缓存策略默认不启用MMAP

.golangci.yaml

@@ -0,0 +1,75 @@
+# https://golangci-lint.run/usage/configuration/
+
+linters:
+  enable-all: true
+  disable:
+    - ifshort
+    - exhaustivestruct
+    - golint
+    - nosnakecase
+    - scopelint
+    - varcheck
+    - structcheck
+    - interfacer
+    - maligned
+    - deadcode
+    - dogsled
+    - wrapcheck
+    - wastedassign
+    - varnamelen
+    - testpackage
+    - thelper
+    - nilerr
+    - sqlclosecheck
+    - paralleltest
+    - nonamedreturns
+    - nlreturn
+    - nakedret
+    - ireturn
+    - interfacebloat
+    - gosmopolitan
+    - gomnd
+    - goerr113
+    - gochecknoglobals
+    - exhaustruct
+    - errorlint
+    - depguard
+    - exhaustive
+    - containedctx
+    - wsl
+    - cyclop
+    - dupword
+    - errchkjson
+    - contextcheck
+    - tagalign
+    - dupl
+    - forbidigo
+    - funlen
+    - goconst
+    - godox
+    - gosec
+    - lll
+    - nestif
+    - revive
+    - unparam
+    - stylecheck
+    - gocritic
+    - gofumpt
+    - gomoddirectives
+    - godot
+    - gofmt
+    - gocognit
+    - mirror
+    - gocyclo
+    - gochecknoinits
+    - gci
+    - maintidx
+    - prealloc
+    - goimports
+    - errname
+    - musttag
+    - forcetypeassert
+    - whitespace
+    - noctx
+    - tagliatelle
+    - nilnil

build/build.sh

@@ -115,7 +115,11 @@ function build() {
 	fi
 
 	# building api node
-	env GOOS="$OS" GOARCH="$ARCH" go build -trimpath -tags $TAG --ldflags="-s -w" -o "$DIST"/bin/edge-api "$ROOT"/../cmd/edge-api/main.go
+	env GOOS="$OS" GOARCH="$ARCH" go build -trimpath -tags $TAG --ldflags="-s -w" -o "$DIST/bin/$NAME" "$ROOT"/../cmd/edge-api/main.go
+	if [ ! -f "${DIST}/bin/${NAME}" ]; then
+		echo "build failed!"
+		exit
+	fi
 
 	# delete hidden files
 	find "$DIST" -name ".DS_Store" -delete

build/configs/db.template.yaml

@@ -12,4 +12,5 @@ dbs:
 
 
 fields:
-  bool: [ "uamIsOn", "followPort", "requestHostExcludingPort", "autoRemoteStart", "autoInstallNftables" ]
+  bool: [ "uamIsOn", "followPort", "requestHostExcludingPort", "autoRemoteStart", "autoInstallNftables", "enableIPLists", "detectAgents", "checkingPorts", "enableRecordHealthCheck", "offlineIsNotified", "http2Enabled", "http3Enabled", "enableHTTP2", "retry50X", "retry40X", "autoSystemTuning", "disableDefaultDB", "autoTrimDisks" ]
+

build/sql.sh

@@ -1,3 +1,7 @@
 #!/usr/bin/env bash
 
-go run `dirname $0`/../cmd/sql-dump/main.go -dir=`dirname $0`
+# generate 'internal/setup/sql.json' file
+
+CWD="$(dirname "$0")"
+
+go run "${CWD}"/../cmd/sql-dump/main.go -dir="${CWD}"

cmd/edge-api/main.go

@@ -17,6 +17,7 @@ import (
 	"github.com/iwind/gosock/pkg/gosock"
 	"log"
 	"os"
+	"strings"
 )
 
 func main() {
@@ -26,11 +27,16 @@ func main() {
 	var app = apps.NewAppCmd()
 	app.Version(teaconst.Version)
 	app.Product(teaconst.ProductName)
-	app.Usage(teaconst.ProcessName + " [start|stop|restart|setup|upgrade|service|daemon|issues]")
+	app.Usage(teaconst.ProcessName + " [-h|-v|start|stop|restart|setup|upgrade|service|daemon|issues]")
+
+	// 短版本号
+	app.On("-V", func() {
+		_, _ = os.Stdout.WriteString(teaconst.Version)
+	})
 	app.On("setup", func() {
 		var setupCmd = setup.NewSetupFromCmd()
 		err := setupCmd.Run()
-		result := maps.Map{}
+		var result = maps.Map{}
 		if err != nil {
 			result["isOk"] = false
 			result["error"] = err.Error()
@@ -183,6 +189,38 @@ func main() {
 			}
 		}
 	})
+	app.On("token", func() {
+		var role = ""
+		if len(os.Args) <= 2 {
+			fmt.Println("require --role parameter")
+			return
+		}
+
+		var set = flag.NewFlagSet("", flag.ExitOnError)
+		set.StringVar(&role, "role", "", "edge-api token --role=[admin|user|api]")
+		_ = set.Parse(os.Args[2:])
+
+		var sock = gosock.NewTmpSock(teaconst.ProcessName)
+		reply, err := sock.Send(&gosock.Command{Code: "lookupToken", Params: map[string]any{
+			"role": role,
+		}})
+		if err != nil {
+			fmt.Println("[ERROR]" + err.Error())
+		} else {
+			var resultMap = maps.NewMap(reply.Params)
+			if resultMap.GetBool("isOk") {
+				var tokens = resultMap.GetSlice("tokens")
+				fmt.Printf("%-35s | %-35s\n", "nodeId", "secret")
+				fmt.Println(strings.Repeat("-", 70))
+				for _, tokenMap := range tokens {
+					var m = maps.NewMap(tokenMap)
+					fmt.Printf("%-35s | %-35s\n", m.GetString("nodeId"), m.GetString("secret"))
+				}
+			} else {
+				fmt.Println("[ERROR]" + resultMap.GetString("err"))
+			}
+		}
+	})
 
 	app.Run(func() {
 		nodes.NewAPINode().Start()

cmd/edge-instance-installer/.gitignore

@@ -0,0 +1,2 @@
+edge-instance-installer*
+prepare.sh

cmd/edge-instance-installer/build.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+function build() {
+	ROOT=$(dirname "$0")
+
+	OS="${1}"
+	ARCH="${2}"
+	TAG="${3}"
+
+	if [ -z "$OS" ]; then
+		echo "usage: build.sh OS ARCH"
+		exit
+	fi
+
+	if [ -z "$ARCH" ]; then
+		echo "usage: build.sh OS ARCH"
+		exit
+	fi
+
+	VERSION=$(lookup_version "${ROOT}/../../internal/const/const.go")
+	TARGET_NAME="edge-instance-installer-${OS}-${ARCH}-v${VERSION}"
+
+	env GOOS=linux GOARCH="${ARCH}" go build -tags="${TAG}" -trimpath -ldflags="-s -w" -o "${TARGET_NAME}" main.go
+
+	if [ -f "${TARGET_NAME}" ]; then
+		cp "${TARGET_NAME}" "${ROOT}/../../../EdgeAdmin/docker/instance/edge-instance/assets"
+	fi
+
+	echo "[done]"
+}
+
+function lookup_version() {
+	FILE=$1
+	VERSION_DATA=$(cat "$FILE")
+	re="Version[ ]+=[ ]+\"([0-9.]+)\""
+	if [[ $VERSION_DATA =~ $re ]]; then
+		VERSION=${BASH_REMATCH[1]}
+		echo "$VERSION"
+	else
+		echo "could not match version"
+		exit
+	fi
+}
+
+build "$1" "$2" "$3"

cmd/edge-instance-installer/main.go

@@ -0,0 +1,97 @@
+// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package main
+
+import (
+	"fmt"
+	"github.com/TeaOSLab/EdgeAPI/internal/instances"
+	_ "github.com/iwind/TeaGo/bootstrap"
+	"github.com/iwind/TeaGo/lists"
+	"log"
+	"os"
+)
+
+func main() {
+	var verbose = lists.ContainsString(os.Args, "-v")
+
+	var dbHost = "127.0.0.1"
+	var dbPassword = "123456"
+	var dbName = "edges"
+
+	envDBHost, _ := os.LookupEnv("EDGE_DB_HOST")
+	if len(envDBHost) > 0 {
+		dbHost = envDBHost
+		if verbose {
+			log.Println("env EDGE_DB_HOST=" + envDBHost)
+		}
+	}
+
+	envDBPassword, _ := os.LookupEnv("EDGE_DB_PASSWORD")
+	if len(envDBPassword) > 0 {
+		dbPassword = envDBPassword
+		if verbose {
+			log.Println("env EDGE_DB_PASSWORD=" + envDBPassword)
+		}
+	}
+
+	envDBName, _ := os.LookupEnv("EDGE_DB_NAME")
+	if len(envDBName) > 0 {
+		dbName = envDBName
+		if verbose {
+			log.Println("env EDGE_DB_NAME=" + envDBName)
+		}
+	}
+
+	var isTesting = lists.ContainsString(os.Args, "-test") || lists.ContainsString(os.Args, "--test")
+	if isTesting {
+		fmt.Println("testing mode ...")
+	}
+
+	var instance = instances.NewInstance(instances.Options{
+		IsTesting: isTesting,
+		Verbose:   verbose,
+		Cacheable: false,
+		WorkDir:   "",
+		SrcDir:    "/usr/local/goedge/src",
+		DB: struct {
+			Host     string
+			Port     int
+			Username string
+			Password string
+			Name     string
+		}{
+			Host:     dbHost,
+			Port:     3306,
+			Username: "root",
+			Password: dbPassword,
+			Name:     dbName,
+		},
+		AdminNode: struct {
+			Port int
+		}{
+			Port: 7788,
+		},
+		APINode: struct {
+			HTTPPort     int
+			RestHTTPPort int
+		}{
+			HTTPPort:     8001,
+			RestHTTPPort: 8002,
+		},
+		Node: struct{ HTTPPort int }{
+			HTTPPort: 80,
+		},
+		UserNode: struct {
+			HTTPPort int
+		}{
+			HTTPPort: 7799,
+		},
+	})
+	err := instance.SetupAll()
+	if err != nil {
+		fmt.Println("[ERROR]setup failed: " + err.Error())
+		return
+	}
+
+	fmt.Println("ok")
+}

cmd/installer-helper/main.go

@@ -52,7 +52,7 @@ func main() {
 			return
 		}
 
-		unzip := helpers.NewUnzip(zipPath, targetPath)
+		var unzip = helpers.NewUnzip(zipPath, targetPath)
 		err := unzip.Run()
 		if err != nil {
 			stderr("ERROR: " + err.Error())

cmd/sql-dump/main.go

@@ -4,12 +4,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/setup"
+	"github.com/iwind/TeaGo/Tea"
 	_ "github.com/iwind/TeaGo/bootstrap"
 	"github.com/iwind/TeaGo/dbs"
-	"go/format"
 	"os"
 	"path/filepath"
-	"strconv"
 )
 
 func main() {
@@ -18,58 +17,25 @@ func main() {
 		fmt.Println("[ERROR]" + err.Error())
 		return
 	}
-	results, err := setup.NewSQLDump().Dump(db)
+	results, err := setup.NewSQLDump().Dump(db, true)
 	if err != nil {
 		fmt.Println("[ERROR]" + err.Error())
 		return
 	}
-	resultsJSON, err := json.Marshal(results)
+
+	prettyResultsJSON, err := json.MarshalIndent(results, "", "  ")
 	if err != nil {
 		fmt.Println("[ERROR]" + err.Error())
 		return
 	}
-	dir, _ := os.Getwd()
-	var sqlFile string
-	for i := 0; i < 5; i++ {
-		lookupFile := dir + "/internal/setup/sql.go"
-		_, err = os.Stat(lookupFile)
-		if err != nil {
-			dir = filepath.Dir(dir)
-			continue
-		}
-		sqlFile = lookupFile
-	}
 
-	if len(sqlFile) == 0 {
-		fmt.Println("[ERROR]can not find sql.go")
-		return
-	}
-	content := []byte(`package setup
-
-import (
-	"encoding/json"
-	"github.com/iwind/TeaGo/logs"
-)
-
-// 最新版本的数据库SQL语句，用来对比并升级已有的数据库
-// 由 sql-dump/main.go 自动生成
-func init() {
-	err := json.Unmarshal([]byte(` + strconv.Quote(string(resultsJSON)) + `), LatestSQLResult)
+	// 写入到 sql.json 中
+	var dir = filepath.Dir(Tea.Root)
+	err = os.WriteFile(dir+"/internal/setup/sql.json", prettyResultsJSON, 0666)
 	if err != nil {
-		logs.Println("[ERROR]load sql failed: " + err.Error())
-	}
-}
-`)
-	dst, err := format.Source(content)
-	if err != nil {
-		fmt.Println("[ERROR]format code failed: " + err.Error())
+		fmt.Println("[ERROR]" + err.Error())
 		return
 	}
 
-	err = os.WriteFile(sqlFile, dst, 0666)
-	if err != nil {
-		fmt.Println("[ERROR]write file failed: " + err.Error())
-		return
-	}
 	fmt.Println("ok")
 }

go.mod

@@ -1,50 +1,70 @@
 module github.com/TeaOSLab/EdgeAPI
 
-go 1.18
+go 1.21
 
 replace github.com/TeaOSLab/EdgeCommon => ../EdgeCommon
 
 require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0
 	github.com/TeaOSLab/EdgeCommon v0.0.0-00010101000000-000000000000
-	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.587
 	github.com/andybalholm/brotli v1.0.4
-	github.com/cespare/xxhash/v2 v2.1.1
-	github.com/go-acme/lego/v4 v4.5.2
-	github.com/go-sql-driver/mysql v1.5.0
-	github.com/golang/protobuf v1.5.2
-	github.com/iwind/TeaGo v0.0.0-20220811034530-657e3f15b79e
+	github.com/aws/aws-sdk-go v1.40.45
+	github.com/cespare/xxhash v1.1.0
+	github.com/fsnotify/fsnotify v1.6.0
+	github.com/go-acme/lego/v4 v4.10.2
+	github.com/go-sql-driver/mysql v1.7.0
+	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
+	github.com/iwind/TeaGo v0.0.0-20240312020455-6f20b5121caf
 	github.com/iwind/gosock v0.0.0-20220505115348-f88412125a62
-	github.com/miekg/dns v1.1.43
+	github.com/miekg/dns v1.1.50
 	github.com/mozillazg/go-pinyin v0.18.0
 	github.com/pkg/sftp v1.12.0
 	github.com/shirou/gopsutil/v3 v3.22.2
-	github.com/smartwalle/alipay/v3 v3.1.7
-	golang.org/x/crypto v0.1.0
-	golang.org/x/net v0.1.0
-	golang.org/x/sys v0.1.0
-	google.golang.org/grpc v1.45.0
-	google.golang.org/protobuf v1.27.1
+	github.com/smartwalle/alipay/v3 v3.2.20
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.801
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.801
+	github.com/volcengine/volc-sdk-golang v1.0.124
+	golang.org/x/crypto v0.22.0
+	golang.org/x/net v0.24.0
+	golang.org/x/sys v0.19.0
+	google.golang.org/grpc v1.62.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	github.com/cenkalti/backoff/v4 v4.1.1 // indirect
-	github.com/cespare/xxhash v1.1.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kr/fs v0.1.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
+	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
-	github.com/smartwalle/crypto4go v1.0.2 // indirect
+	github.com/smartwalle/ncrypto v1.0.4 // indirect
+	github.com/smartwalle/ngx v1.0.9 // indirect
+	github.com/smartwalle/nsign v1.0.9 // indirect
+	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
 	github.com/tklauser/go-sysconf v0.3.9 // indirect
 	github.com/tklauser/numcpus v0.3.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/text v0.4.0 // indirect
-	google.golang.org/genproto v0.0.0-20220317150908-0efb43f6373e // indirect
-	gopkg.in/ini.v1 v1.62.0 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240228224816-df926f6c8641 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 )

internal/acme/acme_test.go

@@ -130,6 +130,9 @@ func TestGenerate_EAB(t *testing.T) {
 	} else {
 		reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 	}
+	if err != nil {
+		t.Fatal(err)
+	}
 	myUser.Registration = reg
 
 	request := certificate.ObtainRequest{

internal/acme/dns_provider.go

@@ -1,16 +1,23 @@
 package acme
 
 import (
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/iwind/TeaGo/lists"
+	"os"
 	"strings"
+	"sync"
 )
 
 type DNSProvider struct {
 	raw       dnsclients.ProviderInterface
 	dnsDomain string
+
+	locker             sync.Mutex
+	deletedRecordNames []string
 }
 
 func NewDNSProvider(raw dnsclients.ProviderInterface, dnsDomain string) *DNSProvider {
@@ -21,6 +28,7 @@ func NewDNSProvider(raw dnsclients.ProviderInterface, dnsDomain string) *DNSProv
 }
 
 func (this *DNSProvider) Present(domain, token, keyAuth string) error {
+	_ = os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", "true")
 	fqdn, value := dns01.GetRecord(domain, keyAuth)
 
 	// 设置记录
@@ -29,31 +37,38 @@ func (this *DNSProvider) Present(domain, token, keyAuth string) error {
 		return errors.New("invalid fqdn value")
 	}
 	var recordName = fqdn[:index]
-	record, err := this.raw.QueryRecord(this.dnsDomain, recordName, dnstypes.RecordTypeTXT)
-	if err != nil {
-		return errors.New("query DNS record failed: " + err.Error())
+
+	// 先删除老的
+	this.locker.Lock()
+	var wasDeleted = lists.ContainsString(this.deletedRecordNames, recordName)
+	this.locker.Unlock()
+
+	if !wasDeleted {
+		records, err := this.raw.QueryRecords(this.dnsDomain, recordName, dnstypes.RecordTypeTXT)
+		if err != nil {
+			return fmt.Errorf("query DNS record failed: %w", err)
+		}
+		for _, record := range records {
+			err = this.raw.DeleteRecord(this.dnsDomain, record)
+			if err != nil {
+				return err
+			}
+		}
+		this.locker.Lock()
+		this.deletedRecordNames = append(this.deletedRecordNames, recordName)
+		this.locker.Unlock()
 	}
-	if record == nil {
-		err = this.raw.AddRecord(this.dnsDomain, &dnstypes.Record{
-			Id:    "",
-			Name:  recordName,
-			Type:  dnstypes.RecordTypeTXT,
-			Value: value,
-			Route: this.raw.DefaultRoute(),
-		})
-		if err != nil {
-			return errors.New("create DNS record failed: " + err.Error())
-		}
-	} else {
-		err = this.raw.UpdateRecord(this.dnsDomain, record, &dnstypes.Record{
-			Name:  recordName,
-			Type:  dnstypes.RecordTypeTXT,
-			Value: value,
-			Route: this.raw.DefaultRoute(),
-		})
-		if err != nil {
-			return errors.New("update DNS record failed: " + err.Error())
-		}
+
+	// 添加新的
+	err := this.raw.AddRecord(this.dnsDomain, &dnstypes.Record{
+		Id:    "",
+		Name:  recordName,
+		Type:  dnstypes.RecordTypeTXT,
+		Value: value,
+		Route: this.raw.DefaultRoute(),
+	})
+	if err != nil {
+		return fmt.Errorf("create DNS record failed: %w", err)
 	}
 
 	return nil

internal/acme/request.go

@@ -1,6 +1,7 @@
 package acme
 
 import (
+	"fmt"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/go-acme/lego/v4/certcrypto"
@@ -57,7 +58,9 @@ func (this *Request) Run() (certData []byte, keyData []byte, err error) {
 
 func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	if !this.debug {
-		acmelog.Logger = log.New(io.Discard, "", log.LstdFlags)
+		if !Tea.IsTesting() {
+			acmelog.Logger = log.New(io.Discard, "", log.LstdFlags)
+		}
 	}
 
 	if this.task.User == nil {
@@ -90,26 +93,26 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	// 注册用户
 	var resource = this.task.User.GetRegistration()
 	if resource != nil {
-		resource, err = client.Registration.QueryRegistration()
+		_, err = client.Registration.QueryRegistration()
 		if err != nil {
 			return nil, nil, err
 		}
 	} else {
 		if this.task.Provider.RequireEAB {
-			resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+			resource, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 				TermsOfServiceAgreed: true,
 				Kid:                  this.task.Account.EABKid,
 				HmacEncoded:          this.task.Account.EABKey,
 			})
 			if err != nil {
-				return nil, nil, errors.New("register user failed: " + err.Error())
+				return nil, nil, fmt.Errorf("register user failed: %w", err)
 			}
 			err = this.task.User.Register(resource)
 			if err != nil {
 				return nil, nil, err
 			}
 		} else {
-			resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+			resource, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 			if err != nil {
 				return nil, nil, err
 			}
@@ -132,7 +135,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	}
 	certResource, err := client.Certificate.Obtain(request)
 	if err != nil {
-		return nil, nil, errors.New("obtain cert failed: " + err.Error())
+		return nil, nil, fmt.Errorf("obtain cert failed: %w", err)
 	}
 
 	return certResource.Certificate, certResource.PrivateKey, nil
@@ -163,26 +166,26 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
 	// 注册用户
 	var resource = this.task.User.GetRegistration()
 	if resource != nil {
-		resource, err = client.Registration.QueryRegistration()
+		_, err = client.Registration.QueryRegistration()
 		if err != nil {
 			return nil, nil, err
 		}
 	} else {
 		if this.task.Provider.RequireEAB {
-			resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+			resource, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 				TermsOfServiceAgreed: true,
 				Kid:                  this.task.Account.EABKid,
 				HmacEncoded:          this.task.Account.EABKey,
 			})
 			if err != nil {
-				return nil, nil, errors.New("register user failed: " + err.Error())
+				return nil, nil, fmt.Errorf("register user failed: %w", err)
 			}
 			err = this.task.User.Register(resource)
 			if err != nil {
 				return nil, nil, err
 			}
 		} else {
-			resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+			resource, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 			if err != nil {
 				return nil, nil, err
 			}

internal/apps/app_cmd.go

@@ -1,6 +1,7 @@
 package apps
 
 import (
+	"errors"
 	"fmt"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/iwind/TeaGo/logs"
@@ -9,8 +10,10 @@ import (
 	"github.com/iwind/gosock/pkg/gosock"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"runtime"
 	"strconv"
+	"strings"
 	"time"
 )
 
@@ -184,13 +187,16 @@ func (this *AppCmd) runStart() {
 		return
 	}
 
-	cmd := exec.Command(os.Args[0])
+	var cmd = exec.Command(this.exe())
 	err := cmd.Start()
 	if err != nil {
 		fmt.Println(this.product+"  start failed:", err.Error())
 		return
 	}
 
+	// create symbolic links
+	_ = this.createSymLinks()
+
 	fmt.Println(this.product+" started ok, pid:", cmd.Process.Pid)
 }
 
@@ -237,3 +243,58 @@ func (this *AppCmd) getPID() int {
 	}
 	return maps.NewMap(reply.Params).GetInt("pid")
 }
+
+func (this *AppCmd) exe() string {
+	var exe, _ = os.Executable()
+	if len(exe) == 0 {
+		exe = os.Args[0]
+	}
+	return exe
+}
+
+// 创建软链接
+func (this *AppCmd) createSymLinks() error {
+	if runtime.GOOS != "linux" {
+		return nil
+	}
+
+	var exe, _ = os.Executable()
+	if len(exe) == 0 {
+		return nil
+	}
+
+	var errorList = []string{}
+
+	// bin
+	{
+		var target = "/usr/bin/" + teaconst.ProcessName
+		old, _ := filepath.EvalSymlinks(target)
+		if old != exe {
+			_ = os.Remove(target)
+			err := os.Symlink(exe, target)
+			if err != nil {
+				errorList = append(errorList, err.Error())
+			}
+		}
+	}
+
+	// log
+	{
+		var realPath = filepath.Dir(filepath.Dir(exe)) + "/logs/run.log"
+		var target = "/var/log/" + teaconst.ProcessName + ".log"
+		old, _ := filepath.EvalSymlinks(target)
+		if old != realPath {
+			_ = os.Remove(target)
+			err := os.Symlink(realPath, target)
+			if err != nil {
+				errorList = append(errorList, err.Error())
+			}
+		}
+	}
+
+	if len(errorList) > 0 {
+		return errors.New(strings.Join(errorList, "\n"))
+	}
+
+	return nil
+}

internal/const/const.go

@@ -1,12 +1,14 @@
 package teaconst
 
 const (
-	Version = "0.5.6"
+	Version = "1.3.8"
 
 	ProductName   = "Edge API"
 	ProcessName   = "edge-api"
 	ProductNameZH = "Edge"
 
+	GlobalProductName = "GoEdge"
+
 	Role = "api"
 
 	EncryptKey    = "8f983f4d69b83aaa0d74b21a212f6967"
@@ -18,13 +20,5 @@ const (
 
 	// 其他节点版本号，用来检测是否有需要升级的节点
 
-	NodeVersion          = "0.5.6"
-	UserNodeVersion      = "0.5.6"
-	DNSNodeVersion       = "0.2.8"
-	AuthorityNodeVersion = "0.0.2"
-	MonitorNodeVersion   = "0.0.4"
-	ReportNodeVersion    = "0.1.1"
-
-	// SQLVersion SQL版本号
-	SQLVersion = "2"
+	NodeVersion = "1.3.8"
 )

internal/const/const_community.go

@@ -0,0 +1,9 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package teaconst
+
+const (
+	// DefaultMaxNodes 节点数限制
+	DefaultMaxNodes int32 = 50
+)

internal/const/vars.go

@@ -7,13 +7,29 @@ import (
 	"fmt"
 	"github.com/iwind/TeaGo/rands"
 	"github.com/iwind/TeaGo/types"
+	"os"
+	"strings"
 	"time"
 )
 
 var (
 	IsPlus             = false
+	Edition            = ""
 	MaxNodes     int32 = 0
 	NodeId       int64 = 0
 	Debug              = false
 	InstanceCode       = fmt.Sprintf("%x", sha1.Sum([]byte("INSTANCE"+types.String(time.Now().UnixNano())+"@"+types.String(rands.Int64()))))
+	IsMain             = checkMain()
 )
+
+// 检查是否为主程序
+func checkMain() bool {
+	if len(os.Args) == 1 ||
+		(len(os.Args) >= 2 && os.Args[1] == "pprof") {
+		return true
+	}
+	exe, _ := os.Executable()
+	return strings.HasSuffix(exe, ".test") ||
+		strings.HasSuffix(exe, ".test.exe") ||
+		strings.Contains(exe, "___")
+}

internal/db/models/acme/acme_task_dao.go

@@ -2,6 +2,7 @@ package acme
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	acmeutils "github.com/TeaOSLab/EdgeAPI/internal/acme"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
@@ -106,9 +107,17 @@ func (this *ACMETaskDAO) DisableAllTasksWithCertId(tx *dbs.Tx, certId int64) err
 }
 
 // CountAllEnabledACMETasks 计算所有任务数量
-func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string) (int64, error) {
+func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string, userOnly bool) (int64, error) {
 	var query = this.Query(tx)
-	query.Attr("userId", userId) // 这个条件必须加上
+	if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		if userOnly {
+			query.Gt("userId", 0)
+		} else {
+			query.Attr("userId", 0)
+		}
+	}
 	if isAvailable || isExpired || expiringDays > 0 {
 		query.Gt("certId", 0)
 
@@ -138,9 +147,17 @@ func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, userId int64, isAv
 }
 
 // ListEnabledACMETasks 列出单页任务
-func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string, offset int64, size int64) (result []*ACMETask, err error) {
+func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, userId int64, isAvailable bool, isExpired bool, expiringDays int64, keyword string, userOnly bool, offset int64, size int64) (result []*ACMETask, err error) {
 	var query = this.Query(tx)
-	query.Attr("userId", userId) // 这个条件必须加上
+	if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		if userOnly {
+			query.Gt("userId", 0)
+		} else {
+			query.Attr("userId", 0)
+		}
+	}
 	if isAvailable || isExpired || expiringDays > 0 {
 		query.Gt("certId", 0)
 
@@ -228,8 +245,8 @@ func (this *ACMETaskDAO) UpdateACMETask(tx *dbs.Tx, acmeTaskId int64, acmeUserId
 	return err
 }
 
-// CheckACMETask 检查权限
-func (this *ACMETaskDAO) CheckACMETask(tx *dbs.Tx, userId int64, acmeTaskId int64) (bool, error) {
+// CheckUserACMETask 检查用户权限
+func (this *ACMETaskDAO) CheckUserACMETask(tx *dbs.Tx, userId int64, acmeTaskId int64) (bool, error) {
 	var query = this.Query(tx)
 	if userId > 0 {
 		query.Attr("userId", userId)
@@ -241,6 +258,15 @@ func (this *ACMETaskDAO) CheckACMETask(tx *dbs.Tx, userId int64, acmeTaskId int6
 		Exist()
 }
 
+// FindACMETaskUserId 查找任务所属用户ID
+func (this *ACMETaskDAO) FindACMETaskUserId(tx *dbs.Tx, taskId int64) (userId int64, err error) {
+	return this.Query(tx).
+		Pk(taskId).
+		Result("userId").
+		FindInt64Col(0)
+}
+
+
 // UpdateACMETaskCert 设置任务关联的证书
 func (this *ACMETaskDAO) UpdateACMETaskCert(tx *dbs.Tx, taskId int64, certId int64) error {
 	if taskId <= 0 {
@@ -434,7 +460,7 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
 		CertData: certData,
 		KeyData:  keyData,
 	}
-	err = sslConfig.Init()
+	err = sslConfig.Init(context.Background())
 	if err != nil {
 		errMsg = "证书生成成功，但是分析证书信息时发生错误：" + err.Error()
 		return

internal/db/models/acme/acme_task_log_dao.go

@@ -1,6 +1,7 @@
 package acme
 
 import (
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -27,17 +28,17 @@ func init() {
 	})
 }
 
-// 生成日志
+// CreateACMETaskLog 生成日志
 func (this *ACMETaskLogDAO) CreateACMETaskLog(tx *dbs.Tx, taskId int64, isOk bool, errMsg string) error {
 	var op = NewACMETaskLogOperator()
 	op.TaskId = taskId
-	op.Error = errMsg
+	op.Error = utils.LimitString(errMsg, 1024)
 	op.IsOk = isOk
 	err := this.Save(tx, op)
 	return err
 }
 
-// 取得任务的最后一条执行日志
+// FindLatestACMETasKLog 取得任务的最后一条执行日志
 func (this *ACMETaskLogDAO) FindLatestACMETasKLog(tx *dbs.Tx, taskId int64) (*ACMETaskLog, error) {
 	one, err := this.Query(tx).
 		Attr("taskId", taskId).

internal/db/models/acme/acme_user_dao.go

@@ -131,6 +131,8 @@ func (this *ACMEUserDAO) CountACMEUsersWithAdminId(tx *dbs.Tx, adminId int64, us
 	}
 	if userId > 0 {
 		query.Attr("userId", userId)
+	} else {
+		query.Attr("userId", 0)
 	}
 	if accountId > 0 {
 		query.Attr("accountId", accountId)
@@ -149,6 +151,8 @@ func (this *ACMEUserDAO) ListACMEUsers(tx *dbs.Tx, adminId int64, userId int64,
 	}
 	if userId > 0 {
 		query.Attr("userId", userId)
+	} else {
+		query.Attr("userId", 0)
 	}
 
 	_, err = query.

internal/db/models/ad_network_dao.go

@@ -0,0 +1,71 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	ADNetworkStateEnabled  = 1 // 已启用
+	ADNetworkStateDisabled = 0 // 已禁用
+)
+
+type ADNetworkDAO dbs.DAO
+
+func NewADNetworkDAO() *ADNetworkDAO {
+	return dbs.NewDAO(&ADNetworkDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeADNetworks",
+			Model:  new(ADNetwork),
+			PkName: "id",
+		},
+	}).(*ADNetworkDAO)
+}
+
+var SharedADNetworkDAO *ADNetworkDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedADNetworkDAO = NewADNetworkDAO()
+	})
+}
+
+// EnableADNetwork 启用条目
+func (this *ADNetworkDAO) EnableADNetwork(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", ADNetworkStateEnabled).
+		Update()
+	return err
+}
+
+// DisableADNetwork 禁用条目
+func (this *ADNetworkDAO) DisableADNetwork(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", ADNetworkStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledADNetwork 查找启用中的条目
+func (this *ADNetworkDAO) FindEnabledADNetwork(tx *dbs.Tx, id int64) (*ADNetwork, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(ADNetworkStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*ADNetwork), err
+}
+
+// FindADNetworkName 根据主键查找名称
+func (this *ADNetworkDAO) FindADNetworkName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}

internal/db/models/ad_network_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/ad_network_model.go

@@ -0,0 +1,24 @@
+package models
+
+// ADNetwork 高防线路
+type ADNetwork struct {
+	Id          uint32 `field:"id"`          // ID
+	IsOn        bool   `field:"isOn"`        // 是否启用
+	Name        string `field:"name"`        // 名称
+	Description string `field:"description"` // 描述
+	Order       uint32 `field:"order"`       // 排序
+	State       uint8  `field:"state"`       // 状态
+}
+
+type ADNetworkOperator struct {
+	Id          any // ID
+	IsOn        any // 是否启用
+	Name        any // 名称
+	Description any // 描述
+	Order       any // 排序
+	State       any // 状态
+}
+
+func NewADNetworkOperator() *ADNetworkOperator {
+	return &ADNetworkOperator{}
+}

internal/db/models/ad_package_dao.go

@@ -0,0 +1,71 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	ADPackageStateEnabled  = 1 // 已启用
+	ADPackageStateDisabled = 0 // 已禁用
+)
+
+type ADPackageDAO dbs.DAO
+
+func NewADPackageDAO() *ADPackageDAO {
+	return dbs.NewDAO(&ADPackageDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeADPackages",
+			Model:  new(ADPackage),
+			PkName: "id",
+		},
+	}).(*ADPackageDAO)
+}
+
+var SharedADPackageDAO *ADPackageDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedADPackageDAO = NewADPackageDAO()
+	})
+}
+
+// EnableADPackage 启用条目
+func (this *ADPackageDAO) EnableADPackage(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", ADPackageStateEnabled).
+		Update()
+	return err
+}
+
+// DisableADPackage 禁用条目
+func (this *ADPackageDAO) DisableADPackage(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", ADPackageStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledADPackage 查找启用中的条目
+func (this *ADPackageDAO) FindEnabledADPackage(tx *dbs.Tx, id int64) (*ADPackage, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(ADPackageStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*ADPackage), err
+}
+
+// FindADPackageName 根据主键查找名称
+func (this *ADPackageDAO) FindADPackageName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}

internal/db/models/ad_package_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/ad_package_instance_dao.go

@@ -0,0 +1,54 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	ADPackageInstanceStateEnabled  = 1 // 已启用
+	ADPackageInstanceStateDisabled = 0 // 已禁用
+)
+
+type ADPackageInstanceDAO dbs.DAO
+
+func NewADPackageInstanceDAO() *ADPackageInstanceDAO {
+	return dbs.NewDAO(&ADPackageInstanceDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeADPackageInstances",
+			Model:  new(ADPackageInstance),
+			PkName: "id",
+		},
+	}).(*ADPackageInstanceDAO)
+}
+
+var SharedADPackageInstanceDAO *ADPackageInstanceDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedADPackageInstanceDAO = NewADPackageInstanceDAO()
+	})
+}
+
+// EnableADPackageInstance 启用条目
+func (this *ADPackageInstanceDAO) EnableADPackageInstance(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", ADPackageInstanceStateEnabled).
+		Update()
+	return err
+}
+
+// FindEnabledADPackageInstance 查找启用中的条目
+func (this *ADPackageInstanceDAO) FindEnabledADPackageInstance(tx *dbs.Tx, id int64) (*ADPackageInstance, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(ADPackageInstanceStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*ADPackageInstance), err
+}

internal/db/models/ad_package_instance_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/ad_package_instance_model.go

@@ -0,0 +1,36 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// ADPackageInstance 高防实例
+type ADPackageInstance struct {
+	Id             uint32   `field:"id"`             // ID
+	IsOn           bool     `field:"isOn"`           // 是否启用
+	PackageId      uint32   `field:"packageId"`      // 规格ID
+	ClusterId      uint32   `field:"clusterId"`      // 集群ID
+	NodeIds        dbs.JSON `field:"nodeIds"`        // 节点ID
+	IpAddresses    dbs.JSON `field:"ipAddresses"`    // IP地址
+	UserId         uint64   `field:"userId"`         // 用户ID
+	UserDayTo      string   `field:"userDayTo"`      // 用户有效期YYYYMMDD
+	UserInstanceId uint64   `field:"userInstanceId"` // 用户实例ID
+	State          uint8    `field:"state"`          // 状态
+	ObjectCodes    dbs.JSON `field:"objectCodes"`    // 防护对象
+}
+
+type ADPackageInstanceOperator struct {
+	Id             any // ID
+	IsOn           any // 是否启用
+	PackageId      any // 规格ID
+	ClusterId      any // 集群ID
+	NodeIds        any // 节点ID
+	IpAddresses    any // IP地址
+	UserId         any // 用户ID
+	UserDayTo      any // 用户有效期YYYYMMDD
+	UserInstanceId any // 用户实例ID
+	State          any // 状态
+	ObjectCodes    any // 防护对象
+}
+
+func NewADPackageInstanceOperator() *ADPackageInstanceOperator {
+	return &ADPackageInstanceOperator{}
+}

internal/db/models/ad_package_model.go

@@ -0,0 +1,32 @@
+package models
+
+// ADPackage 高防产品规格
+type ADPackage struct {
+	Id                      uint32 `field:"id"`                      // ID
+	IsOn                    bool   `field:"isOn"`                    // 是否启用
+	NetworkId               uint32 `field:"networkId"`               // 线路ID
+	ProtectionBandwidthSize uint32 `field:"protectionBandwidthSize"` // 防护带宽尺寸
+	ProtectionBandwidthUnit string `field:"protectionBandwidthUnit"` // 防护带宽单位
+	ProtectionBandwidthBits uint64 `field:"protectionBandwidthBits"` // 防护带宽比特
+	ServerBandwidthSize     uint32 `field:"serverBandwidthSize"`     // 业务带宽尺寸
+	ServerBandwidthUnit     string `field:"serverBandwidthUnit"`     // 业务带宽单位
+	ServerBandwidthBits     uint64 `field:"serverBandwidthBits"`     // 业务带宽比特
+	State                   uint8  `field:"state"`                   // 状态
+}
+
+type ADPackageOperator struct {
+	Id                      any // ID
+	IsOn                    any // 是否启用
+	NetworkId               any // 线路ID
+	ProtectionBandwidthSize any // 防护带宽尺寸
+	ProtectionBandwidthUnit any // 防护带宽单位
+	ProtectionBandwidthBits any // 防护带宽比特
+	ServerBandwidthSize     any // 业务带宽尺寸
+	ServerBandwidthUnit     any // 业务带宽单位
+	ServerBandwidthBits     any // 业务带宽比特
+	State                   any // 状态
+}
+
+func NewADPackageOperator() *ADPackageOperator {
+	return &ADPackageOperator{}
+}

internal/db/models/ad_package_period_dao.go

@@ -0,0 +1,63 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	ADPackagePeriodStateEnabled  = 1 // 已启用
+	ADPackagePeriodStateDisabled = 0 // 已禁用
+)
+
+type ADPackagePeriodDAO dbs.DAO
+
+func NewADPackagePeriodDAO() *ADPackagePeriodDAO {
+	return dbs.NewDAO(&ADPackagePeriodDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeADPackagePeriods",
+			Model:  new(ADPackagePeriod),
+			PkName: "id",
+		},
+	}).(*ADPackagePeriodDAO)
+}
+
+var SharedADPackagePeriodDAO *ADPackagePeriodDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedADPackagePeriodDAO = NewADPackagePeriodDAO()
+	})
+}
+
+// EnableADPackagePeriod 启用条目
+func (this *ADPackagePeriodDAO) EnableADPackagePeriod(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", ADPackagePeriodStateEnabled).
+		Update()
+	return err
+}
+
+// DisableADPackagePeriod 禁用条目
+func (this *ADPackagePeriodDAO) DisableADPackagePeriod(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", ADPackagePeriodStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledADPackagePeriod 查找启用中的条目
+func (this *ADPackagePeriodDAO) FindEnabledADPackagePeriod(tx *dbs.Tx, id int64) (*ADPackagePeriod, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(ADPackagePeriodStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*ADPackagePeriod), err
+}

internal/db/models/ad_package_period_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/ad_package_period_model.go

@@ -0,0 +1,24 @@
+package models
+
+// ADPackagePeriod 高防产品有效期
+type ADPackagePeriod struct {
+	Id     uint32 `field:"id"`     // ID
+	IsOn   bool   `field:"isOn"`   // 是否启用
+	Count  uint32 `field:"count"`  // 数量
+	Unit   string `field:"unit"`   // 单位：month, year
+	Months uint32 `field:"months"` // 月数
+	State  uint8  `field:"state"`  // 状态
+}
+
+type ADPackagePeriodOperator struct {
+	Id     any // ID
+	IsOn   any // 是否启用
+	Count  any // 数量
+	Unit   any // 单位：month, year
+	Months any // 月数
+	State  any // 状态
+}
+
+func NewADPackagePeriodOperator() *ADPackagePeriodOperator {
+	return &ADPackagePeriodOperator{}
+}

internal/db/models/ad_package_period_model_ext.go

@@ -0,0 +1 @@
+package models

internal/db/models/ad_package_price_dao.go

@@ -0,0 +1,28 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+type ADPackagePriceDAO dbs.DAO
+
+func NewADPackagePriceDAO() *ADPackagePriceDAO {
+	return dbs.NewDAO(&ADPackagePriceDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeADPackagePrices",
+			Model:  new(ADPackagePrice),
+			PkName: "id",
+		},
+	}).(*ADPackagePriceDAO)
+}
+
+var SharedADPackagePriceDAO *ADPackagePriceDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedADPackagePriceDAO = NewADPackagePriceDAO()
+	})
+}

internal/db/models/ad_package_price_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/ad_package_price_model.go

@@ -0,0 +1,22 @@
+package models
+
+// ADPackagePrice 流量包价格
+type ADPackagePrice struct {
+	Id            uint32  `field:"id"`            // ID
+	PackageId     uint32  `field:"packageId"`     // 高防产品ID
+	PeriodId      uint32  `field:"periodId"`      // 有效期ID
+	Price         float64 `field:"price"`         // 价格
+	DiscountPrice float64 `field:"discountPrice"` // 折后价格
+}
+
+type ADPackagePriceOperator struct {
+	Id            any // ID
+	PackageId     any // 高防产品ID
+	PeriodId      any // 有效期ID
+	Price         any // 价格
+	DiscountPrice any // 折后价格
+}
+
+func NewADPackagePriceOperator() *ADPackagePriceOperator {
+	return &ADPackagePriceOperator{}
+}

internal/db/models/ad_package_price_model_ext.go

@@ -0,0 +1 @@
+package models

internal/db/models/admin_dao.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
@@ -44,11 +45,17 @@ func (this *AdminDAO) EnableAdmin(tx *dbs.Tx, id int64) (rowsAffected int64, err
 }
 
 // DisableAdmin 禁用条目
-func (this *AdminDAO) DisableAdmin(tx *dbs.Tx, id int64) (rowsAffected int64, err error) {
-	return this.Query(tx).
-		Pk(id).
+func (this *AdminDAO) DisableAdmin(tx *dbs.Tx, adminId int64) error {
+	err := this.Query(tx).
+		Pk(adminId).
 		Set("state", AdminStateDisabled).
-		Update()
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	// 删除AccessTokens
+	return SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, adminId, 0)
 }
 
 // FindEnabledAdmin 查找启用中的条目
@@ -123,6 +130,19 @@ func (this *AdminDAO) FindAdminIdWithUsername(tx *dbs.Tx, username string) (int6
 	return int64(one.(*Admin).Id), nil
 }
 
+// FindAdminWithUsername 根据用户名查询管理员信息
+func (this *AdminDAO) FindAdminWithUsername(tx *dbs.Tx, username string) (*Admin, error) {
+	one, err := this.Query(tx).
+		Attr("username", username).
+		State(AdminStateEnabled).
+		ResultPk().
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+	return one.(*Admin), nil
+}
+
 // UpdateAdminPassword 更改管理员密码
 func (this *AdminDAO) UpdateAdminPassword(tx *dbs.Tx, adminId int64, password string) error {
 	if adminId <= 0 {
@@ -190,10 +210,22 @@ func (this *AdminDAO) UpdateAdmin(tx *dbs.Tx, adminId int64, username string, ca
 	}
 	op.IsOn = isOn
 	err := this.Save(tx, op)
-	return err
+	if err != nil {
+		return err
+	}
+
+	if !isOn {
+		// 删除AccessTokens
+		err = SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, adminId, 0)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
 }
 
-// CheckAdminUsername 检查用户名是否存在
+// CheckAdminUsername 检查管理员用户名是否存在
 func (this *AdminDAO) CheckAdminUsername(tx *dbs.Tx, adminId int64, username string) (bool, error) {
 	query := this.Query(tx).
 		State(AdminStateEnabled).
@@ -241,24 +273,43 @@ func (this *AdminDAO) FindAllAdminModules(tx *dbs.Tx) (result []*Admin, err erro
 	_, err = this.Query(tx).
 		State(AdminStateEnabled).
 		Attr("isOn", true).
-		Result("id", "modules", "isSuper", "fullname", "theme").
+		Result("id", "modules", "isSuper", "fullname", "theme", "lang").
 		Slice(&result).
 		FindAll()
 	return
 }
 
 // CountAllEnabledAdmins 计算所有管理员数量
-func (this *AdminDAO) CountAllEnabledAdmins(tx *dbs.Tx) (int64, error) {
-	return this.Query(tx).
+func (this *AdminDAO) CountAllEnabledAdmins(tx *dbs.Tx, keyword string, hasWeakPasswords bool) (int64, error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Where("(username LIKE :keyword OR fullname LIKE :keyword)")
+		query.Param("keyword", dbutils.QuoteLike(keyword))
+	}
+	if hasWeakPasswords {
+		query.Attr("password", weakPasswords)
+		query.Attr("isOn", true)
+	}
+	return query.
 		State(AdminStateEnabled).
 		Count()
 }
 
 // ListEnabledAdmins 列出单页的管理员
-func (this *AdminDAO) ListEnabledAdmins(tx *dbs.Tx, offset int64, size int64) (result []*Admin, err error) {
-	_, err = this.Query(tx).
+func (this *AdminDAO) ListEnabledAdmins(tx *dbs.Tx, keyword string, hasWeakPasswords bool, offset int64, size int64) (result []*Admin, err error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Where("(username LIKE :keyword OR fullname LIKE :keyword)")
+		query.Param("keyword", dbutils.QuoteLike(keyword))
+	}
+	if hasWeakPasswords {
+		query.Attr("password", weakPasswords)
+		query.Attr("isOn", true)
+	}
+
+	_, err = query.
 		State(AdminStateEnabled).
-		Result("id", "isOn", "username", "fullname", "isSuper", "createdAt", "canLogin").
+		Result("id", "isOn", "username", "fullname", "isSuper", "createdAt", "canLogin", "password").
 		Offset(offset).
 		Limit(size).
 		DescPk().
@@ -274,3 +325,23 @@ func (this *AdminDAO) UpdateAdminTheme(tx *dbs.Tx, adminId int64, theme string)
 		Set("theme", theme).
 		UpdateQuickly()
 }
+
+// UpdateAdminLang 设置管理员语言
+func (this *AdminDAO) UpdateAdminLang(tx *dbs.Tx, adminId int64, langCode string) error {
+	return this.Query(tx).
+		Pk(adminId).
+		Set("lang", langCode).
+		UpdateQuickly()
+}
+
+// CheckSuperAdmin 检查管理员是否为超级管理员
+func (this *AdminDAO) CheckSuperAdmin(tx *dbs.Tx, adminId int64) (bool, error) {
+	if adminId <= 0 {
+		return false, nil
+	}
+	return this.Query(tx).
+		Pk(adminId).
+		State(AdminStateEnabled).
+		Attr("isSuper", true).
+		Exist()
+}

internal/db/models/admin_model.go

@@ -2,6 +2,22 @@ package models
 
 import "github.com/iwind/TeaGo/dbs"
 
+const (
+	AdminField_Id        dbs.FieldName = "id"        // ID
+	AdminField_IsOn      dbs.FieldName = "isOn"      // 是否启用
+	AdminField_Username  dbs.FieldName = "username"  // 用户名
+	AdminField_Password  dbs.FieldName = "password"  // 密码
+	AdminField_Fullname  dbs.FieldName = "fullname"  // 全名
+	AdminField_IsSuper   dbs.FieldName = "isSuper"   // 是否为超级管理员
+	AdminField_CreatedAt dbs.FieldName = "createdAt" // 创建时间
+	AdminField_UpdatedAt dbs.FieldName = "updatedAt" // 修改时间
+	AdminField_State     dbs.FieldName = "state"     // 状态
+	AdminField_Modules   dbs.FieldName = "modules"   // 允许的模块
+	AdminField_CanLogin  dbs.FieldName = "canLogin"  // 是否可以登录
+	AdminField_Theme     dbs.FieldName = "theme"     // 模板设置
+	AdminField_Lang      dbs.FieldName = "lang"      // 语言代号
+)
+
 // Admin 管理员
 type Admin struct {
 	Id        uint32   `field:"id"`        // ID
@@ -16,6 +32,7 @@ type Admin struct {
 	Modules   dbs.JSON `field:"modules"`   // 允许的模块
 	CanLogin  bool     `field:"canLogin"`  // 是否可以登录
 	Theme     string   `field:"theme"`     // 模板设置
+	Lang      string   `field:"lang"`      // 语言代号
 }
 
 type AdminOperator struct {
@@ -31,6 +48,7 @@ type AdminOperator struct {
 	Modules   any // 允许的模块
 	CanLogin  any // 是否可以登录
 	Theme     any // 模板设置
+	Lang      any // 语言代号
 }
 
 func NewAdminOperator() *AdminOperator {

internal/db/models/admin_model_ext.go

@@ -1 +1,42 @@
 package models
+
+import stringutil "github.com/iwind/TeaGo/utils/string"
+
+// 弱密码集合
+var weakPasswords = []string{}
+
+func init() {
+	// 初始化弱密码集合
+	for _, password := range []string{
+		"123",
+		"1234",
+		"12345",
+		"123456",
+		"12345678",
+		"123456789",
+		"000000",
+		"111111",
+		"666666",
+		"888888",
+		"654321",
+		"123456789",
+		"password",
+		"qwerty",
+		"admin",
+	} {
+		weakPasswords = append(weakPasswords, stringutil.Md5(password))
+	}
+}
+
+func (this *Admin) HasWeakPassword() bool {
+	if len(this.Password) == 0 {
+		return false
+	}
+
+	for _, weakPassword := range weakPasswords {
+		if weakPassword == this.Password {
+			return true
+		}
+	}
+	return false
+}

internal/db/models/api_access_token_dao.go

@@ -81,3 +81,16 @@ func (this *APIAccessTokenDAO) FindAccessToken(tx *dbs.Tx, token string) (*APIAc
 	}
 	return one.(*APIAccessToken), nil
 }
+
+// DeleteAccessTokens 删除用户的令牌
+func (this *APIAccessTokenDAO) DeleteAccessTokens(tx *dbs.Tx, adminId int64, userId int64) error {
+	var query = this.Query(tx)
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	} else if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		return nil
+	}
+	return query.DeleteQuickly()
+}

internal/db/models/api_node_dao.go

@@ -335,6 +335,7 @@ func (this *APINodeDAO) UpdateAPINodeStatus(tx *dbs.Tx, apiNodeId int64, statusJ
 func (this *APINodeDAO) CountAllLowerVersionNodes(tx *dbs.Tx, version string) (int64, error) {
 	return this.Query(tx).
 		State(APINodeStateEnabled).
+		Attr("isOn", true).
 		Where("status IS NOT NULL").
 		Where("(JSON_EXTRACT(status, '$.buildVersionCode') IS NULL OR JSON_EXTRACT(status, '$.buildVersionCode')<:version)").
 		Param("version", utils.VersionToLong(version)).

internal/db/models/api_node_model_ext.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
@@ -37,15 +38,15 @@ func (this *APINode) DecodeHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*serverc
 		return nil, err
 	}
 
-	err = config.Init()
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}
 
 	if config.SSLPolicyRef != nil {
-		policyId := config.SSLPolicyRef.SSLPolicyId
+		var policyId = config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, cacheMap)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, false, nil, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -55,7 +56,7 @@ func (this *APINode) DecodeHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*serverc
 		}
 	}
 
-	err = config.Init()
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}
@@ -129,13 +130,13 @@ func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*ser
 	if !IsNotNull(this.RestHTTPS) {
 		return nil, nil
 	}
-	config := &serverconfigs.HTTPSProtocolConfig{}
+	var config = &serverconfigs.HTTPSProtocolConfig{}
 	err := json.Unmarshal(this.RestHTTPS, config)
 	if err != nil {
 		return nil, err
 	}
 
-	err = config.Init()
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}
@@ -143,7 +144,7 @@ func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*ser
 	if config.SSLPolicyRef != nil {
 		policyId := config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, cacheMap)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, false, nil, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -153,7 +154,7 @@ func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*ser
 		}
 	}
 
-	err = config.Init()
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}

internal/db/models/authority/authority_key_dao_test.go

@@ -0,0 +1,6 @@
+package authority_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/authority/authority_key_model.go

@@ -2,6 +2,18 @@ package authority
 
 import "github.com/iwind/TeaGo/dbs"
 
+const (
+	AuthorityKeyField_Id           dbs.FieldName = "id"           // ID
+	AuthorityKeyField_Value        dbs.FieldName = "value"        // Key值
+	AuthorityKeyField_DayFrom      dbs.FieldName = "dayFrom"      // 开始日期
+	AuthorityKeyField_DayTo        dbs.FieldName = "dayTo"        // 结束日期
+	AuthorityKeyField_Hostname     dbs.FieldName = "hostname"     // Hostname
+	AuthorityKeyField_MacAddresses dbs.FieldName = "macAddresses" // MAC地址
+	AuthorityKeyField_UpdatedAt    dbs.FieldName = "updatedAt"    // 创建/修改时间
+	AuthorityKeyField_Company      dbs.FieldName = "company"      // 公司组织
+	AuthorityKeyField_RequestCode  dbs.FieldName = "requestCode"  // 申请码
+)
+
 // AuthorityKey 企业版认证信息
 type AuthorityKey struct {
 	Id           uint32   `field:"id"`           // ID
@@ -12,17 +24,19 @@ type AuthorityKey struct {
 	MacAddresses dbs.JSON `field:"macAddresses"` // MAC地址
 	UpdatedAt    uint64   `field:"updatedAt"`    // 创建/修改时间
 	Company      string   `field:"company"`      // 公司组织
+	RequestCode  string   `field:"requestCode"`  // 申请码
 }
 
 type AuthorityKeyOperator struct {
-	Id           interface{} // ID
-	Value        interface{} // Key值
-	DayFrom      interface{} // 开始日期
-	DayTo        interface{} // 结束日期
-	Hostname     interface{} // Hostname
-	MacAddresses interface{} // MAC地址
-	UpdatedAt    interface{} // 创建/修改时间
-	Company      interface{} // 公司组织
+	Id           any // ID
+	Value        any // Key值
+	DayFrom      any // 开始日期
+	DayTo        any // 结束日期
+	Hostname     any // Hostname
+	MacAddresses any // MAC地址
+	UpdatedAt    any // 创建/修改时间
+	Company      any // 公司组织
+	RequestCode  any // 申请码
 }
 
 func NewAuthorityKeyOperator() *AuthorityKeyOperator {

internal/db/models/authority/authority_node_dao.go

@@ -210,6 +210,7 @@ func (this *AuthorityNodeDAO) UpdateNodeStatus(tx *dbs.Tx, nodeId int64, nodeSta
 func (this *AuthorityNodeDAO) CountAllLowerVersionNodes(tx *dbs.Tx, version string) (int64, error) {
 	return this.Query(tx).
 		State(AuthorityNodeStateEnabled).
+		Attr("isOn", true).
 		Where("status IS NOT NULL").
 		Where("(JSON_EXTRACT(status, '$.buildVersionCode') IS NULL OR JSON_EXTRACT(status, '$.buildVersionCode')<:version)").
 		Param("version", utils.VersionToLong(version)).

internal/db/models/client_browser_model.go

@@ -1,22 +0,0 @@
-package models
-
-import "github.com/iwind/TeaGo/dbs"
-
-// ClientBrowser 终端浏览器信息
-type ClientBrowser struct {
-	Id    uint32   `field:"id"`    // ID
-	Name  string   `field:"name"`  // 浏览器名称
-	Codes dbs.JSON `field:"codes"` // 代号
-	State uint8    `field:"state"` // 状态
-}
-
-type ClientBrowserOperator struct {
-	Id    interface{} // ID
-	Name  interface{} // 浏览器名称
-	Codes interface{} // 代号
-	State interface{} // 状态
-}
-
-func NewClientBrowserOperator() *ClientBrowserOperator {
-	return &ClientBrowserOperator{}
-}

internal/db/models/client_system_dao_test.go

@@ -1,5 +0,0 @@
-package models
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-)

internal/db/models/client_system_model.go

@@ -1,22 +0,0 @@
-package models
-
-import "github.com/iwind/TeaGo/dbs"
-
-// ClientSystem 终端操作系统信息
-type ClientSystem struct {
-	Id    uint32   `field:"id"`    // ID
-	Name  string   `field:"name"`  // 系统名称
-	Codes dbs.JSON `field:"codes"` // 代号
-	State uint8    `field:"state"` //
-}
-
-type ClientSystemOperator struct {
-	Id    interface{} // ID
-	Name  interface{} // 系统名称
-	Codes interface{} // 代号
-	State interface{} //
-}
-
-func NewClientSystemOperator() *ClientSystemOperator {
-	return &ClientSystemOperator{}
-}

internal/db/models/clients/client_agent_dao.go

@@ -0,0 +1,98 @@
+package clients
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+type ClientAgentDAO dbs.DAO
+
+func NewClientAgentDAO() *ClientAgentDAO {
+	return dbs.NewDAO(&ClientAgentDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeClientAgents",
+			Model:  new(ClientAgent),
+			PkName: "id",
+		},
+	}).(*ClientAgentDAO)
+}
+
+var SharedClientAgentDAO *ClientAgentDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedClientAgentDAO = NewClientAgentDAO()
+	})
+}
+
+// FindClientAgentName 根据主键查找名称
+func (this *ClientAgentDAO) FindClientAgentName(tx *dbs.Tx, id int64) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// FindAgent 查找Agent
+func (this *ClientAgentDAO) FindAgent(tx *dbs.Tx, agentId int64) (*ClientAgent, error) {
+	if agentId <= 0 {
+		return nil, nil
+	}
+
+	one, err := this.Query(tx).
+		Pk(agentId).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+
+	return one.(*ClientAgent), nil
+}
+
+// FindAgentIdWithCode 根据代号查找ID
+func (this *ClientAgentDAO) FindAgentIdWithCode(tx *dbs.Tx, code string) (int64, error) {
+	return this.Query(tx).
+		ResultPk().
+		Attr("code", code).
+		FindInt64Col(0)
+}
+
+// FindAgentNameWithCode 根据代号查找Agent名称
+func (this *ClientAgentDAO) FindAgentNameWithCode(tx *dbs.Tx, code string) (string, error) {
+	return this.Query(tx).
+		Result("name").
+		Attr("code", code).
+		FindStringCol("")
+}
+
+// UpdateAgentCountIPs 修改Agent拥有的IP数量
+func (this *ClientAgentDAO) UpdateAgentCountIPs(tx *dbs.Tx, agentId int64, countIPs int64) error {
+	return this.Query(tx).
+		Pk(agentId).
+		Set("countIPs", countIPs).
+		UpdateQuickly()
+}
+
+// FindAllAgents 查找所有Agents
+func (this *ClientAgentDAO) FindAllAgents(tx *dbs.Tx) (result []*ClientAgent, err error) {
+	_, err = this.Query(tx).
+		Desc("order").
+		AscPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindAllNSAgents 查找所有DNS可以使用的Agents
+func (this *ClientAgentDAO) FindAllNSAgents(tx *dbs.Tx) (result []*ClientAgent, err error) {
+	// 注意：允许NS使用所有的Agent，不管有没有IP数据
+	_, err = this.Query(tx).
+		Result("id", "name", "code").
+		Desc("order").
+		AscPk().
+		Slice(&result).
+		FindAll()
+	return
+}

internal/db/models/clients/client_agent_dao_test.go

@@ -0,0 +1,6 @@
+package clients_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/clients/client_agent_ip_dao.go

@@ -0,0 +1,105 @@
+package clients
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+// TODO 需要定时对所有IP的PTR进行检查，剔除已经变更的IP
+
+type ClientAgentIPDAO dbs.DAO
+
+func NewClientAgentIPDAO() *ClientAgentIPDAO {
+	return dbs.NewDAO(&ClientAgentIPDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeClientAgentIPs",
+			Model:  new(ClientAgentIP),
+			PkName: "id",
+		},
+	}).(*ClientAgentIPDAO)
+}
+
+var SharedClientAgentIPDAO *ClientAgentIPDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedClientAgentIPDAO = NewClientAgentIPDAO()
+	})
+}
+
+// CreateIP 写入IP
+func (this *ClientAgentIPDAO) CreateIP(tx *dbs.Tx, agentId int64, ip string, ptr string) error {
+	// 检查数据有效性
+	if agentId <= 0 || len(ip) == 0 {
+		return nil
+	}
+
+	// 限制ptr长度
+	if len(ptr) > 100 {
+		ptr = ptr[:100]
+	}
+
+	// 检查是否存在
+	exists, err := this.Query(tx).
+		Attr("agentId", agentId).
+		Attr("ip", ip).
+		Exist()
+
+	if err != nil {
+		return err
+	}
+	if exists {
+		return nil
+	}
+
+	var op = NewClientAgentIPOperator()
+	op.AgentId = agentId
+	op.IP = ip
+	op.Ptr = ptr
+	err = this.Save(tx, op)
+	if err != nil {
+		// 忽略duplicate错误
+		if models.CheckSQLDuplicateErr(err) {
+			return nil
+		}
+		return err
+	}
+
+	// 更新Agent IP数量
+	countIPs, err := this.CountAgentIPs(tx, agentId)
+	if err != nil {
+		return err
+	}
+	err = SharedClientAgentDAO.UpdateAgentCountIPs(tx, agentId, countIPs)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ListIPsAfterId 列出某个ID之后的IP
+func (this *ClientAgentIPDAO) ListIPsAfterId(tx *dbs.Tx, id int64, size int64) (result []*ClientAgentIP, err error) {
+	if id < 0 {
+		id = 0
+	}
+
+	_, err = this.Query(tx).
+		Result("id", "ip", "ptr", "agentId").
+		Gt("id", id).
+		AscPk().
+		Limit(size). // 限制单次读取个数
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// CountAgentIPs 计算Agent IP数量
+func (this *ClientAgentIPDAO) CountAgentIPs(tx *dbs.Tx, agentId int64) (int64, error) {
+	return this.Query(tx).
+		Attr("agentId", agentId).
+		Count()
+}

internal/db/models/clients/client_agent_ip_dao_test.go

@@ -0,0 +1,16 @@
+package clients_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/clients"
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+	"testing"
+)
+
+func TestClientAgentIPDAO_CreateIP(t *testing.T) {
+	var dao = clients.NewClientAgentIPDAO()
+	err := dao.CreateIP(nil, 1, "127.0.0.1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+}

internal/db/models/clients/client_agent_ip_model.go

@@ -0,0 +1,20 @@
+package clients
+
+// ClientAgentIP Agent IP
+type ClientAgentIP struct {
+	Id      uint64 `field:"id"`      // ID
+	AgentId uint32 `field:"agentId"` // Agent ID
+	IP      string `field:"ip"`      // IP地址
+	Ptr     string `field:"ptr"`     // PTR值
+}
+
+type ClientAgentIPOperator struct {
+	Id      any // ID
+	AgentId any // Agent ID
+	IP      any // IP地址
+	Ptr     any // PTR值
+}
+
+func NewClientAgentIPOperator() *ClientAgentIPOperator {
+	return &ClientAgentIPOperator{}
+}

internal/db/models/clients/client_agent_ip_model_ext.go

@@ -0,0 +1 @@
+package clients

internal/db/models/clients/client_agent_model.go

@@ -0,0 +1,24 @@
+package clients
+
+// ClientAgent Agent库
+type ClientAgent struct {
+	Id          uint32 `field:"id"`          // ID
+	Name        string `field:"name"`        // 名称
+	Code        string `field:"code"`        // 代号
+	Description string `field:"description"` // 介绍
+	Order       uint32 `field:"order"`       // 排序
+	CountIPs    uint32 `field:"countIPs"`    // IP数量
+}
+
+type ClientAgentOperator struct {
+	Id          any // ID
+	Name        any // 名称
+	Code        any // 代号
+	Description any // 介绍
+	Order       any // 排序
+	CountIPs    any // IP数量
+}
+
+func NewClientAgentOperator() *ClientAgentOperator {
+	return &ClientAgentOperator{}
+}

internal/db/models/clients/client_agent_model_ext.go

@@ -0,0 +1,6 @@
+package clients
+
+// NSRouteCode NS线路代号
+func (this *ClientAgent) NSRouteCode() string {
+	return "agent:" + this.Code
+}

internal/db/models/clients/client_browser_dao.go

@@ -1,11 +1,16 @@
-package models
+package clients
 
 import (
-	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/goman"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
-	"strconv"
+	"github.com/iwind/TeaGo/rands"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
 )
 
 const (
@@ -13,7 +18,20 @@ const (
 	ClientBrowserStateDisabled = 0 // 已禁用
 )
 
-var clientBrowserNameAndIdCacheMap = map[string]int64{}
+func init() {
+	dbs.OnReadyDone(func() {
+		// 清理数据任务
+		var ticker = time.NewTicker(time.Duration(rands.Int(24, 48)) * time.Hour)
+		goman.New(func() {
+			for range ticker.C {
+				err := SharedClientBrowserDAO.Clean(nil, 7) // 只保留N天
+				if err != nil {
+					remotelogs.Error("SharedClientBrowserDAO", "clean expired data failed: "+err.Error())
+				}
+			}
+		})
+	})
+}
 
 type ClientBrowserDAO dbs.DAO
 
@@ -74,65 +92,64 @@ func (this *ClientBrowserDAO) FindClientBrowserName(tx *dbs.Tx, id uint32) (stri
 		FindStringCol("")
 }
 
-// FindBrowserIdWithNameCacheable 根据浏览器名称查找浏览器ID
-func (this *ClientBrowserDAO) FindBrowserIdWithNameCacheable(tx *dbs.Tx, browserName string) (int64, error) {
-	SharedCacheLocker.RLock()
-	browserId, ok := clientBrowserNameAndIdCacheMap[browserName]
-	if ok {
-		SharedCacheLocker.RUnlock()
-		return browserId, nil
-	}
-	SharedCacheLocker.RUnlock()
-
-	browserId, err := this.Query(tx).
-		Where("JSON_CONTAINS(codes, :browserName)").
-		Param("browserName", strconv.Quote(browserName)). // 查询的需要是个JSON字符串，所以这里加双引号
-		ResultPk().
-		FindInt64Col(0)
-	if err != nil {
-		return 0, err
-	}
-
-	if browserId > 0 {
-		// 只有找到的时候才放入缓存，以便于我们可以在不存在的时候创建一条新的记录
-		SharedCacheLocker.Lock()
-		clientBrowserNameAndIdCacheMap[browserName] = browserId
-		SharedCacheLocker.Unlock()
-	}
-
-	return browserId, nil
-}
-
-// CreateBrowser 创建浏览器
-func (this *ClientBrowserDAO) CreateBrowser(tx *dbs.Tx, browserName string) (int64, error) {
-	var maxlength = 50
+// CreateBrowserIfNotExists 创建浏览器信息
+func (this *ClientBrowserDAO) CreateBrowserIfNotExists(tx *dbs.Tx, browserName string) error {
+	const maxlength = 50
 	if len(browserName) > maxlength {
 		browserName = browserName[:50]
 	}
 
-	SharedCacheLocker.Lock()
-	defer SharedCacheLocker.Unlock()
+	// 检查缓存
+	var cacheKey = "clientBrowser:" + browserName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return nil
+	}
 
-	// 检查是否已经创建
+	// 检查是否已经存在
+	// 不需要加状态条件
 	browserId, err := this.Query(tx).
 		Attr("name", browserName).
 		ResultPk().
 		FindInt64Col(0)
 	if err != nil {
-		return 0, err
+		return err
 	}
 	if browserId > 0 {
-		return browserId, nil
+		// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+		ttlcache.SharedCache.Write(cacheKey, browserId, time.Now().Unix()+3600)
+
+		return this.Query(tx).
+			Pk(browserId).
+			Set("createdDay", timeutil.Format("Ymd")).
+			UpdateQuickly()
 	}
 
+	// 如果不存在，则创建之
 	var op = NewClientBrowserOperator()
 	op.Name = browserName
-	codes := []string{browserName}
-	codesJSON, err := json.Marshal(codes)
-	if err != nil {
-		return 0, err
-	}
-	op.Codes = codesJSON
+	op.CreatedDay = timeutil.Format("Ymd")
 	op.State = ClientBrowserStateEnabled
-	return this.SaveInt64(tx, op)
+	browserId, err = this.SaveInt64(tx, op)
+	if err != nil && models.CheckSQLErrCode(err, 1062 /** duplicate entry **/) {
+		return nil
+	}
+
+	// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+	if browserId > 0 {
+		ttlcache.SharedCache.Write(cacheKey, browserId, time.Now().Unix()+3600)
+	}
+
+	return err
+}
+
+// Clean 清理
+func (this *ClientBrowserDAO) Clean(tx *dbs.Tx, days int) error {
+	if days <= 0 {
+		days = 30
+	}
+
+	return this.Query(tx).
+		Lt("createdDay", timeutil.Format("Ymd", time.Now().AddDate(0, 0, -days))).
+		DeleteQuickly()
 }

internal/db/models/clients/client_browser_dao_test.go

@@ -0,0 +1,33 @@
+package clients_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/clients"
+	_ "github.com/go-sql-driver/mysql"
+	"testing"
+)
+
+func TestClientBrowserDAO_CreateBrowser(t *testing.T) {
+	var dao = clients.NewClientBrowserDAO()
+	err := dao.CreateBrowserIfNotExists(nil, "Hello")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = dao.CreateBrowserIfNotExists(nil, "Hello")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = dao.CreateBrowserIfNotExists(nil, "Hello")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestClientBrowserDAO_Clean(t *testing.T) {
+	var dao = clients.NewClientBrowserDAO()
+	err := dao.Clean(nil, 30)
+	if err != nil {
+		t.Fatal(err)
+	}
+}

internal/db/models/clients/client_browser_model.go

@@ -0,0 +1,24 @@
+package clients
+
+import "github.com/iwind/TeaGo/dbs"
+
+// ClientBrowser 终端浏览器信息
+type ClientBrowser struct {
+	Id         uint64   `field:"id"`         // ID
+	Name       string   `field:"name"`       // 浏览器名称
+	Codes      dbs.JSON `field:"codes"`      // 代号
+	CreatedDay string   `field:"createdDay"` // 创建日期YYYYMMDD
+	State      uint8    `field:"state"`      // 状态
+}
+
+type ClientBrowserOperator struct {
+	Id         any // ID
+	Name       any // 浏览器名称
+	Codes      any // 代号
+	CreatedDay any // 创建日期YYYYMMDD
+	State      any // 状态
+}
+
+func NewClientBrowserOperator() *ClientBrowserOperator {
+	return &ClientBrowserOperator{}
+}

internal/db/models/clients/client_browser_model_ext.go

@@ -0,0 +1 @@
+package clients

internal/db/models/clients/client_system_dao.go

@@ -1,11 +1,16 @@
-package models
+package clients
 
 import (
-	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/goman"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
-	"strconv"
+	"github.com/iwind/TeaGo/rands"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
 )
 
 const (
@@ -13,7 +18,20 @@ const (
 	ClientSystemStateDisabled = 0 // 已禁用
 )
 
-var clientSystemNameAndIdCacheMap = map[string]int64{} // system name => id
+func init() {
+	dbs.OnReadyDone(func() {
+		// 清理数据任务
+		var ticker = time.NewTicker(time.Duration(rands.Int(24, 48)) * time.Hour)
+		goman.New(func() {
+			for range ticker.C {
+				err := SharedClientSystemDAO.Clean(nil, 7) // 只保留N天
+				if err != nil {
+					remotelogs.Error("SharedClientSystemDAO", "clean expired data failed: "+err.Error())
+				}
+			}
+		})
+	})
+}
 
 type ClientSystemDAO dbs.DAO
 
@@ -74,67 +92,63 @@ func (this *ClientSystemDAO) FindClientSystemName(tx *dbs.Tx, id uint32) (string
 		FindStringCol("")
 }
 
-// FindSystemIdWithNameCacheable 根据操作系统名称查找系统ID
-func (this *ClientSystemDAO) FindSystemIdWithNameCacheable(tx *dbs.Tx, systemName string) (int64, error) {
-	SharedCacheLocker.RLock()
-	systemId, ok := clientSystemNameAndIdCacheMap[systemName]
-	if ok {
-		SharedCacheLocker.RUnlock()
-		return systemId, nil
-	}
-	SharedCacheLocker.RUnlock()
-
-	systemId, err := this.Query(tx).
-		Where("JSON_CONTAINS(codes, :systemName)").
-		Param("systemName", strconv.Quote(systemName)). // 查询的需要是个JSON字符串，所以这里加双引号
-		ResultPk().
-		FindInt64Col(0)
-	if err != nil {
-		return 0, err
-	}
-
-	if systemId > 0 {
-		// 只有找到的时候才放入缓存，以便于我们可以在不存在的时候创建一条新的记录
-		SharedCacheLocker.Lock()
-		clientSystemNameAndIdCacheMap[systemName] = systemId
-		SharedCacheLocker.Unlock()
-	}
-
-	return systemId, nil
-}
-
-// CreateSystem 创建浏览器
-func (this *ClientSystemDAO) CreateSystem(tx *dbs.Tx, systemName string) (int64, error) {
-	var maxlength = 50
+// CreateSystemIfNotExists 创建系统信息
+func (this *ClientSystemDAO) CreateSystemIfNotExists(tx *dbs.Tx, systemName string) error {
+	const maxlength = 50
 	if len(systemName) > maxlength {
 		systemName = systemName[:50]
 	}
 
-	SharedCacheLocker.Lock()
-	defer SharedCacheLocker.Unlock()
+	// 检查缓存
+	var cacheKey = "clientSystem:" + systemName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return nil
+	}
 
-	// 检查是否已经创建
+	// 检查是否已经存在
+	// 不需要加状态条件
 	systemId, err := this.Query(tx).
 		Attr("name", systemName).
 		ResultPk().
 		FindInt64Col(0)
 	if err != nil {
-		return 0, err
+		return err
 	}
 	if systemId > 0 {
-		return systemId, nil
+		// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+		ttlcache.SharedCache.Write(cacheKey, systemId, time.Now().Unix()+3600)
+
+		return this.Query(tx).
+			Pk(systemId).
+			Set("createdDay", timeutil.Format("Ymd")).
+			UpdateQuickly()
 	}
 
 	var op = NewClientSystemOperator()
 	op.Name = systemName
-
-	codes := []string{systemName}
-	codesJSON, err := json.Marshal(codes)
-	if err != nil {
-		return 0, err
-	}
-	op.Codes = codesJSON
-
+	op.CreatedDay = timeutil.Format("Ymd")
 	op.State = ClientSystemStateEnabled
-	return this.SaveInt64(tx, op)
+	systemId, err = this.SaveInt64(tx, op)
+	if err != nil && models.CheckSQLErrCode(err, 1062 /** duplicate entry **/) {
+		return nil
+	}
+
+	// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+	if systemId > 0 {
+		ttlcache.SharedCache.Write(cacheKey, systemId, time.Now().Unix()+3600)
+	}
+
+	return err
+}
+
+// Clean 清理
+func (this *ClientSystemDAO) Clean(tx *dbs.Tx, days int) error {
+	if days <= 0 {
+		days = 30
+	}
+
+	return this.Query(tx).
+		Lt("createdDay", timeutil.Format("Ymd", time.Now().AddDate(0, 0, -days))).
+		DeleteQuickly()
 }

internal/db/models/clients/client_system_dao_test.go

@@ -0,0 +1,31 @@
+package clients_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/clients"
+	_ "github.com/go-sql-driver/mysql"
+	"testing"
+)
+
+func TestClientSystemDAO_CreateSystemIfNotExists(t *testing.T) {
+	var dao = clients.NewClientSystemDAO()
+	{
+		err := dao.CreateSystemIfNotExists(nil, "Mac OS X")
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+	{
+		err := dao.CreateSystemIfNotExists(nil, "Mac OS X 2")
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestClientSystemDAO_Clean(t *testing.T) {
+	var dao = clients.NewClientSystemDAO()
+	err := dao.Clean(nil, 30)
+	if err != nil {
+		t.Fatal(err)
+	}
+}

internal/db/models/clients/client_system_model.go

@@ -0,0 +1,24 @@
+package clients
+
+import "github.com/iwind/TeaGo/dbs"
+
+// ClientSystem 终端操作系统信息
+type ClientSystem struct {
+	Id         uint64   `field:"id"`         // ID
+	Name       string   `field:"name"`       // 系统名称
+	Codes      dbs.JSON `field:"codes"`      // 代号
+	CreatedDay string   `field:"createdDay"` // 创建日期YYYYMMDD
+	State      uint8    `field:"state"`      // 状态
+}
+
+type ClientSystemOperator struct {
+	Id         any // ID
+	Name       any // 系统名称
+	Codes      any // 代号
+	CreatedDay any // 创建日期YYYYMMDD
+	State      any // 状态
+}
+
+func NewClientSystemOperator() *ClientSystemOperator {
+	return &ClientSystemOperator{}
+}

internal/db/models/clients/client_system_model_ext.go

@@ -0,0 +1 @@
+package clients

internal/db/models/dns/dns_task_dao.go

@@ -12,13 +12,16 @@ import (
 type DNSTaskType = string
 
 const (
-	DNSTaskTypeClusterChange       DNSTaskType = "clusterChange"
+	DNSTaskTypeClusterChange       DNSTaskType = "clusterChange"       // 集群节点、服务发生变化
+	DNSTaskTypeClusterNodesChange  DNSTaskType = "clusterNodesChange"  // 集群中节点发生变化
 	DNSTaskTypeClusterRemoveDomain DNSTaskType = "clusterRemoveDomain" // 从集群中移除域名
 	DNSTaskTypeNodeChange          DNSTaskType = "nodeChange"
 	DNSTaskTypeServerChange        DNSTaskType = "serverChange"
 	DNSTaskTypeDomainChange        DNSTaskType = "domainChange"
 )
 
+var DNSTasksNotifier = make(chan bool, 2)
+
 type DNSTaskDAO dbs.DAO
 
 func NewDNSTaskDAO() *DNSTaskDAO {
@@ -58,13 +61,24 @@ func (this *DNSTaskDAO) CreateDNSTask(tx *dbs.Tx, clusterId int64, serverId int6
 		"error":      "",
 		"version":    time.Now().UnixNano(),
 	}, maps.Map{
-		"updatedAt": time.Now().Unix(),
-		"isDone":    false,
-		"isOk":      false,
-		"error":     "",
-		"version":   time.Now().UnixNano(),
+		"updatedAt":  time.Now().Unix(),
+		"isDone":     false,
+		"isOk":       false,
+		"error":      "",
+		"version":    time.Now().UnixNano(),
+		"countFails": 0,
 	})
-	return err
+	if err != nil {
+		return err
+	}
+
+	// 通知更新
+	select {
+	case DNSTasksNotifier <- true:
+	default:
+	}
+
+	return nil
 }
 
 // CreateClusterTask 生成集群变更任务
@@ -78,8 +92,8 @@ func (this *DNSTaskDAO) CreateClusterRemoveTask(tx *dbs.Tx, clusterId int64, dom
 }
 
 // CreateNodeTask 生成节点任务
-func (this *DNSTaskDAO) CreateNodeTask(tx *dbs.Tx, nodeId int64, taskType DNSTaskType) error {
-	return this.CreateDNSTask(tx, 0, 0, nodeId, 0, "", taskType)
+func (this *DNSTaskDAO) CreateNodeTask(tx *dbs.Tx, clusterId int64, nodeId int64, taskType DNSTaskType) error {
+	return this.CreateDNSTask(tx, clusterId, 0, nodeId, 0, "", taskType)
 }
 
 // CreateServerTask 生成服务任务
@@ -95,7 +109,7 @@ func (this *DNSTaskDAO) CreateDomainTask(tx *dbs.Tx, domainId int64, taskType DN
 // FindAllDoingTasks 查找所有正在执行的任务
 func (this *DNSTaskDAO) FindAllDoingTasks(tx *dbs.Tx) (result []*DNSTask, err error) {
 	_, err = this.Query(tx).
-		Attr("isDone", 0).
+		Where("(isDone=0 OR (isDone=1 AND isOk=0 AND countFails<3))"). // 3 = retry times
 		Asc("version").
 		AscPk().
 		Slice(&result).
@@ -142,6 +156,12 @@ func (this *DNSTaskDAO) DeleteDNSTask(tx *dbs.Tx, taskId int64) error {
 	return err
 }
 
+// DeleteAllDNSTasks 删除所有任务
+func (this *DNSTaskDAO) DeleteAllDNSTasks(tx *dbs.Tx) error {
+	return this.Query(tx).
+		DeleteQuickly()
+}
+
 // UpdateDNSTaskError 设置任务错误
 func (this *DNSTaskDAO) UpdateDNSTaskError(tx *dbs.Tx, taskId int64, err string) error {
 	if taskId <= 0 {
@@ -152,22 +172,60 @@ func (this *DNSTaskDAO) UpdateDNSTaskError(tx *dbs.Tx, taskId int64, err string)
 	op.IsDone = true
 	op.Error = err
 	op.IsOk = false
+	op.CountFails = dbs.SQL("countFails+1")
 	return this.Save(tx, op)
 }
 
 // UpdateDNSTaskDone 设置任务完成
-func (this *DNSTaskDAO) UpdateDNSTaskDone(tx *dbs.Tx, taskId int64) error {
+func (this *DNSTaskDAO) UpdateDNSTaskDone(tx *dbs.Tx, taskId int64, taskVersion int64) error {
 	if taskId <= 0 {
 		return errors.New("invalid taskId")
 	}
+
+	currentVersion, err := this.Query(tx).
+		Pk(taskId).
+		Result("version").
+		FindInt64Col(0)
+	if err != nil {
+		return err
+	}
+
+	// 如果版本号发生变化，则说明有新的要执行的任务
+	if taskVersion > 0 && currentVersion > 0 && currentVersion != taskVersion {
+		return nil
+	}
+
 	var op = NewDNSTaskOperator()
 	op.Id = taskId
 	op.IsDone = true
 	op.IsOk = true
+	op.CountFails = 0
 	op.Error = ""
 	return this.Save(tx, op)
 }
 
+// GenerateVersion 生成最新的版本号
+func (this *DNSTaskDAO) GenerateVersion() int64 {
+	return time.Now().UnixNano()
+}
+
+// UpdateClusterDNSTasksDone 设置所有集群任务完成
+func (this *DNSTaskDAO) UpdateClusterDNSTasksDone(tx *dbs.Tx, clusterId int64, maxVersion int64) error {
+	if clusterId <= 0 || maxVersion <= 0 {
+		return nil
+	}
+
+	return this.Query(tx).
+		Attr("clusterId", clusterId).
+		Attr("isOk", false).
+		Lte("version", maxVersion).
+		Set("isDone", true).
+		Set("isOk", true).
+		Set("error", "").
+		Set("countFails", 0).
+		UpdateQuickly()
+}
+
 // DeleteDNSTasksWithClusterId 删除集群相关任务
 func (this *DNSTaskDAO) DeleteDNSTasksWithClusterId(tx *dbs.Tx, clusterId int64) error {
 	if clusterId <= 0 {

internal/db/models/dns/dns_task_dao_test.go

@@ -1,17 +1,28 @@
-package dns
+package dns_test
 
 import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/dns"
 	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/iwind/TeaGo/bootstrap"
 	"github.com/iwind/TeaGo/dbs"
 	"testing"
+	"time"
 )
 
 func TestDNSTaskDAO_CreateDNSTask(t *testing.T) {
 	dbs.NotifyReady()
-	err := SharedDNSTaskDAO.CreateDNSTask(nil, 1, 2, 3, 0, "cdn", "taskType")
+	err := dns.SharedDNSTaskDAO.CreateDNSTask(nil, 1, 2, 3, 0, "cdn", "taskType")
 	if err != nil {
 		t.Fatal(err)
 	}
 	t.Log("ok")
 }
+
+func TestDNSTaskDAO_UpdateClusterDNSTasksDone(t *testing.T) {
+	var dao = dns.NewDNSTaskDAO()
+	var tx *dbs.Tx
+	err := dao.UpdateClusterDNSTasksDone(tx, 46, time.Now().UnixNano())
+	if err != nil {
+		t.Fatal(err)
+	}
+}

internal/db/models/dns/dns_task_model.go

@@ -1,5 +1,23 @@
 package dns
 
+import "github.com/iwind/TeaGo/dbs"
+
+const (
+	DNSTaskField_Id         dbs.FieldName = "id"         // ID
+	DNSTaskField_ClusterId  dbs.FieldName = "clusterId"  // 集群ID
+	DNSTaskField_ServerId   dbs.FieldName = "serverId"   // 服务ID
+	DNSTaskField_NodeId     dbs.FieldName = "nodeId"     // 节点ID
+	DNSTaskField_DomainId   dbs.FieldName = "domainId"   // 域名ID
+	DNSTaskField_RecordName dbs.FieldName = "recordName" // 记录名
+	DNSTaskField_Type       dbs.FieldName = "type"       // 任务类型
+	DNSTaskField_UpdatedAt  dbs.FieldName = "updatedAt"  // 更新时间
+	DNSTaskField_IsDone     dbs.FieldName = "isDone"     // 是否已完成
+	DNSTaskField_IsOk       dbs.FieldName = "isOk"       // 是否成功
+	DNSTaskField_Error      dbs.FieldName = "error"      // 错误信息
+	DNSTaskField_Version    dbs.FieldName = "version"    // 版本
+	DNSTaskField_CountFails dbs.FieldName = "countFails" // 尝试失败次数
+)
+
 // DNSTask DNS更新任务
 type DNSTask struct {
 	Id         uint64 `field:"id"`         // ID
@@ -14,6 +32,7 @@ type DNSTask struct {
 	IsOk       bool   `field:"isOk"`       // 是否成功
 	Error      string `field:"error"`      // 错误信息
 	Version    uint64 `field:"version"`    // 版本
+	CountFails uint32 `field:"countFails"` // 尝试失败次数
 }
 
 type DNSTaskOperator struct {
@@ -29,6 +48,7 @@ type DNSTaskOperator struct {
 	IsOk       any // 是否成功
 	Error      any // 错误信息
 	Version    any // 版本
+	CountFails any // 尝试失败次数
 }
 
 func NewDNSTaskOperator() *DNSTaskOperator {

internal/db/models/dns/dnsutils/dns_utils.go

@@ -3,6 +3,7 @@
 package dnsutils
 
 import (
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/dns"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients"
@@ -105,7 +106,7 @@ func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster, checkNodeIssues bo
 
 	// 检查节点
 	if checkNodeIssues {
-		nodes, err := models.SharedNodeDAO.FindAllEnabledNodesDNSWithClusterId(tx, clusterId, true, clusterDNSConfig != nil && clusterDNSConfig.IncludingLnNodes)
+		nodes, err := models.SharedNodeDAO.FindAllEnabledNodesDNSWithClusterId(tx, clusterId, true, clusterDNSConfig != nil && clusterDNSConfig.IncludingLnNodes, true)
 		if err != nil {
 			return nil, err
 		}
@@ -113,7 +114,7 @@ func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster, checkNodeIssues bo
 		// TODO 检查节点数量不能为0
 
 		for _, node := range nodes {
-			nodeId := int64(node.Id)
+			var nodeId = int64(node.Id)
 
 			routeCodes, err := node.DNSRouteCodesForDomainId(domainId)
 			if err != nil {
@@ -162,17 +163,36 @@ func CheckClusterDNS(tx *dbs.Tx, cluster *models.NodeCluster, checkNodeIssues bo
 				return nil, err
 			}
 			if len(ipAddr) == 0 {
-				issues = append(issues, &pb.DNSIssue{
-					Target:      node.Name,
-					TargetId:    nodeId,
-					Type:        "node",
-					Description: "没有设置IP地址",
-					Params: map[string]string{
-						"clusterName": cluster.Name,
-						"clusterId":   numberutils.FormatInt64(clusterId),
-					},
-					MustFix: true,
-				})
+				// 检查是否有离线
+				anyIPAddr, _, err := models.SharedNodeIPAddressDAO.FindFirstNodeAccessIPAddress(tx, nodeId, false, nodeconfigs.NodeRoleNode)
+				if err != nil {
+					return nil, err
+				}
+				if len(anyIPAddr) > 0 {
+					issues = append(issues, &pb.DNSIssue{
+						Target:      node.Name,
+						TargetId:    nodeId,
+						Type:        "node",
+						Description: "节点所有IP地址处于离线状态",
+						Params: map[string]string{
+							"clusterName": cluster.Name,
+							"clusterId":   numberutils.FormatInt64(clusterId),
+						},
+						MustFix: true,
+					})
+				} else {
+					issues = append(issues, &pb.DNSIssue{
+						Target:      node.Name,
+						TargetId:    nodeId,
+						Type:        "node",
+						Description: "没有设置可用的IP地址",
+						Params: map[string]string{
+							"clusterName": cluster.Name,
+							"clusterId":   numberutils.FormatInt64(clusterId),
+						},
+						MustFix: true,
+					})
+				}
 				continue
 			}
 
@@ -198,7 +218,7 @@ func FindDefaultDomainRoute(tx *dbs.Tx, domain *dns.DNSDomain) (string, error) {
 	}
 	paramsMap, err := provider.DecodeAPIParams()
 	if err != nil {
-		return "", errors.New("decode provider params failed: " + err.Error())
+		return "", fmt.Errorf("decode provider params failed: %w", err)
 	}
 	var dnsProvider = dnsclients.FindProvider(provider.Type, int64(provider.Id))
 	if dnsProvider == nil {

internal/db/models/formal_client_browser_dao.go

@@ -0,0 +1,207 @@
+package models
+
+import (
+	"encoding/json"
+	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	FormalClientBrowserStateEnabled  = 1 // 已启用
+	FormalClientBrowserStateDisabled = 0 // 已禁用
+)
+
+type FormalClientBrowserDAO dbs.DAO
+
+func NewFormalClientBrowserDAO() *FormalClientBrowserDAO {
+	return dbs.NewDAO(&FormalClientBrowserDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeFormalClientBrowsers",
+			Model:  new(FormalClientBrowser),
+			PkName: "id",
+		},
+	}).(*FormalClientBrowserDAO)
+}
+
+var SharedFormalClientBrowserDAO *FormalClientBrowserDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedFormalClientBrowserDAO = NewFormalClientBrowserDAO()
+	})
+}
+
+// EnableFormalClientBrowser 启用条目
+func (this *FormalClientBrowserDAO) EnableFormalClientBrowser(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientBrowserStateEnabled).
+		Update()
+	return err
+}
+
+// DisableFormalClientBrowser 禁用条目
+func (this *FormalClientBrowserDAO) DisableFormalClientBrowser(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientBrowserStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledFormalClientBrowser 查找启用中的条目
+func (this *FormalClientBrowserDAO) FindEnabledFormalClientBrowser(tx *dbs.Tx, id int64) (*FormalClientBrowser, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(FormalClientBrowserStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*FormalClientBrowser), err
+}
+
+// FindFormalClientBrowserName 根据主键查找名称
+func (this *FormalClientBrowserDAO) FindFormalClientBrowserName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// FindBrowserIdWithNameCacheable 根据浏览器名称查找系统ID
+func (this *FormalClientBrowserDAO) FindBrowserIdWithNameCacheable(tx *dbs.Tx, browserName string) (int64, error) {
+	var cacheKey = "formalClientBrowser:" + browserName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return types.Int64(cacheItem.Value), nil
+	}
+
+	// 先使用 name 查找，因为有索引，所以会快一些
+	browserId, err := this.Query(tx).
+		Attr("name", browserName).
+		ResultPk().
+		FindInt64Col(0)
+	if err != nil {
+		return 0, err
+	}
+
+	if browserId == 0 {
+		browserId, err = this.Query(tx).
+			Where("JSON_CONTAINS(codes, :browserName)").
+			Param("browserName", strconv.Quote(browserName)). // 查询的需要是个JSON字符串，所以这里加双引号
+			ResultPk().
+			FindInt64Col(0)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	// 即使找不到也要放入到缓存中
+	ttlcache.SharedCache.Write(cacheKey, browserId, time.Now().Unix()+3600)
+
+	return browserId, nil
+}
+
+// CountBrowsers 计算浏览器数量
+func (this *FormalClientBrowserDAO) CountBrowsers(tx *dbs.Tx, keyword string) (int64, error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	return query.Count()
+}
+
+// ListBrowsers 列出单页浏览器信息
+func (this *FormalClientBrowserDAO) ListBrowsers(tx *dbs.Tx, keyword string, offset int64, size int64) (result []*FormalClientBrowser, err error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	_, err = query.
+		Offset(offset).
+		Limit(size).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindBrowserWithDataId 根据dataId查找浏览器信息
+func (this *FormalClientBrowserDAO) FindBrowserWithDataId(tx *dbs.Tx, dataId string) (*FormalClientBrowser, error) {
+	one, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+
+	return one.(*FormalClientBrowser), nil
+}
+
+// CreateBrowser 创建浏览器信息
+func (this *FormalClientBrowserDAO) CreateBrowser(tx *dbs.Tx, name string, codes []string, dataId string) (int64, error) {
+	if len(dataId) == 0 {
+		return 0, errors.New("invalid dataId")
+	}
+
+	// 检查 dataId 是否已经存在
+	exists, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Exist()
+	if err != nil {
+		return 0, err
+	}
+	if exists {
+		return 0, errors.New("dataId '" + dataId + "' already exists")
+	}
+
+	var op = NewFormalClientBrowserOperator()
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return 0, err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	op.State = FormalClientBrowserStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// UpdateBrowser 修改浏览器信息
+func (this *FormalClientBrowserDAO) UpdateBrowser(tx *dbs.Tx, browserId int64, name string, codes []string, dataId string) error {
+	if browserId <= 0 {
+		return errors.New("invalid browserId '" + types.String(browserId) + "'")
+	}
+	if len(dataId) == 0 {
+		return errors.New("invalid dataId")
+	}
+
+	var op = NewFormalClientBrowserOperator()
+	op.Id = browserId
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	return this.Save(tx, op)
+}

internal/db/models/formal_client_browser_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/formal_client_browser_model.go

@@ -0,0 +1,24 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// FormalClientBrowser 终端浏览器信息
+type FormalClientBrowser struct {
+	Id     uint32   `field:"id"`     // ID
+	Name   string   `field:"name"`   // 浏览器名称
+	Codes  dbs.JSON `field:"codes"`  // 代号
+	DataId string   `field:"dataId"` // 数据ID
+	State  uint8    `field:"state"`  // 状态
+}
+
+type FormalClientBrowserOperator struct {
+	Id     any // ID
+	Name   any // 浏览器名称
+	Codes  any // 代号
+	DataId any // 数据ID
+	State  any // 状态
+}
+
+func NewFormalClientBrowserOperator() *FormalClientBrowserOperator {
+	return &FormalClientBrowserOperator{}
+}

internal/db/models/formal_client_browser_model_ext.go

@@ -0,0 +1,21 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+)
+
+// DecodeCodes 解析代号
+func (this *FormalClientBrowser) DecodeCodes() []string {
+	if IsNull(this.Codes) {
+		return nil
+	}
+
+	var result = []string{}
+	err := json.Unmarshal(this.Codes, &result)
+	if err != nil {
+		remotelogs.Error("FormalClientBrowser.DecodeCodes", err.Error())
+	}
+
+	return result
+}

internal/db/models/formal_client_system_dao.go

@@ -0,0 +1,207 @@
+package models
+
+import (
+	"encoding/json"
+	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	FormalClientSystemStateEnabled  = 1 // 已启用
+	FormalClientSystemStateDisabled = 0 // 已禁用
+)
+
+type FormalClientSystemDAO dbs.DAO
+
+func NewFormalClientSystemDAO() *FormalClientSystemDAO {
+	return dbs.NewDAO(&FormalClientSystemDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeFormalClientSystems",
+			Model:  new(FormalClientSystem),
+			PkName: "id",
+		},
+	}).(*FormalClientSystemDAO)
+}
+
+var SharedFormalClientSystemDAO *FormalClientSystemDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedFormalClientSystemDAO = NewFormalClientSystemDAO()
+	})
+}
+
+// EnableFormalClientSystem 启用条目
+func (this *FormalClientSystemDAO) EnableFormalClientSystem(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientSystemStateEnabled).
+		Update()
+	return err
+}
+
+// DisableFormalClientSystem 禁用条目
+func (this *FormalClientSystemDAO) DisableFormalClientSystem(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientSystemStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledFormalClientSystem 查找启用中的条目
+func (this *FormalClientSystemDAO) FindEnabledFormalClientSystem(tx *dbs.Tx, id int64) (*FormalClientSystem, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(FormalClientSystemStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*FormalClientSystem), err
+}
+
+// FindFormalClientSystemName 根据主键查找名称
+func (this *FormalClientSystemDAO) FindFormalClientSystemName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// FindSystemIdWithNameCacheable 根据操作系统名称查找系统ID
+func (this *FormalClientSystemDAO) FindSystemIdWithNameCacheable(tx *dbs.Tx, systemName string) (int64, error) {
+	var cacheKey = "formalClientSystem:" + systemName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return types.Int64(cacheItem.Value), nil
+	}
+
+	// 先使用 name 查找，因为有索引，所以会快一些
+	systemId, err := this.Query(tx).
+		Attr("name", systemName).
+		ResultPk().
+		FindInt64Col(0)
+	if err != nil {
+		return 0, err
+	}
+
+	if systemId == 0 {
+		systemId, err = this.Query(tx).
+			Where("JSON_CONTAINS(codes, :systemName)").
+			Param("systemName", strconv.Quote(systemName)). // 查询的需要是个JSON字符串，所以这里加双引号
+			ResultPk().
+			FindInt64Col(0)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	// 即使找不到也要放入到缓存中
+	ttlcache.SharedCache.Write(cacheKey, systemId, time.Now().Unix()+3600)
+
+	return systemId, nil
+}
+
+// CreateSystem 创建操作系统信息
+func (this *FormalClientSystemDAO) CreateSystem(tx *dbs.Tx, name string, codes []string, dataId string) (int64, error) {
+	if len(dataId) == 0 {
+		return 0, errors.New("invalid dataId")
+	}
+
+	// 检查 dataId 是否已经存在
+	exists, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Exist()
+	if err != nil {
+		return 0, err
+	}
+	if exists {
+		return 0, errors.New("dataId '" + dataId + "' already exists")
+	}
+
+	var op = NewFormalClientSystemOperator()
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return 0, err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	op.State = FormalClientSystemStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// UpdateSystem 修改操作系统信息
+func (this *FormalClientSystemDAO) UpdateSystem(tx *dbs.Tx, systemId int64, name string, codes []string, dataId string) error {
+	if systemId <= 0 {
+		return errors.New("invalid systemId '" + types.String(systemId) + "'")
+	}
+	if len(dataId) == 0 {
+		return errors.New("invalid dataId")
+	}
+
+	var op = NewFormalClientSystemOperator()
+	op.Id = systemId
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	return this.Save(tx, op)
+}
+
+// CountSystems 计算操作系统数量
+func (this *FormalClientSystemDAO) CountSystems(tx *dbs.Tx, keyword string) (int64, error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	return query.Count()
+}
+
+// ListSystems 列出单页操作系统信息
+func (this *FormalClientSystemDAO) ListSystems(tx *dbs.Tx, keyword string, offset int64, size int64) (result []*FormalClientSystem, err error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	_, err = query.
+		Offset(offset).
+		Limit(size).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindSystemWithDataId 根据dataId查找操作系统信息
+func (this *FormalClientSystemDAO) FindSystemWithDataId(tx *dbs.Tx, dataId string) (*FormalClientSystem, error) {
+	one, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+
+	return one.(*FormalClientSystem), nil
+}

internal/db/models/formal_client_system_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/formal_client_system_model.go

@@ -0,0 +1,24 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// FormalClientSystem 终端操作系统信息
+type FormalClientSystem struct {
+	Id     uint32   `field:"id"`     // ID
+	Name   string   `field:"name"`   // 系统名称
+	Codes  dbs.JSON `field:"codes"`  // 代号
+	State  uint8    `field:"state"`  // 状态
+	DataId string   `field:"dataId"` // 数据ID
+}
+
+type FormalClientSystemOperator struct {
+	Id     any // ID
+	Name   any // 系统名称
+	Codes  any // 代号
+	State  any // 状态
+	DataId any // 数据ID
+}
+
+func NewFormalClientSystemOperator() *FormalClientSystemOperator {
+	return &FormalClientSystemOperator{}
+}

internal/db/models/formal_client_system_model_ext.go

@@ -0,0 +1,21 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+)
+
+// DecodeCodes 解析代号
+func (this *FormalClientSystem) DecodeCodes() []string {
+	if IsNull(this.Codes) {
+		return nil
+	}
+
+	var result = []string{}
+	err := json.Unmarshal(this.Codes, &result)
+	if err != nil {
+		remotelogs.Error("FormalClientSystem.DecodeCodes", err.Error())
+	}
+
+	return result
+}

internal/db/models/http_access_log_dao.go

@@ -7,8 +7,8 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/goman"
 	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
-	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeAPI/internal/zero"
+	"github.com/TeaOSLab/EdgeCommon/pkg/iputils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
@@ -232,12 +232,12 @@ Loop:
 
 // CreateHTTPAccessLog 写入单条访问日志
 func (this *HTTPAccessLogDAO) CreateHTTPAccessLog(tx *dbs.Tx, dao *HTTPAccessLogDAO, accessLog *pb.HTTPAccessLog) error {
-	var day = ""
+	var day string
 	// 注意：如果你修改了 TimeISO8601 的逻辑，这里也需要同步修改
 	if len(accessLog.TimeISO8601) > 10 {
 		day = strings.ReplaceAll(accessLog.TimeISO8601[:10], "-", "")
 	} else {
-		timeutil.FormatTime("Ymd", accessLog.Timestamp)
+		day = timeutil.FormatTime("Ymd", accessLog.Timestamp)
 	}
 
 	tableDef, err := SharedHTTPAccessLogManager.FindLastTable(dao.Instance, day, true)
@@ -245,7 +245,7 @@ func (this *HTTPAccessLogDAO) CreateHTTPAccessLog(tx *dbs.Tx, dao *HTTPAccessLog
 		return err
 	}
 
-	fields := map[string]interface{}{}
+	var fields = map[string]any{}
 	fields["serverId"] = accessLog.ServerId
 	fields["nodeId"] = accessLog.NodeId
 	fields["status"] = accessLog.Status
@@ -265,7 +265,11 @@ func (this *HTTPAccessLogDAO) CreateHTTPAccessLog(tx *dbs.Tx, dao *HTTPAccessLog
 		fields["remoteAddr"] = accessLog.RemoteAddr
 	}
 	if tableDef.HasDomain {
-		fields["domain"] = accessLog.Host
+		if len(accessLog.Host) > 128 {
+			fields["domain"] = accessLog.Host[:128]
+		} else {
+			fields["domain"] = accessLog.Host
+		}
 	}
 
 	content, err := json.Marshal(accessLog)
@@ -460,6 +464,8 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 	var requestPathReg = regexp.MustCompile(`requestPath:(\S+)`)
 	var protoReg = regexp.MustCompile(`proto:(\S+)`)
 	var schemeReg = regexp.MustCompile(`scheme:(\S+)`)
+	var methodReg = regexp.MustCompile(`(?:method|requestMethod):(\S+)`)
+	var refererReg = regexp.MustCompile(`referer:(\S+)`)
 
 	var count = len(tableQueries)
 	var wg = &sync.WaitGroup{}
@@ -514,14 +520,14 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 
 			// keyword
 			if len(ip) > 0 {
-				// TODO 支持IP范围
+				// TODO 支持IPv6范围
 				if tableQuery.hasRemoteAddrField {
 					// IP格式
 					if strings.Contains(ip, ",") || strings.Contains(ip, "-") {
 						rangeConfig, err := shared.ParseIPRange(ip)
 						if err == nil {
 							if len(rangeConfig.IPFrom) > 0 && len(rangeConfig.IPTo) > 0 {
-								query.Between("INET_ATON(remoteAddr)", utils.IP2Long(rangeConfig.IPFrom), utils.IP2Long(rangeConfig.IPTo))
+								query.Between("INET_ATON(remoteAddr)", iputils.ToLong(rangeConfig.IPFrom), iputils.ToLong(rangeConfig.IPTo))
 							}
 						}
 					} else {
@@ -574,7 +580,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 					if len(pieces) == 1 || len(pieces[1]) == 0 || pieces[0] == pieces[1] {
 						query.Attr("remoteAddr", pieces[0])
 					} else {
-						query.Between("INET_ATON(remoteAddr)", utils.IP2Long(pieces[0]), utils.IP2Long(pieces[1]))
+						query.Between("INET_ATON(remoteAddr)", iputils.ToLong(pieces[0]), iputils.ToLong(pieces[1]))
 					}
 				} else if statusRangeReg.MatchString(keyword) { // status:200-400
 					isSpecialKeyword = true
@@ -607,6 +613,16 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 						query.Where("JSON_EXTRACT(content, '$.requestURI') LIKE :keyword").
 							Param("keyword", dbutils.QuoteLikePrefix("\""+u.RequestURI()))
 					}
+				} else if methodReg.MatchString(keyword) { // method|requestMethod:xxx
+					isSpecialKeyword = true
+					var matches = methodReg.FindStringSubmatch(keyword)
+					query.Where("JSON_EXTRACT(content, '$.requestMethod')=:keyword").
+						Param("keyword", strings.ToUpper(matches[1]))
+				} else if refererReg.MatchString(keyword) {
+					isSpecialKeyword = true
+					var matches = refererReg.FindStringSubmatch(keyword)
+					query.Where("JSON_EXTRACT(content, '$.referer') LIKE :keyword").
+						Param("keyword", dbutils.QuoteLike(matches[1]))
 				}
 				if !isSpecialKeyword {
 					if regexp.MustCompile(`^ip:.+`).MatchString(keyword) {
@@ -851,8 +867,4 @@ func (this *HTTPAccessLogDAO) SetupQueue() {
 		oldAccessLogQueue = accessLogQueue
 		accessLogQueue = make(chan *pb.HTTPAccessLog, config.MaxLength)
 	}
-
-	if Tea.IsTesting() {
-		remotelogs.Println("HTTP_ACCESS_LOG_QUEUE", "change queue "+string(configJSON))
-	}
 }

internal/db/models/http_access_log_manager.go

@@ -41,7 +41,7 @@ func (this *HTTPAccessLogManager) FindTableNames(db *dbs.DB, day string) ([]stri
 	for _, prefix := range []string{"edgeHTTPAccessLogs_" + day + "%", "edgehttpaccesslogs_" + day + "%"} {
 		ones, columnNames, err := db.FindPreparedOnes(`SHOW TABLES LIKE '` + prefix + `'`)
 		if err != nil {
-			return nil, errors.New("query table names error: " + err.Error())
+			return nil, fmt.Errorf("query table names error: %w", err)
 		}
 
 		var columnName = columnNames[0]
@@ -88,7 +88,7 @@ func (this *HTTPAccessLogManager) FindTables(db *dbs.DB, day string) ([]*httpAcc
 	for _, prefix := range []string{"edgeHTTPAccessLogs_" + day + "%", "edgehttpaccesslogs_" + day + "%"} {
 		ones, columnNames, err := db.FindPreparedOnes(`SHOW TABLES LIKE '` + prefix + `'`)
 		if err != nil {
-			return nil, errors.New("query table names error: " + err.Error())
+			return nil, fmt.Errorf("query table names error: %w", err)
 		}
 
 		var columnName = columnNames[0]
@@ -239,7 +239,7 @@ func (this *HTTPAccessLogManager) FindLastTable(db *dbs.DB, day string, force bo
 
 // CreateTable 创建访问日志表格
 func (this *HTTPAccessLogManager) CreateTable(db *dbs.DB, tableName string) error {
-	_, err := db.Exec("CREATE TABLE `" + tableName + "` (\n  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `nodeId` int(11) unsigned DEFAULT '0' COMMENT '节点ID',\n  `status` int(3) unsigned DEFAULT '0' COMMENT '状态码',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `content` json DEFAULT NULL COMMENT '日志内容',\n  `requestId` varchar(128) DEFAULT NULL COMMENT '请求ID',\n  `firewallPolicyId` int(11) unsigned DEFAULT '0' COMMENT 'WAF策略ID',\n  `firewallRuleGroupId` int(11) unsigned DEFAULT '0' COMMENT 'WAF分组ID',\n  `firewallRuleSetId` int(11) unsigned DEFAULT '0' COMMENT 'WAF集ID',\n  `firewallRuleId` int(11) unsigned DEFAULT '0' COMMENT 'WAF规则ID',\n  `remoteAddr` varchar(64) DEFAULT NULL COMMENT 'IP地址',\n  `domain` varchar(128) DEFAULT NULL COMMENT '域名',\n  `requestBody` mediumblob COMMENT '请求内容',\n  `responseBody` mediumblob COMMENT '响应内容',\n  PRIMARY KEY (`id`),\n  KEY `serverId` (`serverId`),\n  KEY `nodeId` (`nodeId`),\n  KEY `serverId_status` (`serverId`,`status`),\n  KEY `requestId` (`requestId`),\n  KEY `firewallPolicyId` (`firewallPolicyId`),\n  KEY `firewallRuleGroupId` (`firewallRuleGroupId`),\n  KEY `firewallRuleSetId` (`firewallRuleSetId`),\n  KEY `firewallRuleId` (`firewallRuleId`),\n  KEY `remoteAddr` (`remoteAddr`),\n  KEY `domain` (`domain`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='访问日志';")
+	_, err := db.Exec("CREATE TABLE `" + tableName + "` (\n  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `nodeId` int(11) unsigned DEFAULT '0' COMMENT '节点ID',\n  `status` int(3) unsigned DEFAULT '0' COMMENT '状态码',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `content` json DEFAULT NULL COMMENT '日志内容',\n  `requestId` varchar(128) DEFAULT NULL COMMENT '请求ID',\n  `firewallPolicyId` int(11) unsigned DEFAULT '0' COMMENT 'WAF策略ID',\n  `firewallRuleGroupId` int(11) unsigned DEFAULT '0' COMMENT 'WAF分组ID',\n  `firewallRuleSetId` int(11) unsigned DEFAULT '0' COMMENT 'WAF集ID',\n  `firewallRuleId` int(11) unsigned DEFAULT '0' COMMENT 'WAF规则ID',\n  `remoteAddr` varchar(64) DEFAULT NULL COMMENT 'IP地址',\n  `domain` varchar(255) DEFAULT NULL COMMENT '域名',\n  `requestBody` mediumblob COMMENT '请求内容',\n  `responseBody` mediumblob COMMENT '响应内容',\n  PRIMARY KEY (`id`),\n  KEY `serverId` (`serverId`),\n  KEY `nodeId` (`nodeId`),\n  KEY `serverId_status` (`serverId`,`status`),\n  KEY `requestId` (`requestId`),\n  KEY `firewallPolicyId` (`firewallPolicyId`),\n  KEY `firewallRuleGroupId` (`firewallRuleGroupId`),\n  KEY `firewallRuleSetId` (`firewallRuleSetId`),\n  KEY `firewallRuleId` (`firewallRuleId`),\n  KEY `remoteAddr` (`remoteAddr`),\n  KEY `domain` (`domain`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='访问日志';")
 	if err != nil {
 		if CheckSQLErrCode(err, 1050) { // Error 1050: Table 'xxx' already exists
 			return nil
@@ -373,7 +373,7 @@ func (this *HTTPAccessLogManager) findTableWithoutCache(db *dbs.DB, day string,
 		var lastInt64Id = types.Int64(lastId)
 		if accessLogRowsPerTable > 0 && lastInt64Id >= accessLogRowsPerTable {
 			// create next partial table
-			var nextTableName = ""
+			var nextTableName string
 			if accessLogTableMainReg.MatchString(lastTableName) {
 				nextTableName = prefix + "_0001"
 			} else if accessLogTablePartialReg.MatchString(lastTableName) {

internal/db/models/http_access_log_policy_dao.go

@@ -107,7 +107,7 @@ func (this *HTTPAccessLogPolicyDAO) FindAllEnabledAndOnPolicies(tx *dbs.Tx) (res
 }
 
 // CreatePolicy 创建策略
-func (this *HTTPAccessLogPolicyDAO) CreatePolicy(tx *dbs.Tx, name string, policyType string, optionsJSON []byte, condsJSON []byte, isPublic bool, firewallOnly bool) (policyId int64, err error) {
+func (this *HTTPAccessLogPolicyDAO) CreatePolicy(tx *dbs.Tx, name string, policyType string, optionsJSON []byte, condsJSON []byte, isPublic bool, firewallOnly bool, disableDefaultDB bool) (policyId int64, err error) {
 	var op = NewHTTPAccessLogPolicyOperator()
 	op.Name = name
 	op.Type = policyType
@@ -120,12 +120,13 @@ func (this *HTTPAccessLogPolicyDAO) CreatePolicy(tx *dbs.Tx, name string, policy
 	op.IsPublic = isPublic
 	op.IsOn = true
 	op.FirewallOnly = firewallOnly
+	op.DisableDefaultDB = disableDefaultDB
 	op.State = HTTPAccessLogPolicyStateEnabled
 	return this.SaveInt64(tx, op)
 }
 
 // UpdatePolicy 修改策略
-func (this *HTTPAccessLogPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, name string, optionsJSON []byte, condsJSON []byte, isPublic bool, firewallOnly bool, isOn bool) error {
+func (this *HTTPAccessLogPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, name string, optionsJSON []byte, condsJSON []byte, isPublic bool, firewallOnly bool, disableDefaultDB bool, isOn bool) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -159,6 +160,7 @@ func (this *HTTPAccessLogPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, nam
 
 	op.IsPublic = isPublic
 	op.FirewallOnly = firewallOnly
+	op.DisableDefaultDB = disableDefaultDB
 	op.IsOn = isOn
 	return this.Save(tx, op)
 }

internal/db/models/http_access_log_policy_model.go

@@ -2,39 +2,59 @@ package models
 
 import "github.com/iwind/TeaGo/dbs"
 
+const (
+	HTTPAccessLogPolicyField_Id               dbs.FieldName = "id"               // ID
+	HTTPAccessLogPolicyField_TemplateId       dbs.FieldName = "templateId"       // 模版ID
+	HTTPAccessLogPolicyField_AdminId          dbs.FieldName = "adminId"          // 管理员ID
+	HTTPAccessLogPolicyField_UserId           dbs.FieldName = "userId"           // 用户ID
+	HTTPAccessLogPolicyField_State            dbs.FieldName = "state"            // 状态
+	HTTPAccessLogPolicyField_CreatedAt        dbs.FieldName = "createdAt"        // 创建时间
+	HTTPAccessLogPolicyField_Name             dbs.FieldName = "name"             // 名称
+	HTTPAccessLogPolicyField_IsOn             dbs.FieldName = "isOn"             // 是否启用
+	HTTPAccessLogPolicyField_Type             dbs.FieldName = "type"             // 存储类型
+	HTTPAccessLogPolicyField_Options          dbs.FieldName = "options"          // 存储选项
+	HTTPAccessLogPolicyField_Conds            dbs.FieldName = "conds"            // 请求条件
+	HTTPAccessLogPolicyField_IsPublic         dbs.FieldName = "isPublic"         // 是否为公用
+	HTTPAccessLogPolicyField_FirewallOnly     dbs.FieldName = "firewallOnly"     // 是否只记录防火墙相关
+	HTTPAccessLogPolicyField_Version          dbs.FieldName = "version"          // 版本号
+	HTTPAccessLogPolicyField_DisableDefaultDB dbs.FieldName = "disableDefaultDB" // 是否停止默认数据库存储
+)
+
 // HTTPAccessLogPolicy 访问日志策略
 type HTTPAccessLogPolicy struct {
-	Id           uint32   `field:"id"`           // ID
-	TemplateId   uint32   `field:"templateId"`   // 模版ID
-	AdminId      uint32   `field:"adminId"`      // 管理员ID
-	UserId       uint32   `field:"userId"`       // 用户ID
-	State        uint8    `field:"state"`        // 状态
-	CreatedAt    uint64   `field:"createdAt"`    // 创建时间
-	Name         string   `field:"name"`         // 名称
-	IsOn         bool     `field:"isOn"`         // 是否启用
-	Type         string   `field:"type"`         // 存储类型
-	Options      dbs.JSON `field:"options"`      // 存储选项
-	Conds        dbs.JSON `field:"conds"`        // 请求条件
-	IsPublic     bool     `field:"isPublic"`     // 是否为公用
-	FirewallOnly uint8    `field:"firewallOnly"` // 是否只记录防火墙相关
-	Version      uint32   `field:"version"`      // 版本号
+	Id               uint32   `field:"id"`               // ID
+	TemplateId       uint32   `field:"templateId"`       // 模版ID
+	AdminId          uint32   `field:"adminId"`          // 管理员ID
+	UserId           uint32   `field:"userId"`           // 用户ID
+	State            uint8    `field:"state"`            // 状态
+	CreatedAt        uint64   `field:"createdAt"`        // 创建时间
+	Name             string   `field:"name"`             // 名称
+	IsOn             bool     `field:"isOn"`             // 是否启用
+	Type             string   `field:"type"`             // 存储类型
+	Options          dbs.JSON `field:"options"`          // 存储选项
+	Conds            dbs.JSON `field:"conds"`            // 请求条件
+	IsPublic         bool     `field:"isPublic"`         // 是否为公用
+	FirewallOnly     uint8    `field:"firewallOnly"`     // 是否只记录防火墙相关
+	Version          uint32   `field:"version"`          // 版本号
+	DisableDefaultDB bool     `field:"disableDefaultDB"` // 是否停止默认数据库存储
 }
 
 type HTTPAccessLogPolicyOperator struct {
-	Id           interface{} // ID
-	TemplateId   interface{} // 模版ID
-	AdminId      interface{} // 管理员ID
-	UserId       interface{} // 用户ID
-	State        interface{} // 状态
-	CreatedAt    interface{} // 创建时间
-	Name         interface{} // 名称
-	IsOn         interface{} // 是否启用
-	Type         interface{} // 存储类型
-	Options      interface{} // 存储选项
-	Conds        interface{} // 请求条件
-	IsPublic     interface{} // 是否为公用
-	FirewallOnly interface{} // 是否只记录防火墙相关
-	Version      interface{} // 版本号
+	Id               any // ID
+	TemplateId       any // 模版ID
+	AdminId          any // 管理员ID
+	UserId           any // 用户ID
+	State            any // 状态
+	CreatedAt        any // 创建时间
+	Name             any // 名称
+	IsOn             any // 是否启用
+	Type             any // 存储类型
+	Options          any // 存储选项
+	Conds            any // 请求条件
+	IsPublic         any // 是否为公用
+	FirewallOnly     any // 是否只记录防火墙相关
+	Version          any // 版本号
+	DisableDefaultDB any // 是否停止默认数据库存储
 }
 
 func NewHTTPAccessLogPolicyOperator() *HTTPAccessLogPolicyOperator {

internal/db/models/http_auth_policy_dao.go

@@ -96,6 +96,27 @@ func (this *HTTPAuthPolicyDAO) UpdateHTTPAuthPolicy(tx *dbs.Tx, policyId int64,
 	return this.NotifyUpdate(tx, policyId)
 }
 
+// CloneAuthPolicy 复制策略
+func (this *HTTPAuthPolicyDAO) CloneAuthPolicy(tx *dbs.Tx, fromPolicyId int64) (int64, error) {
+	policyOne, err := this.Query(tx).
+		Pk(fromPolicyId).
+		Find()
+	if err != nil || policyOne == nil {
+		return 0, err
+	}
+	var policy = policyOne.(*HTTPAuthPolicy)
+
+	var op = NewHTTPAuthPolicyOperator()
+	op.IsOn = policy.IsOn
+	op.Name = policy.Name
+	op.Type = policy.Type
+	if len(policy.Params) > 0 {
+		op.Params = policy.Params
+	}
+	op.State = policy.State
+	return this.SaveInt64(tx, op)
+}
+
 // ComposePolicyConfig 组合配置
 func (this *HTTPAuthPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheMap *utils.CacheMap) (*serverconfigs.HTTPAuthPolicy, error) {
 	if cacheMap == nil {

internal/db/models/http_cache_policy_dao.go

@@ -96,7 +96,7 @@ func (this *HTTPCachePolicyDAO) FindAllEnabledCachePolicies(tx *dbs.Tx) (result
 }
 
 // CreateCachePolicy 创建缓存策略
-func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name string, description string, capacityJSON []byte, maxKeys int64, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool) (int64, error) {
+func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name string, description string, capacityJSON []byte, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool, fetchTimeoutJSON []byte) (int64, error) {
 	var op = NewHTTPCachePolicyOperator()
 	op.State = HTTPCachePolicyStateEnabled
 	op.IsOn = isOn
@@ -105,7 +105,6 @@ func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name st
 	if len(capacityJSON) > 0 {
 		op.Capacity = capacityJSON
 	}
-	op.MaxKeys = maxKeys
 	if len(maxSizeJSON) > 0 {
 		op.MaxSize = maxSizeJSON
 	}
@@ -115,6 +114,10 @@ func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name st
 	}
 	op.SyncCompressionCache = syncCompressionCache
 
+	if len(fetchTimeoutJSON) > 0 {
+		op.FetchTimeout = fetchTimeoutJSON
+	}
+
 	// 默认的缓存条件
 	cacheRef := &serverconfigs.HTTPCacheRef{
 		IsOn:                  true,
@@ -129,7 +132,7 @@ func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name st
 		SimpleCond: &shared.HTTPRequestCond{
 			Type:      "url-extension",
 			IsRequest: true,
-			Param:     "${requestPathExtension}",
+			Param:     "${requestPathLowerExtension}",
 			Operator:  shared.RequestCondOperatorIn,
 			Value:     `[".html", ".js", ".css", ".gif", ".png", ".bmp", ".jpeg", ".jpg", ".webp", ".ico", ".pdf", ".ttf", ".eot", ".tiff", ".svg", ".svgz", ".eps", ".woff", ".otf", ".woff2", ".tif", ".csv", ".xls", ".xlsx", ".doc", ".docx", ".ppt", ".pptx", ".wav", ".mp3", ".mp4", ".ogg", ".mid", ".midi"]`,
 		},
@@ -171,7 +174,8 @@ func (this *HTTPCachePolicyDAO) CreateDefaultCachePolicy(tx *dbs.Tx, name string
 	}
 
 	var storageOptions = &serverconfigs.HTTPFileCacheStorage{
-		Dir: "/opt/cache",
+		Dir:        "/opt/cache",
+		EnableMMAP: false,
 		MemoryPolicy: &serverconfigs.HTTPCachePolicy{
 			Capacity: &shared.SizeCapacity{
 				Count: 1,
@@ -184,7 +188,7 @@ func (this *HTTPCachePolicyDAO) CreateDefaultCachePolicy(tx *dbs.Tx, name string
 		return 0, err
 	}
 
-	policyId, err := this.CreateCachePolicy(tx, true, "\""+name+"\"缓存策略", "默认创建的缓存策略", capacityJSON, 0, maxSizeJSON, serverconfigs.CachePolicyStorageFile, storageOptionsJSON, false)
+	policyId, err := this.CreateCachePolicy(tx, true, "\""+name+"\"缓存策略", "默认创建的缓存策略", capacityJSON, maxSizeJSON, serverconfigs.CachePolicyStorageFile, storageOptionsJSON, false, nil)
 	if err != nil {
 		return 0, err
 	}
@@ -192,7 +196,7 @@ func (this *HTTPCachePolicyDAO) CreateDefaultCachePolicy(tx *dbs.Tx, name string
 }
 
 // UpdateCachePolicy 修改缓存策略
-func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, capacityJSON []byte, maxKeys int64, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool) error {
+func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, capacityJSON []byte, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool, fetchTimeoutJSON []byte) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -205,7 +209,6 @@ func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, is
 	if len(capacityJSON) > 0 {
 		op.Capacity = capacityJSON
 	}
-	op.MaxKeys = maxKeys
 	if len(maxSizeJSON) > 0 {
 		op.MaxSize = maxSizeJSON
 	}
@@ -214,6 +217,9 @@ func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, is
 		op.Options = storageOptionsJSON
 	}
 	op.SyncCompressionCache = syncCompressionCache
+	if len(fetchTimeoutJSON) > 0 {
+		op.FetchTimeout = fetchTimeoutJSON
+	}
 	err := this.Save(tx, op)
 	if err != nil {
 		return err
@@ -239,7 +245,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 	if policy == nil {
 		return nil, nil
 	}
-	config := &serverconfigs.HTTPCachePolicy{}
+	var config = &serverconfigs.HTTPCachePolicy{}
 	config.Id = int64(policy.Id)
 	config.IsOn = policy.IsOn
 	config.Name = policy.Name
@@ -248,7 +254,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 
 	// capacity
 	if IsNotNull(policy.Capacity) {
-		capacityConfig := &shared.SizeCapacity{}
+		var capacityConfig = &shared.SizeCapacity{}
 		err = json.Unmarshal(policy.Capacity, capacityConfig)
 		if err != nil {
 			return nil, err
@@ -256,11 +262,9 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 		config.Capacity = capacityConfig
 	}
 
-	config.MaxKeys = types.Int64(policy.MaxKeys)
-
 	// max size
 	if IsNotNull(policy.MaxSize) {
-		maxSizeConfig := &shared.SizeCapacity{}
+		var maxSizeConfig = &shared.SizeCapacity{}
 		err = json.Unmarshal(policy.MaxSize, maxSizeConfig)
 		if err != nil {
 			return nil, err
@@ -272,7 +276,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 
 	// options
 	if IsNotNull(policy.Options) {
-		m := map[string]interface{}{}
+		var m = map[string]any{}
 		err = json.Unmarshal(policy.Options, &m)
 		if err != nil {
 			return nil, errors.Wrap(err)
@@ -282,7 +286,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 
 	// refs
 	if IsNotNull(policy.Refs) {
-		refs := []*serverconfigs.HTTPCacheRef{}
+		var refs = []*serverconfigs.HTTPCacheRef{}
 		err = json.Unmarshal(policy.Refs, &refs)
 		if err != nil {
 			return nil, err
@@ -290,6 +294,16 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 		config.CacheRefs = refs
 	}
 
+	// fetch timeout
+	if IsNotNull(policy.FetchTimeout) {
+		var timeoutDuration = &shared.TimeDuration{}
+		err = json.Unmarshal(policy.FetchTimeout, timeoutDuration)
+		if err != nil {
+			return nil, err
+		}
+		config.FetchTimeout = timeoutDuration
+	}
+
 	if cacheMap != nil {
 		cacheMap.Put(cacheKey, config)
 	}

internal/db/models/http_cache_policy_model.go

@@ -2,6 +2,26 @@ package models
 
 import "github.com/iwind/TeaGo/dbs"
 
+const (
+	HTTPCachePolicyField_Id                   dbs.FieldName = "id"                   // ID
+	HTTPCachePolicyField_AdminId              dbs.FieldName = "adminId"              // 管理员ID
+	HTTPCachePolicyField_UserId               dbs.FieldName = "userId"               // 用户ID
+	HTTPCachePolicyField_TemplateId           dbs.FieldName = "templateId"           // 模版ID
+	HTTPCachePolicyField_IsOn                 dbs.FieldName = "isOn"                 // 是否启用
+	HTTPCachePolicyField_Name                 dbs.FieldName = "name"                 // 名称
+	HTTPCachePolicyField_Capacity             dbs.FieldName = "capacity"             // 容量数据
+	HTTPCachePolicyField_MaxKeys              dbs.FieldName = "maxKeys"              // 最多Key值
+	HTTPCachePolicyField_MaxSize              dbs.FieldName = "maxSize"              // 最大缓存内容尺寸
+	HTTPCachePolicyField_Type                 dbs.FieldName = "type"                 // 存储类型
+	HTTPCachePolicyField_Options              dbs.FieldName = "options"              // 存储选项
+	HTTPCachePolicyField_CreatedAt            dbs.FieldName = "createdAt"            // 创建时间
+	HTTPCachePolicyField_State                dbs.FieldName = "state"                // 状态
+	HTTPCachePolicyField_Description          dbs.FieldName = "description"          // 描述
+	HTTPCachePolicyField_Refs                 dbs.FieldName = "refs"                 // 默认的缓存设置
+	HTTPCachePolicyField_SyncCompressionCache dbs.FieldName = "syncCompressionCache" // 是否同步写入压缩缓存
+	HTTPCachePolicyField_FetchTimeout         dbs.FieldName = "fetchTimeout"         // 预热超时时间
+)
+
 // HTTPCachePolicy HTTP缓存策略
 type HTTPCachePolicy struct {
 	Id                   uint32   `field:"id"`                   // ID
@@ -20,25 +40,27 @@ type HTTPCachePolicy struct {
 	Description          string   `field:"description"`          // 描述
 	Refs                 dbs.JSON `field:"refs"`                 // 默认的缓存设置
 	SyncCompressionCache uint8    `field:"syncCompressionCache"` // 是否同步写入压缩缓存
+	FetchTimeout         dbs.JSON `field:"fetchTimeout"`         // 预热超时时间
 }
 
 type HTTPCachePolicyOperator struct {
-	Id                   interface{} // ID
-	AdminId              interface{} // 管理员ID
-	UserId               interface{} // 用户ID
-	TemplateId           interface{} // 模版ID
-	IsOn                 interface{} // 是否启用
-	Name                 interface{} // 名称
-	Capacity             interface{} // 容量数据
-	MaxKeys              interface{} // 最多Key值
-	MaxSize              interface{} // 最大缓存内容尺寸
-	Type                 interface{} // 存储类型
-	Options              interface{} // 存储选项
-	CreatedAt            interface{} // 创建时间
-	State                interface{} // 状态
-	Description          interface{} // 描述
-	Refs                 interface{} // 默认的缓存设置
-	SyncCompressionCache interface{} // 是否同步写入压缩缓存
+	Id                   any // ID
+	AdminId              any // 管理员ID
+	UserId               any // 用户ID
+	TemplateId           any // 模版ID
+	IsOn                 any // 是否启用
+	Name                 any // 名称
+	Capacity             any // 容量数据
+	MaxKeys              any // 最多Key值
+	MaxSize              any // 最大缓存内容尺寸
+	Type                 any // 存储类型
+	Options              any // 存储选项
+	CreatedAt            any // 创建时间
+	State                any // 状态
+	Description          any // 描述
+	Refs                 any // 默认的缓存设置
+	SyncCompressionCache any // 是否同步写入压缩缓存
+	FetchTimeout         any // 预热超时时间
 }
 
 func NewHTTPCachePolicyOperator() *HTTPCachePolicyOperator {

internal/db/models/http_cache_task_dao.go

@@ -33,7 +33,7 @@ func init() {
 		var ticker = time.NewTicker(time.Duration(rands.Int(24, 48)) * time.Hour)
 		goman.New(func() {
 			for range ticker.C {
-				err := SharedHTTPCacheTaskDAO.Clean(nil, 30) // 只保留N天
+				err := SharedHTTPCacheTaskDAO.CleanDefaultDays(nil, 30) // 只保留N天
 				if err != nil {
 					remotelogs.Error("HTTPCacheTaskDAO", "clean expired data failed: "+err.Error())
 				}
@@ -206,6 +206,7 @@ func (this *HTTPCacheTaskDAO) UpdateTaskStatus(tx *dbs.Tx, taskId int64, isDone
 
 	if isDone {
 		op.DoneAt = time.Now().Unix()
+		op.IsReady = true // 让后台列表能列出来
 	}
 
 	return this.Save(tx, op)
@@ -227,8 +228,8 @@ func (this *HTTPCacheTaskDAO) CheckUserTask(tx *dbs.Tx, userId int64, taskId int
 	return nil
 }
 
-// Clean 清理以往的任务
-func (this *HTTPCacheTaskDAO) Clean(tx *dbs.Tx, days int) error {
+// CleanDays 清理N天以前的任务
+func (this *HTTPCacheTaskDAO) CleanDays(tx *dbs.Tx, days int) error {
 	if days <= 0 {
 		days = 30
 	}
@@ -247,6 +248,23 @@ func (this *HTTPCacheTaskDAO) Clean(tx *dbs.Tx, days int) error {
 	return err
 }
 
+// CleanDefaultDays 清除任务
+func (this *HTTPCacheTaskDAO) CleanDefaultDays(tx *dbs.Tx, defaultDays int) error {
+	databaseConfig, err := SharedSysSettingDAO.ReadDatabaseConfig(tx)
+	if err != nil {
+		return err
+	}
+
+	if databaseConfig != nil && databaseConfig.HTTPCacheTask.Clean.Days > 0 {
+		defaultDays = databaseConfig.HTTPCacheTask.Clean.Days
+	}
+	if defaultDays <= 0 {
+		defaultDays = 30
+	}
+
+	return this.CleanDays(tx, defaultDays)
+}
+
 // NotifyChange 发送通知
 func (this *HTTPCacheTaskDAO) NotifyChange(tx *dbs.Tx, taskId int64) error {
 	// TODO

internal/db/models/http_cache_task_dao_test.go

@@ -11,7 +11,7 @@ import (
 func TestHTTPCacheTaskDAO_Clean(t *testing.T) {
 	dbs.NotifyReady()
 
-	err := models.SharedHTTPCacheTaskDAO.Clean(nil, 30)
+	err := models.SharedHTTPCacheTaskDAO.CleanDays(nil, 30)
 	if err != nil {
 		t.Fatal(err)
 	}

internal/db/models/http_firewall_policy_dao.go

@@ -132,9 +132,9 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 		op.Outbound = outboundJSON
 	}
 
-	if userId <= 0 && serverGroupId <=0 && serverId <= 0 {
+	if userId <= 0 && serverGroupId <= 0 && serverId <= 0 {
 		// synFlood
-		var synFloodConfig = firewallconfigs.DefaultSYNFloodConfig()
+		var synFloodConfig = firewallconfigs.NewSYNFloodConfig()
 		synFloodJSON, err := json.Marshal(synFloodConfig)
 		if err != nil {
 			return 0, err
@@ -142,20 +142,36 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 		op.SynFlood = synFloodJSON
 
 		// block options
-		var blockOptions = firewallconfigs.DefaultHTTPFirewallBlockAction()
+		var blockOptions = firewallconfigs.NewHTTPFirewallBlockAction()
 		blockOptionsJSON, err := json.Marshal(blockOptions)
 		if err != nil {
 			return 0, err
 		}
 		op.BlockOptions = blockOptionsJSON
 
+		// page options
+		var pageOptions = firewallconfigs.NewHTTPFirewallPageAction()
+		pageOptionsJSON, err := json.Marshal(pageOptions)
+		if err != nil {
+			return 0, err
+		}
+		op.PageOptions = pageOptionsJSON
+
 		// captcha options
-		var captchaOptions = firewallconfigs.DefaultHTTPFirewallCaptchaAction()
+		var captchaOptions = firewallconfigs.NewHTTPFirewallCaptchaAction()
 		captchaOptionsJSON, err := json.Marshal(captchaOptions)
 		if err != nil {
 			return 0, err
 		}
 		op.CaptchaOptions = captchaOptionsJSON
+
+		// jscookie options
+		var jsCookieOptions = firewallconfigs.NewHTTPFirewallJavascriptCookieAction()
+		jsCookieOptionsJSON, err := json.Marshal(jsCookieOptions)
+		if err != nil {
+			return 0, err
+		}
+		op.JsCookieOptions = jsCookieOptionsJSON
 	}
 
 	err := this.Save(tx, op)
@@ -172,16 +188,18 @@ func (this *HTTPFirewallPolicyDAO) CreateDefaultFirewallPolicy(tx *dbs.Tx, name
 	// 初始化
 	var groupCodes = []string{}
 
-	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
+	var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
 	for _, group := range templatePolicy.AllRuleGroups() {
-		groupCodes = append(groupCodes, group.Code)
+		if group.IsOn {
+			groupCodes = append(groupCodes, group.Code)
+		}
 	}
 
 	var inboundConfig = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
 	var outboundConfig = &firewallconfigs.HTTPFirewallOutboundConfig{IsOn: true}
 	if templatePolicy.Inbound != nil {
 		for _, group := range templatePolicy.Inbound.Groups {
-			isOn := lists.ContainsString(groupCodes, group.Code)
+			var isOn = lists.ContainsString(groupCodes, group.Code)
 			group.IsOn = isOn
 
 			groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
@@ -196,7 +214,7 @@ func (this *HTTPFirewallPolicyDAO) CreateDefaultFirewallPolicy(tx *dbs.Tx, name
 	}
 	if templatePolicy.Outbound != nil {
 		for _, group := range templatePolicy.Outbound.Groups {
-			isOn := lists.ContainsString(groupCodes, group.Code)
+			var isOn = lists.ContainsString(groupCodes, group.Code)
 			group.IsOn = isOn
 
 			groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
@@ -277,6 +295,31 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInbound(tx *dbs.Tx, polic
 	return this.NotifyUpdate(tx, policyId)
 }
 
+// UpdateFirewallPolicyInboundRegion 修改入站封禁区域设置
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundRegion(tx *dbs.Tx, policyId int64, regionConfig *firewallconfigs.HTTPFirewallRegionConfig) error {
+	var inboundConfig = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	inboundJSON, err := this.Query(tx).
+		Pk(policyId).
+		Result("inbound").
+		FindJSONCol()
+	if err != nil {
+		return err
+	}
+	if IsNotNull(inboundJSON) {
+		err = json.Unmarshal(inboundJSON, inboundConfig)
+		if err != nil {
+			return err
+		}
+	}
+
+	inboundConfig.Region = regionConfig
+	newInboundJSON, err := json.Marshal(inboundConfig)
+	if err != nil {
+		return err
+	}
+	return this.UpdateFirewallPolicyInbound(tx, policyId, newInboundJSON)
+}
+
 // UpdateFirewallPolicy 修改策略
 func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	policyId int64,
@@ -286,11 +329,16 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	inboundJSON []byte,
 	outboundJSON []byte,
 	blockOptionsJSON []byte,
+	pageOptionsJSON []byte,
 	captchaOptionsJSON []byte,
+	jsCookieOptionsJSON []byte,
 	mode firewallconfigs.FirewallMode,
 	useLocalFirewall bool,
 	synFloodConfig *firewallconfigs.SYNFloodConfig,
-	logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig) error {
+	logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig,
+	maxRequestBodySize int64,
+	denyCountryHTML string,
+	denyProvinceHTML string) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -313,9 +361,15 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	if IsNotNull(blockOptionsJSON) {
 		op.BlockOptions = blockOptionsJSON
 	}
+	if IsNotNull(pageOptionsJSON) {
+		op.PageOptions = pageOptionsJSON
+	}
 	if IsNotNull(captchaOptionsJSON) {
 		op.CaptchaOptions = captchaOptionsJSON
 	}
+	if IsNotNull(jsCookieOptionsJSON) {
+		op.JsCookieOptions = jsCookieOptionsJSON
+	}
 
 	if synFloodConfig != nil {
 		synFloodConfigJSON, err := json.Marshal(synFloodConfig)
@@ -338,6 +392,10 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	}
 
 	op.UseLocalFirewall = useLocalFirewall
+	op.MaxRequestBodySize = maxRequestBodySize
+	op.DenyCountryHTML = denyCountryHTML
+	op.DenyProvinceHTML = denyProvinceHTML
+
 	err := this.Save(tx, op)
 	if err != nil {
 		return err
@@ -390,7 +448,7 @@ func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx *dbs.Tx, clust
 }
 
 // ComposeFirewallPolicy 组合策略配置
-func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId int64, cacheMap *utils.CacheMap) (*firewallconfigs.HTTPFirewallPolicy, error) {
+func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId int64, forNode bool, cacheMap *utils.CacheMap) (*firewallconfigs.HTTPFirewallPolicy, error) {
 	if cacheMap == nil {
 		cacheMap = utils.NewCacheMap()
 	}
@@ -410,10 +468,14 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 
 	var config = &firewallconfigs.HTTPFirewallPolicy{}
 	config.Id = int64(policy.Id)
+	config.ServerId = int64(policy.ServerId)
 	config.IsOn = policy.IsOn
 	config.Name = policy.Name
 	config.Description = policy.Description
 	config.UseLocalFirewall = policy.UseLocalFirewall == 1
+	config.MaxRequestBodySize = int64(policy.MaxRequestBodySize)
+	config.DenyCountryHTML = policy.DenyCountryHTML
+	config.DenyProvinceHTML = policy.DenyProvinceHTML
 
 	if len(policy.Mode) == 0 {
 		policy.Mode = firewallconfigs.FirewallModeDefend
@@ -421,18 +483,18 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 	config.Mode = policy.Mode
 
 	// Inbound
-	inbound := &firewallconfigs.HTTPFirewallInboundConfig{}
+	var inbound = &firewallconfigs.HTTPFirewallInboundConfig{}
 	if IsNotNull(policy.Inbound) {
 		err = json.Unmarshal(policy.Inbound, inbound)
 		if err != nil {
 			return nil, err
 		}
 		if len(inbound.GroupRefs) > 0 {
-			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
-			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+			var resultGroupRefs = []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+			var resultGroups = []*firewallconfigs.HTTPFirewallRuleGroup{}
 
 			for _, groupRef := range inbound.GroupRefs {
-				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)
+				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId, forNode)
 				if err != nil {
 					return nil, err
 				}
@@ -449,18 +511,18 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 	config.Inbound = inbound
 
 	// Outbound
-	outbound := &firewallconfigs.HTTPFirewallOutboundConfig{}
+	var outbound = &firewallconfigs.HTTPFirewallOutboundConfig{}
 	if IsNotNull(policy.Outbound) {
 		err = json.Unmarshal(policy.Outbound, outbound)
 		if err != nil {
 			return nil, err
 		}
 		if len(outbound.GroupRefs) > 0 {
-			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
-			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+			var resultGroupRefs = []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+			var resultGroups = []*firewallconfigs.HTTPFirewallRuleGroup{}
 
 			for _, groupRef := range outbound.GroupRefs {
-				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)
+				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId, forNode)
 				if err != nil {
 					return nil, err
 				}
@@ -478,7 +540,7 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 
 	// Block动作配置
 	if IsNotNull(policy.BlockOptions) {
-		var blockAction = &firewallconfigs.HTTPFirewallBlockAction{}
+		var blockAction = firewallconfigs.NewHTTPFirewallBlockAction()
 		err = json.Unmarshal(policy.BlockOptions, blockAction)
 		if err != nil {
 			return config, err
@@ -486,9 +548,19 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 		config.BlockOptions = blockAction
 	}
 
+	// Page动作配置
+	if IsNotNull(policy.PageOptions) {
+		var pageAction = firewallconfigs.NewHTTPFirewallPageAction()
+		err = json.Unmarshal(policy.PageOptions, pageAction)
+		if err != nil {
+			return config, err
+		}
+		config.PageOptions = pageAction
+	}
+
 	// Captcha动作配置
 	if IsNotNull(policy.CaptchaOptions) {
-		var captchaAction = &firewallconfigs.HTTPFirewallCaptchaAction{}
+		var captchaAction = firewallconfigs.NewHTTPFirewallCaptchaAction()
 		err = json.Unmarshal(policy.CaptchaOptions, captchaAction)
 		if err != nil {
 			return config, err
@@ -496,6 +568,16 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 		config.CaptchaOptions = captchaAction
 	}
 
+	// JSCookie动作配置
+	if IsNotNull(policy.JsCookieOptions) {
+		var jsCookieAction = firewallconfigs.NewHTTPFirewallJavascriptCookieAction()
+		err = json.Unmarshal(policy.JsCookieOptions, jsCookieAction)
+		if err != nil {
+			return config, err
+		}
+		config.JSCookieOptions = jsCookieAction
+	}
+
 	// syn flood
 	if IsNotNull(policy.SynFlood) {
 		var synFloodConfig = &firewallconfigs.SYNFloodConfig{}
@@ -611,6 +693,10 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyServerId(tx *dbs.Tx, poli
 
 // FindFirewallPolicyIdsWithServerId 查找服务独立关联的策略IDs
 func (this *HTTPFirewallPolicyDAO) FindFirewallPolicyIdsWithServerId(tx *dbs.Tx, serverId int64) ([]int64, error) {
+	if serverId <= 0 {
+		return nil, nil
+	}
+
 	var result = []int64{}
 	ones, err := this.Query(tx).
 		Attr("serverId", serverId).
@@ -626,6 +712,19 @@ func (this *HTTPFirewallPolicyDAO) FindFirewallPolicyIdsWithServerId(tx *dbs.Tx,
 	return result, nil
 }
 
+// FindServerIdWithFirewallPolicyId 根据策略查找网站ID
+func (this *HTTPFirewallPolicyDAO) FindServerIdWithFirewallPolicyId(tx *dbs.Tx, policyId int64) (serverId int64, err error) {
+	if policyId <= 0 {
+		return
+	}
+
+	serverId, err = this.Query(tx).
+		Pk(policyId).
+		Result("serverId").
+		FindInt64Col(0)
+	return
+}
+
 // NotifyUpdate 通知更新
 func (this *HTTPFirewallPolicyDAO) NotifyUpdate(tx *dbs.Tx, policyId int64) error {
 	webIds, err := SharedHTTPWebDAO.FindAllWebIdsWithHTTPFirewallPolicyId(tx, policyId)

internal/db/models/http_firewall_policy_model.go

@@ -2,49 +2,86 @@ package models
 
 import "github.com/iwind/TeaGo/dbs"
 
+const (
+	HTTPFirewallPolicyField_Id                 dbs.FieldName = "id"                 // ID
+	HTTPFirewallPolicyField_TemplateId         dbs.FieldName = "templateId"         // 模版ID
+	HTTPFirewallPolicyField_AdminId            dbs.FieldName = "adminId"            // 管理员ID
+	HTTPFirewallPolicyField_UserId             dbs.FieldName = "userId"             // 用户ID
+	HTTPFirewallPolicyField_ServerId           dbs.FieldName = "serverId"           // 服务ID
+	HTTPFirewallPolicyField_GroupId            dbs.FieldName = "groupId"            // 服务分组ID
+	HTTPFirewallPolicyField_State              dbs.FieldName = "state"              // 状态
+	HTTPFirewallPolicyField_CreatedAt          dbs.FieldName = "createdAt"          // 创建时间
+	HTTPFirewallPolicyField_IsOn               dbs.FieldName = "isOn"               // 是否启用
+	HTTPFirewallPolicyField_Name               dbs.FieldName = "name"               // 名称
+	HTTPFirewallPolicyField_Description        dbs.FieldName = "description"        // 描述
+	HTTPFirewallPolicyField_Inbound            dbs.FieldName = "inbound"            // 入站规则
+	HTTPFirewallPolicyField_Outbound           dbs.FieldName = "outbound"           // 出站规则
+	HTTPFirewallPolicyField_BlockOptions       dbs.FieldName = "blockOptions"       // BLOCK动作选项
+	HTTPFirewallPolicyField_PageOptions        dbs.FieldName = "pageOptions"        // PAGE动作选项
+	HTTPFirewallPolicyField_CaptchaOptions     dbs.FieldName = "captchaOptions"     // 验证码动作选项
+	HTTPFirewallPolicyField_JsCookieOptions    dbs.FieldName = "jsCookieOptions"    // JSCookie动作选项
+	HTTPFirewallPolicyField_Mode               dbs.FieldName = "mode"               // 模式
+	HTTPFirewallPolicyField_UseLocalFirewall   dbs.FieldName = "useLocalFirewall"   // 是否自动使用本地防火墙
+	HTTPFirewallPolicyField_SynFlood           dbs.FieldName = "synFlood"           // SynFlood防御设置
+	HTTPFirewallPolicyField_Log                dbs.FieldName = "log"                // 日志配置
+	HTTPFirewallPolicyField_MaxRequestBodySize dbs.FieldName = "maxRequestBodySize" // 可以检查的最大请求内容尺寸
+	HTTPFirewallPolicyField_DenyCountryHTML    dbs.FieldName = "denyCountryHTML"    // 区域封禁提示
+	HTTPFirewallPolicyField_DenyProvinceHTML   dbs.FieldName = "denyProvinceHTML"   // 省份封禁提示
+)
+
 // HTTPFirewallPolicy HTTP防火墙
 type HTTPFirewallPolicy struct {
-	Id               uint32   `field:"id"`               // ID
-	TemplateId       uint32   `field:"templateId"`       // 模版ID
-	AdminId          uint32   `field:"adminId"`          // 管理员ID
-	UserId           uint32   `field:"userId"`           // 用户ID
-	ServerId         uint32   `field:"serverId"`         // 服务ID
-	GroupId          uint32   `field:"groupId"`          // 服务分组ID
-	State            uint8    `field:"state"`            // 状态
-	CreatedAt        uint64   `field:"createdAt"`        // 创建时间
-	IsOn             bool     `field:"isOn"`             // 是否启用
-	Name             string   `field:"name"`             // 名称
-	Description      string   `field:"description"`      // 描述
-	Inbound          dbs.JSON `field:"inbound"`          // 入站规则
-	Outbound         dbs.JSON `field:"outbound"`         // 出站规则
-	BlockOptions     dbs.JSON `field:"blockOptions"`     // BLOCK选项
-	CaptchaOptions   dbs.JSON `field:"captchaOptions"`   // 验证码选项
-	Mode             string   `field:"mode"`             // 模式
-	UseLocalFirewall uint8    `field:"useLocalFirewall"` // 是否自动使用本地防火墙
-	SynFlood         dbs.JSON `field:"synFlood"`         // SynFlood防御设置
-	Log              dbs.JSON `field:"log"`              // 日志配置
+	Id                 uint32   `field:"id"`                 // ID
+	TemplateId         uint32   `field:"templateId"`         // 模版ID
+	AdminId            uint32   `field:"adminId"`            // 管理员ID
+	UserId             uint32   `field:"userId"`             // 用户ID
+	ServerId           uint32   `field:"serverId"`           // 服务ID
+	GroupId            uint32   `field:"groupId"`            // 服务分组ID
+	State              uint8    `field:"state"`              // 状态
+	CreatedAt          uint64   `field:"createdAt"`          // 创建时间
+	IsOn               bool     `field:"isOn"`               // 是否启用
+	Name               string   `field:"name"`               // 名称
+	Description        string   `field:"description"`        // 描述
+	Inbound            dbs.JSON `field:"inbound"`            // 入站规则
+	Outbound           dbs.JSON `field:"outbound"`           // 出站规则
+	BlockOptions       dbs.JSON `field:"blockOptions"`       // BLOCK动作选项
+	PageOptions        dbs.JSON `field:"pageOptions"`        // PAGE动作选项
+	CaptchaOptions     dbs.JSON `field:"captchaOptions"`     // 验证码动作选项
+	JsCookieOptions    dbs.JSON `field:"jsCookieOptions"`    // JSCookie动作选项
+	Mode               string   `field:"mode"`               // 模式
+	UseLocalFirewall   uint8    `field:"useLocalFirewall"`   // 是否自动使用本地防火墙
+	SynFlood           dbs.JSON `field:"synFlood"`           // SynFlood防御设置
+	Log                dbs.JSON `field:"log"`                // 日志配置
+	MaxRequestBodySize uint32   `field:"maxRequestBodySize"` // 可以检查的最大请求内容尺寸
+	DenyCountryHTML    string   `field:"denyCountryHTML"`    // 区域封禁提示
+	DenyProvinceHTML   string   `field:"denyProvinceHTML"`   // 省份封禁提示
 }
 
 type HTTPFirewallPolicyOperator struct {
-	Id               interface{} // ID
-	TemplateId       interface{} // 模版ID
-	AdminId          interface{} // 管理员ID
-	UserId           interface{} // 用户ID
-	ServerId         interface{} // 服务ID
-	GroupId          interface{} // 服务分组ID
-	State            interface{} // 状态
-	CreatedAt        interface{} // 创建时间
-	IsOn             interface{} // 是否启用
-	Name             interface{} // 名称
-	Description      interface{} // 描述
-	Inbound          interface{} // 入站规则
-	Outbound         interface{} // 出站规则
-	BlockOptions     interface{} // BLOCK选项
-	CaptchaOptions   interface{} // 验证码选项
-	Mode             interface{} // 模式
-	UseLocalFirewall interface{} // 是否自动使用本地防火墙
-	SynFlood         interface{} // SynFlood防御设置
-	Log              interface{} // 日志配置
+	Id                 any // ID
+	TemplateId         any // 模版ID
+	AdminId            any // 管理员ID
+	UserId             any // 用户ID
+	ServerId           any // 服务ID
+	GroupId            any // 服务分组ID
+	State              any // 状态
+	CreatedAt          any // 创建时间
+	IsOn               any // 是否启用
+	Name               any // 名称
+	Description        any // 描述
+	Inbound            any // 入站规则
+	Outbound           any // 出站规则
+	BlockOptions       any // BLOCK动作选项
+	PageOptions        any // PAGE动作选项
+	CaptchaOptions     any // 验证码动作选项
+	JsCookieOptions    any // JSCookie动作选项
+	Mode               any // 模式
+	UseLocalFirewall   any // 是否自动使用本地防火墙
+	SynFlood           any // SynFlood防御设置
+	Log                any // 日志配置
+	MaxRequestBodySize any // 可以检查的最大请求内容尺寸
+	DenyCountryHTML    any // 区域封禁提示
+	DenyProvinceHTML   any // 省份封禁提示
 }
 
 func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator {

internal/db/models/http_firewall_rule_dao.go

@@ -82,12 +82,12 @@ func (this *HTTPFirewallRuleDAO) ComposeFirewallRule(tx *dbs.Tx, ruleId int64) (
 	if rule == nil {
 		return nil, nil
 	}
-	config := &firewallconfigs.HTTPFirewallRule{}
+	var config = &firewallconfigs.HTTPFirewallRule{}
 	config.Id = int64(rule.Id)
 	config.IsOn = rule.IsOn
 	config.Param = rule.Param
 
-	paramFilters := []*firewallconfigs.ParamFilter{}
+	var paramFilters = []*firewallconfigs.ParamFilter{}
 	if IsNotNull(rule.ParamFilters) {
 		err = json.Unmarshal(rule.ParamFilters, &paramFilters)
 		if err != nil {
@@ -101,7 +101,7 @@ func (this *HTTPFirewallRuleDAO) ComposeFirewallRule(tx *dbs.Tx, ruleId int64) (
 	config.IsCaseInsensitive = rule.IsCaseInsensitive
 
 	if IsNotNull(rule.CheckpointOptions) {
-		checkpointOptions := map[string]interface{}{}
+		var checkpointOptions = map[string]interface{}{}
 		err = json.Unmarshal(rule.CheckpointOptions, &checkpointOptions)
 		if err != nil {
 			return nil, err
@@ -109,6 +109,8 @@ func (this *HTTPFirewallRuleDAO) ComposeFirewallRule(tx *dbs.Tx, ruleId int64) (
 		config.CheckpointOptions = checkpointOptions
 	}
 
+	config.IsComposed = firewallconfigs.CheckCheckpointIsComposed(config.Prefix())
+
 	config.Description = rule.Description
 
 	return config, nil

internal/db/models/http_firewall_rule_group_dao.go

@@ -81,7 +81,7 @@ func (this *HTTPFirewallRuleGroupDAO) FindHTTPFirewallRuleGroupName(tx *dbs.Tx,
 }
 
 // ComposeFirewallRuleGroup 组合配置
-func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, groupId int64) (*firewallconfigs.HTTPFirewallRuleGroup, error) {
+func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, groupId int64, forNode bool) (*firewallconfigs.HTTPFirewallRuleGroup, error) {
 	group, err := this.FindEnabledHTTPFirewallRuleGroup(tx, groupId)
 	if err != nil {
 		return nil, err
@@ -89,7 +89,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
 	if group == nil {
 		return nil, nil
 	}
-	config := &firewallconfigs.HTTPFirewallRuleGroup{}
+	var config = &firewallconfigs.HTTPFirewallRuleGroup{}
 	config.Id = int64(group.Id)
 	config.IsOn = group.IsOn
 	config.Name = group.Name
@@ -98,17 +98,17 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
 	config.IsTemplate = group.IsTemplate
 
 	if IsNotNull(group.Sets) {
-		setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
+		var setRefs = []*firewallconfigs.HTTPFirewallRuleSetRef{}
 		err = json.Unmarshal(group.Sets, &setRefs)
 		if err != nil {
 			return nil, err
 		}
 		for _, setRef := range setRefs {
-			setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId)
+			setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId, forNode)
 			if err != nil {
 				return nil, err
 			}
-			if setConfig != nil {
+			if setConfig != nil && (!forNode || setConfig.IsOn) {
 				config.SetRefs = append(config.SetRefs, setRef)
 				config.Sets = append(config.Sets, setConfig)
 			}

internal/db/models/http_firewall_rule_set_dao.go

@@ -84,7 +84,7 @@ func (this *HTTPFirewallRuleSetDAO) FindHTTPFirewallRuleSetName(tx *dbs.Tx, id i
 }
 
 // ComposeFirewallRuleSet 组合配置
-func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64) (*firewallconfigs.HTTPFirewallRuleSet, error) {
+func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64, forNode bool) (*firewallconfigs.HTTPFirewallRuleSet, error) {
 	set, err := this.FindEnabledHTTPFirewallRuleSet(tx, setId)
 	if err != nil {
 		return nil, err
@@ -92,7 +92,7 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
 	if set == nil {
 		return nil, nil
 	}
-	config := &firewallconfigs.HTTPFirewallRuleSet{}
+	var config = &firewallconfigs.HTTPFirewallRuleSet{}
 	config.Id = int64(set.Id)
 	config.IsOn = set.IsOn
 	config.Name = set.Name
@@ -102,7 +102,7 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
 	config.IgnoreLocal = set.IgnoreLocal == 1
 
 	if IsNotNull(set.Rules) {
-		ruleRefs := []*firewallconfigs.HTTPFirewallRuleRef{}
+		var ruleRefs = []*firewallconfigs.HTTPFirewallRuleRef{}
 		err = json.Unmarshal(set.Rules, &ruleRefs)
 		if err != nil {
 			return nil, err
@@ -128,6 +128,29 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
 		config.Actions = actionConfigs
 	}
 
+	// 检查各个选项
+	for _, actionConfig := range actionConfigs {
+		if actionConfig.Code == firewallconfigs.HTTPFirewallActionRecordIP { // 记录IP动作
+			if actionConfig.Options != nil {
+				var ipListId = actionConfig.Options.GetInt64("ipListId")
+				if ipListId <= 0 { // default list id
+					if forNode {
+						actionConfig.Options["ipListId"] = firewallconfigs.GlobalListId
+					}
+					actionConfig.Options["ipListIsDeleted"] = false
+				} else {
+					exists, err := SharedIPListDAO.ExistsEnabledIPList(tx, ipListId)
+					if err != nil {
+						return nil, err
+					}
+					if !exists {
+						actionConfig.Options["ipListIsDeleted"] = true
+					}
+				}
+			}
+		}
+	}
+
 	return config, nil
 }
 
@@ -212,6 +235,28 @@ func (this *HTTPFirewallRuleSetDAO) FindEnabledRuleSetIdWithRuleId(tx *dbs.Tx, r
 		FindInt64Col(0)
 }
 
+// FindAllEnabledRuleSetIdsWithIPListId 根据IP名单ID查找对应动作的WAF规则集
+func (this *HTTPFirewallRuleSetDAO) FindAllEnabledRuleSetIdsWithIPListId(tx *dbs.Tx, ipListId int64) (setIds []int64, err error) {
+	ones, err := this.Query(tx).
+		State(HTTPFirewallRuleStateEnabled).
+		Where("JSON_CONTAINS(actions, :jsonQuery)").
+		Param("jsonQuery", maps.Map{
+			"code": firewallconfigs.HTTPFirewallActionRecordIP,
+			"options": maps.Map{
+				"ipListId": ipListId,
+			},
+		}.AsJSON()).
+		ResultPk().
+		FindAll()
+	if err != nil {
+		return nil, err
+	}
+	for _, one := range ones {
+		setIds = append(setIds, int64(one.(*HTTPFirewallRuleSet).Id))
+	}
+	return
+}
+
 // CheckUserRuleSet 检查用户
 func (this *HTTPFirewallRuleSetDAO) CheckUserRuleSet(tx *dbs.Tx, userId int64, setId int64) error {
 	groupId, err := SharedHTTPFirewallRuleGroupDAO.FindRuleGroupIdWithRuleSetId(tx, setId)

internal/db/models/http_header_dao.go

@@ -240,10 +240,10 @@ func (this *HTTPHeaderDAO) ComposeHeaderConfig(tx *dbs.Tx, headerId int64) (*sha
 	config.Name = header.Name
 	config.Value = header.Value
 	config.DisableRedirect = header.DisableRedirect == 1
-	config.ShouldAppend = header.ShouldAppend == 1
+	config.ShouldAppend = header.ShouldAppend
 
 	// replace
-	config.ShouldReplace = header.ShouldReplace == 1
+	config.ShouldReplace = header.ShouldReplace
 	if IsNotNull(header.ReplaceValues) {
 		var values = []*shared.HTTPHeaderReplaceValue{}
 		err = json.Unmarshal(header.ReplaceValues, &values)

internal/db/models/http_header_model.go

@@ -14,8 +14,8 @@ type HTTPHeader struct {
 	Order           uint32   `field:"order"`           // 排序
 	Status          dbs.JSON `field:"status"`          // 状态码设置
 	DisableRedirect uint8    `field:"disableRedirect"` // 是否不支持跳转
-	ShouldAppend    uint8    `field:"shouldAppend"`    // 是否为附加
-	ShouldReplace   uint8    `field:"shouldReplace"`   // 是否替换变量
+	ShouldAppend    bool     `field:"shouldAppend"`    // 是否为附加
+	ShouldReplace   bool     `field:"shouldReplace"`   // 是否替换变量
 	ReplaceValues   dbs.JSON `field:"replaceValues"`   // 替换的值
 	Methods         dbs.JSON `field:"methods"`         // 支持的方法
 	Domains         dbs.JSON `field:"domains"`         // 支持的域名

internal/db/models/http_header_policy_dao.go

@@ -157,6 +157,9 @@ func (this *HTTPHeaderPolicyDAO) UpdateDeletingHeaders(tx *dbs.Tx, policyId int6
 		return errors.New("invalid policyId")
 	}
 
+	if headerNames == nil {
+		headerNames = []string{}
+	}
 	namesJSON, err := json.Marshal(headerNames)
 	if err != nil {
 		return err
@@ -164,7 +167,31 @@ func (this *HTTPHeaderPolicyDAO) UpdateDeletingHeaders(tx *dbs.Tx, policyId int6
 
 	var op = NewHTTPHeaderPolicyOperator()
 	op.Id = policyId
-	op.DeleteHeaders = string(namesJSON)
+	op.DeleteHeaders = namesJSON
+	err = this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, policyId)
+}
+
+// UpdateNonStandardHeaders 修改非标Headers
+func (this *HTTPHeaderPolicyDAO) UpdateNonStandardHeaders(tx *dbs.Tx, policyId int64, headerNames []string) error {
+	if policyId <= 0 {
+		return errors.New("invalid policyId")
+	}
+
+	if headerNames == nil {
+		headerNames = []string{}
+	}
+	namesJSON, err := json.Marshal(headerNames)
+	if err != nil {
+		return err
+	}
+
+	var op = NewHTTPHeaderPolicyOperator()
+	op.Id = policyId
+	op.NonStandardHeaders = namesJSON
 	err = this.Save(tx, op)
 	if err != nil {
 		return err
@@ -182,19 +209,19 @@ func (this *HTTPHeaderPolicyDAO) ComposeHeaderPolicyConfig(tx *dbs.Tx, headerPol
 		return nil, nil
 	}
 
-	config := &shared.HTTPHeaderPolicy{}
+	var config = &shared.HTTPHeaderPolicy{}
 	config.Id = int64(policy.Id)
 	config.IsOn = policy.IsOn
 
 	// SetHeaders
 	if IsNotNull(policy.SetHeaders) {
-		refs := []*shared.HTTPHeaderRef{}
+		var refs = []*shared.HTTPHeaderRef{}
 		err = json.Unmarshal(policy.SetHeaders, &refs)
 		if err != nil {
 			return nil, err
 		}
 		if len(refs) > 0 {
-			resultRefs := []*shared.HTTPHeaderRef{}
+			var resultRefs = []*shared.HTTPHeaderRef{}
 			for _, ref := range refs {
 				headerConfig, err := SharedHTTPHeaderDAO.ComposeHeaderConfig(tx, ref.HeaderId)
 				if err != nil {
@@ -212,7 +239,7 @@ func (this *HTTPHeaderPolicyDAO) ComposeHeaderPolicyConfig(tx *dbs.Tx, headerPol
 
 	// Delete Headers
 	if IsNotNull(policy.DeleteHeaders) {
-		headers := []string{}
+		var headers = []string{}
 		err = json.Unmarshal(policy.DeleteHeaders, &headers)
 		if err != nil {
 			return nil, err
@@ -220,6 +247,26 @@ func (this *HTTPHeaderPolicyDAO) ComposeHeaderPolicyConfig(tx *dbs.Tx, headerPol
 		config.DeleteHeaders = headers
 	}
 
+	// Non-Standard Headers
+	if IsNotNull(policy.NonStandardHeaders) {
+		var headers = []string{}
+		err = json.Unmarshal(policy.NonStandardHeaders, &headers)
+		if err != nil {
+			return nil, err
+		}
+		config.NonStandardHeaders = headers
+	}
+
+	// CORS
+	if IsNotNull(policy.Cors) {
+		var corsConfig = shared.NewHTTPCORSHeaderConfig()
+		err = json.Unmarshal(policy.Cors, corsConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.CORS = corsConfig
+	}
+
 	// Expires
 	// TODO
 
@@ -235,6 +282,46 @@ func (this *HTTPHeaderPolicyDAO) FindHeaderPolicyIdWithHeaderId(tx *dbs.Tx, head
 		FindInt64Col(0)
 }
 
+// UpdateHeaderPolicyCORS 修改CORS
+func (this *HTTPHeaderPolicyDAO) UpdateHeaderPolicyCORS(tx *dbs.Tx, headerPolicyId int64, corsConfig *shared.HTTPCORSHeaderConfig) error {
+	if headerPolicyId <= 0 {
+		return errors.New("invalid headerId")
+	}
+
+	corsJSON, err := json.Marshal(corsConfig)
+	if err != nil {
+		return err
+	}
+
+	err = this.Query(tx).
+		Pk(headerPolicyId).
+		Set("cors", corsJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyUpdate(tx, headerPolicyId)
+}
+
+// CheckUserHeaderPolicy 检查用户权限
+func (this *HTTPHeaderPolicyDAO) CheckUserHeaderPolicy(tx *dbs.Tx, userId int64, policyId int64) error {
+	if userId <= 0 || policyId <= 0 {
+		return ErrNotFound
+	}
+
+	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithHeaderPolicyId(tx, policyId)
+	if err != nil {
+		return err
+	}
+
+	if webId <= 0 {
+		return ErrNotFound
+	}
+
+	return SharedHTTPWebDAO.CheckUserWeb(tx, userId, webId)
+}
+
 // NotifyUpdate 通知更新
 func (this *HTTPHeaderPolicyDAO) NotifyUpdate(tx *dbs.Tx, policyId int64) error {
 	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithHeaderPolicyId(tx, policyId)

internal/db/models/http_header_policy_model.go

@@ -2,35 +2,39 @@ package models
 
 import "github.com/iwind/TeaGo/dbs"
 
-//
+// HTTPHeaderPolicy Header定义
 type HTTPHeaderPolicy struct {
-	Id             uint32   `field:"id"`             // ID
-	IsOn           bool     `field:"isOn"`           // 是否启用
-	State          uint8    `field:"state"`          // 状态
-	AdminId        uint32   `field:"adminId"`        // 管理员ID
-	UserId         uint32   `field:"userId"`         // 用户ID
-	CreatedAt      uint64   `field:"createdAt"`      // 创建时间
-	AddHeaders     dbs.JSON `field:"addHeaders"`     // 添加的Header
-	AddTrailers    dbs.JSON `field:"addTrailers"`    // 添加的Trailers
-	SetHeaders     dbs.JSON `field:"setHeaders"`     // 设置Header
-	ReplaceHeaders dbs.JSON `field:"replaceHeaders"` // 替换Header内容
-	Expires        dbs.JSON `field:"expires"`        // Expires单独设置
-	DeleteHeaders  dbs.JSON `field:"deleteHeaders"`  // 删除的Headers
+	Id                 uint32   `field:"id"`                 // ID
+	IsOn               bool     `field:"isOn"`               // 是否启用
+	State              uint8    `field:"state"`              // 状态
+	AdminId            uint32   `field:"adminId"`            // 管理员ID
+	UserId             uint32   `field:"userId"`             // 用户ID
+	CreatedAt          uint64   `field:"createdAt"`          // 创建时间
+	AddHeaders         dbs.JSON `field:"addHeaders"`         // 添加的Header
+	AddTrailers        dbs.JSON `field:"addTrailers"`        // 添加的Trailers
+	SetHeaders         dbs.JSON `field:"setHeaders"`         // 设置Header
+	ReplaceHeaders     dbs.JSON `field:"replaceHeaders"`     // 替换Header内容
+	Expires            dbs.JSON `field:"expires"`            // Expires单独设置
+	DeleteHeaders      dbs.JSON `field:"deleteHeaders"`      // 删除的Headers
+	NonStandardHeaders dbs.JSON `field:"nonStandardHeaders"` // 非标Headers
+	Cors               dbs.JSON `field:"cors"`               // CORS配置
 }
 
 type HTTPHeaderPolicyOperator struct {
-	Id             interface{} // ID
-	IsOn           interface{} // 是否启用
-	State          interface{} // 状态
-	AdminId        interface{} // 管理员ID
-	UserId         interface{} // 用户ID
-	CreatedAt      interface{} // 创建时间
-	AddHeaders     interface{} // 添加的Header
-	AddTrailers    interface{} // 添加的Trailers
-	SetHeaders     interface{} // 设置Header
-	ReplaceHeaders interface{} // 替换Header内容
-	Expires        interface{} // Expires单独设置
-	DeleteHeaders  interface{} // 删除的Headers
+	Id                 any // ID
+	IsOn               any // 是否启用
+	State              any // 状态
+	AdminId            any // 管理员ID
+	UserId             any // 用户ID
+	CreatedAt          any // 创建时间
+	AddHeaders         any // 添加的Header
+	AddTrailers        any // 添加的Trailers
+	SetHeaders         any // 设置Header
+	ReplaceHeaders     any // 替换Header内容
+	Expires            any // Expires单独设置
+	DeleteHeaders      any // 删除的Headers
+	NonStandardHeaders any // 非标Headers
+	Cors               any // CORS配置
 }
 
 func NewHTTPHeaderPolicyOperator() *HTTPHeaderPolicyOperator {