将版本修改为v0.5.3.1

修复开源版本无法编译的问题
只有在数据库用户是root时才执行某些命令
2022-09-26 12:16:44 +08:00 · 2022-09-26 12:16:20 +08:00 · 2022-09-26 12:16:08 +08:00 · 2022-09-26 11:51:45 +08:00 · 2022-09-26 11:00:58 +08:00 · 2022-09-25 20:34:19 +08:00
164 changed files with 3236 additions and 3025 deletions
--- a/build/build.sh
+++ b/build/build.sh
@@ -105,12 +105,14 @@ function build() {
 	done

 	# building edge dns installer
-	echo "building dns node installer ..."
-	architects=("amd64" "arm64")
-	for arch in "${architects[@]}"; do
-		# TODO support arm, mips ...
-		env GOOS=linux GOARCH="${arch}" go build -trimpath -tags $TAG --ldflags="-s -w" -o "$ROOT"/installers/edge-installer-dns-helper-linux-"${arch}" "$ROOT"/../cmd/installer-dns-helper/main.go
-	done
+	if [ $TAG = "plus" ]; then
+		echo "building dns node installer ..."
+		architects=("amd64" "arm64")
+		for arch in "${architects[@]}"; do
+			# TODO support arm, mips ...
+			env GOOS=linux GOARCH="${arch}" go build -trimpath -tags $TAG --ldflags="-s -w" -o "$ROOT"/installers/edge-installer-dns-helper-linux-"${arch}" "$ROOT"/../cmd/installer-dns-helper/main.go
+		done
+	fi

 	# building api node
 	env GOOS="$OS" GOARCH="$ARCH" go build -trimpath -tags $TAG --ldflags="-s -w" -o "$DIST"/bin/edge-api "$ROOT"/../cmd/edge-api/main.go
--- a/build/configs/db.template.yaml
+++ b/build/configs/db.template.yaml
@@ -9,3 +9,7 @@ dbs:
    prefix: "edge"
    models:
      package: internal/web/models
+
+
+fields:
+  bool: [ "uamIsOn", "followPort", "requestHostExcludingPort", "autoRemoteStart", "autoInstallNftables" ]
--- a/internal/acme/request.go
+++ b/internal/acme/request.go
@@ -40,6 +40,7 @@ func (this *Request) Run() (certData []byte, keyData []byte, err error) {
 	}
 	if this.task.Provider.RequireEAB && this.task.Account == nil {
 		err = errors.New("account should not be nil when provider require EAB")
+		return
 	}

 	switch this.task.AuthType {
--- a/internal/const/const.go
+++ b/internal/const/const.go
@@ -1,7 +1,7 @@
 package teaconst

 const (
-	Version = "0.5.2"
+	Version = "0.5.3.1"

 	ProductName   = "Edge API"
 	ProcessName   = "edge-api"
@@ -18,11 +18,11 @@ const (

 	// 其他节点版本号，用来检测是否有需要升级的节点

-	NodeVersion          = "0.5.2"
-	UserNodeVersion      = "0.4.1"
+	NodeVersion          = "0.5.3"
+	UserNodeVersion      = "0.5.0"
+	DNSNodeVersion       = "0.2.7"
 	AuthorityNodeVersion = "0.0.2"
 	MonitorNodeVersion   = "0.0.4"
-	DNSNodeVersion       = "0.2.6"
 	ReportNodeVersion    = "0.1.1"

 	// SQLVersion SQL版本号
--- a/internal/db/models/acme/acme_task_dao.go
+++ b/internal/db/models/acme/acme_task_dao.go
@@ -106,11 +106,8 @@ func (this *ACMETaskDAO) DisableAllTasksWithCertId(tx *dbs.Tx, certId int64) err
 }

 // CountAllEnabledACMETasks 计算所有任务数量
-func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, adminId int64, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string) (int64, error) {
+func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string) (int64, error) {
 	var query = this.Query(tx)
-	if adminId > 0 {
-		query.Attr("adminId", adminId)
-	}
 	query.Attr("userId", userId) // 这个条件必须加上
 	if isAvailable || isExpired || expiringDays > 0 {
 		query.Gt("certId", 0)
@@ -141,11 +138,8 @@ func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, adminId int64, use
 }

 // ListEnabledACMETasks 列出单页任务
-func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, adminId int64, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string, offset int64, size int64) (result []*ACMETask, err error) {
+func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string, offset int64, size int64) (result []*ACMETask, err error) {
 	var query = this.Query(tx)
-	if adminId > 0 {
-		query.Attr("adminId", adminId)
-	}
 	query.Attr("userId", userId) // 这个条件必须加上
 	if isAvailable || isExpired || expiringDays > 0 {
 		query.Gt("certId", 0)
@@ -235,12 +229,11 @@ func (this *ACMETaskDAO) UpdateACMETask(tx *dbs.Tx, acmeTaskId int64, acmeUserId
 }

 // CheckACMETask 检查权限
-func (this *ACMETaskDAO) CheckACMETask(tx *dbs.Tx, adminId int64, userId int64, acmeTaskId int64) (bool, error) {
+func (this *ACMETaskDAO) CheckACMETask(tx *dbs.Tx, userId int64, acmeTaskId int64) (bool, error) {
 	var query = this.Query(tx)
-	if adminId > 0 {
-		query.Attr("adminId", adminId)
+	if userId > 0 {
+		query.Attr("userId", userId)
 	}
-	query.Attr("userId", userId) // 这个条件必须加上

 	return query.
 		State(ACMETaskStateEnabled).
--- a/internal/db/models/db_node_initializer.go
+++ b/internal/db/models/db_node_initializer.go
@@ -2,18 +2,14 @@ package models

 import (
 	"fmt"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/goman"
 	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
-	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/rands"
 	timeutil "github.com/iwind/TeaGo/utils/time"
-	"hash/crc32"
-	"regexp"
 	"strconv"
-	"strings"
 	"sync"
 	"time"
 )
@@ -31,22 +27,12 @@ type httpAccessLogDefinition struct {
 // HTTP服务访问
 var httpAccessLogDAOMapping = map[int64]*HTTPAccessLogDAOWrapper{} // dbNodeId => DAO

-// DNS服务访问
-var nsAccessLogDAOMapping = map[int64]*NSAccessLogDAOWrapper{} // dbNodeId => DAO
-var nsAccessLogTableMapping = map[string]bool{}                // tableName_crc(dsn) => true
-
 // HTTPAccessLogDAOWrapper HTTP访问日志DAO
 type HTTPAccessLogDAOWrapper struct {
 	DAO    *HTTPAccessLogDAO
 	NodeId int64
 }

-// NSAccessLogDAOWrapper NS访问日志DAO
-type NSAccessLogDAOWrapper struct {
-	DAO    *NSAccessLogDAO
-	NodeId int64
-}
-
 func init() {
 	initializer := NewDBNodeInitializer()
 	dbs.OnReadyDone(func() {
@@ -78,102 +64,28 @@ func AllAccessLogDBs() []*dbs.DB {
 // 获取获取DAO
 func randomHTTPAccessLogDAO() (dao *HTTPAccessLogDAOWrapper) {
 	accessLogLocker.RLock()
+	defer accessLogLocker.RUnlock()
 	if len(httpAccessLogDAOMapping) == 0 {
 		dao = nil
-	} else {
-		for _, d := range httpAccessLogDAOMapping {
-			dao = d
-			break
-		}
-	}
-	accessLogLocker.RUnlock()
-	return
-}
-
-func randomNSAccessLogDAO() (dao *NSAccessLogDAOWrapper) {
-	accessLogLocker.RLock()
-	if len(nsAccessLogDAOMapping) == 0 {
-		dao = nil
-	} else {
-		for _, d := range nsAccessLogDAOMapping {
-			dao = d
-			break
-		}
-	}
-	accessLogLocker.RUnlock()
-	return
-}
-
-func findNSAccessLogTableName(db *dbs.DB, day string) (tableName string, ok bool, err error) {
-	if !regexp.MustCompile(`^\d{8}$`).MatchString(day) {
-		err = errors.New("invalid day '" + day + "', should be YYYYMMDD")
 		return
 	}

-	config, err := db.Config()
-	if err != nil {
-		return "", false, err
+	var daoList = []*HTTPAccessLogDAOWrapper{}
+
+	for _, d := range httpAccessLogDAOMapping {
+		daoList = append(daoList, d)
 	}

-	tableName = "edgeNSAccessLogs_" + day
-	cacheKey := tableName + "_" + fmt.Sprintf("%d", crc32.ChecksumIEEE([]byte(config.Dsn)))
-
-	accessLogLocker.RLock()
-	_, ok = nsAccessLogTableMapping[cacheKey]
-	accessLogLocker.RUnlock()
-	if ok {
-		return tableName, true, nil
+	var l = len(daoList)
+	if l == 0 {
+		return
 	}

-	tableNames, err := db.TableNames()
-	if err != nil {
-		return tableName, false, err
+	if l == 1 {
+		return daoList[0]
 	}

-	return tableName, utils.ContainsStringInsensitive(tableNames, tableName), nil
-}
-
-func findNSAccessLogTable(db *dbs.DB, day string, force bool) (string, error) {
-	config, err := db.Config()
-	if err != nil {
-		return "", err
-	}
-
-	tableName := "edgeNSAccessLogs_" + day
-	cacheKey := tableName + "_" + fmt.Sprintf("%d", crc32.ChecksumIEEE([]byte(config.Dsn)))
-
-	if !force {
-		accessLogLocker.RLock()
-		_, ok := nsAccessLogTableMapping[cacheKey]
-		accessLogLocker.RUnlock()
-		if ok {
-			return tableName, nil
-		}
-	}
-
-	tableNames, err := db.TableNames()
-	if err != nil {
-		return tableName, err
-	}
-
-	if utils.ContainsStringInsensitive(tableNames, tableName) {
-		accessLogLocker.Lock()
-		nsAccessLogTableMapping[cacheKey] = true
-		accessLogLocker.Unlock()
-		return tableName, nil
-	}
-
-	// 创建表格
-	_, err = db.Exec("CREATE TABLE `" + tableName + "` (\n  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `nodeId` int(11) unsigned DEFAULT '0' COMMENT '节点ID',\n  `domainId` int(11) unsigned DEFAULT '0' COMMENT '域名ID',\n  `recordId` int(11) unsigned DEFAULT '0' COMMENT '记录ID',\n  `content` json DEFAULT NULL COMMENT '访问数据',\n  `requestId` varchar(128) DEFAULT NULL COMMENT '请求ID',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `remoteAddr` varchar(128) DEFAULT NULL COMMENT 'IP',\n  PRIMARY KEY (`id`),\n  KEY `nodeId` (`nodeId`),\n  KEY `domainId` (`domainId`),\n  KEY `recordId` (`recordId`),\n  KEY `requestId` (`requestId`),\n  KEY `remoteAddr` (`remoteAddr`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='域名服务访问日志';")
-	if err != nil {
-		return tableName, err
-	}
-
-	accessLogLocker.Lock()
-	nsAccessLogTableMapping[cacheKey] = true
-	accessLogLocker.Unlock()
-
-	return tableName, nil
+	return daoList[rands.Int(0, l-1)]
 }

 // DBNodeInitializer 初始化数据库连接
@@ -209,14 +121,14 @@ func (this *DBNodeInitializer) loop() error {
 		return err
 	}

-	nodeIds := []int64{}
+	var nodeIds = []int64{}
 	for _, node := range dbNodes {
 		nodeIds = append(nodeIds, int64(node.Id))
 	}

 	// 关掉老的
 	accessLogLocker.Lock()
-	closingDbs := []*dbs.DB{}
+	var closingDbs = []*dbs.DB{}
 	for nodeId, db := range accessLogDBMapping {
 		if !lists.ContainsInt64(nodeIds, nodeId) {
 			closingDbs = append(closingDbs, db)
@@ -233,12 +145,12 @@ func (this *DBNodeInitializer) loop() error {

 	// 启动新的
 	for _, node := range dbNodes {
-		nodeId := int64(node.Id)
+		var nodeId = int64(node.Id)
 		accessLogLocker.Lock()
 		db, ok := accessLogDBMapping[nodeId]
 		accessLogLocker.Unlock()

-		dsn := node.Username + ":" + node.Password + "@tcp(" + node.Host + ":" + fmt.Sprintf("%d", node.Port) + ")/" + node.Database + "?charset=utf8mb4&timeout=10s"
+		var dsn = node.Username + ":" + node.Password + "@tcp(" + node.Host + ":" + fmt.Sprintf("%d", node.Port) + ")/" + node.Database + "?charset=utf8mb4&timeout=10s"

 		if ok {
 			// 检查配置是否有变化
@@ -308,49 +220,8 @@ func (this *DBNodeInitializer) loop() error {
 				accessLogLocker.Unlock()
 			}

-			// nsAccessLog
-			{
-				tableName, err := findNSAccessLogTable(db, timeutil.Format("Ymd"), false)
-				if err != nil {
-					if !strings.Contains(err.Error(), "1050") { // 非表格已存在错误
-						remotelogs.Error("DB_NODE", "create first table in database node failed: "+err.Error())
-
-						// 创建节点日志
-						createLogErr := SharedNodeLogDAO.CreateLog(nil, nodeconfigs.NodeRoleDatabase, nodeId, 0, 0, "error", "ACCESS_LOG", "can not create access log table: "+err.Error(), time.Now().Unix(), "", nil)
-						if createLogErr != nil {
-							remotelogs.Error("NODE_LOG", createLogErr.Error())
-						}
-
-						continue
-					} else {
-						err = nil
-					}
-				}
-
-				daoObject := dbs.DAOObject{
-					Instance: db,
-					DB:       node.Name + "(id:" + strconv.Itoa(int(node.Id)) + ")",
-					Table:    tableName,
-					PkName:   "id",
-					Model:    new(NSAccessLog),
-				}
-				err = daoObject.Init()
-				if err != nil {
-					remotelogs.Error("DB_NODE", "initialize dao failed: "+err.Error())
-					continue
-				}
-
-				accessLogLocker.Lock()
-				accessLogDBMapping[nodeId] = db
-				dao := &NSAccessLogDAO{
-					DAOObject: daoObject,
-				}
-				nsAccessLogDAOMapping[nodeId] = &NSAccessLogDAOWrapper{
-					DAO:    dao,
-					NodeId: nodeId,
-				}
-				accessLogLocker.Unlock()
-			}
+			// 扩展
+			initAccessLogDAO(db, node)
 		}
 	}

--- a/internal/db/models/db_node_initializer_ext.go
+++ b/internal/db/models/db_node_initializer_ext.go
@@ -0,0 +1,11 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+var nsAccessLogDAOMapping = map[int64]any{} // dbNodeId => DAO
+
+func initAccessLogDAO(db *dbs.DB, node *DBNode) {
+}
--- a/internal/db/models/dns/dns_domain_dao.go
+++ b/internal/db/models/dns/dns_domain_dao.go
@@ -133,11 +133,28 @@ func (this *DNSDomainDAO) FindAllEnabledDomainsWithProviderId(tx *dbs.Tx, provid
 	return
 }

+// ListDomains 列出单页域名
+func (this *DNSDomainDAO) ListDomains(tx *dbs.Tx, providerId int64, isDeleted bool, isUp bool, offset int64, size int64) (result []*DNSDomain, err error) {
+	_, err = this.Query(tx).
+		State(DNSDomainStateEnabled).
+		Attr("providerId", providerId).
+		Attr("isDeleted", isDeleted).
+		Attr("isUp", isUp).
+		AscPk().
+		Offset(offset).
+		Limit(size).
+		Slice(&result).
+		FindAll()
+	return
+}
+
 // CountAllEnabledDomainsWithProviderId 计算某个服务商下的域名数量
-func (this *DNSDomainDAO) CountAllEnabledDomainsWithProviderId(tx *dbs.Tx, providerId int64) (int64, error) {
+func (this *DNSDomainDAO) CountAllEnabledDomainsWithProviderId(tx *dbs.Tx, providerId int64, isDeleted bool, isUp bool) (int64, error) {
 	return this.Query(tx).
 		State(DNSDomainStateEnabled).
 		Attr("providerId", providerId).
+		Attr("isDeleted", isDeleted).
+		Attr("isUp", isUp).
 		Count()
 }

--- a/internal/db/models/dns/dns_task_dao.go
+++ b/internal/db/models/dns/dns_task_dao.go
@@ -56,11 +56,13 @@ func (this *DNSTaskDAO) CreateDNSTask(tx *dbs.Tx, clusterId int64, serverId int6
 		"isDone":     false,
 		"isOk":       false,
 		"error":      "",
+		"version":    time.Now().UnixNano(),
 	}, maps.Map{
 		"updatedAt": time.Now().Unix(),
 		"isDone":    false,
 		"isOk":      false,
 		"error":     "",
+		"version":   time.Now().UnixNano(),
 	})
 	return err
 }
@@ -94,6 +96,7 @@ func (this *DNSTaskDAO) CreateDomainTask(tx *dbs.Tx, domainId int64, taskType DN
 func (this *DNSTaskDAO) FindAllDoingTasks(tx *dbs.Tx) (result []*DNSTask, err error) {
 	_, err = this.Query(tx).
 		Attr("isDone", 0).
+		Asc("version").
 		AscPk().
 		Slice(&result).
 		FindAll()
@@ -109,6 +112,7 @@ func (this *DNSTaskDAO) FindAllDoingOrErrorTasks(tx *dbs.Tx, nodeClusterId int64
 	_, err = query.
 		Where("(isDone=0 OR (isDone=1 AND isOk=0))").
 		Asc("updatedAt").
+		Asc("version").
 		AscPk().
 		Slice(&result).
 		FindAll()
@@ -163,3 +167,13 @@ func (this *DNSTaskDAO) UpdateDNSTaskDone(tx *dbs.Tx, taskId int64) error {
 	op.Error = ""
 	return this.Save(tx, op)
 }
+
+// DeleteDNSTasksWithClusterId 删除集群相关任务
+func (this *DNSTaskDAO) DeleteDNSTasksWithClusterId(tx *dbs.Tx, clusterId int64) error {
+	if clusterId <= 0 {
+		return nil
+	}
+	return this.Query(tx).
+		Attr("clusterId", clusterId).
+		DeleteQuickly()
+}
--- a/internal/db/models/dns/dns_task_dao_test.go
+++ b/internal/db/models/dns/dns_task_dao_test.go
@@ -9,7 +9,7 @@ import (

 func TestDNSTaskDAO_CreateDNSTask(t *testing.T) {
 	dbs.NotifyReady()
-	err := SharedDNSTaskDAO.CreateDNSTask(nil, 1, 2, 3, 0, "taskType")
+	err := SharedDNSTaskDAO.CreateDNSTask(nil, 1, 2, 3, 0, "cdn", "taskType")
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/internal/db/models/dns/dns_task_model.go
+++ b/internal/db/models/dns/dns_task_model.go
@@ -13,20 +13,22 @@ type DNSTask struct {
 	IsDone     bool   `field:"isDone"`     // 是否已完成
 	IsOk       bool   `field:"isOk"`       // 是否成功
 	Error      string `field:"error"`      // 错误信息
+	Version    uint64 `field:"version"`    // 版本
 }

 type DNSTaskOperator struct {
-	Id         interface{} // ID
-	ClusterId  interface{} // 集群ID
-	ServerId   interface{} // 服务ID
-	NodeId     interface{} // 节点ID
-	DomainId   interface{} // 域名ID
-	RecordName interface{} // 记录名
-	Type       interface{} // 任务类型
-	UpdatedAt  interface{} // 更新时间
-	IsDone     interface{} // 是否已完成
-	IsOk       interface{} // 是否成功
-	Error      interface{} // 错误信息
+	Id         any // ID
+	ClusterId  any // 集群ID
+	ServerId   any // 服务ID
+	NodeId     any // 节点ID
+	DomainId   any // 域名ID
+	RecordName any // 记录名
+	Type       any // 任务类型
+	UpdatedAt  any // 更新时间
+	IsDone     any // 是否已完成
+	IsOk       any // 是否成功
+	Error      any // 错误信息
+	Version    any // 版本
 }

 func NewDNSTaskOperator() *DNSTaskOperator {
--- a/internal/db/models/dns/dnsutils/dns_utils.go
+++ b/internal/db/models/dns/dnsutils/dns_utils.go
@@ -15,7 +15,7 @@ import (

 // CheckClusterDNS 检查集群的DNS问题
 // 藏这么深是避免package循环引用的问题
-func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster) (issues []*pb.DNSIssue, err error) {
+func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster, checkNodeIssues bool) (issues []*pb.DNSIssue, err error) {
 	var clusterId = int64(cluster.Id)
 	var domainId = int64(cluster.DnsDomainId)

@@ -104,47 +104,27 @@ func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster) (issues []*pb.DNSI
 	// TODO 检查域名是否已解析

 	// 检查节点
-	nodes, err := models.SharedNodeDAO.FindAllEnabledNodesDNSWithClusterId(tx, clusterId, true, clusterDNSConfig != nil && clusterDNSConfig.IncludingLnNodes)
-	if err != nil {
-		return nil, err
-	}
-
-	// TODO 检查节点数量不能为0
-
-	for _, node := range nodes {
-		nodeId := int64(node.Id)
-
-		routeCodes, err := node.DNSRouteCodesForDomainId(domainId)
+	if checkNodeIssues {
+		nodes, err := models.SharedNodeDAO.FindAllEnabledNodesDNSWithClusterId(tx, clusterId, true, clusterDNSConfig != nil && clusterDNSConfig.IncludingLnNodes)
 		if err != nil {
 			return nil, err
 		}
-		if len(routeCodes) == 0 && !hasDefaultRoute {
-			issues = append(issues, &pb.DNSIssue{
-				Target:      node.Name,
-				TargetId:    nodeId,
-				Type:        "node",
-				Description: "没有选择节点所属线路",
-				Params: map[string]string{
-					"clusterName": cluster.Name,
-					"clusterId":   numberutils.FormatInt64(clusterId),
-				},
-				MustFix: true,
-			})
-			continue
-		}

-		// 检查线路是否在已有线路中
-		for _, routeCode := range routeCodes {
-			routeOk, err := domain.ContainsRouteCode(routeCode)
+		// TODO 检查节点数量不能为0
+
+		for _, node := range nodes {
+			nodeId := int64(node.Id)
+
+			routeCodes, err := node.DNSRouteCodesForDomainId(domainId)
 			if err != nil {
 				return nil, err
 			}
-			if !routeOk {
+			if len(routeCodes) == 0 && !hasDefaultRoute {
 				issues = append(issues, &pb.DNSIssue{
 					Target:      node.Name,
 					TargetId:    nodeId,
 					Type:        "node",
-					Description: "线路已经失效，请重新选择",
+					Description: "没有选择节点所属线路",
 					Params: map[string]string{
 						"clusterName": cluster.Name,
 						"clusterId":   numberutils.FormatInt64(clusterId),
@@ -153,29 +133,51 @@ func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster) (issues []*pb.DNSI
 				})
 				continue
 			}
-		}

-		// 检查IP地址
-		ipAddr, _, err := models.SharedNodeIPAddressDAO.FindFirstNodeAccessIPAddress(tx, nodeId, true, nodeconfigs.NodeRoleNode)
-		if err != nil {
-			return nil, err
-		}
-		if len(ipAddr) == 0 {
-			issues = append(issues, &pb.DNSIssue{
-				Target:      node.Name,
-				TargetId:    nodeId,
-				Type:        "node",
-				Description: "没有设置IP地址",
-				Params: map[string]string{
-					"clusterName": cluster.Name,
-					"clusterId":   numberutils.FormatInt64(clusterId),
-				},
-				MustFix: true,
-			})
-			continue
-		}
+			// 检查线路是否在已有线路中
+			for _, routeCode := range routeCodes {
+				routeOk, err := domain.ContainsRouteCode(routeCode)
+				if err != nil {
+					return nil, err
+				}
+				if !routeOk {
+					issues = append(issues, &pb.DNSIssue{
+						Target:      node.Name,
+						TargetId:    nodeId,
+						Type:        "node",
+						Description: "线路已经失效，请重新选择",
+						Params: map[string]string{
+							"clusterName": cluster.Name,
+							"clusterId":   numberutils.FormatInt64(clusterId),
+						},
+						MustFix: true,
+					})
+					continue
+				}
+			}

-		// TODO 检查是否有解析记录
+			// 检查IP地址
+			ipAddr, _, err := models.SharedNodeIPAddressDAO.FindFirstNodeAccessIPAddress(tx, nodeId, true, nodeconfigs.NodeRoleNode)
+			if err != nil {
+				return nil, err
+			}
+			if len(ipAddr) == 0 {
+				issues = append(issues, &pb.DNSIssue{
+					Target:      node.Name,
+					TargetId:    nodeId,
+					Type:        "node",
+					Description: "没有设置IP地址",
+					Params: map[string]string{
+						"clusterName": cluster.Name,
+						"clusterId":   numberutils.FormatInt64(clusterId),
+					},
+					MustFix: true,
+				})
+				continue
+			}
+
+			// TODO 检查是否有解析记录
+		}
 	}

 	return
--- a/internal/db/models/dns/dnsutils/dns_utils_test.go
+++ b/internal/db/models/dns/dnsutils/dns_utils_test.go
@@ -21,7 +21,7 @@ func TestNodeClusterDAO_CheckClusterDNS(t *testing.T) {
 		t.Log("cluster not found, skip the test")
 		return
 	}
-	issues, err := CheckClusterDNS(tx, cluster)
+	issues, err := CheckClusterDNS(tx, cluster, true)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/internal/db/models/http_access_log_dao.go
+++ b/internal/db/models/http_access_log_dao.go
@@ -21,6 +21,7 @@ import (
 	"github.com/iwind/TeaGo/rands"
 	"github.com/iwind/TeaGo/types"
 	timeutil "github.com/iwind/TeaGo/utils/time"
+	"golang.org/x/net/idna"
 	"net"
 	"net/http"
 	"net/url"
@@ -39,7 +40,7 @@ var SharedHTTPAccessLogDAO *HTTPAccessLogDAO
 var (
 	oldAccessLogQueue       = make(chan *pb.HTTPAccessLog)
 	accessLogQueue          = make(chan *pb.HTTPAccessLog, 10_000)
-	accessLogQueueMaxLength = 100_000 //队列最大长度
+	accessLogQueueMaxLength = 100_000 // 队列最大长度
 	accessLogQueuePercent   = 100     // 0-100
 	accessLogCountPerSecond = 10_000  // 每秒钟写入条数，0 表示不限制
 	accessLogPerTx          = 100     // 单事务写入条数
@@ -85,13 +86,24 @@ func init() {
 		// 导出队列内容
 		goman.New(func() {
 			var ticker = time.NewTicker(1 * time.Second)
+			var accessLogPerLoop = accessLogPerTx
+
 			for range ticker.C {
-				var countTxs = accessLogCountPerSecond / accessLogPerTx
+				var countTxs = accessLogCountPerSecond / accessLogPerLoop
 				if countTxs <= 0 {
 					countTxs = 1
 				}
 				for i := 0; i < countTxs; i++ {
-					hasMore, err := SharedHTTPAccessLogDAO.DumpAccessLogsFromQueue(accessLogPerTx)
+					var before = time.Now()
+					hasMore, err := SharedHTTPAccessLogDAO.DumpAccessLogsFromQueue(accessLogPerLoop)
+
+					// 如果用时过长，则调整每次写入次数
+					var costMs = time.Since(before).Milliseconds()
+					if costMs > 150 {
+						accessLogPerLoop = accessLogPerTx / 4
+					} else if costMs > 100 {
+						accessLogPerLoop = accessLogPerTx / 2
+					} // 这里不需要恢复成默认值，因为可能是写入数量比较小
 					if err != nil {
 						remotelogs.Error("HTTP_ACCESS_LOG_QUEUE", "dump access logs failed: "+err.Error())
 					} else if !hasMore {
@@ -144,7 +156,7 @@ func (this *HTTPAccessLogDAO) DumpAccessLogsFromQueue(size int) (hasMore bool, e
 	if size <= 0 {
 		size = 100
 	}
-	
+
 	var dao = randomHTTPAccessLogDAO()
 	if dao == nil {
 		dao = &HTTPAccessLogDAOWrapper{
@@ -205,7 +217,14 @@ Loop:

 // CreateHTTPAccessLog 写入单条访问日志
 func (this *HTTPAccessLogDAO) CreateHTTPAccessLog(tx *dbs.Tx, dao *HTTPAccessLogDAO, accessLog *pb.HTTPAccessLog) error {
-	var day = timeutil.FormatTime("Ymd", accessLog.Timestamp)
+	var day = ""
+	// 注意：如果你修改了 TimeISO8601 的逻辑，这里也需要同步修改
+	if len(accessLog.TimeISO8601) > 10 {
+		day = strings.ReplaceAll(accessLog.TimeISO8601[:10], "-", "")
+	} else {
+		timeutil.FormatTime("Ymd", accessLog.Timestamp)
+	}
+
 	tableDef, err := SharedHTTPAccessLogManager.FindLastTable(dao.Instance, day, true)
 	if err != nil {
 		return err
@@ -436,6 +455,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,

 			var dao = tableQuery.daoWrapper.DAO
 			var query = dao.Query(tx)
+			query.Result("id", "serverId", "nodeId", "status", "createdAt", "content", "requestId", "firewallPolicyId", "firewallRuleGroupId", "firewallRuleSetId", "firewallRuleId", "remoteAddr", "domain")

 			// 条件
 			if nodeId > 0 {
@@ -509,6 +529,14 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 						query.Where("domain LIKE :host2").
 							Param("host2", domain)
 					} else {
+						// 中文域名
+						if !regexp.MustCompile(`^[a-zA-Z0-9-.]+$`).MatchString(domain) {
+							unicodeDomain, err := idna.ToASCII(domain)
+							if err == nil && len(unicodeDomain) > 0 {
+								domain = unicodeDomain
+							}
+						}
+
 						query.Attr("domain", domain)
 						query.UseIndex("domain")
 					}
@@ -777,7 +805,7 @@ func (this *HTTPAccessLogDAO) SetupQueue() {
 		return
 	}

-	if bytes.Compare(accessLogConfigJSON, configJSON) == 0 {
+	if bytes.Equal(accessLogConfigJSON, configJSON) {
 		return
 	}
 	accessLogConfigJSON = configJSON
--- a/internal/db/models/http_access_log_dao_test.go
+++ b/internal/db/models/http_access_log_dao_test.go
@@ -79,7 +79,7 @@ func TestCreateHTTPAccessLog_Tx(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	for i := 0; i < 1000; i++ {
+	for i := 0; i < 200; i++ {
 		err = SharedHTTPAccessLogDAO.CreateHTTPAccessLog(tx, dao.DAO, accessLog)
 		if err != nil {
 			t.Fatal(err)
--- a/internal/db/models/http_access_log_manager.go
+++ b/internal/db/models/http_access_log_manager.go
@@ -422,7 +422,7 @@ func (this *HTTPAccessLogManager) checkTableFields(db *dbs.DB, tableName string)
 	}
 	for _, field := range fields {
 		var fieldName = field.GetString("Field")
-		if strings.ToLower(fieldName) == strings.ToLower("remoteAddr") {
+		if strings.EqualFold(fieldName, "remoteAddr") {
 			hasRemoteAddrField = true
 		}
 		if strings.ToLower(fieldName) == "domain" {
--- a/internal/db/models/http_cache_policy_dao.go
+++ b/internal/db/models/http_cache_policy_dao.go
@@ -125,25 +125,13 @@ func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name st
 		MinSize:               &shared.SizeCapacity{Count: 0, Unit: shared.SizeCapacityUnitKB},
 		SkipResponseSetCookie: true,
 		AllowChunkedEncoding:  true,
-		Conds: &shared.HTTPRequestCondsConfig{
-			IsOn:      true,
-			Connector: "or",
-			Groups: []*shared.HTTPRequestCondGroup{
-				{
-					IsOn:      true,
-					Connector: "or",
-					Conds: []*shared.HTTPRequestCond{
-						{
-							Type:      "url-extension",
-							IsRequest: true,
-							Param:     "${requestPathExtension}",
-							Operator:  shared.RequestCondOperatorIn,
-							Value:     `[".html", ".js", ".css", ".gif", ".png", ".bmp", ".jpeg", ".jpg", ".webp", ".ico", ".pdf", ".ttf", ".eot", ".tiff", ".svg", ".svgz", ".eps", ".woff", ".otf", ".woff2", ".tif", ".csv", ".xls", ".xlsx", ".doc", ".docx", ".ppt", ".pptx", ".wav", ".mp3", ".mp4", ".ogg", ".mid", ".midi"]`,
-						},
-					},
-					Description: "初始化规则",
-				},
-			},
+		AllowPartialContent:   true,
+		SimpleCond: &shared.HTTPRequestCond{
+			Type:      "url-extension",
+			IsRequest: true,
+			Param:     "${requestPathExtension}",
+			Operator:  shared.RequestCondOperatorIn,
+			Value:     `[".html", ".js", ".css", ".gif", ".png", ".bmp", ".jpeg", ".jpg", ".webp", ".ico", ".pdf", ".ttf", ".eot", ".tiff", ".svg", ".svgz", ".eps", ".woff", ".otf", ".woff2", ".tif", ".csv", ".xls", ".xlsx", ".doc", ".docx", ".ppt", ".pptx", ".wav", ".mp3", ".mp4", ".ogg", ".mid", ".midi"]`,
 		},
 	}
 	refsJSON, err := json.Marshal([]*serverconfigs.HTTPCacheRef{cacheRef})
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -381,7 +381,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, cacheMap *util

 	// 认证
 	if IsNotNull(web.Auth) {
-		authConfig := &serverconfigs.HTTPAuthConfig{}
+		var authConfig = &serverconfigs.HTTPAuthConfig{}
 		err = json.Unmarshal(web.Auth, authConfig)
 		if err != nil {
 			return nil, err
@@ -395,6 +395,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, cacheMap *util
 			if policyConfig != nil {
 				ref.AuthPolicy = policyConfig
 				newRefs = append(newRefs, ref)
+				authConfig.PolicyRefs = newRefs
 			}
 		}
 		config.Auth = authConfig
@@ -457,6 +458,16 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, cacheMap *util
 		config.UAM = uamConfig
 	}

+	// Referers
+	if IsNotNull(web.Referers) {
+		var referersConfig = &serverconfigs.ReferersConfig{}
+		err = json.Unmarshal(web.Referers, referersConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.Referers = referersConfig
+	}
+
 	if cacheMap != nil {
 		cacheMap.Put(cacheKey, config)
 	}
@@ -1212,6 +1223,35 @@ func (this *HTTPWebDAO) FindWebUAM(tx *dbs.Tx, webId int64) ([]byte, error) {
 		FindJSONCol()
 }

+// UpdateWebReferers 修改防盗链设置
+func (this *HTTPWebDAO) UpdateWebReferers(tx *dbs.Tx, webId int64, referersConfig *serverconfigs.ReferersConfig) error {
+	if referersConfig == nil {
+		return nil
+	}
+	configJSON, err := json.Marshal(referersConfig)
+	if err != nil {
+		return err
+	}
+
+	err = this.Query(tx).
+		Pk(webId).
+		Set("referers", configJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyUpdate(tx, webId)
+}
+
+// FindWebReferers 查找服务的防盗链配置
+func (this *HTTPWebDAO) FindWebReferers(tx *dbs.Tx, webId int64) ([]byte, error) {
+	return this.Query(tx).
+		Pk(webId).
+		Result("referers").
+		FindJSONCol()
+}
+
 // NotifyUpdate 通知更新
 func (this *HTTPWebDAO) NotifyUpdate(tx *dbs.Tx, webId int64) error {
 	// server
--- a/internal/db/models/http_web_model.go
+++ b/internal/db/models/http_web_model.go
@@ -38,43 +38,45 @@ type HTTPWeb struct {
 	RequestLimit       dbs.JSON `field:"requestLimit"`       // 请求限制
 	RequestScripts     dbs.JSON `field:"requestScripts"`     // 请求脚本
 	Uam                dbs.JSON `field:"uam"`                // UAM设置
+	Referers           dbs.JSON `field:"referers"`           // 防盗链设置
 }

 type HTTPWebOperator struct {
-	Id                 interface{} // ID
-	IsOn               interface{} // 是否启用
-	TemplateId         interface{} // 模版ID
-	AdminId            interface{} // 管理员ID
-	UserId             interface{} // 用户ID
-	State              interface{} // 状态
-	CreatedAt          interface{} // 创建时间
-	Root               interface{} // 根目录
-	Charset            interface{} // 字符集
-	Shutdown           interface{} // 临时关闭页面配置
-	Pages              interface{} // 特殊页面
-	RedirectToHttps    interface{} // 跳转到HTTPS设置
-	Indexes            interface{} // 首页文件列表
-	MaxRequestBodySize interface{} // 最大允许的请求内容尺寸
-	RequestHeader      interface{} // 请求Header配置
-	ResponseHeader     interface{} // 响应Header配置
-	AccessLog          interface{} // 访问日志配置
-	Stat               interface{} // 统计配置
-	Gzip               interface{} // Gzip配置（v0.3.2弃用）
-	Compression        interface{} // 压缩配置
-	Cache              interface{} // 缓存配置
-	Firewall           interface{} // 防火墙设置
-	Locations          interface{} // 路由规则配置
-	Websocket          interface{} // Websocket设置
-	RewriteRules       interface{} // 重写规则配置
-	HostRedirects      interface{} // 域名跳转
-	Fastcgi            interface{} // Fastcgi配置
-	Auth               interface{} // 认证策略配置
-	Webp               interface{} // WebP配置
-	RemoteAddr         interface{} // 客户端IP配置
-	MergeSlashes       interface{} // 是否合并路径中的斜杠
-	RequestLimit       interface{} // 请求限制
-	RequestScripts     interface{} // 请求脚本
-	Uam                interface{} // UAM设置
+	Id                 any // ID
+	IsOn               any // 是否启用
+	TemplateId         any // 模版ID
+	AdminId            any // 管理员ID
+	UserId             any // 用户ID
+	State              any // 状态
+	CreatedAt          any // 创建时间
+	Root               any // 根目录
+	Charset            any // 字符集
+	Shutdown           any // 临时关闭页面配置
+	Pages              any // 特殊页面
+	RedirectToHttps    any // 跳转到HTTPS设置
+	Indexes            any // 首页文件列表
+	MaxRequestBodySize any // 最大允许的请求内容尺寸
+	RequestHeader      any // 请求Header配置
+	ResponseHeader     any // 响应Header配置
+	AccessLog          any // 访问日志配置
+	Stat               any // 统计配置
+	Gzip               any // Gzip配置（v0.3.2弃用）
+	Compression        any // 压缩配置
+	Cache              any // 缓存配置
+	Firewall           any // 防火墙设置
+	Locations          any // 路由规则配置
+	Websocket          any // Websocket设置
+	RewriteRules       any // 重写规则配置
+	HostRedirects      any // 域名跳转
+	Fastcgi            any // Fastcgi配置
+	Auth               any // 认证策略配置
+	Webp               any // WebP配置
+	RemoteAddr         any // 客户端IP配置
+	MergeSlashes       any // 是否合并路径中的斜杠
+	RequestLimit       any // 请求限制
+	RequestScripts     any // 请求脚本
+	Uam                any // UAM设置
+	Referers           any // 防盗链设置
 }

 func NewHTTPWebOperator() *HTTPWebOperator {
--- a/internal/db/models/nameservers/ns_domain_model.go
+++ b/internal/db/models/nameservers/ns_domain_model.go
@@ -4,31 +4,35 @@ import "github.com/iwind/TeaGo/dbs"

 // NSDomain DNS域名
 type NSDomain struct {
-	Id        uint64   `field:"id"`        // ID
-	ClusterId uint32   `field:"clusterId"` // 集群ID
-	UserId    uint32   `field:"userId"`    // 用户ID
-	IsOn      bool     `field:"isOn"`      // 是否启用
-	Name      string   `field:"name"`      // 域名
-	GroupIds  dbs.JSON `field:"groupIds"`  // 分组ID
-	Tsig      dbs.JSON `field:"tsig"`      // TSIG配置
-	CreatedAt uint64   `field:"createdAt"` // 创建时间
-	Version   uint64   `field:"version"`   // 版本号
-	Status    string   `field:"status"`    // 状态：none|verified
-	State     uint8    `field:"state"`     // 状态
+	Id              uint64   `field:"id"`              // ID
+	ClusterId       uint32   `field:"clusterId"`       // 集群ID
+	UserId          uint32   `field:"userId"`          // 用户ID
+	IsOn            bool     `field:"isOn"`            // 是否启用
+	Name            string   `field:"name"`            // 域名
+	GroupIds        dbs.JSON `field:"groupIds"`        // 分组ID
+	Tsig            dbs.JSON `field:"tsig"`            // TSIG配置
+	VerifyTXT       string   `field:"verifyTXT"`       // 验证用的TXT
+	VerifyExpiresAt uint64   `field:"verifyExpiresAt"` // 验证TXT过期时间
+	CreatedAt       uint64   `field:"createdAt"`       // 创建时间
+	Version         uint64   `field:"version"`         // 版本号
+	Status          string   `field:"status"`          // 状态：none|verified
+	State           uint8    `field:"state"`           // 状态
 }

 type NSDomainOperator struct {
-	Id        interface{} // ID
-	ClusterId interface{} // 集群ID
-	UserId    interface{} // 用户ID
-	IsOn      interface{} // 是否启用
-	Name      interface{} // 域名
-	GroupIds  interface{} // 分组ID
-	Tsig      interface{} // TSIG配置
-	CreatedAt interface{} // 创建时间
-	Version   interface{} // 版本号
-	Status    interface{} // 状态：none|verified
-	State     interface{} // 状态
+	Id              any // ID
+	ClusterId       any // 集群ID
+	UserId          any // 用户ID
+	IsOn            any // 是否启用
+	Name            any // 域名
+	GroupIds        any // 分组ID
+	Tsig            any // TSIG配置
+	VerifyTXT       any // 验证用的TXT
+	VerifyExpiresAt any // 验证TXT过期时间
+	CreatedAt       any // 创建时间
+	Version         any // 版本号
+	Status          any // 状态：none|verified
+	State           any // 状态
 }

 func NewNSDomainOperator() *NSDomainOperator {
--- a/internal/db/models/nameservers/ns_plan_model.go
+++ b/internal/db/models/nameservers/ns_plan_model.go
@@ -0,0 +1,30 @@
+package nameservers
+
+import "github.com/iwind/TeaGo/dbs"
+
+// NSPlan NS套餐
+type NSPlan struct {
+	Id           uint32   `field:"id"`           // ID
+	Name         string   `field:"name"`         // 套餐名称
+	IsOn         bool     `field:"isOn"`         // 是否启用
+	MonthlyPrice float64  `field:"monthlyPrice"` // 月价格
+	YearlyPrice  float64  `field:"yearlyPrice"`  // 年价格
+	Order        uint32   `field:"order"`        // 排序
+	Config       dbs.JSON `field:"config"`       // 配置
+	State        uint8    `field:"state"`        // 状态
+}
+
+type NSPlanOperator struct {
+	Id           any // ID
+	Name         any // 套餐名称
+	IsOn         any // 是否启用
+	MonthlyPrice any // 月价格
+	YearlyPrice  any // 年价格
+	Order        any // 排序
+	Config       any // 配置
+	State        any // 状态
+}
+
+func NewNSPlanOperator() *NSPlanOperator {
+	return &NSPlanOperator{}
+}
--- a/internal/db/models/nameservers/ns_plan_model_ext.go
+++ b/internal/db/models/nameservers/ns_plan_model_ext.go
@@ -0,0 +1 @@
+package nameservers
--- a/internal/db/models/nameservers/ns_record_hourly_stat_model.go
+++ b/internal/db/models/nameservers/ns_record_hourly_stat_model.go
@@ -5,11 +5,11 @@ type NSRecordHourlyStat struct {
 	Id            uint64 `field:"id"`            // ID
 	ClusterId     uint32 `field:"clusterId"`     // 集群ID
 	NodeId        uint32 `field:"nodeId"`        // 节点ID
-	DomainId      uint32 `field:"domainId"`      // 域名ID
+	DomainId      uint64 `field:"domainId"`      // 域名ID
 	RecordId      uint64 `field:"recordId"`      // 记录ID
 	Day           string `field:"day"`           // YYYYMMDD
 	Hour          string `field:"hour"`          // YYYYMMDDHH
-	CountRequests uint32 `field:"countRequests"` // 请求数
+	CountRequests uint64 `field:"countRequests"` // 请求数
 	Bytes         uint64 `field:"bytes"`         // 流量
 }

--- a/internal/db/models/nameservers/ns_user_plan_model.go
+++ b/internal/db/models/nameservers/ns_user_plan_model.go
@@ -0,0 +1,28 @@
+package nameservers
+
+// NSUserPlan 用户套餐
+type NSUserPlan struct {
+	Id         uint64 `field:"id"`         // ID
+	UserId     uint64 `field:"userId"`     // 用户ID
+	PlanId     uint32 `field:"planId"`     // 套餐ID
+	DayFrom    string `field:"dayFrom"`    // YYYYMMDD
+	DayTo      string `field:"dayTo"`      // YYYYMMDD
+	PeriodUnit string `field:"periodUnit"` // monthly|yearly
+	CreatedAt  uint64 `field:"createdAt"`  // 创建时间
+	State      uint8  `field:"state"`      // 状态
+}
+
+type NSUserPlanOperator struct {
+	Id         any // ID
+	UserId     any // 用户ID
+	PlanId     any // 套餐ID
+	DayFrom    any // YYYYMMDD
+	DayTo      any // YYYYMMDD
+	PeriodUnit any // monthly|yearly
+	CreatedAt  any // 创建时间
+	State      any // 状态
+}
+
+func NewNSUserPlanOperator() *NSUserPlanOperator {
+	return &NSUserPlanOperator{}
+}
--- a/internal/db/models/nameservers/ns_user_plan_model_ext.go
+++ b/internal/db/models/nameservers/ns_user_plan_model_ext.go
@@ -0,0 +1 @@
+package nameservers
--- a/internal/db/models/node_cluster_dao.go
+++ b/internal/db/models/node_cluster_dao.go
@@ -125,13 +125,13 @@ func (this *NodeClusterDAO) FindAllEnableClusterIds(tx *dbs.Tx) (result []int64,
 }

 // CreateCluster 创建集群
-func (this *NodeClusterDAO) CreateCluster(tx *dbs.Tx, adminId int64, name string, grantId int64, installDir string, dnsDomainId int64, dnsName string, cachePolicyId int64, httpFirewallPolicyId int64, systemServices map[string]maps.Map) (clusterId int64, err error) {
+func (this *NodeClusterDAO) CreateCluster(tx *dbs.Tx, adminId int64, name string, grantId int64, installDir string, dnsDomainId int64, dnsName string, dnsTTL int32, cachePolicyId int64, httpFirewallPolicyId int64, systemServices map[string]maps.Map, globalServerConfig *serverconfigs.GlobalServerConfig, autoInstallNftables bool) (clusterId int64, err error) {
 	uniqueId, err := this.GenUniqueId(tx)
 	if err != nil {
 		return 0, err
 	}

-	secret := rands.String(32)
+	var secret = rands.String(32)
 	err = SharedApiTokenDAO.CreateAPIToken(tx, uniqueId, secret, nodeconfigs.NodeRoleCluster)
 	if err != nil {
 		return 0, err
@@ -149,9 +149,9 @@ func (this *NodeClusterDAO) CreateCluster(tx *dbs.Tx, adminId int64, name string
 	var dnsConfig = &dnsconfigs.ClusterDNSConfig{
 		NodesAutoSync:    true,
 		ServersAutoSync:  true,
-		CNameRecords:     []string{},
-		CNameAsDomain:    true,
-		TTL:              0,
+		CNAMERecords:     []string{},
+		CNAMEAsDomain:    true,
+		TTL:              dnsTTL,
 		IncludingLnNodes: true,
 	}
 	dnsJSON, err := json.Marshal(dnsConfig)
@@ -173,10 +173,21 @@ func (this *NodeClusterDAO) CreateCluster(tx *dbs.Tx, adminId int64, name string
 	}
 	op.SystemServices = systemServicesJSON

+	// 全局服务配置
+	if globalServerConfig == nil {
+		globalServerConfig = serverconfigs.DefaultGlobalServerConfig()
+	}
+	globalServerConfigJSON, err := json.Marshal(globalServerConfig)
+	if err != nil {
+		return 0, err
+	}
+	op.GlobalServerConfig = globalServerConfigJSON
+
 	op.UseAllAPINodes = 1
 	op.ApiNodes = "[]"
 	op.UniqueId = uniqueId
 	op.Secret = secret
+	op.AutoInstallNftables = autoInstallNftables
 	op.State = NodeClusterStateEnabled
 	err = this.Save(tx, op)
 	if err != nil {
@@ -187,7 +198,7 @@ func (this *NodeClusterDAO) CreateCluster(tx *dbs.Tx, adminId int64, name string
 }

 // UpdateCluster 修改集群
-func (this *NodeClusterDAO) UpdateCluster(tx *dbs.Tx, clusterId int64, name string, grantId int64, installDir string, timezone string, nodeMaxThreads int32, autoOpenPorts bool) error {
+func (this *NodeClusterDAO) UpdateCluster(tx *dbs.Tx, clusterId int64, name string, grantId int64, installDir string, timezone string, nodeMaxThreads int32, autoOpenPorts bool, clockConfig *nodeconfigs.ClockConfig, autoRemoteStart bool, autoInstallTables bool) error {
 	if clusterId <= 0 {
 		return errors.New("invalid clusterId")
 	}
@@ -204,6 +215,17 @@ func (this *NodeClusterDAO) UpdateCluster(tx *dbs.Tx, clusterId int64, name stri
 	op.NodeMaxThreads = nodeMaxThreads
 	op.AutoOpenPorts = autoOpenPorts

+	if clockConfig != nil {
+		clockJSON, err := json.Marshal(clockConfig)
+		if err != nil {
+			return err
+		}
+		op.Clock = clockJSON
+	}
+
+	op.AutoRemoteStart = autoRemoteStart
+	op.AutoInstallNftables = autoInstallTables
+
 	err := this.Save(tx, op)
 	if err != nil {
 		return err
@@ -444,7 +466,7 @@ func (this *NodeClusterDAO) FindClusterDNSInfo(tx *dbs.Tx, clusterId int64, cach

 	one, err := this.Query(tx).
 		Pk(clusterId).
-		Result("id", "name", "dnsName", "dnsDomainId", "dns", "isOn").
+		Result("id", "name", "dnsName", "dnsDomainId", "dns", "isOn", "state").
 		Find()
 	if err != nil {
 		return nil, err
@@ -488,10 +510,16 @@ func (this *NodeClusterDAO) UpdateClusterDNS(tx *dbs.Tx, clusterId int64, dnsNam

 	var oldCluster = oldOne.(*NodeCluster)
 	var oldDNSDomainId = int64(oldCluster.DnsDomainId)
+	var shouldRemoveOld = false
 	if (oldDNSDomainId > 0 && oldDNSDomainId != dnsDomainId) || (oldCluster.DnsName != dnsName) {
-		err = dns.SharedDNSTaskDAO.CreateClusterRemoveTask(tx, clusterId, oldDNSDomainId, oldCluster.DnsName)
-		if err != nil {
-			return err
+		if oldDNSDomainId == dnsDomainId {
+			// 如果只是换子域名，需要在新的域名添加之前，先删除老的子域名，防止无法添加CNAME
+			err = dns.SharedDNSTaskDAO.CreateClusterRemoveTask(tx, clusterId, oldDNSDomainId, oldCluster.DnsName)
+			if err != nil {
+				return err
+			}
+		} else {
+			shouldRemoveOld = true
 		}
 	}

@@ -507,9 +535,9 @@ func (this *NodeClusterDAO) UpdateClusterDNS(tx *dbs.Tx, clusterId int64, dnsNam
 	var dnsConfig = &dnsconfigs.ClusterDNSConfig{
 		NodesAutoSync:    nodesAutoSync,
 		ServersAutoSync:  serversAutoSync,
-		CNameRecords:     cnameRecords,
+		CNAMERecords:     cnameRecords,
 		TTL:              ttl,
-		CNameAsDomain:    cnameAsDomain,
+		CNAMEAsDomain:    cnameAsDomain,
 		IncludingLnNodes: includingLnNodes,
 	}
 	dnsJSON, err := json.Marshal(dnsConfig)
@@ -526,7 +554,20 @@ func (this *NodeClusterDAO) UpdateClusterDNS(tx *dbs.Tx, clusterId int64, dnsNam
 	if err != nil {
 		return err
 	}
-	return this.NotifyDNSUpdate(tx, clusterId)
+	err = this.NotifyDNSUpdate(tx, clusterId)
+	if err != nil {
+		return err
+	}
+
+	// 删除老的记录
+	if shouldRemoveOld {
+		err = dns.SharedDNSTaskDAO.CreateClusterRemoveTask(tx, clusterId, oldDNSDomainId, oldCluster.DnsName)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
 }

 // FindClusterAdminId 查找集群所属管理员
@@ -926,7 +967,7 @@ func (this *NodeClusterDAO) FindClusterBasicInfo(tx *dbs.Tx, clusterId int64, ca
 	cluster, err := this.Query(tx).
 		Pk(clusterId).
 		State(NodeClusterStateEnabled).
-		Result("id", "timeZone", "nodeMaxThreads", "cachePolicyId", "httpFirewallPolicyId", "autoOpenPorts", "webp", "uam", "isOn", "ddosProtection").
+		Result("id", "timeZone", "nodeMaxThreads", "cachePolicyId", "httpFirewallPolicyId", "autoOpenPorts", "webp", "uam", "isOn", "ddosProtection", "clock", "globalServerConfig", "autoInstallNftables").
 		Find()
 	if err != nil || cluster == nil {
 		return nil, err
@@ -1094,6 +1135,49 @@ func (this *NodeClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId in
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, NodeTaskTypeDDosProtectionChanged)
 }

+// FindClusterGlobalServerConfig 查询全局服务配置
+func (this *NodeClusterDAO) FindClusterGlobalServerConfig(tx *dbs.Tx, clusterId int64) (*serverconfigs.GlobalServerConfig, error) {
+	configJSON, err := this.Query(tx).
+		Pk(clusterId).
+		Result("globalServerConfig").
+		FindJSONCol()
+	if err != nil {
+		return nil, err
+	}
+
+	var config = serverconfigs.DefaultGlobalServerConfig()
+	if IsNull(configJSON) {
+		return config, nil
+	}
+
+	err = json.Unmarshal(configJSON, config)
+	if err != nil {
+		return nil, err
+	}
+
+	return config, nil
+}
+
+// UpdateClusterGlobalServerConfig 修改全局服务配置
+func (this *NodeClusterDAO) UpdateClusterGlobalServerConfig(tx *dbs.Tx, clusterId int64, config *serverconfigs.GlobalServerConfig) error {
+	if config == nil {
+		config = serverconfigs.DefaultGlobalServerConfig()
+	}
+	configJSON, err := json.Marshal(config)
+	if err != nil {
+		return err
+	}
+	err = this.Query(tx).
+		Pk(clusterId).
+		Set("globalServerConfig", configJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, NodeTaskTypeGlobalServerConfigChanged)
+}
+
 // NotifyUpdate 通知更新
 func (this *NodeClusterDAO) NotifyUpdate(tx *dbs.Tx, clusterId int64) error {
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, NodeTaskTypeConfigChanged)
--- a/internal/db/models/node_cluster_model.go
+++ b/internal/db/models/node_cluster_model.go
@@ -30,45 +30,53 @@ type NodeCluster struct {
 	SystemServices       dbs.JSON `field:"systemServices"`       // 系统服务设置
 	TimeZone             string   `field:"timeZone"`             // 时区
 	NodeMaxThreads       uint32   `field:"nodeMaxThreads"`       // 节点最大线程数
-	DdosProtection       dbs.JSON `field:"ddosProtection"`       // DDOS端口
+	DdosProtection       dbs.JSON `field:"ddosProtection"`       // DDoS防护设置
 	AutoOpenPorts        uint8    `field:"autoOpenPorts"`        // 是否自动尝试开放端口
 	IsPinned             bool     `field:"isPinned"`             // 是否置顶
 	Webp                 dbs.JSON `field:"webp"`                 // WebP设置
 	Uam                  dbs.JSON `field:"uam"`                  // UAM设置
+	Clock                dbs.JSON `field:"clock"`                // 时钟配置
+	GlobalServerConfig   dbs.JSON `field:"globalServerConfig"`   // 全局服务配置
+	AutoRemoteStart      bool     `field:"autoRemoteStart"`      // 自动远程启动
+	AutoInstallNftables  bool     `field:"autoInstallNftables"`  // 自动安装nftables
 }

 type NodeClusterOperator struct {
-	Id                   interface{} // ID
-	AdminId              interface{} // 管理员ID
-	UserId               interface{} // 用户ID
-	IsOn                 interface{} // 是否启用
-	Name                 interface{} // 名称
-	UseAllAPINodes       interface{} // 是否使用所有API节点
-	ApiNodes             interface{} // 使用的API节点
-	InstallDir           interface{} // 安装目录
-	Order                interface{} // 排序
-	CreatedAt            interface{} // 创建时间
-	GrantId              interface{} // 默认认证方式
-	State                interface{} // 状态
-	AutoRegister         interface{} // 是否开启自动注册
-	UniqueId             interface{} // 唯一ID
-	Secret               interface{} // 密钥
-	HealthCheck          interface{} // 健康检查
-	DnsName              interface{} // DNS名称
-	DnsDomainId          interface{} // 域名ID
-	Dns                  interface{} // DNS配置
-	Toa                  interface{} // TOA配置
-	CachePolicyId        interface{} // 缓存策略ID
-	HttpFirewallPolicyId interface{} // WAF策略ID
-	AccessLog            interface{} // 访问日志设置
-	SystemServices       interface{} // 系统服务设置
-	TimeZone             interface{} // 时区
-	NodeMaxThreads       interface{} // 节点最大线程数
-	DdosProtection       interface{} // DDOS端口
-	AutoOpenPorts        interface{} // 是否自动尝试开放端口
-	IsPinned             interface{} // 是否置顶
-	Webp                 interface{} // WebP设置
-	Uam                  interface{} // UAM设置
+	Id                   any // ID
+	AdminId              any // 管理员ID
+	UserId               any // 用户ID
+	IsOn                 any // 是否启用
+	Name                 any // 名称
+	UseAllAPINodes       any // 是否使用所有API节点
+	ApiNodes             any // 使用的API节点
+	InstallDir           any // 安装目录
+	Order                any // 排序
+	CreatedAt            any // 创建时间
+	GrantId              any // 默认认证方式
+	State                any // 状态
+	AutoRegister         any // 是否开启自动注册
+	UniqueId             any // 唯一ID
+	Secret               any // 密钥
+	HealthCheck          any // 健康检查
+	DnsName              any // DNS名称
+	DnsDomainId          any // 域名ID
+	Dns                  any // DNS配置
+	Toa                  any // TOA配置
+	CachePolicyId        any // 缓存策略ID
+	HttpFirewallPolicyId any // WAF策略ID
+	AccessLog            any // 访问日志设置
+	SystemServices       any // 系统服务设置
+	TimeZone             any // 时区
+	NodeMaxThreads       any // 节点最大线程数
+	DdosProtection       any // DDoS防护设置
+	AutoOpenPorts        any // 是否自动尝试开放端口
+	IsPinned             any // 是否置顶
+	Webp                 any // WebP设置
+	Uam                  any // UAM设置
+	Clock                any // 时钟配置
+	GlobalServerConfig   any // 全局服务配置
+	AutoRemoteStart      any // 自动远程启动
+	AutoInstallNftables  any // 自动安装nftables
 }

 func NewNodeClusterOperator() *NodeClusterOperator {
--- a/internal/db/models/node_cluster_model_ext.go
+++ b/internal/db/models/node_cluster_model_ext.go
@@ -2,7 +2,10 @@ package models

 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 )

@@ -13,12 +16,12 @@ func (this *NodeCluster) DecodeDNSConfig() (*dnsconfigs.ClusterDNSConfig, error)
 		return &dnsconfigs.ClusterDNSConfig{
 			NodesAutoSync:    false,
 			ServersAutoSync:  false,
-			CNameAsDomain:    true,
+			CNAMEAsDomain:    true,
 			IncludingLnNodes: true,
 		}, nil
 	}
 	var dnsConfig = &dnsconfigs.ClusterDNSConfig{
-		CNameAsDomain:    true,
+		CNAMEAsDomain:    true,
 		IncludingLnNodes: true,
 	}
 	err := json.Unmarshal(this.Dns, &dnsConfig)
@@ -50,3 +53,27 @@ func (this *NodeCluster) HasDDoSProtection() bool {
 	}
 	return false
 }
+
+// DecodeClock 解析时钟配置
+func (this *NodeCluster) DecodeClock() *nodeconfigs.ClockConfig {
+	var clock = nodeconfigs.DefaultClockConfig()
+	if IsNotNull(this.Clock) {
+		err := json.Unmarshal(this.Clock, clock)
+		if err != nil {
+			remotelogs.Error("NodeCluster.DecodeClock()", err.Error())
+		}
+	}
+	return clock
+}
+
+// DecodeGlobalServerConfig 解析全局服务配置
+func (this *NodeCluster) DecodeGlobalServerConfig() *serverconfigs.GlobalServerConfig {
+	var config = serverconfigs.DefaultGlobalServerConfig()
+	if IsNotNull(this.GlobalServerConfig) {
+		err := json.Unmarshal(this.GlobalServerConfig, config)
+		if err != nil {
+			remotelogs.Error("NodeCluster.DecodeGlobalServerConfig()", err.Error())
+		}
+	}
+	return config
+}
--- a/internal/db/models/node_dao.go
+++ b/internal/db/models/node_dao.go
@@ -140,18 +140,9 @@ func (this *NodeDAO) FindNodeName(tx *dbs.Tx, id int64) (string, error) {

 // CreateNode 创建节点
 func (this *NodeDAO) CreateNode(tx *dbs.Tx, adminId int64, name string, clusterId int64, groupId int64, regionId int64) (nodeId int64, err error) {
-	// 检查节点数量
-	if teaconst.MaxNodes > 0 {
-		count, err := this.Query(tx).
-			State(NodeStateEnabled).
-			Where("clusterId IN (SELECT id FROM " + SharedNodeClusterDAO.Table + " WHERE state=1)").
-			Count()
-		if err != nil {
-			return 0, err
-		}
-		if int64(teaconst.MaxNodes) <= count {
-			return 0, errors.New("[企业版]超出最大节点数限制：" + types.String(teaconst.MaxNodes) + "，请购买更多配额")
-		}
+	err = this.CheckNodesLimit(tx)
+	if err != nil {
+		return
 	}

 	uniqueId, err := this.GenUniqueId(tx)
@@ -1085,6 +1076,16 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap *utils
 			}
 		}

+		// 时钟
+		if config.Clock == nil {
+			config.Clock = nodeCluster.DecodeClock()
+		}
+
+		// 全局配置
+		if config.GlobalServerConfig == nil {
+			config.GlobalServerConfig = nodeCluster.DecodeGlobalServerConfig()
+		}
+
 		// 最大线程数、TCP连接数
 		if clusterIndex == 0 {
 			config.MaxThreads = int(nodeCluster.NodeMaxThreads)
@@ -1112,6 +1113,11 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap *utils
 			config.UAMPolicies[clusterId] = uamPolicy
 		}

+		// 自动安装nftables
+		if clusterIndex == 0 {
+			config.AutoInstallNftables = nodeCluster.AutoInstallNftables
+		}
+
 		clusterIndex++
 	}

--- a/internal/db/models/node_dao_limit.go
+++ b/internal/db/models/node_dao_limit.go
@@ -0,0 +1,12 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package models
+
+import (
+	"github.com/iwind/TeaGo/dbs"
+)
+
+func (this *NodeDAO) CheckNodesLimit(tx *dbs.Tx) error {
+	return nil
+}
--- a/internal/db/models/node_log_dao.go
+++ b/internal/db/models/node_log_dao.go
@@ -391,6 +391,13 @@ func (this *NodeLogDAO) DeleteNodeLogsWithCluster(tx *dbs.Tx, role nodeconfigs.N
 	if clusterId <= 0 {
 		return nil
 	}
+
+	// 执行钩子
+	err := this.deleteNodeLogsWithCluster(tx, role, clusterId)
+	if err != nil {
+		return err
+	}
+
 	var query = this.Query(tx).
 		Attr("role", role)

@@ -398,13 +405,10 @@ func (this *NodeLogDAO) DeleteNodeLogsWithCluster(tx *dbs.Tx, role nodeconfigs.N
 	case nodeconfigs.NodeRoleNode:
 		query.Where("nodeId IN (SELECT id FROM " + SharedNodeDAO.Table + " WHERE clusterId=:clusterId)")
 		query.Param("clusterId", clusterId)
-	case nodeconfigs.NodeRoleDNS:
-		query.Where("nodeId IN (SELECT id FROM " + SharedNSNodeDAO.Table + " WHERE clusterId=:clusterId)")
-		query.Param("clusterId", clusterId)
 	default:
 		return nil
 	}

-	_, err := query.Delete()
+	_, err = query.Delete()
 	return err
 }
--- a/internal/db/models/node_log_dao_ext.go
+++ b/internal/db/models/node_log_dao_ext.go
@@ -0,0 +1,13 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package models
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+func (this *NodeLogDAO) deleteNodeLogsWithCluster(tx *dbs.Tx, role nodeconfigs.NodeRole, clusterId int64) error  {
+	return nil
+}
--- a/internal/db/models/node_login_dao.go
+++ b/internal/db/models/node_login_dao.go
@@ -155,32 +155,3 @@ func (this *NodeLoginDAO) FindFrequentPorts(tx *dbs.Tx) ([]int32, error) {
 	}
 	return ports, nil
 }
-
-func (this *NodeLoginDAO) FindFrequentGrantIds(tx *dbs.Tx, nodeClusterId int64, nsClusterId int64) ([]int64, error) {
-	var query = this.Query(tx).
-		Attr("state", NodeLoginStateEnabled).
-		Result("JSON_EXTRACT(params, '$.grantId') as `grantId`", "COUNT(*) AS c").
-		Having("grantId>0").
-		Desc("c").
-		Limit(3).
-		Group("grantId")
-	if nodeClusterId > 0 {
-		query.Attr("role", nodeconfigs.NodeRoleNode)
-		query.Where("(nodeId IN (SELECT id FROM "+SharedNodeDAO.Table+" WHERE state=1 AND clusterId=:clusterId))").
-			Param("clusterId", nodeClusterId)
-	} else if nsClusterId > 0 {
-		query.Attr("role", nodeconfigs.NodeRoleDNS)
-		query.Where("(nodeId IN (SELECT id FROM "+SharedNSNodeDAO.Table+" WHERE state=1 AND clusterId=:clusterId))").
-			Param("clusterId", nsClusterId)
-	}
-	ones, _, err := query.
-		FindOnes()
-	if err != nil {
-		return nil, err
-	}
-	var grantIds = []int64{}
-	for _, one := range ones {
-		grantIds = append(grantIds, one.GetInt64("grantId"))
-	}
-	return grantIds, nil
-}
--- a/internal/db/models/node_login_dao_ext.go
+++ b/internal/db/models/node_login_dao_ext.go
@@ -0,0 +1,36 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package models
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+func (this *NodeLoginDAO) FindFrequentGrantIds(tx *dbs.Tx, nodeClusterId int64, nsClusterId int64) ([]int64, error) {
+	var query = this.Query(tx).
+		Attr("state", NodeLoginStateEnabled).
+		Result("JSON_EXTRACT(params, '$.grantId') as `grantId`", "COUNT(*) AS c").
+		Having("grantId>0").
+		Desc("c").
+		Limit(3).
+		Group("grantId")
+	if nodeClusterId > 0 {
+		query.Attr("role", nodeconfigs.NodeRoleNode)
+		query.Where("(nodeId IN (SELECT id FROM "+SharedNodeDAO.Table+" WHERE state=1 AND clusterId=:clusterId))").
+			Param("clusterId", nodeClusterId)
+	} else if nsClusterId > 0 {
+		return nil, nil
+	}
+	ones, _, err := query.
+		FindOnes()
+	if err != nil {
+		return nil, err
+	}
+	var grantIds = []int64{}
+	for _, one := range ones {
+		grantIds = append(grantIds, one.GetInt64("grantId"))
+	}
+	return grantIds, nil
+}
--- a/internal/db/models/node_task_dao.go
+++ b/internal/db/models/node_task_dao.go
@@ -14,12 +14,13 @@ import (
 type NodeTaskType = string

 const (
-	NodeTaskTypeConfigChanged         NodeTaskType = "configChanged"         // 节点整体配置变化
-	NodeTaskTypeDDosProtectionChanged NodeTaskType = "ddosProtectionChanged" // 节点DDoS配置变更
-	NodeTaskTypeIPItemChanged         NodeTaskType = "ipItemChanged"
-	NodeTaskTypeNodeVersionChanged    NodeTaskType = "nodeVersionChanged"
-	NodeTaskTypeScriptsChanged        NodeTaskType = "scriptsChanged"
-	NodeTaskTypeNodeLevelChanged      NodeTaskType = "nodeLevelChanged"
+	NodeTaskTypeConfigChanged             NodeTaskType = "configChanged"             // 节点整体配置变化
+	NodeTaskTypeDDosProtectionChanged     NodeTaskType = "ddosProtectionChanged"     // 节点DDoS配置变更
+	NodeTaskTypeGlobalServerConfigChanged NodeTaskType = "globalServerConfigChanged" // 全局服务设置变化
+	NodeTaskTypeIPItemChanged             NodeTaskType = "ipItemChanged"
+	NodeTaskTypeNodeVersionChanged        NodeTaskType = "nodeVersionChanged"
+	NodeTaskTypeScriptsChanged            NodeTaskType = "scriptsChanged"
+	NodeTaskTypeNodeLevelChanged          NodeTaskType = "nodeLevelChanged"

 	// NS相关

@@ -158,45 +159,6 @@ func (this *NodeTaskDAO) ExtractNodeClusterTask(tx *dbs.Tx, clusterId int64, ser
 	return nil
 }

-// ExtractNSClusterTask 分解NS节点集群任务
-func (this *NodeTaskDAO) ExtractNSClusterTask(tx *dbs.Tx, clusterId int64, taskType NodeTaskType) error {
-	nodeIds, err := SharedNSNodeDAO.FindAllNodeIdsMatch(tx, clusterId, true, configutils.BoolStateYes)
-	if err != nil {
-		return err
-	}
-
-	_, err = this.Query(tx).
-		Attr("role", nodeconfigs.NodeRoleDNS).
-		Attr("clusterId", clusterId).
-		Param("clusterIdString", types.String(clusterId)).
-		Where("nodeId > 0").
-		Attr("type", taskType).
-		Delete()
-	if err != nil {
-		return err
-	}
-
-	var version = time.Now().UnixNano()
-	for _, nodeId := range nodeIds {
-		err = this.CreateNodeTask(tx, nodeconfigs.NodeRoleDNS, clusterId, nodeId, 0, taskType, version)
-		if err != nil {
-			return err
-		}
-	}
-
-	_, err = this.Query(tx).
-		Attr("role", nodeconfigs.NodeRoleDNS).
-		Attr("clusterId", clusterId).
-		Attr("nodeId", 0).
-		Attr("type", taskType).
-		Delete()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
 // ExtractAllClusterTasks 分解所有集群任务
 func (this *NodeTaskDAO) ExtractAllClusterTasks(tx *dbs.Tx, role string) error {
 	ones, err := this.Query(tx).
--- a/internal/db/models/node_task_dao_ext.go
+++ b/internal/db/models/node_task_dao_ext.go
@@ -0,0 +1,11 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// ExtractNSClusterTask 分解NS节点集群任务
+func (this *NodeTaskDAO) ExtractNSClusterTask(tx *dbs.Tx, clusterId int64, taskType NodeTaskType) error {
+	return nil
+}
--- a/internal/db/models/ns_access_log_dao.go
+++ b/internal/db/models/ns_access_log_dao.go
@@ -1,336 +0,0 @@
-package models
-
-import (
-	"encoding/json"
-	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-	"github.com/iwind/TeaGo/lists"
-	"github.com/iwind/TeaGo/logs"
-	"github.com/iwind/TeaGo/types"
-	timeutil "github.com/iwind/TeaGo/utils/time"
-	"regexp"
-	"sort"
-	"strings"
-	"sync"
-	"time"
-)
-
-type NSAccessLogDAO dbs.DAO
-
-func NewNSAccessLogDAO() *NSAccessLogDAO {
-	return dbs.NewDAO(&NSAccessLogDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeNSAccessLogs",
-			Model:  new(NSAccessLog),
-			PkName: "id",
-		},
-	}).(*NSAccessLogDAO)
-}
-
-var SharedNSAccessLogDAO *NSAccessLogDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedNSAccessLogDAO = NewNSAccessLogDAO()
-	})
-}
-
-// CreateNSAccessLogs 创建访问日志
-func (this *NSAccessLogDAO) CreateNSAccessLogs(tx *dbs.Tx, accessLogs []*pb.NSAccessLog) error {
-	dao := randomNSAccessLogDAO()
-	if dao == nil {
-		dao = &NSAccessLogDAOWrapper{
-			DAO:    SharedNSAccessLogDAO,
-			NodeId: 0,
-		}
-	}
-	return this.CreateNSAccessLogsWithDAO(tx, dao, accessLogs)
-}
-
-// CreateNSAccessLogsWithDAO 使用特定的DAO创建访问日志
-func (this *NSAccessLogDAO) CreateNSAccessLogsWithDAO(tx *dbs.Tx, daoWrapper *NSAccessLogDAOWrapper, accessLogs []*pb.NSAccessLog) error {
-	if daoWrapper == nil {
-		return errors.New("dao should not be nil")
-	}
-	if len(accessLogs) == 0 {
-		return nil
-	}
-
-	dao := daoWrapper.DAO
-
-	// TODO 改成事务批量提交，以加快速度
-
-	for _, accessLog := range accessLogs {
-		day := timeutil.Format("Ymd", time.Unix(accessLog.Timestamp, 0))
-		table, err := findNSAccessLogTable(dao.Instance, day, false)
-		if err != nil {
-			return err
-		}
-
-		fields := map[string]interface{}{}
-		fields["nodeId"] = accessLog.NsNodeId
-		fields["domainId"] = accessLog.NsDomainId
-		fields["recordId"] = accessLog.NsRecordId
-		fields["createdAt"] = accessLog.Timestamp
-		fields["requestId"] = accessLog.RequestId
-
-		content, err := json.Marshal(accessLog)
-		if err != nil {
-			return err
-		}
-		fields["content"] = content
-
-		_, err = dao.Query(tx).
-			Table(table).
-			Sets(fields).
-			Insert()
-		if err != nil {
-			// 是否为 Error 1146: Table 'xxx.xxx' doesn't exist  如果是，则创建表之后重试
-			if strings.Contains(err.Error(), "1146") {
-				table, err = findNSAccessLogTable(dao.Instance, day, true)
-				if err != nil {
-					return err
-				}
-				_, err = dao.Query(tx).
-					Table(table).
-					Sets(fields).
-					Insert()
-				if err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-// ListAccessLogs 读取往前的 单页访问日志
-func (this *NSAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, clusterId int64, nodeId int64, domainId int64, recordId int64, recordType string, keyword string, reverse bool) (result []*NSAccessLog, nextLastRequestId string, hasMore bool, err error) {
-	if len(day) != 8 {
-		return
-	}
-
-	// 限制能查询的最大条数，防止占用内存过多
-	if size > 1000 {
-		size = 1000
-	}
-
-	result, nextLastRequestId, err = this.listAccessLogs(tx, lastRequestId, size, day, clusterId, nodeId, domainId, recordId, recordType, keyword, reverse)
-	if err != nil || int64(len(result)) < size {
-		return
-	}
-
-	moreResult, _, _ := this.listAccessLogs(tx, nextLastRequestId, 1, day, clusterId, nodeId, domainId, recordId, recordType, keyword, reverse)
-	hasMore = len(moreResult) > 0
-	return
-}
-
-// 读取往前的单页访问日志
-func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, clusterId int64, nodeId int64, domainId int64, recordId int64, recordType string, keyword string, reverse bool) (result []*NSAccessLog, nextLastRequestId string, err error) {
-	if size <= 0 {
-		return nil, lastRequestId, nil
-	}
-
-	accessLogLocker.RLock()
-	var daoList = []*NSAccessLogDAOWrapper{}
-	for _, daoWrapper := range nsAccessLogDAOMapping {
-		daoList = append(daoList, daoWrapper)
-	}
-	accessLogLocker.RUnlock()
-
-	if len(daoList) == 0 {
-		daoList = []*NSAccessLogDAOWrapper{{
-			DAO:    SharedNSAccessLogDAO,
-			NodeId: 0,
-		}}
-	}
-
-	// 检查是否有集群筛选条件
-	var nodeIds []int64
-	if clusterId > 0 && nodeId <= 0 {
-		nodeIds, err = SharedNSNodeDAO.FindEnabledNodeIdsWithClusterId(tx, clusterId)
-		if err != nil {
-			return
-		}
-		if len(nodeIds) == 0 {
-			// 没有任何节点则直接返回空
-			return nil, "", nil
-		}
-	}
-
-	var locker = sync.Mutex{}
-
-	var count = len(daoList)
-	var wg = &sync.WaitGroup{}
-	wg.Add(count)
-	for _, daoWrapper := range daoList {
-		go func(daoWrapper *NSAccessLogDAOWrapper) {
-			defer wg.Done()
-
-			dao := daoWrapper.DAO
-
-			tableName, exists, err := findNSAccessLogTableName(dao.Instance, day)
-			if !exists {
-				// 表格不存在则跳过
-				return
-			}
-			if err != nil {
-				logs.Println("[DB_NODE]" + err.Error())
-				return
-			}
-
-			var query = dao.Query(tx)
-
-			// 条件
-			if nodeId > 0 {
-				query.Attr("nodeId", nodeId)
-			} else if clusterId > 0 {
-				query.Attr("nodeId", nodeIds)
-				query.Reuse(false)
-			}
-			if domainId > 0 {
-				query.Attr("domainId", domainId)
-			}
-			if recordId > 0 {
-				query.Attr("recordId", recordId)
-			}
-
-			// offset
-			if len(lastRequestId) > 0 {
-				if !reverse {
-					query.Where("requestId<:requestId").
-						Param("requestId", lastRequestId)
-				} else {
-					query.Where("requestId>:requestId").
-						Param("requestId", lastRequestId)
-				}
-			}
-
-			// keyword
-			if len(keyword) > 0 {
-				query.Where("(JSON_EXTRACT(content, '$.remoteAddr') LIKE :keyword OR JSON_EXTRACT(content, '$.questionName') LIKE :keyword OR JSON_EXTRACT(content, '$.recordValue') LIKE :keyword)").
-					Param("keyword", dbutils.QuoteLike(keyword))
-			}
-
-			// record type
-			if len(recordType) > 0 {
-				query.Where("JSON_EXTRACT(content, '$.questionType')=:recordType")
-				query.Param("recordType", recordType)
-			}
-
-			if !reverse {
-				query.Desc("requestId")
-			} else {
-				query.Asc("requestId")
-			}
-
-			// 开始查询
-			ones, err := query.
-				Table(tableName).
-				Limit(size).
-				FindAll()
-			if err != nil {
-				logs.Println("[DB_NODE]" + err.Error())
-				return
-			}
-			locker.Lock()
-			for _, one := range ones {
-				accessLog := one.(*NSAccessLog)
-				result = append(result, accessLog)
-			}
-			locker.Unlock()
-		}(daoWrapper)
-	}
-	wg.Wait()
-
-	if len(result) == 0 {
-		return nil, lastRequestId, nil
-	}
-
-	// 按照requestId排序
-	sort.Slice(result, func(i, j int) bool {
-		if !reverse {
-			return result[i].RequestId > result[j].RequestId
-		} else {
-			return result[i].RequestId < result[j].RequestId
-		}
-	})
-
-	if int64(len(result)) > size {
-		result = result[:size]
-	}
-
-	var requestId = result[len(result)-1].RequestId
-	if reverse {
-		lists.Reverse(result)
-	}
-
-	if !reverse {
-		return result, requestId, nil
-	} else {
-		return result, requestId, nil
-	}
-}
-
-// FindAccessLogWithRequestId 根据请求ID获取访问日志
-func (this *NSAccessLogDAO) FindAccessLogWithRequestId(tx *dbs.Tx, requestId string) (*NSAccessLog, error) {
-	if !regexp.MustCompile(`^\d{11,}`).MatchString(requestId) {
-		return nil, errors.New("invalid requestId")
-	}
-
-	accessLogLocker.RLock()
-	daoList := []*NSAccessLogDAOWrapper{}
-	for _, daoWrapper := range nsAccessLogDAOMapping {
-		daoList = append(daoList, daoWrapper)
-	}
-	accessLogLocker.RUnlock()
-
-	if len(daoList) == 0 {
-		daoList = []*NSAccessLogDAOWrapper{{
-			DAO:    SharedNSAccessLogDAO,
-			NodeId: 0,
-		}}
-	}
-
-	count := len(daoList)
-	wg := &sync.WaitGroup{}
-	wg.Add(count)
-	var result *NSAccessLog = nil
-	day := timeutil.FormatTime("Ymd", types.Int64(requestId[:10]))
-	for _, daoWrapper := range daoList {
-		go func(daoWrapper *NSAccessLogDAOWrapper) {
-			defer wg.Done()
-
-			dao := daoWrapper.DAO
-
-			tableName, exists, err := findNSAccessLogTableName(dao.Instance, day)
-			if err != nil {
-				logs.Println("[DB_NODE]" + err.Error())
-				return
-			}
-			if !exists {
-				return
-			}
-
-			one, err := dao.Query(tx).
-				Table(tableName).
-				Attr("requestId", requestId).
-				Find()
-			if err != nil {
-				logs.Println("[DB_NODE]" + err.Error())
-				return
-			}
-			if one != nil {
-				result = one.(*NSAccessLog)
-			}
-		}(daoWrapper)
-	}
-	wg.Wait()
-	return result, nil
-}
--- a/internal/db/models/ns_access_log_dao_test.go
+++ b/internal/db/models/ns_access_log_dao_test.go
@@ -1,6 +0,0 @@
-package models
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	_ "github.com/iwind/TeaGo/bootstrap"
-)
--- a/internal/db/models/ns_cluster_dao.go
+++ b/internal/db/models/ns_cluster_dao.go
@@ -1,11 +1,7 @@
 package models

 import (
-	"encoding/json"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -82,68 +78,6 @@ func (this *NSClusterDAO) FindEnabledNSClusterName(tx *dbs.Tx, id int64) (string
 		FindStringCol("")
 }

-// CreateCluster 创建集群
-func (this *NSClusterDAO) CreateCluster(tx *dbs.Tx, name string, accessLogRefJSON []byte) (int64, error) {
-	var op = NewNSClusterOperator()
-	op.Name = name
-
-	if len(accessLogRefJSON) > 0 {
-		op.AccessLog = accessLogRefJSON
-	}
-
-	op.IsOn = true
-	op.State = NSClusterStateEnabled
-
-	// 默认端口
-	// TCP
-	{
-		var config = &serverconfigs.TCPProtocolConfig{}
-		config.IsOn = true
-		config.Listen = []*serverconfigs.NetworkAddressConfig{
-			{
-				Protocol:  serverconfigs.ProtocolTCP,
-				PortRange: "53",
-			},
-		}
-		configJSON, err := json.Marshal(config)
-		if err != nil {
-			return 0, err
-		}
-		op.Tcp = configJSON
-	}
-
-	// UDP
-	{
-		var config = &serverconfigs.UDPProtocolConfig{}
-		config.IsOn = true
-		config.Listen = []*serverconfigs.NetworkAddressConfig{
-			{
-				Protocol:  serverconfigs.ProtocolUDP,
-				PortRange: "53",
-			},
-		}
-		configJSON, err := json.Marshal(config)
-		if err != nil {
-			return 0, err
-		}
-		op.Udp = configJSON
-	}
-
-	return this.SaveInt64(tx, op)
-}
-
-// UpdateCluster 修改集群
-func (this *NSClusterDAO) UpdateCluster(tx *dbs.Tx, clusterId int64, name string, isOn bool) error {
-	if clusterId <= 0 {
-		return errors.New("invalid clusterId")
-	}
-	var op = NewNSClusterOperator()
-	op.Id = clusterId
-	op.Name = name
-	op.IsOn = isOn
-	return this.Save(tx, op)
-}
-
 // CountAllEnabledClusters 计算可用集群数量
 func (this *NSClusterDAO) CountAllEnabledClusters(tx *dbs.Tx) (int64, error) {
 	return this.Query(tx).
@@ -189,23 +123,6 @@ func (this *NSClusterDAO) FindAllEnabledClusterIds(tx *dbs.Tx) ([]int64, error)
 	return result, nil
 }

-// UpdateClusterAccessLog 设置访问日志
-func (this *NSClusterDAO) UpdateClusterAccessLog(tx *dbs.Tx, clusterId int64, accessLogJSON []byte) error {
-	return this.Query(tx).
-		Pk(clusterId).
-		Set("accessLog", accessLogJSON).
-		UpdateQuickly()
-}
-
-// FindClusterAccessLog 读取访问日志配置
-func (this *NSClusterDAO) FindClusterAccessLog(tx *dbs.Tx, clusterId int64) ([]byte, error) {
-	accessLog, err := this.Query(tx).
-		Pk(clusterId).
-		Result("accessLog").
-		FindStringCol("")
-	return []byte(accessLog), err
-}
-
 // FindClusterGrantId 查找集群的认证ID
 func (this *NSClusterDAO) FindClusterGrantId(tx *dbs.Tx, clusterId int64) (int64, error) {
 	return this.Query(tx).
@@ -214,102 +131,6 @@ func (this *NSClusterDAO) FindClusterGrantId(tx *dbs.Tx, clusterId int64) (int64
 		FindInt64Col(0)
 }

-// UpdateRecursion 设置递归DNS
-func (this *NSClusterDAO) UpdateRecursion(tx *dbs.Tx, clusterId int64, recursionJSON []byte) error {
-	err := this.Query(tx).
-		Pk(clusterId).
-		Set("recursion", recursionJSON).
-		UpdateQuickly()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, clusterId)
-}
-
-// FindClusterRecursion 读取递归DNS配置
-func (this *NSClusterDAO) FindClusterRecursion(tx *dbs.Tx, clusterId int64) ([]byte, error) {
-	recursion, err := this.Query(tx).
-		Result("recursion").
-		Pk(clusterId).
-		FindStringCol("")
-	if err != nil {
-		return nil, err
-	}
-	return []byte(recursion), nil
-}
-
-// FindClusterTCP 查找集群的TCP设置
-func (this *NSClusterDAO) FindClusterTCP(tx *dbs.Tx, clusterId int64) ([]byte, error) {
-	return this.Query(tx).
-		Pk(clusterId).
-		Result("tcp").
-		FindBytesCol()
-}
-
-// UpdateClusterTCP 修改集群的TCP设置
-func (this *NSClusterDAO) UpdateClusterTCP(tx *dbs.Tx, clusterId int64, tcpConfig *serverconfigs.TCPProtocolConfig) error {
-	tcpJSON, err := json.Marshal(tcpConfig)
-	if err != nil {
-		return err
-	}
-	err = this.Query(tx).
-		Pk(clusterId).
-		Set("tcp", tcpJSON).
-		UpdateQuickly()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, clusterId)
-}
-
-// FindClusterTLS 查找集群的TLS设置
-func (this *NSClusterDAO) FindClusterTLS(tx *dbs.Tx, clusterId int64) ([]byte, error) {
-	return this.Query(tx).
-		Pk(clusterId).
-		Result("tls").
-		FindBytesCol()
-}
-
-// UpdateClusterTLS 修改集群的TLS设置
-func (this *NSClusterDAO) UpdateClusterTLS(tx *dbs.Tx, clusterId int64, tlsConfig *serverconfigs.TLSProtocolConfig) error {
-	tlsJSON, err := json.Marshal(tlsConfig)
-	if err != nil {
-		return err
-	}
-	err = this.Query(tx).
-		Pk(clusterId).
-		Set("tls", tlsJSON).
-		UpdateQuickly()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, clusterId)
-}
-
-// FindClusterUDP 查找集群的TCP设置
-func (this *NSClusterDAO) FindClusterUDP(tx *dbs.Tx, clusterId int64) ([]byte, error) {
-	return this.Query(tx).
-		Pk(clusterId).
-		Result("udp").
-		FindBytesCol()
-}
-
-// UpdateClusterUDP 修改集群的UDP设置
-func (this *NSClusterDAO) UpdateClusterUDP(tx *dbs.Tx, clusterId int64, udpConfig *serverconfigs.UDPProtocolConfig) error {
-	udpJSON, err := json.Marshal(udpConfig)
-	if err != nil {
-		return err
-	}
-	err = this.Query(tx).
-		Pk(clusterId).
-		Set("udp", udpJSON).
-		UpdateQuickly()
-	if err != nil {
-		return err
-	}
-	return this.NotifyUpdate(tx, clusterId)
-}
-
 // CountAllClustersWithSSLPolicyIds 计算使用SSL策略的所有NS集群数量
 func (this *NSClusterDAO) CountAllClustersWithSSLPolicyIds(tx *dbs.Tx, sslPolicyIds []int64) (count int64, err error) {
 	if len(sslPolicyIds) == 0 {
@@ -326,45 +147,6 @@ func (this *NSClusterDAO) CountAllClustersWithSSLPolicyIds(tx *dbs.Tx, sslPolicy
 		Count()
 }

-// FindClusterDDoSProtection 获取集群的DDoS设置
-func (this *NSClusterDAO) FindClusterDDoSProtection(tx *dbs.Tx, clusterId int64) (*ddosconfigs.ProtectionConfig, error) {
-	one, err := this.Query(tx).
-		Result("ddosProtection").
-		Pk(clusterId).
-		Find()
-	if one == nil || err != nil {
-		return nil, err
-	}
-
-	return one.(*NSCluster).DecodeDDoSProtection(), nil
-}
-
-// UpdateClusterDDoSProtection 设置集群的DDoS设置
-func (this *NSClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
-	if clusterId <= 0 {
-		return ErrNotFound
-	}
-
-	var op = NewNSClusterOperator()
-	op.Id = clusterId
-
-	if ddosProtection == nil {
-		op.DdosProtection = "{}"
-	} else {
-		ddosProtectionJSON, err := json.Marshal(ddosProtection)
-		if err != nil {
-			return err
-		}
-		op.DdosProtection = ddosProtectionJSON
-	}
-
-	err := this.Save(tx, op)
-	if err != nil {
-		return err
-	}
-	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeDDosProtectionChanged)
-}
-
 // NotifyUpdate 通知更改
 func (this *NSClusterDAO) NotifyUpdate(tx *dbs.Tx, clusterId int64) error {
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeConfigChanged)
--- a/internal/db/models/ns_cluster_model.go
+++ b/internal/db/models/ns_cluster_model.go
@@ -4,33 +4,47 @@ import "github.com/iwind/TeaGo/dbs"

 // NSCluster 域名服务器集群
 type NSCluster struct {
-	Id             uint32   `field:"id"`             // ID
-	IsOn           bool     `field:"isOn"`           // 是否启用
-	Name           string   `field:"name"`           // 集群名
-	InstallDir     string   `field:"installDir"`     // 安装目录
-	State          uint8    `field:"state"`          // 状态
-	AccessLog      dbs.JSON `field:"accessLog"`      // 访问日志配置
-	GrantId        uint32   `field:"grantId"`        // 授权ID
-	Recursion      dbs.JSON `field:"recursion"`      // 递归DNS设置
-	Tcp            dbs.JSON `field:"tcp"`            // TCP设置
-	Tls            dbs.JSON `field:"tls"`            // TLS设置
-	Udp            dbs.JSON `field:"udp"`            // UDP设置
-	DdosProtection dbs.JSON `field:"ddosProtection"` // DDoS防护设置
+	Id              uint32   `field:"id"`              // ID
+	IsOn            bool     `field:"isOn"`            // 是否启用
+	Name            string   `field:"name"`            // 集群名
+	InstallDir      string   `field:"installDir"`      // 安装目录
+	State           uint8    `field:"state"`           // 状态
+	AccessLog       dbs.JSON `field:"accessLog"`       // 访问日志配置
+	GrantId         uint32   `field:"grantId"`         // 授权ID
+	Recursion       dbs.JSON `field:"recursion"`       // 递归DNS设置
+	Tcp             dbs.JSON `field:"tcp"`             // TCP设置
+	Tls             dbs.JSON `field:"tls"`             // TLS设置
+	Udp             dbs.JSON `field:"udp"`             // UDP设置
+	DdosProtection  dbs.JSON `field:"ddosProtection"`  // DDoS防护设置
+	Hosts           dbs.JSON `field:"hosts"`           // DNS主机地址
+	Soa             dbs.JSON `field:"soa"`             // SOA配置
+	AutoRemoteStart bool     `field:"autoRemoteStart"` // 自动远程启动
+	TimeZone        string   `field:"timeZone"`        // 时区
+	Answer          dbs.JSON `field:"answer"`          // 应答设置
+	SoaSerial       uint64   `field:"soaSerial"`       // SOA序列号
+	Email           string   `field:"email"`           // 管理员邮箱
 }

 type NSClusterOperator struct {
-	Id             any // ID
-	IsOn           any // 是否启用
-	Name           any // 集群名
-	InstallDir     any // 安装目录
-	State          any // 状态
-	AccessLog      any // 访问日志配置
-	GrantId        any // 授权ID
-	Recursion      any // 递归DNS设置
-	Tcp            any // TCP设置
-	Tls            any // TLS设置
-	Udp            any // UDP设置
-	DdosProtection any // DDoS防护设置
+	Id              any // ID
+	IsOn            any // 是否启用
+	Name            any // 集群名
+	InstallDir      any // 安装目录
+	State           any // 状态
+	AccessLog       any // 访问日志配置
+	GrantId         any // 授权ID
+	Recursion       any // 递归DNS设置
+	Tcp             any // TCP设置
+	Tls             any // TLS设置
+	Udp             any // UDP设置
+	DdosProtection  any // DDoS防护设置
+	Hosts           any // DNS主机地址
+	Soa             any // SOA配置
+	AutoRemoteStart any // 自动远程启动
+	TimeZone        any // 时区
+	Answer          any // 应答设置
+	SoaSerial       any // SOA序列号
+	Email           any // 管理员邮箱
 }

 func NewNSClusterOperator() *NSClusterOperator {
--- a/internal/db/models/ns_cluster_model_ext.go
+++ b/internal/db/models/ns_cluster_model_ext.go
@@ -2,6 +2,7 @@ package models

 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 )

@@ -14,7 +15,7 @@ func (this *NSCluster) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig {
 	var result = &ddosconfigs.ProtectionConfig{}
 	err := json.Unmarshal(this.DdosProtection, &result)
 	if err != nil {
-		// ignore err
+		remotelogs.Error("NSCluster.DecodeDDoSProtection", "decode failed: "+err.Error())
 	}
 	return result
 }
@@ -26,4 +27,4 @@ func (this *NSCluster) HasDDoSProtection() bool {
 		return config.IsOn()
 	}
 	return false
-}
+}
--- a/internal/db/models/ns_node_dao.go
+++ b/internal/db/models/ns_node_dao.go
@@ -1,22 +1,15 @@
+//go:build !plus
+
 package models

 import (
 	"encoding/json"
-	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/rands"
-	"github.com/iwind/TeaGo/types"
-	"time"
 )

 const (
@@ -95,110 +88,6 @@ func (this *NSNodeDAO) FindEnabledNSNodeName(tx *dbs.Tx, nodeId int64) (string,
 		FindStringCol("")
 }

-// FindAllEnabledNodesWithClusterId 查找一个集群下的所有节点
-func (this *NSNodeDAO) FindAllEnabledNodesWithClusterId(tx *dbs.Tx, clusterId int64) (result []*NSNode, err error) {
-	_, err = this.Query(tx).
-		Attr("clusterId", clusterId).
-		State(NSNodeStateEnabled).
-		DescPk().
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// CountAllEnabledNodes 所有集群的可用的节点数量
-func (this *NSNodeDAO) CountAllEnabledNodes(tx *dbs.Tx) (int64, error) {
-	return this.Query(tx).
-		State(NSNodeStateEnabled).
-		Where("clusterId IN (SELECT id FROM " + SharedNSClusterDAO.Table + " WHERE state=1)").
-		Count()
-}
-
-// CountAllOfflineNodes 计算离线节点数量
-func (this *NSNodeDAO) CountAllOfflineNodes(tx *dbs.Tx) (int64, error) {
-	return this.Query(tx).
-		State(NSNodeStateEnabled).
-		Where("(status IS NULL OR JSON_EXTRACT(status, '$.updatedAt')<UNIX_TIMESTAMP()-120)").
-		Where("clusterId IN (SELECT id FROM " + SharedNSClusterDAO.Table + " WHERE state=1)").
-		Count()
-}
-
-// CountAllEnabledNodesMatch 计算满足条件的节点数量
-func (this *NSNodeDAO) CountAllEnabledNodesMatch(tx *dbs.Tx, clusterId int64, installState configutils.BoolState, activeState configutils.BoolState, keyword string) (int64, error) {
-	query := this.Query(tx)
-	if clusterId > 0 {
-		query.Attr("clusterId", clusterId)
-	}
-	// 安装状态
-	switch installState {
-	case configutils.BoolStateAll:
-		// 所有
-	case configutils.BoolStateYes:
-		query.Attr("isInstalled", 1)
-	case configutils.BoolStateNo:
-		query.Attr("isInstalled", 0)
-	}
-
-	// 在线状态
-	switch activeState {
-	case configutils.BoolStateAll:
-		// 所有
-	case configutils.BoolStateYes:
-		query.Where("(isActive=1 AND JSON_EXTRACT(status, '$.isActive') AND UNIX_TIMESTAMP()-JSON_EXTRACT(status, '$.updatedAt')<=60)")
-	case configutils.BoolStateNo:
-		query.Where("(isActive=0 OR status IS NULL OR NOT JSON_EXTRACT(status, '$.isActive') OR UNIX_TIMESTAMP()-JSON_EXTRACT(status, '$.updatedAt')>60)")
-	}
-	if len(keyword) > 0 {
-		query.Where("(name LIKE :keyword)").
-			Param("keyword", dbutils.QuoteLike(keyword))
-	}
-
-	return query.
-		State(NSNodeStateEnabled).
-		Count()
-}
-
-// ListAllEnabledNodesMatch 列出单页匹配的节点
-func (this *NSNodeDAO) ListAllEnabledNodesMatch(tx *dbs.Tx, clusterId int64, installState configutils.BoolState, activeState configutils.BoolState, keyword string, offset int64, size int64) (result []*NSNode, err error) {
-	query := this.Query(tx)
-
-	// 安装状态
-	switch installState {
-	case configutils.BoolStateAll:
-		// 所有
-	case configutils.BoolStateYes:
-		query.Attr("isInstalled", 1)
-	case configutils.BoolStateNo:
-		query.Attr("isInstalled", 0)
-	}
-
-	// 在线状态
-	switch activeState {
-	case configutils.BoolStateAll:
-		// 所有
-	case configutils.BoolStateYes:
-		query.Where("(isActive=1 AND JSON_EXTRACT(status, '$.isActive') AND UNIX_TIMESTAMP()-JSON_EXTRACT(status, '$.updatedAt')<=60)")
-	case configutils.BoolStateNo:
-		query.Where("(isActive=0 OR status IS NULL OR NOT JSON_EXTRACT(status, '$.isActive') OR UNIX_TIMESTAMP()-JSON_EXTRACT(status, '$.updatedAt')>60)")
-	}
-
-	if clusterId > 0 {
-		query.Attr("clusterId", clusterId)
-	}
-	if len(keyword) > 0 {
-		query.Where("(name LIKE :keyword)").
-			Param("keyword", dbutils.QuoteLike(keyword))
-	}
-	_, err = query.
-		State(NSNodeStateEnabled).
-		Offset(offset).
-		Limit(size).
-		Slice(&result).
-		DescPk().
-		FindAll()
-	return
-}
-
 // CountAllLowerVersionNodesWithClusterId 计算单个集群中所有低于某个版本的节点数量
 func (this *NSNodeDAO) CountAllLowerVersionNodesWithClusterId(tx *dbs.Tx, clusterId int64, os string, arch string, version string) (int64, error) {
 	return this.Query(tx).
@@ -214,73 +103,6 @@ func (this *NSNodeDAO) CountAllLowerVersionNodesWithClusterId(tx *dbs.Tx, cluste
 		Count()
 }

-// CreateNode 创建节点
-func (this *NSNodeDAO) CreateNode(tx *dbs.Tx, adminId int64, name string, clusterId int64) (nodeId int64, err error) {
-	uniqueId, err := this.GenUniqueId(tx)
-	if err != nil {
-		return 0, err
-	}
-
-	secret := rands.String(32)
-
-	// 保存API Token
-	err = SharedApiTokenDAO.CreateAPIToken(tx, uniqueId, secret, nodeconfigs.NodeRoleDNS)
-	if err != nil {
-		return
-	}
-
-	var op = NewNSNodeOperator()
-	op.AdminId = adminId
-	op.Name = name
-	op.UniqueId = uniqueId
-	op.Secret = secret
-	op.ClusterId = clusterId
-	op.IsOn = 1
-	op.State = NSNodeStateEnabled
-	err = this.Save(tx, op)
-	if err != nil {
-		return 0, err
-	}
-
-	// 通知节点更新
-	nodeId = types.Int64(op.Id)
-	err = this.NotifyUpdate(tx, nodeId)
-	if err != nil {
-		return 0, err
-	}
-
-	// 通知DNS更新
-	err = this.NotifyDNSUpdate(tx, nodeId)
-	if err != nil {
-		return 0, err
-	}
-
-	return nodeId, nil
-}
-
-// UpdateNode 修改节点
-func (this *NSNodeDAO) UpdateNode(tx *dbs.Tx, nodeId int64, name string, clusterId int64, isOn bool) error {
-	if nodeId <= 0 {
-		return errors.New("invalid nodeId")
-	}
-	var op = NewNSNodeOperator()
-	op.Id = nodeId
-	op.Name = name
-	op.ClusterId = clusterId
-	op.IsOn = isOn
-	err := this.Save(tx, op)
-	if err != nil {
-		return err
-	}
-
-	err = this.NotifyUpdate(tx, nodeId)
-	if err != nil {
-		return err
-	}
-
-	return this.NotifyDNSUpdate(tx, nodeId)
-}
-
 // FindEnabledNodeIdWithUniqueId 根据唯一ID获取节点ID
 func (this *NSNodeDAO) FindEnabledNodeIdWithUniqueId(tx *dbs.Tx, uniqueId string) (int64, error) {
 	return this.Query(tx).
@@ -290,37 +112,6 @@ func (this *NSNodeDAO) FindEnabledNodeIdWithUniqueId(tx *dbs.Tx, uniqueId string
 		FindInt64Col(0)
 }

-// FindNodeInstallStatus 查询节点的安装状态
-func (this *NSNodeDAO) FindNodeInstallStatus(tx *dbs.Tx, nodeId int64) (*NodeInstallStatus, error) {
-	node, err := this.Query(tx).
-		Pk(nodeId).
-		Result("installStatus", "isInstalled").
-		Find()
-	if err != nil {
-		return nil, err
-	}
-	if node == nil {
-		return nil, errors.New("not found")
-	}
-
-	installStatus := node.(*NSNode).InstallStatus
-	isInstalled := node.(*NSNode).IsInstalled
-	if len(installStatus) == 0 {
-		return NewNodeInstallStatus(), nil
-	}
-
-	status := &NodeInstallStatus{}
-	err = json.Unmarshal(installStatus, status)
-	if err != nil {
-		return nil, err
-	}
-	if isInstalled {
-		status.IsFinished = true
-		status.IsOk = true
-	}
-	return status, nil
-}
-
 // GenUniqueId 生成唯一ID
 func (this *NSNodeDAO) GenUniqueId(tx *dbs.Tx) (string, error) {
 	for {
@@ -377,131 +168,6 @@ func (this *NSNodeDAO) CountAllLowerVersionNodes(tx *dbs.Tx, version string) (in
 		Count()
 }

-// ComposeNodeConfig 组合节点配置
-func (this *NSNodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*dnsconfigs.NSNodeConfig, error) {
-	if nodeId <= 0 {
-		return nil, nil
-	}
-	node, err := this.FindEnabledNSNode(tx, nodeId)
-	if err != nil {
-		return nil, err
-	}
-	if node == nil {
-		return nil, nil
-	}
-
-	cluster, err := SharedNSClusterDAO.FindEnabledNSCluster(tx, int64(node.ClusterId))
-	if err != nil {
-		return nil, err
-	}
-	if cluster == nil {
-		return nil, nil
-	}
-
-	var config = &dnsconfigs.NSNodeConfig{
-		Id:        int64(node.Id),
-		NodeId:    node.UniqueId,
-		Secret:    node.Secret,
-		ClusterId: int64(node.ClusterId),
-	}
-
-	// 访问日志
-	// 全局配置
-	{
-		globalValue, err := SharedSysSettingDAO.ReadSetting(tx, systemconfigs.SettingCodeNSAccessLogSetting)
-		if err != nil {
-			return nil, err
-		}
-		if len(globalValue) > 0 {
-			var ref = &dnsconfigs.NSAccessLogRef{}
-			err = json.Unmarshal(globalValue, ref)
-			if err != nil {
-				return nil, err
-			}
-			config.AccessLogRef = ref
-		}
-
-		// 集群配置
-		if len(cluster.AccessLog) > 0 {
-			ref := &dnsconfigs.NSAccessLogRef{}
-			err = json.Unmarshal(cluster.AccessLog, ref)
-			if err != nil {
-				return nil, err
-			}
-			if ref.IsPrior {
-				config.AccessLogRef = ref
-			}
-		}
-	}
-
-	// 递归DNS配置
-	if IsNotNull(cluster.Recursion) {
-		var recursionConfig = &dnsconfigs.RecursionConfig{}
-		err = json.Unmarshal(cluster.Recursion, recursionConfig)
-		if err != nil {
-			return nil, err
-		}
-		config.RecursionConfig = recursionConfig
-	}
-
-	// TCP
-	if IsNotNull(cluster.Tcp) {
-		var tcpConfig = &serverconfigs.TCPProtocolConfig{}
-		err = json.Unmarshal(cluster.Tcp, tcpConfig)
-		if err != nil {
-			return nil, err
-		}
-		config.TCP = tcpConfig
-	}
-
-	// TLS
-	if IsNotNull(cluster.Tls) {
-		var tlsConfig = &serverconfigs.TLSProtocolConfig{}
-		err = json.Unmarshal(cluster.Tls, tlsConfig)
-		if err != nil {
-			return nil, err
-		}
-
-		// SSL
-		if tlsConfig.SSLPolicyRef != nil {
-			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, tlsConfig.SSLPolicyRef.SSLPolicyId, nil)
-			if err != nil {
-				return nil, err
-			}
-			if sslPolicyConfig != nil {
-				tlsConfig.SSLPolicy = sslPolicyConfig
-			}
-		}
-
-		config.TLS = tlsConfig
-	}
-
-	// UDP
-	if IsNotNull(cluster.Udp) {
-		var udpConfig = &serverconfigs.UDPProtocolConfig{}
-		err = json.Unmarshal(cluster.Udp, udpConfig)
-		if err != nil {
-			return nil, err
-		}
-		config.UDP = udpConfig
-	}
-
-	// DDoS
-	config.DDoSProtection = cluster.DecodeDDoSProtection()
-
-	// DDoS Protection
-	var ddosProtection = node.DecodeDDoSProtection()
-	if ddosProtection != nil {
-		if config.DDoSProtection == nil {
-			config.DDoSProtection = ddosProtection
-		} else {
-			config.DDoSProtection.Merge(ddosProtection)
-		}
-	}
-
-	return config, nil
-}
-
 // FindNodeClusterId 获取节点的集群ID
 func (this *NSNodeDAO) FindNodeClusterId(tx *dbs.Tx, nodeId int64) (int64, error) {
 	return this.Query(tx).
@@ -510,197 +176,6 @@ func (this *NSNodeDAO) FindNodeClusterId(tx *dbs.Tx, nodeId int64) (int64, error
 		FindInt64Col(0)
 }

-// FindNodeActive 检查节点活跃状态
-func (this *NSNodeDAO) FindNodeActive(tx *dbs.Tx, nodeId int64) (bool, error) {
-	isActive, err := this.Query(tx).
-		Pk(nodeId).
-		Result("isActive").
-		FindIntCol(0)
-	if err != nil {
-		return false, err
-	}
-	return isActive == 1, nil
-}
-
-// UpdateNodeActive 修改节点活跃状态
-func (this *NSNodeDAO) UpdateNodeActive(tx *dbs.Tx, nodeId int64, isActive bool) error {
-	if nodeId <= 0 {
-		return errors.New("invalid nodeId")
-	}
-	_, err := this.Query(tx).
-		Pk(nodeId).
-		Set("isActive", isActive).
-		Set("statusIsNotified", false).
-		Set("inactiveNotifiedAt", 0).
-		Update()
-	return err
-}
-
-// UpdateNodeConnectedAPINodes 修改当前连接的API节点
-func (this *NSNodeDAO) UpdateNodeConnectedAPINodes(tx *dbs.Tx, nodeId int64, apiNodeIds []int64) error {
-	if nodeId <= 0 {
-		return errors.New("invalid nodeId")
-	}
-
-	var op = NewNSNodeOperator()
-	op.Id = nodeId
-
-	if len(apiNodeIds) > 0 {
-		apiNodeIdsJSON, err := json.Marshal(apiNodeIds)
-		if err != nil {
-			return errors.Wrap(err)
-		}
-		op.ConnectedAPINodes = apiNodeIdsJSON
-	} else {
-		op.ConnectedAPINodes = "[]"
-	}
-	err := this.Save(tx, op)
-	return err
-}
-
-// FindAllNotifyingInactiveNodesWithClusterId 取得某个集群所有等待通知离线离线的节点
-func (this *NSNodeDAO) FindAllNotifyingInactiveNodesWithClusterId(tx *dbs.Tx, clusterId int64) (result []*NSNode, err error) {
-	_, err = this.Query(tx).
-		State(NSNodeStateEnabled).
-		Attr("clusterId", clusterId).
-		Attr("isOn", true).        // 只监控启用的节点
-		Attr("isInstalled", true). // 只监控已经安装的节点
-		Attr("isActive", false).   // 当前已经离线的
-		Attr("statusIsNotified", false).
-		Result("id", "name").
-		Slice(&result).
-		FindAll()
-	return
-}
-
-// UpdateNodeStatusIsNotified 设置状态已经通知
-func (this *NSNodeDAO) UpdateNodeStatusIsNotified(tx *dbs.Tx, nodeId int64) error {
-	return this.Query(tx).
-		Pk(nodeId).
-		Set("statusIsNotified", true).
-		Set("inactiveNotifiedAt", time.Now().Unix()).
-		UpdateQuickly()
-}
-
-// FindNodeInactiveNotifiedAt 读取上次的节点离线通知时间
-func (this *NSNodeDAO) FindNodeInactiveNotifiedAt(tx *dbs.Tx, nodeId int64) (int64, error) {
-	return this.Query(tx).
-		Pk(nodeId).
-		Result("inactiveNotifiedAt").
-		FindInt64Col(0)
-}
-
-// FindAllNodeIdsMatch 匹配节点并返回节点ID
-func (this *NSNodeDAO) FindAllNodeIdsMatch(tx *dbs.Tx, clusterId int64, includeSecondaryNodes bool, isOn configutils.BoolState) (result []int64, err error) {
-	query := this.Query(tx)
-	query.State(NSNodeStateEnabled)
-	if clusterId > 0 {
-		query.Attr("clusterId", clusterId)
-	}
-	if isOn == configutils.BoolStateYes {
-		query.Attr("isOn", true)
-	} else if isOn == configutils.BoolStateNo {
-		query.Attr("isOn", false)
-	}
-	query.Result("id")
-	ones, _, err := query.FindOnes()
-	if err != nil {
-		return nil, err
-	}
-	for _, one := range ones {
-		result = append(result, one.GetInt64("id"))
-	}
-	return
-}
-
-// UpdateNodeInstallStatus 修改节点的安装状态
-func (this *NSNodeDAO) UpdateNodeInstallStatus(tx *dbs.Tx, nodeId int64, status *NodeInstallStatus) error {
-	if status == nil {
-		_, err := this.Query(tx).
-			Pk(nodeId).
-			Set("installStatus", "null").
-			Update()
-		return err
-	}
-
-	data, err := json.Marshal(status)
-	if err != nil {
-		return err
-	}
-	_, err = this.Query(tx).
-		Pk(nodeId).
-		Set("installStatus", string(data)).
-		Update()
-	return err
-}
-
-// FindEnabledNodeIdsWithClusterId 查找集群下的所有节点
-func (this *NSNodeDAO) FindEnabledNodeIdsWithClusterId(tx *dbs.Tx, clusterId int64) ([]int64, error) {
-	if clusterId <= 0 {
-		return nil, nil
-	}
-	ones, err := this.Query(tx).
-		ResultPk().
-		Attr("clusterId", clusterId).
-		State(NSNodeStateEnabled).
-		FindAll()
-	if err != nil {
-		return nil, err
-	}
-	var result = []int64{}
-	for _, one := range ones {
-		result = append(result, int64(one.(*NSNode).Id))
-	}
-	return result, nil
-}
-
-// FindNodeDDoSProtection 获取节点的DDOS设置
-func (this *NSNodeDAO) FindNodeDDoSProtection(tx *dbs.Tx, nodeId int64) (*ddosconfigs.ProtectionConfig, error) {
-	one, err := this.Query(tx).
-		Result("ddosProtection").
-		Pk(nodeId).
-		Find()
-	if one == nil || err != nil {
-		return nil, err
-	}
-
-	return one.(*NSNode).DecodeDDoSProtection(), nil
-}
-
-// UpdateNodeDDoSProtection 设置集群的DDOS设置
-func (this *NSNodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
-	if nodeId <= 0 {
-		return ErrNotFound
-	}
-
-	var op = NewNSNodeOperator()
-	op.Id = nodeId
-
-	if ddosProtection == nil {
-		op.DdosProtection = "{}"
-	} else {
-		ddosProtectionJSON, err := json.Marshal(ddosProtection)
-		if err != nil {
-			return err
-		}
-		op.DdosProtection = ddosProtectionJSON
-	}
-
-	err := this.Save(tx, op)
-	if err != nil {
-		return err
-	}
-
-	clusterId, err := this.FindNodeClusterId(tx, nodeId)
-	if err != nil {
-		return err
-	}
-	if clusterId > 0 {
-		return SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleDNS, clusterId, nodeId, 0, NSNodeTaskTypeDDosProtectionChanged, 0)
-	}
-	return nil
-}
-
 // NotifyUpdate 通知更新
 func (this *NSNodeDAO) NotifyUpdate(tx *dbs.Tx, nodeId int64) error {
 	// TODO 先什么都不做
--- a/internal/db/models/ns_node_dao_test.go
+++ b/internal/db/models/ns_node_dao_test.go
@@ -1,6 +0,0 @@
-package models
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	_ "github.com/iwind/TeaGo/bootstrap"
-)
--- a/internal/db/models/report_node_dao.go
+++ b/internal/db/models/report_node_dao.go
@@ -320,6 +320,7 @@ func (this *ReportNodeDAO) FindNodeAllowIPs(tx *dbs.Tx, nodeId int64) ([]string,
 func (this *ReportNodeDAO) CountAllLowerVersionNodes(tx *dbs.Tx, version string) (int64, error) {
 	return this.Query(tx).
 		State(ReportNodeStateEnabled).
+		Attr("isOn", true).
 		Where("status IS NOT NULL").
 		Where("(JSON_EXTRACT(status, '$.buildVersionCode') IS NULL OR JSON_EXTRACT(status, '$.buildVersionCode')<:version)").
 		Param("version", utils.VersionToLong(version)).
--- a/internal/db/models/server_bandwidth_stat_dao.go
+++ b/internal/db/models/server_bandwidth_stat_dao.go
@@ -85,8 +85,8 @@ func (this *ServerBandwidthStatDAO) UpdateServerBandwidth(tx *dbs.Tx, userId int
 func (this *ServerBandwidthStatDAO) FindMinutelyPeekBandwidthBytes(tx *dbs.Tx, serverId int64, day string, minute string) (int64, error) {
 	return this.Query(tx).
 		Table(this.partialTable(serverId)).
-		Result("bytes").
 		Attr("serverId", serverId).
+		Result("bytes").
 		Attr("day", day).
 		Attr("timeAt", minute).
 		FindInt64Col(0)
@@ -102,8 +102,8 @@ func (this *ServerBandwidthStatDAO) FindHourlyBandwidthStats(tx *dbs.Tx, serverI

 	ones, _, err := this.Query(tx).
 		Table(this.partialTable(serverId)).
-		Result("MAX(bytes) AS bytes", "CONCAT(day, '.', SUBSTRING(timeAt, 1, 2)) AS fullTime").
 		Attr("serverId", serverId).
+		Result("MAX(bytes) AS bytes", "CONCAT(day, '.', SUBSTRING(timeAt, 1, 2)) AS fullTime").
 		Gte("CONCAT(day, '.', SUBSTRING(timeAt, 1, 2))", timeutil.FormatTime("Ymd.H", timestamp)).
 		Group("fullTime").
 		FindOnes()
@@ -150,6 +150,7 @@ func (this *ServerBandwidthStatDAO) FindHourlyBandwidthStats(tx *dbs.Tx, serverI
 func (this *ServerBandwidthStatDAO) FindDailyPeekBandwidthBytes(tx *dbs.Tx, serverId int64, day string) (int64, error) {
 	return this.Query(tx).
 		Table(this.partialTable(serverId)).
+		Attr("serverId", serverId).
 		Attr("day", day).
 		Result("MAX(bytes)").
 		FindInt64Col(0)
@@ -208,6 +209,7 @@ func (this *ServerBandwidthStatDAO) FindDailyBandwidthStats(tx *dbs.Tx, serverId
 func (this *ServerBandwidthStatDAO) FindMonthlyPeekBandwidthBytes(tx *dbs.Tx, serverId int64, month string) (int64, error) {
 	return this.Query(tx).
 		Table(this.partialTable(serverId)).
+		Attr("serverId", serverId).
 		Between("day", month+"01", month+"31").
 		Result("MAX(bytes)").
 		FindInt64Col(0)
@@ -264,8 +266,8 @@ func (this *ServerBandwidthStatDAO) FindMonthlyPercentile(tx *dbs.Tx, serverId i
 	if percentile >= 100 {
 		result, err = this.Query(tx).
 			Table(this.partialTable(serverId)).
-			Result("bytes").
 			Attr("serverId", serverId).
+			Result("bytes").
 			Between("day", month+"01", month+"31").
 			Desc("bytes").
 			Limit(1).
@@ -295,8 +297,8 @@ func (this *ServerBandwidthStatDAO) FindMonthlyPercentile(tx *dbs.Tx, serverId i
 	// 查询 nth 位置
 	result, err = this.Query(tx).
 		Table(this.partialTable(serverId)).
-		Result("bytes").
 		Attr("serverId", serverId).
+		Result("bytes").
 		Between("day", month+"01", month+"31").
 		Desc("bytes").
 		Offset(offset).
@@ -308,7 +310,7 @@ func (this *ServerBandwidthStatDAO) FindMonthlyPercentile(tx *dbs.Tx, serverId i

 // Clean 清理过期数据
 func (this *ServerBandwidthStatDAO) Clean(tx *dbs.Tx) error {
-	var day = timeutil.Format("Ymd", time.Now().AddDate(0, 0, -62)) // 保留大约2个月的数据
+	var day = timeutil.Format("Ymd", time.Now().AddDate(0, 0, -100)) // 保留大约3个月的数据
 	return this.runBatch(func(table string, locker *sync.Mutex) error {
 		_, err := this.Query(tx).
 			Table(table).
--- a/internal/db/models/server_daily_stat_dao.go
+++ b/internal/db/models/server_daily_stat_dao.go
@@ -437,6 +437,31 @@ func (this *ServerDailyStatDAO) FindDailyStats(tx *dbs.Tx, serverId int64, dayFr
 	return
 }

+// FindStatsWithDay 按天查找5分钟级统计
+// day YYYYMMDD
+func (this *ServerDailyStatDAO) FindStatsWithDay(tx *dbs.Tx, serverId int64, day string, timeFrom string, timeTo string) (result []*ServerDailyStat, err error) {
+	if !regexp.MustCompile(`^\d{8}$`).MatchString(day) {
+		return
+	}
+
+	var query = this.Query(tx).
+		Attr("serverId", serverId).
+		Attr("day", day).
+		DescPk()
+
+	if len(timeFrom) > 0 {
+		query.Gte("timeFrom", timeFrom)
+	}
+	if len(timeTo) > 0 {
+		query.Lte("timeTo", timeTo)
+	}
+
+	_, err = query.
+		Slice(&result).
+		FindAll()
+	return
+}
+
 // FindMonthlyStatsWithPlan 查找某月有套餐的流量
 // month YYYYMM
 func (this *ServerDailyStatDAO) FindMonthlyStatsWithPlan(tx *dbs.Tx, month string) (result []*ServerDailyStat, err error) {
--- a/internal/db/models/server_dao.go
+++ b/internal/db/models/server_dao.go
@@ -862,20 +862,21 @@ func (this *ServerDAO) ListEnabledServersMatch(tx *dbs.Tx, offset int64, size in
 	}

 	// 排序
-	var timestamp = time.Now().Unix() / 300 * 300
-	var currentTime = timeutil.FormatTime("YmdHi", timestamp)
-	var prevTime = timeutil.FormatTime("YmdHi", timestamp-300)
+	var timestamp = (time.Now().Unix()) / 300 * 300
+	var times = []string{
+		timeutil.FormatTime("YmdHi", timestamp),
+		timeutil.FormatTime("YmdHi", timestamp-300),
+		timeutil.FormatTime("YmdHi", timestamp-300*2),
+	}

 	switch order {
 	case "trafficOutAsc":
-		query.Asc("IF(IF(bandwidthTime=:currentTime, bandwidthBytes, 0) > 0, IF(bandwidthTime=:currentTime, bandwidthBytes, 0), IF(bandwidthTime=:prevTime, bandwidthBytes, 0))")
-		query.Param("currentTime", currentTime)
-		query.Param("prevTime", prevTime)
+		query.Asc("IF(FIND_IN_SET(bandwidthTime, :times), bandwidthBytes, 0)")
+		query.Param("times", strings.Join(times, ","))
 		query.DescPk()
 	case "trafficOutDesc":
-		query.Desc("IF(IF(bandwidthTime=:currentTime, bandwidthBytes, 0) > 0, IF(bandwidthTime=:currentTime, bandwidthBytes, 0), IF(bandwidthTime=:prevTime, bandwidthBytes, 0))")
-		query.Param("currentTime", currentTime)
-		query.Param("prevTime", prevTime)
+		query.Desc("IF(FIND_IN_SET(bandwidthTime, :times), bandwidthBytes, 0)")
+		query.Param("times", strings.Join(times, ","))
 		query.DescPk()
 	default:
 		query.DescPk()
@@ -885,7 +886,7 @@ func (this *ServerDAO) ListEnabledServersMatch(tx *dbs.Tx, offset int64, size in

 	// 修正带宽统计数据
 	for _, server := range result {
-		if len(server.BandwidthTime) > 0 && server.BandwidthBytes > 0 && server.BandwidthTime < prevTime {
+		if len(server.BandwidthTime) > 0 && !lists.ContainsString(times, server.BandwidthTime) {
 			server.BandwidthBytes = 0
 		}
 	}
@@ -1080,7 +1081,7 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server, cacheMap
 			if domain != nil {
 				var cname = server.DnsName + "." + domain.Name
 				config.CNameDomain = cname
-				if clusterDNSConfig.CNameAsDomain {
+				if clusterDNSConfig.CNAMEAsDomain {
 					config.CNameAsDomain = true
 					config.AliasServerNames = append(config.AliasServerNames, cname)
 				}
@@ -1879,8 +1880,8 @@ func (this *ServerDAO) CheckPortIsUsing(tx *dbs.Tx, clusterId int64, protocolFam
 }

 // ExistServerNameInCluster 检查ServerName是否已存在
-func (this *ServerDAO) ExistServerNameInCluster(tx *dbs.Tx, clusterId int64, serverName string, excludeServerId int64) (bool, error) {
-	query := this.Query(tx).
+func (this *ServerDAO) ExistServerNameInCluster(tx *dbs.Tx, clusterId int64, serverName string, excludeServerId int64, supportWildcard bool) (bool, error) {
+	var query = this.Query(tx).
 		Attr("clusterId", clusterId).
 		Where("(JSON_CONTAINS(serverNames, :jsonQuery1) OR JSON_CONTAINS(serverNames, :jsonQuery2))").
 		Param("jsonQuery1", maps.Map{"name": serverName}.AsJSON()).
@@ -1889,7 +1890,38 @@ func (this *ServerDAO) ExistServerNameInCluster(tx *dbs.Tx, clusterId int64, ser
 		query.Neq("id", excludeServerId)
 	}
 	query.State(ServerStateEnabled)
-	return query.Exist()
+	exists, err := query.Exist()
+	if err != nil || exists {
+		return exists, err
+	}
+
+	if supportWildcard {
+		var countPieces = strings.Count(serverName, ".")
+		for {
+			var index = strings.Index(serverName, ".")
+			if index > 0 {
+				serverName = serverName[index+1:]
+				var search = strings.Repeat("*.", countPieces-strings.Count(serverName, ".")) + serverName
+				var query = this.Query(tx).
+					Attr("clusterId", clusterId).
+					Where("(JSON_CONTAINS(serverNames, :jsonQuery1) OR JSON_CONTAINS(serverNames, :jsonQuery2))").
+					Param("jsonQuery1", maps.Map{"name": search}.AsJSON()).
+					Param("jsonQuery2", maps.Map{"subNames": search}.AsJSON())
+				if excludeServerId > 0 {
+					query.Neq("id", excludeServerId)
+				}
+				query.State(ServerStateEnabled)
+				exists, err = query.Exist()
+				if err != nil || exists {
+					return exists, err
+				}
+			} else {
+				break
+			}
+		}
+	}
+
+	return false, nil
 }

 // GenDNSName 生成DNS Name
--- a/internal/db/models/server_dao_test.go
+++ b/internal/db/models/server_dao_test.go
@@ -141,7 +141,7 @@ func TestServerDAO_ExistServerNameInCluster(t *testing.T) {

 	var tx *dbs.Tx
 	{
-		exist, err := models.SharedServerDAO.ExistServerNameInCluster(tx, 18, "hello.teaos.cn", 0)
+		exist, err := models.SharedServerDAO.ExistServerNameInCluster(tx, 18, "hello.teaos.cn", 0, true)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -149,7 +149,7 @@ func TestServerDAO_ExistServerNameInCluster(t *testing.T) {
 	}

 	{
-		exist, err := models.SharedServerDAO.ExistServerNameInCluster(tx, 18, "cdn.teaos.cn", 0)
+		exist, err := models.SharedServerDAO.ExistServerNameInCluster(tx, 18, "cdn.teaos.cn", 0, true)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -157,7 +157,7 @@ func TestServerDAO_ExistServerNameInCluster(t *testing.T) {
 	}

 	{
-		exist, err := models.SharedServerDAO.ExistServerNameInCluster(tx, 18, "cdn.teaos.cn", 23)
+		exist, err := models.SharedServerDAO.ExistServerNameInCluster(tx, 18, "cdn.teaos.cn", 23, true)
 		if err != nil {
 			t.Fatal(err)
 		}
--- a/internal/db/models/ssl_cert_dao.go
+++ b/internal/db/models/ssl_cert_dao.go
@@ -149,7 +149,7 @@ func (this *SSLCertDAO) UpdateCert(tx *dbs.Tx,
 		return nil
 	}
 	var oldCert = oldOne.(*SSLCert)
-	var dataIsChanged = bytes.Compare(certData, oldCert.CertData) != 0 || bytes.Compare(keyData, oldCert.KeyData) != 0
+	var dataIsChanged = !bytes.Equal(certData, oldCert.CertData) || !bytes.Equal(keyData, oldCert.KeyData)

 	var op = NewSSLCertOperator()
 	op.Id = certId
--- a/internal/db/models/sys_setting_dao.go
+++ b/internal/db/models/sys_setting_dao.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/zero"
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/userconfigs"
@@ -13,6 +14,7 @@ import (
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/types"
+	"time"
 )

 type SysSettingDAO dbs.DAO
@@ -211,6 +213,18 @@ func (this *SysSettingDAO) NotifyUpdate(tx *dbs.Tx, code string) error {
 	switch code {
 	case systemconfigs.SettingCodeAccessLogQueue:
 		accessLogQueueChanged <- zero.New()
+	case systemconfigs.SettingCodeAdminUIConfig:
+		// 修改当前时区
+		config, err := this.ReadAdminUIConfig(nil, nil)
+		if err == nil && config != nil {
+			if len(config.TimeZone) == 0 {
+				config.TimeZone = nodeconfigs.DefaultTimeZoneLocation
+			}
+			location, err := time.LoadLocation(config.TimeZone)
+			if err == nil && time.Local != location {
+				time.Local = location
+			}
+		}
 	}
 	return nil
 }
--- a/internal/db/models/user_bandwidth_stat_dao.go
+++ b/internal/db/models/user_bandwidth_stat_dao.go
@@ -106,7 +106,7 @@ func (this *UserBandwidthStatDAO) FindUserPeekBandwidthInDay(tx *dbs.Tx, userId

 // Clean 清理过期数据
 func (this *UserBandwidthStatDAO) Clean(tx *dbs.Tx) error {
-	var day = timeutil.Format("Ymd", time.Now().AddDate(0, 0, -62)) // 保留大约2个月的数据
+	var day = timeutil.Format("Ymd", time.Now().AddDate(0, 0, -100)) // 保留大约3个月的数据
 	return this.runBatch(func(table string, locker *sync.Mutex) error {
 		_, err := this.Query(tx).
 			Table(table).
--- a/internal/db/models/user_dao_test.go
+++ b/internal/db/models/user_dao_test.go
@@ -12,7 +12,6 @@ func TestUserDAO_UpdateUserFeatures(t *testing.T) {
 	var dao = NewUserDAO()
 	var tx *dbs.Tx
 	err := dao.UpdateUsersFeatures(tx, []string{
-		userconfigs.UserFeatureCodeFinance,
 		userconfigs.UserFeatureCodeServerACME,
 	}, false)
 	if err != nil {
--- a/internal/db/models/user_model.go
+++ b/internal/db/models/user_model.go
@@ -27,32 +27,34 @@ type User struct {
 	RejectReason    string   `field:"rejectReason"`    // 拒绝理由
 	IsVerified      bool     `field:"isVerified"`      // 是否验证通过
 	RequirePlans    uint8    `field:"requirePlans"`    // 是否需要购买套餐
+	Modules         dbs.JSON `field:"modules"`         // 用户模块
 }

 type UserOperator struct {
-	Id              interface{} // ID
-	IsOn            interface{} // 是否启用
-	Username        interface{} // 用户名
-	Password        interface{} // 密码
-	Fullname        interface{} // 真实姓名
-	Mobile          interface{} // 手机号
-	Tel             interface{} // 联系电话
-	Remark          interface{} // 备注
-	Email           interface{} // 邮箱地址
-	EmailIsVerified interface{} // 邮箱是否已验证
-	AvatarFileId    interface{} // 头像文件ID
-	CreatedAt       interface{} // 创建时间
-	Day             interface{} // YYYYMMDD
-	UpdatedAt       interface{} // 修改时间
-	State           interface{} // 状态
-	Source          interface{} // 来源
-	ClusterId       interface{} // 集群ID
-	Features        interface{} // 允许操作的特征
-	RegisteredIP    interface{} // 注册使用的IP
-	IsRejected      interface{} // 是否已拒绝
-	RejectReason    interface{} // 拒绝理由
-	IsVerified      interface{} // 是否验证通过
-	RequirePlans    interface{} // 是否需要购买套餐
+	Id              any // ID
+	IsOn            any // 是否启用
+	Username        any // 用户名
+	Password        any // 密码
+	Fullname        any // 真实姓名
+	Mobile          any // 手机号
+	Tel             any // 联系电话
+	Remark          any // 备注
+	Email           any // 邮箱地址
+	EmailIsVerified any // 邮箱是否已验证
+	AvatarFileId    any // 头像文件ID
+	CreatedAt       any // 创建时间
+	Day             any // YYYYMMDD
+	UpdatedAt       any // 修改时间
+	State           any // 状态
+	Source          any // 来源
+	ClusterId       any // 集群ID
+	Features        any // 允许操作的特征
+	RegisteredIP    any // 注册使用的IP
+	IsRejected      any // 是否已拒绝
+	RejectReason    any // 拒绝理由
+	IsVerified      any // 是否验证通过
+	RequirePlans    any // 是否需要购买套餐
+	Modules         any // 用户模块
 }

 func NewUserOperator() *UserOperator {
--- a/internal/db/models/user_model_ext.go
+++ b/internal/db/models/user_model_ext.go
@@ -1 +1,21 @@
 package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+)
+
+// DecodeModules 解析模块
+func (this *User) DecodeModules() []string {
+	if len(this.Modules) == 0 {
+		return nil
+	}
+
+	var result = []string{}
+	err := json.Unmarshal(this.Modules, &result)
+	if err != nil {
+		remotelogs.Error("User.DecodeModules", err.Error())
+	}
+
+	return result
+}
--- a/internal/db/utils/utils.go
+++ b/internal/db/utils/utils.go
@@ -35,3 +35,37 @@ func QuoteLikePrefix(keyword string) string {
 func QuoteLikeSuffix(keyword string) string {
 	return "%" + QuoteLikeKeyword(keyword)
 }
+
+// SetGlobalVarMin 设置变量最小值
+func SetGlobalVarMin(db *dbs.DB, variableName string, minValue int) error {
+	result, err := db.FindOne("SHOW VARIABLES WHERE variable_name=?", variableName)
+	if err != nil {
+		return err
+	}
+	if len(result) == 0 {
+		return nil
+	}
+	var oldValue = result.GetInt("Value")
+	if oldValue > 0 /** 小于等于0通常表示不限制 **/ && oldValue < minValue {
+		_, err = db.Exec("SET GLOBAL "+variableName+"=?", minValue)
+		return err
+	}
+	return nil
+}
+
+// SetGlobalVarMax 设置变量最大值
+func SetGlobalVarMax(db *dbs.DB, variableName string, maxValue int) error {
+	result, err := db.FindOne("SHOW VARIABLES WHERE variable_name=?", variableName)
+	if err != nil {
+		return err
+	}
+	if len(result) == 0 {
+		return nil
+	}
+	var oldValue = result.GetInt("Value")
+	if oldValue > maxValue {
+		_, err = db.Exec("SET GLOBAL "+variableName+"=?", maxValue)
+		return err
+	}
+	return nil
+}
--- a/internal/dnsclients/edgeapi/response_base.go
+++ b/internal/dnsclients/edgeapi/response_base.go
@@ -0,0 +1,21 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+import (
+	"errors"
+	"github.com/iwind/TeaGo/types"
+)
+
+type BaseResponse struct {
+	Code    int    `json:"code"`
+	Message string `json:"message"`
+}
+
+func (this *BaseResponse) IsValid() bool {
+	return this.Code == 200
+}
+
+func (this *BaseResponse) Error() error {
+	return errors.New("code: " + types.String(this.Code) + ", message: " + this.Message)
+}
--- a/internal/dnsclients/edgeapi/response_create_ns_record.go
+++ b/internal/dnsclients/edgeapi/response_create_ns_record.go
@@ -0,0 +1,11 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type CreateNSRecordResponse struct {
+	BaseResponse
+
+	Data struct {
+		NSRecordId int64 `json:"nsRecordId"`
+	} `json:"data"`
+}
--- a/internal/dnsclients/edgeapi/response_find_all_ns_routes.go
+++ b/internal/dnsclients/edgeapi/response_find_all_ns_routes.go
@@ -0,0 +1,14 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type FindAllNSRoutesResponse struct {
+	BaseResponse
+
+	Data struct {
+		NSRoutes []struct {
+			Name string `json:"name"`
+			Code string `json:"code"`
+		} `json:"nsRoutes"`
+	} `json:"data"`
+}
--- a/internal/dnsclients/edgeapi/response_find_ns_domain_with_name.go
+++ b/internal/dnsclients/edgeapi/response_find_ns_domain_with_name.go
@@ -0,0 +1,14 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type FindDomainWithNameResponse struct {
+	BaseResponse
+
+	Data struct {
+		NSDomain struct {
+			Id   int64  `json:"id"`
+			Name string `json:"name"`
+		}
+	} `json:"data"`
+}
--- a/internal/dnsclients/edgeapi/response_find_ns_record_with_name_and_type.go
+++ b/internal/dnsclients/edgeapi/response_find_ns_record_with_name_and_type.go
@@ -0,0 +1,21 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type FindNSRecordWithNameAndTypeResponse struct {
+	BaseResponse
+
+	Data struct {
+		NSRecord struct {
+			Id       int64  `json:"id"`
+			Name     string `json:"name"`
+			Type     string `json:"type"`
+			Value    string `json:"value"`
+			TTL      int32  `json:"ttl"`
+			NSRoutes []struct {
+				Name string `json:"name"`
+				Code string `json:"code"`
+			} `json:"nsRoutes"`
+		} `json:"nsRecord"`
+	}
+}
--- a/internal/dnsclients/edgeapi/response_get_api_access_token.go
+++ b/internal/dnsclients/edgeapi/response_get_api_access_token.go
@@ -0,0 +1,12 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type GetAPIAccessToken struct {
+	BaseResponse
+
+	Data struct {
+		Token     string `json:"token"`
+		ExpiresAt int64  `json:"expiresAt"`
+	} `json:"data"`
+}
--- a/internal/dnsclients/edgeapi/response_interface.go
+++ b/internal/dnsclients/edgeapi/response_interface.go
@@ -0,0 +1,8 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type ResponseInterface interface {
+	IsValid() bool
+	Error() error
+}
--- a/internal/dnsclients/edgeapi/response_list_ns_domains.go
+++ b/internal/dnsclients/edgeapi/response_list_ns_domains.go
@@ -0,0 +1,16 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type ListNSDomainsResponse struct {
+	BaseResponse
+
+	Data struct {
+		NSDomains []struct {
+			Id        int64  `json:"id"`
+			Name      string `json:"name"`
+			IsOn      bool   `json:"isOn"`
+			IsDeleted bool   `json:"isDeleted"`
+		} `json:"nsDomains"`
+	} `json:"data"`
+}
--- a/internal/dnsclients/edgeapi/response_list_ns_records.go
+++ b/internal/dnsclients/edgeapi/response_list_ns_records.go
@@ -0,0 +1,21 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type ListNSRecordsResponse struct {
+	BaseResponse
+
+	Data struct {
+		NSRecords []struct {
+			Id       int64  `json:"id"`
+			Name     string `json:"name"`
+			Value    string `json:"value"`
+			TTL      int32  `json:"ttl"`
+			Type     string `json:"type"`
+			NSRoutes []struct {
+				Name string `json:"name"`
+				Code string `json:"code"`
+			} `json:"nsRoutes"`
+		} `json:"nsRecords"`
+	} `json:"data"`
+}
--- a/internal/dnsclients/edgeapi/response_success.go
+++ b/internal/dnsclients/edgeapi/response_success.go
@@ -0,0 +1,7 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type SuccessResponse struct {
+	BaseResponse
+}
--- a/internal/dnsclients/edgeapi/response_update_ns_record.go
+++ b/internal/dnsclients/edgeapi/response_update_ns_record.go
@@ -0,0 +1,7 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type UpdateNSRecordResponse struct {
+	BaseResponse
+}
--- a/internal/dnsclients/provider_dnspod.go
+++ b/internal/dnsclients/provider_dnspod.go
@@ -55,8 +55,8 @@ func (this *DNSPodProvider) Auth(params maps.Map) error {

 // GetDomains 获取所有域名列表
 func (this *DNSPodProvider) GetDomains() (domains []string, err error) {
-	offset := 0
-	size := 100
+	var offset = 0
+	var size = 100

 	for {
 		domainsResp, err := this.post("/Domain.List", map[string]string{
@@ -68,7 +68,7 @@ func (this *DNSPodProvider) GetDomains() (domains []string, err error) {
 		}
 		offset += size

-		domainsSlice := domainsResp.GetSlice("domains")
+		var domainsSlice = domainsResp.GetSlice("domains")
 		if len(domainsSlice) == 0 {
 			break
 		}
@@ -79,8 +79,8 @@ func (this *DNSPodProvider) GetDomains() (domains []string, err error) {
 		}

 		// 检查是否到头
-		info := domainsResp.GetMap("info")
-		recordTotal := info.GetInt("record_total")
+		var info = domainsResp.GetMap("info")
+		var recordTotal = info.GetInt("all_total")
 		if offset >= recordTotal {
 			break
 		}
@@ -90,8 +90,8 @@ func (this *DNSPodProvider) GetDomains() (domains []string, err error) {

 // GetRecords 获取域名列表
 func (this *DNSPodProvider) GetRecords(domain string) (records []*dnstypes.Record, err error) {
-	offset := 0
-	size := 100
+	var offset = 0
+	var size = 100
 	for {
 		recordsResp, err := this.post("/Record.List", map[string]string{
 			"domain": domain,
@@ -104,7 +104,7 @@ func (this *DNSPodProvider) GetRecords(domain string) (records []*dnstypes.Recor
 		offset += size

 		// 记录
-		recordSlice := recordsResp.GetSlice("records")
+		var recordSlice = recordsResp.GetSlice("records")
 		for _, record := range recordSlice {
 			recordMap := maps.NewMap(record)
 			records = append(records, &dnstypes.Record{
@@ -118,8 +118,8 @@ func (this *DNSPodProvider) GetRecords(domain string) (records []*dnstypes.Recor
 		}

 		// 检查是否到头
-		info := recordsResp.GetMap("info")
-		recordTotal := info.GetInt("record_total")
+		var info = recordsResp.GetMap("info")
+		var recordTotal = info.GetInt("record_total")
 		if offset >= recordTotal {
 			break
 		}
--- a/internal/dnsclients/provider_edge_dns_api.go
+++ b/internal/dnsclients/provider_edge_dns_api.go
@@ -0,0 +1,441 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package dnsclients
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/json"
+	"errors"
+	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
+	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
+	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/edgeapi"
+	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
+	"io"
+	"net/http"
+	"regexp"
+	"strings"
+	"time"
+)
+
+var edgeDNSHTTPClient = &http.Client{
+	Timeout: 10 * time.Second,
+	Transport: &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	},
+}
+
+type EdgeDNSAPIProvider struct {
+	host            string
+	accessKeyId     string
+	accessKeySecret string
+
+	role                 string // admin | user
+	accessToken          string
+	accessTokenExpiresAt int64
+}
+
+// Auth 认证
+func (this *EdgeDNSAPIProvider) Auth(params maps.Map) error {
+	this.role = params.GetString("role")
+	this.host = params.GetString("host")
+	this.accessKeyId = params.GetString("accessKeyId")
+	this.accessKeySecret = params.GetString("accessKeySecret")
+
+	if len(this.role) == 0 {
+		this.role = "user"
+	}
+
+	if len(this.host) == 0 {
+		return errors.New("'host' should not be empty")
+	}
+	if !regexp.MustCompile(`^(?i)(http|https):`).MatchString(this.host) {
+		this.host = "http://" + this.host
+	}
+
+	if len(this.accessKeyId) == 0 {
+		return errors.New("'accessKeyId' should not be empty")
+	}
+	if len(this.accessKeySecret) == 0 {
+		return errors.New("'accessKeySecret' should not be empty")
+	}
+
+	return nil
+}
+
+// GetDomains 获取所有域名列表
+func (this *EdgeDNSAPIProvider) GetDomains() (domains []string, err error) {
+	var offset = 0
+	var size = 100
+	for {
+		var resp = &edgeapi.ListNSDomainsResponse{}
+		err = this.doAPI("/NSDomainService/ListNSDomains", map[string]any{
+			"offset": offset,
+			"size":   size,
+		}, resp)
+		if err != nil {
+			return
+		}
+
+		for _, domain := range resp.Data.NSDomains {
+			domains = append(domains, domain.Name)
+		}
+
+		if len(resp.Data.NSDomains) < size {
+			break
+		}
+
+		offset += size
+	}
+
+	return
+}
+
+// GetRecords 获取域名解析记录列表
+func (this *EdgeDNSAPIProvider) GetRecords(domain string) (records []*dnstypes.Record, err error) {
+	var domainResp = &edgeapi.FindDomainWithNameResponse{}
+	err = this.doAPI("/NSDomainService/FindNSDomainWithName", map[string]any{
+		"name": domain,
+	}, domainResp)
+	if err != nil {
+		return nil, err
+	}
+
+	var domainId = domainResp.Data.NSDomain.Id
+	if domainId == 0 {
+		return nil, nil
+	}
+
+	var offset = 0
+	var size = 100
+	for {
+		var recordsResp = &edgeapi.ListNSRecordsResponse{}
+		err = this.doAPI("/NSRecordService/ListNSRecords", map[string]any{
+			"nsDomainId": domainId,
+			"offset":     offset,
+			"size":       size,
+		}, recordsResp)
+		if err != nil {
+			return nil, err
+		}
+
+		var nsRecords = recordsResp.Data.NSRecords
+		for _, record := range nsRecords {
+			var routeCode = this.DefaultRoute()
+			if len(record.NSRoutes) > 0 {
+				routeCode = record.NSRoutes[0].Code
+			}
+
+			records = append(records, &dnstypes.Record{
+				Id:    types.String(record.Id),
+				Name:  record.Name,
+				Type:  record.Type,
+				Value: record.Value,
+				Route: routeCode,
+				TTL:   record.TTL,
+			})
+		}
+
+		if len(nsRecords) < size {
+			break
+		}
+
+		offset += size
+	}
+
+	return
+}
+
+// GetRoutes 读取域名支持的线路数据
+func (this *EdgeDNSAPIProvider) GetRoutes(domain string) (routes []*dnstypes.Route, err error) {
+	// default
+	routes = append(routes, &dnstypes.Route{
+		Name: "默认线路",
+		Code: this.DefaultRoute(),
+	})
+
+	// 世界区域
+	{
+		var routesResp = &edgeapi.FindAllNSRoutesResponse{}
+		err = this.doAPI("/NSRouteService/FindAllDefaultWorldRegionRoutes", map[string]any{}, routesResp)
+		if err != nil {
+			return nil, err
+		}
+		for _, route := range routesResp.Data.NSRoutes {
+			routes = append(routes, &dnstypes.Route{
+				Name: route.Name,
+				Code: route.Code,
+			})
+		}
+	}
+
+	// 中国省份
+	{
+		var routesResp = &edgeapi.FindAllNSRoutesResponse{}
+		err = this.doAPI("/NSRouteService/FindAllDefaultChinaProvinceRoutes", map[string]any{}, routesResp)
+		if err != nil {
+			return nil, err
+		}
+		for _, route := range routesResp.Data.NSRoutes {
+			routes = append(routes, &dnstypes.Route{
+				Name: route.Name,
+				Code: route.Code,
+			})
+		}
+	}
+
+	// ISP
+	{
+		var routesResp = &edgeapi.FindAllNSRoutesResponse{}
+		err = this.doAPI("/NSRouteService/FindAllDefaultISPRoutes", map[string]any{}, routesResp)
+		if err != nil {
+			return nil, err
+		}
+		for _, route := range routesResp.Data.NSRoutes {
+			routes = append(routes, &dnstypes.Route{
+				Name: route.Name,
+				Code: route.Code,
+			})
+		}
+	}
+
+	// 自定义
+	{
+		var routesResp = &edgeapi.FindAllNSRoutesResponse{}
+		err = this.doAPI("/NSRouteService/FindAllNSRoutes", map[string]any{}, routesResp)
+		if err != nil {
+			return nil, err
+		}
+		for _, route := range routesResp.Data.NSRoutes {
+			routes = append(routes, &dnstypes.Route{
+				Name: route.Name,
+				Code: route.Code,
+			})
+		}
+	}
+
+	return
+}
+
+// QueryRecord 查询单个记录
+func (this *EdgeDNSAPIProvider) QueryRecord(domain string, name string, recordType dnstypes.RecordType) (*dnstypes.Record, error) {
+	var domainResp = &edgeapi.FindDomainWithNameResponse{}
+	err := this.doAPI("/NSDomainService/FindNSDomainWithName", map[string]any{
+		"name": domain,
+	}, domainResp)
+	if err != nil {
+		return nil, err
+	}
+
+	var domainId = domainResp.Data.NSDomain.Id
+	if domainId == 0 {
+		return nil, errors.New("can not find domain '" + domain + "'")
+	}
+
+	var recordResp = &edgeapi.FindNSRecordWithNameAndTypeResponse{}
+	err = this.doAPI("/NSRecordService/FindNSRecordWithNameAndType", map[string]any{
+		"nsDomainId": domainId,
+		"name":       name,
+		"type":       recordType,
+	}, recordResp)
+	if err != nil {
+		return nil, err
+	}
+
+	var record = recordResp.Data.NSRecord
+	if record.Id <= 0 {
+		return nil, nil
+	}
+
+	var routeCode = this.DefaultRoute()
+	if len(record.NSRoutes) > 0 {
+		routeCode = record.NSRoutes[0].Code
+	}
+
+	return &dnstypes.Record{
+		Id:    types.String(record.Id),
+		Name:  record.Name,
+		Type:  record.Type,
+		Value: record.Value,
+		Route: routeCode,
+		TTL:   record.TTL,
+	}, nil
+}
+
+// AddRecord 设置记录
+func (this *EdgeDNSAPIProvider) AddRecord(domain string, newRecord *dnstypes.Record) error {
+	var domainResp = &edgeapi.FindDomainWithNameResponse{}
+	err := this.doAPI("/NSDomainService/FindNSDomainWithName", map[string]any{
+		"name": domain,
+	}, domainResp)
+	if err != nil {
+		return err
+	}
+
+	var domainId = domainResp.Data.NSDomain.Id
+	if domainId == 0 {
+		return errors.New("can not find domain '" + domain + "'")
+	}
+
+	if newRecord.Type == dnstypes.RecordTypeCNAME && !strings.HasSuffix(newRecord.Value, ".") {
+		newRecord.Value += "."
+	}
+
+	var createResp = &edgeapi.CreateNSRecordResponse{}
+	var routes = []string{}
+	if len(newRecord.Route) > 0 {
+		routes = []string{newRecord.Route}
+	}
+	err = this.doAPI("/NSRecordService/CreateNSRecord", map[string]any{
+		"nsDomainId":   domainId,
+		"name":         newRecord.Name,
+		"type":         strings.ToUpper(newRecord.Type),
+		"value":        newRecord.Value,
+		"ttl":          newRecord.TTL,
+		"nsRouteCodes": routes,
+	}, createResp)
+
+	if err != nil {
+		return err
+	}
+
+	newRecord.Id = types.String(createResp.Data.NSRecordId)
+
+	return nil
+}
+
+// UpdateRecord 修改记录
+func (this *EdgeDNSAPIProvider) UpdateRecord(domain string, record *dnstypes.Record, newRecord *dnstypes.Record) error {
+	if newRecord.Type == dnstypes.RecordTypeCNAME && !strings.HasSuffix(newRecord.Value, ".") {
+		newRecord.Value += "."
+	}
+
+	var createResp = &edgeapi.UpdateNSRecordResponse{}
+	var routes = []string{}
+	if len(newRecord.Route) > 0 {
+		routes = []string{newRecord.Route}
+	}
+	err := this.doAPI("/NSRecordService/UpdateNSRecord", map[string]any{
+		"nsRecordId":   types.Int64(record.Id),
+		"name":         newRecord.Name,
+		"type":         strings.ToUpper(newRecord.Type),
+		"value":        newRecord.Value,
+		"ttl":          newRecord.TTL,
+		"nsRouteCodes": routes,
+		"isOn":         true, // important
+	}, createResp)
+
+	return err
+}
+
+// DeleteRecord 删除记录
+func (this *EdgeDNSAPIProvider) DeleteRecord(domain string, record *dnstypes.Record) error {
+	var resp = &edgeapi.SuccessResponse{}
+	err := this.doAPI("/NSRecordService/DeleteNSRecord", map[string]any{
+		"nsRecordId": types.Int64(record.Id),
+	}, resp)
+	return err
+}
+
+// DefaultRoute 默认线路
+func (this *EdgeDNSAPIProvider) DefaultRoute() string {
+	return "default"
+}
+
+func (this *EdgeDNSAPIProvider) doAPI(path string, params map[string]any, respPtr edgeapi.ResponseInterface) error {
+	accessToken, err := this.getToken()
+	if err != nil {
+		return err
+	}
+
+	paramsJSON, err := json.Marshal(params)
+	if err != nil {
+		return err
+	}
+	req, err := http.NewRequest(http.MethodPost, this.host+path, bytes.NewReader(paramsJSON))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", teaconst.ProductName+"/"+teaconst.Version)
+	req.Header.Set("X-Edge-Access-Token", accessToken)
+
+	resp, err := edgeDNSHTTPClient.Do(req)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return errors.New("invalid response status code '" + types.String(resp.StatusCode) + "'")
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(data, respPtr)
+	if err != nil {
+		return errors.New("decode response failed: " + err.Error() + ", JSON: " + string(data))
+	}
+
+	if !respPtr.IsValid() {
+		return respPtr.Error()
+	}
+
+	return err
+}
+
+func (this *EdgeDNSAPIProvider) getToken() (string, error) {
+	if len(this.accessToken) > 0 && this.accessTokenExpiresAt > time.Now().Unix()+600 /** 600秒是防止当前服务器和API服务器之间有时间差 **/ {
+		return this.accessToken, nil
+	}
+
+	var params = maps.Map{
+		"type":        this.role,
+		"accessKeyId": this.accessKeyId,
+		"accessKey":   this.accessKeySecret,
+	}
+	paramsJSON, err := json.Marshal(params)
+	if err != nil {
+		return "", err
+	}
+	req, err := http.NewRequest(http.MethodPost, this.host+"/APIAccessTokenService/getAPIAccessToken", bytes.NewReader(paramsJSON))
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("User-Agent", teaconst.ProductName+"/"+teaconst.Version)
+	resp, err := edgeDNSHTTPClient.Do(req)
+	if err != nil {
+		return "", err
+	}
+
+	defer func() {
+		_ = resp.Body.Close()
+	}()
+
+	if resp.StatusCode != http.StatusOK {
+		return "", errors.New("invalid response code '" + types.String(resp.StatusCode) + "'")
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	var tokenResp = &edgeapi.GetAPIAccessToken{}
+	err = json.Unmarshal(data, tokenResp)
+	if err != nil {
+		return "", err
+	}
+
+	if tokenResp.Code != 200 {
+		return "", errors.New("invalid code '" + types.String(tokenResp.Code) + "', message: " + tokenResp.Message)
+	}
+
+	this.accessToken = tokenResp.Data.Token
+	this.accessTokenExpiresAt = tokenResp.Data.ExpiresAt
+	return this.accessToken, nil
+}
--- a/internal/dnsclients/provider_edge_dns_api_test.go
+++ b/internal/dnsclients/provider_edge_dns_api_test.go
@@ -0,0 +1,163 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package dnsclients_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients"
+	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
+	"github.com/iwind/TeaGo/logs"
+	"github.com/iwind/TeaGo/maps"
+	"testing"
+)
+
+const edgeDNSAPIDomainName = "hello2.com"
+
+func TestEdgeDNSAPIProvider_GetDomains(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	domains, err := provider.GetDomains()
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("domains:", domains)
+}
+
+func TestEdgeDNSAPIProvider_GetRecords(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	records, err := provider.GetRecords(edgeDNSAPIDomainName)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logs.PrintAsJSON(records, t)
+}
+
+func TestEdgeDNSAPIProvider_GetRoutes(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	routes, err := provider.GetRoutes(edgeDNSAPIDomainName)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logs.PrintAsJSON(routes, t)
+}
+
+func TestEdgeDNSAPIProvider_QueryRecord(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+	record, err := provider.QueryRecord(edgeDNSAPIDomainName, "cdn", dnstypes.RecordTypeA)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logs.PrintAsJSON(record)
+}
+
+func TestEdgeDNSAPIProvider_AddRecord(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = provider.AddRecord(edgeDNSAPIDomainName, &dnstypes.Record{
+		Id:    "",
+		Name:  "example",
+		Type:  dnstypes.RecordTypeA,
+		Value: "10.0.0.1",
+		Route: "china:province:beijing",
+		TTL:   300,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
+
+func TestEdgeDNSAPIProvider_UpdateRecord(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+	record, err := provider.QueryRecord(edgeDNSAPIDomainName, "cdn", dnstypes.RecordTypeA)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if record == nil {
+		t.Log("not found record")
+		return
+	}
+
+	//record.Id = ""
+	err = provider.UpdateRecord(edgeDNSAPIDomainName, record, &dnstypes.Record{
+		Id:    "",
+		Name:  record.Name,
+		Type:  record.Type,
+		Value: "127.0.0.3",
+		Route: record.Route,
+		TTL:   30,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
+
+func TestEdgeDNSAPIProvider_DeleteRecord(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	record, err := provider.QueryRecord(edgeDNSAPIDomainName, "example", "A")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if record == nil {
+		t.Log("not found")
+		return
+	}
+
+	err = provider.DeleteRecord(edgeDNSAPIDomainName, &dnstypes.Record{
+		Id:    record.Id,
+		Name:  "example",
+		Type:  "A",
+		Value: "",
+		Route: "",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
+
+func TestEdgeDNSAPIProvider_DefaultRoute(t *testing.T) {
+	provider, err := testEdgeDNSAPIProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Log(provider.DefaultRoute())
+}
+
+func testEdgeDNSAPIProvider() (dnsclients.ProviderInterface, error) {
+	provider := &dnsclients.EdgeDNSAPIProvider{}
+	err := provider.Auth(maps.Map{
+		"role":            "user",
+		"host":            "http://127.0.0.1:8004",
+		"accessKeyId":     "JOvsyXIFqkQbh5kl",
+		"accessKeySecret": "t0RY8YO3R58VbJJNp0RqKw9KWNpObwtE",
+	})
+	if err != nil {
+		return nil, err
+	}
+	return provider, nil
+}
--- a/internal/dnsclients/provider_user_edge_dns.go
+++ b/internal/dnsclients/provider_user_edge_dns.go
@@ -1,65 +0,0 @@
-// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
-
-package dnsclients
-
-import (
-	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
-	"github.com/iwind/TeaGo/maps"
-)
-
-type UserEdgeDNSProvider struct {
-}
-
-// Auth 认证
-func (this *UserEdgeDNSProvider) Auth(params maps.Map) error {
-	// TODO
-	return nil
-}
-
-// GetDomains 获取所有域名列表
-func (this *UserEdgeDNSProvider) GetDomains() (domains []string, err error) {
-	// TODO
-	return
-}
-
-// GetRecords 获取域名解析记录列表
-func (this *UserEdgeDNSProvider) GetRecords(domain string) (records []*dnstypes.Record, err error) {
-	// TODO
-	return
-}
-
-// GetRoutes 读取域名支持的线路数据
-func (this *UserEdgeDNSProvider) GetRoutes(domain string) (routes []*dnstypes.Route, err error) {
-	// TODO
-	return
-}
-
-// QueryRecord 查询单个记录
-func (this *UserEdgeDNSProvider) QueryRecord(domain string, name string, recordType dnstypes.RecordType) (*dnstypes.Record, error) {
-	// TODO
-	return nil, nil
-}
-
-// AddRecord 设置记录
-func (this *UserEdgeDNSProvider) AddRecord(domain string, newRecord *dnstypes.Record) error {
-	// TODO
-	return nil
-}
-
-// UpdateRecord 修改记录
-func (this *UserEdgeDNSProvider) UpdateRecord(domain string, record *dnstypes.Record, newRecord *dnstypes.Record) error {
-	// TODO
-	return nil
-}
-
-// DeleteRecord 删除记录
-func (this *UserEdgeDNSProvider) DeleteRecord(domain string, record *dnstypes.Record) error {
-	// TODO
-	return nil
-}
-
-// DefaultRoute 默认线路
-func (this *UserEdgeDNSProvider) DefaultRoute() string {
-	// TODO
-	return ""
-}
--- a/internal/dnsclients/types.go
+++ b/internal/dnsclients/types.go
@@ -13,13 +13,13 @@ const (
 	ProviderTypeHuaweiDNS    ProviderType = "huaweiDNS"    // 华为DNS
 	ProviderTypeCloudFlare   ProviderType = "cloudFlare"   // CloudFlare DNS
 	ProviderTypeLocalEdgeDNS ProviderType = "localEdgeDNS" // 和当前系统集成的EdgeDNS
-	ProviderTypeUserEdgeDNS  ProviderType = "userEdgeDNS"  // 通过API连接的EdgeDNS
+	ProviderTypeEdgeDNSAPI   ProviderType = "edgeDNSAPI"   // 通过API连接的EdgeDNS
 	ProviderTypeCustomHTTP   ProviderType = "customHTTP"   // 自定义HTTP接口
 )

 // FindAllProviderTypes 所有的服务商类型
 func FindAllProviderTypes() []maps.Map {
-	typeMaps := []maps.Map{
+	var typeMaps = []maps.Map{
 		{
 			"name":        "阿里云DNS",
 			"code":        ProviderTypeAliDNS,
@@ -40,6 +40,11 @@ func FindAllProviderTypes() []maps.Map {
 			"code":        ProviderTypeCloudFlare,
 			"description": "CloudFlare提供的DNS服务。",
 		},
+		{
+			"name":        "EdgeDNS API",
+			"code":        ProviderTypeEdgeDNSAPI,
+			"description": "通过API连接GoEdge商业版系统提供的DNS服务。",
+		},
 	}

 	typeMaps = filterTypeMaps(typeMaps)
--- a/internal/dnsclients/types_ext.go
+++ b/internal/dnsclients/types_ext.go
@@ -19,6 +19,8 @@ func FindProvider(providerType ProviderType) ProviderInterface {
 		return &CloudFlareProvider{}
 	case ProviderTypeCustomHTTP:
 		return &CustomHTTPProvider{}
+	case ProviderTypeEdgeDNSAPI:
+		return &EdgeDNSAPIProvider{}
 	}

 	return nil
--- a/internal/installers/errors.go
+++ b/internal/installers/errors.go
@@ -0,0 +1,27 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package installers
+
+type GrantError struct {
+	err string
+}
+
+func newGrantError(err string) *GrantError {
+	return &GrantError{err: err}
+}
+
+func (this *GrantError) Error() string {
+	return this.err
+}
+
+func (this *GrantError) String() string {
+	return this.err
+}
+
+func IsGrantError(err error) bool {
+	if err == nil {
+		return false
+	}
+	_, ok := err.(*GrantError)
+	return ok
+}
--- a/internal/installers/installer_base.go
+++ b/internal/installers/installer_base.go
@@ -42,10 +42,10 @@ func (this *BaseInstaller) Login(credentials *Credentials) error {
 	}

 	// 认证
-	methods := []ssh.AuthMethod{}
+	var methods = []ssh.AuthMethod{}
 	if credentials.Method == "user" {
 		{
-			authMethod := ssh.Password(credentials.Password)
+			var authMethod = ssh.Password(credentials.Password)
 			methods = append(methods, authMethod)
 		}

@@ -79,7 +79,7 @@ func (this *BaseInstaller) Login(credentials *Credentials) error {
 	if len(credentials.Username) == 0 {
 		credentials.Username = "root"
 	}
-	config := &ssh.ClientConfig{
+	var config = &ssh.ClientConfig{
 		User:            credentials.Username,
 		Auth:            methods,
 		HostKeyCallback: hostKeyCallback,
--- a/internal/installers/installer_ns_node.go
+++ b/internal/installers/installer_ns_node.go
@@ -1,147 +0,0 @@
-package installers
-
-import (
-	"bytes"
-	"errors"
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	"os"
-	"path/filepath"
-	"regexp"
-)
-
-type NSNodeInstaller struct {
-	BaseInstaller
-}
-
-func (this *NSNodeInstaller) Install(dir string, params interface{}, installStatus *models.NodeInstallStatus) error {
-	if params == nil {
-		return errors.New("'params' required for node installation")
-	}
-	nodeParams, ok := params.(*NodeParams)
-	if !ok {
-		return errors.New("'params' should be *NodeParams")
-	}
-	err := nodeParams.Validate()
-	if err != nil {
-		return errors.New("params validation: " + err.Error())
-	}
-
-	// 检查目标目录是否存在
-	_, err = this.client.Stat(dir)
-	if err != nil {
-		err = this.client.MkdirAll(dir)
-		if err != nil {
-			installStatus.ErrorCode = "CREATE_ROOT_DIRECTORY_FAILED"
-			return errors.New("create directory  '" + dir + "' failed: " + err.Error())
-		}
-	}
-
-	// 安装助手
-	env, err := this.InstallHelper(dir, nodeconfigs.NodeRoleDNS)
-	if err != nil {
-		installStatus.ErrorCode = "INSTALL_HELPER_FAILED"
-		return err
-	}
-
-	// 上传安装文件
-	filePrefix := "edge-dns-" + env.OS + "-" + env.Arch
-	zipFile, err := this.LookupLatestInstaller(filePrefix)
-	if err != nil {
-		return err
-	}
-	if len(zipFile) == 0 {
-		return errors.New("can not find installer file for " + env.OS + "/" + env.Arch)
-	}
-	targetZip := dir + "/" + filepath.Base(zipFile)
-	err = this.client.Copy(zipFile, targetZip, 0777)
-	if err != nil {
-		return err
-	}
-
-	// 测试运行环境
-	// 升级的节点暂时不列入测试
-	if !nodeParams.IsUpgrading {
-		_, stderr, err := this.client.Exec(dir + "/" + env.HelperName + " -cmd=test")
-		if err != nil {
-			return errors.New("test failed: " + err.Error())
-		}
-		if len(stderr) > 0 {
-			return errors.New("test failed: " + stderr)
-		}
-	}
-
-	// 如果是升级则优雅停止先前的进程
-	exePath := dir + "/edge-dns/bin/edge-dns"
-	if nodeParams.IsUpgrading {
-		_, err = this.client.Stat(exePath)
-		if err == nil {
-			_, _, _ = this.client.Exec(exePath + " stop")
-
-			// 删除可执行文件防止冲突
-			err = this.client.Remove(exePath)
-			if err != nil && err != os.ErrNotExist {
-				return errors.New("remove old file failed: " + err.Error())
-			}
-		}
-	}
-
-	// 解压
-	_, stderr, err := this.client.Exec(dir + "/" + env.HelperName + " -cmd=unzip -zip=\"" + targetZip + "\" -target=\"" + dir + "\"")
-	if err != nil {
-		return err
-	}
-	if len(stderr) > 0 {
-		return errors.New("unzip installer failed: " + stderr)
-	}
-
-	// 修改配置文件
-	{
-		configFile := dir + "/edge-dns/configs/api.yaml"
-
-		// sudo之后我们需要修改配置目录才能写入文件
-		if this.client.sudo {
-			_, _, _ = this.client.Exec("chown " + this.client.User() + " " + filepath.Dir(configFile))
-		}
-
-		var data = []byte(`rpc:
-  endpoints: [ ${endpoints} ]
-nodeId: "${nodeId}"
-secret: "${nodeSecret}"`)
-
-		data = bytes.ReplaceAll(data, []byte("${endpoints}"), []byte(nodeParams.QuoteEndpoints()))
-		data = bytes.ReplaceAll(data, []byte("${nodeId}"), []byte(nodeParams.NodeId))
-		data = bytes.ReplaceAll(data, []byte("${nodeSecret}"), []byte(nodeParams.Secret))
-
-		_, err = this.client.WriteFile(configFile, data)
-		if err != nil {
-			return errors.New("write '" + configFile + "': " + err.Error())
-		}
-	}
-
-	// 测试
-	_, stderr, err = this.client.Exec(dir + "/edge-dns/bin/edge-dns test")
-	if err != nil {
-		installStatus.ErrorCode = "TEST_FAILED"
-		return errors.New("test edge node failed: " + err.Error() + ", stderr: " + stderr)
-	}
-	if len(stderr) > 0 {
-		if regexp.MustCompile(`(?i)rpc`).MatchString(stderr) {
-			installStatus.ErrorCode = "RPC_TEST_FAILED"
-		}
-
-		return errors.New("test edge dns node failed: " + stderr)
-	}
-
-	// 启动
-	_, stderr, err = this.client.Exec(dir + "/edge-dns/bin/edge-dns start")
-	if err != nil {
-		return errors.New("start edge dns failed: " + err.Error())
-	}
-
-	if len(stderr) > 0 {
-		return errors.New("start edge dns failed: " + stderr)
-	}
-
-	return nil
-}
--- a/internal/installers/installer_ns_node_test.go
+++ b/internal/installers/installer_ns_node_test.go
@@ -1,39 +0,0 @@
-package installers
-
-import (
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"testing"
-)
-
-func TestDNSNodeInstaller_Install(t *testing.T) {
-	var installer InstallerInterface = &NSNodeInstaller{}
-	err := installer.Login(&Credentials{
-		Host:       "192.168.2.30",
-		Port:       22,
-		Username:   "root",
-		Password:   "123456",
-		PrivateKey: "",
-		Method:     "user",
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// 关闭连接
-	defer func() {
-		err := installer.Close()
-		if err != nil {
-			t.Fatal(err)
-		}
-	}()
-
-	// 安装
-	err = installer.Install("/opt/edge", &NodeParams{
-		Endpoints: []string{"http://192.168.2.40:8003"},
-		NodeId:    "b3f0690c793db5daaa666e89bd7b2301",
-		Secret:    "H6nbSzjN3tLYi0ecdtUeDpQdZZPjKL7S",
-	}, &models.NodeInstallStatus{})
-	if err != nil {
-		t.Fatal(err)
-	}
-}
--- a/internal/installers/queue_node.go
+++ b/internal/installers/queue_node.go
@@ -218,19 +218,19 @@ func (this *NodeQueue) StartNode(nodeId int64) error {
 		return err
 	}
 	if login == nil {
-		return errors.New("can not find node login information")
+		return newGrantError("can not find node login information")
 	}
 	loginParams, err := login.DecodeSSHParams()
 	if err != nil {
-		return err
+		return newGrantError(err.Error())
 	}

 	if len(loginParams.Host) == 0 {
-		return errors.New("ssh host should not be empty")
+		return newGrantError("ssh host should not be empty")
 	}

 	if loginParams.Port <= 0 {
-		return errors.New("ssh port is invalid")
+		return newGrantError("ssh port is invalid")
 	}

 	if loginParams.GrantId == 0 {
@@ -240,7 +240,7 @@ func (this *NodeQueue) StartNode(nodeId int64) error {
 			return err
 		}
 		if grantId == 0 {
-			return errors.New("can not find node grant")
+			return newGrantError("can not find node grant")
 		}
 		loginParams.GrantId = grantId
 	}
@@ -249,10 +249,10 @@ func (this *NodeQueue) StartNode(nodeId int64) error {
 		return err
 	}
 	if grant == nil {
-		return errors.New("can not find user grant with id '" + numberutils.FormatInt64(loginParams.GrantId) + "'")
+		return newGrantError("can not find user grant with id '" + numberutils.FormatInt64(loginParams.GrantId) + "'")
 	}

-	installer := &NodeInstaller{}
+	var installer = &NodeInstaller{}
 	err = installer.Login(&Credentials{
 		Host:       loginParams.Host,
 		Port:       loginParams.Port,
--- a/internal/installers/queue_ns_node.go
+++ b/internal/installers/queue_ns_node.go
@@ -1,417 +0,0 @@
-package installers
-
-import (
-	"errors"
-	"fmt"
-	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"github.com/TeaOSLab/EdgeAPI/internal/goman"
-	"github.com/TeaOSLab/EdgeAPI/internal/utils"
-	"github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	"github.com/iwind/TeaGo/logs"
-	"time"
-)
-
-var sharedNSNodeQueue = NewNSNodeQueue()
-
-type NSNodeQueue struct {
-}
-
-func NewNSNodeQueue() *NSNodeQueue {
-	return &NSNodeQueue{}
-}
-
-func SharedNSNodeQueue() *NSNodeQueue {
-	return sharedNSNodeQueue
-}
-
-// InstallNodeProcess 安装边缘节点流程控制
-func (this *NSNodeQueue) InstallNodeProcess(nodeId int64, isUpgrading bool) error {
-	installStatus := models.NewNodeInstallStatus()
-	installStatus.IsRunning = true
-	installStatus.UpdatedAt = time.Now().Unix()
-
-	err := models.SharedNSNodeDAO.UpdateNodeInstallStatus(nil, nodeId, installStatus)
-	if err != nil {
-		return err
-	}
-
-	// 更新时间
-	ticker := utils.NewTicker(3 * time.Second)
-	goman.New(func() {
-		for ticker.Wait() {
-			installStatus.UpdatedAt = time.Now().Unix()
-			err := models.SharedNSNodeDAO.UpdateNodeInstallStatus(nil, nodeId, installStatus)
-			if err != nil {
-				logs.Println("[INSTALL]" + err.Error())
-				continue
-			}
-		}
-	})
-	defer func() {
-		ticker.Stop()
-	}()
-
-	// 开始安装
-	err = this.InstallNode(nodeId, installStatus, isUpgrading)
-
-	// 安装结束
-	installStatus.IsRunning = false
-	installStatus.IsFinished = true
-	if err != nil {
-		installStatus.Error = err.Error()
-	} else {
-		installStatus.IsOk = true
-	}
-	err = models.SharedNSNodeDAO.UpdateNodeInstallStatus(nil, nodeId, installStatus)
-	if err != nil {
-		return err
-	}
-
-	// 修改为已安装
-	if installStatus.IsOk {
-		err = models.SharedNSNodeDAO.UpdateNodeIsInstalled(nil, nodeId, true)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// InstallNode 安装边缘节点
-func (this *NSNodeQueue) InstallNode(nodeId int64, installStatus *models.NodeInstallStatus, isUpgrading bool) error {
-	node, err := models.SharedNSNodeDAO.FindEnabledNSNode(nil, nodeId)
-	if err != nil {
-		return err
-	}
-	if node == nil {
-		return errors.New("can not find node, ID：'" + numberutils.FormatInt64(nodeId) + "'")
-	}
-
-	// 登录信息
-	login, err := models.SharedNodeLoginDAO.FindEnabledNodeLoginWithNodeId(nil, nodeconfigs.NodeRoleDNS, nodeId)
-	if err != nil {
-		return err
-	}
-	if login == nil {
-		installStatus.ErrorCode = "EMPTY_LOGIN"
-		return errors.New("can not find node login information")
-	}
-	loginParams, err := login.DecodeSSHParams()
-	if err != nil {
-		return err
-	}
-
-	if len(loginParams.Host) == 0 {
-		installStatus.ErrorCode = "EMPTY_SSH_HOST"
-		return errors.New("ssh host should not be empty")
-	}
-
-	if loginParams.Port <= 0 {
-		installStatus.ErrorCode = "EMPTY_SSH_PORT"
-		return errors.New("ssh port is invalid")
-	}
-
-	if loginParams.GrantId == 0 {
-		// 从集群中读取
-		grantId, err := models.SharedNSClusterDAO.FindClusterGrantId(nil, int64(node.ClusterId))
-		if err != nil {
-			return err
-		}
-		if grantId == 0 {
-			installStatus.ErrorCode = "EMPTY_GRANT"
-			return errors.New("can not find node grant")
-		}
-		loginParams.GrantId = grantId
-	}
-	grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(nil, loginParams.GrantId)
-	if err != nil {
-		return err
-	}
-	if grant == nil {
-		installStatus.ErrorCode = "EMPTY_GRANT"
-		return errors.New("can not find user grant with id '" + numberutils.FormatInt64(loginParams.GrantId) + "'")
-	}
-
-	// API终端
-	apiNodes, err := models.SharedAPINodeDAO.FindAllEnabledAndOnAPINodes(nil)
-	if err != nil {
-		return err
-	}
-	if len(apiNodes) == 0 {
-		return errors.New("no available api nodes")
-	}
-
-	apiEndpoints := []string{}
-	for _, apiNode := range apiNodes {
-		addrConfigs, err := apiNode.DecodeAccessAddrs()
-		if err != nil {
-			return errors.New("decode api node access addresses failed: " + err.Error())
-		}
-		for _, addrConfig := range addrConfigs {
-			apiEndpoints = append(apiEndpoints, addrConfig.FullAddresses()...)
-		}
-	}
-
-	params := &NodeParams{
-		Endpoints:   apiEndpoints,
-		NodeId:      node.UniqueId,
-		Secret:      node.Secret,
-		IsUpgrading: isUpgrading,
-	}
-
-	installer := &NSNodeInstaller{}
-	err = installer.Login(&Credentials{
-		Host:       loginParams.Host,
-		Port:       loginParams.Port,
-		Username:   grant.Username,
-		Password:   grant.Password,
-		PrivateKey: grant.PrivateKey,
-		Passphrase: grant.Passphrase,
-		Method:     grant.Method,
-		Sudo:       grant.Su == 1,
-	})
-	if err != nil {
-		installStatus.ErrorCode = "SSH_LOGIN_FAILED"
-		return err
-	}
-	defer func() {
-		_ = installer.Close()
-	}()
-
-	// 安装目录
-	installDir := node.InstallDir
-	if len(installDir) == 0 {
-		clusterId := node.ClusterId
-		cluster, err := models.SharedNSClusterDAO.FindEnabledNSCluster(nil, int64(clusterId))
-		if err != nil {
-			return err
-		}
-		if cluster == nil {
-			return errors.New("can not find cluster, ID：'" + fmt.Sprintf("%d", clusterId) + "'")
-		}
-		installDir = cluster.InstallDir
-		if len(installDir) == 0 {
-			// 默认是 $登录用户/edge-dns
-			installDir = installer.client.UserHome() + "/edge-dns"
-		}
-	}
-
-	err = installer.Install(installDir, params, installStatus)
-	return err
-}
-
-// StartNode 启动边缘节点
-func (this *NSNodeQueue) StartNode(nodeId int64) error {
-	node, err := models.SharedNSNodeDAO.FindEnabledNSNode(nil, nodeId)
-	if err != nil {
-		return err
-	}
-	if node == nil {
-		return errors.New("can not find node, ID：'" + numberutils.FormatInt64(nodeId) + "'")
-	}
-
-	// 登录信息
-	login, err := models.SharedNodeLoginDAO.FindEnabledNodeLoginWithNodeId(nil, nodeconfigs.NodeRoleDNS, nodeId)
-	if err != nil {
-		return err
-	}
-	if login == nil {
-		return errors.New("can not find node login information")
-	}
-	loginParams, err := login.DecodeSSHParams()
-	if err != nil {
-		return err
-	}
-
-	if len(loginParams.Host) == 0 {
-		return errors.New("ssh host should not be empty")
-	}
-
-	if loginParams.Port <= 0 {
-		return errors.New("ssh port is invalid")
-	}
-
-	if loginParams.GrantId == 0 {
-		// 从集群中读取
-		grantId, err := models.SharedNSClusterDAO.FindClusterGrantId(nil, int64(node.ClusterId))
-		if err != nil {
-			return err
-		}
-		if grantId == 0 {
-			return errors.New("can not find node grant")
-		}
-		loginParams.GrantId = grantId
-	}
-	grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(nil, loginParams.GrantId)
-	if err != nil {
-		return err
-	}
-	if grant == nil {
-		return errors.New("can not find user grant with id '" + numberutils.FormatInt64(loginParams.GrantId) + "'")
-	}
-
-	installer := &NSNodeInstaller{}
-	err = installer.Login(&Credentials{
-		Host:       loginParams.Host,
-		Port:       loginParams.Port,
-		Username:   grant.Username,
-		Password:   grant.Password,
-		PrivateKey: grant.PrivateKey,
-		Passphrase: grant.Passphrase,
-		Method:     grant.Method,
-		Sudo:       grant.Su == 1,
-	})
-	if err != nil {
-		return err
-	}
-	defer func() {
-		_ = installer.Close()
-	}()
-
-	// 安装目录
-	installDir := node.InstallDir
-	if len(installDir) == 0 {
-		clusterId := node.ClusterId
-		cluster, err := models.SharedNSClusterDAO.FindEnabledNSCluster(nil, int64(clusterId))
-		if err != nil {
-			return err
-		}
-		if cluster == nil {
-			return errors.New("can not find cluster, ID：'" + fmt.Sprintf("%d", clusterId) + "'")
-		}
-		installDir = cluster.InstallDir
-		if len(installDir) == 0 {
-			// 默认是 $登录用户/edge-dns
-			installDir = installer.client.UserHome() + "/edge-dns"
-		}
-	}
-
-	// 检查命令是否存在
-	exeFile := installDir + "/edge-dns/bin/edge-dns"
-	_, err = installer.client.Stat(exeFile)
-	if err != nil {
-		return errors.New("edge node is not installed correctly, can not find executable file: " + exeFile)
-	}
-
-	// 我们先尝试Systemd启动
-	_, _, _ = installer.client.Exec("systemctl start edge-dns")
-
-	_, stderr, err := installer.client.Exec(exeFile + " start")
-	if err != nil {
-		return errors.New("start failed: " + err.Error())
-	}
-	if len(stderr) > 0 {
-		return errors.New("start failed: " + stderr)
-	}
-
-	return nil
-}
-
-// StopNode 停止节点
-func (this *NSNodeQueue) StopNode(nodeId int64) error {
-	node, err := models.SharedNSNodeDAO.FindEnabledNSNode(nil, nodeId)
-	if err != nil {
-		return err
-	}
-	if node == nil {
-		return errors.New("can not find node, ID：'" + numberutils.FormatInt64(nodeId) + "'")
-	}
-
-	// 登录信息
-	login, err := models.SharedNodeLoginDAO.FindEnabledNodeLoginWithNodeId(nil, nodeconfigs.NodeRoleDNS, nodeId)
-	if err != nil {
-		return err
-	}
-	if login == nil {
-		return errors.New("can not find node login information")
-	}
-	loginParams, err := login.DecodeSSHParams()
-	if err != nil {
-		return err
-	}
-
-	if len(loginParams.Host) == 0 {
-		return errors.New("ssh host should not be empty")
-	}
-
-	if loginParams.Port <= 0 {
-		return errors.New("ssh port is invalid")
-	}
-
-	if loginParams.GrantId == 0 {
-		// 从集群中读取
-		grantId, err := models.SharedNSClusterDAO.FindClusterGrantId(nil, int64(node.ClusterId))
-		if err != nil {
-			return err
-		}
-		if grantId == 0 {
-			return errors.New("can not find node grant")
-		}
-		loginParams.GrantId = grantId
-	}
-	grant, err := models.SharedNodeGrantDAO.FindEnabledNodeGrant(nil, loginParams.GrantId)
-	if err != nil {
-		return err
-	}
-	if grant == nil {
-		return errors.New("can not find user grant with id '" + numberutils.FormatInt64(loginParams.GrantId) + "'")
-	}
-
-	installer := &NSNodeInstaller{}
-	err = installer.Login(&Credentials{
-		Host:       loginParams.Host,
-		Port:       loginParams.Port,
-		Username:   grant.Username,
-		Password:   grant.Password,
-		PrivateKey: grant.PrivateKey,
-		Passphrase: grant.Passphrase,
-		Method:     grant.Method,
-		Sudo:       grant.Su == 1,
-	})
-	if err != nil {
-		return err
-	}
-	defer func() {
-		_ = installer.Close()
-	}()
-
-	// 安装目录
-	installDir := node.InstallDir
-	if len(installDir) == 0 {
-		clusterId := node.ClusterId
-		cluster, err := models.SharedNSClusterDAO.FindEnabledNSCluster(nil, int64(clusterId))
-		if err != nil {
-			return err
-		}
-		if cluster == nil {
-			return errors.New("can not find cluster, ID：'" + fmt.Sprintf("%d", clusterId) + "'")
-		}
-		installDir = cluster.InstallDir
-		if len(installDir) == 0 {
-			// 默认是 $登录用户/edge-dns
-			installDir = installer.client.UserHome() + "/edge-dns"
-		}
-	}
-
-	// 检查命令是否存在
-	exeFile := installDir + "/edge-dns/bin/edge-dns"
-	_, err = installer.client.Stat(exeFile)
-	if err != nil {
-		return errors.New("edge node is not installed correctly, can not find executable file: " + exeFile)
-	}
-
-	// 我们先尝试Systemd停止
-	_, _, _ = installer.client.Exec("systemctl stop edge-dns")
-
-	_, stderr, err := installer.client.Exec(exeFile + " stop")
-	if err != nil {
-		return errors.New("stop failed: " + err.Error())
-	}
-	if len(stderr) > 0 {
-		return errors.New("stop failed: " + stderr)
-	}
-
-	return nil
-}
--- a/internal/nodes/api_node.go
+++ b/internal/nodes/api_node.go
@@ -8,6 +8,7 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/configs"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/events"
 	"github.com/TeaOSLab/EdgeAPI/internal/goman"
 	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
@@ -15,6 +16,7 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/setup"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -31,7 +33,6 @@ import (
 	"net"
 	"os"
 	"os/exec"
-	"regexp"
 	"runtime"
 	"sort"
 	"strconv"
@@ -46,7 +47,7 @@ import (
 var sharedAPIConfig *configs.APIConfig = nil

 type APINode struct {
-	serviceInstanceMap    map[string]interface{}
+	serviceInstanceMap    map[string]any
 	serviceInstanceLocker sync.Mutex

 	sock *gosock.Sock
@@ -55,11 +56,13 @@ type APINode struct {

 	issues     []*StartIssue
 	issuesFile string
+
+	progress *utils.Progress
 }

 func NewAPINode() *APINode {
 	return &APINode{
-		serviceInstanceMap: map[string]interface{}{},
+		serviceInstanceMap: map[string]any{},
 		sock:               gosock.NewTmpSock(teaconst.ProcessName),

 		issues:     []*StartIssue{},
@@ -88,6 +91,7 @@ func (this *APINode) Start() {
 	}

 	// 启动IP库
+	this.setProgress("IP_LIBRARY", "开始初始化IP库")
 	remotelogs.Println("API_NODE", "initializing ip library ...")
 	err = iplibrary.InitDefault()
 	if err != nil {
@@ -95,6 +99,7 @@ func (this *APINode) Start() {
 	}

 	// 检查数据库连接
+	this.setProgress("DATABASE", "正在检查数据库连接")
 	err = this.checkDB()
 	if err != nil {
 		var errString = "check database connection failed: " + err.Error()
@@ -105,6 +110,7 @@ func (this *APINode) Start() {

 	// 自动升级
 	logs.Println("[API_NODE]auto upgrading ...")
+	this.setProgress("DATABASE", "正在升级数据库")
 	err = this.autoUpgrade()
 	if err != nil {
 		var errString = "auto upgrade failed: " + err.Error()
@@ -114,6 +120,7 @@ func (this *APINode) Start() {
 	}

 	// 自动设置数据库
+	this.setProgress("DATABASE", "正在设置数据库")
 	logs.Println("[API_NODE]setup database ...")
 	err = this.setupDB()
 	if err != nil {
@@ -123,10 +130,16 @@ func (this *APINode) Start() {
 	}

 	// 数据库通知启动
+	this.setProgress("DATABASE", "正在建立数据库模型")
 	logs.Println("[API_NODE]notify ready ...")
 	dbs.NotifyReady()

+	// 设置时区
+	this.setProgress("TIMEZONE", "正在设置时区")
+	this.setupTimeZone()
+
 	// 读取配置
+	this.setProgress("DATABASE", "正在加载API配置")
 	logs.Println("[API_NODE]reading api config ...")
 	config, err := configs.SharedAPIConfig()
 	if err != nil {
@@ -166,9 +179,11 @@ func (this *APINode) Start() {
 	})

 	// 访问日志存储管理器
+	this.setProgress("ACCESS_LOG_STORAGES", "正在启动访问日志存储器")
 	this.startAccessLogStorages()

 	// 监听RPC服务
+	this.setProgress("LISTEN_PORT", "正在启动监听端口")
 	remotelogs.Println("API_NODE", "starting RPC server ...")

 	var isListening = this.listenPorts(apiNode)
@@ -182,6 +197,7 @@ func (this *APINode) Start() {

 	// 结束启动
 	this.isStarting = false
+	this.progress = nil

 	// 保持进程
 	select {}
@@ -251,12 +267,19 @@ func (this *APINode) InstallSystemService() error {
 // 启动RPC监听
 func (this *APINode) listenRPC(listener net.Listener, tlsConfig *tls.Config) error {
 	var rpcServer *grpc.Server
+	var options = []grpc.ServerOption{
+		grpc.MaxRecvMsgSize(128 * 1024 * 1024),
+		grpc.MaxSendMsgSize(128 * 1024 * 1024),
+		grpc.UnaryInterceptor(this.unaryInterceptor),
+	}
+
 	if tlsConfig == nil {
 		remotelogs.Println("API_NODE", "listening GRPC http://"+listener.Addr().String()+" ...")
-		rpcServer = grpc.NewServer(grpc.MaxRecvMsgSize(128*1024*1024), grpc.UnaryInterceptor(this.unaryInterceptor))
+		rpcServer = grpc.NewServer(options...)
 	} else {
 		logs.Println("[API_NODE]listening GRPC https://" + listener.Addr().String() + " ...")
-		rpcServer = grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsConfig)), grpc.MaxRecvMsgSize(128*1024*1024), grpc.UnaryInterceptor(this.unaryInterceptor))
+		options = append(options, grpc.Creds(credentials.NewTLS(tlsConfig)))
+		rpcServer = grpc.NewServer(options...)
 	}
 	this.registerServices(rpcServer)
 	err := rpcServer.Serve(listener)
@@ -363,27 +386,57 @@ func (this *APINode) setupDB() error {
 		return err
 	}

-	// 调整预处理语句数量
+	// 检查是否为root用户
+	config, _ := db.Config()
+	if config == nil {
+		return nil
+	}
+	dsnConfig, err := mysql.ParseDSN(config.Dsn)
+	if err != nil || dsnConfig == nil {
+		return err
+	}
+	if dsnConfig.User != "root" {
+		return nil
+	}
+
+	// 设置Innodb事务提交模式
 	{
-		result, err := db.FindOne("SHOW VARIABLES WHERE variable_name='max_prepared_stmt_count'")
-		if err != nil {
-			return err
-		}
-		value := result.GetString("Value")
-		if regexp.MustCompile(`^\d+$`).MatchString(value) {
-			valueInt := types.Int(value)
-			if valueInt < 65535 {
-				_, err := db.Exec("SET GLOBAL max_prepared_stmt_count=65535")
-				if err != nil {
-					return errors.New("run 'SET GLOBAL max_prepared_stmt_count' on database failed: " + err.Error() + ", \nyou can change the variable in 'my.cnf': \n~~~\n" + `[mysqld]
-max_prepared_stmt_count=65535
-~~~
-then restart mysqld.`)
-				}
+		result, err := db.FindOne("SHOW VARIABLES WHERE variable_name='innodb_flush_log_at_trx_commit'")
+		if err == nil && result != nil {
+			var oldValue = result.GetInt("Value")
+			if oldValue == 1 {
+				_, _ = db.Exec("SET GLOBAL innodb_flush_log_at_trx_commit=2")
 			}
 		}
 	}

+	// 调整预处理语句数量
+	_ = dbutils.SetGlobalVarMin(db, "max_prepared_stmt_count", 65535)
+
+	// 调整binlog过期时间
+	{
+		const binlogExpireDays = 7
+
+		version, err := db.FindCol(0, "SELECT VERSION()")
+		if err == nil {
+			var versionString = types.String(version)
+			if strings.HasPrefix(versionString, "8.") {
+				_ = dbutils.SetGlobalVarMax(db, "binlog_expire_logs_seconds", binlogExpireDays*86400)
+			} else if strings.HasPrefix(versionString, "5.") {
+				_ = dbutils.SetGlobalVarMax(db, "expire_logs_days", binlogExpireDays)
+			}
+		}
+	}
+
+	// 设置binlog_cache_size
+	_ = dbutils.SetGlobalVarMin(db, "binlog_cache_size", 1*1024*1024)
+
+	// 设置binlog_stmt_cache_size
+	_ = dbutils.SetGlobalVarMin(db, "binlog_stmt_cache_size", 1*1024*1024)
+
+	// 设置thread_cache_size
+	_ = dbutils.SetGlobalVarMin(db, "thread_cache_size", 32)
+
 	return nil
 }

@@ -599,24 +652,24 @@ func (this *APINode) listenSock() error {
 	goman.New(func() {
 		this.sock.OnCommand(func(cmd *gosock.Command) {
 			switch cmd.Code {
-			case "pid":
+			case "pid": // 查询PID
 				_ = cmd.Reply(&gosock.Command{
 					Code: "pid",
-					Params: map[string]interface{}{
+					Params: map[string]any{
 						"pid": os.Getpid(),
 					},
 				})
-			case "info":
+			case "info": // 进程相关信息
 				exePath, _ := os.Executable()
 				_ = cmd.Reply(&gosock.Command{
 					Code: "info",
-					Params: map[string]interface{}{
+					Params: map[string]any{
 						"pid":     os.Getpid(),
 						"version": teaconst.Version,
 						"path":    exePath,
 					},
 				})
-			case "stop":
+			case "stop": // 停止
 				_ = cmd.ReplyOk()

 				// 退出主进程
@@ -625,8 +678,9 @@ func (this *APINode) listenSock() error {
 			case "starting": // 是否正在启动
 				_ = cmd.Reply(&gosock.Command{
 					Code: "starting",
-					Params: map[string]interface{}{
+					Params: map[string]any{
 						"isStarting": this.isStarting,
+						"progress":   this.progress,
 					},
 				})
 			case "goman":
@@ -655,35 +709,35 @@ func (this *APINode) listenSock() error {
 				})

 				_ = cmd.Reply(&gosock.Command{
-					Params: map[string]interface{}{
+					Params: map[string]any{
 						"total":  runtime.NumGoroutine(),
 						"result": result,
 					},
 				})
-			case "debug":
+			case "debug": // 进入|取消调试模式
 				teaconst.Debug = !teaconst.Debug
 				_ = cmd.Reply(&gosock.Command{
-					Params: map[string]interface{}{"debug": teaconst.Debug},
+					Params: map[string]any{"debug": teaconst.Debug},
 				})
-			case "db.stmt.prepare":
+			case "db.stmt.prepare": // 显示prepared的语句
 				dbs.ShowPreparedStatements = !dbs.ShowPreparedStatements
 				_ = cmd.Reply(&gosock.Command{
-					Params: map[string]interface{}{"isOn": dbs.ShowPreparedStatements},
+					Params: map[string]any{"isOn": dbs.ShowPreparedStatements},
 				})
-			case "db.stmt.count":
+			case "db.stmt.count": // 查询prepared语句数量
 				db, _ := dbs.Default()
 				if db != nil {
 					_ = cmd.Reply(&gosock.Command{
-						Params: map[string]interface{}{"count": db.StmtManager().Len()},
+						Params: map[string]any{"count": db.StmtManager().Len()},
 					})
 				} else {
 					_ = cmd.Reply(&gosock.Command{
-						Params: map[string]interface{}{"count": 0},
+						Params: map[string]any{"count": 0},
 					})
 				}
-			case "instance":
+			case "instance": // 获取实例代号
 				_ = cmd.Reply(&gosock.Command{
-					Params: map[string]interface{}{
+					Params: map[string]any{
 						"code": teaconst.InstanceCode,
 					},
 				})
@@ -705,7 +759,7 @@ func (this *APINode) listenSock() error {
 }

 // 服务过滤器
-func (this *APINode) unaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
+func (this *APINode) unaryInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp any, err error) {
 	if teaconst.Debug {
 		var before = time.Now()
 		var traceCtx = rpc.NewContext(ctx)
@@ -792,3 +846,25 @@ func (this *APINode) saveIssues() {
 		_ = os.WriteFile(this.issuesFile, issuesJSON, 0666)
 	}
 }
+
+// 设置启动进度
+func (this *APINode) setProgress(name, description string) {
+	this.progress = &utils.Progress{
+		Name:        name,
+		Description: description,
+	}
+}
+
+// 设置时区
+func (this *APINode) setupTimeZone() {
+	config, err := models.SharedSysSettingDAO.ReadAdminUIConfig(nil, nil)
+	if err == nil && config != nil {
+		if len(config.TimeZone) == 0 {
+			config.TimeZone = nodeconfigs.DefaultTimeZoneLocation
+		}
+		location, err := time.LoadLocation(config.TimeZone)
+		if err == nil && time.Local != location {
+			time.Local = location
+		}
+	}
+}
--- a/internal/nodes/rest_server.go
+++ b/internal/nodes/rest_server.go
@@ -170,6 +170,11 @@ func (this *RestServer) handle(writer http.ResponseWriter, req *http.Request) {
 		return
 	}

+	// 如果为空，表示传的数据为空
+	if len(body) == 0 {
+		body = []byte("{}")
+	}
+
 	// 请求数据
 	var reqValue = reflect.New(method.Type().In(1).Elem()).Interface()
 	err = json.Unmarshal(body, reqValue)
--- a/internal/rpc/services/service_acme_provider.go
+++ b/internal/rpc/services/service_acme_provider.go
@@ -15,7 +15,7 @@ type ACMEProviderService struct {

 // FindAllACMEProviders 查找所有的服务商
 func (this *ACMEProviderService) FindAllACMEProviders(ctx context.Context, req *pb.FindAllACMEProvidersRequest) (*pb.FindAllACMEProvidersResponse, error) {
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -37,7 +37,7 @@ func (this *ACMEProviderService) FindAllACMEProviders(ctx context.Context, req *

 // FindACMEProviderWithCode 根据代号查找服务商
 func (this *ACMEProviderService) FindACMEProviderWithCode(ctx context.Context, req *pb.FindACMEProviderWithCodeRequest) (*pb.FindACMEProviderWithCodeResponse, error) {
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_acme_provider_account.go
+++ b/internal/rpc/services/service_acme_provider_account.go
@@ -16,7 +16,7 @@ type ACMEProviderAccountService struct {

 // CreateACMEProviderAccount 创建服务商账号
 func (this *ACMEProviderAccountService) CreateACMEProviderAccount(ctx context.Context, req *pb.CreateACMEProviderAccountRequest) (*pb.CreateACMEProviderAccountResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -33,7 +33,7 @@ func (this *ACMEProviderAccountService) CreateACMEProviderAccount(ctx context.Co

 // FindAllACMEProviderAccountsWithProviderCode 使用代号查找服务商账号
 func (this *ACMEProviderAccountService) FindAllACMEProviderAccountsWithProviderCode(ctx context.Context, req *pb.FindAllACMEProviderAccountsWithProviderCodeRequest) (*pb.FindAllACMEProviderAccountsWithProviderCodeResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -76,7 +76,7 @@ func (this *ACMEProviderAccountService) FindAllACMEProviderAccountsWithProviderC

 // UpdateACMEProviderAccount 修改服务商账号
 func (this *ACMEProviderAccountService) UpdateACMEProviderAccount(ctx context.Context, req *pb.UpdateACMEProviderAccountRequest) (*pb.RPCSuccess, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -100,7 +100,7 @@ func (this *ACMEProviderAccountService) UpdateACMEProviderAccount(ctx context.Co

 // DeleteACMEProviderAccount 删除服务商账号
 func (this *ACMEProviderAccountService) DeleteACMEProviderAccount(ctx context.Context, req *pb.DeleteACMEProviderAccountRequest) (*pb.RPCSuccess, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -124,7 +124,7 @@ func (this *ACMEProviderAccountService) DeleteACMEProviderAccount(ctx context.Co

 // FindEnabledACMEProviderAccount 查找单个服务商账号
 func (this *ACMEProviderAccountService) FindEnabledACMEProviderAccount(ctx context.Context, req *pb.FindEnabledACMEProviderAccountRequest) (*pb.FindEnabledACMEProviderAccountResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -174,7 +174,7 @@ func (this *ACMEProviderAccountService) FindEnabledACMEProviderAccount(ctx conte

 // CountAllEnabledACMEProviderAccounts 计算所有服务商账号数量
 func (this *ACMEProviderAccountService) CountAllEnabledACMEProviderAccounts(ctx context.Context, req *pb.CountAllEnabledACMEProviderAccountsRequest) (*pb.RPCCountResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -189,7 +189,7 @@ func (this *ACMEProviderAccountService) CountAllEnabledACMEProviderAccounts(ctx

 // ListEnabledACMEProviderAccounts 列出单页服务商账号
 func (this *ACMEProviderAccountService) ListEnabledACMEProviderAccounts(ctx context.Context, req *pb.ListEnabledACMEProviderAccountsRequest) (*pb.ListEnabledACMEProviderAccountsResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_acme_task.go
+++ b/internal/rpc/services/service_acme_task.go
@@ -17,7 +17,7 @@ type ACMETaskService struct {

 // CountAllEnabledACMETasksWithACMEUserId 计算某个ACME用户相关的任务数量
 func (this *ACMETaskService) CountAllEnabledACMETasksWithACMEUserId(ctx context.Context, req *pb.CountAllEnabledACMETasksWithACMEUserIdRequest) (*pb.RPCCountResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -37,7 +37,7 @@ func (this *ACMETaskService) CountAllEnabledACMETasksWithACMEUserId(ctx context.

 // CountEnabledACMETasksWithDNSProviderId 计算跟某个DNS服务商相关的任务数量
 func (this *ACMETaskService) CountEnabledACMETasksWithDNSProviderId(ctx context.Context, req *pb.CountEnabledACMETasksWithDNSProviderIdRequest) (*pb.RPCCountResponse, error) {
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -55,7 +55,7 @@ func (this *ACMETaskService) CountEnabledACMETasksWithDNSProviderId(ctx context.

 // CountAllEnabledACMETasks 计算所有任务数量
 func (this *ACMETaskService) CountAllEnabledACMETasks(ctx context.Context, req *pb.CountAllEnabledACMETasksRequest) (*pb.RPCCountResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -65,7 +65,7 @@ func (this *ACMETaskService) CountAllEnabledACMETasks(ctx context.Context, req *
 		req.UserId = userId
 	}

-	count, err := acmemodels.SharedACMETaskDAO.CountAllEnabledACMETasks(tx, req.AdminId, req.UserId, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword)
+	count, err := acmemodels.SharedACMETaskDAO.CountAllEnabledACMETasks(tx, req.UserId, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword)
 	if err != nil {
 		return nil, err
 	}
@@ -74,7 +74,7 @@ func (this *ACMETaskService) CountAllEnabledACMETasks(ctx context.Context, req *

 // ListEnabledACMETasks 列出单页任务
 func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.ListEnabledACMETasksRequest) (*pb.ListEnabledACMETasksResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -85,7 +85,7 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
 		req.UserId = userId
 	}

-	tasks, err := acmemodels.SharedACMETaskDAO.ListEnabledACMETasks(tx, req.AdminId, req.UserId, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, req.Offset, req.Size)
+	tasks, err := acmemodels.SharedACMETaskDAO.ListEnabledACMETasks(tx, req.UserId, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, req.Offset, req.Size)
 	if err != nil {
 		return nil, err
 	}
@@ -223,7 +223,7 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L

 // CreateACMETask 创建任务
 func (this *ACMETaskService) CreateACMETask(ctx context.Context, req *pb.CreateACMETaskRequest) (*pb.CreateACMETaskResponse, error) {
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -242,14 +242,14 @@ func (this *ACMETaskService) CreateACMETask(ctx context.Context, req *pb.CreateA

 // UpdateACMETask 修改任务
 func (this *ACMETaskService) UpdateACMETask(ctx context.Context, req *pb.UpdateACMETaskRequest) (*pb.RPCSuccess, error) {
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}

 	var tx = this.NullTx()

-	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId)
+	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, userId, req.AcmeTaskId)
 	if err != nil {
 		return nil, err
 	}
@@ -266,14 +266,14 @@ func (this *ACMETaskService) UpdateACMETask(ctx context.Context, req *pb.UpdateA

 // DeleteACMETask 删除任务
 func (this *ACMETaskService) DeleteACMETask(ctx context.Context, req *pb.DeleteACMETaskRequest) (*pb.RPCSuccess, error) {
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}

 	var tx = this.NullTx()

-	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId)
+	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, userId, req.AcmeTaskId)
 	if err != nil {
 		return nil, err
 	}
@@ -290,14 +290,14 @@ func (this *ACMETaskService) DeleteACMETask(ctx context.Context, req *pb.DeleteA

 // RunACMETask 运行某个任务
 func (this *ACMETaskService) RunACMETask(ctx context.Context, req *pb.RunACMETaskRequest) (*pb.RunACMETaskResponse, error) {
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}

 	var tx = this.NullTx()

-	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId)
+	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, userId, req.AcmeTaskId)
 	if err != nil {
 		return nil, err
 	}
@@ -316,14 +316,14 @@ func (this *ACMETaskService) RunACMETask(ctx context.Context, req *pb.RunACMETas

 // FindEnabledACMETask 查找单个任务信息
 func (this *ACMETaskService) FindEnabledACMETask(ctx context.Context, req *pb.FindEnabledACMETaskRequest) (*pb.FindEnabledACMETaskResponse, error) {
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}

 	var tx = this.NullTx()

-	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId)
+	canAccess, err := acmemodels.SharedACMETaskDAO.CheckACMETask(tx, userId, req.AcmeTaskId)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_acme_user.go
+++ b/internal/rpc/services/service_acme_user.go
@@ -15,7 +15,7 @@ type ACMEUserService struct {
 // CreateACMEUser 创建用户
 func (this *ACMEUserService) CreateACMEUser(ctx context.Context, req *pb.CreateACMEUserRequest) (*pb.CreateACMEUserResponse, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -32,7 +32,7 @@ func (this *ACMEUserService) CreateACMEUser(ctx context.Context, req *pb.CreateA
 // UpdateACMEUser 修改用户
 func (this *ACMEUserService) UpdateACMEUser(ctx context.Context, req *pb.UpdateACMEUserRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -58,7 +58,7 @@ func (this *ACMEUserService) UpdateACMEUser(ctx context.Context, req *pb.UpdateA
 // DeleteACMEUser 删除用户
 func (this *ACMEUserService) DeleteACMEUser(ctx context.Context, req *pb.DeleteACMEUserRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -84,7 +84,7 @@ func (this *ACMEUserService) DeleteACMEUser(ctx context.Context, req *pb.DeleteA
 // CountACMEUsers 计算用户数量
 func (this *ACMEUserService) CountACMEUsers(ctx context.Context, req *pb.CountAcmeUsersRequest) (*pb.RPCCountResponse, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -104,7 +104,7 @@ func (this *ACMEUserService) CountACMEUsers(ctx context.Context, req *pb.CountAc
 // ListACMEUsers 列出单页用户
 func (this *ACMEUserService) ListACMEUsers(ctx context.Context, req *pb.ListACMEUsersRequest) (*pb.ListACMEUsersResponse, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -180,7 +180,7 @@ func (this *ACMEUserService) ListACMEUsers(ctx context.Context, req *pb.ListACME
 // FindEnabledACMEUser 查找单个用户
 func (this *ACMEUserService) FindEnabledACMEUser(ctx context.Context, req *pb.FindEnabledACMEUserRequest) (*pb.FindEnabledACMEUserResponse, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -260,7 +260,7 @@ func (this *ACMEUserService) FindEnabledACMEUser(ctx context.Context, req *pb.Fi
 // FindAllACMEUsers 查找所有用户
 func (this *ACMEUserService) FindAllACMEUsers(ctx context.Context, req *pb.FindAllACMEUsersRequest) (*pb.FindAllACMEUsersResponse, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_api_node.go
+++ b/internal/rpc/services/service_api_node.go
@@ -184,7 +184,7 @@ func (this *APINodeService) ListEnabledAPINodes(ctx context.Context, req *pb.Lis

 // FindEnabledAPINode 根据ID查找节点
 func (this *APINodeService) FindEnabledAPINode(ctx context.Context, req *pb.FindEnabledAPINodeRequest) (*pb.FindEnabledAPINodeResponse, error) {
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_base.go
+++ b/internal/rpc/services/service_base.go
@@ -32,7 +32,7 @@ func (this *BaseService) ValidateAdmin(ctx context.Context) (adminId int64, err
 }

 // ValidateAdminAndUser 校验管理员和用户
-func (this *BaseService) ValidateAdminAndUser(ctx context.Context) (adminId int64, userId int64, err error) {
+func (this *BaseService) ValidateAdminAndUser(ctx context.Context, canRest bool) (adminId int64, userId int64, err error) {
 	reqUserType, _, reqUserId, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser)
 	if err != nil {
 		return
@@ -57,6 +57,15 @@ func (this *BaseService) ValidateAdminAndUser(ctx context.Context) (adminId int6
 		err = errors.New("invalid user type")
 	}

+	if err != nil {
+		return
+	}
+
+	if userId > 0 && !canRest && rpcutils.IsRest(ctx) {
+		err = errors.New("can not be called by rest")
+		return
+	}
+
 	return
 }

@@ -73,7 +82,13 @@ func (this *BaseService) ValidateNSNode(ctx context.Context) (nodeId int64, err
 }

 // ValidateUserNode 校验用户节点
-func (this *BaseService) ValidateUserNode(ctx context.Context) (userId int64, err error) {
+func (this *BaseService) ValidateUserNode(ctx context.Context, canRest bool) (userId int64, err error) {
+	// 不允许REST调用
+	if !canRest && rpcutils.IsRest(ctx) {
+		err = errors.New("can not be called by rest")
+		return
+	}
+
 	_, _, userId, err = rpcutils.ValidateRequest(ctx, rpcutils.UserTypeUser)
 	return
 }
--- a/internal/rpc/services/service_dns.go
+++ b/internal/rpc/services/service_dns.go
@@ -40,7 +40,7 @@ func (this *DNSService) FindAllDNSIssues(ctx context.Context, req *pb.FindAllDNS
 		clusters = []*models.NodeCluster{cluster}
 	}
 	for _, cluster := range clusters {
-		issues, err := dnsutils.CheckClusterDNS(tx, cluster)
+		issues, err := dnsutils.CheckClusterDNS(tx, cluster, true)
 		if err != nil {
 			return nil, err
 		}
--- a/internal/rpc/services/service_dns_domain.go
+++ b/internal/rpc/services/service_dns_domain.go
@@ -28,7 +28,7 @@ type DNSDomainService struct {
 // CreateDNSDomain 创建域名
 func (this *DNSDomainService) CreateDNSDomain(ctx context.Context, req *pb.CreateDNSDomainRequest) (*pb.CreateDNSDomainResponse, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -147,8 +147,8 @@ func (this *DNSDomainService) RecoverDNSDomain(ctx context.Context, req *pb.Reco
 	return this.Success()
 }

-// FindEnabledDNSDomain 查询单个域名完整信息
-func (this *DNSDomainService) FindEnabledDNSDomain(ctx context.Context, req *pb.FindEnabledDNSDomainRequest) (*pb.FindEnabledDNSDomainResponse, error) {
+// FindDNSDomain 查询单个域名完整信息
+func (this *DNSDomainService) FindDNSDomain(ctx context.Context, req *pb.FindDNSDomainRequest) (*pb.FindDNSDomainResponse, error) {
 	// 校验请求
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {
@@ -162,15 +162,15 @@ func (this *DNSDomainService) FindEnabledDNSDomain(ctx context.Context, req *pb.
 		return nil, err
 	}
 	if domain == nil {
-		return &pb.FindEnabledDNSDomainResponse{DnsDomain: nil}, nil
+		return &pb.FindDNSDomainResponse{DnsDomain: nil}, nil
 	}

 	pbDomain, err := this.convertDomainToPB(tx, domain)
-	return &pb.FindEnabledDNSDomainResponse{DnsDomain: pbDomain}, nil
+	return &pb.FindDNSDomainResponse{DnsDomain: pbDomain}, nil
 }

-// FindEnabledBasicDNSDomain 查询单个域名基础信息
-func (this *DNSDomainService) FindEnabledBasicDNSDomain(ctx context.Context, req *pb.FindEnabledBasicDNSDomainRequest) (*pb.FindEnabledBasicDNSDomainResponse, error) {
+// FindBasicDNSDomain 查询单个域名基础信息
+func (this *DNSDomainService) FindBasicDNSDomain(ctx context.Context, req *pb.FindBasicDNSDomainRequest) (*pb.FindBasicDNSDomainResponse, error) {
 	// 校验请求
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {
@@ -184,10 +184,10 @@ func (this *DNSDomainService) FindEnabledBasicDNSDomain(ctx context.Context, req
 		return nil, err
 	}
 	if domain == nil {
-		return &pb.FindEnabledBasicDNSDomainResponse{DnsDomain: nil}, nil
+		return &pb.FindBasicDNSDomainResponse{DnsDomain: nil}, nil
 	}

-	return &pb.FindEnabledBasicDNSDomainResponse{DnsDomain: &pb.DNSDomain{
+	return &pb.FindBasicDNSDomainResponse{DnsDomain: &pb.DNSDomain{
 		Id:         int64(domain.Id),
 		Name:       domain.Name,
 		IsOn:       domain.IsOn,
@@ -195,8 +195,8 @@ func (this *DNSDomainService) FindEnabledBasicDNSDomain(ctx context.Context, req
 	}}, nil
 }

-// CountAllEnabledDNSDomainsWithDNSProviderId 计算服务商下的域名数量
-func (this *DNSDomainService) CountAllEnabledDNSDomainsWithDNSProviderId(ctx context.Context, req *pb.CountAllEnabledDNSDomainsWithDNSProviderIdRequest) (*pb.RPCCountResponse, error) {
+// CountAllDNSDomainsWithDNSProviderId 计算服务商下的域名数量
+func (this *DNSDomainService) CountAllDNSDomainsWithDNSProviderId(ctx context.Context, req *pb.CountAllDNSDomainsWithDNSProviderIdRequest) (*pb.RPCCountResponse, error) {
 	// 校验请求
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {
@@ -205,15 +205,15 @@ func (this *DNSDomainService) CountAllEnabledDNSDomainsWithDNSProviderId(ctx con

 	var tx = this.NullTx()

-	count, err := dns.SharedDNSDomainDAO.CountAllEnabledDomainsWithProviderId(tx, req.DnsProviderId)
+	count, err := dns.SharedDNSDomainDAO.CountAllEnabledDomainsWithProviderId(tx, req.DnsProviderId, req.IsDeleted, !req.IsDown)
 	if err != nil {
 		return nil, err
 	}
 	return this.SuccessCount(count)
 }

-// FindAllEnabledDNSDomainsWithDNSProviderId 列出服务商下的所有域名
-func (this *DNSDomainService) FindAllEnabledDNSDomainsWithDNSProviderId(ctx context.Context, req *pb.FindAllEnabledDNSDomainsWithDNSProviderIdRequest) (*pb.FindAllEnabledDNSDomainsWithDNSProviderIdResponse, error) {
+// FindAllDNSDomainsWithDNSProviderId 列出服务商下的所有域名
+func (this *DNSDomainService) FindAllDNSDomainsWithDNSProviderId(ctx context.Context, req *pb.FindAllDNSDomainsWithDNSProviderIdRequest) (*pb.FindAllDNSDomainsWithDNSProviderIdResponse, error) {
 	// 校验请求
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {
@@ -236,11 +236,11 @@ func (this *DNSDomainService) FindAllEnabledDNSDomainsWithDNSProviderId(ctx cont
 		result = append(result, pbDomain)
 	}

-	return &pb.FindAllEnabledDNSDomainsWithDNSProviderIdResponse{DnsDomains: result}, nil
+	return &pb.FindAllDNSDomainsWithDNSProviderIdResponse{DnsDomains: result}, nil
 }

-// FindAllEnabledBasicDNSDomainsWithDNSProviderId 列出服务商下的所有域名基本信息
-func (this *DNSDomainService) FindAllEnabledBasicDNSDomainsWithDNSProviderId(ctx context.Context, req *pb.FindAllEnabledBasicDNSDomainsWithDNSProviderIdRequest) (*pb.FindAllEnabledBasicDNSDomainsWithDNSProviderIdResponse, error) {
+// FindAllBasicDNSDomainsWithDNSProviderId 列出服务商下的所有域名基本信息
+func (this *DNSDomainService) FindAllBasicDNSDomainsWithDNSProviderId(ctx context.Context, req *pb.FindAllBasicDNSDomainsWithDNSProviderIdRequest) (*pb.FindAllBasicDNSDomainsWithDNSProviderIdResponse, error) {
 	// 校验请求
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {
@@ -254,7 +254,7 @@ func (this *DNSDomainService) FindAllEnabledBasicDNSDomainsWithDNSProviderId(ctx
 		return nil, err
 	}

-	result := []*pb.DNSDomain{}
+	var result = []*pb.DNSDomain{}
 	for _, domain := range domains {
 		result = append(result, &pb.DNSDomain{
 			Id:        int64(domain.Id),
@@ -265,7 +265,36 @@ func (this *DNSDomainService) FindAllEnabledBasicDNSDomainsWithDNSProviderId(ctx
 		})
 	}

-	return &pb.FindAllEnabledBasicDNSDomainsWithDNSProviderIdResponse{DnsDomains: result}, nil
+	return &pb.FindAllBasicDNSDomainsWithDNSProviderIdResponse{DnsDomains: result}, nil
+}
+
+// ListBasicDNSDomainsWithDNSProviderId 列出服务商下的单页域名信息
+func (this *DNSDomainService) ListBasicDNSDomainsWithDNSProviderId(ctx context.Context, req *pb.ListBasicDNSDomainsWithDNSProviderIdRequest) (*pb.ListDNSDomainsWithDNSProviderIdResponse, error) {
+	// 校验请求
+	_, err := this.ValidateAdmin(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+
+	domains, err := dns.SharedDNSDomainDAO.ListDomains(tx, req.DnsProviderId, req.IsDeleted, !req.IsDown, req.Offset, req.Size)
+	if err != nil {
+		return nil, err
+	}
+
+	var result = []*pb.DNSDomain{}
+	for _, domain := range domains {
+		result = append(result, &pb.DNSDomain{
+			Id:        int64(domain.Id),
+			Name:      domain.Name,
+			IsOn:      domain.IsOn,
+			IsUp:      domain.IsUp,
+			IsDeleted: domain.IsDeleted,
+		})
+	}
+
+	return &pb.ListDNSDomainsWithDNSProviderIdResponse{DnsDomains: result}, nil
 }

 // SyncDNSDomainData 同步域名数据
@@ -404,17 +433,6 @@ func (this *DNSDomainService) convertDomainToPB(tx *dbs.Tx, domain *dns.DNSDomai
 	}, nil
 }

-// 转换域名记录信息
-func (this *DNSDomainService) convertRecordToPB(record *dnstypes.Record) *pb.DNSRecord {
-	return &pb.DNSRecord{
-		Id:    record.Id,
-		Name:  record.Name,
-		Value: record.Value,
-		Type:  record.Type,
-		Route: record.Route,
-	}
-}
-
 // 检查集群节点变化
 func (this *DNSDomainService) findClusterDNSChanges(cluster *models.NodeCluster, records []*dnstypes.Record, domainName string, defaultRoute string) (result []maps.Map, doneNodeRecords []*dnstypes.Record, doneServerRecords []*dnstypes.Record, countAllNodes int64, countAllServers int64, nodesChanged bool, serversChanged bool, err error) {
 	var clusterId = int64(cluster.Id)
@@ -430,7 +448,7 @@ func (this *DNSDomainService) findClusterDNSChanges(cluster *models.NodeCluster,
 	if len(cluster.Dns) > 0 {
 		dnsConfig, _ := cluster.DecodeDNSConfig()
 		if dnsConfig != nil {
-			cnameRecords = dnsConfig.CNameRecords
+			cnameRecords = dnsConfig.CNAMERecords
 			if dnsConfig.TTL > 0 {
 				ttl = dnsConfig.TTL
 			}
@@ -443,8 +461,8 @@ func (this *DNSDomainService) findClusterDNSChanges(cluster *models.NodeCluster,
 		return nil, nil, nil, 0, 0, false, false, err
 	}
 	countAllNodes = int64(len(nodes))
-	nodeRecords := []*dnstypes.Record{}                // 之所以用数组再存一遍，是因为dnsName可能会重复
-	nodeRecordMapping := map[string]*dnstypes.Record{} // value_route => *Record
+	var nodeRecords = []*dnstypes.Record{}                // 之所以用数组再存一遍，是因为dnsName可能会重复
+	var nodeRecordMapping = map[string]*dnstypes.Record{} // value_route => *Record
 	for _, record := range records {
 		if (record.Type == dnstypes.RecordTypeA || record.Type == dnstypes.RecordTypeAAAA) && record.Name == clusterDnsName {
 			nodeRecords = append(nodeRecords, record)
@@ -453,7 +471,7 @@ func (this *DNSDomainService) findClusterDNSChanges(cluster *models.NodeCluster,
 	}

 	// 新增的节点域名
-	nodeKeys := []string{}
+	var nodeKeys = []string{}
 	for _, node := range nodes {
 		ipAddresses, err := models.SharedNodeIPAddressDAO.FindNodeAccessAndUpIPAddresses(tx, int64(node.Id), nodeconfigs.NodeRoleNode)
 		if err != nil {
@@ -528,8 +546,8 @@ func (this *DNSDomainService) findClusterDNSChanges(cluster *models.NodeCluster,
 		return nil, nil, nil, 0, 0, false, false, err
 	}
 	countAllServers = int64(len(servers))
-	serverRecords := []*dnstypes.Record{}             // 之所以用数组再存一遍，是因为dnsName可能会重复
-	serverRecordsMap := map[string]*dnstypes.Record{} // dnsName => *Record
+	var serverRecords = []*dnstypes.Record{}             // 之所以用数组再存一遍，是因为dnsName可能会重复
+	var serverRecordsMap = map[string]*dnstypes.Record{} // dnsName => *Record
 	for _, record := range records {
 		if record.Type == dnstypes.RecordTypeCNAME && record.Value == clusterDomain+"." {
 			serverRecords = append(serverRecords, record)
@@ -538,7 +556,7 @@ func (this *DNSDomainService) findClusterDNSChanges(cluster *models.NodeCluster,
 	}

 	// 新增的域名
-	serverDNSNames := []string{}
+	var serverDNSNames = []string{}
 	for _, server := range servers {
 		dnsName := server.DnsName
 		if len(dnsName) == 0 {
@@ -606,7 +624,7 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (

 	// 查询集群信息
 	var err error
-	clusters := []*models.NodeCluster{}
+	var clusters = []*models.NodeCluster{}
 	if req.NodeClusterId > 0 {
 		cluster, err := models.SharedNodeClusterDAO.FindEnabledNodeCluster(tx, req.NodeClusterId)
 		if err != nil {
@@ -642,8 +660,8 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (
 	if domain == nil {
 		return &pb.SyncDNSDomainDataResponse{IsOk: false, Error: "找不到要操作的域名"}, nil
 	}
-	domainId := int64(domain.Id)
-	domainName := domain.Name
+	var domainId = int64(domain.Id)
+	var domainName = domain.Name

 	// 服务商信息
 	provider, err := dns.SharedDNSProviderDAO.FindEnabledDNSProvider(tx, int64(domain.ProviderId))
@@ -662,7 +680,7 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (
 	}

 	// 开始同步
-	manager := dnsclients.FindProvider(provider.Type)
+	var manager = dnsclients.FindProvider(provider.Type)
 	if manager == nil {
 		return &pb.SyncDNSDomainDataResponse{IsOk: false, Error: "目前不支持'" + provider.Type + "'"}, nil
 	}
@@ -687,7 +705,7 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (

 	// 检查集群设置
 	for _, cluster := range clusters {
-		issues, err := dnsutils.CheckClusterDNS(tx, cluster)
+		issues, err := dnsutils.CheckClusterDNS(tx, cluster, req.CheckNodeIssues)
 		if err != nil {
 			return nil, err
 		}
@@ -711,7 +729,7 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (
 	}

 	// 对比变化
-	allChanges := []maps.Map{}
+	var allChanges = []maps.Map{}
 	for _, cluster := range clusters {
 		changes, _, _, _, _, _, _, err := this.findClusterDNSChanges(cluster, records, domainName, manager.DefaultRoute())
 		if err != nil {
@@ -739,8 +757,6 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (
 				return &pb.SyncDNSDomainDataResponse{IsOk: false, Error: "删除域名记录失败：" + err.Error()}, nil
 			}
 		}
-
-		//logs.Println(action, record.Name, record.Type, record.Value, record.Route)
 	}

 	// 重新更新记录
@@ -766,7 +782,7 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (

 // ExistDNSDomainRecord 检查域名是否在记录中
 func (this *DNSDomainService) ExistDNSDomainRecord(ctx context.Context, req *pb.ExistDNSDomainRecordRequest) (*pb.ExistDNSDomainRecordResponse, error) {
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -782,7 +798,7 @@ func (this *DNSDomainService) ExistDNSDomainRecord(ctx context.Context, req *pb.

 // SyncDNSDomainsFromProvider 从服务商同步域名
 func (this *DNSDomainService) SyncDNSDomainsFromProvider(ctx context.Context, req *pb.SyncDNSDomainsFromProviderRequest) (*pb.SyncDNSDomainsFromProviderResponse, error) {
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_dns_provider.go
+++ b/internal/rpc/services/service_dns_provider.go
@@ -15,7 +15,7 @@ type DNSProviderService struct {
 // CreateDNSProvider 创建服务商
 func (this *DNSProviderService) CreateDNSProvider(ctx context.Context, req *pb.CreateDNSProviderRequest) (*pb.CreateDNSProviderResponse, error) {
 	// 校验请求
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -33,7 +33,7 @@ func (this *DNSProviderService) CreateDNSProvider(ctx context.Context, req *pb.C
 // UpdateDNSProvider 修改服务商
 func (this *DNSProviderService) UpdateDNSProvider(ctx context.Context, req *pb.UpdateDNSProviderRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -52,7 +52,7 @@ func (this *DNSProviderService) UpdateDNSProvider(ctx context.Context, req *pb.U
 // CountAllEnabledDNSProviders 计算服务商数量
 func (this *DNSProviderService) CountAllEnabledDNSProviders(ctx context.Context, req *pb.CountAllEnabledDNSProvidersRequest) (*pb.RPCCountResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -72,7 +72,7 @@ func (this *DNSProviderService) CountAllEnabledDNSProviders(ctx context.Context,
 // ListEnabledDNSProviders 列出单页服务商信息
 func (this *DNSProviderService) ListEnabledDNSProviders(ctx context.Context, req *pb.ListEnabledDNSProvidersRequest) (*pb.ListEnabledDNSProvidersResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -105,7 +105,7 @@ func (this *DNSProviderService) ListEnabledDNSProviders(ctx context.Context, req
 // FindAllEnabledDNSProviders 查找所有的DNS服务商
 func (this *DNSProviderService) FindAllEnabledDNSProviders(ctx context.Context, req *pb.FindAllEnabledDNSProvidersRequest) (*pb.FindAllEnabledDNSProvidersResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -139,7 +139,7 @@ func (this *DNSProviderService) FindAllEnabledDNSProviders(ctx context.Context,
 // DeleteDNSProvider 删除服务商
 func (this *DNSProviderService) DeleteDNSProvider(ctx context.Context, req *pb.DeleteDNSProviderRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_file.go
+++ b/internal/rpc/services/service_file.go
@@ -13,7 +13,7 @@ type FileService struct {

 // FindEnabledFile 查找文件
 func (this *FileService) FindEnabledFile(ctx context.Context, req *pb.FindEnabledFileRequest) (*pb.FindEnabledFileResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -49,7 +49,7 @@ func (this *FileService) FindEnabledFile(ctx context.Context, req *pb.FindEnable

 // CreateFile 创建文件
 func (this *FileService) CreateFile(ctx context.Context, req *pb.CreateFileRequest) (*pb.CreateFileResponse, error) {
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -65,7 +65,7 @@ func (this *FileService) CreateFile(ctx context.Context, req *pb.CreateFileReque

 // UpdateFileFinished 将文件置为已完成
 func (this *FileService) UpdateFileFinished(ctx context.Context, req *pb.UpdateFileFinishedRequest) (*pb.RPCSuccess, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_file_chunk.go
+++ b/internal/rpc/services/service_file_chunk.go
@@ -15,7 +15,7 @@ type FileChunkService struct {
 // CreateFileChunk 创建文件片段
 func (this *FileChunkService) CreateFileChunk(ctx context.Context, req *pb.CreateFileChunkRequest) (*pb.CreateFileChunkResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_access_log.go
+++ b/internal/rpc/services/service_http_access_log.go
@@ -47,7 +47,7 @@ func (this *HTTPAccessLogService) CreateHTTPAccessLogs(ctx context.Context, req
 // ListHTTPAccessLogs 列出单页访问日志
 func (this *HTTPAccessLogService) ListHTTPAccessLogs(ctx context.Context, req *pb.ListHTTPAccessLogsRequest) (*pb.ListHTTPAccessLogsResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -131,7 +131,7 @@ func (this *HTTPAccessLogService) ListHTTPAccessLogs(ctx context.Context, req *p
 // FindHTTPAccessLog 查找单个日志
 func (this *HTTPAccessLogService) FindHTTPAccessLog(ctx context.Context, req *pb.FindHTTPAccessLogRequest) (*pb.FindHTTPAccessLogResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_auth_policy.go
+++ b/internal/rpc/services/service_http_auth_policy.go
@@ -15,7 +15,7 @@ type HTTPAuthPolicyService struct {

 // CreateHTTPAuthPolicy 创建策略
 func (this *HTTPAuthPolicyService) CreateHTTPAuthPolicy(ctx context.Context, req *pb.CreateHTTPAuthPolicyRequest) (*pb.CreateHTTPAuthPolicyResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -30,7 +30,7 @@ func (this *HTTPAuthPolicyService) CreateHTTPAuthPolicy(ctx context.Context, req

 // UpdateHTTPAuthPolicy 修改策略
 func (this *HTTPAuthPolicyService) UpdateHTTPAuthPolicy(ctx context.Context, req *pb.UpdateHTTPAuthPolicyRequest) (*pb.RPCSuccess, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -54,7 +54,7 @@ func (this *HTTPAuthPolicyService) UpdateHTTPAuthPolicy(ctx context.Context, req

 // FindEnabledHTTPAuthPolicy 查找策略信息
 func (this *HTTPAuthPolicyService) FindEnabledHTTPAuthPolicy(ctx context.Context, req *pb.FindEnabledHTTPAuthPolicyRequest) (*pb.FindEnabledHTTPAuthPolicyResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_cache_policy.go
+++ b/internal/rpc/services/service_http_cache_policy.go
@@ -130,7 +130,7 @@ func (this *HTTPCachePolicyService) ListEnabledHTTPCachePolicies(ctx context.Con
 // FindEnabledHTTPCachePolicyConfig 查找单个缓存策略配置
 func (this *HTTPCachePolicyService) FindEnabledHTTPCachePolicyConfig(ctx context.Context, req *pb.FindEnabledHTTPCachePolicyConfigRequest) (*pb.FindEnabledHTTPCachePolicyConfigResponse, error) {
 	// 校验请求
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_cache_task.go
+++ b/internal/rpc/services/service_http_cache_task.go
@@ -11,6 +11,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/userconfigs"
 	"github.com/iwind/TeaGo/types"
 	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
 )

 // HTTPCacheTaskService 缓存任务管理
@@ -20,7 +21,7 @@ type HTTPCacheTaskService struct {

 // CreateHTTPCacheTask 创建任务
 func (this *HTTPCacheTaskService) CreateHTTPCacheTask(ctx context.Context, req *pb.CreateHTTPCacheTaskRequest) (*pb.CreateHTTPCacheTaskResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -161,7 +162,7 @@ func (this *HTTPCacheTaskService) CreateHTTPCacheTask(ctx context.Context, req *

 // CountHTTPCacheTasks 计算任务数量
 func (this *HTTPCacheTaskService) CountHTTPCacheTasks(ctx context.Context, req *pb.CountHTTPCacheTasksRequest) (*pb.RPCCountResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -176,7 +177,7 @@ func (this *HTTPCacheTaskService) CountHTTPCacheTasks(ctx context.Context, req *

 // CountDoingHTTPCacheTasks 计算正在执行的任务数量
 func (this *HTTPCacheTaskService) CountDoingHTTPCacheTasks(ctx context.Context, req *pb.CountDoingHTTPCacheTasksRequest) (*pb.RPCCountResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -191,11 +192,13 @@ func (this *HTTPCacheTaskService) CountDoingHTTPCacheTasks(ctx context.Context,

 // ListHTTPCacheTasks 列出单页任务
 func (this *HTTPCacheTaskService) ListHTTPCacheTasks(ctx context.Context, req *pb.ListHTTPCacheTasksRequest) (*pb.ListHTTPCacheTasksResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}

+	var isFromUser = userId > 0
+
 	var tx = this.NullTx()
 	tasks, err := models.SharedHTTPCacheTaskDAO.ListTasks(tx, userId, req.Offset, req.Size)
 	if err != nil {
@@ -232,6 +235,14 @@ func (this *HTTPCacheTaskService) ListHTTPCacheTasks(ctx context.Context, req *p
 			}
 		}

+		// 对用户而言，超过Ns自动认为已完成
+		const timeoutSeconds = 300
+		if isFromUser && !task.IsDone && time.Now().Unix()-int64(task.CreatedAt) > timeoutSeconds {
+			task.IsOk = true
+			task.IsDone = true
+			task.DoneAt = task.CreatedAt + timeoutSeconds
+		}
+
 		pbTasks = append(pbTasks, &pb.HTTPCacheTask{
 			Id:                taskId,
 			UserId:            int64(task.UserId),
@@ -253,10 +264,11 @@ func (this *HTTPCacheTaskService) ListHTTPCacheTasks(ctx context.Context, req *p

 // FindEnabledHTTPCacheTask 查找单个任务
 func (this *HTTPCacheTaskService) FindEnabledHTTPCacheTask(ctx context.Context, req *pb.FindEnabledHTTPCacheTaskRequest) (*pb.FindEnabledHTTPCacheTaskResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
+	var isFromUser = userId > 0

 	var tx = this.NullTx()
 	if userId > 0 {
@@ -274,6 +286,14 @@ func (this *HTTPCacheTaskService) FindEnabledHTTPCacheTask(ctx context.Context,
 		return &pb.FindEnabledHTTPCacheTaskResponse{HttpCacheTask: nil}, nil
 	}

+	// 对用户而言，超过Ns自动认为已完成
+	const timeoutSeconds = 300
+	if isFromUser && !task.IsDone && time.Now().Unix()-int64(task.CreatedAt) > timeoutSeconds {
+		task.IsOk = true
+		task.IsDone = true
+		task.DoneAt = task.CreatedAt + timeoutSeconds
+	}
+
 	// 查询所属用户
 	var pbUser = &pb.User{}
 	if task.UserId > 0 {
@@ -306,6 +326,11 @@ func (this *HTTPCacheTaskService) FindEnabledHTTPCacheTask(ctx context.Context,
 	}
 	var pbKeys = []*pb.HTTPCacheTaskKey{}
 	for _, key := range keys {
+		// 对用户而言，超过Ns自动认为已完成
+		if isFromUser && task.IsDone {
+			key.IsDone = true
+			key.Errors = nil
+		}

 		pbKeys = append(pbKeys, &pb.HTTPCacheTaskKey{
 			Id:         int64(key.Id),
@@ -336,7 +361,7 @@ func (this *HTTPCacheTaskService) FindEnabledHTTPCacheTask(ctx context.Context,

 // DeleteHTTPCacheTask 删除任务
 func (this *HTTPCacheTaskService) DeleteHTTPCacheTask(ctx context.Context, req *pb.DeleteHTTPCacheTaskRequest) (*pb.RPCSuccess, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_cache_task_key.go
+++ b/internal/rpc/services/service_http_cache_task_key.go
@@ -18,7 +18,7 @@ type HTTPCacheTaskKeyService struct {

 // ValidateHTTPCacheTaskKeys 校验缓存Key
 func (this *HTTPCacheTaskKeyService) ValidateHTTPCacheTaskKeys(ctx context.Context, req *pb.ValidateHTTPCacheTaskKeysRequest) (*pb.ValidateHTTPCacheTaskKeysResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_cache_task_test.go
+++ b/internal/rpc/services/service_http_cache_task_test.go
@@ -3,21 +3,21 @@
 package services

 import (
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/iwind/TeaGo/assert"
 	"testing"
 )

-func TestHTTPCacheTaskService_CountHTTPCacheTasks(t *testing.T) {
+func TestHTTPCacheTaskService_ParseDomain(t *testing.T) {
 	var a = assert.NewAssertion(t)

-	var service = &HTTPCacheTaskService{}
-	a.IsTrue(service.parseDomain("aaa") == "aaa")
-	a.IsTrue(service.parseDomain("AAA") == "aaa")
-	a.IsTrue(service.parseDomain("a.b-c.com") == "a.b-c.com")
-	a.IsTrue(service.parseDomain("a.b-c.com/hello/world") == "a.b-c.com")
-	a.IsTrue(service.parseDomain("https://a.b-c.com") == "a.b-c.com")
-	a.IsTrue(service.parseDomain("http://a.b-c.com/hello/world") == "a.b-c.com")
-	a.IsTrue(service.parseDomain("http://a.B-c.com/hello/world") == "a.b-c.com")
-	a.IsTrue(service.parseDomain("http:/aaaa.com") == "http")
-	a.IsTrue(service.parseDomain("北京") == "")
+	a.IsTrue(utils.ParseDomainFromKey("aaa") == "aaa")
+	a.IsTrue(utils.ParseDomainFromKey("AAA") == "aaa")
+	a.IsTrue(utils.ParseDomainFromKey("a.b-c.com") == "a.b-c.com")
+	a.IsTrue(utils.ParseDomainFromKey("a.b-c.com/hello/world") == "a.b-c.com")
+	a.IsTrue(utils.ParseDomainFromKey("https://a.b-c.com") == "a.b-c.com")
+	a.IsTrue(utils.ParseDomainFromKey("http://a.b-c.com/hello/world") == "a.b-c.com")
+	a.IsTrue(utils.ParseDomainFromKey("http://a.B-c.com/hello/world") == "a.b-c.com")
+	a.IsTrue(utils.ParseDomainFromKey("http:/aaaa.com") == "http")
+	a.IsTrue(utils.ParseDomainFromKey("北京") == "")
 }
--- a/internal/rpc/services/service_http_fastcgi.go
+++ b/internal/rpc/services/service_http_fastcgi.go
@@ -17,7 +17,7 @@ type HTTPFastcgiService struct {

 // CreateHTTPFastcgi 创建Fastcgi
 func (this *HTTPFastcgiService) CreateHTTPFastcgi(ctx context.Context, req *pb.CreateHTTPFastcgiRequest) (*pb.CreateHTTPFastcgiResponse, error) {
-	adminId, userId, err := this.ValidateAdminAndUser(ctx)
+	adminId, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -32,7 +32,7 @@ func (this *HTTPFastcgiService) CreateHTTPFastcgi(ctx context.Context, req *pb.C

 // UpdateHTTPFastcgi 修改Fastcgi
 func (this *HTTPFastcgiService) UpdateHTTPFastcgi(ctx context.Context, req *pb.UpdateHTTPFastcgiRequest) (*pb.RPCSuccess, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -53,7 +53,7 @@ func (this *HTTPFastcgiService) UpdateHTTPFastcgi(ctx context.Context, req *pb.U

 // FindEnabledHTTPFastcgi 获取Fastcgi详情
 func (this *HTTPFastcgiService) FindEnabledHTTPFastcgi(ctx context.Context, req *pb.FindEnabledHTTPFastcgiRequest) (*pb.FindEnabledHTTPFastcgiResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -87,7 +87,7 @@ func (this *HTTPFastcgiService) FindEnabledHTTPFastcgi(ctx context.Context, req

 // FindEnabledHTTPFastcgiConfig 获取Fastcgi配置
 func (this *HTTPFastcgiService) FindEnabledHTTPFastcgiConfig(ctx context.Context, req *pb.FindEnabledHTTPFastcgiConfigRequest) (*pb.FindEnabledHTTPFastcgiConfigResponse, error) {
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -53,7 +53,7 @@ func (this *HTTPFirewallPolicyService) FindAllEnabledHTTPFirewallPolicies(ctx co
 // CreateHTTPFirewallPolicy 创建防火墙策略
 func (this *HTTPFirewallPolicyService) CreateHTTPFirewallPolicy(ctx context.Context, req *pb.CreateHTTPFirewallPolicyRequest) (*pb.CreateHTTPFirewallPolicyResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -121,7 +121,7 @@ func (this *HTTPFirewallPolicyService) CreateHTTPFirewallPolicy(ctx context.Cont
 // CreateEmptyHTTPFirewallPolicy 创建空防火墙策略
 func (this *HTTPFirewallPolicyService) CreateEmptyHTTPFirewallPolicy(ctx context.Context, req *pb.CreateEmptyHTTPFirewallPolicyRequest) (*pb.CreateEmptyHTTPFirewallPolicyResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -311,7 +311,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 // UpdateHTTPFirewallPolicyGroups 修改分组信息
 func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicyGroups(ctx context.Context, req *pb.UpdateHTTPFirewallPolicyGroupsRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -336,7 +336,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicyGroups(ctx contex
 // UpdateHTTPFirewallInboundConfig 修改inbound信息
 func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallInboundConfig(ctx context.Context, req *pb.UpdateHTTPFirewallInboundConfigRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -428,7 +428,7 @@ func (this *HTTPFirewallPolicyService) DeleteHTTPFirewallPolicy(ctx context.Cont
 // FindEnabledHTTPFirewallPolicyConfig 查找单个防火墙配置
 func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicyConfig(ctx context.Context, req *pb.FindEnabledHTTPFirewallPolicyConfigRequest) (*pb.FindEnabledHTTPFirewallPolicyConfigResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -462,7 +462,7 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicyConfig(ctx c
 // FindEnabledHTTPFirewallPolicy 获取防火墙的基本信息
 func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicy(ctx context.Context, req *pb.FindEnabledHTTPFirewallPolicyRequest) (*pb.FindEnabledHTTPFirewallPolicyResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_firewall_rule_group.go
+++ b/internal/rpc/services/service_http_firewall_rule_group.go
@@ -17,7 +17,7 @@ type HTTPFirewallRuleGroupService struct {
 // UpdateHTTPFirewallRuleGroupIsOn 设置是否启用分组
 func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupIsOnRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -43,7 +43,7 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx co
 // CreateHTTPFirewallRuleGroup 创建分组
 func (this *HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx context.Context, req *pb.CreateHTTPFirewallRuleGroupRequest) (*pb.CreateHTTPFirewallRuleGroupResponse, error) {
 	// 校验请求
-	_, _, err := this.ValidateAdminAndUser(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -60,7 +60,7 @@ func (this *HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx contex
 // UpdateHTTPFirewallRuleGroup 修改分组
 func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -86,7 +86,7 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx contex
 // FindEnabledHTTPFirewallRuleGroupConfig 获取分组配置
 func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupConfigRequest) (*pb.FindEnabledHTTPFirewallRuleGroupConfigResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -118,7 +118,7 @@ func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig
 // FindEnabledHTTPFirewallRuleGroup 获取分组信息
 func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroup(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupRequest) (*pb.FindEnabledHTTPFirewallRuleGroupResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -157,7 +157,7 @@ func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroup(ctx c
 // UpdateHTTPFirewallRuleGroupSets 修改分组的规则集
 func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupSetsRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
@@ -182,7 +182,7 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx co
 // AddHTTPFirewallRuleGroupSet 添加规则集
 func (this *HTTPFirewallRuleGroupService) AddHTTPFirewallRuleGroupSet(ctx context.Context, req *pb.AddHTTPFirewallRuleGroupSetRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx, true)
 	if err != nil {
 		return nil, err
 	}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
刘祥超	093826222a	将版本修改为v0.5.3.1	2022-09-26 12:16:44 +08:00
刘祥超	0d7b487afc	修复开源版本无法编译的问题	2022-09-26 12:16:20 +08:00
刘祥超	8de17b6d9c	只有在数据库用户是root时才执行某些命令	2022-09-26 12:16:08 +08:00
刘祥超	49d217a883	提交EdgeDNS API相关代码	2022-09-26 11:51:45 +08:00
刘祥超	4827555899	启动过程增加多个提示	2022-09-26 11:00:58 +08:00
刘祥超	41f3825ee2	使用并发队列安装和升级数据表/启动时自动调整MySQL变量	2022-09-25 20:34:19 +08:00
刘祥超	096aa153ab	创建缓存策略时默认缓存条件自动支持206 Partial Content，并使用简单条件设置	2022-09-25 10:37:05 +08:00
刘祥超	8f8b611ac1	查询5分钟流量接口增加timeFrom和timeTo参数	2022-09-24 18:55:33 +08:00
刘祥超	08b1c038f1	服务流量接口增加5分钟查询接口	2022-09-24 18:36:27 +08:00
刘祥超	934b10a254	REST 接口接收内容为空时，默认为 {}	2022-09-24 18:35:29 +08:00
刘祥超	4947f13416	更新SQL	2022-09-24 18:34:46 +08:00
刘祥超	84198d5948	优化智能DNS相关代码	2022-09-24 14:07:19 +08:00
刘祥超	d4a04bc798	智能DNS支持应答模式配置	2022-09-23 19:01:18 +08:00
刘祥超	c94b3c26c1	优化代码	2022-09-23 15:25:51 +08:00
刘祥超	5655f89ba6	优化代码	2022-09-23 09:28:19 +08:00
刘祥超	c568ad3e9a	查看访问日志列表时，不查询requestBody和responseBody，防止内容过大	2022-09-22 16:47:36 +08:00
刘祥超	d2f532447d	同步防盗链功能	2022-09-22 16:41:02 +08:00
刘祥超	ec97feab28	增加防盗链功能	2022-09-22 16:33:46 +08:00
刘祥超	316cd36f71	删除集群的时候，同时删除对应的域名解析/集群切换二级域名先删除再添加新的域名解析	2022-09-22 14:09:28 +08:00
刘祥超	702a0f1ecf	DNS访问日志创建表已经存在时不提示错误	2022-09-21 20:41:21 +08:00
刘祥超	2d2b7b7bff	优化代码	2022-09-21 15:09:39 +08:00
刘祥超	6f8c5a8e99	修复按日带宽峰值查询错误的Bug	2022-09-20 13:57:45 +08:00
刘祥超	afb35953e7	DNS集群增加时区选项	2022-09-19 17:00:39 +08:00
刘祥超	2a1f78a440	修复一处带宽计算错误	2022-09-19 14:39:22 +08:00
刘祥超	fb084a9f48	优化代码	2022-09-18 12:39:17 +08:00
刘祥超	e7f620d28f	同步域名解析时不再强制要求修复节点问题	2022-09-18 10:41:29 +08:00
刘祥超	2f64d713e8	优化代码/DNS域名增加分页	2022-09-18 10:23:04 +08:00
刘祥超	86bf316468	可以设置是否自动安装nftables	2022-09-17 21:05:18 +08:00
刘祥超	bf320271d4	修复DNSPod只能取前100个域名的问题	2022-09-17 17:16:30 +08:00
刘祥超	150a63fe98	用户端刷新预热缓存超过5分钟自动认为已完成	2022-09-17 16:50:03 +08:00
刘祥超	1d1ff11eb7	优化接口权限	2022-09-17 16:07:37 +08:00
刘祥超	55eecce416	集群增加是否远程启动选项	2022-09-17 15:11:34 +08:00
刘祥超	5f822062da	检查域名是否存在时同时检查泛域名	2022-09-17 11:38:47 +08:00
刘祥超	ee2c253e7d	节点离线时尝试自动通过API节点远程启动	2022-09-17 10:18:00 +08:00
刘祥超	5b0adb4b84	创建集群的时候初始化全局服务配置	2022-09-16 19:34:19 +08:00
刘祥超	8c72540a6e	集群设置中增加服务设置	2022-09-16 18:42:14 +08:00
刘祥超	7f811997a9	证书申请任务不区分管理员	2022-09-16 15:34:03 +08:00
刘祥超	ca94e31451	启动时自动设置binlog过期时间	2022-09-16 10:39:17 +08:00
刘祥超	320d381bd9	集群增加自动同步时钟选项	2022-09-15 15:56:50 +08:00
刘祥超	c8057457cc	更新SQL	2022-09-15 11:48:51 +08:00
刘祥超	c78c4d58ff	用户系统可以切换CDN和智能DNS	2022-09-13 19:04:31 +08:00
刘祥超	d1f8e7e757	增加DNS套餐相关数据	2022-09-13 10:49:58 +08:00
刘祥超	5386b30eba	用户节点版本修改为0.5.0	2022-09-13 10:49:17 +08:00
刘祥超	8ceb1334cd	调整GRPC参数	2022-09-12 22:03:06 +08:00
刘祥超	023e563de1	调整GRPC参数	2022-09-12 22:00:12 +08:00
刘祥超	39e6d11d71	优化代码	2022-09-11 14:41:06 +08:00
刘祥超	a5a9117ce0	增强系统配置接口的权限检查	2022-09-10 17:00:54 +08:00
刘祥超	e95b0bd9a6	实现DNS域名验证	2022-09-10 16:13:21 +08:00
刘祥超	9699a9adad	自动调整写入单次写入访问日志数量	2022-09-09 21:15:03 +08:00
刘祥超	67729abd13	修复多个日志数据库节点写入NS日志时分布不平均的问题	2022-09-09 21:06:43 +08:00
刘祥超	4c7ebce97a	修复多个日志数据库节点分布不平均的问题	2022-09-09 20:37:45 +08:00
刘祥超	44e7ce9f79	自动升级NS域名状态为verified	2022-09-09 15:25:32 +08:00
刘祥超	3468fcf8a6	DNS版本修改为0.2.7	2022-09-09 14:29:29 +08:00
刘祥超	3522c22a28	修复无法一个常量错误	2022-09-09 10:39:28 +08:00
刘祥超	333a9c6611	修改管理界面设置中的时区时同时也会应用到API节点/API节点默认时区为Asia/Shanghai	2022-09-09 10:28:44 +08:00
刘祥超	e3426a84e2	域名解析增加EdgeDNS API	2022-09-08 19:36:32 +08:00
刘祥超	a25b0e6c9d	创建集群的时候可以设置DNS记录的默认TTL	2022-09-08 11:02:26 +08:00
刘祥超	c271cadabd	计算区域监控终端低版本数量时忽略已禁用的终端	2022-09-08 10:14:02 +08:00
刘祥超	428bb7eb0f	访问日志支持中文域名搜索	2022-09-07 17:07:46 +08:00
刘祥超	6ae9f447b6	增加启动过程标记	2022-09-07 15:57:31 +08:00
刘祥超	7cc503b698	将版本修改为0.5.3	2022-09-06 09:23:28 +08:00
刘祥超	c66e28cb9d	减少带宽统计显示的空档期	2022-09-05 16:04:34 +08:00
刘祥超	e5109b24d4	版本修改为0.5.2.1	2022-09-05 16:02:55 +08:00
刘祥超	695b8482de	将版本修改为0.5.3	2022-09-05 11:03:12 +08:00