " + err.Error())
 		return
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/go-acme/lego/v4 v4.5.2
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/golang/protobuf v1.5.2
-	github.com/iwind/TeaGo v0.0.0-20220408111647-f36b9bba3570
+	github.com/iwind/TeaGo v0.0.0-20220811034530-657e3f15b79e
 	github.com/iwind/gosock v0.0.0-20220505115348-f88412125a62
 	github.com/mozillazg/go-pinyin v0.18.0
 	github.com/pkg/sftp v1.12.0
@@ -21,7 +21,7 @@ require (
 	golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8
 	google.golang.org/grpc v1.45.0
 	google.golang.org/protobuf v1.27.1
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
+	gopkg.in/yaml.v3 v3.0.1
 )

 require (
--- a/go.sum
+++ b/go.sum
@@ -239,6 +239,8 @@ github.com/iwind/TeaGo v0.0.0-20210411134150-ddf57e240c2f/go.mod h1:KU4mS7QNiZ7Q
 github.com/iwind/TeaGo v0.0.0-20220304043459-0dd944a5b475/go.mod h1:HRHK0zoC/og3c9/hKosD9yYVMTnnzm3PgXUdhRYHaLc=
 github.com/iwind/TeaGo v0.0.0-20220408111647-f36b9bba3570 h1:zqz2FiMMkSHXWO1EsTRJDPTwX9xQ4uuyD5GAE4JGlhM=
 github.com/iwind/TeaGo v0.0.0-20220408111647-f36b9bba3570/go.mod h1:HRHK0zoC/og3c9/hKosD9yYVMTnnzm3PgXUdhRYHaLc=
+github.com/iwind/TeaGo v0.0.0-20220811034530-657e3f15b79e h1:cw4b6ecXdXvLd45YSstD8r9ClcnVK4ljZMZCept2aOk=
+github.com/iwind/TeaGo v0.0.0-20220811034530-657e3f15b79e/go.mod h1:fi/Pq+/5m2HZoseM+39dMF57ANXRt6w4PkGu3NXPc5s=
 github.com/iwind/gosock v0.0.0-20210722083328-12b2d66abec3 h1:aBSonas7vFcgTj9u96/bWGILGv1ZbUSTLiOzcI1ZT6c=
 github.com/iwind/gosock v0.0.0-20210722083328-12b2d66abec3/go.mod h1:H5Q7SXwbx3a97ecJkaS2sD77gspzE7HFUafBO0peEyA=
 github.com/iwind/gosock v0.0.0-20220505115348-f88412125a62 h1:HJH6RDheAY156DnIfJSD/bEvqyXzsZuE2gzs8PuUjoo=
@@ -789,6 +791,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/internal/accesslogs/storage_base.go
+++ b/internal/accesslogs/storage_base.go
@@ -1,71 +0,0 @@
-// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
-
-package accesslogs
-
-import (
-	"encoding/json"
-	"fmt"
-	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"strconv"
-	"time"
-)
-
-type BaseStorage struct {
-	isOk         bool
-	version      int
-	firewallOnly bool
-}
-
-func (this *BaseStorage) SetVersion(version int) {
-	this.version = version
-}
-
-func (this *BaseStorage) Version() int {
-	return this.version
-}
-
-func (this *BaseStorage) IsOk() bool {
-	return this.isOk
-}
-
-func (this *BaseStorage) SetOk(isOk bool) {
-	this.isOk = isOk
-}
-
-func (this *BaseStorage) SetFirewallOnly(firewallOnly bool) {
-	this.firewallOnly = firewallOnly
-}
-
-// Marshal 对日志进行编码
-func (this *BaseStorage) Marshal(accessLog *pb.HTTPAccessLog) ([]byte, error) {
-	return json.Marshal(accessLog)
-}
-
-// FormatVariables 格式化字符串中的变量
-func (this *BaseStorage) FormatVariables(s string) string {
-	var now = time.Now()
-	return configutils.ParseVariables(s, func(varName string) (value string) {
-		switch varName {
-		case "year":
-			return strconv.Itoa(now.Year())
-		case "month":
-			return fmt.Sprintf("%02d", now.Month())
-		case "week":
-			_, week := now.ISOWeek()
-			return fmt.Sprintf("%02d", week)
-		case "day":
-			return fmt.Sprintf("%02d", now.Day())
-		case "hour":
-			return fmt.Sprintf("%02d", now.Hour())
-		case "minute":
-			return fmt.Sprintf("%02d", now.Minute())
-		case "second":
-			return fmt.Sprintf("%02d", now.Second())
-		case "date":
-			return fmt.Sprintf("%d%02d%02d", now.Year(), now.Month(), now.Day())
-		}
-
-		return varName
-	})
-}
--- a/internal/accesslogs/storage_command.go
+++ b/internal/accesslogs/storage_command.go
@@ -1,99 +0,0 @@
-package accesslogs
-
-import (
-	"bytes"
-	"errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/logs"
-	"os/exec"
-	"sync"
-)
-
-// CommandStorage 通过命令行存储
-type CommandStorage struct {
-	BaseStorage
-
-	config *serverconfigs.AccessLogCommandStorageConfig
-
-	writeLocker sync.Mutex
-}
-
-func NewCommandStorage(config *serverconfigs.AccessLogCommandStorageConfig) *CommandStorage {
-	return &CommandStorage{config: config}
-}
-
-func (this *CommandStorage) Config() interface{} {
-	return this.config
-}
-
-// Start 启动
-func (this *CommandStorage) Start() error {
-	if len(this.config.Command) == 0 {
-		return errors.New("'command' should not be empty")
-	}
-	return nil
-}
-
-// 写入日志
-func (this *CommandStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
-	if len(accessLogs) == 0 {
-		return nil
-	}
-
-	this.writeLocker.Lock()
-	defer this.writeLocker.Unlock()
-
-	cmd := exec.Command(this.config.Command, this.config.Args...)
-	if len(this.config.Dir) > 0 {
-		cmd.Dir = this.config.Dir
-	}
-
-	stdout := bytes.NewBuffer([]byte{})
-	cmd.Stdout = stdout
-
-	w, err := cmd.StdinPipe()
-	if err != nil {
-		return err
-	}
-	err = cmd.Start()
-	if err != nil {
-		return err
-	}
-	for _, accessLog := range accessLogs {
-		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
-			continue
-		}
-
-		data, err := this.Marshal(accessLog)
-		if err != nil {
-			logs.Error(err)
-			continue
-		}
-		_, err = w.Write(data)
-		if err != nil {
-			logs.Error(err)
-		}
-
-		_, err = w.Write([]byte("\n"))
-		if err != nil {
-			logs.Error(err)
-		}
-	}
-	_ = w.Close()
-	err = cmd.Wait()
-	if err != nil {
-		logs.Error(err)
-
-		if stdout.Len() > 0 {
-			logs.Error(errors.New(string(stdout.Bytes())))
-		}
-	}
-
-	return nil
-}
-
-// Close 关闭
-func (this *CommandStorage) Close() error {
-	return nil
-}
--- a/internal/accesslogs/storage_command_test.go
+++ b/internal/accesslogs/storage_command_test.go
@@ -1,63 +0,0 @@
-package accesslogs
-
-import (
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"os"
-	"os/exec"
-	"testing"
-	"time"
-)
-
-func TestCommandStorage_Write(t *testing.T) {
-	php, err := exec.LookPath("php")
-	if err != nil { // not found php, so we can not test
-		t.Log("php:", err)
-		return
-	}
-
-	cwd, err := os.Getwd()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	before := time.Now()
-
-	storage := NewCommandStorage(&serverconfigs.AccessLogCommandStorageConfig{
-		Command: php,
-		Args:    []string{cwd + "/tests/command_storage.php"},
-	})
-	err = storage.Start()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = storage.Write([]*pb.HTTPAccessLog{
-		{
-			RequestMethod: "GET",
-			RequestPath:   "/hello",
-		},
-		{
-			RequestMethod: "GET",
-			RequestPath:   "/world",
-		},
-		{
-			RequestMethod: "GET",
-			RequestPath:   "/lu",
-		},
-		{
-			RequestMethod: "GET",
-			RequestPath:   "/ping",
-		},
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = storage.Close()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	t.Log(time.Since(before).Seconds(), "seconds")
-}
--- a/internal/accesslogs/storage_es.go
+++ b/internal/accesslogs/storage_es.go
@@ -1,131 +0,0 @@
-package accesslogs
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
-	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
-	"github.com/TeaOSLab/EdgeAPI/internal/utils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"io/ioutil"
-	"net/http"
-	"regexp"
-	"strings"
-	"time"
-)
-
-// ESStorage ElasticSearch存储策略
-type ESStorage struct {
-	BaseStorage
-
-	config *serverconfigs.AccessLogESStorageConfig
-}
-
-func NewESStorage(config *serverconfigs.AccessLogESStorageConfig) *ESStorage {
-	return &ESStorage{config: config}
-}
-
-func (this *ESStorage) Config() interface{} {
-	return this.config
-}
-
-// Start 开启
-func (this *ESStorage) Start() error {
-	if len(this.config.Endpoint) == 0 {
-		return errors.New("'endpoint' should not be nil")
-	}
-	if !regexp.MustCompile(`(?i)^(http|https)://`).MatchString(this.config.Endpoint) {
-		this.config.Endpoint = "http://" + this.config.Endpoint
-	}
-	if len(this.config.Index) == 0 {
-		return errors.New("'index' should not be nil")
-	}
-	if len(this.config.MappingType) == 0 {
-		return errors.New("'mappingType' should not be nil")
-	}
-	return nil
-}
-
-// 写入日志
-func (this *ESStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
-	if len(accessLogs) == 0 {
-		return nil
-	}
-
-	bulk := &strings.Builder{}
-	indexName := this.FormatVariables(this.config.Index)
-	typeName := this.FormatVariables(this.config.MappingType)
-	for _, accessLog := range accessLogs {
-		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
-			continue
-		}
-
-		if len(accessLog.RequestId) == 0 {
-			continue
-		}
-
-		opData, err := json.Marshal(map[string]interface{}{
-			"index": map[string]interface{}{
-				"_index": indexName,
-				"_type":  typeName,
-				"_id":    accessLog.RequestId,
-			},
-		})
-		if err != nil {
-			remotelogs.Error("ACCESS_LOG_ES_STORAGE", "write failed: "+err.Error())
-			continue
-		}
-
-		data, err := this.Marshal(accessLog)
-		if err != nil {
-			remotelogs.Error("ACCESS_LOG_ES_STORAGE", "marshal data failed: "+err.Error())
-			continue
-		}
-
-		bulk.Write(opData)
-		bulk.WriteString("\n")
-		bulk.Write(data)
-		bulk.WriteString("\n")
-	}
-
-	if bulk.Len() == 0 {
-		return nil
-	}
-
-	req, err := http.NewRequest(http.MethodPost, this.config.Endpoint+"/_bulk", strings.NewReader(bulk.String()))
-	if err != nil {
-		return err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("User-Agent", strings.ReplaceAll(teaconst.ProductName, " ", "-")+"/"+teaconst.Version)
-	if len(this.config.Username) > 0 || len(this.config.Password) > 0 {
-		req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(this.config.Username+":"+this.config.Password)))
-	}
-	client := utils.SharedHttpClient(10 * time.Second)
-	defer func() {
-		_ = req.Body.Close()
-	}()
-
-	resp, err := client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer func() {
-		_ = resp.Body.Close()
-	}()
-
-	if resp.StatusCode != http.StatusOK {
-		bodyData, _ := ioutil.ReadAll(resp.Body)
-		return errors.New("ElasticSearch response status code: " + fmt.Sprintf("%d", resp.StatusCode) + " content: " + string(bodyData))
-	}
-
-	return nil
-}
-
-// Close 关闭
-func (this *ESStorage) Close() error {
-	return nil
-}
--- a/internal/accesslogs/storage_es_test.go
+++ b/internal/accesslogs/storage_es_test.go
@@ -1,53 +0,0 @@
-package accesslogs
-
-import (
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"testing"
-	"time"
-)
-
-func TestESStorage_Write(t *testing.T) {
-	storage := NewESStorage(&serverconfigs.AccessLogESStorageConfig{
-		Endpoint:    "http://127.0.0.1:9200",
-		Index:       "logs",
-		MappingType: "accessLogs",
-		Username:    "hello",
-		Password:    "world",
-	})
-	err := storage.Start()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	{
-		err = storage.Write([]*pb.HTTPAccessLog{
-			{
-				RequestMethod: "POST",
-				RequestPath:   "/1",
-				TimeLocal:     time.Now().Format("2/Jan/2006:15:04:05 -0700"),
-				TimeISO8601:   "2018-07-23T22:23:35+08:00",
-				Header: map[string]*pb.Strings{
-					"Content-Type": {Values: []string{"text/html"}},
-				},
-			},
-			{
-				RequestMethod: "GET",
-				RequestPath:   "/2",
-				TimeLocal:     time.Now().Format("2/Jan/2006:15:04:05 -0700"),
-				TimeISO8601:   "2018-07-23T22:23:35+08:00",
-				Header: map[string]*pb.Strings{
-					"Content-Type": {Values: []string{"text/css"}},
-				},
-			},
-		})
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	err = storage.Close()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
--- a/internal/accesslogs/storage_file.go
+++ b/internal/accesslogs/storage_file.go
@@ -1,130 +0,0 @@
-package accesslogs
-
-import (
-	"errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/logs"
-	"os"
-	"path/filepath"
-	"sync"
-)
-
-// FileStorage 文件存储策略
-type FileStorage struct {
-	BaseStorage
-
-	config *serverconfigs.AccessLogFileStorageConfig
-
-	writeLocker sync.Mutex
-
-	files       map[string]*os.File // path => *File
-	filesLocker sync.Mutex
-}
-
-func NewFileStorage(config *serverconfigs.AccessLogFileStorageConfig) *FileStorage {
-	return &FileStorage{
-		config: config,
-	}
-}
-
-func (this *FileStorage) Config() interface{} {
-	return this.config
-}
-
-// Start 开启
-func (this *FileStorage) Start() error {
-	if len(this.config.Path) == 0 {
-		return errors.New("'path' should not be empty")
-	}
-
-	this.files = map[string]*os.File{}
-
-	return nil
-}
-
-// Write 写入日志
-func (this *FileStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
-	if len(accessLogs) == 0 {
-		return nil
-	}
-
-	fp := this.fp()
-	if fp == nil {
-		return errors.New("file pointer should not be nil")
-	}
-	this.writeLocker.Lock()
-	defer this.writeLocker.Unlock()
-
-	for _, accessLog := range accessLogs {
-		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
-			continue
-		}
-		data, err := this.Marshal(accessLog)
-		if err != nil {
-			logs.Error(err)
-			continue
-		}
-		_, err = fp.Write(data)
-		if err != nil {
-			_ = this.Close()
-			break
-		}
-		_, _ = fp.WriteString("\n")
-	}
-	return nil
-}
-
-// Close 关闭
-func (this *FileStorage) Close() error {
-	this.filesLocker.Lock()
-	defer this.filesLocker.Unlock()
-
-	var resultErr error
-	for _, f := range this.files {
-		err := f.Close()
-		if err != nil {
-			resultErr = err
-		}
-	}
-	return resultErr
-}
-
-func (this *FileStorage) fp() *os.File {
-	path := this.FormatVariables(this.config.Path)
-
-	this.filesLocker.Lock()
-	defer this.filesLocker.Unlock()
-	fp, ok := this.files[path]
-	if ok {
-		return fp
-	}
-
-	// 关闭其他的文件
-	for _, f := range this.files {
-		_ = f.Close()
-	}
-
-	// 是否创建文件目录
-	if this.config.AutoCreate {
-		dir := filepath.Dir(path)
-		_, err := os.Stat(dir)
-		if os.IsNotExist(err) {
-			err = os.MkdirAll(dir, 0777)
-			if err != nil {
-				logs.Error(err)
-				return nil
-			}
-		}
-	}
-
-	// 打开新文件
-	fp, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
-	if err != nil {
-		logs.Error(err)
-		return nil
-	}
-	this.files[path] = fp
-
-	return fp
-}
--- a/internal/accesslogs/storage_file_test.go
+++ b/internal/accesslogs/storage_file_test.go
@@ -1,70 +0,0 @@
-package accesslogs
-
-import (
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/Tea"
-	"testing"
-	"time"
-)
-
-func TestFileStorage_Write(t *testing.T) {
-	storage := NewFileStorage(&serverconfigs.AccessLogFileStorageConfig{
-		Path: Tea.Root + "/logs/access-${date}.log",
-	})
-	err := storage.Start()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	{
-		err = storage.Write([]*pb.HTTPAccessLog{
-			{
-				RequestPath: "/hello",
-			},
-			{
-				RequestPath: "/world",
-			},
-		})
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	{
-		err = storage.Write([]*pb.HTTPAccessLog{
-			{
-				RequestPath: "/1",
-			},
-			{
-				RequestPath: "/2",
-			},
-		})
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	{
-		err = storage.Write([]*pb.HTTPAccessLog{
-			{
-				RequestMethod: "POST",
-				RequestPath:   "/1",
-				TimeLocal:     time.Now().Format("2/Jan/2006:15:04:05 -0700"),
-			},
-			{
-				RequestMethod: "GET",
-				RequestPath:   "/2",
-				TimeLocal:     time.Now().Format("2/Jan/2006:15:04:05 -0700"),
-			},
-		})
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	err = storage.Close()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
--- a/internal/accesslogs/storage_interface.go
+++ b/internal/accesslogs/storage_interface.go
@@ -1,33 +0,0 @@
-// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
-
-package accesslogs
-
-import "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-
-// StorageInterface 日志存储接口
-type StorageInterface interface {
-	// Version 获取版本
-	Version() int
-
-	// SetVersion 设置版本
-	SetVersion(version int)
-
-	// SetFirewallOnly 设置是否只处理防火墙相关的访问日志
-	SetFirewallOnly(firewallOnly bool)
-
-	IsOk() bool
-
-	SetOk(ok bool)
-
-	// Config 获取配置
-	Config() interface{}
-
-	// Start 开启
-	Start() error
-
-	// Write 写入日志
-	Write(accessLogs []*pb.HTTPAccessLog) error
-
-	// Close 关闭
-	Close() error
-}
--- a/internal/accesslogs/storage_manager.go
+++ b/internal/accesslogs/storage_manager.go
@@ -1,185 +0,0 @@
-// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
-
-package accesslogs
-
-import (
-	"encoding/json"
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/lists"
-	"github.com/iwind/TeaGo/types"
-	"sync"
-	"time"
-)
-
-var SharedStorageManager = NewStorageManager()
-
-type StorageManager struct {
-	storageMap map[int64]StorageInterface // policyId => Storage
-
-	locker sync.Mutex
-}
-
-func NewStorageManager() *StorageManager {
-	return &StorageManager{
-		storageMap: map[int64]StorageInterface{},
-	}
-}
-
-func (this *StorageManager) Start() {
-	var ticker = time.NewTicker(1 * time.Minute)
-	if Tea.IsTesting() {
-		ticker = time.NewTicker(5 * time.Second)
-	}
-
-	// 启动时执行一次
-	var err = this.Loop()
-	if err != nil {
-		remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "update error: "+err.Error())
-	}
-
-	// 循环执行
-	for range ticker.C {
-		err := this.Loop()
-		if err != nil {
-			remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "update error: "+err.Error())
-		}
-	}
-}
-
-// Loop 更新
-func (this *StorageManager) Loop() error {
-	policies, err := models.SharedHTTPAccessLogPolicyDAO.FindAllEnabledAndOnPolicies(nil)
-	if err != nil {
-		return err
-	}
-	var policyIds = []int64{}
-	for _, policy := range policies {
-		if policy.IsOn {
-			policyIds = append(policyIds, int64(policy.Id))
-		}
-	}
-
-	this.locker.Lock()
-	defer this.locker.Unlock()
-
-	// 关闭不用的
-	for policyId, storage := range this.storageMap {
-		if !lists.ContainsInt64(policyIds, policyId) {
-			err := storage.Close()
-			if err != nil {
-				remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "close '"+types.String(policyId)+"' failed: "+err.Error())
-			}
-			delete(this.storageMap, policyId)
-			remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "remove '"+types.String(policyId)+"'")
-		}
-	}
-
-	for _, policy := range policies {
-		var policyId = int64(policy.Id)
-		storage, ok := this.storageMap[policyId]
-		if ok {
-			// 检查配置是否有变更
-			if types.Int(policy.Version) != storage.Version() {
-				err = storage.Close()
-				if err != nil {
-					remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "close policy '"+types.String(policyId)+"' failed: "+err.Error())
-
-					// 继续往下执行
-				}
-
-				if len(policy.Options) > 0 {
-					err = json.Unmarshal(policy.Options, storage.Config())
-					if err != nil {
-						remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "unmarshal policy '"+types.String(policyId)+"' config failed: "+err.Error())
-						storage.SetOk(false)
-						continue
-					}
-				}
-
-				storage.SetVersion(types.Int(policy.Version))
-				storage.SetFirewallOnly(policy.FirewallOnly == 1)
-				err := storage.Start()
-				if err != nil {
-					remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "start policy '"+types.String(policyId)+"' failed: "+err.Error())
-					continue
-				}
-				storage.SetOk(true)
-				remotelogs.Println("ACCESS_LOG_STORAGE_MANAGER", "restart policy '"+types.String(policyId)+"'")
-			}
-		} else {
-			storage, err := this.createStorage(policy.Type, policy.Options)
-			if err != nil {
-				remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "create policy '"+types.String(policyId)+"' failed: "+err.Error())
-				continue
-			}
-			storage.SetVersion(types.Int(policy.Version))
-			storage.SetFirewallOnly(policy.FirewallOnly == 1)
-			this.storageMap[policyId] = storage
-			err = storage.Start()
-			if err != nil {
-				remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "start policy '"+types.String(policyId)+"' failed: "+err.Error())
-				continue
-			}
-			storage.SetOk(true)
-			remotelogs.Println("ACCESS_LOG_STORAGE_MANAGER", "start policy '"+types.String(policyId)+"'")
-		}
-	}
-
-	return nil
-}
-
-func (this *StorageManager) createStorage(storageType string, optionsJSON []byte) (StorageInterface, error) {
-	switch storageType {
-	case serverconfigs.AccessLogStorageTypeFile:
-		var config = &serverconfigs.AccessLogFileStorageConfig{}
-		if len(optionsJSON) > 0 {
-			err := json.Unmarshal(optionsJSON, config)
-			if err != nil {
-				return nil, err
-			}
-		}
-		return NewFileStorage(config), nil
-	case serverconfigs.AccessLogStorageTypeES:
-		var config = &serverconfigs.AccessLogESStorageConfig{}
-		if len(optionsJSON) > 0 {
-			err := json.Unmarshal(optionsJSON, config)
-			if err != nil {
-				return nil, err
-			}
-		}
-		return NewESStorage(config), nil
-	case serverconfigs.AccessLogStorageTypeTCP:
-		var config = &serverconfigs.AccessLogTCPStorageConfig{}
-		if len(optionsJSON) > 0 {
-			err := json.Unmarshal(optionsJSON, config)
-			if err != nil {
-				return nil, err
-			}
-		}
-		return NewTCPStorage(config), nil
-	case serverconfigs.AccessLogStorageTypeSyslog:
-		var config = &serverconfigs.AccessLogSyslogStorageConfig{}
-		if len(optionsJSON) > 0 {
-			err := json.Unmarshal(optionsJSON, config)
-			if err != nil {
-				return nil, err
-			}
-		}
-		return NewSyslogStorage(config), nil
-	case serverconfigs.AccessLogStorageTypeCommand:
-		var config = &serverconfigs.AccessLogCommandStorageConfig{}
-		if len(optionsJSON) > 0 {
-			err := json.Unmarshal(optionsJSON, config)
-			if err != nil {
-				return nil, err
-			}
-		}
-		return NewCommandStorage(config), nil
-	}
-
-	return nil, errors.New("invalid policy type '" + storageType + "'")
-}
--- a/internal/accesslogs/storage_manager_test.go
+++ b/internal/accesslogs/storage_manager_test.go
@@ -1,17 +0,0 @@
-package accesslogs
-
-import (
-	"github.com/iwind/TeaGo/dbs"
-	"testing"
-)
-
-func TestStorageManager_Loop(t *testing.T) {
-	dbs.NotifyReady()
-
-	var storage = NewStorageManager()
-	err := storage.Loop()
-	if err != nil {
-		t.Fatal(err)
-	}
-	t.Log(storage.storageMap)
-}
--- a/internal/accesslogs/storage_manager_write.go
+++ b/internal/accesslogs/storage_manager_write.go
@@ -1,15 +0,0 @@
-// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
-
-//go:build !plus
-// +build !plus
-
-package accesslogs
-
-import (
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-)
-
-// 写入日志
-func (this *StorageManager) Write(policyId int64, accessLogs []*pb.HTTPAccessLog) error {
-	return nil
-}
--- a/internal/accesslogs/storage_syslog.go
+++ b/internal/accesslogs/storage_syslog.go
@@ -1,146 +0,0 @@
-package accesslogs
-
-import (
-	"bytes"
-	"errors"
-	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/logs"
-	"os/exec"
-	"runtime"
-	"strconv"
-)
-
-type SyslogStorageProtocol = string
-
-const (
-	SyslogStorageProtocolTCP    SyslogStorageProtocol = "tcp"
-	SyslogStorageProtocolUDP    SyslogStorageProtocol = "udp"
-	SyslogStorageProtocolNone   SyslogStorageProtocol = "none"
-	SyslogStorageProtocolSocket SyslogStorageProtocol = "socket"
-)
-
-type SyslogStoragePriority = int
-
-// SyslogStorage syslog存储策略
-type SyslogStorage struct {
-	BaseStorage
-
-	config *serverconfigs.AccessLogSyslogStorageConfig
-
-	exe string
-}
-
-func NewSyslogStorage(config *serverconfigs.AccessLogSyslogStorageConfig) *SyslogStorage {
-	return &SyslogStorage{config: config}
-}
-
-func (this *SyslogStorage) Config() interface{} {
-	return this.config
-}
-
-// Start 开启
-func (this *SyslogStorage) Start() error {
-	if runtime.GOOS != "linux" {
-		return errors.New("'syslog' storage only works on linux")
-	}
-
-	exe, err := exec.LookPath("logger")
-	if err != nil {
-		return err
-	}
-
-	this.exe = exe
-
-	return nil
-}
-
-// 写入日志
-func (this *SyslogStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
-	if len(accessLogs) == 0 {
-		return nil
-	}
-
-	args := []string{}
-	if len(this.config.Tag) > 0 {
-		args = append(args, "-t", this.config.Tag)
-	}
-
-	if this.config.Priority >= 0 {
-		args = append(args, "-p", strconv.Itoa(this.config.Priority))
-	}
-
-	switch this.config.Protocol {
-	case SyslogStorageProtocolTCP:
-		args = append(args, "-T")
-		if len(this.config.ServerAddr) > 0 {
-			args = append(args, "-n", this.config.ServerAddr)
-		}
-		if this.config.ServerPort > 0 {
-			args = append(args, "-P", strconv.Itoa(this.config.ServerPort))
-		}
-	case SyslogStorageProtocolUDP:
-		args = append(args, "-d")
-		if len(this.config.ServerAddr) > 0 {
-			args = append(args, "-n", this.config.ServerAddr)
-		}
-		if this.config.ServerPort > 0 {
-			args = append(args, "-P", strconv.Itoa(this.config.ServerPort))
-		}
-	case SyslogStorageProtocolSocket:
-		args = append(args, "-u")
-		args = append(args, this.config.Socket)
-	case SyslogStorageProtocolNone:
-		// do nothing
-	}
-
-	args = append(args, "-S", "10240")
-
-	var cmd = exec.Command(this.exe, args...)
-	var stderrBuffer = &bytes.Buffer{}
-	cmd.Stderr = stderrBuffer
-
-	w, err := cmd.StdinPipe()
-	if err != nil {
-		return err
-	}
-	err = cmd.Start()
-	if err != nil {
-		return err
-	}
-
-	for _, accessLog := range accessLogs {
-		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
-			continue
-		}
-		data, err := this.Marshal(accessLog)
-		if err != nil {
-			remotelogs.Error("ACCESS_LOG_POLICY_SYSLOG", "marshal accesslog failed: "+err.Error())
-			continue
-		}
-		_, err = w.Write(data)
-		if err != nil {
-			logs.Error(err)
-		}
-
-		_, err = w.Write([]byte("\n"))
-		if err != nil {
-			remotelogs.Error("ACCESS_LOG_POLICY_SYSLOG", "write accesslog failed: "+err.Error())
-		}
-	}
-
-	_ = w.Close()
-
-	err = cmd.Wait()
-	if err != nil {
-		return errors.New("send syslog failed: " + err.Error() + ", stderr: " + stderrBuffer.String())
-	}
-
-	return nil
-}
-
-// Close 关闭
-func (this *SyslogStorage) Close() error {
-	return nil
-}
--- a/internal/accesslogs/storage_tcp.go
+++ b/internal/accesslogs/storage_tcp.go
@@ -1,114 +0,0 @@
-package accesslogs
-
-import (
-	"errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/logs"
-	"net"
-	"sync"
-)
-
-// TCPStorage TCP存储策略
-type TCPStorage struct {
-	BaseStorage
-
-	config *serverconfigs.AccessLogTCPStorageConfig
-
-	writeLocker sync.Mutex
-
-	connLocker sync.Mutex
-	conn       net.Conn
-}
-
-func NewTCPStorage(config *serverconfigs.AccessLogTCPStorageConfig) *TCPStorage {
-	return &TCPStorage{config: config}
-}
-
-func (this *TCPStorage) Config() interface{} {
-	return this.config
-}
-
-// Start 开启
-func (this *TCPStorage) Start() error {
-	if len(this.config.Network) == 0 {
-		return errors.New("'network' should not be empty")
-	}
-	if len(this.config.Addr) == 0 {
-		return errors.New("'addr' should not be empty")
-	}
-	return nil
-}
-
-// 写入日志
-func (this *TCPStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
-	if len(accessLogs) == 0 {
-		return nil
-	}
-
-	err := this.connect()
-	if err != nil {
-		return err
-	}
-
-	conn := this.conn
-	if conn == nil {
-		return errors.New("connection should not be nil")
-	}
-
-	this.writeLocker.Lock()
-	defer this.writeLocker.Unlock()
-
-	for _, accessLog := range accessLogs {
-		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
-			continue
-		}
-		data, err := this.Marshal(accessLog)
-		if err != nil {
-			logs.Error(err)
-			continue
-		}
-		_, err = conn.Write(data)
-		if err != nil {
-			_ = this.Close()
-			break
-		}
-		_, err = conn.Write([]byte("\n"))
-		if err != nil {
-			_ = this.Close()
-			break
-		}
-	}
-
-	return nil
-}
-
-// Close 关闭
-func (this *TCPStorage) Close() error {
-	this.connLocker.Lock()
-	defer this.connLocker.Unlock()
-
-	if this.conn != nil {
-		err := this.conn.Close()
-		this.conn = nil
-		return err
-	}
-	return nil
-}
-
-func (this *TCPStorage) connect() error {
-	this.connLocker.Lock()
-	defer this.connLocker.Unlock()
-
-	if this.conn != nil {
-		return nil
-	}
-
-	conn, err := net.Dial(this.config.Network, this.config.Addr)
-	if err != nil {
-		return err
-	}
-	this.conn = conn
-
-	return nil
-}
--- a/internal/accesslogs/storage_tcp_test.go
+++ b/internal/accesslogs/storage_tcp_test.go
@@ -1,72 +0,0 @@
-package accesslogs
-
-import (
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"net"
-	"testing"
-	"time"
-)
-
-func TestTCPStorage_Write(t *testing.T) {
-	go func() {
-		server, err := net.Listen("tcp", "127.0.0.1:9981")
-		if err != nil {
-			t.Error(err)
-			return
-		}
-		for {
-			conn, err := server.Accept()
-			if err != nil {
-				break
-			}
-
-			buf := make([]byte, 1024)
-			for {
-				n, err := conn.Read(buf)
-				if n > 0 {
-					t.Log(string(buf[:n]))
-				}
-				if err != nil {
-					break
-				}
-			}
-			break
-		}
-		_ = server.Close()
-	}()
-
-	storage := NewTCPStorage(&serverconfigs.AccessLogTCPStorageConfig{
-		Network: "tcp",
-		Addr:    "127.0.0.1:9981",
-	})
-	err := storage.Start()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	{
-		err = storage.Write([]*pb.HTTPAccessLog{
-			{
-				RequestMethod: "POST",
-				RequestPath:   "/1",
-				TimeLocal:     time.Now().Format("2/Jan/2006:15:04:05 -0700"),
-			},
-			{
-				RequestMethod: "GET",
-				RequestPath:   "/2",
-				TimeLocal:     time.Now().Format("2/Jan/2006:15:04:05 -0700"),
-			},
-		})
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	time.Sleep(2 * time.Second)
-
-	err = storage.Close()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
--- a/internal/accesslogs/tests/command_storage.php
+++ b/internal/accesslogs/tests/command_storage.php
@@ -1,24 +0,0 @@
-<?php
-
-// test command storage
-
-// open access log file
-$fp = fopen("/tmp/goedge-command-storage.log", "a+");
-
-// read access logs from stdin
-$stdin = fopen("php://stdin", "r");
-while(true) {
-    if (feof($stdin)) {
-        break;
-    }
-    $line = fgets($stdin);
-
-    // write to access log file
-    fwrite($fp, $line);
-}
-
-// close file pointers
-fclose($fp);
-fclose($stdin);
-
-?>
--- a/internal/acme/acme_test.go
+++ b/internal/acme/acme_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/lego"
 	acmelog "github.com/go-acme/lego/v4/log"
-	"io/ioutil"
+	"io"
 	"log"
 	"testing"

@@ -50,7 +50,7 @@ func (this *MyProvider) CleanUp(domain, token, keyAuth string) error {

 // 参考  https://go-acme.github.io/lego/usage/library/
 func TestGenerate(t *testing.T) {
-	acmelog.Logger = log.New(ioutil.Discard, "", log.LstdFlags)
+	acmelog.Logger = log.New(io.Discard, "", log.LstdFlags)

 	// 生成私钥
 	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
@@ -94,7 +94,7 @@ func TestGenerate(t *testing.T) {
 }

 func TestGenerate_EAB(t *testing.T) {
-	acmelog.Logger = log.New(ioutil.Discard, "", log.LstdFlags)
+	acmelog.Logger = log.New(io.Discard, "", log.LstdFlags)

 	// 生成私钥
 	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
--- a/internal/acme/dns_provider.go
+++ b/internal/acme/dns_provider.go
@@ -24,11 +24,11 @@ func (this *DNSProvider) Present(domain, token, keyAuth string) error {
 	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	// 设置记录
-	index := strings.Index(fqdn, "."+this.dnsDomain)
+	var index = strings.Index(fqdn, "."+this.dnsDomain)
 	if index < 0 {
 		return errors.New("invalid fqdn value")
 	}
-	recordName := fqdn[:index]
+	var recordName = fqdn[:index]
 	record, err := this.raw.QueryRecord(this.dnsDomain, recordName, dnstypes.RecordTypeTXT)
 	if err != nil {
 		return errors.New("query DNS record failed: " + err.Error())
--- a/internal/acme/request.go
+++ b/internal/acme/request.go
@@ -8,7 +8,7 @@ import (
 	"github.com/go-acme/lego/v4/lego"
 	acmelog "github.com/go-acme/lego/v4/log"
 	"github.com/go-acme/lego/v4/registration"
-	"io/ioutil"
+	"io"
 	"log"
 )

@@ -55,7 +55,7 @@ func (this *Request) Run() (certData []byte, keyData []byte, err error) {

 func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	if !this.debug {
-		acmelog.Logger = log.New(ioutil.Discard, "", log.LstdFlags)
+		acmelog.Logger = log.New(io.Discard, "", log.LstdFlags)
 	}

 	if this.task.User == nil {
@@ -75,7 +75,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 		return
 	}

-	config := lego.NewConfig(this.task.User)
+	var config = lego.NewConfig(this.task.User)
 	config.Certificate.KeyType = certcrypto.RSA2048
 	config.CADirURL = this.task.Provider.APIURL
 	config.UserAgent = teaconst.ProductName + "/" + teaconst.Version
@@ -86,7 +86,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	}

 	// 注册用户
-	resource := this.task.User.GetRegistration()
+	var resource = this.task.User.GetRegistration()
 	if resource != nil {
 		resource, err = client.Registration.QueryRegistration()
 		if err != nil {
@@ -124,7 +124,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	}

 	// 申请证书
-	request := certificate.ObtainRequest{
+	var request = certificate.ObtainRequest{
 		Domains: this.task.Domains,
 		Bundle:  true,
 	}
@@ -138,7 +138,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {

 func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
 	if !this.debug {
-		acmelog.Logger = log.New(ioutil.Discard, "", log.LstdFlags)
+		acmelog.Logger = log.New(io.Discard, "", log.LstdFlags)
 	}

 	if this.task.User == nil {
@@ -146,7 +146,7 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
 		return
 	}

-	config := lego.NewConfig(this.task.User)
+	var config = lego.NewConfig(this.task.User)
 	config.Certificate.KeyType = certcrypto.RSA2048
 	config.CADirURL = this.task.Provider.APIURL
 	config.UserAgent = teaconst.ProductName + "/" + teaconst.Version
@@ -157,7 +157,7 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
 	}

 	// 注册用户
-	resource := this.task.User.GetRegistration()
+	var resource = this.task.User.GetRegistration()
 	if resource != nil {
 		resource, err = client.Registration.QueryRegistration()
 		if err != nil {
@@ -195,7 +195,7 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
 	}

 	// 申请证书
-	request := certificate.ObtainRequest{
+	var request = certificate.ObtainRequest{
 		Domains: this.task.Domains,
 		Bundle:  true,
 	}
--- a/internal/configs/api_config.go
+++ b/internal/configs/api_config.go
@@ -4,7 +4,6 @@ import (
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/iwind/TeaGo/Tea"
 	"gopkg.in/yaml.v3"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 )
@@ -42,7 +41,7 @@ func SharedAPIConfig() (*APIConfig, error) {
 	var data []byte
 	var err error
 	for _, path := range paths {
-		data, err = ioutil.ReadFile(path)
+		data, err = os.ReadFile(path)
 		if err == nil {
 			if path == localFile {
 				isFromLocal = true
@@ -63,7 +62,7 @@ func SharedAPIConfig() (*APIConfig, error) {

 	if !isFromLocal {
 		// 恢复文件
-		_ = ioutil.WriteFile(localFile, data, 0666)
+		_ = os.WriteFile(localFile, data, 0666)
 	}

 	// 恢复数据库文件
@@ -80,9 +79,9 @@ func SharedAPIConfig() (*APIConfig, error) {
 			for _, path := range paths {
 				_, err := os.Stat(path)
 				if err == nil {
-					data, err := ioutil.ReadFile(path)
+					data, err := os.ReadFile(path)
 					if err == nil {
-						_ = ioutil.WriteFile(dbConfigFile, data, 0666)
+						_ = os.WriteFile(dbConfigFile, data, 0666)
 						break
 					}
 				}
@@ -122,14 +121,14 @@ func (this *APIConfig) WriteFile(path string) error {
 	for _, backupDir := range backupDirs {
 		stat, err := os.Stat(backupDir)
 		if err == nil && stat.IsDir() {
-			_ = ioutil.WriteFile(backupDir+"/"+filename, data, 0666)
+			_ = os.WriteFile(backupDir+"/"+filename, data, 0666)
 		} else if err != nil && os.IsNotExist(err) {
 			err = os.Mkdir(backupDir, 0777)
 			if err == nil {
-				_ = ioutil.WriteFile(backupDir+"/"+filename, data, 0666)
+				_ = os.WriteFile(backupDir+"/"+filename, data, 0666)
 			}
 		}
 	}

-	return ioutil.WriteFile(path, data, 0666)
+	return os.WriteFile(path, data, 0666)
 }
--- a/internal/const/const.go
+++ b/internal/const/const.go
@@ -1,7 +1,7 @@
 package teaconst

 const (
-	Version = "0.4.10"
+	Version = "0.5.2"

 	ProductName   = "Edge API"
 	ProcessName   = "edge-api"
@@ -18,11 +18,11 @@ const (

 	// 其他节点版本号，用来检测是否有需要升级的节点

-	NodeVersion          = "0.4.10"
-	UserNodeVersion      = "0.3.6"
+	NodeVersion          = "0.5.2"
+	UserNodeVersion      = "0.4.1"
 	AuthorityNodeVersion = "0.0.2"
 	MonitorNodeVersion   = "0.0.4"
-	DNSNodeVersion       = "0.2.4"
+	DNSNodeVersion       = "0.2.6"
 	ReportNodeVersion    = "0.1.1"

 	// SQLVersion SQL版本号
--- a/internal/db/models/accounts/order_method_dao.go
+++ b/internal/db/models/accounts/order_method_dao.go
@@ -0,0 +1,33 @@
+package accounts
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	OrderMethodStateEnabled  = 1 // 已启用
+	OrderMethodStateDisabled = 0 // 已禁用
+)
+
+type OrderMethodDAO dbs.DAO
+
+func NewOrderMethodDAO() *OrderMethodDAO {
+	return dbs.NewDAO(&OrderMethodDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeOrderMethods",
+			Model:  new(OrderMethod),
+			PkName: "id",
+		},
+	}).(*OrderMethodDAO)
+}
+
+var SharedOrderMethodDAO *OrderMethodDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedOrderMethodDAO = NewOrderMethodDAO()
+	})
+}
--- a/internal/db/models/nameservers/ns_question_option_dao_test.go
+++ b/internal/db/models/nameservers/ns_question_option_dao_test.go
@@ -1,4 +1,4 @@
-package nameservers
+package accounts_test

 import (
 	_ "github.com/go-sql-driver/mysql"
--- a/internal/db/models/accounts/order_method_model.go
+++ b/internal/db/models/accounts/order_method_model.go
@@ -0,0 +1,36 @@
+package accounts
+
+import "github.com/iwind/TeaGo/dbs"
+
+// OrderMethod 订单支付方式
+type OrderMethod struct {
+	Id          uint32   `field:"id"`          // ID
+	Name        string   `field:"name"`        // 名称
+	IsOn        bool     `field:"isOn"`        // 是否启用
+	Description string   `field:"description"` // 描述
+	ParentCode  string   `field:"parentCode"`  // 内置的父级代号
+	Code        string   `field:"code"`        // 代号
+	Url         string   `field:"url"`         // URL
+	Secret      string   `field:"secret"`      // 密钥
+	Params      dbs.JSON `field:"params"`      // 参数
+	Order       uint32   `field:"order"`       // 排序
+	State       uint8    `field:"state"`       // 状态
+}
+
+type OrderMethodOperator struct {
+	Id          interface{} // ID
+	Name        interface{} // 名称
+	IsOn        interface{} // 是否启用
+	Description interface{} // 描述
+	ParentCode  interface{} // 内置的父级代号
+	Code        interface{} // 代号
+	Url         interface{} // URL
+	Secret      interface{} // 密钥
+	Params      interface{} // 参数
+	Order       interface{} // 排序
+	State       interface{} // 状态
+}
+
+func NewOrderMethodOperator() *OrderMethodOperator {
+	return &OrderMethodOperator{}
+}
--- a/internal/db/models/accounts/order_method_model_ext.go
+++ b/internal/db/models/accounts/order_method_model_ext.go
@@ -0,0 +1 @@
+package accounts
--- a/internal/db/models/accounts/user_order_dao.go
+++ b/internal/db/models/accounts/user_order_dao.go
@@ -0,0 +1,33 @@
+package accounts
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	UserOrderStateEnabled  = 1 // 已启用
+	UserOrderStateDisabled = 0 // 已禁用
+)
+
+type UserOrderDAO dbs.DAO
+
+func NewUserOrderDAO() *UserOrderDAO {
+	return dbs.NewDAO(&UserOrderDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeUserOrders",
+			Model:  new(UserOrder),
+			PkName: "id",
+		},
+	}).(*UserOrderDAO)
+}
+
+var SharedUserOrderDAO *UserOrderDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedUserOrderDAO = NewUserOrderDAO()
+	})
+}
--- a/internal/db/models/nameservers/ns_record_hourly_stat_dao_test.go
+++ b/internal/db/models/nameservers/ns_record_hourly_stat_dao_test.go
@@ -1,4 +1,4 @@
-package nameservers
+package accounts_test

 import (
 	_ "github.com/go-sql-driver/mysql"
--- a/internal/db/models/accounts/user_order_log_dao.go
+++ b/internal/db/models/accounts/user_order_log_dao.go
@@ -0,0 +1,28 @@
+package accounts
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+type UserOrderLogDAO dbs.DAO
+
+func NewUserOrderLogDAO() *UserOrderLogDAO {
+	return dbs.NewDAO(&UserOrderLogDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeUserOrderLogs",
+			Model:  new(UserOrderLog),
+			PkName: "id",
+		},
+	}).(*UserOrderLogDAO)
+}
+
+var SharedUserOrderLogDAO *UserOrderLogDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedUserOrderLogDAO = NewUserOrderLogDAO()
+	})
+}
--- a/internal/db/models/accounts/user_order_log_dao_test.go
+++ b/internal/db/models/accounts/user_order_log_dao_test.go
@@ -0,0 +1,6 @@
+package accounts_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/accounts/user_order_log_model.go
+++ b/internal/db/models/accounts/user_order_log_model.go
@@ -0,0 +1,28 @@
+package accounts
+
+import "github.com/iwind/TeaGo/dbs"
+
+// UserOrderLog 订单日志
+type UserOrderLog struct {
+	Id        uint64   `field:"id"`        // ID
+	AdminId   uint64   `field:"adminId"`   // 管理员ID
+	UserId    uint64   `field:"userId"`    // 用户ID
+	OrderId   uint64   `field:"orderId"`   // 订单ID
+	Status    string   `field:"status"`    // 状态
+	Snapshot  dbs.JSON `field:"snapshot"`  // 状态快照
+	CreatedAt uint64   `field:"createdAt"` // 创建时间
+}
+
+type UserOrderLogOperator struct {
+	Id        interface{} // ID
+	AdminId   interface{} // 管理员ID
+	UserId    interface{} // 用户ID
+	OrderId   interface{} // 订单ID
+	Status    interface{} // 状态
+	Snapshot  interface{} // 状态快照
+	CreatedAt interface{} // 创建时间
+}
+
+func NewUserOrderLogOperator() *UserOrderLogOperator {
+	return &UserOrderLogOperator{}
+}
--- a/internal/db/models/accounts/user_order_log_model_ext.go
+++ b/internal/db/models/accounts/user_order_log_model_ext.go
@@ -0,0 +1 @@
+package accounts
--- a/internal/db/models/accounts/user_order_model.go
+++ b/internal/db/models/accounts/user_order_model.go
@@ -0,0 +1,40 @@
+package accounts
+
+import "github.com/iwind/TeaGo/dbs"
+
+// UserOrder 用户订单
+type UserOrder struct {
+	Id          uint64   `field:"id"`          // 用户订单
+	UserId      uint64   `field:"userId"`      // 用户ID
+	Code        string   `field:"code"`        // 订单号
+	Type        string   `field:"type"`        // 订单类型
+	MethodId    uint32   `field:"methodId"`    // 支付方式
+	Status      string   `field:"status"`      // 订单状态
+	Amount      float64  `field:"amount"`      // 金额
+	Params      dbs.JSON `field:"params"`      // 附加参数
+	ExpiredAt   uint64   `field:"expiredAt"`   // 过期时间
+	CreatedAt   uint64   `field:"createdAt"`   // 创建时间
+	CancelledAt uint64   `field:"cancelledAt"` // 取消时间
+	FinishedAt  uint64   `field:"finishedAt"`  // 结束时间
+	State       uint8    `field:"state"`       // 状态
+}
+
+type UserOrderOperator struct {
+	Id          interface{} // 用户订单
+	UserId      interface{} // 用户ID
+	Code        interface{} // 订单号
+	Type        interface{} // 订单类型
+	MethodId    interface{} // 支付方式
+	Status      interface{} // 订单状态
+	Amount      interface{} // 金额
+	Params      interface{} // 附加参数
+	ExpiredAt   interface{} // 过期时间
+	CreatedAt   interface{} // 创建时间
+	CancelledAt interface{} // 取消时间
+	FinishedAt  interface{} // 结束时间
+	State       interface{} // 状态
+}
+
+func NewUserOrderOperator() *UserOrderOperator {
+	return &UserOrderOperator{}
+}
--- a/internal/db/models/accounts/user_order_model_ext.go
+++ b/internal/db/models/accounts/user_order_model_ext.go
@@ -0,0 +1 @@
+package accounts
--- a/internal/db/models/acme/acme_provider_account_dao.go
+++ b/internal/db/models/acme/acme_provider_account_dao.go
@@ -1,6 +1,7 @@
 package acme

 import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
@@ -72,8 +73,9 @@ func (this *ACMEProviderAccountDAO) FindACMEProviderAccountName(tx *dbs.Tx, id i
 }

 // CreateAccount 创建账号
-func (this *ACMEProviderAccountDAO) CreateAccount(tx *dbs.Tx, name string, providerCode string, eabKid string, eabKey string) (int64, error) {
+func (this *ACMEProviderAccountDAO) CreateAccount(tx *dbs.Tx, userId int64, name string, providerCode string, eabKid string, eabKey string) (int64, error) {
 	var op = NewACMEProviderAccountOperator()
+	op.UserId = userId
 	op.Name = name
 	op.ProviderCode = providerCode
 	op.EabKid = eabKid
@@ -98,15 +100,18 @@ func (this *ACMEProviderAccountDAO) UpdateAccount(tx *dbs.Tx, accountId int64, n
 }

 // CountAllEnabledAccounts 计算账号数量
-func (this *ACMEProviderAccountDAO) CountAllEnabledAccounts(tx *dbs.Tx) (int64, error) {
+func (this *ACMEProviderAccountDAO) CountAllEnabledAccounts(tx *dbs.Tx, userId int64) (int64, error) {
 	return this.Query(tx).
+		State(ACMEProviderAccountStateEnabled).
+		Attr("userId", userId).
 		Count()
 }

 // ListEnabledAccounts 查找单页账号
-func (this *ACMEProviderAccountDAO) ListEnabledAccounts(tx *dbs.Tx, offset int64, size int64) (result []*ACMEProviderAccount, err error) {
+func (this *ACMEProviderAccountDAO) ListEnabledAccounts(tx *dbs.Tx, userId int64, offset int64, size int64) (result []*ACMEProviderAccount, err error) {
 	_, err = this.Query(tx).
 		State(ACMEProviderAccountStateEnabled).
+		Attr("userId", userId).
 		Offset(offset).
 		Limit(size).
 		DescPk().
@@ -116,12 +121,34 @@ func (this *ACMEProviderAccountDAO) ListEnabledAccounts(tx *dbs.Tx, offset int64
 }

 // FindAllEnabledAccountsWithProviderCode 根据服务商代号查找账号
-func (this *ACMEProviderAccountDAO) FindAllEnabledAccountsWithProviderCode(tx *dbs.Tx, providerCode string) (result []*ACMEProviderAccount, err error) {
+func (this *ACMEProviderAccountDAO) FindAllEnabledAccountsWithProviderCode(tx *dbs.Tx, userId int64, providerCode string) (result []*ACMEProviderAccount, err error) {
 	_, err = this.Query(tx).
 		State(ACMEProviderAccountStateEnabled).
 		Attr("providerCode", providerCode).
+		Attr("userId", userId).
 		DescPk().
 		Slice(&result).
 		FindAll()
 	return
 }
+
+// CheckUserAccount 检查是否为用户的服务商账号
+func (this *ACMEProviderAccountDAO) CheckUserAccount(tx *dbs.Tx, userId int64, accountId int64) error {
+	if userId <= 0 || accountId <= 0 {
+		return models.ErrNotFound
+	}
+
+	b, err := this.Query(tx).
+		Pk(accountId).
+		State(ACMEProviderAccountStateEnabled).
+		Attr("userId", userId).
+		Exist()
+	if err != nil {
+		return err
+	}
+	if !b {
+		return models.ErrNotFound
+	}
+
+	return nil
+}
--- a/internal/db/models/acme/acme_provider_account_model.go
+++ b/internal/db/models/acme/acme_provider_account_model.go
@@ -3,24 +3,26 @@ package acme
 // ACMEProviderAccount ACME提供商
 type ACMEProviderAccount struct {
 	Id           uint64 `field:"id"`           // ID
+	UserId       uint64 `field:"userId"`       // 用户ID
 	IsOn         bool   `field:"isOn"`         // 是否启用
 	Name         string `field:"name"`         // 名称
 	ProviderCode string `field:"providerCode"` // 代号
-	Error        string `field:"error"`        // 最后一条错误信息
 	EabKid       string `field:"eabKid"`       // KID
 	EabKey       string `field:"eabKey"`       // Key
+	Error        string `field:"error"`        // 最后一条错误信息
 	State        uint8  `field:"state"`        // 状态
 }

 type ACMEProviderAccountOperator struct {
-	Id           interface{} // ID
-	IsOn         interface{} // 是否启用
-	Name         interface{} // 名称
-	ProviderCode interface{} // 代号
-	Error        interface{} // 最后一条错误信息
-	EabKid       interface{} // KID
-	EabKey       interface{} // Key
-	State        interface{} // 状态
+	Id           any // ID
+	UserId       any // 用户ID
+	IsOn         any // 是否启用
+	Name         any // 名称
+	ProviderCode any // 代号
+	EabKid       any // KID
+	EabKey       any // Key
+	Error        any // 最后一条错误信息
+	State        any // 状态
 }

 func NewACMEProviderAccountOperator() *ACMEProviderAccountOperator {
--- a/internal/db/models/acme/acme_task_dao.go
+++ b/internal/db/models/acme/acme_task_dao.go
@@ -107,7 +107,11 @@ func (this *ACMETaskDAO) DisableAllTasksWithCertId(tx *dbs.Tx, certId int64) err

 // CountAllEnabledACMETasks 计算所有任务数量
 func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, adminId int64, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string) (int64, error) {
-	query := dbutils.NewQuery(tx, this, adminId, userId)
+	var query = this.Query(tx)
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	}
+	query.Attr("userId", userId) // 这个条件必须加上
 	if isAvailable || isExpired || expiringDays > 0 {
 		query.Gt("certId", 0)

@@ -138,7 +142,11 @@ func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, adminId int64, use

 // ListEnabledACMETasks 列出单页任务
 func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, adminId int64, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string, offset int64, size int64) (result []*ACMETask, err error) {
-	query := dbutils.NewQuery(tx, this, adminId, userId)
+	var query = this.Query(tx)
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	}
+	query.Attr("userId", userId) // 这个条件必须加上
 	if isAvailable || isExpired || expiringDays > 0 {
 		query.Gt("certId", 0)

@@ -228,7 +236,13 @@ func (this *ACMETaskDAO) UpdateACMETask(tx *dbs.Tx, acmeTaskId int64, acmeUserId

 // CheckACMETask 检查权限
 func (this *ACMETaskDAO) CheckACMETask(tx *dbs.Tx, adminId int64, userId int64, acmeTaskId int64) (bool, error) {
-	return dbutils.NewQuery(tx, this, adminId, userId).
+	var query = this.Query(tx)
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	}
+	query.Attr("userId", userId) // 这个条件必须加上
+
+	return query.
 		State(ACMETaskStateEnabled).
 		Pk(acmeTaskId).
 		Exist()
@@ -319,7 +333,7 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
 		return
 	}

-	remoteUser := acmeutils.NewUser(user.Email, privateKey, func(resource *registration.Resource) error {
+	var remoteUser = acmeutils.NewUser(user.Email, privateKey, func(resource *registration.Resource) error {
 		resourceJSON, err := json.Marshal(resource)
 		if err != nil {
 			return err
@@ -382,7 +396,7 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
 	acmeTask.Provider = acmeProvider
 	acmeTask.Account = acmeAccount

-	acmeRequest := acmeutils.NewRequest(acmeTask)
+	var acmeRequest = acmeutils.NewRequest(acmeTask)
 	acmeRequest.OnAuth(func(domain, token, keyAuth string) {
 		err := SharedACMEAuthenticationDAO.CreateAuth(tx, taskId, domain, token, keyAuth)
 		if err != nil {
@@ -398,7 +412,7 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
 				if err != nil {
 					remotelogs.Error("ACME", "encode auth data failed: '"+task.AuthURL+"'")
 				} else {
-					client := utils.SharedHttpClient(5 * time.Second)
+					var client = utils.SharedHttpClient(10 * time.Second)
 					req, err := http.NewRequest(http.MethodPost, task.AuthURL, bytes.NewReader(authJSON))
 					req.Header.Set("Content-Type", "application/json")
 					req.Header.Set("User-Agent", teaconst.ProductName+"/"+teaconst.Version)
@@ -423,7 +437,7 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
 	}

 	// 分析证书
-	sslConfig := &sslconfigs.SSLCertConfig{
+	var sslConfig = &sslconfigs.SSLCertConfig{
 		CertData: certData,
 		KeyData:  keyData,
 	}
--- a/internal/db/models/admin_dao.go
+++ b/internal/db/models/admin_dao.go
@@ -63,6 +63,19 @@ func (this *AdminDAO) FindEnabledAdmin(tx *dbs.Tx, id int64) (*Admin, error) {
 	return result.(*Admin), err
 }

+// FindBasicAdmin 查找管理员基本信息
+func (this *AdminDAO) FindBasicAdmin(tx *dbs.Tx, id int64) (*Admin, error) {
+	result, err := this.Query(tx).
+		Result("id", "username", "fullname").
+		Pk(id).
+		Attr("state", AdminStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*Admin), err
+}
+
 // ExistEnabledAdmin 检查管理员是否存在
 func (this *AdminDAO) ExistEnabledAdmin(tx *dbs.Tx, adminId int64) (bool, error) {
 	return this.Query(tx).
--- a/internal/db/models/admin_model.go
+++ b/internal/db/models/admin_model.go
@@ -14,23 +14,23 @@ type Admin struct {
 	UpdatedAt uint64   `field:"updatedAt"` // 修改时间
 	State     uint8    `field:"state"`     // 状态
 	Modules   dbs.JSON `field:"modules"`   // 允许的模块
-	CanLogin  uint8    `field:"canLogin"`  // 是否可以登录
+	CanLogin  bool     `field:"canLogin"`  // 是否可以登录
 	Theme     string   `field:"theme"`     // 模板设置
 }

 type AdminOperator struct {
-	Id        interface{} // ID
-	IsOn      interface{} // 是否启用
-	Username  interface{} // 用户名
-	Password  interface{} // 密码
-	Fullname  interface{} // 全名
-	IsSuper   interface{} // 是否为超级管理员
-	CreatedAt interface{} // 创建时间
-	UpdatedAt interface{} // 修改时间
-	State     interface{} // 状态
-	Modules   interface{} // 允许的模块
-	CanLogin  interface{} // 是否可以登录
-	Theme     interface{} // 模板设置
+	Id        any // ID
+	IsOn      any // 是否启用
+	Username  any // 用户名
+	Password  any // 密码
+	Fullname  any // 全名
+	IsSuper   any // 是否为超级管理员
+	CreatedAt any // 创建时间
+	UpdatedAt any // 修改时间
+	State     any // 状态
+	Modules   any // 允许的模块
+	CanLogin  any // 是否可以登录
+	Theme     any // 模板设置
 }

 func NewAdminOperator() *AdminOperator {
--- a/internal/db/models/authority/authority_key_dao.go
+++ b/internal/db/models/authority/authority_key_dao.go
@@ -1,13 +1,9 @@
 package authority

 import (
-	"encoding/json"
-	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
-	timeutil "github.com/iwind/TeaGo/utils/time"
-	"time"
 )

 type AuthorityKeyDAO dbs.DAO
@@ -33,63 +29,3 @@ func init() {
 		_, _ = SharedAuthorityKeyDAO.IsPlus(nil)
 	})
 }
-
-// UpdateKey 设置Key
-func (this *AuthorityKeyDAO) UpdateKey(tx *dbs.Tx, value string, dayFrom string, dayTo string, hostname string, macAddresses []string, company string) error {
-	one, err := this.Query(tx).
-		AscPk().
-		Find()
-	if err != nil {
-		return err
-	}
-	var op = NewAuthorityKeyOperator()
-	if one != nil {
-		op.Id = one.(*AuthorityKey).Id
-	}
-	op.Value = value
-	op.DayFrom = dayFrom
-	op.DayTo = dayTo
-	op.Hostname = hostname
-
-	if len(macAddresses) == 0 {
-		macAddresses = []string{}
-	}
-	macAddressesJSON, err := json.Marshal(macAddresses)
-	if err != nil {
-		return err
-	}
-
-	op.MacAddresses = macAddressesJSON
-	op.Company = company
-	op.UpdatedAt = time.Now().Unix()
-
-	return this.Save(tx, op)
-}
-
-// ReadKey 读取Key
-func (this *AuthorityKeyDAO) ReadKey(tx *dbs.Tx) (key *AuthorityKey, err error) {
-	one, err := this.Query(tx).
-		AscPk().
-		Find()
-	if err != nil {
-		return nil, err
-	}
-	if one == nil {
-		return nil, nil
-	}
-	key = one.(*AuthorityKey)
-
-	// 顺便更新相关变量
-	if key.DayTo >= timeutil.Format("Y-m-d") {
-		teaconst.IsPlus = true
-	}
-
-	return
-}
-
-// ResetKey 重置Key
-func (this *AuthorityKeyDAO) ResetKey(tx *dbs.Tx) error {
-	_, err := this.Query(tx).
-		Delete()
-	return err
-}
--- a/internal/db/models/authority/authority_key_dao_test.go
+++ b/internal/db/models/authority/authority_key_dao_test.go
@@ -1,23 +0,0 @@
-package authority
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	_ "github.com/iwind/TeaGo/bootstrap"
-	"testing"
-)
-
-func TestAuthorityKeyDAO_UpdateValue(t *testing.T) {
-	err := NewAuthorityKeyDAO().UpdateKey(nil, "12345678", "", "", "", []string{}, "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	t.Log("ok")
-}
-
-func TestAuthorityKeyDAO_ReadValue(t *testing.T) {
-	value, err := NewAuthorityKeyDAO().ReadKey(nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	t.Log(value)
-}
--- a/internal/db/models/dns/dnsutils/dns_utils.go
+++ b/internal/db/models/dns/dnsutils/dns_utils.go
@@ -16,8 +16,11 @@ import (
 // CheckClusterDNS 检查集群的DNS问题
 // 藏这么深是避免package循环引用的问题
 func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster) (issues []*pb.DNSIssue, err error) {
-	clusterId := int64(cluster.Id)
-	domainId := int64(cluster.DnsDomainId)
+	var clusterId = int64(cluster.Id)
+	var domainId = int64(cluster.DnsDomainId)
+
+	// 集群DNS设置
+	var clusterDNSConfig, _ = cluster.DecodeDNSConfig()

 	// 检查域名
 	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId, nil)
@@ -101,7 +104,7 @@ func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster) (issues []*pb.DNSI
 	// TODO 检查域名是否已解析

 	// 检查节点
-	nodes, err := models.SharedNodeDAO.FindAllEnabledNodesDNSWithClusterId(tx, clusterId, true)
+	nodes, err := models.SharedNodeDAO.FindAllEnabledNodesDNSWithClusterId(tx, clusterId, true, clusterDNSConfig != nil && clusterDNSConfig.IncludingLnNodes)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/db/models/http_access_log_dao.go
+++ b/internal/db/models/http_access_log_dao.go
@@ -39,9 +39,10 @@ var SharedHTTPAccessLogDAO *HTTPAccessLogDAO
 var (
 	oldAccessLogQueue       = make(chan *pb.HTTPAccessLog)
 	accessLogQueue          = make(chan *pb.HTTPAccessLog, 10_000)
-	accessLogQueueMaxLength = 100_000
-	accessLogQueuePercent   = 100    // 0-100
-	accessLogCountPerSecond = 10_000 // 0 表示不限制
+	accessLogQueueMaxLength = 100_000 //队列最大长度
+	accessLogQueuePercent   = 100     // 0-100
+	accessLogCountPerSecond = 10_000  // 每秒钟写入条数，0 表示不限制
+	accessLogPerTx          = 100     // 单事务写入条数
 	accessLogConfigJSON     = []byte{}
 	accessLogQueueChanged   = make(chan zero.Zero, 1)

@@ -85,15 +86,21 @@ func init() {
 		goman.New(func() {
 			var ticker = time.NewTicker(1 * time.Second)
 			for range ticker.C {
-				var tx *dbs.Tx
-				err := SharedHTTPAccessLogDAO.DumpAccessLogsFromQueue(tx, accessLogCountPerSecond)
-				if err != nil {
-					remotelogs.Error("HTTP_ACCESS_LOG_QUEUE", "dump access logs failed: "+err.Error())
+				var countTxs = accessLogCountPerSecond / accessLogPerTx
+				if countTxs <= 0 {
+					countTxs = 1
+				}
+				for i := 0; i < countTxs; i++ {
+					hasMore, err := SharedHTTPAccessLogDAO.DumpAccessLogsFromQueue(accessLogPerTx)
+					if err != nil {
+						remotelogs.Error("HTTP_ACCESS_LOG_QUEUE", "dump access logs failed: "+err.Error())
+					} else if !hasMore {
+						break
+					}
 				}
 			}
 		})
 	})
-
 }

 func NewHTTPAccessLogDAO() *HTTPAccessLogDAO {
@@ -133,7 +140,11 @@ func (this *HTTPAccessLogDAO) CreateHTTPAccessLogs(tx *dbs.Tx, accessLogs []*pb.
 }

 // DumpAccessLogsFromQueue 从队列导入访问日志
-func (this *HTTPAccessLogDAO) DumpAccessLogsFromQueue(tx *dbs.Tx, size int) error {
+func (this *HTTPAccessLogDAO) DumpAccessLogsFromQueue(size int) (hasMore bool, err error) {
+	if size <= 0 {
+		size = 100
+	}
+	
 	var dao = randomHTTPAccessLogDAO()
 	if dao == nil {
 		dao = &HTTPAccessLogDAOWrapper{
@@ -142,14 +153,25 @@ func (this *HTTPAccessLogDAO) DumpAccessLogsFromQueue(tx *dbs.Tx, size int) erro
 		}
 	}

-	if size <= 0 {
-		size = 1_000_000
+	if len(oldAccessLogQueue) == 0 && len(accessLogQueue) == 0 {
+		return false, nil
 	}

+	// 开始事务
+	tx, err := dao.DAO.Instance.Begin()
+	if err != nil {
+		return false, err
+	}
+	defer func() {
+		_ = tx.Commit()
+	}()
+
 	// 复制变量，防止中途改变
 	var oldQueue = oldAccessLogQueue
 	var newQueue = accessLogQueue

+	hasMore = true
+
 Loop:
 	for i := 0; i < size; i++ {
 		// old
@@ -157,7 +179,7 @@ Loop:
 		case accessLog := <-oldQueue:
 			err := this.CreateHTTPAccessLog(tx, dao.DAO, accessLog)
 			if err != nil {
-				return err
+				return false, err
 			}
 			continue Loop
 		default:
@@ -169,15 +191,16 @@ Loop:
 		case accessLog := <-newQueue:
 			err := this.CreateHTTPAccessLog(tx, dao.DAO, accessLog)
 			if err != nil {
-				return err
+				return false, err
 			}
 			continue Loop
 		default:
+			hasMore = false
 			break Loop
 		}
 	}

-	return nil
+	return hasMore, nil
 }

 // CreateHTTPAccessLog 写入单条访问日志
@@ -768,6 +791,9 @@ func (this *HTTPAccessLogDAO) SetupQueue() {

 	accessLogQueuePercent = config.Percent
 	accessLogCountPerSecond = config.CountPerSecond
+	if accessLogCountPerSecond <= 0 {
+		accessLogCountPerSecond = 10_000
+	}
 	if config.MaxLength <= 0 {
 		config.MaxLength = 100_000
 	}
--- a/internal/db/models/http_access_log_dao_test.go
+++ b/internal/db/models/http_access_log_dao_test.go
@@ -21,13 +21,13 @@ func TestCreateHTTPAccessLog(t *testing.T) {
 		t.Fatal(err)
 	}

-	accessLog := &pb.HTTPAccessLog{
+	var accessLog = &pb.HTTPAccessLog{
 		ServerId:  1,
 		NodeId:    4,
 		Status:    200,
 		Timestamp: time.Now().Unix(),
 	}
-	dao := randomHTTPAccessLogDAO()
+	var dao = randomHTTPAccessLogDAO()
 	t.Log("dao:", dao)

 	// 先初始化
@@ -37,12 +37,59 @@ func TestCreateHTTPAccessLog(t *testing.T) {
 	defer func() {
 		t.Log(time.Since(before).Seconds()*1000, "ms")
 	}()
+
 	for i := 0; i < 1000; i++ {
 		err = SharedHTTPAccessLogDAO.CreateHTTPAccessLog(tx, dao.DAO, accessLog)
 		if err != nil {
 			t.Fatal(err)
 		}
 	}
+
+	t.Log("ok")
+}
+
+func TestCreateHTTPAccessLog_Tx(t *testing.T) {
+	dbs.NotifyReady()
+
+	var tx *dbs.Tx
+
+	err := NewDBNodeInitializer().loop()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var accessLog = &pb.HTTPAccessLog{
+		ServerId:  1,
+		NodeId:    4,
+		Status:    200,
+		Timestamp: time.Now().Unix(),
+	}
+	var dao = randomHTTPAccessLogDAO()
+	t.Log("dao:", dao)
+
+	// 先初始化
+	_ = SharedHTTPAccessLogDAO.CreateHTTPAccessLog(tx, dao.DAO, accessLog)
+
+	var before = time.Now()
+	defer func() {
+		t.Log(time.Since(before).Seconds()*1000, "ms")
+	}()
+
+	tx, err = dao.DAO.Instance.Begin()
+	if err != nil {
+		t.Fatal(err)
+	}
+	for i := 0; i < 1000; i++ {
+		err = SharedHTTPAccessLogDAO.CreateHTTPAccessLog(tx, dao.DAO, accessLog)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+	err = tx.Commit()
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	t.Log("ok")
 }

--- a/internal/db/models/http_access_log_policy_dao.go
+++ b/internal/db/models/http_access_log_policy_dao.go
@@ -87,6 +87,7 @@ func (this *HTTPAccessLogPolicyDAO) CountAllEnabledPolicies(tx *dbs.Tx) (int64,
 func (this *HTTPAccessLogPolicyDAO) ListEnabledPolicies(tx *dbs.Tx, offset int64, size int64) (result []*HTTPAccessLogPolicy, err error) {
 	_, err = this.Query(tx).
 		State(HTTPAccessLogPolicyStateEnabled).
+		Desc("isOn").
 		DescPk().
 		Offset(offset).
 		Limit(size).
--- a/internal/db/models/http_auth_policy_dao.go
+++ b/internal/db/models/http_auth_policy_dao.go
@@ -68,8 +68,9 @@ func (this *HTTPAuthPolicyDAO) FindEnabledHTTPAuthPolicy(tx *dbs.Tx, id int64) (
 }

 // CreateHTTPAuthPolicy 创建策略
-func (this *HTTPAuthPolicyDAO) CreateHTTPAuthPolicy(tx *dbs.Tx, name string, methodType string, paramsJSON []byte) (int64, error) {
+func (this *HTTPAuthPolicyDAO) CreateHTTPAuthPolicy(tx *dbs.Tx, userId int64, name string, methodType string, paramsJSON []byte) (int64, error) {
 	var op = NewHTTPAuthPolicyOperator()
+	op.UserId = userId
 	op.Name = name
 	op.Type = methodType
 	op.Params = paramsJSON
@@ -137,6 +138,20 @@ func (this *HTTPAuthPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, c
 	return config, nil
 }

+// CheckUserPolicy 检查用户权限
+func (this *HTTPAuthPolicyDAO) CheckUserPolicy(tx *dbs.Tx, userId int64, policyId int64) error {
+	if userId <= 0 || policyId <= 0 {
+		return ErrNotFound
+	}
+
+	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithHTTPAuthPolicyId(tx, policyId)
+	if err != nil {
+		return err
+	}
+
+	return SharedHTTPWebDAO.CheckUserWeb(tx, userId, webId)
+}
+
 // NotifyUpdate 通知更改
 func (this *HTTPAuthPolicyDAO) NotifyUpdate(tx *dbs.Tx, policyId int64) error {
 	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithHTTPAuthPolicyId(tx, policyId)
--- a/internal/db/models/http_cache_task_model.go
+++ b/internal/db/models/http_cache_task_model.go
@@ -12,23 +12,23 @@ type HTTPCacheTask struct {
 	Day         string `field:"day"`         // 创建日期YYYYMMDD
 	IsDone      bool   `field:"isDone"`      // 是否已完成
 	IsOk        bool   `field:"isOk"`        // 是否完全成功
-	IsReady     uint8  `field:"isReady"`     // 是否已准备好
+	IsReady     bool   `field:"isReady"`     // 是否已准备好
 	Description string `field:"description"` // 描述
 }

 type HTTPCacheTaskOperator struct {
-	Id          interface{} // ID
-	UserId      interface{} // 用户ID
-	Type        interface{} // 任务类型：purge|fetch
-	KeyType     interface{} // Key类型
-	State       interface{} // 状态
-	CreatedAt   interface{} // 创建时间
-	DoneAt      interface{} // 完成时间
-	Day         interface{} // 创建日期YYYYMMDD
-	IsDone      interface{} // 是否已完成
-	IsOk        interface{} // 是否完全成功
-	IsReady     interface{} // 是否已准备好
-	Description interface{} // 描述
+	Id          any // ID
+	UserId      any // 用户ID
+	Type        any // 任务类型：purge|fetch
+	KeyType     any // Key类型
+	State       any // 状态
+	CreatedAt   any // 创建时间
+	DoneAt      any // 完成时间
+	Day         any // 创建日期YYYYMMDD
+	IsDone      any // 是否已完成
+	IsOk        any // 是否完全成功
+	IsReady     any // 是否已准备好
+	Description any // 描述
 }

 func NewHTTPCacheTaskOperator() *HTTPCacheTaskOperator {
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -1042,6 +1042,10 @@ func (this *HTTPWebDAO) FindWebServerGroupId(tx *dbs.Tx, webId int64) (groupId i

 // CheckUserWeb 检查用户权限
 func (this *HTTPWebDAO) CheckUserWeb(tx *dbs.Tx, userId int64, webId int64) error {
+	if userId <= 0 || webId <= 0 {
+		return ErrNotFound
+	}
+
 	serverId, err := this.FindWebServerId(tx, webId)
 	if err != nil {
 		return err
--- a/internal/db/models/ip_library_artifact_dao.go
+++ b/internal/db/models/ip_library_artifact_dao.go
@@ -0,0 +1,140 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+)
+
+const (
+	IPLibraryArtifactStateEnabled  = 1 // 已启用
+	IPLibraryArtifactStateDisabled = 0 // 已禁用
+)
+
+type IPLibraryArtifactDAO dbs.DAO
+
+func NewIPLibraryArtifactDAO() *IPLibraryArtifactDAO {
+	return dbs.NewDAO(&IPLibraryArtifactDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeIPLibraryArtifacts",
+			Model:  new(IPLibraryArtifact),
+			PkName: "id",
+		},
+	}).(*IPLibraryArtifactDAO)
+}
+
+var SharedIPLibraryArtifactDAO *IPLibraryArtifactDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedIPLibraryArtifactDAO = NewIPLibraryArtifactDAO()
+	})
+}
+
+// EnableIPLibraryArtifact 启用条目
+func (this *IPLibraryArtifactDAO) EnableIPLibraryArtifact(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", IPLibraryArtifactStateEnabled).
+		Update()
+	return err
+}
+
+// DisableIPLibraryArtifact 禁用条目
+func (this *IPLibraryArtifactDAO) DisableIPLibraryArtifact(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", IPLibraryArtifactStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledIPLibraryArtifact 查找启用中的条目
+func (this *IPLibraryArtifactDAO) FindEnabledIPLibraryArtifact(tx *dbs.Tx, id int64) (*IPLibraryArtifact, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(IPLibraryArtifactStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*IPLibraryArtifact), err
+}
+
+// CreateArtifact 创建制品
+func (this *IPLibraryArtifactDAO) CreateArtifact(tx *dbs.Tx, name string, fileId int64, libraryFileId int64, meta *iplibrary.Meta) (int64, error) {
+	var op = NewIPLibraryArtifactOperator()
+	op.Name = name
+	op.FileId = fileId
+	op.LibraryFileId = libraryFileId
+
+	metaJSON, err := json.Marshal(meta)
+	if err != nil {
+		return 0, err
+	}
+	op.Meta = metaJSON
+	op.State = IPLibraryArtifactStateEnabled
+
+	var code = stringutil.Md5(utils.Sha1RandomString())[:8]
+	meta.Code = code
+	op.Code = code // 要比较短，方便识别
+
+	return this.SaveInt64(tx, op)
+}
+
+// FindAllArtifacts 查找制品列表
+func (this *IPLibraryArtifactDAO) FindAllArtifacts(tx *dbs.Tx) (result []*IPLibraryArtifact, err error) {
+	_, err = this.Query(tx).
+		State(IPLibraryArtifactStateEnabled).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindPublicArtifact 查找当前使用的制品
+func (this *IPLibraryArtifactDAO) FindPublicArtifact(tx *dbs.Tx) (*IPLibraryArtifact, error) {
+	one, err := this.Query(tx).
+		State(IPLibraryArtifactStateEnabled).
+		Attr("isPublic", true).
+		Result("id", "fileId", "code").
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+	return one.(*IPLibraryArtifact), nil
+}
+
+// UpdateArtifactPublic 使用某个制品
+func (this *IPLibraryArtifactDAO) UpdateArtifactPublic(tx *dbs.Tx, artifactId int64, isPublic bool) error {
+	// 取消使用
+	if !isPublic {
+		return this.Query(tx).
+			Pk(artifactId).
+			Set("isPublic", false).
+			UpdateQuickly()
+	}
+
+	// 使用
+
+	// 先取消别的
+	err := this.Query(tx).
+		Neq("id", artifactId).
+		State(IPLibraryArtifactStateEnabled).
+		Attr("isPublic", true).
+		Set("isPublic", false).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	return this.Query(tx).
+		Pk(artifactId).
+		Set("isPublic", true).
+		UpdateQuickly()
+}
--- a/internal/db/models/nameservers/ns_domain_dao_test.go
+++ b/internal/db/models/nameservers/ns_domain_dao_test.go
@@ -1,4 +1,4 @@
-package nameservers
+package models_test

 import (
 	_ "github.com/go-sql-driver/mysql"
--- a/internal/db/models/ip_library_artifact_model.go
+++ b/internal/db/models/ip_library_artifact_model.go
@@ -0,0 +1,32 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// IPLibraryArtifact IP库制品
+type IPLibraryArtifact struct {
+	Id            uint32   `field:"id"`            // ID
+	Name          string   `field:"name"`          // 名称
+	FileId        uint64   `field:"fileId"`        // 文件ID
+	LibraryFileId uint32   `field:"libraryFileId"` // IP库文件ID
+	CreatedAt     uint64   `field:"createdAt"`     // 创建时间
+	Meta          dbs.JSON `field:"meta"`          // 元数据
+	IsPublic      bool     `field:"isPublic"`      // 是否为公用
+	Code          string   `field:"code"`          // 代号
+	State         uint8    `field:"state"`         // 状态
+}
+
+type IPLibraryArtifactOperator struct {
+	Id            any // ID
+	Name          any // 名称
+	FileId        any // 文件ID
+	LibraryFileId any // IP库文件ID
+	CreatedAt     any // 创建时间
+	Meta          any // 元数据
+	IsPublic      any // 是否为公用
+	Code          any // 代号
+	State         any // 状态
+}
+
+func NewIPLibraryArtifactOperator() *IPLibraryArtifactOperator {
+	return &IPLibraryArtifactOperator{}
+}
--- a/internal/db/models/ip_library_artifact_model_ext.go
+++ b/internal/db/models/ip_library_artifact_model_ext.go
@@ -0,0 +1 @@
+package models
--- a/internal/db/models/ip_library_dao.go
+++ b/internal/db/models/ip_library_dao.go
@@ -33,7 +33,7 @@ func init() {
 	})
 }

-// 启用条目
+// EnableIPLibrary 启用条目
 func (this *IPLibraryDAO) EnableIPLibrary(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -42,7 +42,7 @@ func (this *IPLibraryDAO) EnableIPLibrary(tx *dbs.Tx, id int64) error {
 	return err
 }

-// 禁用条目
+// DisableIPLibrary 禁用条目
 func (this *IPLibraryDAO) DisableIPLibrary(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -51,7 +51,7 @@ func (this *IPLibraryDAO) DisableIPLibrary(tx *dbs.Tx, id int64) error {
 	return err
 }

-// 查找启用中的条目
+// FindEnabledIPLibrary 查找启用中的条目
 func (this *IPLibraryDAO) FindEnabledIPLibrary(tx *dbs.Tx, id int64) (*IPLibrary, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -63,7 +63,7 @@ func (this *IPLibraryDAO) FindEnabledIPLibrary(tx *dbs.Tx, id int64) (*IPLibrary
 	return result.(*IPLibrary), err
 }

-// 查找某个类型的IP库列表
+// FindAllEnabledIPLibrariesWithType 查找某个类型的IP库列表
 func (this *IPLibraryDAO) FindAllEnabledIPLibrariesWithType(tx *dbs.Tx, libraryType string) (result []*IPLibrary, err error) {
 	_, err = this.Query(tx).
 		State(IPLibraryStateEnabled).
@@ -74,7 +74,7 @@ func (this *IPLibraryDAO) FindAllEnabledIPLibrariesWithType(tx *dbs.Tx, libraryT
 	return
 }

-// 查找某个类型的最新的IP库
+// FindLatestIPLibraryWithType 查找某个类型的最新的IP库
 func (this *IPLibraryDAO) FindLatestIPLibraryWithType(tx *dbs.Tx, libraryType string) (*IPLibrary, error) {
 	one, err := this.Query(tx).
 		State(IPLibraryStateEnabled).
@@ -90,7 +90,7 @@ func (this *IPLibraryDAO) FindLatestIPLibraryWithType(tx *dbs.Tx, libraryType st
 	return one.(*IPLibrary), nil
 }

-// 创建新的IP库
+// CreateIPLibrary 创建新的IP库
 func (this *IPLibraryDAO) CreateIPLibrary(tx *dbs.Tx, libraryType string, fileId int64) (int64, error) {
 	var op = NewIPLibraryOperator()
 	op.Type = libraryType
--- a/internal/db/models/ip_library_file_dao.go
+++ b/internal/db/models/ip_library_file_dao.go
@@ -0,0 +1,593 @@
+package models
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/regions"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
+	"io"
+	"os"
+	"time"
+)
+
+const (
+	IPLibraryFileStateEnabled  = 1 // 已启用
+	IPLibraryFileStateDisabled = 0 // 已禁用
+)
+
+type IPLibraryFileDAO dbs.DAO
+
+func NewIPLibraryFileDAO() *IPLibraryFileDAO {
+	return dbs.NewDAO(&IPLibraryFileDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeIPLibraryFiles",
+			Model:  new(IPLibraryFile),
+			PkName: "id",
+		},
+	}).(*IPLibraryFileDAO)
+}
+
+var SharedIPLibraryFileDAO *IPLibraryFileDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedIPLibraryFileDAO = NewIPLibraryFileDAO()
+	})
+}
+
+// EnableIPLibraryFile 启用条目
+func (this *IPLibraryFileDAO) EnableIPLibraryFile(tx *dbs.Tx, id uint64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", IPLibraryFileStateEnabled).
+		Update()
+	return err
+}
+
+// DisableIPLibraryFile 禁用条目
+func (this *IPLibraryFileDAO) DisableIPLibraryFile(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", IPLibraryFileStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledIPLibraryFile 查找启用中的条目
+func (this *IPLibraryFileDAO) FindEnabledIPLibraryFile(tx *dbs.Tx, id int64) (*IPLibraryFile, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(IPLibraryFileStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*IPLibraryFile), err
+}
+
+// CreateLibraryFile 创建文件
+func (this *IPLibraryFileDAO) CreateLibraryFile(tx *dbs.Tx, name string, template string, emptyValues []string, fileId int64, countries []string, provinces [][2]string, cities [][3]string, towns [][4]string, providers []string) (int64, error) {
+	var op = NewIPLibraryFileOperator()
+	op.Name = name
+	op.Template = template
+
+	if emptyValues == nil {
+		emptyValues = []string{}
+	}
+	emptyValuesJSON, err := json.Marshal(emptyValues)
+	if err != nil {
+		return 0, err
+	}
+	op.EmptyValues = emptyValuesJSON
+
+	op.FileId = fileId
+
+	if countries == nil {
+		countries = []string{}
+	}
+	countriesJSON, err := json.Marshal(countries)
+	if err != nil {
+		return 0, err
+	}
+	op.Countries = countriesJSON
+
+	if provinces == nil {
+		provinces = [][2]string{}
+	}
+	provincesJSON, err := json.Marshal(provinces)
+	if err != nil {
+		return 0, err
+	}
+	op.Provinces = provincesJSON
+
+	if cities == nil {
+		cities = [][3]string{}
+	}
+	citiesJSON, err := json.Marshal(cities)
+	if err != nil {
+		return 0, err
+	}
+	op.Cities = citiesJSON
+
+	if towns == nil {
+		towns = [][4]string{}
+	}
+	townsJSON, err := json.Marshal(towns)
+	if err != nil {
+		return 0, err
+	}
+	op.Towns = townsJSON
+
+	if providers == nil {
+		providers = []string{}
+	}
+	providersJSON, err := json.Marshal(providers)
+	if err != nil {
+		return 0, err
+	}
+	op.Providers = providersJSON
+
+	op.IsFinished = false
+	op.State = IPLibraryFileStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// FindAllFinishedLibraryFiles 查找所有已完成的文件
+func (this *IPLibraryFileDAO) FindAllFinishedLibraryFiles(tx *dbs.Tx) (result []*IPLibraryFile, err error) {
+	_, err = this.Query(tx).
+		State(IPLibraryFileStateEnabled).
+		Result("id", "fileId", "createdAt", "generatedFileId", "generatedAt", "name"). // 这里不需要其他信息
+		Attr("isFinished", true).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindAllUnfinishedLibraryFiles 查找所有未完成的文件
+func (this *IPLibraryFileDAO) FindAllUnfinishedLibraryFiles(tx *dbs.Tx) (result []*IPLibraryFile, err error) {
+	_, err = this.Query(tx).
+		State(IPLibraryFileStateEnabled).
+		Result("id", "fileId", "createdAt"). // 这里不需要其他信息
+		Attr("isFinished", false).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// UpdateLibraryFileIsFinished 设置文件为已完成
+func (this *IPLibraryFileDAO) UpdateLibraryFileIsFinished(tx *dbs.Tx, fileId int64) error {
+	return this.Query(tx).
+		Pk(fileId).
+		Set("isFinished", true).
+		UpdateQuickly()
+}
+
+// FindLibraryFileCountries 获取IP库中的国家/地区
+func (this *IPLibraryFileDAO) FindLibraryFileCountries(tx *dbs.Tx, fileId int64) ([]string, error) {
+	countriesJSON, err := this.Query(tx).
+		Result("countries").
+		Pk(fileId).
+		FindJSONCol()
+	if err != nil {
+		return nil, err
+	}
+
+	if IsNull(countriesJSON) {
+		return nil, nil
+	}
+
+	var result = []string{}
+	err = json.Unmarshal(countriesJSON, &result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// FindLibraryFileProvinces 获取IP库中的省份
+func (this *IPLibraryFileDAO) FindLibraryFileProvinces(tx *dbs.Tx, fileId int64) ([][2]string, error) {
+	provincesJSON, err := this.Query(tx).
+		Result("provinces").
+		Pk(fileId).
+		FindJSONCol()
+	if err != nil {
+		return nil, err
+	}
+
+	if IsNull(provincesJSON) {
+		return nil, nil
+	}
+
+	var result = [][2]string{}
+	err = json.Unmarshal(provincesJSON, &result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// FindLibraryFileCities 获取IP库中的城市
+func (this *IPLibraryFileDAO) FindLibraryFileCities(tx *dbs.Tx, fileId int64) ([][3]string, error) {
+	citiesJSON, err := this.Query(tx).
+		Result("cities").
+		Pk(fileId).
+		FindJSONCol()
+	if err != nil {
+		return nil, err
+	}
+
+	if IsNull(citiesJSON) {
+		return nil, nil
+	}
+
+	var result = [][3]string{}
+	err = json.Unmarshal(citiesJSON, &result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// FindLibraryFileTowns 获取IP库中的区县
+func (this *IPLibraryFileDAO) FindLibraryFileTowns(tx *dbs.Tx, fileId int64) ([][4]string, error) {
+	townsJSON, err := this.Query(tx).
+		Result("towns").
+		Pk(fileId).
+		FindJSONCol()
+	if err != nil {
+		return nil, err
+	}
+
+	if IsNull(townsJSON) {
+		return nil, nil
+	}
+
+	var result = [][4]string{}
+	err = json.Unmarshal(townsJSON, &result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// FindLibraryFileProviders 获取IP库中的ISP运营商
+func (this *IPLibraryFileDAO) FindLibraryFileProviders(tx *dbs.Tx, fileId int64) ([]string, error) {
+	providersJSON, err := this.Query(tx).
+		Result("providers").
+		Pk(fileId).
+		FindJSONCol()
+	if err != nil {
+		return nil, err
+	}
+
+	if IsNull(providersJSON) {
+		return nil, nil
+	}
+
+	var result = []string{}
+	err = json.Unmarshal(providersJSON, &result)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+func (this *IPLibraryFileDAO) GenerateIPLibrary(tx *dbs.Tx, libraryFileId int64) error {
+	one, err := this.Query(tx).Pk(libraryFileId).Find()
+	if err != nil {
+		return err
+	}
+	if one == nil {
+		return errors.New("the library file not found")
+	}
+
+	var libraryFile = one.(*IPLibraryFile)
+	template, err := iplibrary.NewTemplate(libraryFile.Template)
+	if err != nil {
+		return errors.New("create template from '" + libraryFile.Template + "' failed: " + err.Error())
+	}
+
+	var fileId = int64(libraryFile.FileId)
+	if fileId == 0 {
+		return errors.New("the library file has not been uploaded yet")
+	}
+
+	var dir = Tea.Root + "/data"
+	stat, err := os.Stat(dir)
+
+	if err != nil {
+		if os.IsNotExist(err) {
+			err = os.Mkdir(dir, 0777)
+			if err != nil {
+				return errors.New("can not open dir '" + dir + "' to write: " + err.Error())
+			}
+		} else {
+			return errors.New("can not open dir '" + dir + "' to write: " + err.Error())
+		}
+	} else if !stat.IsDir() {
+		_ = os.Remove(dir)
+
+		err = os.Mkdir(dir, 0777)
+		if err != nil {
+			return errors.New("can not open dir '" + dir + "' to write: " + err.Error())
+		}
+	}
+
+	// TODO 删除以往生成的文件，但要考虑到文件正在被别的任务所使用
+
+	// 国家
+	dbCountries, err := regions.SharedRegionCountryDAO.FindAllCountries(tx)
+	if err != nil {
+		return err
+	}
+
+	var countries = []*iplibrary.Country{}
+	for _, country := range dbCountries {
+		countries = append(countries, &iplibrary.Country{
+			Id:    country.Id,
+			Name:  country.DisplayName(),
+			Codes: country.AllCodes(),
+		})
+	}
+
+	// 省份
+	dbProvinces, err := regions.SharedRegionProvinceDAO.FindAllEnabledProvinces(tx)
+	if err != nil {
+		return err
+	}
+
+	var provinces = []*iplibrary.Province{}
+	for _, province := range dbProvinces {
+		provinces = append(provinces, &iplibrary.Province{
+			Id:    province.Id,
+			Name:  province.DisplayName(),
+			Codes: province.AllCodes(),
+		})
+	}
+
+	// 城市
+	dbCities, err := regions.SharedRegionCityDAO.FindAllEnabledCities(tx)
+	if err != nil {
+		return err
+	}
+
+	var cities = []*iplibrary.City{}
+	for _, city := range dbCities {
+		cities = append(cities, &iplibrary.City{
+			Id:    city.Id,
+			Name:  city.DisplayName(),
+			Codes: city.AllCodes(),
+		})
+	}
+
+	// 区县
+	dbTowns, err := regions.SharedRegionTownDAO.FindAllRegionTowns(tx)
+	if err != nil {
+		return err
+	}
+
+	var towns = []*iplibrary.Town{}
+	for _, town := range dbTowns {
+		towns = append(towns, &iplibrary.Town{
+			Id:    town.Id,
+			Name:  town.DisplayName(),
+			Codes: town.AllCodes(),
+		})
+	}
+
+	// ISP运营商
+	dbProviders, err := regions.SharedRegionProviderDAO.FindAllEnabledProviders(tx)
+	if err != nil {
+		return err
+	}
+
+	var providers = []*iplibrary.Provider{}
+	for _, provider := range dbProviders {
+		providers = append(providers, &iplibrary.Provider{
+			Id:    provider.Id,
+			Name:  provider.DisplayName(),
+			Codes: provider.AllCodes(),
+		})
+	}
+
+	var libraryCode = utils.Sha1RandomString() // 每次都生成新的code
+	var filePath = dir + "/" + this.composeFilename(libraryFileId, libraryCode)
+	var meta = &iplibrary.Meta{
+		Author:    "", // 将来用户可以自行填写
+		CreatedAt: time.Now().Unix(),
+		Countries: countries,
+		Provinces: provinces,
+		Cities:    cities,
+		Towns:     towns,
+		Providers: providers,
+	}
+	writer, err := iplibrary.NewFileWriter(filePath, meta)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_ = writer.Close()
+		_ = os.Remove(filePath)
+	}()
+
+	err = writer.WriteMeta()
+	if err != nil {
+		return errors.New("write meta failed: " + err.Error())
+	}
+
+	chunkIds, err := SharedFileChunkDAO.FindAllFileChunkIds(tx, fileId)
+	if err != nil {
+		return err
+	}
+
+	// countries etc ...
+	var countryMap = map[string]int64{} // countryName => countryId
+	for _, country := range dbCountries {
+		for _, code := range country.AllCodes() {
+			countryMap[code] = int64(country.Id)
+		}
+	}
+
+	var provinceMap = map[string]int64{} // countryId_provinceName => provinceId
+	for _, province := range dbProvinces {
+		for _, code := range province.AllCodes() {
+			provinceMap[types.String(province.CountryId)+"_"+code] = int64(province.Id)
+		}
+	}
+
+	var cityMap = map[string]int64{} // provinceId_cityName => cityId
+	for _, city := range dbCities {
+		for _, code := range city.AllCodes() {
+			cityMap[types.String(city.ProvinceId)+"_"+code] = int64(city.Id)
+		}
+	}
+
+	var townMap = map[string]int64{} // cityId_townName => townId
+	for _, town := range dbTowns {
+		for _, code := range town.AllCodes() {
+			townMap[types.String(town.CityId)+"_"+code] = int64(town.Id)
+		}
+	}
+
+	var providerMap = map[string]int64{} // providerName => providerId
+	for _, provider := range dbProviders {
+		for _, code := range provider.AllCodes() {
+			providerMap[code] = int64(provider.Id)
+		}
+	}
+
+	dataParser, err := iplibrary.NewParser(&iplibrary.ParserConfig{
+		Template:    template,
+		EmptyValues: libraryFile.DecodeEmptyValues(),
+		Iterator: func(values map[string]string) error {
+			var ipFrom = values["ipFrom"]
+			var ipTo = values["ipTo"]
+
+			var countryName = values["country"]
+			var provinceName = values["province"]
+			var cityName = values["city"]
+			var townName = values["town"]
+			var providerName = values["provider"]
+
+			var countryId = countryMap[countryName]
+			var provinceId int64
+			var cityId int64 = 0
+			var townId int64 = 0
+			var providerId = providerMap[providerName]
+
+			if countryId > 0 {
+				provinceId = provinceMap[types.String(countryId)+"_"+provinceName]
+				if provinceId > 0 {
+					cityId = cityMap[types.String(provinceId)+"_"+cityName]
+					if cityId > 0 {
+						townId = townMap[types.String(cityId)+"_"+townName]
+					}
+				}
+			}
+
+			err = writer.Write(ipFrom, ipTo, countryId, provinceId, cityId, townId, providerId)
+			if err != nil {
+				return errors.New("write failed: " + err.Error())
+			}
+
+			return nil
+		},
+	})
+	if err != nil {
+		return err
+	}
+
+	for _, chunkId := range chunkIds {
+		chunk, err := SharedFileChunkDAO.FindFileChunk(tx, chunkId)
+		if err != nil {
+			return err
+		}
+		if chunk == nil {
+			return errors.New("invalid chunk file, please upload again")
+		}
+		dataParser.Write(chunk.Data)
+		err = dataParser.Parse()
+		if err != nil {
+			return err
+		}
+	}
+
+	err = writer.Close()
+	if err != nil {
+		return err
+	}
+
+	// 将生成的内容写入到文件
+	stat, err = os.Stat(filePath)
+	if err != nil {
+		return errors.New("stat generated file failed: " + err.Error())
+	}
+	generatedFileId, err := SharedFileDAO.CreateFile(tx, 0, 0, "ipLibraryFile", "", libraryCode+".db", stat.Size(), "", false)
+	if err != nil {
+		return err
+	}
+
+	fp, err := os.Open(filePath)
+	if err != nil {
+		return errors.New("open generated file failed: " + err.Error())
+	}
+	var buf = make([]byte, 256*1024)
+	for {
+		n, err := fp.Read(buf)
+		if n > 0 {
+			_, err = SharedFileChunkDAO.CreateFileChunk(tx, generatedFileId, buf[:n])
+			if err != nil {
+				return err
+			}
+		}
+		if err != nil {
+			if err != io.EOF {
+				return err
+			}
+			break
+		}
+	}
+	err = SharedFileDAO.UpdateFileIsFinished(tx, generatedFileId)
+	if err != nil {
+		return err
+	}
+
+	// 设置code
+	err = this.Query(tx).
+		Pk(libraryFileId).
+		Set("code", libraryCode).
+		Set("isFinished", true).
+		Set("generatedFileId", generatedFileId).
+		Set("generatedAt", time.Now().Unix()).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	// 添加制品
+	_, err = SharedIPLibraryArtifactDAO.CreateArtifact(tx, libraryFile.Name, generatedFileId, libraryFileId, meta)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// 组合IP库文件名
+func (this *IPLibraryFileDAO) composeFilename(libraryFileId int64, code string) string {
+	return "ip-library-" + types.String(libraryFileId) + "-" + code + ".db"
+}
--- a/internal/db/models/ip_library_file_dao_test.go
+++ b/internal/db/models/ip_library_file_dao_test.go
@@ -0,0 +1,19 @@
+package models_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+	"github.com/iwind/TeaGo/dbs"
+	"testing"
+)
+
+func TestIPLibraryFileDAO_GenerateIPLibrary(t *testing.T) {
+	dbs.NotifyReady()
+
+	var tx *dbs.Tx
+	err := models.SharedIPLibraryFileDAO.GenerateIPLibrary(tx, 4)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/internal/db/models/ip_library_file_model.go
+++ b/internal/db/models/ip_library_file_model.go
@@ -0,0 +1,46 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// IPLibraryFile IP库上传的文件
+type IPLibraryFile struct {
+	Id              uint64   `field:"id"`              // ID
+	Name            string   `field:"name"`            // IP库名称
+	FileId          uint64   `field:"fileId"`          // 原始文件ID
+	Template        string   `field:"template"`        // 模板
+	EmptyValues     dbs.JSON `field:"emptyValues"`     // 空值列表
+	GeneratedFileId uint64   `field:"generatedFileId"` // 生成的文件ID
+	GeneratedAt     uint64   `field:"generatedAt"`     // 生成时间
+	IsFinished      bool     `field:"isFinished"`      // 是否已经完成
+	Countries       dbs.JSON `field:"countries"`       // 国家/地区
+	Provinces       dbs.JSON `field:"provinces"`       // 省份
+	Cities          dbs.JSON `field:"cities"`          // 城市
+	Towns           dbs.JSON `field:"towns"`           // 区县
+	Providers       dbs.JSON `field:"providers"`       // ISP服务商
+	Code            string   `field:"code"`            // 文件代号
+	CreatedAt       uint64   `field:"createdAt"`       // 上传时间
+	State           uint8    `field:"state"`           // 状态
+}
+
+type IPLibraryFileOperator struct {
+	Id              any // ID
+	Name            any // IP库名称
+	FileId          any // 原始文件ID
+	Template        any // 模板
+	EmptyValues     any // 空值列表
+	GeneratedFileId any // 生成的文件ID
+	GeneratedAt     any // 生成时间
+	IsFinished      any // 是否已经完成
+	Countries       any // 国家/地区
+	Provinces       any // 省份
+	Cities          any // 城市
+	Towns           any // 区县
+	Providers       any // ISP服务商
+	Code            any // 文件代号
+	CreatedAt       any // 上传时间
+	State           any // 状态
+}
+
+func NewIPLibraryFileOperator() *IPLibraryFileOperator {
+	return &IPLibraryFileOperator{}
+}
--- a/internal/db/models/ip_library_file_model_ext.go
+++ b/internal/db/models/ip_library_file_model_ext.go
@@ -0,0 +1,69 @@
+package models
+
+import "encoding/json"
+
+func (this *IPLibraryFile) DecodeCountries() []string {
+	var countries = []string{}
+	if IsNotNull(this.Countries) {
+		err := json.Unmarshal(this.Countries, &countries)
+		if err != nil {
+			// ignore error
+		}
+	}
+	return countries
+}
+
+func (this *IPLibraryFile) DecodeProvinces() [][2]string {
+	var provinces = [][2]string{}
+	if IsNotNull(this.Provinces) {
+		err := json.Unmarshal(this.Provinces, &provinces)
+		if err != nil {
+			// ignore error
+		}
+	}
+	return provinces
+}
+
+func (this *IPLibraryFile) DecodeCities() [][3]string {
+	var cities = [][3]string{}
+	if IsNotNull(this.Cities) {
+		err := json.Unmarshal(this.Cities, &cities)
+		if err != nil {
+			// ignore error
+		}
+	}
+	return cities
+}
+
+func (this *IPLibraryFile) DecodeTowns() [][4]string {
+	var towns = [][4]string{}
+	if IsNotNull(this.Towns) {
+		err := json.Unmarshal(this.Towns, &towns)
+		if err != nil {
+			// ignore error
+		}
+	}
+	return towns
+}
+
+func (this *IPLibraryFile) DecodeProviders() []string {
+	var providers = []string{}
+	if IsNotNull(this.Providers) {
+		err := json.Unmarshal(this.Providers, &providers)
+		if err != nil {
+			// ignore error
+		}
+	}
+	return providers
+}
+
+func (this *IPLibraryFile) DecodeEmptyValues() []string {
+	var result = []string{}
+	if IsNotNull(this.EmptyValues) {
+		err := json.Unmarshal(this.EmptyValues, &result)
+		if err != nil {
+			// ignore error
+		}
+	}
+	return result
+}
--- a/internal/db/models/ip_library_model.go
+++ b/internal/db/models/ip_library_model.go
@@ -1,22 +1,26 @@
 package models

-// IP库
+// IPLibrary IP库
 type IPLibrary struct {
 	Id        uint32 `field:"id"`        // ID
 	AdminId   uint32 `field:"adminId"`   // 管理员ID
 	FileId    uint32 `field:"fileId"`    // 文件ID
 	Type      string `field:"type"`      // 类型
+	Name      string `field:"name"`      // 名称
+	IsPublic  bool   `field:"isPublic"`  // 是否公用
 	State     uint8  `field:"state"`     // 状态
 	CreatedAt uint64 `field:"createdAt"` // 创建时间
 }

 type IPLibraryOperator struct {
-	Id        interface{} // ID
-	AdminId   interface{} // 管理员ID
-	FileId    interface{} // 文件ID
-	Type      interface{} // 类型
-	State     interface{} // 状态
-	CreatedAt interface{} // 创建时间
+	Id        any // ID
+	AdminId   any // 管理员ID
+	FileId    any // 文件ID
+	Type      any // 类型
+	Name      any // 名称
+	IsPublic  any // 是否公用
+	State     any // 状态
+	CreatedAt any // 创建时间
 }

 func NewIPLibraryOperator() *IPLibraryOperator {
--- a/internal/db/models/log_dao.go
+++ b/internal/db/models/log_dao.go
@@ -3,6 +3,7 @@ package models
 import (
 	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -38,7 +39,7 @@ func init() {
 func (this *LogDAO) CreateLog(tx *dbs.Tx, adminType string, adminId int64, level string, description string, action string, ip string) error {
 	var op = NewLogOperator()
 	op.Level = level
-	op.Description = description
+	op.Description = utils.LimitString(description, 1000)
 	op.Action = action
 	op.Ip = ip
 	op.Type = adminType
--- a/internal/db/models/nameservers/ns_domain_dao.go
+++ b/internal/db/models/nameservers/ns_domain_dao.go
@@ -1,290 +0,0 @@
-package nameservers
-
-import (
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-)
-
-const (
-	NSDomainStateEnabled  = 1 // 已启用
-	NSDomainStateDisabled = 0 // 已禁用
-)
-
-type NSDomainDAO dbs.DAO
-
-func NewNSDomainDAO() *NSDomainDAO {
-	return dbs.NewDAO(&NSDomainDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSDomains",
-			Model:  new(NSDomain),
-			PkName: "id",
-		},
-	}).(*NSDomainDAO)
-}
-
-var SharedNSDomainDAO *NSDomainDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSDomainDAO = NewNSDomainDAO()
-	})
-}
-
-// EnableNSDomain 启用条目
-func (this *NSDomainDAO) EnableNSDomain(tx *dbs.Tx, domainId int64) error {
-	_, err := this.Query(tx).
-		Pk(domainId).
-		Set("state", NSDomainStateEnabled).
-		Update()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, domainId)
-}
-
-// DisableNSDomain 禁用条目
-func (this *NSDomainDAO) DisableNSDomain(tx *dbs.Tx, domainId int64) error {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	_, err = this.Query(tx).
-		Pk(domainId).
-		Set("state", NSDomainStateDisabled).
-		Set("version", version).
-		Update()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, domainId)
-}
-
-// FindEnabledNSDomain 查找启用中的条目
-func (this *NSDomainDAO) FindEnabledNSDomain(tx *dbs.Tx, id int64) (*NSDomain, error) {
-	result, err := this.Query(tx).
-		Pk(id).
-		Attr("state", NSDomainStateEnabled).
-		Find()
-	if result == nil {
-		return nil, err
-	}
-	return result.(*NSDomain), err
-}
-
-// FindNSDomainName 根据主键查找名称
-func (this *NSDomainDAO) FindNSDomainName(tx *dbs.Tx, id int64) (string, error) {
-	return this.Query(tx).
-		Pk(id).
-		Result("name").
-		FindStringCol("")
-}
-
-// CreateDomain 创建域名
-func (this *NSDomainDAO) CreateDomain(tx *dbs.Tx, clusterId int64, userId int64, name string) (int64, error) {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return 0, err
-	}
-
-	var op = NewNSDomainOperator()
-	op.ClusterId = clusterId
-	op.UserId = userId
-	op.Name = name
-	op.Version = version
-	op.IsOn = true
-	op.State = NSDomainStateEnabled
-	domainId, err := this.SaveInt64(tx, op)
-	if err != nil {
-		return 0, err
-	}
-
-	err = this.NotifyUpdate(tx, domainId)
-	if err != nil {
-		return domainId, err
-	}
-	return domainId, nil
-}
-
-// UpdateDomain 修改域名
-func (this *NSDomainDAO) UpdateDomain(tx *dbs.Tx, domainId int64, clusterId int64, userId int64, isOn bool) error {
-	if domainId <= 0 {
-		return errors.New("invalid domainId")
-	}
-
-	oldClusterId, err := this.Query(tx).
-		Pk(domainId).
-		Result("clusterId").
-		FindInt64Col(0)
-	if err != nil {
-		return err
-	}
-
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	var op = NewNSDomainOperator()
-	op.Id = domainId
-	op.ClusterId = clusterId
-	op.UserId = userId
-	op.IsOn = isOn
-	op.Version = version
-	err = this.Save(tx, op)
-	if err != nil {
-		return err
-	}
-
-	// 通知更新
-	if oldClusterId > 0 && oldClusterId != clusterId {
-		err = models.SharedNSClusterDAO.NotifyUpdate(tx, oldClusterId)
-		if err != nil {
-			return err
-		}
-	}
-
-	return this.NotifyUpdate(tx, domainId)
-}
-
-// CountAllEnabledDomains 计算域名数量
-func (this *NSDomainDAO) CountAllEnabledDomains(tx *dbs.Tx, clusterId int64, userId int64, keyword string) (int64, error) {
-	query := this.Query(tx)
-	if clusterId > 0 {
-		query.Attr("clusterId", clusterId)
-	} else {
-		query.Where("clusterId IN (SELECT id FROM " + models.SharedNSClusterDAO.Table + " WHERE state=1)")
-	}
-	if userId > 0 {
-		query.Attr("userId", userId)
-	} else {
-		query.Where("(userId=0 OR userId IN (SELECT id FROM " + models.SharedUserDAO.Table + " WHERE state=1))")
-	}
-	if len(keyword) > 0 {
-		query.Where("(name LIKE :keyword)").
-			Param("keyword", dbutils.QuoteLike(keyword))
-	}
-
-	return query.
-		State(NSDomainStateEnabled).
-		Count()
-}
-
-// ListEnabledDomains 列出单页域名
-func (this *NSDomainDAO) ListEnabledDomains(tx *dbs.Tx, clusterId int64, userId int64, keyword string, offset int64, size int64) (result []*NSDomain, err error) {
-	query := this.Query(tx)
-	if clusterId > 0 {
-		query.Attr("clusterId", clusterId)
-	} else {
-		query.Where("clusterId IN (SELECT id FROM " + models.SharedNSClusterDAO.Table + " WHERE state=1)")
-	}
-	if userId > 0 {
-		query.Attr("userId", userId)
-	} else {
-		query.Where("(userId=0 OR userId IN (SELECT id FROM " + models.SharedUserDAO.Table + " WHERE state=1))")
-	}
-	if len(keyword) > 0 {
-		query.Where("(name LIKE :keyword)").
-			Param("keyword", dbutils.QuoteLike(keyword))
-	}
-	_, err = query.
-		State(NSDomainStateEnabled).
-		DescPk().
-		Offset(offset).
-		Limit(size).
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// IncreaseVersion 增加版本
-func (this *NSDomainDAO) IncreaseVersion(tx *dbs.Tx) (int64, error) {
-	return models.SharedSysLockerDAO.Increase(tx, "NS_DOMAIN_VERSION", 1)
-}
-
-// ListDomainsAfterVersion 列出某个版本后的域名
-func (this *NSDomainDAO) ListDomainsAfterVersion(tx *dbs.Tx, version int64, size int64) (result []*NSDomain, err error) {
-	if size <= 0 {
-		size = 10000
-	}
-
-	_, err = this.Query(tx).
-		Gte("version", version).
-		Limit(size).
-		Asc("version").
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// FindDomainIdWithName 根据名称查找域名
-func (this *NSDomainDAO) FindDomainIdWithName(tx *dbs.Tx, clusterId int64, name string) (int64, error) {
-	return this.Query(tx).
-		Attr("clusterId", clusterId).
-		Attr("name", name).
-		State(NSDomainStateEnabled).
-		ResultPk().
-		FindInt64Col(0)
-}
-
-// FindEnabledDomainTSIG 获取TSIG配置
-func (this *NSDomainDAO) FindEnabledDomainTSIG(tx *dbs.Tx, domainId int64) ([]byte, error) {
-	tsig, err := this.Query(tx).
-		Pk(domainId).
-		Result("tsig").
-		FindStringCol("")
-	if err != nil {
-		return nil, err
-	}
-	return []byte(tsig), nil
-}
-
-// UpdateDomainTSIG 修改TSIG配置
-func (this *NSDomainDAO) UpdateDomainTSIG(tx *dbs.Tx, domainId int64, tsigJSON []byte) error {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	err = this.Query(tx).
-		Pk(domainId).
-		Set("tsig", tsigJSON).
-		Set("version", version).
-		UpdateQuickly()
-	if err != nil {
-		return err
-	}
-
-	return this.NotifyUpdate(tx, domainId)
-}
-
-// FindEnabledDomainClusterId 获取域名的集群ID
-func (this *NSDomainDAO) FindEnabledDomainClusterId(tx *dbs.Tx, domainId int64) (int64, error) {
-	return this.Query(tx).
-		Pk(domainId).
-		State(NSDomainStateEnabled).
-		Result("clusterId").
-		FindInt64Col(0)
-}
-
-// NotifyUpdate 通知更改
-func (this *NSDomainDAO) NotifyUpdate(tx *dbs.Tx, domainId int64) error {
-	clusterId, err := this.Query(tx).
-		Result("clusterId").
-		Pk(domainId).
-		FindInt64Col(0)
-	if err != nil {
-		return err
-	}
-	if clusterId > 0 {
-		return models.SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, models.NSNodeTaskTypeDomainChanged)
-	}
-
-	return nil
-}
--- a/internal/db/models/nameservers/ns_domain_group_model.go
+++ b/internal/db/models/nameservers/ns_domain_group_model.go
@@ -0,0 +1,24 @@
+package nameservers
+
+// NSDomainGroup 域名分组
+type NSDomainGroup struct {
+	Id     uint64 `field:"id"`     // ID
+	UserId uint64 `field:"userId"` // 用户ID
+	Name   string `field:"name"`   // 分组名称
+	IsOn   bool   `field:"isOn"`   // 是否启用
+	Order  uint32 `field:"order"`  // 排序
+	State  uint8  `field:"state"`  // 状态
+}
+
+type NSDomainGroupOperator struct {
+	Id     interface{} // ID
+	UserId interface{} // 用户ID
+	Name   interface{} // 分组名称
+	IsOn   interface{} // 是否启用
+	Order  interface{} // 排序
+	State  interface{} // 状态
+}
+
+func NewNSDomainGroupOperator() *NSDomainGroupOperator {
+	return &NSDomainGroupOperator{}
+}
--- a/internal/db/models/nameservers/ns_domain_group_model_ext.go
+++ b/internal/db/models/nameservers/ns_domain_group_model_ext.go
@@ -0,0 +1 @@
+package nameservers
--- a/internal/db/models/nameservers/ns_domain_model.go
+++ b/internal/db/models/nameservers/ns_domain_model.go
@@ -4,15 +4,17 @@ import "github.com/iwind/TeaGo/dbs"

 // NSDomain DNS域名
 type NSDomain struct {
-	Id        uint32   `field:"id"`        // ID
+	Id        uint64   `field:"id"`        // ID
 	ClusterId uint32   `field:"clusterId"` // 集群ID
 	UserId    uint32   `field:"userId"`    // 用户ID
 	IsOn      bool     `field:"isOn"`      // 是否启用
 	Name      string   `field:"name"`      // 域名
-	CreatedAt uint64   `field:"createdAt"` // 创建时间
-	Version   uint64   `field:"version"`   // 版本
-	State     uint8    `field:"state"`     // 状态
+	GroupIds  dbs.JSON `field:"groupIds"`  // 分组ID
 	Tsig      dbs.JSON `field:"tsig"`      // TSIG配置
+	CreatedAt uint64   `field:"createdAt"` // 创建时间
+	Version   uint64   `field:"version"`   // 版本号
+	Status    string   `field:"status"`    // 状态：none|verified
+	State     uint8    `field:"state"`     // 状态
 }

 type NSDomainOperator struct {
@@ -21,10 +23,12 @@ type NSDomainOperator struct {
 	UserId    interface{} // 用户ID
 	IsOn      interface{} // 是否启用
 	Name      interface{} // 域名
-	CreatedAt interface{} // 创建时间
-	Version   interface{} // 版本
-	State     interface{} // 状态
+	GroupIds  interface{} // 分组ID
 	Tsig      interface{} // TSIG配置
+	CreatedAt interface{} // 创建时间
+	Version   interface{} // 版本号
+	Status    interface{} // 状态：none|verified
+	State     interface{} // 状态
 }

 func NewNSDomainOperator() *NSDomainOperator {
--- a/internal/db/models/nameservers/ns_domain_model_ext.go
+++ b/internal/db/models/nameservers/ns_domain_model_ext.go
@@ -1 +1,20 @@
 package nameservers
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+)
+
+func (this *NSDomain) DecodeGroupIds() []int64 {
+	if models.IsNull(this.GroupIds) {
+		return nil
+	}
+
+	var result = []int64{}
+	err := json.Unmarshal(this.GroupIds, &result)
+	if err != nil {
+		remotelogs.Error("NSDomain", "DecodeGroupIds:"+err.Error())
+	}
+	return result
+}
--- a/internal/db/models/nameservers/ns_key_dao.go
+++ b/internal/db/models/nameservers/ns_key_dao.go
@@ -1,209 +0,0 @@
-package nameservers
-
-import (
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-)
-
-const (
-	NSKeyStateEnabled  = 1 // 已启用
-	NSKeyStateDisabled = 0 // 已禁用
-)
-
-type NSKeyDAO dbs.DAO
-
-func NewNSKeyDAO() *NSKeyDAO {
-	return dbs.NewDAO(&NSKeyDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSKeys",
-			Model:  new(NSKey),
-			PkName: "id",
-		},
-	}).(*NSKeyDAO)
-}
-
-var SharedNSKeyDAO *NSKeyDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSKeyDAO = NewNSKeyDAO()
-	})
-}
-
-// EnableNSKey 启用条目
-func (this *NSKeyDAO) EnableNSKey(tx *dbs.Tx, id int64) error {
-	_, err := this.Query(tx).
-		Pk(id).
-		Set("state", NSKeyStateEnabled).
-		Update()
-	return err
-}
-
-// DisableNSKey 禁用条目
-func (this *NSKeyDAO) DisableNSKey(tx *dbs.Tx, keyId int64) error {
-	_, err := this.Query(tx).
-		Pk(keyId).
-		Set("state", NSKeyStateDisabled).
-		Update()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, keyId)
-}
-
-// FindEnabledNSKey 查找启用中的条目
-func (this *NSKeyDAO) FindEnabledNSKey(tx *dbs.Tx, id int64) (*NSKey, error) {
-	result, err := this.Query(tx).
-		Pk(id).
-		Attr("state", NSKeyStateEnabled).
-		Find()
-	if result == nil {
-		return nil, err
-	}
-	return result.(*NSKey), err
-}
-
-// FindNSKeyName 根据主键查找名称
-func (this *NSKeyDAO) FindNSKeyName(tx *dbs.Tx, id int64) (string, error) {
-	return this.Query(tx).
-		Pk(id).
-		Result("name").
-		FindStringCol("")
-}
-
-// CreateKey 创建Key
-func (this *NSKeyDAO) CreateKey(tx *dbs.Tx, domainId int64, zoneId int64, name string, algo dnsconfigs.KeyAlgorithmType, secret string, secretType string) (int64, error) {
-	var op = NewNSKeyOperator()
-	op.DomainId = domainId
-	op.ZoneId = zoneId
-	op.Name = name
-	op.Algo = algo
-	op.Secret = secret
-	op.SecretType = secretType
-	op.State = NSKeyStateEnabled
-	keyId, err := this.SaveInt64(tx, op)
-	if err != nil {
-		return 0, err
-	}
-
-	err = this.NotifyUpdate(tx, keyId)
-	if err != nil {
-		return keyId, err
-	}
-
-	return keyId, nil
-}
-
-// UpdateKey 修改Key
-func (this *NSKeyDAO) UpdateKey(tx *dbs.Tx, keyId int64, name string, algo dnsconfigs.KeyAlgorithmType, secret string, secretType string, isOn bool) error {
-	if keyId <= 0 {
-		return errors.New("invalid keyId")
-	}
-	var op = NewNSKeyOperator()
-	op.Id = keyId
-	op.Name = name
-	op.Algo = algo
-	op.Secret = secret
-	op.SecretType = secretType
-	op.IsOn = isOn
-	err := this.Save(tx, op)
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, keyId)
-}
-
-// CountEnabledKeys 计算Key的数量
-func (this *NSKeyDAO) CountEnabledKeys(tx *dbs.Tx, domainId int64, zoneId int64) (int64, error) {
-	var query = this.Query(tx).
-		State(NSKeyStateEnabled)
-	if domainId > 0 {
-		query.Attr("domainId", domainId)
-	}
-	if zoneId > 0 {
-		query.Attr("zoneId", zoneId)
-	}
-	return query.Count()
-}
-
-// ListEnabledKeys 列出单页Key
-func (this *NSKeyDAO) ListEnabledKeys(tx *dbs.Tx, domainId int64, zoneId int64, offset int64, size int64) (result []*NSKey, err error) {
-	var query = this.Query(tx).
-		State(NSKeyStateEnabled)
-	if domainId > 0 {
-		query.Attr("domainId", domainId)
-	}
-	if zoneId > 0 {
-		query.Attr("zoneId", zoneId)
-	}
-	_, err = query.
-		DescPk().
-		Offset(offset).
-		Limit(size).
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// IncreaseVersion 增加版本
-func (this *NSKeyDAO) IncreaseVersion(tx *dbs.Tx) (int64, error) {
-	return models.SharedSysLockerDAO.Increase(tx, "NS_KEY_VERSION", 1)
-}
-
-// ListKeysAfterVersion 列出某个版本后的密钥
-func (this *NSKeyDAO) ListKeysAfterVersion(tx *dbs.Tx, version int64, size int64) (result []*NSKey, err error) {
-	if size <= 0 {
-		size = 10000
-	}
-
-	_, err = this.Query(tx).
-		Gte("version", version).
-		Limit(size).
-		Asc("version").
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// NotifyUpdate 通知更新
-func (this *NSKeyDAO) NotifyUpdate(tx *dbs.Tx, keyId int64) error {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-	err = this.Query(tx).
-		Pk(keyId).
-		Set("version", version).
-		UpdateQuickly()
-	if err != nil {
-		return err
-	}
-
-	// 通知集群
-	domainId, err := this.Query(tx).
-		Pk(keyId).
-		Result("domainId").
-		FindInt64Col(0)
-	if err != nil {
-		return err
-	}
-	if domainId > 0 {
-		clusterId, err := SharedNSDomainDAO.FindEnabledDomainClusterId(tx, domainId)
-		if err != nil {
-			return err
-		}
-		if clusterId > 0 {
-			err = models.SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, models.NSNodeTaskTypeKeyChanged)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
--- a/internal/db/models/nameservers/ns_question_option_dao.go
+++ b/internal/db/models/nameservers/ns_question_option_dao.go
@@ -1,67 +0,0 @@
-package nameservers
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-	"github.com/iwind/TeaGo/maps"
-)
-
-type NSQuestionOptionDAO dbs.DAO
-
-func NewNSQuestionOptionDAO() *NSQuestionOptionDAO {
-	return dbs.NewDAO(&NSQuestionOptionDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSQuestionOptions",
-			Model:  new(NSQuestionOption),
-			PkName: "id",
-		},
-	}).(*NSQuestionOptionDAO)
-}
-
-var SharedNSQuestionOptionDAO *NSQuestionOptionDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSQuestionOptionDAO = NewNSQuestionOptionDAO()
-	})
-}
-
-// FindNSQuestionOptionName 根据主键查找名称
-func (this *NSQuestionOptionDAO) FindNSQuestionOptionName(tx *dbs.Tx, id uint64) (string, error) {
-	return this.Query(tx).
-		Pk(id).
-		Result("name").
-		FindStringCol("")
-}
-
-// CreateOption 创建选项
-func (this *NSQuestionOptionDAO) CreateOption(tx *dbs.Tx, name string, values maps.Map) (int64, error) {
-	if values == nil {
-		values = maps.Map{}
-	}
-	var op = NewNSQuestionOptionOperator()
-	op.Name = name
-	op.Values = values.AsJSON()
-	return this.SaveInt64(tx, op)
-}
-
-// FindOption 读取选项
-func (this *NSQuestionOptionDAO) FindOption(tx *dbs.Tx, optionId int64) (*NSQuestionOption, error) {
-	one, err := this.Query(tx).
-		Pk(optionId).
-		Find()
-	if one == nil {
-		return nil, err
-	}
-	return one.(*NSQuestionOption), nil
-}
-
-// DeleteOption 删除选项
-func (this *NSQuestionOptionDAO) DeleteOption(tx *dbs.Tx, optionId int64) error {
-	_, err := this.Query(tx).
-		Pk(optionId).
-		Delete()
-	return err
-}
--- a/internal/db/models/nameservers/ns_record_dao.go
+++ b/internal/db/models/nameservers/ns_record_dao.go
@@ -1,289 +0,0 @@
-package nameservers
-
-import (
-	"encoding/json"
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-)
-
-const (
-	NSRecordStateEnabled  = 1 // 已启用
-	NSRecordStateDisabled = 0 // 已禁用
-)
-
-type NSRecordDAO dbs.DAO
-
-func NewNSRecordDAO() *NSRecordDAO {
-	return dbs.NewDAO(&NSRecordDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSRecords",
-			Model:  new(NSRecord),
-			PkName: "id",
-		},
-	}).(*NSRecordDAO)
-}
-
-var SharedNSRecordDAO *NSRecordDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSRecordDAO = NewNSRecordDAO()
-	})
-}
-
-// EnableNSRecord 启用条目
-func (this *NSRecordDAO) EnableNSRecord(tx *dbs.Tx, recordId int64) error {
-	_, err := this.Query(tx).
-		Pk(recordId).
-		Set("state", NSRecordStateEnabled).
-		Update()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, recordId)
-}
-
-// DisableNSRecord 禁用条目
-func (this *NSRecordDAO) DisableNSRecord(tx *dbs.Tx, recordId int64) error {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	_, err = this.Query(tx).
-		Pk(recordId).
-		Set("state", NSRecordStateDisabled).
-		Set("version", version).
-		Update()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, recordId)
-}
-
-// FindEnabledNSRecord 查找启用中的条目
-func (this *NSRecordDAO) FindEnabledNSRecord(tx *dbs.Tx, id int64) (*NSRecord, error) {
-	result, err := this.Query(tx).
-		Pk(id).
-		Attr("state", NSRecordStateEnabled).
-		Find()
-	if result == nil {
-		return nil, err
-	}
-	return result.(*NSRecord), err
-}
-
-// FindNSRecordName 根据主键查找名称
-func (this *NSRecordDAO) FindNSRecordName(tx *dbs.Tx, id int64) (string, error) {
-	return this.Query(tx).
-		Pk(id).
-		Result("name").
-		FindStringCol("")
-}
-
-// CreateRecord 创建记录
-func (this *NSRecordDAO) CreateRecord(tx *dbs.Tx, domainId int64, description string, name string, dnsType dnsconfigs.RecordType, value string, ttl int32, routeIds []string) (int64, error) {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return 0, err
-	}
-
-	var op = NewNSRecordOperator()
-	op.DomainId = domainId
-	op.Description = description
-	op.Name = name
-	op.Type = dnsType
-	op.Value = value
-	op.Ttl = ttl
-
-	if len(routeIds) == 0 {
-		op.RouteIds = `["default"]`
-	} else {
-		routeIds, err := json.Marshal(routeIds)
-		if err != nil {
-			return 0, err
-		}
-		op.RouteIds = routeIds
-	}
-
-	op.IsOn = true
-	op.State = NSRecordStateEnabled
-	op.Version = version
-	recordId, err := this.SaveInt64(tx, op)
-	if err != nil {
-		return 0, err
-	}
-
-	err = this.NotifyUpdate(tx, recordId)
-	if err != nil {
-		return 0, err
-	}
-	return recordId, nil
-}
-
-// UpdateRecord 修改记录
-func (this *NSRecordDAO) UpdateRecord(tx *dbs.Tx, recordId int64, description string, name string, dnsType dnsconfigs.RecordType, value string, ttl int32, routeIds []string, isOn bool) error {
-	if recordId <= 0 {
-		return errors.New("invalid recordId")
-	}
-
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	var op = NewNSRecordOperator()
-	op.Id = recordId
-	op.Description = description
-	op.Name = name
-	op.Type = dnsType
-	op.Value = value
-	op.Ttl = ttl
-	op.IsOn = isOn
-
-	if len(routeIds) == 0 {
-		op.RouteIds = `["default"]`
-	} else {
-		routeIds, err := json.Marshal(routeIds)
-		if err != nil {
-			return err
-		}
-		op.RouteIds = routeIds
-	}
-
-	op.Version = version
-
-	err = this.Save(tx, op)
-	if err != nil {
-		return err
-	}
-
-	return this.NotifyUpdate(tx, recordId)
-}
-
-// CountAllEnabledDomainRecords 计算域名中记录数量
-func (this *NSRecordDAO) CountAllEnabledDomainRecords(tx *dbs.Tx, domainId int64, dnsType dnsconfigs.RecordType, keyword string, routeCode string) (int64, error) {
-	query := this.Query(tx).
-		Attr("domainId", domainId).
-		State(NSRecordStateEnabled)
-	if len(dnsType) > 0 {
-		query.Attr("type", dnsType)
-	}
-	if len(keyword) > 0 {
-		query.Where("(name LIKE :keyword OR value LIKE :keyword OR description LIKE :keyword)").
-			Param("keyword", dbutils.QuoteLike(keyword))
-	}
-	if len(routeCode) > 0 {
-		routeCodeJSON, err := json.Marshal(routeCode)
-		if err != nil {
-			return 0, err
-		}
-		query.JSONContains("routeIds", string(routeCodeJSON))
-	}
-	return query.Count()
-}
-
-// CountAllEnabledRecords 计算所有记录数量
-func (this *NSRecordDAO) CountAllEnabledRecords(tx *dbs.Tx) (int64, error) {
-	return this.Query(tx).
-		Where("domainId IN (SELECT id FROM " + SharedNSDomainDAO.Table + " WHERE state=1)").
-		State(NSRecordStateEnabled).
-		Count()
-}
-
-// ListEnabledRecords 列出单页记录
-func (this *NSRecordDAO) ListEnabledRecords(tx *dbs.Tx, domainId int64, dnsType dnsconfigs.RecordType, keyword string, routeCode string, offset int64, size int64) (result []*NSRecord, err error) {
-	query := this.Query(tx).
-		Attr("domainId", domainId).
-		State(NSRecordStateEnabled)
-	if len(dnsType) > 0 {
-		query.Attr("type", dnsType)
-	}
-	if len(keyword) > 0 {
-		query.Where("(name LIKE :keyword OR value LIKE :keyword OR description LIKE :keyword)").
-			Param("keyword", dbutils.QuoteLike(keyword))
-	}
-	if len(routeCode) > 0 {
-		routeCodeJSON, err := json.Marshal(routeCode)
-		if err != nil {
-			return nil, err
-		}
-		query.JSONContains("routeIds", string(routeCodeJSON))
-	}
-	_, err = query.
-		DescPk().
-		Offset(offset).
-		Limit(size).
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// IncreaseVersion 增加版本
-func (this *NSRecordDAO) IncreaseVersion(tx *dbs.Tx) (int64, error) {
-	return models.SharedSysLockerDAO.Increase(tx, "NS_RECORD_VERSION", 1)
-}
-
-// ListRecordsAfterVersion 列出某个版本后的记录
-func (this *NSRecordDAO) ListRecordsAfterVersion(tx *dbs.Tx, version int64, size int64) (result []*NSRecord, err error) {
-	if size <= 0 {
-		size = 10000
-	}
-
-	_, err = this.Query(tx).
-		Gte("version", version).
-		Limit(size).
-		Asc("version").
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// FindEnabledRecordWithName 查询单条记录
-func (this *NSRecordDAO) FindEnabledRecordWithName(tx *dbs.Tx, domainId int64, recordName string, recordType dnsconfigs.RecordType) (*NSRecord, error) {
-	record, err := this.Query(tx).
-		State(NSRecordStateEnabled).
-		Attr("domainId", domainId).
-		Attr("name", recordName).
-		Attr("type", recordType).
-		Find()
-	if record == nil {
-		return nil, err
-	}
-	return record.(*NSRecord), nil
-}
-
-// NotifyUpdate 通知更新
-func (this *NSRecordDAO) NotifyUpdate(tx *dbs.Tx, recordId int64) error {
-	domainId, err := this.Query(tx).
-		Pk(recordId).
-		Result("domainId").
-		FindInt64Col(0)
-	if err != nil {
-		return err
-	}
-
-	if domainId == 0 {
-		return nil
-	}
-
-	clusterId, err := SharedNSDomainDAO.FindEnabledDomainClusterId(tx, domainId)
-	if err != nil {
-		return err
-	}
-
-	if clusterId > 0 {
-		err = models.SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, models.NSNodeTaskTypeRecordChanged)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
--- a/internal/db/models/nameservers/ns_record_dao_test.go
+++ b/internal/db/models/nameservers/ns_record_dao_test.go
@@ -1,29 +0,0 @@
-package nameservers
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	_ "github.com/iwind/TeaGo/bootstrap"
-	"testing"
-)
-
-func TestNSRecord_DecodeRouteIds(t *testing.T) {
-	{
-		record := &NSRecord{}
-		t.Log(record.DecodeRouteIds())
-	}
-
-	{
-		record := &NSRecord{RouteIds: []byte("[]")}
-		t.Log(record.DecodeRouteIds())
-	}
-
-	{
-		record := &NSRecord{RouteIds: []byte("[1, 2, 3]")}
-		t.Log(record.DecodeRouteIds())
-	}
-
-	{
-		record := &NSRecord{RouteIds: []byte(`["id:1", "id:2", "isp:liantong"]`)}
-		t.Log(record.DecodeRouteIds())
-	}
-}
--- a/internal/db/models/nameservers/ns_record_hourly_stat_dao.go
+++ b/internal/db/models/nameservers/ns_record_hourly_stat_dao.go
@@ -1,169 +0,0 @@
-package nameservers
-
-import (
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeAPI/internal/goman"
-	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
-	"github.com/TeaOSLab/EdgeAPI/internal/utils"
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-	"github.com/iwind/TeaGo/maps"
-	"github.com/iwind/TeaGo/rands"
-	timeutil "github.com/iwind/TeaGo/utils/time"
-	"time"
-)
-
-type NSRecordHourlyStatDAO dbs.DAO
-
-func init() {
-	dbs.OnReadyDone(func() {
-		// 清理数据任务
-		var ticker = time.NewTicker(time.Duration(rands.Int(24, 48)) * time.Hour)
-		goman.New(func() {
-			for range ticker.C {
-				err := SharedNSRecordHourlyStatDAO.Clean(nil, 30) // 只保留N天
-				if err != nil {
-					remotelogs.Error("NodeClusterTrafficDailyStatDAO", "clean expired data failed: "+err.Error())
-				}
-			}
-		})
-	})
-}
-
-func NewNSRecordHourlyStatDAO() *NSRecordHourlyStatDAO {
-	return dbs.NewDAO(&NSRecordHourlyStatDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSRecordHourlyStats",
-			Model:  new(NSRecordHourlyStat),
-			PkName: "id",
-		},
-	}).(*NSRecordHourlyStatDAO)
-}
-
-var SharedNSRecordHourlyStatDAO *NSRecordHourlyStatDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSRecordHourlyStatDAO = NewNSRecordHourlyStatDAO()
-	})
-}
-
-// IncreaseHourlyStat 增加统计数据
-func (this *NSRecordHourlyStatDAO) IncreaseHourlyStat(tx *dbs.Tx, clusterId int64, nodeId int64, hour string, domainId int64, recordId int64, countRequests int64, bytes int64) error {
-	if len(hour) != 10 {
-		return errors.New("invalid hour '" + hour + "'")
-	}
-	return this.Query(tx).
-		Param("countRequests", countRequests).
-		Param("bytes", bytes).
-		InsertOrUpdateQuickly(maps.Map{
-			"clusterId":     clusterId,
-			"nodeId":        nodeId,
-			"domainId":      domainId,
-			"recordId":      recordId,
-			"day":           hour[:8],
-			"hour":          hour,
-			"countRequests": countRequests,
-			"bytes":         bytes,
-		}, maps.Map{
-			"countRequests": dbs.SQL("countRequests+:countRequests"),
-			"bytes":         dbs.SQL("bytes+:bytes"),
-		})
-}
-
-// FindHourlyStats 按小时统计
-func (this *NSRecordHourlyStatDAO) FindHourlyStats(tx *dbs.Tx, hourFrom string, hourTo string) (result []*NSRecordHourlyStat, err error) {
-	ones, err := this.Query(tx).
-		Result("hour", "SUM(countRequests) AS countRequests", "SUM(bytes) AS bytes").
-		Between("hour", hourFrom, hourTo).
-		Group("hour").
-		FindAll()
-	if err != nil {
-		return nil, err
-	}
-	var m = map[string]*NSRecordHourlyStat{} // hour => *NSRecordHourlyStat
-	for _, one := range ones {
-		m[one.(*NSRecordHourlyStat).Hour] = one.(*NSRecordHourlyStat)
-	}
-	hours, err := utils.RangeHours(hourFrom, hourTo)
-	if err != nil {
-		return nil, err
-	}
-	for _, hour := range hours {
-		stat, ok := m[hour]
-		if ok {
-			result = append(result, stat)
-		} else {
-			result = append(result, &NSRecordHourlyStat{
-				Hour: hour,
-			})
-		}
-	}
-	return
-}
-
-// FindDailyStats 按天统计
-func (this *NSRecordHourlyStatDAO) FindDailyStats(tx *dbs.Tx, dayFrom string, dayTo string) (result []*NSRecordHourlyStat, err error) {
-	ones, err := this.Query(tx).
-		Result("day", "SUM(countRequests) AS countRequests", "SUM(bytes) AS bytes").
-		Between("day", dayFrom, dayTo).
-		Group("day").
-		FindAll()
-	if err != nil {
-		return nil, err
-	}
-	var m = map[string]*NSRecordHourlyStat{} // day => *NSRecordHourlyStat
-	for _, one := range ones {
-		m[one.(*NSRecordHourlyStat).Day] = one.(*NSRecordHourlyStat)
-	}
-	days, err := utils.RangeDays(dayFrom, dayTo)
-	if err != nil {
-		return nil, err
-	}
-	for _, day := range days {
-		stat, ok := m[day]
-		if ok {
-			result = append(result, stat)
-		} else {
-			result = append(result, &NSRecordHourlyStat{
-				Day: day,
-			})
-		}
-	}
-	return
-}
-
-// ListTopNodes 节点排行
-func (this *NSRecordHourlyStatDAO) ListTopNodes(tx *dbs.Tx, hourFrom string, hourTo string, size int64) (result []*NSRecordHourlyStat, err error) {
-	_, err = this.Query(tx).
-		Result("MIN(clusterId) AS clusterId", "nodeId", "SUM(countRequests) AS countRequests", "SUM(bytes) AS bytes").
-		Between("hour", hourFrom, hourTo).
-		Group("nodeId").
-		Limit(size).
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// ListTopDomains 域名排行
-func (this *NSRecordHourlyStatDAO) ListTopDomains(tx *dbs.Tx, hourFrom string, hourTo string, size int64) (result []*NSRecordHourlyStat, err error) {
-	_, err = this.Query(tx).
-		Result("domainId", "SUM(countRequests) AS countRequests", "SUM(bytes) AS bytes").
-		Between("hour", hourFrom, hourTo).
-		Group("domainId").
-		Limit(size).
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// Clean 清理历史数据
-func (this *NSRecordHourlyStatDAO) Clean(tx *dbs.Tx, days int) error {
-	var hour = timeutil.Format("Ymd00", time.Now().AddDate(0, 0, -days))
-	_, err := this.Query(tx).
-		Lt("hour", hour).
-		Delete()
-	return err
-}
--- a/internal/db/models/nameservers/ns_route_dao.go
+++ b/internal/db/models/nameservers/ns_route_dao.go
@@ -1,268 +0,0 @@
-package nameservers
-
-import (
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-	"github.com/iwind/TeaGo/types"
-	"regexp"
-	"strings"
-)
-
-const (
-	NSRouteStateEnabled  = 1 // 已启用
-	NSRouteStateDisabled = 0 // 已禁用
-)
-
-type NSRouteDAO dbs.DAO
-
-func NewNSRouteDAO() *NSRouteDAO {
-	return dbs.NewDAO(&NSRouteDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSRoutes",
-			Model:  new(NSRoute),
-			PkName: "id",
-		},
-	}).(*NSRouteDAO)
-}
-
-var SharedNSRouteDAO *NSRouteDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSRouteDAO = NewNSRouteDAO()
-	})
-}
-
-// EnableNSRoute 启用条目
-func (this *NSRouteDAO) EnableNSRoute(tx *dbs.Tx, routeId int64) error {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	_, err = this.Query(tx).
-		Pk(routeId).
-		Set("state", NSRouteStateEnabled).
-		Set("version", version).
-		Update()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx)
-}
-
-// DisableNSRoute 禁用条目
-func (this *NSRouteDAO) DisableNSRoute(tx *dbs.Tx, routeId int64) error {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	_, err = this.Query(tx).
-		Pk(routeId).
-		Set("state", NSRouteStateDisabled).
-		Set("version", version).
-		Update()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx)
-}
-
-// FindEnabledNSRoute 查找启用中的条目
-func (this *NSRouteDAO) FindEnabledNSRoute(tx *dbs.Tx, id int64) (*NSRoute, error) {
-	result, err := this.Query(tx).
-		Pk(id).
-		Attr("state", NSRouteStateEnabled).
-		Find()
-	if result == nil {
-		return nil, err
-	}
-	return result.(*NSRoute), err
-}
-
-// FindEnabledRouteWithCode 根据代号获取线路信息
-func (this *NSRouteDAO) FindEnabledRouteWithCode(tx *dbs.Tx, code string) (*NSRoute, error) {
-	if regexp.MustCompile(`^id:\d+$`).MatchString(code) {
-		var routeId = types.Int64(code[strings.Index(code, ":")+1:])
-		route, err := this.FindEnabledNSRoute(tx, routeId)
-		if route == nil || err != nil {
-			return nil, err
-		}
-
-		route.Code = "id:" + types.String(routeId)
-		return route, nil
-	}
-
-	route := dnsconfigs.FindDefaultRoute(code)
-	if route == nil {
-		return nil, nil
-	}
-
-	return &NSRoute{
-		Id:    0,
-		IsOn:  true,
-		Name:  route.Name,
-		Code:  route.Code,
-		State: NSRouteStateEnabled,
-	}, nil
-}
-
-// FindNSRouteName 根据主键查找名称
-func (this *NSRouteDAO) FindNSRouteName(tx *dbs.Tx, id int64) (string, error) {
-	return this.Query(tx).
-		Pk(id).
-		Result("name").
-		FindStringCol("")
-}
-
-// CreateRoute 创建线路
-func (this *NSRouteDAO) CreateRoute(tx *dbs.Tx, clusterId int64, domainId int64, userId int64, name string, rangesJSON []byte) (int64, error) {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return 0, err
-	}
-
-	var op = NewNSRouteOperator()
-	op.ClusterId = clusterId
-	op.DomainId = domainId
-	op.UserId = userId
-	op.Name = name
-	if len(rangesJSON) > 0 {
-		op.Ranges = rangesJSON
-	} else {
-		op.Ranges = "[]"
-	}
-	op.IsOn = true
-	op.State = NSRouteStateEnabled
-	op.Version = version
-	routeId, err := this.SaveInt64(tx, op)
-	if err != nil {
-		return 0, err
-	}
-
-	err = this.NotifyUpdate(tx)
-	if err != nil {
-		return 0, err
-	}
-
-	return routeId, nil
-}
-
-// UpdateRoute 修改线路
-func (this *NSRouteDAO) UpdateRoute(tx *dbs.Tx, routeId int64, name string, rangesJSON []byte) error {
-	if routeId <= 0 {
-		return errors.New("invalid routeId")
-	}
-
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	var op = NewNSRouteOperator()
-	op.Id = routeId
-	op.Name = name
-	if len(rangesJSON) > 0 {
-		op.Ranges = rangesJSON
-	} else {
-		op.Ranges = "[]"
-	}
-
-	op.Version = version
-
-	err = this.Save(tx, op)
-	if err != nil {
-		return err
-	}
-
-	return this.NotifyUpdate(tx)
-}
-
-// UpdateRouteOrders 修改线路排序
-func (this *NSRouteDAO) UpdateRouteOrders(tx *dbs.Tx, routeIds []int64) error {
-	version, err := this.IncreaseVersion(tx)
-	if err != nil {
-		return err
-	}
-
-	order := len(routeIds)
-	for _, routeId := range routeIds {
-		_, err = this.Query(tx).
-			Pk(routeId).
-			Set("order", order).
-			Set("version", version).
-			Update()
-		if err != nil {
-			return err
-		}
-		order--
-	}
-
-	return this.NotifyUpdate(tx)
-}
-
-// FindAllEnabledRoutes 列出所有线路
-func (this *NSRouteDAO) FindAllEnabledRoutes(tx *dbs.Tx, clusterId int64, domainId int64, userId int64) (result []*NSRoute, err error) {
-	query := this.Query(tx).
-		State(NSRouteStateEnabled).
-		Slice(&result).
-		Desc("order").
-		AscPk()
-	if clusterId > 0 {
-		query.Attr("clusterId", clusterId)
-	} else {
-		// 不查询所有集群的线路
-		query.Attr("clusterId", 0)
-	}
-	if domainId > 0 {
-		query.Attr("domainId", domainId)
-	}
-	if userId > 0 {
-		query.Attr("userId", userId)
-	}
-	_, err = query.FindAll()
-	return
-}
-
-// IncreaseVersion 增加版本
-func (this *NSRouteDAO) IncreaseVersion(tx *dbs.Tx) (int64, error) {
-	return models.SharedSysLockerDAO.Increase(tx, "NS_ROUTE_VERSION", 1)
-}
-
-// ListRoutesAfterVersion 列出某个版本后的域名
-func (this *NSRouteDAO) ListRoutesAfterVersion(tx *dbs.Tx, version int64, size int64) (result []*NSRoute, err error) {
-	if size <= 0 {
-		size = 10000
-	}
-
-	_, err = this.Query(tx).
-		Gte("version", version).
-		Limit(size).
-		Asc("version").
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// NotifyUpdate 通知更新
-func (this *NSRouteDAO) NotifyUpdate(tx *dbs.Tx) error {
-	// 线路变更时所有集群都要更新
-	clusterIds, err := models.SharedNSClusterDAO.FindAllEnabledClusterIds(tx)
-	if err != nil {
-		return err
-	}
-	for _, clusterId := range clusterIds {
-		err = models.SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, models.NSNodeTaskTypeRouteChanged)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
--- a/internal/db/models/nameservers/ns_route_dao_test.go
+++ b/internal/db/models/nameservers/ns_route_dao_test.go
@@ -1,6 +0,0 @@
-package nameservers
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	_ "github.com/iwind/TeaGo/bootstrap"
-)
--- a/internal/db/models/nameservers/ns_zone_dao.go
+++ b/internal/db/models/nameservers/ns_zone_dao.go
@@ -1,63 +0,0 @@
-package nameservers
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-)
-
-const (
-	NSZoneStateEnabled  = 1 // 已启用
-	NSZoneStateDisabled = 0 // 已禁用
-)
-
-type NSZoneDAO dbs.DAO
-
-func NewNSZoneDAO() *NSZoneDAO {
-	return dbs.NewDAO(&NSZoneDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSZones",
-			Model:  new(NSZone),
-			PkName: "id",
-		},
-	}).(*NSZoneDAO)
-}
-
-var SharedNSZoneDAO *NSZoneDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSZoneDAO = NewNSZoneDAO()
-	})
-}
-
-// EnableNSZone 启用条目
-func (this *NSZoneDAO) EnableNSZone(tx *dbs.Tx, id uint64) error {
-	_, err := this.Query(tx).
-		Pk(id).
-		Set("state", NSZoneStateEnabled).
-		Update()
-	return err
-}
-
-// DisableNSZone 禁用条目
-func (this *NSZoneDAO) DisableNSZone(tx *dbs.Tx, id uint64) error {
-	_, err := this.Query(tx).
-		Pk(id).
-		Set("state", NSZoneStateDisabled).
-		Update()
-	return err
-}
-
-// FindEnabledNSZone 查找启用中的条目
-func (this *NSZoneDAO) FindEnabledNSZone(tx *dbs.Tx, id uint64) (*NSZone, error) {
-	result, err := this.Query(tx).
-		Pk(id).
-		Attr("state", NSZoneStateEnabled).
-		Find()
-	if result == nil {
-		return nil, err
-	}
-	return result.(*NSZone), err
-}
--- a/internal/db/models/nameservers/ns_zone_dao_test.go
+++ b/internal/db/models/nameservers/ns_zone_dao_test.go
@@ -1,6 +0,0 @@
-package nameservers
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	_ "github.com/iwind/TeaGo/bootstrap"
-)
--- a/internal/db/models/node_cluster_dao.go
+++ b/internal/db/models/node_cluster_dao.go
@@ -55,12 +55,16 @@ func (this *NodeClusterDAO) EnableNodeCluster(tx *dbs.Tx, id int64) error {
 }

 // DisableNodeCluster 禁用条目
-func (this *NodeClusterDAO) DisableNodeCluster(tx *dbs.Tx, id int64) error {
+func (this *NodeClusterDAO) DisableNodeCluster(tx *dbs.Tx, clusterId int64) error {
 	_, err := this.Query(tx).
-		Pk(id).
+		Pk(clusterId).
 		Set("state", NodeClusterStateDisabled).
 		Update()
-	return err
+	if err != nil {
+		return err
+	}
+
+	return SharedNodeLogDAO.DeleteNodeLogsWithCluster(tx, nodeconfigs.NodeRoleNode, clusterId)
 }

 // FindEnabledNodeCluster 查找集群
@@ -143,11 +147,12 @@ func (this *NodeClusterDAO) CreateCluster(tx *dbs.Tx, adminId int64, name string
 	op.DnsDomainId = dnsDomainId
 	op.DnsName = dnsName
 	var dnsConfig = &dnsconfigs.ClusterDNSConfig{
-		NodesAutoSync:   true,
-		ServersAutoSync: true,
-		CNameRecords:    []string{},
-		CNameAsDomain:   true,
-		TTL:             0,
+		NodesAutoSync:    true,
+		ServersAutoSync:  true,
+		CNameRecords:     []string{},
+		CNameAsDomain:    true,
+		TTL:              0,
+		IncludingLnNodes: true,
 	}
 	dnsJSON, err := json.Marshal(dnsConfig)
 	if err != nil {
@@ -464,7 +469,7 @@ func (this *NodeClusterDAO) ExistClusterDNSName(tx *dbs.Tx, dnsName string, excl
 }

 // UpdateClusterDNS 修改集群DNS相关信息
-func (this *NodeClusterDAO) UpdateClusterDNS(tx *dbs.Tx, clusterId int64, dnsName string, dnsDomainId int64, nodesAutoSync bool, serversAutoSync bool, cnameRecords []string, ttl int32, cnameAsDomain bool) error {
+func (this *NodeClusterDAO) UpdateClusterDNS(tx *dbs.Tx, clusterId int64, dnsName string, dnsDomainId int64, nodesAutoSync bool, serversAutoSync bool, cnameRecords []string, ttl int32, cnameAsDomain bool, includingLnNodes bool) error {
 	if clusterId <= 0 {
 		return errors.New("invalid clusterId")
 	}
@@ -500,11 +505,12 @@ func (this *NodeClusterDAO) UpdateClusterDNS(tx *dbs.Tx, clusterId int64, dnsNam
 	}

 	var dnsConfig = &dnsconfigs.ClusterDNSConfig{
-		NodesAutoSync:   nodesAutoSync,
-		ServersAutoSync: serversAutoSync,
-		CNameRecords:    cnameRecords,
-		TTL:             ttl,
-		CNameAsDomain:   cnameAsDomain,
+		NodesAutoSync:    nodesAutoSync,
+		ServersAutoSync:  serversAutoSync,
+		CNameRecords:     cnameRecords,
+		TTL:              ttl,
+		CNameAsDomain:    cnameAsDomain,
+		IncludingLnNodes: includingLnNodes,
 	}
 	dnsJSON, err := json.Marshal(dnsConfig)
 	if err != nil {
@@ -1062,7 +1068,7 @@ func (this *NodeClusterDAO) FindClusterDDoSProtection(tx *dbs.Tx, clusterId int6
 	return one.(*NodeCluster).DecodeDDoSProtection(), nil
 }

-// UpdateClusterDDoSProtection 设置集群的DDOS设置
+// UpdateClusterDDoSProtection 设置集群的DDoS设置
 func (this *NodeClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
 	if clusterId <= 0 {
 		return ErrNotFound
--- a/internal/db/models/node_cluster_dao_test.go
+++ b/internal/db/models/node_cluster_dao_test.go
@@ -2,4 +2,16 @@ package models

 import (
 	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/dbs"
+	"testing"
 )
+
+func TestNodeClusterDAO_DisableNodeCluster(t *testing.T) {
+	dbs.NotifyReady()
+
+	err := SharedNodeClusterDAO.DisableNodeCluster(nil, 46)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
--- a/internal/db/models/node_cluster_model_ext.go
+++ b/internal/db/models/node_cluster_model_ext.go
@@ -11,13 +11,15 @@ func (this *NodeCluster) DecodeDNSConfig() (*dnsconfigs.ClusterDNSConfig, error)
 	if len(this.Dns) == 0 {
 		// 一定要返回一个默认的值，防止产生nil
 		return &dnsconfigs.ClusterDNSConfig{
-			NodesAutoSync:   false,
-			ServersAutoSync: false,
-			CNameAsDomain:   true,
+			NodesAutoSync:    false,
+			ServersAutoSync:  false,
+			CNameAsDomain:    true,
+			IncludingLnNodes: true,
 		}, nil
 	}
 	var dnsConfig = &dnsconfigs.ClusterDNSConfig{
-		CNameAsDomain: true,
+		CNameAsDomain:    true,
+		IncludingLnNodes: true,
 	}
 	err := json.Unmarshal(this.Dns, &dnsConfig)
 	if err != nil {
--- a/internal/db/models/node_dao.go
+++ b/internal/db/models/node_dao.go
@@ -199,7 +199,7 @@ func (this *NodeDAO) CreateNode(tx *dbs.Tx, adminId int64, name string, clusterI
 }

 // UpdateNode 修改节点
-func (this *NodeDAO) UpdateNode(tx *dbs.Tx, nodeId int64, name string, clusterId int64, secondaryClusterIds []int64, groupId int64, regionId int64, isOn bool, level int) error {
+func (this *NodeDAO) UpdateNode(tx *dbs.Tx, nodeId int64, name string, clusterId int64, secondaryClusterIds []int64, groupId int64, regionId int64, isOn bool, level int, lnAddrs []string) error {
 	if nodeId <= 0 {
 		return errors.New("invalid nodeId")
 	}
@@ -248,6 +248,15 @@ func (this *NodeDAO) UpdateNode(tx *dbs.Tx, nodeId int64, name string, clusterId

 	if teaconst.IsPlus {
 		op.Level = level
+
+		if lnAddrs == nil {
+			lnAddrs = []string{}
+		}
+		lnAddrsJSON, err := json.Marshal(lnAddrs)
+		if err != nil {
+			return err
+		}
+		op.LnAddrs = lnAddrsJSON
 	}

 	err = this.Save(tx, op)
@@ -605,7 +614,7 @@ func (this *NodeDAO) FindEnabledNodesWithGroupIdAndLevel(tx *dbs.Tx, groupId int
 	}
 	_, err = this.Query(tx).
 		State(NodeStateEnabled).
-		Result("id", "clusterId", "secondaryClusterIds", "uniqueId", "secret").
+		Result("id", "clusterId", "secondaryClusterIds", "uniqueId", "secret", "lnAddrs").
 		Attr("isOn", true).
 		Attr("groupId", groupId).
 		Attr("level", level).
@@ -1403,7 +1412,7 @@ func (this *NodeDAO) CountAllEnabledNodesWithRegionId(tx *dbs.Tx, regionId int64
 }

 // FindAllEnabledNodesDNSWithClusterId 获取一个集群的节点DNS信息
-func (this *NodeDAO) FindAllEnabledNodesDNSWithClusterId(tx *dbs.Tx, clusterId int64, includeSecondaryNodes bool) (result []*Node, err error) {
+func (this *NodeDAO) FindAllEnabledNodesDNSWithClusterId(tx *dbs.Tx, clusterId int64, includeSecondaryNodes bool, includingLnNodes bool) (result []*Node, err error) {
 	if clusterId <= 0 {
 		return nil, nil
 	}
@@ -1415,6 +1424,9 @@ func (this *NodeDAO) FindAllEnabledNodesDNSWithClusterId(tx *dbs.Tx, clusterId i
 	} else {
 		query.Attr("clusterId", clusterId)
 	}
+	if !includingLnNodes {
+		query.Lte("level", 1)
+	}
 	_, err = query.
 		State(NodeStateEnabled).
 		Attr("isOn", true).
@@ -1668,10 +1680,31 @@ func (this *NodeDAO) UpdateNodeActive(tx *dbs.Tx, nodeId int64, isActive bool) e
 	_, err := this.Query(tx).
 		Pk(nodeId).
 		Set("isActive", isActive).
+		Set("inactiveNotifiedAt", 0).
 		Update()
 	return err
 }

+// UpdateNodeInactiveNotifiedAt 修改节点的离线通知时间
+func (this *NodeDAO) UpdateNodeInactiveNotifiedAt(tx *dbs.Tx, nodeId int64, inactiveAt int64) error {
+	if nodeId <= 0 {
+		return errors.New("invalid nodeId")
+	}
+	_, err := this.Query(tx).
+		Pk(nodeId).
+		Set("inactiveNotifiedAt", inactiveAt).
+		Update()
+	return err
+}
+
+// FindNodeInactiveNotifiedAt 读取上次的节点离线通知时间
+func (this *NodeDAO) FindNodeInactiveNotifiedAt(tx *dbs.Tx, nodeId int64) (int64, error) {
+	return this.Query(tx).
+		Pk(nodeId).
+		Result("inactiveNotifiedAt").
+		FindInt64Col(0)
+}
+
 // FindNodeActive 检查节点活跃状态
 func (this *NodeDAO) FindNodeActive(tx *dbs.Tx, nodeId int64) (bool, error) {
 	isActive, err := this.Query(tx).
@@ -1827,6 +1860,19 @@ func (this *NodeDAO) FindParentNodeConfigs(tx *dbs.Tx, nodeId int64, groupId int
 		if err != nil {
 			return nil, err
 		}
+	} else if nodeId > 0 {
+		// 当前节点所属分组
+		groupId, err = this.Query(tx).Result("groupId").FindInt64Col(0)
+		if err != nil {
+			return nil, err
+		}
+
+		if groupId > 0 {
+			parentNodes, err = this.FindEnabledNodesWithGroupIdAndLevel(tx, groupId, level+1)
+			if err != nil {
+				return nil, err
+			}
+		}
 	}

 	// 当前集群的L2
@@ -1844,14 +1890,18 @@ func (this *NodeDAO) FindParentNodeConfigs(tx *dbs.Tx, nodeId int64, groupId int

 	if len(parentNodes) > 0 {
 		for _, node := range parentNodes {
-			addrs, err := SharedNodeIPAddressDAO.FindNodeAccessAndUpIPAddresses(tx, int64(node.Id), nodeconfigs.NodeRoleNode)
-			if err != nil {
-				return nil, err
-			}
-			var addrStrings = []string{}
-			for _, addr := range addrs {
-				if addr.IsOn {
-					addrStrings = append(addrStrings, addr.DNSIP())
+			// 是否有Ln地址
+			var addrStrings = node.DecodeLnAddrs()
+			if len(addrStrings) == 0 {
+				// 如果没有就取节点的可访问地址
+				addrs, err := SharedNodeIPAddressDAO.FindNodeAccessAndUpIPAddresses(tx, int64(node.Id), nodeconfigs.NodeRoleNode)
+				if err != nil {
+					return nil, err
+				}
+				for _, addr := range addrs {
+					if addr.IsOn {
+						addrStrings = append(addrStrings, addr.DNSIP())
+					}
 				}
 			}

@@ -1890,7 +1940,7 @@ func (this *NodeDAO) FindNodeDDoSProtection(tx *dbs.Tx, nodeId int64) (*ddosconf
 	return one.(*Node).DecodeDDoSProtection(), nil
 }

-// UpdateNodeDDoSProtection 设置集群的DDOS设置
+// UpdateNodeDDoSProtection 设置集群的DDoS设置
 func (this *NodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
 	if nodeId <= 0 {
 		return ErrNotFound
--- a/internal/db/models/node_log_dao.go
+++ b/internal/db/models/node_log_dao.go
@@ -4,6 +4,7 @@ import (
 	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	_ "github.com/go-sql-driver/mysql"
@@ -43,6 +44,8 @@ func init() {

 // CreateLog 创建日志
 func (this *NodeLogDAO) CreateLog(tx *dbs.Tx, nodeRole nodeconfigs.NodeRole, nodeId int64, serverId int64, originId int64, level string, tag string, description string, createdAt int64, logType string, paramsJSON []byte) error {
+	description = utils.LimitString(description, 1000)
+
 	// 修复以前同样的日志
 	if nodeId > 0 && level == "success" && len(logType) > 0 && len(paramsJSON) > 0 {
 		err := this.Query(tx).
@@ -339,8 +342,8 @@ func (this *NodeLogDAO) CountAllUnreadNodeLogs(tx *dbs.Tx) (int64, error) {
 		Count()
 }

-// UpdateNodeLogsRead 设置日志为已读
-func (this *NodeLogDAO) UpdateNodeLogsRead(tx *dbs.Tx, nodeLogIds []int64) error {
+// UpdateNodeLogIdsRead 设置一组日志为已读
+func (this *NodeLogDAO) UpdateNodeLogIdsRead(tx *dbs.Tx, nodeLogIds []int64) error {
 	for _, logId := range nodeLogIds {
 		err := this.Query(tx).
 			Pk(logId).
@@ -353,6 +356,16 @@ func (this *NodeLogDAO) UpdateNodeLogsRead(tx *dbs.Tx, nodeLogIds []int64) error
 	return nil
 }

+// UpdateNodeLogsRead 设置节点日志为已读
+func (this *NodeLogDAO) UpdateNodeLogsRead(tx *dbs.Tx, role nodeconfigs.NodeRole, nodeId int64) error {
+	return this.Query(tx).
+		Attr("role", role).
+		Attr("nodeId", nodeId).
+		Attr("isRead", false).
+		Set("isRead", true).
+		UpdateQuickly()
+}
+
 // UpdateAllNodeLogsRead 设置所有日志为已读
 func (this *NodeLogDAO) UpdateAllNodeLogsRead(tx *dbs.Tx) error {
 	return this.Query(tx).
@@ -363,9 +376,35 @@ func (this *NodeLogDAO) UpdateAllNodeLogsRead(tx *dbs.Tx) error {

 // DeleteNodeLogs 删除某个节点上的日志
 func (this *NodeLogDAO) DeleteNodeLogs(tx *dbs.Tx, role nodeconfigs.NodeRole, nodeId int64) error {
+	if nodeId <= 0 {
+		return nil
+	}
 	_, err := this.Query(tx).
 		Attr("nodeId", nodeId).
 		Attr("role", role).
 		Delete()
 	return err
 }
+
+// DeleteNodeLogsWithCluster 删除某个集群下的所有日志
+func (this *NodeLogDAO) DeleteNodeLogsWithCluster(tx *dbs.Tx, role nodeconfigs.NodeRole, clusterId int64) error {
+	if clusterId <= 0 {
+		return nil
+	}
+	var query = this.Query(tx).
+		Attr("role", role)
+
+	switch role {
+	case nodeconfigs.NodeRoleNode:
+		query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE clusterId=:clusterId)")
+		query.Param("clusterId", clusterId)
+	case nodeconfigs.NodeRoleDNS:
+		query.Where("nodeId IN (SELECT id FROM " + SharedNSNodeDAO.Table + " WHERE clusterId=:clusterId)")
+		query.Param("clusterId", clusterId)
+	default:
+		return nil
+	}
+
+	_, err := query.Delete()
+	return err
+}
--- a/internal/db/models/node_model.go
+++ b/internal/db/models/node_model.go
@@ -8,11 +8,13 @@ type Node struct {
 	AdminId                uint32   `field:"adminId"`                // 管理员ID
 	UserId                 uint32   `field:"userId"`                 // 用户ID
 	Level                  uint8    `field:"level"`                  // 级别
+	LnAddrs                dbs.JSON `field:"lnAddrs"`                // Ln级别访问地址
 	IsOn                   bool     `field:"isOn"`                   // 是否启用
 	IsUp                   bool     `field:"isUp"`                   // 是否在线
 	CountUp                uint32   `field:"countUp"`                // 连续在线次数
 	CountDown              uint32   `field:"countDown"`              // 连续下线次数
 	IsActive               bool     `field:"isActive"`               // 是否活跃
+	InactiveNotifiedAt     uint64   `field:"inactiveNotifiedAt"`     // 离线通知时间
 	UniqueId               string   `field:"uniqueId"`               // 节点ID
 	Secret                 string   `field:"secret"`                 // 密钥
 	Name                   string   `field:"name"`                   // 节点名
@@ -41,40 +43,42 @@ type Node struct {
 }

 type NodeOperator struct {
-	Id                     interface{} // ID
-	AdminId                interface{} // 管理员ID
-	UserId                 interface{} // 用户ID
-	Level                  interface{} // 级别
-	IsOn                   interface{} // 是否启用
-	IsUp                   interface{} // 是否在线
-	CountUp                interface{} // 连续在线次数
-	CountDown              interface{} // 连续下线次数
-	IsActive               interface{} // 是否活跃
-	UniqueId               interface{} // 节点ID
-	Secret                 interface{} // 密钥
-	Name                   interface{} // 节点名
-	Code                   interface{} // 代号
-	ClusterId              interface{} // 主集群ID
-	SecondaryClusterIds    interface{} // 从集群ID
-	RegionId               interface{} // 区域ID
-	GroupId                interface{} // 分组ID
-	CreatedAt              interface{} // 创建时间
-	Status                 interface{} // 最新的状态
-	Version                interface{} // 当前版本号
-	LatestVersion          interface{} // 最后版本号
-	InstallDir             interface{} // 安装目录
-	IsInstalled            interface{} // 是否已安装
-	InstallStatus          interface{} // 安装状态
-	State                  interface{} // 状态
-	ConnectedAPINodes      interface{} // 当前连接的API节点
-	MaxCPU                 interface{} // 可以使用的最多CPU
-	MaxThreads             interface{} // 最大线程数
-	DdosProtection         interface{} // DDOS配置
-	DnsRoutes              interface{} // DNS线路设置
-	MaxCacheDiskCapacity   interface{} // 硬盘缓存容量
-	MaxCacheMemoryCapacity interface{} // 内存缓存容量
-	CacheDiskDir           interface{} // 缓存目录
-	DnsResolver            interface{} // DNS解析器
+	Id                     any // ID
+	AdminId                any // 管理员ID
+	UserId                 any // 用户ID
+	Level                  any // 级别
+	LnAddrs                any // Ln级别访问地址
+	IsOn                   any // 是否启用
+	IsUp                   any // 是否在线
+	CountUp                any // 连续在线次数
+	CountDown              any // 连续下线次数
+	IsActive               any // 是否活跃
+	InactiveNotifiedAt     any // 离线通知时间
+	UniqueId               any // 节点ID
+	Secret                 any // 密钥
+	Name                   any // 节点名
+	Code                   any // 代号
+	ClusterId              any // 主集群ID
+	SecondaryClusterIds    any // 从集群ID
+	RegionId               any // 区域ID
+	GroupId                any // 分组ID
+	CreatedAt              any // 创建时间
+	Status                 any // 最新的状态
+	Version                any // 当前版本号
+	LatestVersion          any // 最后版本号
+	InstallDir             any // 安装目录
+	IsInstalled            any // 是否已安装
+	InstallStatus          any // 安装状态
+	State                  any // 状态
+	ConnectedAPINodes      any // 当前连接的API节点
+	MaxCPU                 any // 可以使用的最多CPU
+	MaxThreads             any // 最大线程数
+	DdosProtection         any // DDOS配置
+	DnsRoutes              any // DNS线路设置
+	MaxCacheDiskCapacity   any // 硬盘缓存容量
+	MaxCacheMemoryCapacity any // 内存缓存容量
+	CacheDiskDir           any // 缓存目录
+	DnsResolver            any // DNS解析器
 }

 func NewNodeOperator() *NodeOperator {
--- a/internal/db/models/node_model_ext.go
+++ b/internal/db/models/node_model_ext.go
@@ -168,3 +168,16 @@ func (this *Node) DecodeDNSResolver() *nodeconfigs.DNSResolverConfig {
 	}
 	return resolverConfig
 }
+
+func (this *Node) DecodeLnAddrs() []string {
+	if IsNull(this.LnAddrs) {
+		return nil
+	}
+
+	var result = []string{}
+	err := json.Unmarshal(this.LnAddrs, &result)
+	if err != nil {
+		// ignore error
+	}
+	return result
+}
--- a/internal/db/models/node_task_dao.go
+++ b/internal/db/models/node_task_dao.go
@@ -23,11 +23,12 @@ const (

 	// NS相关

-	NSNodeTaskTypeConfigChanged NodeTaskType = "nsConfigChanged"
-	NSNodeTaskTypeDomainChanged NodeTaskType = "nsDomainChanged"
-	NSNodeTaskTypeRecordChanged NodeTaskType = "nsRecordChanged"
-	NSNodeTaskTypeRouteChanged  NodeTaskType = "nsRouteChanged"
-	NSNodeTaskTypeKeyChanged    NodeTaskType = "nsKeyChanged"
+	NSNodeTaskTypeConfigChanged         NodeTaskType = "nsConfigChanged"
+	NSNodeTaskTypeDomainChanged         NodeTaskType = "nsDomainChanged"
+	NSNodeTaskTypeRecordChanged         NodeTaskType = "nsRecordChanged"
+	NSNodeTaskTypeRouteChanged          NodeTaskType = "nsRouteChanged"
+	NSNodeTaskTypeKeyChanged            NodeTaskType = "nsKeyChanged"
+	NSNodeTaskTypeDDosProtectionChanged NodeTaskType = "nsDDoSProtectionChanged" // 节点DDoS配置变更
 )

 type NodeTaskDAO dbs.DAO
--- a/internal/db/models/ns_access_log_dao.go
+++ b/internal/db/models/ns_access_log_dao.go
@@ -111,7 +111,7 @@ func (this *NSAccessLogDAO) CreateNSAccessLogsWithDAO(tx *dbs.Tx, daoWrapper *NS
 }

 // ListAccessLogs 读取往前的 单页访问日志
-func (this *NSAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, nodeId int64, domainId int64, recordId int64, keyword string, reverse bool) (result []*NSAccessLog, nextLastRequestId string, hasMore bool, err error) {
+func (this *NSAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, clusterId int64, nodeId int64, domainId int64, recordId int64, recordType string, keyword string, reverse bool) (result []*NSAccessLog, nextLastRequestId string, hasMore bool, err error) {
 	if len(day) != 8 {
 		return
 	}
@@ -121,24 +121,24 @@ func (this *NSAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string, siz
 		size = 1000
 	}

-	result, nextLastRequestId, err = this.listAccessLogs(tx, lastRequestId, size, day, nodeId, domainId, recordId, keyword, reverse)
+	result, nextLastRequestId, err = this.listAccessLogs(tx, lastRequestId, size, day, clusterId, nodeId, domainId, recordId, recordType, keyword, reverse)
 	if err != nil || int64(len(result)) < size {
 		return
 	}

-	moreResult, _, _ := this.listAccessLogs(tx, nextLastRequestId, 1, day, nodeId, domainId, recordId, keyword, reverse)
+	moreResult, _, _ := this.listAccessLogs(tx, nextLastRequestId, 1, day, clusterId, nodeId, domainId, recordId, recordType, keyword, reverse)
 	hasMore = len(moreResult) > 0
 	return
 }

 // 读取往前的单页访问日志
-func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, nodeId int64, domainId int64, recordId int64, keyword string, reverse bool) (result []*NSAccessLog, nextLastRequestId string, err error) {
+func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, clusterId int64, nodeId int64, domainId int64, recordId int64, recordType string, keyword string, reverse bool) (result []*NSAccessLog, nextLastRequestId string, err error) {
 	if size <= 0 {
 		return nil, lastRequestId, nil
 	}

 	accessLogLocker.RLock()
-	daoList := []*NSAccessLogDAOWrapper{}
+	var daoList = []*NSAccessLogDAOWrapper{}
 	for _, daoWrapper := range nsAccessLogDAOMapping {
 		daoList = append(daoList, daoWrapper)
 	}
@@ -151,10 +151,23 @@ func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, siz
 		}}
 	}

-	locker := sync.Mutex{}
+	// 检查是否有集群筛选条件
+	var nodeIds []int64
+	if clusterId > 0 && nodeId <= 0 {
+		nodeIds, err = SharedNSNodeDAO.FindEnabledNodeIdsWithClusterId(tx, clusterId)
+		if err != nil {
+			return
+		}
+		if len(nodeIds) == 0 {
+			// 没有任何节点则直接返回空
+			return nil, "", nil
+		}
+	}

-	count := len(daoList)
-	wg := &sync.WaitGroup{}
+	var locker = sync.Mutex{}
+
+	var count = len(daoList)
+	var wg = &sync.WaitGroup{}
 	wg.Add(count)
 	for _, daoWrapper := range daoList {
 		go func(daoWrapper *NSAccessLogDAOWrapper) {
@@ -172,11 +185,14 @@ func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, siz
 				return
 			}

-			query := dao.Query(tx)
+			var query = dao.Query(tx)

 			// 条件
 			if nodeId > 0 {
 				query.Attr("nodeId", nodeId)
+			} else if clusterId > 0 {
+				query.Attr("nodeId", nodeIds)
+				query.Reuse(false)
 			}
 			if domainId > 0 {
 				query.Attr("domainId", domainId)
@@ -202,6 +218,12 @@ func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, siz
 					Param("keyword", dbutils.QuoteLike(keyword))
 			}

+			// record type
+			if len(recordType) > 0 {
+				query.Where("JSON_EXTRACT(content, '$.questionType')=:recordType")
+				query.Param("recordType", recordType)
+			}
+
 			if !reverse {
 				query.Desc("requestId")
 			} else {
@@ -244,7 +266,7 @@ func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, siz
 		result = result[:size]
 	}

-	requestId := result[len(result)-1].RequestId
+	var requestId = result[len(result)-1].RequestId
 	if reverse {
 		lists.Reverse(result)
 	}
--- a/internal/db/models/ns_cluster_dao.go
+++ b/internal/db/models/ns_cluster_dao.go
@@ -1,11 +1,16 @@
 package models

 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
+	"strconv"
+	"strings"
 )

 const (
@@ -44,12 +49,16 @@ func (this *NSClusterDAO) EnableNSCluster(tx *dbs.Tx, id int64) error {
 }

 // DisableNSCluster 禁用条目
-func (this *NSClusterDAO) DisableNSCluster(tx *dbs.Tx, id int64) error {
+func (this *NSClusterDAO) DisableNSCluster(tx *dbs.Tx, clusterId int64) error {
 	_, err := this.Query(tx).
-		Pk(id).
+		Pk(clusterId).
 		Set("state", NSClusterStateDisabled).
 		Update()
-	return err
+	if err != nil {
+		return err
+	}
+
+	return SharedNodeLogDAO.DeleteNodeLogsWithCluster(tx, nodeconfigs.NodeRoleDNS, clusterId)
 }

 // FindEnabledNSCluster 查找启用中的条目
@@ -84,6 +93,42 @@ func (this *NSClusterDAO) CreateCluster(tx *dbs.Tx, name string, accessLogRefJSO

 	op.IsOn = true
 	op.State = NSClusterStateEnabled
+
+	// 默认端口
+	// TCP
+	{
+		var config = &serverconfigs.TCPProtocolConfig{}
+		config.IsOn = true
+		config.Listen = []*serverconfigs.NetworkAddressConfig{
+			{
+				Protocol:  serverconfigs.ProtocolTCP,
+				PortRange: "53",
+			},
+		}
+		configJSON, err := json.Marshal(config)
+		if err != nil {
+			return 0, err
+		}
+		op.Tcp = configJSON
+	}
+
+	// UDP
+	{
+		var config = &serverconfigs.UDPProtocolConfig{}
+		config.IsOn = true
+		config.Listen = []*serverconfigs.NetworkAddressConfig{
+			{
+				Protocol:  serverconfigs.ProtocolUDP,
+				PortRange: "53",
+			},
+		}
+		configJSON, err := json.Marshal(config)
+		if err != nil {
+			return 0, err
+		}
+		op.Udp = configJSON
+	}
+
 	return this.SaveInt64(tx, op)
 }

@@ -193,6 +238,133 @@ func (this *NSClusterDAO) FindClusterRecursion(tx *dbs.Tx, clusterId int64) ([]b
 	return []byte(recursion), nil
 }

+// FindClusterTCP 查找集群的TCP设置
+func (this *NSClusterDAO) FindClusterTCP(tx *dbs.Tx, clusterId int64) ([]byte, error) {
+	return this.Query(tx).
+		Pk(clusterId).
+		Result("tcp").
+		FindBytesCol()
+}
+
+// UpdateClusterTCP 修改集群的TCP设置
+func (this *NSClusterDAO) UpdateClusterTCP(tx *dbs.Tx, clusterId int64, tcpConfig *serverconfigs.TCPProtocolConfig) error {
+	tcpJSON, err := json.Marshal(tcpConfig)
+	if err != nil {
+		return err
+	}
+	err = this.Query(tx).
+		Pk(clusterId).
+		Set("tcp", tcpJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, clusterId)
+}
+
+// FindClusterTLS 查找集群的TLS设置
+func (this *NSClusterDAO) FindClusterTLS(tx *dbs.Tx, clusterId int64) ([]byte, error) {
+	return this.Query(tx).
+		Pk(clusterId).
+		Result("tls").
+		FindBytesCol()
+}
+
+// UpdateClusterTLS 修改集群的TLS设置
+func (this *NSClusterDAO) UpdateClusterTLS(tx *dbs.Tx, clusterId int64, tlsConfig *serverconfigs.TLSProtocolConfig) error {
+	tlsJSON, err := json.Marshal(tlsConfig)
+	if err != nil {
+		return err
+	}
+	err = this.Query(tx).
+		Pk(clusterId).
+		Set("tls", tlsJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, clusterId)
+}
+
+// FindClusterUDP 查找集群的TCP设置
+func (this *NSClusterDAO) FindClusterUDP(tx *dbs.Tx, clusterId int64) ([]byte, error) {
+	return this.Query(tx).
+		Pk(clusterId).
+		Result("udp").
+		FindBytesCol()
+}
+
+// UpdateClusterUDP 修改集群的UDP设置
+func (this *NSClusterDAO) UpdateClusterUDP(tx *dbs.Tx, clusterId int64, udpConfig *serverconfigs.UDPProtocolConfig) error {
+	udpJSON, err := json.Marshal(udpConfig)
+	if err != nil {
+		return err
+	}
+	err = this.Query(tx).
+		Pk(clusterId).
+		Set("udp", udpJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, clusterId)
+}
+
+// CountAllClustersWithSSLPolicyIds 计算使用SSL策略的所有NS集群数量
+func (this *NSClusterDAO) CountAllClustersWithSSLPolicyIds(tx *dbs.Tx, sslPolicyIds []int64) (count int64, err error) {
+	if len(sslPolicyIds) == 0 {
+		return
+	}
+	policyStringIds := []string{}
+	for _, policyId := range sslPolicyIds {
+		policyStringIds = append(policyStringIds, strconv.FormatInt(policyId, 10))
+	}
+	return this.Query(tx).
+		State(NSClusterStateEnabled).
+		Where("(FIND_IN_SET(JSON_EXTRACT(tls, '$.sslPolicyRef.sslPolicyId'), :policyIds)) ").
+		Param("policyIds", strings.Join(policyStringIds, ",")).
+		Count()
+}
+
+// FindClusterDDoSProtection 获取集群的DDoS设置
+func (this *NSClusterDAO) FindClusterDDoSProtection(tx *dbs.Tx, clusterId int64) (*ddosconfigs.ProtectionConfig, error) {
+	one, err := this.Query(tx).
+		Result("ddosProtection").
+		Pk(clusterId).
+		Find()
+	if one == nil || err != nil {
+		return nil, err
+	}
+
+	return one.(*NSCluster).DecodeDDoSProtection(), nil
+}
+
+// UpdateClusterDDoSProtection 设置集群的DDoS设置
+func (this *NSClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
+	if clusterId <= 0 {
+		return ErrNotFound
+	}
+
+	var op = NewNSClusterOperator()
+	op.Id = clusterId
+
+	if ddosProtection == nil {
+		op.DdosProtection = "{}"
+	} else {
+		ddosProtectionJSON, err := json.Marshal(ddosProtection)
+		if err != nil {
+			return err
+		}
+		op.DdosProtection = ddosProtectionJSON
+	}
+
+	err := this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeDDosProtectionChanged)
+}
+
 // NotifyUpdate 通知更改
 func (this *NSClusterDAO) NotifyUpdate(tx *dbs.Tx, clusterId int64) error {
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeConfigChanged)
--- a/internal/db/models/ns_cluster_dao_test.go
+++ b/internal/db/models/ns_cluster_dao_test.go
@@ -3,4 +3,17 @@ package models
 import (
 	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/iwind/TeaGo/bootstrap"
+	"github.com/iwind/TeaGo/dbs"
+	"testing"
 )
+
+
+func TestNSClusterDAO_DisableNodeCluster(t *testing.T) {
+	dbs.NotifyReady()
+
+	err := SharedNSClusterDAO.DisableNSCluster(nil, 7)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
--- a/internal/db/models/ns_cluster_model.go
+++ b/internal/db/models/ns_cluster_model.go
@@ -4,25 +4,33 @@ import "github.com/iwind/TeaGo/dbs"

 // NSCluster 域名服务器集群
 type NSCluster struct {
-	Id         uint32   `field:"id"`         // ID
-	IsOn       bool     `field:"isOn"`       // 是否启用
-	Name       string   `field:"name"`       // 集群名
-	InstallDir string   `field:"installDir"` // 安装目录
-	State      uint8    `field:"state"`      // 状态
-	AccessLog  dbs.JSON `field:"accessLog"`  // 访问日志配置
-	GrantId    uint32   `field:"grantId"`    // 授权ID
-	Recursion  dbs.JSON `field:"recursion"`  // 递归DNS设置
+	Id             uint32   `field:"id"`             // ID
+	IsOn           bool     `field:"isOn"`           // 是否启用
+	Name           string   `field:"name"`           // 集群名
+	InstallDir     string   `field:"installDir"`     // 安装目录
+	State          uint8    `field:"state"`          // 状态
+	AccessLog      dbs.JSON `field:"accessLog"`      // 访问日志配置
+	GrantId        uint32   `field:"grantId"`        // 授权ID
+	Recursion      dbs.JSON `field:"recursion"`      // 递归DNS设置
+	Tcp            dbs.JSON `field:"tcp"`            // TCP设置
+	Tls            dbs.JSON `field:"tls"`            // TLS设置
+	Udp            dbs.JSON `field:"udp"`            // UDP设置
+	DdosProtection dbs.JSON `field:"ddosProtection"` // DDoS防护设置
 }

 type NSClusterOperator struct {
-	Id         interface{} // ID
-	IsOn       interface{} // 是否启用
-	Name       interface{} // 集群名
-	InstallDir interface{} // 安装目录
-	State      interface{} // 状态
-	AccessLog  interface{} // 访问日志配置
-	GrantId    interface{} // 授权ID
-	Recursion  interface{} // 递归DNS设置
+	Id             any // ID
+	IsOn           any // 是否启用
+	Name           any // 集群名
+	InstallDir     any // 安装目录
+	State          any // 状态
+	AccessLog      any // 访问日志配置
+	GrantId        any // 授权ID
+	Recursion      any // 递归DNS设置
+	Tcp            any // TCP设置
+	Tls            any // TLS设置
+	Udp            any // UDP设置
+	DdosProtection any // DDoS防护设置
 }

 func NewNSClusterOperator() *NSClusterOperator {
--- a/internal/db/models/ns_cluster_model_ext.go
+++ b/internal/db/models/ns_cluster_model_ext.go
@@ -1 +1,29 @@
 package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
+)
+
+// DecodeDDoSProtection 解析DDOS Protection设置
+func (this *NSCluster) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig {
+	if IsNull(this.DdosProtection) {
+		return nil
+	}
+
+	var result = &ddosconfigs.ProtectionConfig{}
+	err := json.Unmarshal(this.DdosProtection, &result)
+	if err != nil {
+		// ignore err
+	}
+	return result
+}
+
+// HasDDoSProtection 检查是否有DDOS设置
+func (this *NSCluster) HasDDoSProtection() bool {
+	var config = this.DecodeDDoSProtection()
+	if config != nil {
+		return config.IsOn()
+	}
+	return false
+}
--- a/internal/db/models/ns_node_dao.go
+++ b/internal/db/models/ns_node_dao.go
@@ -8,12 +8,15 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/rands"
 	"github.com/iwind/TeaGo/types"
+	"time"
 )

 const (
@@ -346,7 +349,7 @@ func (this *NSNodeDAO) UpdateNodeIsInstalled(tx *dbs.Tx, nodeId int64, isInstall
 }

 // UpdateNodeStatus 更改节点状态
-func (this NSNodeDAO) UpdateNodeStatus(tx *dbs.Tx, nodeId int64, nodeStatus *nodeconfigs.NodeStatus) error {
+func (this *NSNodeDAO) UpdateNodeStatus(tx *dbs.Tx, nodeId int64, nodeStatus *nodeconfigs.NodeStatus) error {
 	if nodeStatus == nil {
 		return nil
 	}
@@ -395,7 +398,7 @@ func (this *NSNodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*dnsconfigs.
 		return nil, nil
 	}

-	config := &dnsconfigs.NSNodeConfig{
+	var config = &dnsconfigs.NSNodeConfig{
 		Id:        int64(node.Id),
 		NodeId:    node.UniqueId,
 		Secret:    node.Secret,
@@ -432,19 +435,70 @@ func (this *NSNodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*dnsconfigs.
 	}

 	// 递归DNS配置
-	recursionJSON, err := SharedNSClusterDAO.FindClusterRecursion(tx, int64(node.ClusterId))
-	if err != nil {
-		return nil, err
-	}
-	if len(recursionJSON) > 0 {
+	if IsNotNull(cluster.Recursion) {
 		var recursionConfig = &dnsconfigs.RecursionConfig{}
-		err = json.Unmarshal(recursionJSON, recursionConfig)
+		err = json.Unmarshal(cluster.Recursion, recursionConfig)
 		if err != nil {
 			return nil, err
 		}
 		config.RecursionConfig = recursionConfig
 	}

+	// TCP
+	if IsNotNull(cluster.Tcp) {
+		var tcpConfig = &serverconfigs.TCPProtocolConfig{}
+		err = json.Unmarshal(cluster.Tcp, tcpConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.TCP = tcpConfig
+	}
+
+	// TLS
+	if IsNotNull(cluster.Tls) {
+		var tlsConfig = &serverconfigs.TLSProtocolConfig{}
+		err = json.Unmarshal(cluster.Tls, tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+
+		// SSL
+		if tlsConfig.SSLPolicyRef != nil {
+			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, tlsConfig.SSLPolicyRef.SSLPolicyId, nil)
+			if err != nil {
+				return nil, err
+			}
+			if sslPolicyConfig != nil {
+				tlsConfig.SSLPolicy = sslPolicyConfig
+			}
+		}
+
+		config.TLS = tlsConfig
+	}
+
+	// UDP
+	if IsNotNull(cluster.Udp) {
+		var udpConfig = &serverconfigs.UDPProtocolConfig{}
+		err = json.Unmarshal(cluster.Udp, udpConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.UDP = udpConfig
+	}
+
+	// DDoS
+	config.DDoSProtection = cluster.DecodeDDoSProtection()
+
+	// DDoS Protection
+	var ddosProtection = node.DecodeDDoSProtection()
+	if ddosProtection != nil {
+		if config.DDoSProtection == nil {
+			config.DDoSProtection = ddosProtection
+		} else {
+			config.DDoSProtection.Merge(ddosProtection)
+		}
+	}
+
 	return config, nil
 }

@@ -477,6 +531,7 @@ func (this *NSNodeDAO) UpdateNodeActive(tx *dbs.Tx, nodeId int64, isActive bool)
 		Pk(nodeId).
 		Set("isActive", isActive).
 		Set("statusIsNotified", false).
+		Set("inactiveNotifiedAt", 0).
 		Update()
 	return err
 }
@@ -523,9 +578,18 @@ func (this *NSNodeDAO) UpdateNodeStatusIsNotified(tx *dbs.Tx, nodeId int64) erro
 	return this.Query(tx).
 		Pk(nodeId).
 		Set("statusIsNotified", true).
+		Set("inactiveNotifiedAt", time.Now().Unix()).
 		UpdateQuickly()
 }

+// FindNodeInactiveNotifiedAt 读取上次的节点离线通知时间
+func (this *NSNodeDAO) FindNodeInactiveNotifiedAt(tx *dbs.Tx, nodeId int64) (int64, error) {
+	return this.Query(tx).
+		Pk(nodeId).
+		Result("inactiveNotifiedAt").
+		FindInt64Col(0)
+}
+
 // FindAllNodeIdsMatch 匹配节点并返回节点ID
 func (this *NSNodeDAO) FindAllNodeIdsMatch(tx *dbs.Tx, clusterId int64, includeSecondaryNodes bool, isOn configutils.BoolState) (result []int64, err error) {
 	query := this.Query(tx)
@@ -570,6 +634,73 @@ func (this *NSNodeDAO) UpdateNodeInstallStatus(tx *dbs.Tx, nodeId int64, status
 	return err
 }

+// FindEnabledNodeIdsWithClusterId 查找集群下的所有节点
+func (this *NSNodeDAO) FindEnabledNodeIdsWithClusterId(tx *dbs.Tx, clusterId int64) ([]int64, error) {
+	if clusterId <= 0 {
+		return nil, nil
+	}
+	ones, err := this.Query(tx).
+		ResultPk().
+		Attr("clusterId", clusterId).
+		State(NSNodeStateEnabled).
+		FindAll()
+	if err != nil {
+		return nil, err
+	}
+	var result = []int64{}
+	for _, one := range ones {
+		result = append(result, int64(one.(*NSNode).Id))
+	}
+	return result, nil
+}
+
+// FindNodeDDoSProtection 获取节点的DDOS设置
+func (this *NSNodeDAO) FindNodeDDoSProtection(tx *dbs.Tx, nodeId int64) (*ddosconfigs.ProtectionConfig, error) {
+	one, err := this.Query(tx).
+		Result("ddosProtection").
+		Pk(nodeId).
+		Find()
+	if one == nil || err != nil {
+		return nil, err
+	}
+
+	return one.(*NSNode).DecodeDDoSProtection(), nil
+}
+
+// UpdateNodeDDoSProtection 设置集群的DDOS设置
+func (this *NSNodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
+	if nodeId <= 0 {
+		return ErrNotFound
+	}
+
+	var op = NewNSNodeOperator()
+	op.Id = nodeId
+
+	if ddosProtection == nil {
+		op.DdosProtection = "{}"
+	} else {
+		ddosProtectionJSON, err := json.Marshal(ddosProtection)
+		if err != nil {
+			return err
+		}
+		op.DdosProtection = ddosProtectionJSON
+	}
+
+	err := this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+
+	clusterId, err := this.FindNodeClusterId(tx, nodeId)
+	if err != nil {
+		return err
+	}
+	if clusterId > 0 {
+		return SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleDNS, clusterId, nodeId, 0, NSNodeTaskTypeDDosProtectionChanged, 0)
+	}
+	return nil
+}
+
 // NotifyUpdate 通知更新
 func (this *NSNodeDAO) NotifyUpdate(tx *dbs.Tx, nodeId int64) error {
 	// TODO 先什么都不做
--- a/internal/db/models/ns_node_model.go
+++ b/internal/db/models/ns_node_model.go
@@ -4,41 +4,45 @@ import "github.com/iwind/TeaGo/dbs"

 // NSNode 域名服务器节点
 type NSNode struct {
-	Id                uint32   `field:"id"`                // ID
-	AdminId           uint32   `field:"adminId"`           // 管理员ID
-	ClusterId         uint32   `field:"clusterId"`         // 集群ID
-	Name              string   `field:"name"`              // 节点名称
-	IsOn              bool     `field:"isOn"`              // 是否启用
-	Status            dbs.JSON `field:"status"`            // 运行状态
-	UniqueId          string   `field:"uniqueId"`          // 节点ID
-	Secret            string   `field:"secret"`            // 密钥
-	IsUp              bool     `field:"isUp"`              // 是否运行
-	IsInstalled       bool     `field:"isInstalled"`       // 是否已安装
-	InstallStatus     dbs.JSON `field:"installStatus"`     // 安装状态
-	InstallDir        string   `field:"installDir"`        // 安装目录
-	State             uint8    `field:"state"`             // 状态
-	IsActive          bool     `field:"isActive"`          // 是否活跃
-	StatusIsNotified  uint8    `field:"statusIsNotified"`  // 活跃状态已经通知
-	ConnectedAPINodes dbs.JSON `field:"connectedAPINodes"` // 当前连接的API节点
+	Id                 uint32   `field:"id"`                 // ID
+	AdminId            uint32   `field:"adminId"`            // 管理员ID
+	ClusterId          uint32   `field:"clusterId"`          // 集群ID
+	Name               string   `field:"name"`               // 节点名称
+	IsOn               bool     `field:"isOn"`               // 是否启用
+	Status             dbs.JSON `field:"status"`             // 运行状态
+	UniqueId           string   `field:"uniqueId"`           // 节点ID
+	Secret             string   `field:"secret"`             // 密钥
+	IsUp               bool     `field:"isUp"`               // 是否运行
+	IsInstalled        bool     `field:"isInstalled"`        // 是否已安装
+	InstallStatus      dbs.JSON `field:"installStatus"`      // 安装状态
+	InstallDir         string   `field:"installDir"`         // 安装目录
+	State              uint8    `field:"state"`              // 状态
+	IsActive           bool     `field:"isActive"`           // 是否活跃
+	StatusIsNotified   uint8    `field:"statusIsNotified"`   // 活跃状态已经通知
+	InactiveNotifiedAt uint64   `field:"inactiveNotifiedAt"` // 离线通知时间
+	ConnectedAPINodes  dbs.JSON `field:"connectedAPINodes"`  // 当前连接的API节点
+	DdosProtection     dbs.JSON `field:"ddosProtection"`     // DDoS防护设置
 }

 type NSNodeOperator struct {
-	Id                interface{} // ID
-	AdminId           interface{} // 管理员ID
-	ClusterId         interface{} // 集群ID
-	Name              interface{} // 节点名称
-	IsOn              interface{} // 是否启用
-	Status            interface{} // 运行状态
-	UniqueId          interface{} // 节点ID
-	Secret            interface{} // 密钥
-	IsUp              interface{} // 是否运行
-	IsInstalled       interface{} // 是否已安装
-	InstallStatus     interface{} // 安装状态
-	InstallDir        interface{} // 安装目录
-	State             interface{} // 状态
-	IsActive          interface{} // 是否活跃
-	StatusIsNotified  interface{} // 活跃状态已经通知
-	ConnectedAPINodes interface{} // 当前连接的API节点
+	Id                 any // ID
+	AdminId            any // 管理员ID
+	ClusterId          any // 集群ID
+	Name               any // 节点名称
+	IsOn               any // 是否启用
+	Status             any // 运行状态
+	UniqueId           any // 节点ID
+	Secret             any // 密钥
+	IsUp               any // 是否运行
+	IsInstalled        any // 是否已安装
+	InstallStatus      any // 安装状态
+	InstallDir         any // 安装目录
+	State              any // 状态
+	IsActive           any // 是否活跃
+	StatusIsNotified   any // 活跃状态已经通知
+	InactiveNotifiedAt any // 离线通知时间
+	ConnectedAPINodes  any // 当前连接的API节点
+	DdosProtection     any // DDoS防护设置
 }

 func NewNSNodeOperator() *NSNodeOperator {
--- a/internal/db/models/ns_node_model_ext.go
+++ b/internal/db/models/ns_node_model_ext.go
@@ -3,6 +3,7 @@ package models
 import (
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	"time"
 )

@@ -39,3 +40,40 @@ func (this *NSNode) DecodeStatus() (*nodeconfigs.NodeStatus, error) {
 	}
 	return status, nil
 }
+
+// DecodeDDoSProtection 解析DDoS Protection设置
+func (this *NSNode) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig {
+	if IsNull(this.DdosProtection) {
+		return nil
+	}
+
+	var result = &ddosconfigs.ProtectionConfig{}
+	err := json.Unmarshal(this.DdosProtection, &result)
+	if err != nil {
+		// ignore err
+	}
+	return result
+}
+
+// HasDDoSProtection 检查是否有DDOS设置
+func (this *NSNode) HasDDoSProtection() bool {
+	var config = this.DecodeDDoSProtection()
+	if config != nil {
+		return !config.IsPriorEmpty()
+	}
+	return false
+}
+
+// DecodeConnectedAPINodes 解析连接的API节点列表
+func (this *NSNode) DecodeConnectedAPINodes() []int64 {
+	if IsNull(this.ConnectedAPINodes) {
+		return nil
+	}
+
+	var result = []int64{}
+	err := json.Unmarshal(this.ConnectedAPINodes, &result)
+	if err != nil {
+		// ignore err
+	}
+	return result
+}
--- a/internal/db/models/regions/region_city_dao.go
+++ b/internal/db/models/regions/region_city_dao.go
@@ -2,11 +2,14 @@ package regions

 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
+	"sort"
 	"strconv"
 )

@@ -105,7 +108,18 @@ func (this *RegionCityDAO) CreateCity(tx *dbs.Tx, provinceId int64, name string,
 	return types.Int64(op.Id), nil
 }

-// FindCityIdWithNameCacheable 根据城市名查找城市ID
+// FindCityIdWithName 根据城市名查找城市ID
+func (this *RegionCityDAO) FindCityIdWithName(tx *dbs.Tx, provinceId int64, cityName string) (int64, error) {
+	return this.Query(tx).
+		Attr("provinceId", provinceId).
+		Where("(name=:cityName OR customName=:cityName OR JSON_CONTAINS(codes, :cityNameJSON) OR JSON_CONTAINS(customCodes, :cityNameJSON))").
+		Param("cityName", cityName).
+		Param("cityNameJSON", strconv.Quote(cityName)). // 查询的需要是个JSON字符串，所以这里加双引号
+		ResultPk().
+		FindInt64Col(0)
+}
+
+// FindCityIdWithNameCacheable 根据城市名查找城市ID，并加入缓存
 func (this *RegionCityDAO) FindCityIdWithNameCacheable(tx *dbs.Tx, provinceId int64, cityName string) (int64, error) {
 	key := cityName + "@" + numberutils.FormatInt64(provinceId)

@@ -119,16 +133,19 @@ func (this *RegionCityDAO) FindCityIdWithNameCacheable(tx *dbs.Tx, provinceId in

 	cityId, err := this.Query(tx).
 		Attr("provinceId", provinceId).
-		Where("JSON_CONTAINS(codes, :cityName)").
-		Param("cityName", strconv.Quote(cityName)). // 查询的需要是个JSON字符串，所以这里加双引号
+		Where("(name=:cityName OR customName=:cityName OR JSON_CONTAINS(codes, :cityNameJSON) OR JSON_CONTAINS(customCodes, :cityNameJSON))").
+		Param("cityName", cityName).
+		Param("cityNameJSON", strconv.Quote(cityName)). // 查询的需要是个JSON字符串，所以这里加双引号
 		ResultPk().
 		FindInt64Col(0)
 	if err != nil {
 		return 0, err
 	}
-	SharedCacheLocker.Lock()
-	regionCityNameAndIdCacheMap[key] = cityId
-	SharedCacheLocker.Unlock()
+	if cityId > 0 {
+		SharedCacheLocker.Lock()
+		regionCityNameAndIdCacheMap[key] = cityId
+		SharedCacheLocker.Unlock()
+	}

 	return cityId, nil
 }
@@ -141,3 +158,75 @@ func (this *RegionCityDAO) FindAllEnabledCities(tx *dbs.Tx) (result []*RegionCit
 		FindAll()
 	return
 }
+
+// FindAllEnabledCitiesWithProvinceId 获取某个省份下的所有城市
+func (this *RegionCityDAO) FindAllEnabledCitiesWithProvinceId(tx *dbs.Tx, provinceId int64) (result []*RegionCity, err error) {
+	_, err = this.Query(tx).
+		Attr("provinceId", provinceId).
+		State(RegionCityStateEnabled).
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// UpdateCityCustom 自定义城市信息
+func (this *RegionCityDAO) UpdateCityCustom(tx *dbs.Tx, cityId int64, customName string, customCodes []string) error {
+	if customCodes == nil {
+		customCodes = []string{}
+	}
+	customCodesJSON, err := json.Marshal(customCodes)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		SharedCacheLocker.Lock()
+		regionCityNameAndIdCacheMap = map[string]int64{}
+		SharedCacheLocker.Unlock()
+	}()
+
+	return this.Query(tx).
+		Pk(cityId).
+		Set("customName", customName).
+		Set("customCodes", customCodesJSON).
+		UpdateQuickly()
+}
+
+// FindSimilarCities 查找类似城市名
+func (this *RegionCityDAO) FindSimilarCities(cities []*RegionCity, cityName string, size int) (result []*RegionCity) {
+	if len(cities) == 0 {
+		return
+	}
+
+	var similarResult = []maps.Map{}
+
+	for _, city := range cities {
+		var similarityList = []float32{}
+		for _, code := range city.AllCodes() {
+			var similarity = utils.Similar(cityName, code)
+			if similarity > 0 {
+				similarityList = append(similarityList, similarity)
+			}
+		}
+		if len(similarityList) > 0 {
+			similarResult = append(similarResult, maps.Map{
+				"similarity": numberutils.Max(similarityList...),
+				"city":       city,
+			})
+		}
+	}
+
+	sort.Slice(similarResult, func(i, j int) bool {
+		return similarResult[i].GetFloat32("similarity") > similarResult[j].GetFloat32("similarity")
+	})
+
+	if len(similarResult) > size {
+		similarResult = similarResult[:size]
+	}
+
+	for _, r := range similarResult {
+		result = append(result, r.Get("city").(*RegionCity))
+	}
+
+	return
+}
--- a/internal/db/models/regions/region_city_model.go
+++ b/internal/db/models/regions/region_city_model.go
@@ -2,23 +2,27 @@ package regions

 import "github.com/iwind/TeaGo/dbs"

-// RegionCity 区域城市
+// RegionCity 区域-城市
 type RegionCity struct {
-	Id         uint32   `field:"id"`         // ID
-	ProvinceId uint32   `field:"provinceId"` // 省份ID
-	Name       string   `field:"name"`       // 名称
-	Codes      dbs.JSON `field:"codes"`      // 代号
-	State      uint8    `field:"state"`      // 状态
-	DataId     string   `field:"dataId"`     // 原始数据ID
+	Id          uint32   `field:"id"`          // ID
+	ProvinceId  uint32   `field:"provinceId"`  // 省份ID
+	Name        string   `field:"name"`        // 名称
+	Codes       dbs.JSON `field:"codes"`       // 代号
+	CustomName  string   `field:"customName"`  // 自定义名称
+	CustomCodes dbs.JSON `field:"customCodes"` // 自定义代号
+	State       uint8    `field:"state"`       // 状态
+	DataId      string   `field:"dataId"`      // 原始数据ID
 }

 type RegionCityOperator struct {
-	Id         interface{} // ID
-	ProvinceId interface{} // 省份ID
-	Name       interface{} // 名称
-	Codes      interface{} // 代号
-	State      interface{} // 状态
-	DataId     interface{} // 原始数据ID
+	Id          interface{} // ID
+	ProvinceId  interface{} // 省份ID
+	Name        interface{} // 名称
+	Codes       interface{} // 代号
+	CustomName  interface{} // 自定义名称
+	CustomCodes interface{} // 自定义代号
+	State       interface{} // 状态
+	DataId      interface{} // 原始数据ID
 }

 func NewRegionCityOperator() *RegionCityOperator {
--- a/internal/db/models/regions/region_city_model_ext.go
+++ b/internal/db/models/regions/region_city_model_ext.go
@@ -2,17 +2,56 @@ package regions

 import (
 	"encoding/json"
-	"github.com/iwind/TeaGo/logs"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/iwind/TeaGo/lists"
 )

 func (this *RegionCity) DecodeCodes() []string {
 	if len(this.Codes) == 0 {
 		return []string{}
 	}
-	result := []string{}
+	var result = []string{}
 	err := json.Unmarshal(this.Codes, &result)
 	if err != nil {
-		logs.Error(err)
+		remotelogs.Error("RegionCity.DecodeCodes", err.Error())
 	}
 	return result
 }
+
+func (this *RegionCity) DecodeCustomCodes() []string {
+	if len(this.CustomCodes) == 0 {
+		return []string{}
+	}
+	var result = []string{}
+	err := json.Unmarshal(this.CustomCodes, &result)
+	if err != nil {
+		remotelogs.Error("RegionCity.DecodeCustomCodes", err.Error())
+	}
+	return result
+}
+
+func (this *RegionCity) DisplayName() string {
+	if len(this.CustomName) > 0 {
+		return this.CustomName
+	}
+	return this.Name
+}
+
+func (this *RegionCity) AllCodes() []string {
+	var codes = this.DecodeCodes()
+
+	if len(this.Name) > 0 && !lists.ContainsString(codes, this.Name) {
+		codes = append(codes, this.Name)
+	}
+
+	if len(this.CustomName) > 0 && !lists.ContainsString(codes, this.CustomName) {
+		codes = append(codes, this.CustomName)
+	}
+
+	for _, code := range this.DecodeCustomCodes() {
+		if !lists.ContainsString(codes, code) {
+			codes = append(codes, code)
+		}
+	}
+	return codes
+}
--- a/internal/db/models/regions/region_country_dao.go
+++ b/internal/db/models/regions/region_country_dao.go
@@ -2,11 +2,15 @@ package regions

 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	"github.com/mozillazg/go-pinyin"
+	"sort"
 	"strconv"
 	"strings"
 )
@@ -16,6 +20,10 @@ const (
 	RegionCountryStateDisabled = 0 // 已禁用
 )

+const (
+	CountryChinaId = 1
+)
+
 var regionCountryNameAndIdCacheMap = map[string]int64{} // country name => id
 var regionCountryIdAndNameCacheMap = map[int64]string{} // country id => name

@@ -88,7 +96,9 @@ func (this *RegionCountryDAO) FindRegionCountryName(tx *dbs.Tx, id int64) (strin
 		return "", err
 	}

-	regionCountryIdAndNameCacheMap[id] = name
+	if len(name) > 0 {
+		regionCountryIdAndNameCacheMap[id] = name
+	}
 	return name, nil
 }

@@ -103,8 +113,9 @@ func (this *RegionCountryDAO) FindCountryIdWithDataId(tx *dbs.Tx, dataId string)
 // FindCountryIdWithName 根据国家名查找国家ID
 func (this *RegionCountryDAO) FindCountryIdWithName(tx *dbs.Tx, countryName string) (int64, error) {
 	return this.Query(tx).
-		Where("JSON_CONTAINS(codes, :countryName)").
-		Param("countryName", strconv.Quote(countryName)). // 查询的需要是个JSON字符串，所以这里加双引号
+		Where("(name=:countryName OR JSON_CONTAINS(codes, :countryNameJSON) OR customName=:countryName OR JSON_CONTAINS(customCodes, :countryNameJSON))").
+		Param("countryName", countryName).
+		Param("countryNameJSON", strconv.Quote(countryName)). // 查询的需要是个JSON字符串，所以这里加双引号
 		ResultPk().
 		FindInt64Col(0)
 }
@@ -124,9 +135,11 @@ func (this *RegionCountryDAO) FindCountryIdWithNameCacheable(tx *dbs.Tx, country
 		return 0, err
 	}

-	SharedCacheLocker.Lock()
-	regionCountryNameAndIdCacheMap[countryName] = countryId
-	SharedCacheLocker.Unlock()
+	if countryId > 0 {
+		SharedCacheLocker.Lock()
+		regionCountryNameAndIdCacheMap[countryName] = countryId
+		SharedCacheLocker.Unlock()
+	}

 	return countryId, nil
 }
@@ -160,7 +173,7 @@ func (this *RegionCountryDAO) CreateCountry(tx *dbs.Tx, name string, dataId stri
 	return types.Int64(op.Id), nil
 }

-// FindAllEnabledCountriesOrderByPinyin 查找所有可用的国家
+// FindAllEnabledCountriesOrderByPinyin 查找所有可用的国家并按拼音排序
 func (this *RegionCountryDAO) FindAllEnabledCountriesOrderByPinyin(tx *dbs.Tx) (result []*RegionCountry, err error) {
 	_, err = this.Query(tx).
 		State(RegionCountryStateEnabled).
@@ -169,3 +182,76 @@ func (this *RegionCountryDAO) FindAllEnabledCountriesOrderByPinyin(tx *dbs.Tx) (
 		FindAll()
 	return
 }
+
+// FindAllCountries 查找所有可用的国家
+func (this *RegionCountryDAO) FindAllCountries(tx *dbs.Tx) (result []*RegionCountry, err error) {
+	_, err = this.Query(tx).
+		State(RegionCountryStateEnabled).
+		Slice(&result).
+		AscPk().
+		FindAll()
+	return
+}
+
+// UpdateCountryCustom 修改国家/地区自定义
+func (this *RegionCountryDAO) UpdateCountryCustom(tx *dbs.Tx, countryId int64, customName string, customCodes []string) error {
+	if customCodes == nil {
+		customCodes = []string{}
+	}
+	customCodesJSON, err := json.Marshal(customCodes)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		SharedCacheLocker.Lock()
+		regionCountryNameAndIdCacheMap = map[string]int64{}
+		regionCountryIdAndNameCacheMap = map[int64]string{}
+		SharedCacheLocker.Unlock()
+	}()
+
+	return this.Query(tx).
+		Pk(countryId).
+		Set("customName", customName).
+		Set("customCodes", customCodesJSON).
+		UpdateQuickly()
+}
+
+// FindSimilarCountries 查找类似国家/地区名
+func (this *RegionCountryDAO) FindSimilarCountries(countries []*RegionCountry, countryName string, size int) (result []*RegionCountry) {
+	if len(countries) == 0 {
+		return
+	}
+
+	var similarResult = []maps.Map{}
+
+	for _, country := range countries {
+		var similarityList = []float32{}
+		for _, code := range country.AllCodes() {
+			var similarity = utils.Similar(countryName, code)
+			if similarity > 0 {
+				similarityList = append(similarityList, similarity)
+			}
+		}
+		if len(similarityList) > 0 {
+			similarResult = append(similarResult, maps.Map{
+				"similarity": numberutils.Max(similarityList...),
+				"country":    country,
+			})
+		}
+	}
+
+	sort.Slice(similarResult, func(i, j int) bool {
+		return similarResult[i].GetFloat32("similarity") > similarResult[j].GetFloat32("similarity")
+	})
+
+	if len(similarResult) > size {
+		similarResult = similarResult[:size]
+	}
+
+	for _, r := range similarResult {
+		result = append(result, r.Get("country").(*RegionCountry))
+	}
+
+	return
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
刘祥超	d0b908bcaa	自动添加firewalld使用异步	2022-09-04 06:36:22 +08:00
刘祥超	3de25d4fe1	优化代码	2022-09-03 22:23:16 +08:00
刘祥超	07194855bf	优化代码	2022-09-03 22:03:22 +08:00
刘祥超	d0f1eb13ee	优化节点活跃检测机制	2022-09-03 12:43:06 +08:00
刘祥超	a0930bfd74	远程安装节点出错时打印stderr	2022-08-30 11:40:01 +08:00
刘祥超	08cff8affc	可以通过用户API修改鉴权	2022-08-30 11:23:35 +08:00
刘祥超	02132e9262	用户系统也可以申请ACME证书	2022-08-28 20:02:13 +08:00
刘祥超	61b6a49885	增加修改全体用户功能API	2022-08-28 17:01:09 +08:00
刘祥超	896e54ebe8	提供按小时、按天查询带宽峰值的API	2022-08-28 15:56:16 +08:00
刘祥超	1b36bad60a	指标统计使用事务	2022-08-27 18:50:42 +08:00
刘祥超	fc14800d70	服务列表带宽使用新的算法	2022-08-27 18:39:00 +08:00
刘祥超	fa61f277e4	服务访问日志改成通过事务写入，以提升写入速度	2022-08-27 14:57:47 +08:00
刘祥超	9117309472	可以修改服务的CNAME	2022-08-26 19:51:21 +08:00
刘祥超	6bb2977d59	Ln节点可以指定访问IP	2022-08-25 20:37:10 +08:00
刘祥超	df9dce76cb	集群DNS设置中增加”包含Ln节点“选项	2022-08-25 19:18:30 +08:00
刘祥超	4cb9c85a1c	节点运行日志可以按照节点ID设置为已读	2022-08-25 18:26:52 +08:00
刘祥超	f4f5389ffb	请求限制API支持用户调用	2022-08-25 15:35:55 +08:00
刘祥超	5d336eb77d	优化代码	2022-08-23 21:42:05 +08:00
刘祥超	c552eb3b0e	IP库增加制品管理/统计中相关区域名称可以显示别名	2022-08-23 19:40:17 +08:00
刘祥超	455952e9e4	提交SQL	2022-08-22 15:12:20 +08:00
刘祥超	7132401c7f	NS节点基本的DDoS防护	2022-08-22 15:11:22 +08:00
刘祥超	a4dddfb139	优化代码	2022-08-22 11:02:16 +08:00
刘祥超	7ef32bad97	IP库改为手动初始化	2022-08-21 23:09:59 +08:00
刘祥超	732513a644	用户节点版本修改为0.4.1	2022-08-21 20:50:00 +08:00
刘祥超	756cf4a9ae	初步完成新版IP库	2022-08-21 20:38:34 +08:00
刘祥超	a15a630265	更新SQL	2022-08-20 19:57:25 +08:00
刘祥超	3fab1b8294	DNS节点版本号改为0.2.6	2022-08-20 15:27:02 +08:00
刘祥超	215635f429	版本修改为0.5.2	2022-08-17 18:58:20 +08:00
刘祥超	dbb1ae180b	版本修改为0.5.1	2022-08-15 19:38:40 +08:00
刘祥超	e8d4d01d85	改进一处日志	2022-08-15 15:17:09 +08:00
刘祥超	6593989a84	修复日志内容可能过长而无法存入数据库的问题	2022-08-15 15:05:47 +08:00
刘祥超	004e640321	修复升级数据库时主键可能冲突的问题	2022-08-15 00:02:38 +08:00
刘祥超	7ad315ae4b	IP库管理阶段性提交（未完成）	2022-08-14 20:03:01 +08:00
刘祥超	ba938e5361	新版IP库管理阶段性提交（未完成）	2022-08-13 23:55:48 +08:00
刘祥超	9ddf02a0e6	更新TeaGo	2022-08-11 11:52:35 +08:00
刘祥超	ebcbd5690d	删除不必要的文件	2022-08-09 18:30:23 +08:00
刘祥超	bbca766fa4	删除不必要的文件	2022-08-09 17:35:35 +08:00
刘祥超	99c7819d3a	更新SQL	2022-08-07 19:04:16 +08:00
刘祥超	08bb3e66f8	修改版本号为0.5.0	2022-08-07 19:02:19 +08:00
刘祥超	9159820742	只有发送过离线通知的节点才会发送恢复在线通知	2022-08-07 17:28:54 +08:00
刘祥超	1a565b2ebb	优化代码/启用的日志策略排在最前面	2022-08-07 15:10:05 +08:00
刘祥超	98847c53ea	更新SQL	2022-08-06 20:31:28 +08:00
刘祥超	14bafc8f20	优化代码	2022-08-06 20:28:32 +08:00
刘祥超	58a5bd0092	优化代码	2022-08-05 21:05:34 +08:00
刘祥超	4f1ce52f6a	优化代码	2022-08-05 19:25:31 +08:00
刘祥超	14ba7f6899	优化访问日志策略测试时的失败提示	2022-08-05 19:11:21 +08:00
刘祥超	e582e37c06	优化代码	2022-08-05 14:45:56 +08:00
刘祥超	6a3fa9f0ca	删除不必要的文件	2022-08-05 14:40:42 +08:00
刘祥超	e0a9965fed	简化API	2022-08-04 19:36:25 +08:00
刘祥超	481fa8cd2d	增加查找使用某个证书的NS集群数量的API	2022-08-04 16:25:09 +08:00
刘祥超	95349dc457	允许用户标记上传文件状态	2022-08-04 16:01:07 +08:00
刘祥超	fc839f96d2	优化代码	2022-08-04 15:12:39 +08:00
刘祥超	0414cc02e8	优化代码	2022-08-04 11:41:42 +08:00
刘祥超	b8babaae39	更新SQL	2022-08-03 10:45:09 +08:00
刘祥超	285ce1b312	延长节点执行任务超时时间	2022-08-01 18:57:19 +08:00
刘祥超	c309da81ae	服务带宽API增加按月、按日查询接口	2022-08-01 15:40:57 +08:00
刘祥超	c325fde52b	更新SQL	2022-08-01 11:01:51 +08:00
刘祥超	0f69b45d25	修改用户节点版本号为0.4.0	2022-08-01 11:00:52 +08:00
刘祥超	e02084ba5d	增加用户订单相关表	2022-07-31 19:56:56 +08:00
刘祥超	642b23dbb7	优化代码	2022-07-30 16:28:28 +08:00
刘祥超	b1dc385c87	自动转换用户提交的域名为小写	2022-07-30 16:25:16 +08:00
刘祥超	89a69e3165	删除集群的时候同时删除相关节点运行日志	2022-07-28 09:47:01 +08:00
刘祥超	530954dd6c	EdgeDNS：访问日志增加集群和记录类型筛选	2022-07-27 20:19:29 +08:00
刘祥超	33635f7a1b	智能DNS支持自定义端口	2022-07-27 16:56:17 +08:00
刘祥超	8ac964e805	优化远程安装程序	2022-07-27 08:35:15 +08:00
刘祥超	a1519baf0f	远程升级节点时，如果老的文件不存在，则不提示	2022-07-26 20:10:50 +08:00
刘祥超	e6e32a39bb	修改DNS节点版本为0.2.5	2022-07-26 11:15:22 +08:00
刘祥超	d828b7f8a4	修改版本号为0.4.11	2022-07-26 08:57:48 +08:00