删除用户的时候更改以往同名用户的用户名，防止冲突

版本号修改为0.6.3
版本号更改为0.6.2
2023-01-13 18:51:50 +08:00 · 2023-01-11 15:45:13 +08:00 · 2023-01-10 21:18:08 +08:00 · 2023-01-09 16:06:34 +08:00 · 2023-01-08 20:13:09 +08:00 · 2023-01-08 20:12:38 +08:00
167 changed files with 4510 additions and 1892 deletions
--- a/cmd/edge-api/main.go
+++ b/cmd/edge-api/main.go
@@ -27,10 +27,11 @@ func main() {
 	app.Version(teaconst.Version)
 	app.Product(teaconst.ProductName)
 	app.Usage(teaconst.ProcessName + " [start|stop|restart|setup|upgrade|service|daemon|issues]")
+
 	app.On("setup", func() {
 		var setupCmd = setup.NewSetupFromCmd()
 		err := setupCmd.Run()
-		result := maps.Map{}
+		var result = maps.Map{}
 		if err != nil {
 			result["isOk"] = false
 			result["error"] = err.Error()
--- a/cmd/sql-dump/main.go
+++ b/cmd/sql-dump/main.go
@@ -18,7 +18,7 @@ func main() {
 		fmt.Println("[ERROR]" + err.Error())
 		return
 	}
-	results, err := setup.NewSQLDump().Dump(db)
+	results, err := setup.NewSQLDump().Dump(db, true)
 	if err != nil {
 		fmt.Println("[ERROR]" + err.Error())
 		return
--- a/internal/acme/dns_provider.go
+++ b/internal/acme/dns_provider.go
@@ -5,12 +5,18 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/iwind/TeaGo/lists"
+	"os"
 	"strings"
+	"sync"
 )

 type DNSProvider struct {
 	raw       dnsclients.ProviderInterface
 	dnsDomain string
+
+	locker             sync.Mutex
+	deletedRecordNames []string
 }

 func NewDNSProvider(raw dnsclients.ProviderInterface, dnsDomain string) *DNSProvider {
@@ -21,6 +27,7 @@ func NewDNSProvider(raw dnsclients.ProviderInterface, dnsDomain string) *DNSProv
 }

 func (this *DNSProvider) Present(domain, token, keyAuth string) error {
+	_ = os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", "true")
 	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	// 设置记录
@@ -29,31 +36,38 @@ func (this *DNSProvider) Present(domain, token, keyAuth string) error {
 		return errors.New("invalid fqdn value")
 	}
 	var recordName = fqdn[:index]
-	record, err := this.raw.QueryRecord(this.dnsDomain, recordName, dnstypes.RecordTypeTXT)
-	if err != nil {
-		return errors.New("query DNS record failed: " + err.Error())
+
+	// 先删除老的
+	this.locker.Lock()
+	var wasDeleted = lists.ContainsString(this.deletedRecordNames, recordName)
+	this.locker.Unlock()
+
+	if !wasDeleted {
+		records, err := this.raw.QueryRecords(this.dnsDomain, recordName, dnstypes.RecordTypeTXT)
+		if err != nil {
+			return errors.New("query DNS record failed: " + err.Error())
+		}
+		for _, record := range records {
+			err = this.raw.DeleteRecord(this.dnsDomain, record)
+			if err != nil {
+				return err
+			}
+		}
+		this.locker.Lock()
+		this.deletedRecordNames = append(this.deletedRecordNames, recordName)
+		this.locker.Unlock()
 	}
-	if record == nil {
-		err = this.raw.AddRecord(this.dnsDomain, &dnstypes.Record{
-			Id:    "",
-			Name:  recordName,
-			Type:  dnstypes.RecordTypeTXT,
-			Value: value,
-			Route: this.raw.DefaultRoute(),
-		})
-		if err != nil {
-			return errors.New("create DNS record failed: " + err.Error())
-		}
-	} else {
-		err = this.raw.UpdateRecord(this.dnsDomain, record, &dnstypes.Record{
-			Name:  recordName,
-			Type:  dnstypes.RecordTypeTXT,
-			Value: value,
-			Route: this.raw.DefaultRoute(),
-		})
-		if err != nil {
-			return errors.New("update DNS record failed: " + err.Error())
-		}
+
+	// 添加新的
+	err := this.raw.AddRecord(this.dnsDomain, &dnstypes.Record{
+		Id:    "",
+		Name:  recordName,
+		Type:  dnstypes.RecordTypeTXT,
+		Value: value,
+		Route: this.raw.DefaultRoute(),
+	})
+	if err != nil {
+		return errors.New("create DNS record failed: " + err.Error())
 	}

 	return nil
--- a/internal/const/const.go
+++ b/internal/const/const.go
@@ -1,7 +1,7 @@
 package teaconst

 const (
-	Version = "0.5.7"
+	Version = "0.6.3"

 	ProductName   = "Edge API"
 	ProcessName   = "edge-api"
@@ -18,13 +18,8 @@ const (

 	// 其他节点版本号，用来检测是否有需要升级的节点

-	NodeVersion          = "0.5.6"
-	UserNodeVersion      = "0.5.6"
-	DNSNodeVersion       = "0.2.8"
-	AuthorityNodeVersion = "0.0.2"
-	MonitorNodeVersion   = "0.0.4"
-	ReportNodeVersion    = "0.1.1"
+	NodeVersion = "0.6.3"

 	// SQLVersion SQL版本号
-	SQLVersion = "2"
+	SQLVersion = "9"
 )
--- a/internal/db/models/acme/acme_task_log_dao.go
+++ b/internal/db/models/acme/acme_task_log_dao.go
@@ -27,7 +27,7 @@ func init() {
 	})
 }

-// 生成日志
+// CreateACMETaskLog 生成日志
 func (this *ACMETaskLogDAO) CreateACMETaskLog(tx *dbs.Tx, taskId int64, isOk bool, errMsg string) error {
 	var op = NewACMETaskLogOperator()
 	op.TaskId = taskId
@@ -37,7 +37,7 @@ func (this *ACMETaskLogDAO) CreateACMETaskLog(tx *dbs.Tx, taskId int64, isOk boo
 	return err
 }

-// 取得任务的最后一条执行日志
+// FindLatestACMETasKLog 取得任务的最后一条执行日志
 func (this *ACMETaskLogDAO) FindLatestACMETasKLog(tx *dbs.Tx, taskId int64) (*ACMETaskLog, error) {
 	one, err := this.Query(tx).
 		Attr("taskId", taskId).
--- a/internal/db/models/admin_dao.go
+++ b/internal/db/models/admin_dao.go
@@ -44,11 +44,17 @@ func (this *AdminDAO) EnableAdmin(tx *dbs.Tx, id int64) (rowsAffected int64, err
 }

 // DisableAdmin 禁用条目
-func (this *AdminDAO) DisableAdmin(tx *dbs.Tx, id int64) (rowsAffected int64, err error) {
-	return this.Query(tx).
-		Pk(id).
+func (this *AdminDAO) DisableAdmin(tx *dbs.Tx, adminId int64) error {
+	err := this.Query(tx).
+		Pk(adminId).
 		Set("state", AdminStateDisabled).
-		Update()
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	// 删除AccessTokens
+	return SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, adminId, 0)
 }

 // FindEnabledAdmin 查找启用中的条目
@@ -190,7 +196,19 @@ func (this *AdminDAO) UpdateAdmin(tx *dbs.Tx, adminId int64, username string, ca
 	}
 	op.IsOn = isOn
 	err := this.Save(tx, op)
-	return err
+	if err != nil {
+		return err
+	}
+
+	if !isOn {
+		// 删除AccessTokens
+		err = SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, adminId, 0)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
 }

 // CheckAdminUsername 检查用户名是否存在
--- a/internal/db/models/api_access_token_dao.go
+++ b/internal/db/models/api_access_token_dao.go
@@ -81,3 +81,16 @@ func (this *APIAccessTokenDAO) FindAccessToken(tx *dbs.Tx, token string) (*APIAc
 	}
 	return one.(*APIAccessToken), nil
 }
+
+// DeleteAccessTokens 删除用户的令牌
+func (this *APIAccessTokenDAO) DeleteAccessTokens(tx *dbs.Tx, adminId int64, userId int64) error {
+	var query = this.Query(tx)
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	} else if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		return nil
+	}
+	return query.DeleteQuickly()
+}
--- a/internal/db/models/api_node_model_ext.go
+++ b/internal/db/models/api_node_model_ext.go
@@ -43,9 +43,9 @@ func (this *APINode) DecodeHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*serverc
 	}

 	if config.SSLPolicyRef != nil {
-		policyId := config.SSLPolicyRef.SSLPolicyId
+		var policyId = config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, cacheMap)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, false, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -143,7 +143,7 @@ func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*ser
 	if config.SSLPolicyRef != nil {
 		policyId := config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, cacheMap)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, false, cacheMap)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/db/models/client_browser_dao_test.go
+++ b/internal/db/models/client_browser_dao_test.go
@@ -1,5 +0,0 @@
-package models
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-)
--- a/internal/db/models/client_browser_model.go
+++ b/internal/db/models/client_browser_model.go
@@ -1,22 +0,0 @@
-package models
-
-import "github.com/iwind/TeaGo/dbs"
-
-// ClientBrowser 终端浏览器信息
-type ClientBrowser struct {
-	Id    uint32   `field:"id"`    // ID
-	Name  string   `field:"name"`  // 浏览器名称
-	Codes dbs.JSON `field:"codes"` // 代号
-	State uint8    `field:"state"` // 状态
-}
-
-type ClientBrowserOperator struct {
-	Id    interface{} // ID
-	Name  interface{} // 浏览器名称
-	Codes interface{} // 代号
-	State interface{} // 状态
-}
-
-func NewClientBrowserOperator() *ClientBrowserOperator {
-	return &ClientBrowserOperator{}
-}
--- a/internal/db/models/client_system_dao_test.go
+++ b/internal/db/models/client_system_dao_test.go
@@ -1,5 +0,0 @@
-package models
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-)
--- a/internal/db/models/client_system_model.go
+++ b/internal/db/models/client_system_model.go
@@ -1,22 +0,0 @@
-package models
-
-import "github.com/iwind/TeaGo/dbs"
-
-// ClientSystem 终端操作系统信息
-type ClientSystem struct {
-	Id    uint32   `field:"id"`    // ID
-	Name  string   `field:"name"`  // 系统名称
-	Codes dbs.JSON `field:"codes"` // 代号
-	State uint8    `field:"state"` //
-}
-
-type ClientSystemOperator struct {
-	Id    interface{} // ID
-	Name  interface{} // 系统名称
-	Codes interface{} // 代号
-	State interface{} //
-}
-
-func NewClientSystemOperator() *ClientSystemOperator {
-	return &ClientSystemOperator{}
-}
--- a/internal/db/models/clients/client_agent_dao.go
+++ b/internal/db/models/clients/client_agent_dao.go
@@ -0,0 +1,98 @@
+package clients
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+type ClientAgentDAO dbs.DAO
+
+func NewClientAgentDAO() *ClientAgentDAO {
+	return dbs.NewDAO(&ClientAgentDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeClientAgents",
+			Model:  new(ClientAgent),
+			PkName: "id",
+		},
+	}).(*ClientAgentDAO)
+}
+
+var SharedClientAgentDAO *ClientAgentDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedClientAgentDAO = NewClientAgentDAO()
+	})
+}
+
+// FindClientAgentName 根据主键查找名称
+func (this *ClientAgentDAO) FindClientAgentName(tx *dbs.Tx, id int64) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// FindAgent 查找Agent
+func (this *ClientAgentDAO) FindAgent(tx *dbs.Tx, agentId int64) (*ClientAgent, error) {
+	if agentId <= 0 {
+		return nil, nil
+	}
+
+	one, err := this.Query(tx).
+		Pk(agentId).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+
+	return one.(*ClientAgent), nil
+}
+
+// FindAgentIdWithCode 根据代号查找ID
+func (this *ClientAgentDAO) FindAgentIdWithCode(tx *dbs.Tx, code string) (int64, error) {
+	return this.Query(tx).
+		ResultPk().
+		Attr("code", code).
+		FindInt64Col(0)
+}
+
+// FindAgentNameWithCode 根据代号查找Agent名称
+func (this *ClientAgentDAO) FindAgentNameWithCode(tx *dbs.Tx, code string) (string, error) {
+	return this.Query(tx).
+		Result("name").
+		Attr("code", code).
+		FindStringCol("")
+}
+
+// UpdateAgentCountIPs 修改Agent拥有的IP数量
+func (this *ClientAgentDAO) UpdateAgentCountIPs(tx *dbs.Tx, agentId int64, countIPs int64) error {
+	return this.Query(tx).
+		Pk(agentId).
+		Set("countIPs", countIPs).
+		UpdateQuickly()
+}
+
+// FindAllAgents 查找所有Agents
+func (this *ClientAgentDAO) FindAllAgents(tx *dbs.Tx) (result []*ClientAgent, err error) {
+	_, err = this.Query(tx).
+		Desc("order").
+		AscPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindAllNSAgents 查找所有DNS可以使用的Agents
+func (this *ClientAgentDAO) FindAllNSAgents(tx *dbs.Tx) (result []*ClientAgent, err error) {
+	// 注意：允许NS使用所有的Agent，不管有没有IP数据
+	_, err = this.Query(tx).
+		Result("id", "name", "code").
+		Desc("order").
+		AscPk().
+		Slice(&result).
+		FindAll()
+	return
+}
--- a/internal/db/models/clients/client_agent_dao_test.go
+++ b/internal/db/models/clients/client_agent_dao_test.go
@@ -0,0 +1,6 @@
+package clients_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/clients/client_agent_ip_dao.go
+++ b/internal/db/models/clients/client_agent_ip_dao.go
@@ -0,0 +1,105 @@
+package clients
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+// TODO 需要定时对所有IP的PTR进行检查，剔除已经变更的IP
+
+type ClientAgentIPDAO dbs.DAO
+
+func NewClientAgentIPDAO() *ClientAgentIPDAO {
+	return dbs.NewDAO(&ClientAgentIPDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeClientAgentIPs",
+			Model:  new(ClientAgentIP),
+			PkName: "id",
+		},
+	}).(*ClientAgentIPDAO)
+}
+
+var SharedClientAgentIPDAO *ClientAgentIPDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedClientAgentIPDAO = NewClientAgentIPDAO()
+	})
+}
+
+// CreateIP 写入IP
+func (this *ClientAgentIPDAO) CreateIP(tx *dbs.Tx, agentId int64, ip string, ptr string) error {
+	// 检查数据有效性
+	if agentId <= 0 || len(ip) == 0 {
+		return nil
+	}
+
+	// 限制ptr长度
+	if len(ptr) > 100 {
+		ptr = ptr[:100]
+	}
+
+	// 检查是否存在
+	exists, err := this.Query(tx).
+		Attr("agentId", agentId).
+		Attr("ip", ip).
+		Exist()
+
+	if err != nil {
+		return err
+	}
+	if exists {
+		return nil
+	}
+
+	var op = NewClientAgentIPOperator()
+	op.AgentId = agentId
+	op.IP = ip
+	op.Ptr = ptr
+	err = this.Save(tx, op)
+	if err != nil {
+		// 忽略duplicate错误
+		if models.CheckSQLDuplicateErr(err) {
+			return nil
+		}
+		return err
+	}
+
+	// 更新Agent IP数量
+	countIPs, err := this.CountAgentIPs(tx, agentId)
+	if err != nil {
+		return err
+	}
+	err = SharedClientAgentDAO.UpdateAgentCountIPs(tx, agentId, countIPs)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ListIPsAfterId 列出某个ID之后的IP
+func (this *ClientAgentIPDAO) ListIPsAfterId(tx *dbs.Tx, id int64, size int64) (result []*ClientAgentIP, err error) {
+	if id < 0 {
+		id = 0
+	}
+
+	_, err = this.Query(tx).
+		Result("id", "ip", "ptr", "agentId").
+		Gt("id", id).
+		AscPk().
+		Limit(size). // 限制单次读取个数
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// CountAgentIPs 计算Agent IP数量
+func (this *ClientAgentIPDAO) CountAgentIPs(tx *dbs.Tx, agentId int64) (int64, error) {
+	return this.Query(tx).
+		Attr("agentId", agentId).
+		Count()
+}
--- a/internal/db/models/clients/client_agent_ip_dao_test.go
+++ b/internal/db/models/clients/client_agent_ip_dao_test.go
@@ -0,0 +1,16 @@
+package clients_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/clients"
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+	"testing"
+)
+
+func TestClientAgentIPDAO_CreateIP(t *testing.T) {
+	var dao = clients.NewClientAgentIPDAO()
+	err := dao.CreateIP(nil, 1, "127.0.0.1", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/internal/db/models/clients/client_agent_ip_model.go
+++ b/internal/db/models/clients/client_agent_ip_model.go
@@ -0,0 +1,20 @@
+package clients
+
+// ClientAgentIP Agent IP
+type ClientAgentIP struct {
+	Id      uint64 `field:"id"`      // ID
+	AgentId uint32 `field:"agentId"` // Agent ID
+	IP      string `field:"ip"`      // IP地址
+	Ptr     string `field:"ptr"`     // PTR值
+}
+
+type ClientAgentIPOperator struct {
+	Id      any // ID
+	AgentId any // Agent ID
+	IP      any // IP地址
+	Ptr     any // PTR值
+}
+
+func NewClientAgentIPOperator() *ClientAgentIPOperator {
+	return &ClientAgentIPOperator{}
+}
--- a/internal/db/models/clients/client_agent_ip_model_ext.go
+++ b/internal/db/models/clients/client_agent_ip_model_ext.go
@@ -0,0 +1 @@
+package clients
--- a/internal/db/models/clients/client_agent_model.go
+++ b/internal/db/models/clients/client_agent_model.go
@@ -0,0 +1,24 @@
+package clients
+
+// ClientAgent Agent库
+type ClientAgent struct {
+	Id          uint32 `field:"id"`          // ID
+	Name        string `field:"name"`        // 名称
+	Code        string `field:"code"`        // 代号
+	Description string `field:"description"` // 介绍
+	Order       uint32 `field:"order"`       // 排序
+	CountIPs    uint32 `field:"countIPs"`    // IP数量
+}
+
+type ClientAgentOperator struct {
+	Id          any // ID
+	Name        any // 名称
+	Code        any // 代号
+	Description any // 介绍
+	Order       any // 排序
+	CountIPs    any // IP数量
+}
+
+func NewClientAgentOperator() *ClientAgentOperator {
+	return &ClientAgentOperator{}
+}
--- a/internal/db/models/clients/client_agent_model_ext.go
+++ b/internal/db/models/clients/client_agent_model_ext.go
@@ -0,0 +1,6 @@
+package clients
+
+// NSRouteCode NS线路代号
+func (this *ClientAgent) NSRouteCode() string {
+	return "agent:" + this.Code
+}
--- a/internal/db/models/clients/client_browser_dao.go
+++ b/internal/db/models/clients/client_browser_dao.go
@@ -1,11 +1,16 @@
-package models
+package clients

 import (
-	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/goman"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
-	"strconv"
+	"github.com/iwind/TeaGo/rands"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
 )

 const (
@@ -13,7 +18,20 @@ const (
 	ClientBrowserStateDisabled = 0 // 已禁用
 )

-var clientBrowserNameAndIdCacheMap = map[string]int64{}
+func init() {
+	dbs.OnReadyDone(func() {
+		// 清理数据任务
+		var ticker = time.NewTicker(time.Duration(rands.Int(24, 48)) * time.Hour)
+		goman.New(func() {
+			for range ticker.C {
+				err := SharedClientBrowserDAO.Clean(nil, 7) // 只保留N天
+				if err != nil {
+					remotelogs.Error("SharedClientBrowserDAO", "clean expired data failed: "+err.Error())
+				}
+			}
+		})
+	})
+}

 type ClientBrowserDAO dbs.DAO

@@ -74,65 +92,64 @@ func (this *ClientBrowserDAO) FindClientBrowserName(tx *dbs.Tx, id uint32) (stri
 		FindStringCol("")
 }

-// FindBrowserIdWithNameCacheable 根据浏览器名称查找浏览器ID
-func (this *ClientBrowserDAO) FindBrowserIdWithNameCacheable(tx *dbs.Tx, browserName string) (int64, error) {
-	SharedCacheLocker.RLock()
-	browserId, ok := clientBrowserNameAndIdCacheMap[browserName]
-	if ok {
-		SharedCacheLocker.RUnlock()
-		return browserId, nil
-	}
-	SharedCacheLocker.RUnlock()
-
-	browserId, err := this.Query(tx).
-		Where("JSON_CONTAINS(codes, :browserName)").
-		Param("browserName", strconv.Quote(browserName)). // 查询的需要是个JSON字符串，所以这里加双引号
-		ResultPk().
-		FindInt64Col(0)
-	if err != nil {
-		return 0, err
-	}
-
-	if browserId > 0 {
-		// 只有找到的时候才放入缓存，以便于我们可以在不存在的时候创建一条新的记录
-		SharedCacheLocker.Lock()
-		clientBrowserNameAndIdCacheMap[browserName] = browserId
-		SharedCacheLocker.Unlock()
-	}
-
-	return browserId, nil
-}
-
-// CreateBrowser 创建浏览器
-func (this *ClientBrowserDAO) CreateBrowser(tx *dbs.Tx, browserName string) (int64, error) {
-	var maxlength = 50
+// CreateBrowserIfNotExists 创建浏览器信息
+func (this *ClientBrowserDAO) CreateBrowserIfNotExists(tx *dbs.Tx, browserName string) error {
+	const maxlength = 50
 	if len(browserName) > maxlength {
 		browserName = browserName[:50]
 	}

-	SharedCacheLocker.Lock()
-	defer SharedCacheLocker.Unlock()
+	// 检查缓存
+	var cacheKey = "clientBrowser:" + browserName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return nil
+	}

-	// 检查是否已经创建
+	// 检查是否已经存在
+	// 不需要加状态条件
 	browserId, err := this.Query(tx).
 		Attr("name", browserName).
 		ResultPk().
 		FindInt64Col(0)
 	if err != nil {
-		return 0, err
+		return err
 	}
 	if browserId > 0 {
-		return browserId, nil
+		// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+		ttlcache.SharedCache.Write(cacheKey, browserId, time.Now().Unix()+3600)
+
+		return this.Query(tx).
+			Pk(browserId).
+			Set("createdDay", timeutil.Format("Ymd")).
+			UpdateQuickly()
 	}

+	// 如果不存在，则创建之
 	var op = NewClientBrowserOperator()
 	op.Name = browserName
-	codes := []string{browserName}
-	codesJSON, err := json.Marshal(codes)
-	if err != nil {
-		return 0, err
-	}
-	op.Codes = codesJSON
+	op.CreatedDay = timeutil.Format("Ymd")
 	op.State = ClientBrowserStateEnabled
-	return this.SaveInt64(tx, op)
+	browserId, err = this.SaveInt64(tx, op)
+	if err != nil && models.CheckSQLErrCode(err, 1062 /** duplicate entry **/) {
+		return nil
+	}
+
+	// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+	if browserId > 0 {
+		ttlcache.SharedCache.Write(cacheKey, browserId, time.Now().Unix()+3600)
+	}
+
+	return err
+}
+
+// Clean 清理
+func (this *ClientBrowserDAO) Clean(tx *dbs.Tx, days int) error {
+	if days <= 0 {
+		days = 30
+	}
+
+	return this.Query(tx).
+		Lt("createdDay", timeutil.Format("Ymd", time.Now().AddDate(0, 0, -days))).
+		DeleteQuickly()
 }
--- a/internal/db/models/clients/client_browser_dao_test.go
+++ b/internal/db/models/clients/client_browser_dao_test.go
@@ -0,0 +1,33 @@
+package clients_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/clients"
+	_ "github.com/go-sql-driver/mysql"
+	"testing"
+)
+
+func TestClientBrowserDAO_CreateBrowser(t *testing.T) {
+	var dao = clients.NewClientBrowserDAO()
+	err := dao.CreateBrowserIfNotExists(nil, "Hello")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = dao.CreateBrowserIfNotExists(nil, "Hello")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = dao.CreateBrowserIfNotExists(nil, "Hello")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestClientBrowserDAO_Clean(t *testing.T) {
+	var dao = clients.NewClientBrowserDAO()
+	err := dao.Clean(nil, 30)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/internal/db/models/clients/client_browser_model.go
+++ b/internal/db/models/clients/client_browser_model.go
@@ -0,0 +1,24 @@
+package clients
+
+import "github.com/iwind/TeaGo/dbs"
+
+// ClientBrowser 终端浏览器信息
+type ClientBrowser struct {
+	Id         uint64   `field:"id"`         // ID
+	Name       string   `field:"name"`       // 浏览器名称
+	Codes      dbs.JSON `field:"codes"`      // 代号
+	CreatedDay string   `field:"createdDay"` // 创建日期YYYYMMDD
+	State      uint8    `field:"state"`      // 状态
+}
+
+type ClientBrowserOperator struct {
+	Id         any // ID
+	Name       any // 浏览器名称
+	Codes      any // 代号
+	CreatedDay any // 创建日期YYYYMMDD
+	State      any // 状态
+}
+
+func NewClientBrowserOperator() *ClientBrowserOperator {
+	return &ClientBrowserOperator{}
+}
--- a/internal/db/models/clients/client_browser_model_ext.go
+++ b/internal/db/models/clients/client_browser_model_ext.go
@@ -0,0 +1 @@
+package clients
--- a/internal/db/models/clients/client_system_dao.go
+++ b/internal/db/models/clients/client_system_dao.go
@@ -1,11 +1,16 @@
-package models
+package clients

 import (
-	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/goman"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
-	"strconv"
+	"github.com/iwind/TeaGo/rands"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
 )

 const (
@@ -13,7 +18,20 @@ const (
 	ClientSystemStateDisabled = 0 // 已禁用
 )

-var clientSystemNameAndIdCacheMap = map[string]int64{} // system name => id
+func init() {
+	dbs.OnReadyDone(func() {
+		// 清理数据任务
+		var ticker = time.NewTicker(time.Duration(rands.Int(24, 48)) * time.Hour)
+		goman.New(func() {
+			for range ticker.C {
+				err := SharedClientSystemDAO.Clean(nil, 7) // 只保留N天
+				if err != nil {
+					remotelogs.Error("SharedClientSystemDAO", "clean expired data failed: "+err.Error())
+				}
+			}
+		})
+	})
+}

 type ClientSystemDAO dbs.DAO

@@ -74,67 +92,63 @@ func (this *ClientSystemDAO) FindClientSystemName(tx *dbs.Tx, id uint32) (string
 		FindStringCol("")
 }

-// FindSystemIdWithNameCacheable 根据操作系统名称查找系统ID
-func (this *ClientSystemDAO) FindSystemIdWithNameCacheable(tx *dbs.Tx, systemName string) (int64, error) {
-	SharedCacheLocker.RLock()
-	systemId, ok := clientSystemNameAndIdCacheMap[systemName]
-	if ok {
-		SharedCacheLocker.RUnlock()
-		return systemId, nil
-	}
-	SharedCacheLocker.RUnlock()
-
-	systemId, err := this.Query(tx).
-		Where("JSON_CONTAINS(codes, :systemName)").
-		Param("systemName", strconv.Quote(systemName)). // 查询的需要是个JSON字符串，所以这里加双引号
-		ResultPk().
-		FindInt64Col(0)
-	if err != nil {
-		return 0, err
-	}
-
-	if systemId > 0 {
-		// 只有找到的时候才放入缓存，以便于我们可以在不存在的时候创建一条新的记录
-		SharedCacheLocker.Lock()
-		clientSystemNameAndIdCacheMap[systemName] = systemId
-		SharedCacheLocker.Unlock()
-	}
-
-	return systemId, nil
-}
-
-// CreateSystem 创建浏览器
-func (this *ClientSystemDAO) CreateSystem(tx *dbs.Tx, systemName string) (int64, error) {
-	var maxlength = 50
+// CreateSystemIfNotExists 创建系统信息
+func (this *ClientSystemDAO) CreateSystemIfNotExists(tx *dbs.Tx, systemName string) error {
+	const maxlength = 50
 	if len(systemName) > maxlength {
 		systemName = systemName[:50]
 	}

-	SharedCacheLocker.Lock()
-	defer SharedCacheLocker.Unlock()
+	// 检查缓存
+	var cacheKey = "clientSystem:" + systemName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return nil
+	}

-	// 检查是否已经创建
+	// 检查是否已经存在
+	// 不需要加状态条件
 	systemId, err := this.Query(tx).
 		Attr("name", systemName).
 		ResultPk().
 		FindInt64Col(0)
 	if err != nil {
-		return 0, err
+		return err
 	}
 	if systemId > 0 {
-		return systemId, nil
+		// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+		ttlcache.SharedCache.Write(cacheKey, systemId, time.Now().Unix()+3600)
+
+		return this.Query(tx).
+			Pk(systemId).
+			Set("createdDay", timeutil.Format("Ymd")).
+			UpdateQuickly()
 	}

 	var op = NewClientSystemOperator()
 	op.Name = systemName
-
-	codes := []string{systemName}
-	codesJSON, err := json.Marshal(codes)
-	if err != nil {
-		return 0, err
-	}
-	op.Codes = codesJSON
-
+	op.CreatedDay = timeutil.Format("Ymd")
 	op.State = ClientSystemStateEnabled
-	return this.SaveInt64(tx, op)
+	systemId, err = this.SaveInt64(tx, op)
+	if err != nil && models.CheckSQLErrCode(err, 1062 /** duplicate entry **/) {
+		return nil
+	}
+
+	// 加入缓存，但缓存时间不要过长，因为有别的操作在更新数据
+	if systemId > 0 {
+		ttlcache.SharedCache.Write(cacheKey, systemId, time.Now().Unix()+3600)
+	}
+
+	return err
+}
+
+// Clean 清理
+func (this *ClientSystemDAO) Clean(tx *dbs.Tx, days int) error {
+	if days <= 0 {
+		days = 30
+	}
+
+	return this.Query(tx).
+		Lt("createdDay", timeutil.Format("Ymd", time.Now().AddDate(0, 0, -days))).
+		DeleteQuickly()
 }
--- a/internal/db/models/clients/client_system_dao_test.go
+++ b/internal/db/models/clients/client_system_dao_test.go
@@ -0,0 +1,31 @@
+package clients_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/clients"
+	_ "github.com/go-sql-driver/mysql"
+	"testing"
+)
+
+func TestClientSystemDAO_CreateSystemIfNotExists(t *testing.T) {
+	var dao = clients.NewClientSystemDAO()
+	{
+		err := dao.CreateSystemIfNotExists(nil, "Mac OS X")
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+	{
+		err := dao.CreateSystemIfNotExists(nil, "Mac OS X 2")
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+func TestClientSystemDAO_Clean(t *testing.T) {
+	var dao = clients.NewClientSystemDAO()
+	err := dao.Clean(nil, 30)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/internal/db/models/clients/client_system_model.go
+++ b/internal/db/models/clients/client_system_model.go
@@ -0,0 +1,24 @@
+package clients
+
+import "github.com/iwind/TeaGo/dbs"
+
+// ClientSystem 终端操作系统信息
+type ClientSystem struct {
+	Id         uint64   `field:"id"`         // ID
+	Name       string   `field:"name"`       // 系统名称
+	Codes      dbs.JSON `field:"codes"`      // 代号
+	CreatedDay string   `field:"createdDay"` // 创建日期YYYYMMDD
+	State      uint8    `field:"state"`      // 状态
+}
+
+type ClientSystemOperator struct {
+	Id         any // ID
+	Name       any // 系统名称
+	Codes      any // 代号
+	CreatedDay any // 创建日期YYYYMMDD
+	State      any // 状态
+}
+
+func NewClientSystemOperator() *ClientSystemOperator {
+	return &ClientSystemOperator{}
+}
--- a/internal/db/models/clients/client_system_model_ext.go
+++ b/internal/db/models/clients/client_system_model_ext.go
@@ -0,0 +1 @@
+package clients
--- a/internal/db/models/dns/dns_task_dao.go
+++ b/internal/db/models/dns/dns_task_dao.go
@@ -78,8 +78,8 @@ func (this *DNSTaskDAO) CreateClusterRemoveTask(tx *dbs.Tx, clusterId int64, dom
 }

 // CreateNodeTask 生成节点任务
-func (this *DNSTaskDAO) CreateNodeTask(tx *dbs.Tx, nodeId int64, taskType DNSTaskType) error {
-	return this.CreateDNSTask(tx, 0, 0, nodeId, 0, "", taskType)
+func (this *DNSTaskDAO) CreateNodeTask(tx *dbs.Tx, clusterId int64, nodeId int64, taskType DNSTaskType) error {
+	return this.CreateDNSTask(tx, clusterId, 0, nodeId, 0, "", taskType)
 }

 // CreateServerTask 生成服务任务
--- a/internal/db/models/formal_client_browser_dao.go
+++ b/internal/db/models/formal_client_browser_dao.go
@@ -0,0 +1,207 @@
+package models
+
+import (
+	"encoding/json"
+	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	FormalClientBrowserStateEnabled  = 1 // 已启用
+	FormalClientBrowserStateDisabled = 0 // 已禁用
+)
+
+type FormalClientBrowserDAO dbs.DAO
+
+func NewFormalClientBrowserDAO() *FormalClientBrowserDAO {
+	return dbs.NewDAO(&FormalClientBrowserDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeFormalClientBrowsers",
+			Model:  new(FormalClientBrowser),
+			PkName: "id",
+		},
+	}).(*FormalClientBrowserDAO)
+}
+
+var SharedFormalClientBrowserDAO *FormalClientBrowserDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedFormalClientBrowserDAO = NewFormalClientBrowserDAO()
+	})
+}
+
+// EnableFormalClientBrowser 启用条目
+func (this *FormalClientBrowserDAO) EnableFormalClientBrowser(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientBrowserStateEnabled).
+		Update()
+	return err
+}
+
+// DisableFormalClientBrowser 禁用条目
+func (this *FormalClientBrowserDAO) DisableFormalClientBrowser(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientBrowserStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledFormalClientBrowser 查找启用中的条目
+func (this *FormalClientBrowserDAO) FindEnabledFormalClientBrowser(tx *dbs.Tx, id int64) (*FormalClientBrowser, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(FormalClientBrowserStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*FormalClientBrowser), err
+}
+
+// FindFormalClientBrowserName 根据主键查找名称
+func (this *FormalClientBrowserDAO) FindFormalClientBrowserName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// FindBrowserIdWithNameCacheable 根据浏览器名称查找系统ID
+func (this *FormalClientBrowserDAO) FindBrowserIdWithNameCacheable(tx *dbs.Tx, browserName string) (int64, error) {
+	var cacheKey = "formalClientBrowser:" + browserName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return types.Int64(cacheItem.Value), nil
+	}
+
+	// 先使用 name 查找，因为有索引，所以会快一些
+	browserId, err := this.Query(tx).
+		Attr("name", browserName).
+		ResultPk().
+		FindInt64Col(0)
+	if err != nil {
+		return 0, err
+	}
+
+	if browserId == 0 {
+		browserId, err = this.Query(tx).
+			Where("JSON_CONTAINS(codes, :browserName)").
+			Param("browserName", strconv.Quote(browserName)). // 查询的需要是个JSON字符串，所以这里加双引号
+			ResultPk().
+			FindInt64Col(0)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	// 即使找不到也要放入到缓存中
+	ttlcache.SharedCache.Write(cacheKey, browserId, time.Now().Unix()+3600)
+
+	return browserId, nil
+}
+
+// CountBrowsers 计算浏览器数量
+func (this *FormalClientBrowserDAO) CountBrowsers(tx *dbs.Tx, keyword string) (int64, error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	return query.Count()
+}
+
+// ListBrowsers 列出单页浏览器信息
+func (this *FormalClientBrowserDAO) ListBrowsers(tx *dbs.Tx, keyword string, offset int64, size int64) (result []*FormalClientBrowser, err error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	_, err = query.
+		Offset(offset).
+		Limit(size).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindBrowserWithDataId 根据dataId查找浏览器信息
+func (this *FormalClientBrowserDAO) FindBrowserWithDataId(tx *dbs.Tx, dataId string) (*FormalClientBrowser, error) {
+	one, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+
+	return one.(*FormalClientBrowser), nil
+}
+
+// CreateBrowser 创建浏览器信息
+func (this *FormalClientBrowserDAO) CreateBrowser(tx *dbs.Tx, name string, codes []string, dataId string) (int64, error) {
+	if len(dataId) == 0 {
+		return 0, errors.New("invalid dataId")
+	}
+
+	// 检查 dataId 是否已经存在
+	exists, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Exist()
+	if err != nil {
+		return 0, err
+	}
+	if exists {
+		return 0, errors.New("dataId '" + dataId + "' already exists")
+	}
+
+	var op = NewFormalClientBrowserOperator()
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return 0, err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	op.State = FormalClientBrowserStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// UpdateBrowser 修改浏览器信息
+func (this *FormalClientBrowserDAO) UpdateBrowser(tx *dbs.Tx, browserId int64, name string, codes []string, dataId string) error {
+	if browserId <= 0 {
+		return errors.New("invalid browserId '" + types.String(browserId) + "'")
+	}
+	if len(dataId) == 0 {
+		return errors.New("invalid dataId")
+	}
+
+	var op = NewFormalClientBrowserOperator()
+	op.Id = browserId
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	return this.Save(tx, op)
+}
--- a/internal/db/models/formal_client_browser_dao_test.go
+++ b/internal/db/models/formal_client_browser_dao_test.go
@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/formal_client_browser_model.go
+++ b/internal/db/models/formal_client_browser_model.go
@@ -0,0 +1,24 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// FormalClientBrowser 终端浏览器信息
+type FormalClientBrowser struct {
+	Id     uint32   `field:"id"`     // ID
+	Name   string   `field:"name"`   // 浏览器名称
+	Codes  dbs.JSON `field:"codes"`  // 代号
+	DataId string   `field:"dataId"` // 数据ID
+	State  uint8    `field:"state"`  // 状态
+}
+
+type FormalClientBrowserOperator struct {
+	Id     any // ID
+	Name   any // 浏览器名称
+	Codes  any // 代号
+	DataId any // 数据ID
+	State  any // 状态
+}
+
+func NewFormalClientBrowserOperator() *FormalClientBrowserOperator {
+	return &FormalClientBrowserOperator{}
+}
--- a/internal/db/models/formal_client_browser_model_ext.go
+++ b/internal/db/models/formal_client_browser_model_ext.go
@@ -0,0 +1,21 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+)
+
+// DecodeCodes 解析代号
+func (this *FormalClientBrowser) DecodeCodes() []string {
+	if IsNull(this.Codes) {
+		return nil
+	}
+
+	var result = []string{}
+	err := json.Unmarshal(this.Codes, &result)
+	if err != nil {
+		remotelogs.Error("FormalClientBrowser.DecodeCodes", err.Error())
+	}
+
+	return result
+}
--- a/internal/db/models/formal_client_system_dao.go
+++ b/internal/db/models/formal_client_system_dao.go
@@ -0,0 +1,207 @@
+package models
+
+import (
+	"encoding/json"
+	dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/ttlcache"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	FormalClientSystemStateEnabled  = 1 // 已启用
+	FormalClientSystemStateDisabled = 0 // 已禁用
+)
+
+type FormalClientSystemDAO dbs.DAO
+
+func NewFormalClientSystemDAO() *FormalClientSystemDAO {
+	return dbs.NewDAO(&FormalClientSystemDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeFormalClientSystems",
+			Model:  new(FormalClientSystem),
+			PkName: "id",
+		},
+	}).(*FormalClientSystemDAO)
+}
+
+var SharedFormalClientSystemDAO *FormalClientSystemDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedFormalClientSystemDAO = NewFormalClientSystemDAO()
+	})
+}
+
+// EnableFormalClientSystem 启用条目
+func (this *FormalClientSystemDAO) EnableFormalClientSystem(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientSystemStateEnabled).
+		Update()
+	return err
+}
+
+// DisableFormalClientSystem 禁用条目
+func (this *FormalClientSystemDAO) DisableFormalClientSystem(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", FormalClientSystemStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledFormalClientSystem 查找启用中的条目
+func (this *FormalClientSystemDAO) FindEnabledFormalClientSystem(tx *dbs.Tx, id int64) (*FormalClientSystem, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(FormalClientSystemStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*FormalClientSystem), err
+}
+
+// FindFormalClientSystemName 根据主键查找名称
+func (this *FormalClientSystemDAO) FindFormalClientSystemName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// FindSystemIdWithNameCacheable 根据操作系统名称查找系统ID
+func (this *FormalClientSystemDAO) FindSystemIdWithNameCacheable(tx *dbs.Tx, systemName string) (int64, error) {
+	var cacheKey = "formalClientSystem:" + systemName
+	var cacheItem = ttlcache.SharedCache.Read(cacheKey)
+	if cacheItem != nil {
+		return types.Int64(cacheItem.Value), nil
+	}
+
+	// 先使用 name 查找，因为有索引，所以会快一些
+	systemId, err := this.Query(tx).
+		Attr("name", systemName).
+		ResultPk().
+		FindInt64Col(0)
+	if err != nil {
+		return 0, err
+	}
+
+	if systemId == 0 {
+		systemId, err = this.Query(tx).
+			Where("JSON_CONTAINS(codes, :systemName)").
+			Param("systemName", strconv.Quote(systemName)). // 查询的需要是个JSON字符串，所以这里加双引号
+			ResultPk().
+			FindInt64Col(0)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	// 即使找不到也要放入到缓存中
+	ttlcache.SharedCache.Write(cacheKey, systemId, time.Now().Unix()+3600)
+
+	return systemId, nil
+}
+
+// CreateSystem 创建操作系统信息
+func (this *FormalClientSystemDAO) CreateSystem(tx *dbs.Tx, name string, codes []string, dataId string) (int64, error) {
+	if len(dataId) == 0 {
+		return 0, errors.New("invalid dataId")
+	}
+
+	// 检查 dataId 是否已经存在
+	exists, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Exist()
+	if err != nil {
+		return 0, err
+	}
+	if exists {
+		return 0, errors.New("dataId '" + dataId + "' already exists")
+	}
+
+	var op = NewFormalClientSystemOperator()
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return 0, err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	op.State = FormalClientSystemStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// UpdateSystem 修改操作系统信息
+func (this *FormalClientSystemDAO) UpdateSystem(tx *dbs.Tx, systemId int64, name string, codes []string, dataId string) error {
+	if systemId <= 0 {
+		return errors.New("invalid systemId '" + types.String(systemId) + "'")
+	}
+	if len(dataId) == 0 {
+		return errors.New("invalid dataId")
+	}
+
+	var op = NewFormalClientSystemOperator()
+	op.Id = systemId
+	op.Name = name
+	if len(codes) == 0 {
+		op.Codes = "[]"
+	} else {
+		codesJSON, err := json.Marshal(codes)
+		if err != nil {
+			return err
+		}
+		op.Codes = codesJSON
+	}
+	op.DataId = dataId
+	return this.Save(tx, op)
+}
+
+// CountSystems 计算操作系统数量
+func (this *FormalClientSystemDAO) CountSystems(tx *dbs.Tx, keyword string) (int64, error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	return query.Count()
+}
+
+// ListSystems 列出单页操作系统信息
+func (this *FormalClientSystemDAO) ListSystems(tx *dbs.Tx, keyword string, offset int64, size int64) (result []*FormalClientSystem, err error) {
+	var query = this.Query(tx)
+	if len(keyword) > 0 {
+		query.Like("LOWER(codes)", dbutils.QuoteLikeKeyword(strings.ToLower(keyword)))
+	}
+	_, err = query.
+		Offset(offset).
+		Limit(size).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// FindSystemWithDataId 根据dataId查找操作系统信息
+func (this *FormalClientSystemDAO) FindSystemWithDataId(tx *dbs.Tx, dataId string) (*FormalClientSystem, error) {
+	one, err := this.Query(tx).
+		Attr("dataId", dataId).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+
+	return one.(*FormalClientSystem), nil
+}
--- a/internal/db/models/formal_client_system_dao_test.go
+++ b/internal/db/models/formal_client_system_dao_test.go
@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/formal_client_system_model.go
+++ b/internal/db/models/formal_client_system_model.go
@@ -0,0 +1,24 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// FormalClientSystem 终端操作系统信息
+type FormalClientSystem struct {
+	Id     uint32   `field:"id"`     // ID
+	Name   string   `field:"name"`   // 系统名称
+	Codes  dbs.JSON `field:"codes"`  // 代号
+	State  uint8    `field:"state"`  // 状态
+	DataId string   `field:"dataId"` // 数据ID
+}
+
+type FormalClientSystemOperator struct {
+	Id     any // ID
+	Name   any // 系统名称
+	Codes  any // 代号
+	State  any // 状态
+	DataId any // 数据ID
+}
+
+func NewFormalClientSystemOperator() *FormalClientSystemOperator {
+	return &FormalClientSystemOperator{}
+}
--- a/internal/db/models/formal_client_system_model_ext.go
+++ b/internal/db/models/formal_client_system_model_ext.go
@@ -0,0 +1,21 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+)
+
+// DecodeCodes 解析代号
+func (this *FormalClientSystem) DecodeCodes() []string {
+	if IsNull(this.Codes) {
+		return nil
+	}
+
+	var result = []string{}
+	err := json.Unmarshal(this.Codes, &result)
+	if err != nil {
+		remotelogs.Error("FormalClientSystem.DecodeCodes", err.Error())
+	}
+
+	return result
+}
--- a/internal/db/models/http_access_log_dao.go
+++ b/internal/db/models/http_access_log_dao.go
@@ -460,6 +460,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 	var requestPathReg = regexp.MustCompile(`requestPath:(\S+)`)
 	var protoReg = regexp.MustCompile(`proto:(\S+)`)
 	var schemeReg = regexp.MustCompile(`scheme:(\S+)`)
+	var methodReg = regexp.MustCompile(`(?:method|requestMethod):(\S+)`)

 	var count = len(tableQueries)
 	var wg = &sync.WaitGroup{}
@@ -607,6 +608,11 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 						query.Where("JSON_EXTRACT(content, '$.requestURI') LIKE :keyword").
 							Param("keyword", dbutils.QuoteLikePrefix("\""+u.RequestURI()))
 					}
+				} else if methodReg.MatchString(keyword) { // method|requestMethod:xxx
+					isSpecialKeyword = true
+					var matches = methodReg.FindStringSubmatch(keyword)
+					query.Where("JSON_EXTRACT(content, '$.requestMethod')=:keyword").
+						Param("keyword", strings.ToUpper(matches[1]))
 				}
 				if !isSpecialKeyword {
 					if regexp.MustCompile(`^ip:.+`).MatchString(keyword) {
--- a/internal/db/models/http_cache_task_dao.go
+++ b/internal/db/models/http_cache_task_dao.go
@@ -206,6 +206,7 @@ func (this *HTTPCacheTaskDAO) UpdateTaskStatus(tx *dbs.Tx, taskId int64, isDone

 	if isDone {
 		op.DoneAt = time.Now().Unix()
+		op.IsReady = true // 让后台列表能列出来
 	}

 	return this.Save(tx, op)
--- a/internal/db/models/http_header_policy_dao.go
+++ b/internal/db/models/http_header_policy_dao.go
@@ -182,19 +182,19 @@ func (this *HTTPHeaderPolicyDAO) ComposeHeaderPolicyConfig(tx *dbs.Tx, headerPol
 		return nil, nil
 	}

-	config := &shared.HTTPHeaderPolicy{}
+	var config = &shared.HTTPHeaderPolicy{}
 	config.Id = int64(policy.Id)
 	config.IsOn = policy.IsOn

 	// SetHeaders
 	if IsNotNull(policy.SetHeaders) {
-		refs := []*shared.HTTPHeaderRef{}
+		var refs = []*shared.HTTPHeaderRef{}
 		err = json.Unmarshal(policy.SetHeaders, &refs)
 		if err != nil {
 			return nil, err
 		}
 		if len(refs) > 0 {
-			resultRefs := []*shared.HTTPHeaderRef{}
+			var resultRefs = []*shared.HTTPHeaderRef{}
 			for _, ref := range refs {
 				headerConfig, err := SharedHTTPHeaderDAO.ComposeHeaderConfig(tx, ref.HeaderId)
 				if err != nil {
@@ -212,7 +212,7 @@ func (this *HTTPHeaderPolicyDAO) ComposeHeaderPolicyConfig(tx *dbs.Tx, headerPol

 	// Delete Headers
 	if IsNotNull(policy.DeleteHeaders) {
-		headers := []string{}
+		var headers = []string{}
 		err = json.Unmarshal(policy.DeleteHeaders, &headers)
 		if err != nil {
 			return nil, err
@@ -220,6 +220,16 @@ func (this *HTTPHeaderPolicyDAO) ComposeHeaderPolicyConfig(tx *dbs.Tx, headerPol
 		config.DeleteHeaders = headers
 	}

+	// CORS
+	if IsNotNull(policy.Cors) {
+		var corsConfig = &shared.HTTPCORSHeaderConfig{}
+		err = json.Unmarshal(policy.Cors, corsConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.CORS = corsConfig
+	}
+
 	// Expires
 	// TODO

@@ -235,6 +245,46 @@ func (this *HTTPHeaderPolicyDAO) FindHeaderPolicyIdWithHeaderId(tx *dbs.Tx, head
 		FindInt64Col(0)
 }

+// UpdateHeaderPolicyCORS 修改CORS
+func (this *HTTPHeaderPolicyDAO) UpdateHeaderPolicyCORS(tx *dbs.Tx, headerPolicyId int64, corsConfig *shared.HTTPCORSHeaderConfig) error {
+	if headerPolicyId <= 0 {
+		return errors.New("invalid headerId")
+	}
+
+	corsJSON, err := json.Marshal(corsConfig)
+	if err != nil {
+		return err
+	}
+
+	err = this.Query(tx).
+		Pk(headerPolicyId).
+		Set("cors", corsJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyUpdate(tx, headerPolicyId)
+}
+
+// CheckUserHeaderPolicy 检查用户权限
+func (this *HTTPHeaderPolicyDAO) CheckUserHeaderPolicy(tx *dbs.Tx, userId int64, policyId int64) error {
+	if userId <= 0 || policyId <= 0 {
+		return ErrNotFound
+	}
+
+	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithHeaderPolicyId(tx, policyId)
+	if err != nil {
+		return err
+	}
+
+	if webId <= 0 {
+		return ErrNotFound
+	}
+
+	return SharedHTTPWebDAO.CheckUserWeb(tx, userId, webId)
+}
+
 // NotifyUpdate 通知更新
 func (this *HTTPHeaderPolicyDAO) NotifyUpdate(tx *dbs.Tx, policyId int64) error {
 	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithHeaderPolicyId(tx, policyId)
--- a/internal/db/models/http_header_policy_model.go
+++ b/internal/db/models/http_header_policy_model.go
@@ -2,7 +2,7 @@ package models

 import "github.com/iwind/TeaGo/dbs"

-//
+// HTTPHeaderPolicy Header定义
 type HTTPHeaderPolicy struct {
 	Id             uint32   `field:"id"`             // ID
 	IsOn           bool     `field:"isOn"`           // 是否启用
@@ -16,21 +16,23 @@ type HTTPHeaderPolicy struct {
 	ReplaceHeaders dbs.JSON `field:"replaceHeaders"` // 替换Header内容
 	Expires        dbs.JSON `field:"expires"`        // Expires单独设置
 	DeleteHeaders  dbs.JSON `field:"deleteHeaders"`  // 删除的Headers
+	Cors           dbs.JSON `field:"cors"`           // CORS配置
 }

 type HTTPHeaderPolicyOperator struct {
-	Id             interface{} // ID
-	IsOn           interface{} // 是否启用
-	State          interface{} // 状态
-	AdminId        interface{} // 管理员ID
-	UserId         interface{} // 用户ID
-	CreatedAt      interface{} // 创建时间
-	AddHeaders     interface{} // 添加的Header
-	AddTrailers    interface{} // 添加的Trailers
-	SetHeaders     interface{} // 设置Header
-	ReplaceHeaders interface{} // 替换Header内容
-	Expires        interface{} // Expires单独设置
-	DeleteHeaders  interface{} // 删除的Headers
+	Id             any // ID
+	IsOn           any // 是否启用
+	State          any // 状态
+	AdminId        any // 管理员ID
+	UserId         any // 用户ID
+	CreatedAt      any // 创建时间
+	AddHeaders     any // 添加的Header
+	AddTrailers    any // 添加的Trailers
+	SetHeaders     any // 设置Header
+	ReplaceHeaders any // 替换Header内容
+	Expires        any // Expires单独设置
+	DeleteHeaders  any // 删除的Headers
+	Cors           any // CORS配置
 }

 func NewHTTPHeaderPolicyOperator() *HTTPHeaderPolicyOperator {
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -468,6 +468,16 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, cacheMap *util
 		config.Referers = referersConfig
 	}

+	// User-Agent
+	if IsNotNull(web.UserAgent) {
+		var userAgentConfig = serverconfigs.NewUserAgentConfig()
+		err = json.Unmarshal(web.UserAgent, userAgentConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.UserAgent = userAgentConfig
+	}
+
 	if cacheMap != nil {
 		cacheMap.Put(cacheKey, config)
 	}
@@ -1252,6 +1262,35 @@ func (this *HTTPWebDAO) FindWebReferers(tx *dbs.Tx, webId int64) ([]byte, error)
 		FindJSONCol()
 }

+// UpdateWebUserAgent 修改User-Agent设置
+func (this *HTTPWebDAO) UpdateWebUserAgent(tx *dbs.Tx, webId int64, userAgentConfig *serverconfigs.UserAgentConfig) error {
+	if userAgentConfig == nil {
+		return nil
+	}
+	configJSON, err := json.Marshal(userAgentConfig)
+	if err != nil {
+		return err
+	}
+
+	err = this.Query(tx).
+		Pk(webId).
+		Set("userAgent", configJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyUpdate(tx, webId)
+}
+
+// FindWebUserAgent 查找服务User-Agent配置
+func (this *HTTPWebDAO) FindWebUserAgent(tx *dbs.Tx, webId int64) ([]byte, error) {
+	return this.Query(tx).
+		Pk(webId).
+		Result("userAgent").
+		FindJSONCol()
+}
+
 // NotifyUpdate 通知更新
 func (this *HTTPWebDAO) NotifyUpdate(tx *dbs.Tx, webId int64) error {
 	// server
--- a/internal/db/models/http_web_model.go
+++ b/internal/db/models/http_web_model.go
@@ -39,6 +39,7 @@ type HTTPWeb struct {
 	RequestScripts     dbs.JSON `field:"requestScripts"`     // 请求脚本
 	Uam                dbs.JSON `field:"uam"`                // UAM设置
 	Referers           dbs.JSON `field:"referers"`           // 防盗链设置
+	UserAgent          dbs.JSON `field:"userAgent"`          // UserAgent设置
 }

 type HTTPWebOperator struct {
@@ -77,6 +78,7 @@ type HTTPWebOperator struct {
 	RequestScripts     any // 请求脚本
 	Uam                any // UAM设置
 	Referers           any // 防盗链设置
+	UserAgent          any // UserAgent设置
 }

 func NewHTTPWebOperator() *HTTPWebOperator {
--- a/internal/db/models/message_task_dao_test.go
+++ b/internal/db/models/message_task_dao_test.go
@@ -1,6 +1,7 @@
-package models
+package models_test

 import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/iwind/TeaGo/bootstrap"
 	"github.com/iwind/TeaGo/dbs"
@@ -11,7 +12,7 @@ func TestMessageTaskDAO_FindSendingMessageTasks(t *testing.T) {
 	dbs.NotifyReady()

 	var tx *dbs.Tx
-	tasks, err := NewMessageTaskDAO().FindSendingMessageTasks(tx, 100)
+	tasks, err := models.NewMessageTaskDAO().FindSendingMessageTasks(tx, 100)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -20,3 +21,12 @@ func TestMessageTaskDAO_FindSendingMessageTasks(t *testing.T) {
 		t.Log("task:", task.Id, "recipient:", task.RecipientId)
 	}
 }
+
+func TestMessageTaskDAO_CleanExpiredMessageTasks(t *testing.T) {
+	var dao = models.NewMessageTaskDAO()
+	var tx *dbs.Tx
+	err := dao.CleanExpiredMessageTasks(tx, 30)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/internal/db/models/nameservers/ns_record_dao.go
+++ b/internal/db/models/nameservers/ns_record_dao.go
@@ -0,0 +1,73 @@
+//go:build !plus
+
+package nameservers
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	NSRecordStateEnabled  = 1 // 已启用
+	NSRecordStateDisabled = 0 // 已禁用
+)
+
+type NSRecordDAO dbs.DAO
+
+func NewNSRecordDAO() *NSRecordDAO {
+	return dbs.NewDAO(&NSRecordDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeNSRecords",
+			Model:  new(NSRecord),
+			PkName: "id",
+		},
+	}).(*NSRecordDAO)
+}
+
+var SharedNSRecordDAO *NSRecordDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedNSRecordDAO = NewNSRecordDAO()
+	})
+}
+
+// EnableNSRecord 启用条目
+func (this *NSRecordDAO) EnableNSRecord(tx *dbs.Tx, id uint64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSRecordStateEnabled).
+		Update()
+	return err
+}
+
+// DisableNSRecord 禁用条目
+func (this *NSRecordDAO) DisableNSRecord(tx *dbs.Tx, id uint64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSRecordStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledNSRecord 查找启用中的条目
+func (this *NSRecordDAO) FindEnabledNSRecord(tx *dbs.Tx, id uint64) (*NSRecord, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(NSRecordStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*NSRecord), err
+}
+
+// FindNSRecordName 根据主键查找名称
+func (this *NSRecordDAO) FindNSRecordName(tx *dbs.Tx, id uint64) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
--- a/internal/db/models/nameservers/ns_record_dao_test.go
+++ b/internal/db/models/nameservers/ns_record_dao_test.go
@@ -0,0 +1,6 @@
+package nameservers_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/nameservers/ns_record_model.go
+++ b/internal/db/models/nameservers/ns_record_model.go
@@ -11,28 +11,40 @@ type NSRecord struct {
 	Name        string   `field:"name"`        // 记录名
 	Type        string   `field:"type"`        // 类型
 	Value       string   `field:"value"`       // 值
+	MxPriority  uint32   `field:"mxPriority"`  // MX优先级
+	SrvPriority uint32   `field:"srvPriority"` // SRV优先级
+	SrvWeight   uint32   `field:"srvWeight"`   // SRV权重
+	SrvPort     uint32   `field:"srvPort"`     // SRV端口
+	CaaFlag     uint8    `field:"caaFlag"`     // CAA Flag
+	CaaTag      string   `field:"caaTag"`      // CAA TAG
 	Ttl         uint32   `field:"ttl"`         // TTL（秒）
 	Weight      uint32   `field:"weight"`      // 权重
 	RouteIds    dbs.JSON `field:"routeIds"`    // 线路
 	CreatedAt   uint64   `field:"createdAt"`   // 创建时间
-	Version     uint64   `field:"version"`     //
+	Version     uint64   `field:"version"`     // 版本号
 	State       uint8    `field:"state"`       // 状态
 }

 type NSRecordOperator struct {
-	Id          interface{} // ID
-	DomainId    interface{} // 域名ID
-	IsOn        interface{} // 是否启用
-	Description interface{} // 备注
-	Name        interface{} // 记录名
-	Type        interface{} // 类型
-	Value       interface{} // 值
-	Ttl         interface{} // TTL（秒）
-	Weight      interface{} // 权重
-	RouteIds    interface{} // 线路
-	CreatedAt   interface{} // 创建时间
-	Version     interface{} //
-	State       interface{} // 状态
+	Id          any // ID
+	DomainId    any // 域名ID
+	IsOn        any // 是否启用
+	Description any // 备注
+	Name        any // 记录名
+	Type        any // 类型
+	Value       any // 值
+	MxPriority  any // MX优先级
+	SrvPriority any // SRV优先级
+	SrvWeight   any // SRV权重
+	SrvPort     any // SRV端口
+	CaaFlag     any // CAA Flag
+	CaaTag      any // CAA TAG
+	Ttl         any // TTL（秒）
+	Weight      any // 权重
+	RouteIds    any // 线路
+	CreatedAt   any // 创建时间
+	Version     any // 版本号
+	State       any // 状态
 }

 func NewNSRecordOperator() *NSRecordOperator {
--- a/internal/db/models/nameservers/ns_route_category_dao.go
+++ b/internal/db/models/nameservers/ns_route_category_dao.go
@@ -0,0 +1,33 @@
+package nameservers
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	NSRouteCategoryStateEnabled  = 1 // 已启用
+	NSRouteCategoryStateDisabled = 0 // 已禁用
+)
+
+type NSRouteCategoryDAO dbs.DAO
+
+func NewNSRouteCategoryDAO() *NSRouteCategoryDAO {
+	return dbs.NewDAO(&NSRouteCategoryDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeNSRouteCategories",
+			Model:  new(NSRouteCategory),
+			PkName: "id",
+		},
+	}).(*NSRouteCategoryDAO)
+}
+
+var SharedNSRouteCategoryDAO *NSRouteCategoryDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedNSRouteCategoryDAO = NewNSRouteCategoryDAO()
+	})
+}
--- a/internal/db/models/nameservers/ns_route_category_dao_test.go
+++ b/internal/db/models/nameservers/ns_route_category_dao_test.go
@@ -0,0 +1,6 @@
+package nameservers_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/nameservers/ns_route_category_model.go
+++ b/internal/db/models/nameservers/ns_route_category_model.go
@@ -0,0 +1,26 @@
+package nameservers
+
+// NSRouteCategory 线路分类
+type NSRouteCategory struct {
+	Id      uint64 `field:"id"`      // ID
+	IsOn    bool   `field:"isOn"`    // 是否启用
+	Name    string `field:"name"`    // 分类名
+	AdminId uint64 `field:"adminId"` // 管理员ID
+	UserId  uint64 `field:"userId"`  // 用户ID
+	Order   uint32 `field:"order"`   // 排序
+	State   uint8  `field:"state"`   // 状态
+}
+
+type NSRouteCategoryOperator struct {
+	Id      any // ID
+	IsOn    any // 是否启用
+	Name    any // 分类名
+	AdminId any // 管理员ID
+	UserId  any // 用户ID
+	Order   any // 排序
+	State   any // 状态
+}
+
+func NewNSRouteCategoryOperator() *NSRouteCategoryOperator {
+	return &NSRouteCategoryOperator{}
+}
--- a/internal/db/models/nameservers/ns_route_category_model_ext.go
+++ b/internal/db/models/nameservers/ns_route_category_model_ext.go
@@ -0,0 +1 @@
+package nameservers
--- a/internal/db/models/nameservers/ns_route_dao.go
+++ b/internal/db/models/nameservers/ns_route_dao.go
@@ -0,0 +1,73 @@
+//go:build !plus
+
+package nameservers
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	NSRouteStateEnabled  = 1 // 已启用
+	NSRouteStateDisabled = 0 // 已禁用
+)
+
+type NSRouteDAO dbs.DAO
+
+func NewNSRouteDAO() *NSRouteDAO {
+	return dbs.NewDAO(&NSRouteDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeNSRoutes",
+			Model:  new(NSRoute),
+			PkName: "id",
+		},
+	}).(*NSRouteDAO)
+}
+
+var SharedNSRouteDAO *NSRouteDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedNSRouteDAO = NewNSRouteDAO()
+	})
+}
+
+// EnableNSRoute 启用条目
+func (this *NSRouteDAO) EnableNSRoute(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSRouteStateEnabled).
+		Update()
+	return err
+}
+
+// DisableNSRoute 禁用条目
+func (this *NSRouteDAO) DisableNSRoute(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSRouteStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledNSRoute 查找启用中的条目
+func (this *NSRouteDAO) FindEnabledNSRoute(tx *dbs.Tx, id uint32) (*NSRoute, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		State(NSRouteStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*NSRoute), err
+}
+
+// FindNSRouteName 根据主键查找名称
+func (this *NSRouteDAO) FindNSRouteName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
--- a/internal/db/models/nameservers/ns_route_dao_test.go
+++ b/internal/db/models/nameservers/ns_route_dao_test.go
@@ -0,0 +1,6 @@
+package nameservers_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/nameservers/ns_route_model.go
+++ b/internal/db/models/nameservers/ns_route_model.go
@@ -4,31 +4,39 @@ import "github.com/iwind/TeaGo/dbs"

 // NSRoute DNS线路
 type NSRoute struct {
-	Id        uint32   `field:"id"`        // ID
-	IsOn      bool     `field:"isOn"`      // 是否启用
-	ClusterId uint32   `field:"clusterId"` // 集群ID
-	DomainId  uint32   `field:"domainId"`  // 域名ID
-	UserId    uint32   `field:"userId"`    // 用户ID
-	Name      string   `field:"name"`      // 名称
-	Ranges    dbs.JSON `field:"ranges"`    // 范围
-	Order     uint32   `field:"order"`     // 排序
-	Version   uint64   `field:"version"`   // 版本号
-	Code      string   `field:"code"`      // 代号
-	State     uint8    `field:"state"`     // 状态
+	Id         uint32   `field:"id"`         // ID
+	IsOn       bool     `field:"isOn"`       // 是否启用
+	ClusterId  uint32   `field:"clusterId"`  // 集群ID
+	CategoryId uint32   `field:"categoryId"` // 分类ID
+	DomainId   uint64   `field:"domainId"`   // 域名ID
+	AdminId    uint64   `field:"adminId"`    // 管理员ID
+	UserId     uint64   `field:"userId"`     // 用户ID
+	IsPublic   bool     `field:"isPublic"`   // 是否公用（管理员创建的线路）
+	Name       string   `field:"name"`       // 名称
+	Ranges     dbs.JSON `field:"ranges"`     // 范围
+	Order      uint32   `field:"order"`      // 排序
+	Version    uint64   `field:"version"`    // 版本号
+	Priority   uint32   `field:"priority"`   // 优先级，越高越优先
+	Code       string   `field:"code"`       // 代号
+	State      uint8    `field:"state"`      // 状态
 }

 type NSRouteOperator struct {
-	Id        interface{} // ID
-	IsOn      interface{} // 是否启用
-	ClusterId interface{} // 集群ID
-	DomainId  interface{} // 域名ID
-	UserId    interface{} // 用户ID
-	Name      interface{} // 名称
-	Ranges    interface{} // 范围
-	Order     interface{} // 排序
-	Version   interface{} // 版本号
-	Code      interface{} // 代号
-	State     interface{} // 状态
+	Id         any // ID
+	IsOn       any // 是否启用
+	ClusterId  any // 集群ID
+	CategoryId any // 分类ID
+	DomainId   any // 域名ID
+	AdminId    any // 管理员ID
+	UserId     any // 用户ID
+	IsPublic   any // 是否公用（管理员创建的线路）
+	Name       any // 名称
+	Ranges     any // 范围
+	Order      any // 排序
+	Version    any // 版本号
+	Priority   any // 优先级，越高越优先
+	Code       any // 代号
+	State      any // 状态
 }

 func NewNSRouteOperator() *NSRouteOperator {
--- a/internal/db/models/node_cluster_dao.go
+++ b/internal/db/models/node_cluster_dao.go
@@ -437,7 +437,7 @@ func (this *NodeClusterDAO) FindAllEnabledClustersWithDNSDomainId(tx *dbs.Tx, dn
 	_, err = this.Query(tx).
 		State(NodeClusterStateEnabled).
 		Attr("dnsDomainId", dnsDomainId).
-		Result("id", "name", "dnsName", "dnsDomainId", "isOn").
+		Result("id", "name", "dnsName", "dnsDomainId", "isOn", "dns").
 		Slice(&result).
 		FindAll()
 	return
--- a/internal/db/models/node_dao.go
+++ b/internal/db/models/node_dao.go
@@ -961,6 +961,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap *utils
 		Level:         types.Int32(node.Level),
 		GroupId:       int64(node.GroupId),
 		EnableIPLists: node.EnableIPLists,
+		APINodeAddrs:  node.DecodeAPINodeAddrs(),
 	}

 	// API节点IP
@@ -977,7 +978,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap *utils
 	}

 	for _, server := range servers {
-		serverConfig, err := SharedServerDAO.ComposeServerConfig(tx, server, cacheMap, true, false)
+		serverConfig, err := SharedServerDAO.ComposeServerConfig(tx, server, false, cacheMap, true, false)
 		if err != nil {
 			return nil, err
 		}
@@ -1146,6 +1147,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap *utils
 	}

 	config.CacheDiskDir = node.CacheDiskDir
+	config.CacheDiskSubDirs = node.DecodeCacheDiskSubDirs()

 	// TOA
 	toaConfig, err := SharedNodeClusterDAO.FindClusterTOAConfig(tx, primaryClusterId, cacheMap)
@@ -1621,7 +1623,7 @@ func (this *NodeDAO) UpdateNodeSystem(tx *dbs.Tx, nodeId int64, maxCPU int32) er
 }

 // UpdateNodeCache 设置缓存相关
-func (this *NodeDAO) UpdateNodeCache(tx *dbs.Tx, nodeId int64, maxCacheDiskCapacityJSON []byte, maxCacheMemoryCapacityJSON []byte, cacheDiskDir string) error {
+func (this *NodeDAO) UpdateNodeCache(tx *dbs.Tx, nodeId int64, maxCacheDiskCapacityJSON []byte, maxCacheMemoryCapacityJSON []byte, cacheDiskDir string, cacheDiskSubDirs []*serverconfigs.CacheDir) error {
 	if nodeId <= 0 {
 		return errors.New("invalid nodeId")
 	}
@@ -1634,7 +1636,17 @@ func (this *NodeDAO) UpdateNodeCache(tx *dbs.Tx, nodeId int64, maxCacheDiskCapac
 		op.MaxCacheMemoryCapacity = maxCacheMemoryCapacityJSON
 	}
 	op.CacheDiskDir = cacheDiskDir
-	err := this.Save(tx, op)
+
+	if cacheDiskSubDirs == nil {
+		cacheDiskSubDirs = []*serverconfigs.CacheDir{}
+	}
+	cacheDiskSubDirsJSON, err := json.Marshal(cacheDiskSubDirs)
+	if err != nil {
+		return err
+	}
+	op.CacheDiskSubDirs = cacheDiskSubDirsJSON
+
+	err = this.Save(tx, op)
 	if err != nil {
 		return err
 	}
@@ -1827,6 +1839,12 @@ func (this *NodeDAO) DeleteNodeFromCluster(tx *dbs.Tx, nodeId int64, clusterId i
 		return nil
 	}

+	// 提前通知DNS更新，因为后面集群会有变化
+	err = this.NotifyDNSUpdate(tx, nodeId)
+	if err != nil {
+		return err
+	}
+
 	var node = one.(*Node)

 	var secondaryClusterIds = []int64{}
@@ -2022,11 +2040,51 @@ func (this *NodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProt
 		return err
 	}
 	if clusterId > 0 {
-		return SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, clusterId, nodeId, 0, 0, NodeTaskTypeDDosProtectionChanged, 0)
+		return SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, clusterId, nodeId, 0, 0, NodeTaskTypeDDosProtectionChanged)
 	}
 	return nil
 }

+// FindNodeAPIConfig 查找API相关配置信息
+func (this *NodeDAO) FindNodeAPIConfig(tx *dbs.Tx, nodeId int64) (*Node, error) {
+	if nodeId <= 0 {
+		return nil, nil
+	}
+
+	one, err := this.Query(tx).
+		Pk(nodeId).
+		Result("apiNodeAddrs").
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+	return one.(*Node), nil
+}
+
+// UpdateNodeAPIConfig 修改API相关配置信息
+func (this *NodeDAO) UpdateNodeAPIConfig(tx *dbs.Tx, nodeId int64, apiNodeAddrs []*serverconfigs.NetworkAddressConfig) error {
+	if nodeId <= 0 {
+		return errors.New("invalid nodeId")
+	}
+
+	if apiNodeAddrs == nil {
+		apiNodeAddrs = []*serverconfigs.NetworkAddressConfig{}
+	}
+	apiNodeAddrsJSON, err := json.Marshal(apiNodeAddrs)
+	if err != nil {
+		return err
+	}
+	var op = NewNodeOperator()
+	op.Id = nodeId
+	op.ApiNodeAddrs = apiNodeAddrsJSON
+	err = this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyUpdate(tx, nodeId)
+}
+
 // NotifyUpdate 通知节点相关更新
 func (this *NodeDAO) NotifyUpdate(tx *dbs.Tx, nodeId int64) error {
 	// 这里只需要通知单个集群即可，因为节点是公用的，更新一个就相当于更新了所有
@@ -2034,7 +2092,7 @@ func (this *NodeDAO) NotifyUpdate(tx *dbs.Tx, nodeId int64) error {
 	if err != nil {
 		return err
 	}
-	err = SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, clusterId, nodeId, 0, 0, NodeTaskTypeConfigChanged, 0)
+	err = SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, clusterId, nodeId, 0, 0, NodeTaskTypeConfigChanged)
 	if err != nil {
 		return err
 	}
@@ -2075,7 +2133,7 @@ func (this *NodeDAO) NotifyDNSUpdate(tx *dbs.Tx, nodeId int64) error {
 		if len(dnsInfo.DnsName) == 0 || dnsInfo.DnsDomainId <= 0 {
 			continue
 		}
-		err = dns.SharedDNSTaskDAO.CreateNodeTask(tx, nodeId, dns.DNSTaskTypeNodeChange)
+		err = dns.SharedDNSTaskDAO.CreateNodeTask(tx, clusterId, nodeId, dns.DNSTaskTypeNodeChange)
 		if err != nil {
 			return err
 		}
--- a/internal/db/models/node_ip_address_dao.go
+++ b/internal/db/models/node_ip_address_dao.go
@@ -604,7 +604,7 @@ func (this *NodeIPAddressDAO) NotifyUpdate(tx *dbs.Tx, addressId int64) error {
 	var role = address.(*NodeIPAddress).Role
 	switch role {
 	case nodeconfigs.NodeRoleNode:
-		err = dns.SharedDNSTaskDAO.CreateNodeTask(tx, nodeId, dns.DNSTaskTypeNodeChange)
+		err = dns.SharedDNSTaskDAO.CreateNodeTask(tx, 0, nodeId, dns.DNSTaskTypeNodeChange)
 		if err != nil {
 			return err
 		}
--- a/internal/db/models/node_model.go
+++ b/internal/db/models/node_model.go
@@ -38,9 +38,11 @@ type Node struct {
 	DnsRoutes              dbs.JSON `field:"dnsRoutes"`              // DNS线路设置
 	MaxCacheDiskCapacity   dbs.JSON `field:"maxCacheDiskCapacity"`   // 硬盘缓存容量
 	MaxCacheMemoryCapacity dbs.JSON `field:"maxCacheMemoryCapacity"` // 内存缓存容量
-	CacheDiskDir           string   `field:"cacheDiskDir"`           // 缓存目录
+	CacheDiskDir           string   `field:"cacheDiskDir"`           // 主缓存目录
+	CacheDiskSubDirs       dbs.JSON `field:"cacheDiskSubDirs"`       // 其他缓存目录
 	DnsResolver            dbs.JSON `field:"dnsResolver"`            // DNS解析器
 	EnableIPLists          bool     `field:"enableIPLists"`          // 启用IP名单
+	ApiNodeAddrs           dbs.JSON `field:"apiNodeAddrs"`           // API节点地址
 }

 type NodeOperator struct {
@@ -78,9 +80,11 @@ type NodeOperator struct {
 	DnsRoutes              any // DNS线路设置
 	MaxCacheDiskCapacity   any // 硬盘缓存容量
 	MaxCacheMemoryCapacity any // 内存缓存容量
-	CacheDiskDir           any // 缓存目录
+	CacheDiskDir           any // 主缓存目录
+	CacheDiskSubDirs       any // 其他缓存目录
 	DnsResolver            any // DNS解析器
 	EnableIPLists          any // 启用IP名单
+	ApiNodeAddrs           any // API节点地址
 }

 func NewNodeOperator() *NodeOperator {
--- a/internal/db/models/node_model_ext.go
+++ b/internal/db/models/node_model_ext.go
@@ -2,7 +2,9 @@ package models

 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"sort"
@@ -135,6 +137,7 @@ func (this *Node) HasDDoSProtection() bool {
 	return false
 }

+// DecodeMaxCacheDiskCapacity 解析硬盘容量
 func (this *Node) DecodeMaxCacheDiskCapacity() *shared.SizeCapacity {
 	if this.MaxCacheDiskCapacity.IsNull() {
 		return nil
@@ -145,6 +148,7 @@ func (this *Node) DecodeMaxCacheDiskCapacity() *shared.SizeCapacity {
 	return capacity
 }

+// DecodeMaxCacheMemoryCapacity 解析内存容量
 func (this *Node) DecodeMaxCacheMemoryCapacity() *shared.SizeCapacity {
 	if this.MaxCacheMemoryCapacity.IsNull() {
 		return nil
@@ -169,6 +173,7 @@ func (this *Node) DecodeDNSResolver() *nodeconfigs.DNSResolverConfig {
 	return resolverConfig
 }

+// DecodeLnAddrs 解析Ln地址
 func (this *Node) DecodeLnAddrs() []string {
 	if IsNull(this.LnAddrs) {
 		return nil
@@ -181,3 +186,31 @@ func (this *Node) DecodeLnAddrs() []string {
 	}
 	return result
 }
+
+// DecodeCacheDiskSubDirs 解析缓存目录
+func (this *Node) DecodeCacheDiskSubDirs() []*serverconfigs.CacheDir {
+	if IsNull(this.CacheDiskSubDirs) {
+		return nil
+	}
+
+	var result = []*serverconfigs.CacheDir{}
+	err := json.Unmarshal(this.CacheDiskSubDirs, &result)
+	if err != nil {
+		remotelogs.Error("Node.DecodeCacheDiskSubDirs", err.Error())
+	}
+	return result
+}
+
+// DecodeAPINodeAddrs 解析API节点地址
+func (this *Node) DecodeAPINodeAddrs() []*serverconfigs.NetworkAddressConfig {
+	var result = []*serverconfigs.NetworkAddressConfig{}
+	if IsNull(this.ApiNodeAddrs) {
+		return result
+	}
+
+	err := json.Unmarshal(this.ApiNodeAddrs, &result)
+	if err != nil {
+		remotelogs.Error("Node.DecodeAPINodeAddrs", err.Error())
+	}
+	return result
+}
--- a/internal/db/models/node_task_dao.go
+++ b/internal/db/models/node_task_dao.go
@@ -57,7 +57,7 @@ func init() {
 }

 // CreateNodeTask 创建单个节点任务
-func (this *NodeTaskDAO) CreateNodeTask(tx *dbs.Tx, role string, clusterId int64, nodeId int64, userId int64, serverId int64, taskType NodeTaskType, version int64) error {
+func (this *NodeTaskDAO) CreateNodeTask(tx *dbs.Tx, role string, clusterId int64, nodeId int64, userId int64, serverId int64, taskType NodeTaskType) error {
 	if clusterId <= 0 || nodeId <= 0 {
 		return nil
 	}
@@ -69,8 +69,13 @@ func (this *NodeTaskDAO) CreateNodeTask(tx *dbs.Tx, role string, clusterId int64
 		uniqueId += "@" + types.String(userId)
 	}

+	version, err := this.increaseVersion(tx)
+	if err != nil {
+		return err
+	}
+
 	var updatedAt = time.Now().Unix()
-	_, _, err := this.Query(tx).
+	_, _, err = this.Query(tx).
 		InsertOrUpdate(maps.Map{
 			"role":      role,
 			"clusterId": clusterId,
@@ -157,9 +162,8 @@ func (this *NodeTaskDAO) ExtractNodeClusterTask(tx *dbs.Tx, clusterId int64, use
 		return err
 	}

-	var version = time.Now().UnixNano()
 	for _, nodeId := range nodeIds {
-		err = this.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, clusterId, nodeId, userId, serverId, taskType, version)
+		err = this.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, clusterId, nodeId, userId, serverId, taskType)
 		if err != nil {
 			return err
 		}
@@ -225,14 +229,22 @@ func (this *NodeTaskDAO) DeleteNodeTasks(tx *dbs.Tx, role string, nodeId int64)
 }

 // FindDoingNodeTasks 查询一个节点的所有任务
-func (this *NodeTaskDAO) FindDoingNodeTasks(tx *dbs.Tx, role string, nodeId int64) (result []*NodeTask, err error) {
+func (this *NodeTaskDAO) FindDoingNodeTasks(tx *dbs.Tx, role string, nodeId int64, version int64) (result []*NodeTask, err error) {
 	if nodeId <= 0 {
 		return
 	}
-	_, err = this.Query(tx).
+	var query = this.Query(tx).
 		Attr("role", role).
 		Attr("nodeId", nodeId).
-		Where("(isDone=0 OR (isDone=1 AND isOk=0))").
+		Asc("version")
+	if version > 0 {
+		query.Lt("LENGTH(version)", 19) // 兼容以往版本
+		query.Gt("version", version)
+	} else {
+		// 第一次访问时只取当前正在执行的或者执行失败的
+		query.Where("(isDone=0 OR (isDone=1 AND isOk=0))")
+	}
+	_, err = query.
 		Slice(&result).
 		FindAll()
 	return
@@ -240,8 +252,16 @@ func (this *NodeTaskDAO) FindDoingNodeTasks(tx *dbs.Tx, role string, nodeId int6

 // UpdateNodeTaskDone 修改节点任务的完成状态
 func (this *NodeTaskDAO) UpdateNodeTaskDone(tx *dbs.Tx, taskId int64, isOk bool, errorMessage string) error {
-	_, err := this.Query(tx).
-		Pk(taskId).
+	var query = this.Query(tx).
+		Pk(taskId)
+	if !isOk {
+		version, err := this.increaseVersion(tx)
+		if err != nil {
+			return err
+		}
+		query.Set("version", version)
+	}
+	_, err := query.
 		Set("isDone", 1).
 		Set("isOk", isOk).
 		Set("error", errorMessage).
@@ -373,3 +393,8 @@ func (this *NodeTaskDAO) UpdateTasksNotified(tx *dbs.Tx, taskIds []int64) error
 	}
 	return nil
 }
+
+// 生成一个版本号
+func (this *NodeTaskDAO) increaseVersion(tx *dbs.Tx) (version int64, err error) {
+	return SharedSysLockerDAO.Increase(tx, "NODE_TASK_VERSION", 0)
+}
--- a/internal/db/models/node_task_dao_test.go
+++ b/internal/db/models/node_task_dao_test.go
@@ -11,7 +11,7 @@ func TestNodeTaskDAO_CreateNodeTask(t *testing.T) {
 	dbs.NotifyReady()

 	var tx *dbs.Tx
-	err := SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, 1, 2, 0, 0, NodeTaskTypeConfigChanged, 0)
+	err := SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleNode, 1, 2, 0, 0, NodeTaskTypeConfigChanged)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/internal/db/models/ns_cluster_model.go
+++ b/internal/db/models/ns_cluster_model.go
@@ -23,6 +23,7 @@ type NSCluster struct {
 	Answer          dbs.JSON `field:"answer"`          // 应答设置
 	SoaSerial       uint64   `field:"soaSerial"`       // SOA序列号
 	Email           string   `field:"email"`           // 管理员邮箱
+	DetectAgents    bool     `field:"detectAgents"`    // 是否监测Agents
 }

 type NSClusterOperator struct {
@@ -45,6 +46,7 @@ type NSClusterOperator struct {
 	Answer          any // 应答设置
 	SoaSerial       any // SOA序列号
 	Email           any // 管理员邮箱
+	DetectAgents    any // 是否监测Agents
 }

 func NewNSClusterOperator() *NSClusterOperator {
--- a/internal/db/models/ns_node_dao_test.go
+++ b/internal/db/models/ns_node_dao_test.go
@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/ns_node_model.go
+++ b/internal/db/models/ns_node_model.go
@@ -22,6 +22,7 @@ type NSNode struct {
 	InactiveNotifiedAt uint64   `field:"inactiveNotifiedAt"` // 离线通知时间
 	ConnectedAPINodes  dbs.JSON `field:"connectedAPINodes"`  // 当前连接的API节点
 	DdosProtection     dbs.JSON `field:"ddosProtection"`     // DDoS防护设置
+	ApiNodeAddrs       dbs.JSON `field:"apiNodeAddrs"`       // API节点地址
 }

 type NSNodeOperator struct {
@@ -43,6 +44,7 @@ type NSNodeOperator struct {
 	InactiveNotifiedAt any // 离线通知时间
 	ConnectedAPINodes  any // 当前连接的API节点
 	DdosProtection     any // DDoS防护设置
+	ApiNodeAddrs       any // API节点地址
 }

 func NewNSNodeOperator() *NSNodeOperator {
--- a/internal/db/models/ns_node_model_ext.go
+++ b/internal/db/models/ns_node_model_ext.go
@@ -1,79 +1 @@
 package models
-
-import (
-	"encoding/json"
-	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
-	"time"
-)
-
-// DecodeInstallStatus 安装状态
-func (this *NSNode) DecodeInstallStatus() (*NodeInstallStatus, error) {
-	if len(this.InstallStatus) == 0 {
-		return NewNodeInstallStatus(), nil
-	}
-	status := &NodeInstallStatus{}
-	err := json.Unmarshal(this.InstallStatus, status)
-	if err != nil {
-		return NewNodeInstallStatus(), err
-	}
-
-	// 如果N秒钟没有更新状态，则认为不在运行
-	if status.IsRunning && status.UpdatedAt < time.Now().Unix()-10 {
-		status.IsRunning = false
-		status.IsFinished = true
-		status.Error = "timeout"
-	}
-
-	return status, nil
-}
-
-// DecodeStatus 节点状态
-func (this *NSNode) DecodeStatus() (*nodeconfigs.NodeStatus, error) {
-	if len(this.Status) == 0 {
-		return nil, nil
-	}
-	status := &nodeconfigs.NodeStatus{}
-	err := json.Unmarshal(this.Status, status)
-	if err != nil {
-		return nil, err
-	}
-	return status, nil
-}
-
-// DecodeDDoSProtection 解析DDoS Protection设置
-func (this *NSNode) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig {
-	if IsNull(this.DdosProtection) {
-		return nil
-	}
-
-	var result = &ddosconfigs.ProtectionConfig{}
-	err := json.Unmarshal(this.DdosProtection, &result)
-	if err != nil {
-		// ignore err
-	}
-	return result
-}
-
-// HasDDoSProtection 检查是否有DDOS设置
-func (this *NSNode) HasDDoSProtection() bool {
-	var config = this.DecodeDDoSProtection()
-	if config != nil {
-		return !config.IsPriorEmpty()
-	}
-	return false
-}
-
-// DecodeConnectedAPINodes 解析连接的API节点列表
-func (this *NSNode) DecodeConnectedAPINodes() []int64 {
-	if IsNull(this.ConnectedAPINodes) {
-		return nil
-	}
-
-	var result = []int64{}
-	err := json.Unmarshal(this.ConnectedAPINodes, &result)
-	if err != nil {
-		// ignore err
-	}
-	return result
-}
--- a/internal/db/models/origin_dao.go
+++ b/internal/db/models/origin_dao.go
@@ -403,7 +403,7 @@ func (this *OriginDAO) ComposeOriginConfig(tx *dbs.Tx, originId int64, cacheMap
 		}
 		config.CertRef = ref
 		if ref.CertId > 0 {
-			certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, cacheMap)
+			certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, false, cacheMap)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/db/models/server_bandwidth_stat_dao.go
+++ b/internal/db/models/server_bandwidth_stat_dao.go
@@ -15,6 +15,7 @@ import (
 	"github.com/iwind/TeaGo/types"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"math"
+	"regexp"
 	"strings"
 	"sync"
 	"time"
@@ -452,6 +453,75 @@ func (this *ServerBandwidthStatDAO) FindPercentileBetweenDays(tx *dbs.Tx, server
 	return one.(*ServerBandwidthStat), nil
 }

+// FindPercentileBetweenTimes 获取时间段内内百分位
+// timeFrom 开始时间，格式 YYYYMMDDHHII
+// timeTo 结束时间，格式 YYYYMMDDHHII
+func (this *ServerBandwidthStatDAO) FindPercentileBetweenTimes(tx *dbs.Tx, serverId int64, timeFrom string, timeTo string, percentile int32) (result *ServerBandwidthStat, err error) {
+	var reg = regexp.MustCompile(`^\d{12}$`)
+	if !reg.MatchString(timeFrom) {
+		return nil, errors.New("invalid timeFrom '" + timeFrom + "'")
+	}
+	if !reg.MatchString(timeTo) {
+		return nil, errors.New("invalid timeTo '" + timeTo + "'")
+	}
+
+	if timeFrom > timeTo {
+		timeFrom, timeTo = timeTo, timeFrom
+	}
+
+	if percentile <= 0 {
+		percentile = 95
+	}
+
+	// 如果是100%以上，则快速返回
+	if percentile >= 100 {
+		one, err := this.Query(tx).
+			Table(this.partialTable(serverId)).
+			Attr("serverId", serverId).
+			Between("CONCAT(day, timeAt)", timeFrom, timeTo).
+			Desc("bytes").
+			Find()
+		if err != nil || one == nil {
+			return nil, err
+		}
+
+		return one.(*ServerBandwidthStat), nil
+	}
+
+	// 总数量
+	total, err := this.Query(tx).
+		Table(this.partialTable(serverId)).
+		Attr("serverId", serverId).
+		Between("CONCAT(day, timeAt)", timeFrom, timeTo).
+		Count()
+	if err != nil {
+		return nil, err
+	}
+	if total == 0 {
+		return nil, nil
+	}
+
+	var offset int64
+
+	if total > 1 {
+		offset = int64(math.Ceil(float64(total) * float64(100-percentile) / 100))
+	}
+
+	// 查询 nth 位置
+	one, err := this.Query(tx).
+		Table(this.partialTable(serverId)).
+		Attr("serverId", serverId).
+		Between("CONCAT(day, timeAt)", timeFrom, timeTo).
+		Desc("bytes").
+		Offset(offset).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+
+	return one.(*ServerBandwidthStat), nil
+}
+
 // Clean 清理过期数据
 func (this *ServerBandwidthStatDAO) Clean(tx *dbs.Tx) error {
 	var day = timeutil.Format("Ymd", time.Now().AddDate(0, 0, -100)) // 保留大约3个月的数据
--- a/internal/db/models/server_daily_stat_dao.go
+++ b/internal/db/models/server_daily_stat_dao.go
@@ -195,15 +195,20 @@ func (this *ServerDailyStatDAO) SumUserMonthlyPeek(tx *dbs.Tx, userId int64, reg

 // SumUserDaily 获取某天流量总和
 // day 格式为YYYYMMDD
-func (this *ServerDailyStatDAO) SumUserDaily(tx *dbs.Tx, userId int64, regionId int64, day string) (int64, error) {
+func (this *ServerDailyStatDAO) SumUserDaily(tx *dbs.Tx, userId int64, regionId int64, day string) (stat *ServerDailyStat, err error) {
 	var query = this.Query(tx)
 	if regionId > 0 {
 		query.Attr("regionId", regionId)
 	}
-	return query.
-		Attr("day", day).
+
+	one, err := query.Attr("day", day).
 		Attr("userId", userId).
-		SumInt64("bytes", 0)
+		Result("SUM(bytes) AS bytes", "SUM(cachedBytes) AS cachedBytes", "SUM(attackBytes) AS attackBytes", "SUM(countRequests) AS countRequests", "SUM(countCachedRequests) AS countCachedRequests", "SUM(countAttackRequests) AS countAttackRequests").
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+	return one.(*ServerDailyStat), nil
 }

 // SumUserTrafficBytesBetweenDays 获取用户某个日期段内的流量总和
@@ -710,7 +715,10 @@ func (this *ServerDailyStatDAO) FindDistinctUserIds(tx *dbs.Tx, dayFrom string,
 		return nil, err
 	}
 	for _, one := range ones {
-		userIds = append(userIds, one.GetInt64("userId"))
+		var userId = one.GetInt64("userId")
+		if userId > 0 {
+			userIds = append(userIds, userId)
+		}
 	}
 	return userIds, nil
 }
--- a/internal/db/models/server_dao.go
+++ b/internal/db/models/server_dao.go
@@ -1001,7 +1001,7 @@ func (this *ServerDAO) FindServerNodeFilters(tx *dbs.Tx, serverId int64) (isOk b
 }

 // ComposeServerConfigWithServerId 构造服务的Config
-func (this *ServerDAO) ComposeServerConfigWithServerId(tx *dbs.Tx, serverId int64, forNode bool) (*serverconfigs.ServerConfig, error) {
+func (this *ServerDAO) ComposeServerConfigWithServerId(tx *dbs.Tx, serverId int64, ignoreCertData bool, forNode bool) (*serverconfigs.ServerConfig, error) {
 	server, err := this.FindEnabledServer(tx, serverId)
 	if err != nil {
 		return nil, err
@@ -1009,12 +1009,12 @@ func (this *ServerDAO) ComposeServerConfigWithServerId(tx *dbs.Tx, serverId int6
 	if server == nil {
 		return nil, ErrNotFound
 	}
-	return this.ComposeServerConfig(tx, server, nil, forNode, false)
+	return this.ComposeServerConfig(tx, server, ignoreCertData, nil, forNode, false)
 }

 // ComposeServerConfig 构造服务的Config
 // forNode 是否是节点请求
-func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server, cacheMap *utils.CacheMap, forNode bool, forList bool) (*serverconfigs.ServerConfig, error) {
+func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server, ignoreCerts bool, cacheMap *utils.CacheMap, forNode bool, forList bool) (*serverconfigs.ServerConfig, error) {
 	if server == nil {
 		return nil, ErrNotFound
 	}
@@ -1110,8 +1110,8 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server, cacheMap
 		}

 		// SSL
-		if httpsConfig.SSLPolicyRef != nil && httpsConfig.SSLPolicyRef.SSLPolicyId > 0 {
-			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, httpsConfig.SSLPolicyRef.SSLPolicyId, cacheMap)
+		if httpsConfig.SSLPolicyRef != nil && httpsConfig.SSLPolicyRef.SSLPolicyId > 0 && !ignoreCerts {
+			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, httpsConfig.SSLPolicyRef.SSLPolicyId, false, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -1142,8 +1142,8 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server, cacheMap
 		}

 		// SSL
-		if tlsConfig.SSLPolicyRef != nil {
-			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, tlsConfig.SSLPolicyRef.SSLPolicyId, cacheMap)
+		if tlsConfig.SSLPolicyRef != nil && !ignoreCerts {
+			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, tlsConfig.SSLPolicyRef.SSLPolicyId, false, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -2494,6 +2494,14 @@ func (this *ServerDAO) UpdateServersClusterIdWithPlanId(tx *dbs.Tx, planId int64

 // UpdateServerUserPlanId 设置服务所属套餐
 func (this *ServerDAO) UpdateServerUserPlanId(tx *dbs.Tx, serverId int64, userPlanId int64) error {
+	oldClusterId, err := this.Query(tx).
+		Pk(serverId).
+		Result("clusterId").
+		FindInt64Col(0)
+	if err != nil {
+		return err
+	}
+
 	// 取消套餐
 	if userPlanId <= 0 {
 		// 所属用户
@@ -2524,7 +2532,24 @@ func (this *ServerDAO) UpdateServerUserPlanId(tx *dbs.Tx, serverId int64, userPl
 		if err != nil {
 			return err
 		}
-		return this.NotifyUpdate(tx, serverId)
+		err = this.NotifyUpdate(tx, serverId)
+		if err != nil {
+			return err
+		}
+
+		// 通知DNS更新
+		if oldClusterId != clusterId {
+			if oldClusterId > 0 {
+				err = this.NotifyClusterDNSUpdate(tx, oldClusterId, serverId)
+				if err != nil {
+					return err
+				}
+			}
+
+			return this.NotifyClusterDNSUpdate(tx, clusterId, serverId)
+		}
+
+		return nil
 	}

 	// 设置新套餐
@@ -2544,16 +2569,34 @@ func (this *ServerDAO) UpdateServerUserPlanId(tx *dbs.Tx, serverId int64, userPl
 		return errors.New("can not find plan with id '" + types.String(userPlan.PlanId) + "'")
 	}

+	var clusterId = int64(plan.ClusterId)
 	err = this.Query(tx).
 		Pk(serverId).
 		Set("userPlanId", userPlanId).
 		Set("lastUserPlanId", userPlanId).
-		Set("clusterId", plan.ClusterId).
+		Set("clusterId", clusterId).
 		UpdateQuickly()
 	if err != nil {
 		return err
 	}
-	return this.NotifyUpdate(tx, serverId)
+	err = this.NotifyUpdate(tx, serverId)
+	if err != nil {
+		return err
+	}
+
+	// 通知DNS更新
+	if oldClusterId != clusterId {
+		if oldClusterId > 0 {
+			err = this.NotifyClusterDNSUpdate(tx, oldClusterId, serverId)
+			if err != nil {
+				return err
+			}
+		}
+
+		return this.NotifyClusterDNSUpdate(tx, clusterId, serverId)
+	}
+
+	return nil
 }

 // FindServerLastUserPlanIdAndUserId 查找最后使用的套餐
@@ -2654,6 +2697,72 @@ func (this *ServerDAO) UpdateServerBandwidth(tx *dbs.Tx, serverId int64, fullTim
 	}
 }

+// UpdateServerUserId 修改服务所属用户
+func (this *ServerDAO) UpdateServerUserId(tx *dbs.Tx, serverId int64, userId int64) error {
+	if serverId <= 0 {
+		return nil
+	}
+
+	serverOne, err := this.Query(tx).
+		Result("https", "tls").
+		Pk(serverId).
+		State(ServerStateEnabled).
+		Find()
+	if err != nil || serverOne == nil {
+		return err
+	}
+	var server = serverOne.(*Server)
+
+	// 修改服务
+	err = this.Query(tx).
+		Pk(serverId).
+		Set("userId", userId).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	// 修改证书相关数据
+	var sslPolicyIds = []int64{}
+	var httpsConfig = server.DecodeHTTPS()
+	if httpsConfig != nil && httpsConfig.SSLPolicyRef != nil && httpsConfig.SSLPolicyRef.SSLPolicyId > 0 {
+		sslPolicyIds = append(sslPolicyIds, httpsConfig.SSLPolicyRef.SSLPolicyId)
+	}
+
+	var tlsConfig = server.DecodeTLS()
+	if tlsConfig != nil && tlsConfig.SSLPolicyRef != nil && tlsConfig.SSLPolicyRef.SSLPolicyId > 0 {
+		sslPolicyIds = append(sslPolicyIds, tlsConfig.SSLPolicyRef.SSLPolicyId)
+	}
+	if len(sslPolicyIds) > 0 {
+		for _, sslPolicyId := range sslPolicyIds {
+			policy, err := SharedSSLPolicyDAO.FindEnabledSSLPolicy(tx, sslPolicyId)
+			if err != nil {
+				return err
+			}
+			if policy != nil {
+				// 修改策略
+				err = SharedSSLPolicyDAO.UpdatePolicyUser(tx, sslPolicyId, userId)
+				if err != nil {
+					return err
+				}
+
+				var certRefs = policy.DecodeCerts()
+				for _, certRef := range certRefs {
+					if certRef.CertId > 0 {
+						// 修改证书
+						err = SharedSSLCertDAO.UpdateCertUser(tx, certRef.CertId, userId)
+						if err != nil {
+							return err
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return this.NotifyUpdate(tx, serverId)
+}
+
 // NotifyUpdate 同步服务所在的集群
 func (this *ServerDAO) NotifyUpdate(tx *dbs.Tx, serverId int64) error {
 	// 创建任务
--- a/internal/db/models/server_model_ext.go
+++ b/internal/db/models/server_model_ext.go
@@ -42,10 +42,38 @@ func (this *Server) DecodeHTTPPorts() (ports []int) {
 	return
 }

+// DecodeHTTPS 解析HTTPS设置
+func (this *Server) DecodeHTTPS() *serverconfigs.HTTPSProtocolConfig {
+	if len(this.Https) == 0 {
+		return nil
+	}
+
+	var config = &serverconfigs.HTTPSProtocolConfig{}
+	err := json.Unmarshal(this.Https, config)
+	if err != nil {
+		remotelogs.Error("Server_DecodeHTTPS", err.Error())
+	}
+	return config
+}
+
+// DecodeTLS 解析TLS设置
+func (this *Server) DecodeTLS() *serverconfigs.TLSProtocolConfig {
+	if len(this.Tls) == 0 {
+		return nil
+	}
+
+	var config = &serverconfigs.TLSProtocolConfig{}
+	err := json.Unmarshal(this.Tls, config)
+	if err != nil {
+		remotelogs.Error("Server_DecodeTLS", err.Error())
+	}
+	return config
+}
+
 // DecodeHTTPSPorts 获取HTTPS所有端口
 func (this *Server) DecodeHTTPSPorts() (ports []int) {
 	if len(this.Https) > 0 {
-		config := &serverconfigs.HTTPSProtocolConfig{}
+		var config = &serverconfigs.HTTPSProtocolConfig{}
 		err := json.Unmarshal(this.Https, config)
 		if err != nil {
 			return nil
--- a/internal/db/models/ssl_cert_dao.go
+++ b/internal/db/models/ssl_cert_dao.go
@@ -200,11 +200,12 @@ func (this *SSLCertDAO) UpdateCert(tx *dbs.Tx,
 }

 // ComposeCertConfig 组合配置
-func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap *utils.CacheMap) (*sslconfigs.SSLCertConfig, error) {
+// ignoreData 是否忽略证书数据，避免因为数据过大影响传输
+func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, ignoreData bool, cacheMap *utils.CacheMap) (*sslconfigs.SSLCertConfig, error) {
 	if cacheMap == nil {
 		cacheMap = utils.NewCacheMap()
 	}
-	var cacheKey = this.Table + ":config:" + types.String(certId)
+	var cacheKey = this.Table + ":ComposeCertConfig:" + types.String(certId)
 	var cache, _ = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*sslconfigs.SSLCertConfig), nil
@@ -218,15 +219,17 @@ func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap *ut
 		return nil, nil
 	}

-	config := &sslconfigs.SSLCertConfig{}
+	var config = &sslconfigs.SSLCertConfig{}
 	config.Id = int64(cert.Id)
 	config.IsOn = cert.IsOn
 	config.IsCA = cert.IsCA
 	config.IsACME = cert.IsACME
 	config.Name = cert.Name
 	config.Description = cert.Description
-	config.CertData = cert.CertData
-	config.KeyData = cert.KeyData
+	if !ignoreData {
+		config.CertData = cert.CertData
+		config.KeyData = cert.KeyData
+	}
 	config.ServerName = cert.ServerName
 	config.TimeBeginAt = int64(cert.TimeBeginAt)
 	config.TimeEndAt = int64(cert.TimeEndAt)
@@ -239,7 +242,7 @@ func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap *ut
 	config.OCSPError = cert.OcspError

 	if IsNotNull(cert.DnsNames) {
-		dnsNames := []string{}
+		var dnsNames = []string{}
 		err := json.Unmarshal(cert.DnsNames, &dnsNames)
 		if err != nil {
 			return nil, err
@@ -248,7 +251,7 @@ func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap *ut
 	}

 	if cert.CommonNames.IsNotNull() {
-		commonNames := []string{}
+		var commonNames = []string{}
 		err := json.Unmarshal(cert.CommonNames, &commonNames)
 		if err != nil {
 			return nil, err
@@ -399,6 +402,17 @@ func (this *SSLCertDAO) CheckUserCert(tx *dbs.Tx, certId int64, userId int64) er
 	return nil
 }

+// UpdateCertUser 修改证书所属用户
+func (this *SSLCertDAO) UpdateCertUser(tx *dbs.Tx, certId int64, userId int64) error {
+	if certId <= 0 || userId <= 0 {
+		return nil
+	}
+	return this.Query(tx).
+		Pk(certId).
+		Set("userId", userId).
+		UpdateQuickly()
+}
+
 // ListCertsToUpdateOCSP 查找需要更新OCSP的证书
 func (this *SSLCertDAO) ListCertsToUpdateOCSP(tx *dbs.Tx, maxTries int, size int64) (result []*SSLCert, err error) {
 	var nowTime = time.Now().Unix()
@@ -600,6 +614,7 @@ func (this *SSLCertDAO) NotifyUpdate(tx *dbs.Tx, certId int64) error {
 		return nil
 	}

+	// 通知服务更新
 	serverIds, err := SharedServerDAO.FindAllEnabledServerIdsWithSSLPolicyIds(tx, policyIds)
 	if err != nil {
 		return err
@@ -613,5 +628,8 @@ func (this *SSLCertDAO) NotifyUpdate(tx *dbs.Tx, certId int64) error {
 			return err
 		}
 	}
+
+	// TODO 通知用户节点、API节点、管理系统（将来实现选择）更新
+
 	return nil
 }
--- a/internal/db/models/ssl_policy_dao.go
+++ b/internal/db/models/ssl_policy_dao.go
@@ -77,7 +77,7 @@ func (this *SSLPolicyDAO) FindEnabledSSLPolicy(tx *dbs.Tx, id int64) (*SSLPolicy
 }

 // ComposePolicyConfig 组合配置
-func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheMap *utils.CacheMap) (*sslconfigs.SSLPolicy, error) {
+func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, ignoreData bool, cacheMap *utils.CacheMap) (*sslconfigs.SSLPolicy, error) {
 	if cacheMap == nil {
 		cacheMap = utils.NewCacheMap()
 	}
@@ -95,7 +95,7 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheM
 	if policy == nil {
 		return nil, nil
 	}
-	config := &sslconfigs.SSLPolicy{}
+	var config = &sslconfigs.SSLPolicy{}
 	config.Id = int64(policy.Id)
 	config.IsOn = policy.IsOn
 	config.ClientAuthType = int(policy.ClientAuthType)
@@ -104,14 +104,14 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheM

 	// certs
 	if IsNotNull(policy.Certs) {
-		refs := []*sslconfigs.SSLCertRef{}
+		var refs = []*sslconfigs.SSLCertRef{}
 		err = json.Unmarshal(policy.Certs, &refs)
 		if err != nil {
 			return nil, err
 		}
 		if len(refs) > 0 {
 			for _, ref := range refs {
-				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, cacheMap)
+				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, ignoreData, cacheMap)
 				if err != nil {
 					return nil, err
 				}
@@ -126,14 +126,14 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheM

 	// client CA certs
 	if IsNotNull(policy.ClientCACerts) {
-		refs := []*sslconfigs.SSLCertRef{}
+		var refs = []*sslconfigs.SSLCertRef{}
 		err = json.Unmarshal(policy.ClientCACerts, &refs)
 		if err != nil {
 			return nil, err
 		}
 		if len(refs) > 0 {
 			for _, ref := range refs {
-				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, cacheMap)
+				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, ignoreData, cacheMap)
 				if err != nil {
 					return nil, err
 				}
@@ -159,7 +159,7 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheM

 	// hsts
 	if IsNotNull(policy.Hsts) {
-		hstsConfig := &sslconfigs.HSTSConfig{}
+		var hstsConfig = &sslconfigs.HSTSConfig{}
 		err = json.Unmarshal(policy.Hsts, hstsConfig)
 		if err != nil {
 			return nil, err
@@ -306,6 +306,18 @@ func (this *SSLPolicyDAO) CheckUserPolicy(tx *dbs.Tx, userId int64, policyId int
 	return nil
 }

+// UpdatePolicyUser 修改策略所属用户
+func (this *SSLPolicyDAO) UpdatePolicyUser(tx *dbs.Tx, policyId int64, userId int64) error {
+	if policyId <= 0 || userId <= 0 {
+		return nil
+	}
+
+	return this.Query(tx).
+		Pk(policyId).
+		Set("userId", userId).
+		UpdateQuickly()
+}
+
 // NotifyUpdate 通知更新
 func (this *SSLPolicyDAO) NotifyUpdate(tx *dbs.Tx, policyId int64) error {
 	serverIds, err := SharedServerDAO.FindAllEnabledServerIdsWithSSLPolicyIds(tx, []int64{policyId})
--- a/internal/db/models/ssl_policy_model_ext.go
+++ b/internal/db/models/ssl_policy_model_ext.go
@@ -1 +1,20 @@
 package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+)
+
+func (this *SSLPolicy) DecodeCerts() []*sslconfigs.SSLCertRef {
+	if len(this.Certs) == 0 {
+		return nil
+	}
+
+	var refs = []*sslconfigs.SSLCertRef{}
+	err := json.Unmarshal(this.Certs, &refs)
+	if err != nil {
+		remotelogs.Error("SSLPolicy_DecodeCerts", err.Error())
+	}
+	return refs
+}
--- a/internal/db/models/sys_setting_dao.go
+++ b/internal/db/models/sys_setting_dao.go
@@ -14,6 +14,7 @@ import (
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/types"
+	"strconv"
 	"time"
 )

@@ -172,6 +173,39 @@ func (this *SysSettingDAO) ReadAdminUIConfig(tx *dbs.Tx, cacheMap *utils.CacheMa
 	return &systemconfigs.AdminUIConfig{}, nil
 }

+// ReadProductName 读取设置的产品名称
+func (this *SysSettingDAO) ReadProductName(tx *dbs.Tx) (string, error) {
+	productName, err := this.Query(tx).
+		Attr("code", systemconfigs.SettingCodeAdminUIConfig).
+		Result("JSON_EXTRACT(value, '$.productName')").
+		FindStringCol("")
+	if err != nil {
+		return "", err
+	}
+	if len(productName) > 0 {
+		return strconv.Unquote(productName)
+	}
+	return "", nil
+}
+
+// ReadUserUIConfig 读取用户UI配置
+func (this *SysSettingDAO) ReadUserUIConfig(tx *dbs.Tx) (*systemconfigs.UserUIConfig, error) {
+	valueJSON, err := this.ReadSetting(tx, systemconfigs.SettingCodeUserUIConfig)
+	if err != nil {
+		return nil, err
+	}
+	if len(valueJSON) == 0 {
+		return systemconfigs.DefaultUserUIConfig(), nil
+	}
+
+	var config = systemconfigs.DefaultUserUIConfig()
+	err = json.Unmarshal(valueJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
 // NotifyUpdate 通知更改
 func (this *SysSettingDAO) NotifyUpdate(tx *dbs.Tx, code string) error {
 	switch code {
@@ -210,3 +244,21 @@ func (this *SysSettingDAO) ReadUserServerConfig(tx *dbs.Tx) (*userconfigs.UserSe
 	}
 	return config, nil
 }
+
+// ReadUserRegisterConfig 读取用户注册配置
+func (this *SysSettingDAO) ReadUserRegisterConfig(tx *dbs.Tx) (*userconfigs.UserRegisterConfig, error) {
+	valueJSON, err := this.ReadSetting(tx, systemconfigs.SettingCodeUserRegisterConfig)
+	if err != nil {
+		return nil, err
+	}
+	if len(valueJSON) == 0 {
+		return userconfigs.DefaultUserRegisterConfig(), nil
+	}
+
+	var config = userconfigs.DefaultUserRegisterConfig()
+	err = json.Unmarshal(valueJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
--- a/internal/db/models/sys_setting_dao_test.go
+++ b/internal/db/models/sys_setting_dao_test.go
@@ -42,3 +42,8 @@ func TestSysSettingDAO_CompareInt64Setting(t *testing.T) {
 	}
 	t.Log("result:", i)
 }
+
+func TestSysSettingDAO_ReadProductName(t *testing.T) {
+	var tx *dbs.Tx
+	t.Log(NewSysSettingDAO().ReadProductName(tx))
+}
--- a/internal/db/models/user_bandwidth_stat_dao.go
+++ b/internal/db/models/user_bandwidth_stat_dao.go
@@ -304,7 +304,10 @@ func (this *UserBandwidthStatDAO) FindDistinctUserIds(tx *dbs.Tx, dayFrom string

 		for _, one := range ones {
 			locker.Lock()
-			userIds = append(userIds, int64(one.(*UserBandwidthStat).UserId))
+			var userId = int64(one.(*UserBandwidthStat).UserId)
+			if userId > 0 {
+				userIds = append(userIds, userId)
+			}
 			locker.Unlock()
 		}
 		return nil
--- a/internal/db/models/user_dao.go
+++ b/internal/db/models/user_dao.go
@@ -12,6 +12,7 @@ import (
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/rands"
 	"github.com/iwind/TeaGo/types"
 	stringutil "github.com/iwind/TeaGo/utils/string"
 	timeutil "github.com/iwind/TeaGo/utils/time"
@@ -66,7 +67,27 @@ func (this *UserDAO) DisableUser(tx *dbs.Tx, userId int64) error {
 		return errors.New("invalid 'userId'")
 	}

-	_, err := this.Query(tx).
+	// 处理以往同用户名用户
+	username, err := this.Query(tx).
+		Pk(userId).
+		Result("username").
+		FindStringCol("")
+	if err != nil {
+		return err
+	}
+	if len(username) > 0 {
+		err = this.Query(tx).
+			Attr("username", username).
+			Attr("state", UserStateDisabled).
+			Set("username", username+"_"+rands.HexString(8)).
+			UpdateQuickly()
+		if err != nil {
+			return err
+		}
+	}
+
+	// 禁止当前
+	_, err = this.Query(tx).
 		Pk(userId).
 		Set("state", UserStateDisabled).
 		Update()
@@ -74,6 +95,11 @@ func (this *UserDAO) DisableUser(tx *dbs.Tx, userId int64) error {
 		return err
 	}

+	err = SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, 0, userId)
+	if err != nil {
+		return err
+	}
+
 	return this.NotifyUpdate(tx, userId)
 }

@@ -137,7 +163,24 @@ func (this *UserDAO) FindEnabledUserIdWithUsername(tx *dbs.Tx, username string)
 		FindInt64Col(0)
 }

-// FindUserFullname 获取管理员名称
+// FindUserId 根据多个条件查找用户ID
+func (this *UserDAO) FindUserId(tx *dbs.Tx, verifiedEmail string, verifiedMobile string) (int64, error) {
+	var query = this.Query(tx).
+		State(UserStateEnabled).
+		ResultPk()
+
+	if len(verifiedEmail) > 0 {
+		query.Attr("verifiedEmail", verifiedEmail)
+	} else if len(verifiedMobile) > 0 {
+		query.Attr("verifiedMobile", verifiedMobile)
+	} else {
+		return 0, nil
+	}
+
+	return query.FindInt64Col(0)
+}
+
+// FindUserFullname 获取用户名称
 func (this *UserDAO) FindUserFullname(tx *dbs.Tx, userId int64) (string, error) {
 	return this.Query(tx).
 		Pk(userId).
@@ -145,6 +188,14 @@ func (this *UserDAO) FindUserFullname(tx *dbs.Tx, userId int64) (string, error)
 		FindStringCol("")
 }

+// FindUserVerifiedEmail 查询用户已绑定邮箱
+func (this *UserDAO) FindUserVerifiedEmail(tx *dbs.Tx, userId int64) (string, error) {
+	return this.Query(tx).
+		Pk(userId).
+		Result("verifiedEmail").
+		FindStringCol("")
+}
+
 // CreateUser 创建用户
 func (this *UserDAO) CreateUser(tx *dbs.Tx, username string,
 	password string,
@@ -217,6 +268,14 @@ func (this *UserDAO) UpdateUser(tx *dbs.Tx, userId int64, username string, passw
 		return err
 	}

+	// 删除AccessTokens
+	if !isOn {
+		err = SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, 0, userId)
+		if err != nil {
+			return err
+		}
+	}
+
 	return this.NotifyUpdate(tx, userId)
 }

@@ -244,8 +303,20 @@ func (this *UserDAO) UpdateUserLogin(tx *dbs.Tx, userId int64, username string,
 	if len(password) > 0 {
 		op.Password = stringutil.Md5(password)
 	}
-	err := this.Save(tx, op)
-	return err
+	return this.Save(tx, op)
+}
+
+// UpdateUserPassword 修改用户密码
+func (this *UserDAO) UpdateUserPassword(tx *dbs.Tx, userId int64, password string) error {
+	if userId <= 0 {
+		return errors.New("invalid userId")
+	}
+	var op = NewUserOperator()
+	op.Id = userId
+	if len(password) > 0 {
+		op.Password = stringutil.Md5(password)
+	}
+	return this.Save(tx, op)
 }

 // CountAllEnabledUsers 计算用户数量
@@ -327,7 +398,7 @@ func (this *UserDAO) ListEnabledUserIds(tx *dbs.Tx, offset, size int64) ([]int64
 	return result, nil
 }

-// CheckUserPassword 检查用户名、密码
+// CheckUserPassword 检查用户名+密码
 func (this *UserDAO) CheckUserPassword(tx *dbs.Tx, username string, encryptedPassword string) (int64, error) {
 	if len(username) == 0 || len(encryptedPassword) == 0 {
 		return 0, nil
@@ -341,6 +412,20 @@ func (this *UserDAO) CheckUserPassword(tx *dbs.Tx, username string, encryptedPas
 		FindInt64Col(0)
 }

+// CheckUserEmailPassword 检查邮箱+密码
+func (this *UserDAO) CheckUserEmailPassword(tx *dbs.Tx, verifiedEmail string, encryptedPassword string) (int64, error) {
+	if len(verifiedEmail) == 0 || len(encryptedPassword) == 0 {
+		return 0, nil
+	}
+	return this.Query(tx).
+		Attr("verifiedEmail", verifiedEmail).
+		Attr("password", encryptedPassword).
+		Attr("state", UserStateEnabled).
+		Attr("isOn", true).
+		ResultPk().
+		FindInt64Col(0)
+}
+
 // FindUserClusterId 查找用户所在集群
 func (this *UserDAO) FindUserClusterId(tx *dbs.Tx, userId int64) (int64, error) {
 	return this.Query(tx).
@@ -573,6 +658,30 @@ func (this *UserDAO) RenewUserServersState(tx *dbs.Tx, userId int64) (bool, erro
 	return newServersEnabled, nil
 }

+// FindUserIdWithVerifiedEmail 使用验证后Email查找用户ID
+func (this *UserDAO) FindUserIdWithVerifiedEmail(tx *dbs.Tx, verifiedEmail string) (int64, error) {
+	if len(verifiedEmail) == 0 {
+
+	}
+	return this.Query(tx).
+		ResultPk().
+		State(UserStateEnabled).
+		Attr("verifiedEmail", verifiedEmail).
+		FindInt64Col(0)
+}
+
+// UpdateUserVerifiedEmail 修改已激活邮箱
+func (this *UserDAO) UpdateUserVerifiedEmail(tx *dbs.Tx, userId int64, verifiedEmail string) error {
+	if userId <= 0 {
+		return nil
+	}
+	return this.Query(tx).
+		Pk(userId).
+		Set("verifiedEmail", verifiedEmail).
+		Set("emailIsVerified", true).
+		UpdateQuickly()
+}
+
 // NotifyUpdate 用户变更通知
 func (this *UserDAO) NotifyUpdate(tx *dbs.Tx, userId int64) error {
 	if userId <= 0 {
--- a/internal/db/models/user_email_notification_dao.go
+++ b/internal/db/models/user_email_notification_dao.go
@@ -0,0 +1,28 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+type UserEmailNotificationDAO dbs.DAO
+
+func NewUserEmailNotificationDAO() *UserEmailNotificationDAO {
+	return dbs.NewDAO(&UserEmailNotificationDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeUserEmailNotifications",
+			Model:  new(UserEmailNotification),
+			PkName: "id",
+		},
+	}).(*UserEmailNotificationDAO)
+}
+
+var SharedUserEmailNotificationDAO *UserEmailNotificationDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedUserEmailNotificationDAO = NewUserEmailNotificationDAO()
+	})
+}
--- a/internal/db/models/user_email_notification_dao_test.go
+++ b/internal/db/models/user_email_notification_dao_test.go
@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/user_email_notification_model.go
+++ b/internal/db/models/user_email_notification_model.go
@@ -0,0 +1,24 @@
+package models
+
+// UserEmailNotification 邮件通知队列
+type UserEmailNotification struct {
+	Id        uint64 `field:"id"`        // ID
+	Email     string `field:"email"`     // 邮箱地址
+	Subject   string `field:"subject"`   // 标题
+	Body      string `field:"body"`      // 内容
+	CreatedAt uint64 `field:"createdAt"` // 创建时间
+	Day       string `field:"day"`       // YYYYMMDD
+}
+
+type UserEmailNotificationOperator struct {
+	Id        any // ID
+	Email     any // 邮箱地址
+	Subject   any // 标题
+	Body      any // 内容
+	CreatedAt any // 创建时间
+	Day       any // YYYYMMDD
+}
+
+func NewUserEmailNotificationOperator() *UserEmailNotificationOperator {
+	return &UserEmailNotificationOperator{}
+}
--- a/internal/db/models/user_email_notification_model_ext.go
+++ b/internal/db/models/user_email_notification_model_ext.go
--- a/internal/db/models/user_email_verification_dao.go
+++ b/internal/db/models/user_email_verification_dao.go
@@ -0,0 +1,28 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+type UserEmailVerificationDAO dbs.DAO
+
+func NewUserEmailVerificationDAO() *UserEmailVerificationDAO {
+	return dbs.NewDAO(&UserEmailVerificationDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeUserEmailVerifications",
+			Model:  new(UserEmailVerification),
+			PkName: "id",
+		},
+	}).(*UserEmailVerificationDAO)
+}
+
+var SharedUserEmailVerificationDAO *UserEmailVerificationDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedUserEmailVerificationDAO = NewUserEmailVerificationDAO()
+	})
+}
--- a/internal/db/models/user_email_verification_dao_test.go
+++ b/internal/db/models/user_email_verification_dao_test.go
@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/user_email_verification_model.go
+++ b/internal/db/models/user_email_verification_model.go
@@ -0,0 +1,28 @@
+package models
+
+// UserEmailVerification 邮箱激活邮件队列
+type UserEmailVerification struct {
+	Id         uint64 `field:"id"`         // ID
+	Email      string `field:"email"`      // 邮箱
+	UserId     uint64 `field:"userId"`     // 用户ID
+	Code       string `field:"code"`       // 激活码
+	CreatedAt  uint64 `field:"createdAt"`  // 创建时间
+	IsSent     bool   `field:"isSent"`     // 是否已发送
+	IsVerified bool   `field:"isVerified"` // 是否已激活
+	Day        string `field:"day"`        // YYYYMMDD
+}
+
+type UserEmailVerificationOperator struct {
+	Id         any // ID
+	Email      any // 邮箱
+	UserId     any // 用户ID
+	Code       any // 激活码
+	CreatedAt  any // 创建时间
+	IsSent     any // 是否已发送
+	IsVerified any // 是否已激活
+	Day        any // YYYYMMDD
+}
+
+func NewUserEmailVerificationOperator() *UserEmailVerificationOperator {
+	return &UserEmailVerificationOperator{}
+}
--- a/internal/db/models/user_email_verification_model_ext.go
+++ b/internal/db/models/user_email_verification_model_ext.go
--- a/internal/db/models/user_model.go
+++ b/internal/db/models/user_model.go
@@ -10,9 +10,11 @@ type User struct {
 	Password        string   `field:"password"`        // 密码
 	Fullname        string   `field:"fullname"`        // 真实姓名
 	Mobile          string   `field:"mobile"`          // 手机号
+	VerifiedMobile  string   `field:"verifiedMobile"`  // 已验证手机号
 	Tel             string   `field:"tel"`             // 联系电话
 	Remark          string   `field:"remark"`          // 备注
 	Email           string   `field:"email"`           // 邮箱地址
+	VerifiedEmail   string   `field:"verifiedEmail"`   // 激活后的邮箱
 	EmailIsVerified uint8    `field:"emailIsVerified"` // 邮箱是否已验证
 	AvatarFileId    uint64   `field:"avatarFileId"`    // 头像文件ID
 	CreatedAt       uint64   `field:"createdAt"`       // 创建时间
@@ -31,6 +33,7 @@ type User struct {
 	PriceType       string   `field:"priceType"`       // 计费类型：traffic|bandwidth
 	PricePeriod     string   `field:"pricePeriod"`     // 结算周期
 	ServersEnabled  uint8    `field:"serversEnabled"`  // 是否禁用所有服务
+	Notification    dbs.JSON `field:"notification"`    // 通知设置
 }

 type UserOperator struct {
@@ -40,9 +43,11 @@ type UserOperator struct {
 	Password        any // 密码
 	Fullname        any // 真实姓名
 	Mobile          any // 手机号
+	VerifiedMobile  any // 已验证手机号
 	Tel             any // 联系电话
 	Remark          any // 备注
 	Email           any // 邮箱地址
+	VerifiedEmail   any // 激活后的邮箱
 	EmailIsVerified any // 邮箱是否已验证
 	AvatarFileId    any // 头像文件ID
 	CreatedAt       any // 创建时间
@@ -61,6 +66,7 @@ type UserOperator struct {
 	PriceType       any // 计费类型：traffic|bandwidth
 	PricePeriod     any // 结算周期
 	ServersEnabled  any // 是否禁用所有服务
+	Notification    any // 通知设置
 }

 func NewUserOperator() *UserOperator {
--- a/internal/db/models/user_node_model_ext.go
+++ b/internal/db/models/user_node_model_ext.go
@@ -44,7 +44,7 @@ func (this *UserNode) DecodeHTTPS(cacheMap *utils.CacheMap) (*serverconfigs.HTTP
 	if config.SSLPolicyRef != nil {
 		policyId := config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(nil, policyId, cacheMap)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(nil, policyId, false, cacheMap)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/db/models/user_verify_code_dao.go
+++ b/internal/db/models/user_verify_code_dao.go
@@ -0,0 +1,28 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+type UserVerifyCodeDAO dbs.DAO
+
+func NewUserVerifyCodeDAO() *UserVerifyCodeDAO {
+	return dbs.NewDAO(&UserVerifyCodeDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeUserVerifyCodes",
+			Model:  new(UserVerifyCode),
+			PkName: "id",
+		},
+	}).(*UserVerifyCodeDAO)
+}
+
+var SharedUserVerifyCodeDAO *UserVerifyCodeDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedUserVerifyCodeDAO = NewUserVerifyCodeDAO()
+	})
+}
--- a/internal/db/models/user_verify_code_dao_test.go
+++ b/internal/db/models/user_verify_code_dao_test.go
@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)
--- a/internal/db/models/user_verify_code_model.go
+++ b/internal/db/models/user_verify_code_model.go
@@ -0,0 +1,32 @@
+package models
+
+// UserVerifyCode 重置密码之验证码
+type UserVerifyCode struct {
+	Id         uint64 `field:"id"`         // ID
+	Email      string `field:"email"`      // 邮箱地址
+	Mobile     string `field:"mobile"`     // 手机号
+	Code       string `field:"code"`       // 验证码
+	Type       string `field:"type"`       // 类型
+	IsSent     bool   `field:"isSent"`     // 是否已发送
+	IsVerified bool   `field:"isVerified"` // 是否已激活
+	CreatedAt  uint64 `field:"createdAt"`  // 创建时间
+	ExpiresAt  uint64 `field:"expiresAt"`  // 过期时间
+	Day        string `field:"day"`        // YYYYMMDD
+}
+
+type UserVerifyCodeOperator struct {
+	Id         any // ID
+	Email      any // 邮箱地址
+	Mobile     any // 手机号
+	Code       any // 验证码
+	Type       any // 类型
+	IsSent     any // 是否已发送
+	IsVerified any // 是否已激活
+	CreatedAt  any // 创建时间
+	ExpiresAt  any // 过期时间
+	Day        any // YYYYMMDD
+}
+
+func NewUserVerifyCodeOperator() *UserVerifyCodeOperator {
+	return &UserVerifyCodeOperator{}
+}
--- a/internal/db/models/user_verify_code_model_ext.go
+++ b/internal/db/models/user_verify_code_model_ext.go
@@ -0,0 +1 @@
+package models
--- a/internal/db/models/utils.go
+++ b/internal/db/models/utils.go
@@ -72,3 +72,11 @@ func CheckSQLErrCode(err error, code uint16) bool {

 	return false
 }
+
+// CheckSQLDuplicateErr 检查Duplicate错误
+func CheckSQLDuplicateErr(err error) bool {
+	if err == nil {
+		return false
+	}
+	return CheckSQLErrCode(err, 1062)
+}
--- a/internal/dnsclients/domain_records_cache.go
+++ b/internal/dnsclients/domain_records_cache.go
@@ -72,7 +72,7 @@ func (this *DomainRecordsCache) WriteDomainRecords(providerId int64, domain stri
 	}
 }

-// QueryDomainRecord 从缓存中读取域名记录
+// QueryDomainRecord 从缓存中读取单条域名记录
 func (this *DomainRecordsCache) QueryDomainRecord(providerId int64, domain string, recordName string, recordType string) (record *dnstypes.Record, hasRecords bool, ok bool) {
 	if providerId <= 0 || len(domain) == 0 {
 		return
@@ -117,6 +117,52 @@ func (this *DomainRecordsCache) QueryDomainRecord(providerId int64, domain strin
 	return
 }

+// QueryDomainRecords 从缓存中读取多条域名记录
+func (this *DomainRecordsCache) QueryDomainRecords(providerId int64, domain string, recordName string, recordType string) (records []*dnstypes.Record, hasRecords bool, ok bool) {
+	if providerId <= 0 || len(domain) == 0 {
+		return
+	}
+
+	domain = types.String(providerId) + "@" + domain
+
+	this.locker.Lock()
+	defer this.locker.Unlock()
+
+	// check version
+	var key = "DomainRecordsCache" + "@" + types.String(providerId) + "@" + domain
+	version, err := models.SharedSysLockerDAO.Read(nil, key)
+	if err != nil {
+		remotelogs.Error("dnsclients.BaseProvider", "ReadDomainRecordsCache: "+err.Error())
+		return
+	}
+
+	// find list
+	list, recordsOk := this.domainRecordsMap[domain]
+	if !recordsOk {
+		return
+	}
+	if version != list.version {
+		delete(this.domainRecordsMap, domain)
+		return
+	}
+
+	// check timestamp
+	if list.updatedAt < time.Now().Unix()-86400 /** 缓存有效期为一天 **/ {
+		delete(this.domainRecordsMap, domain)
+		return
+	}
+
+	hasRecords = true
+	for _, r := range list.records {
+		if r.Name == recordName && r.Type == recordType {
+			records = append(records, r)
+			ok = true
+		}
+	}
+
+	return
+}
+
 // DeleteDomainRecord 删除域名记录缓存
 func (this *DomainRecordsCache) DeleteDomainRecord(providerId int64, domain string, recordId string) {
 	if providerId <= 0 || len(domain) == 0 || len(recordId) == 0 {
--- a/internal/dnsclients/edgeapi/response_find_ns_records_with_name_and_type.go
+++ b/internal/dnsclients/edgeapi/response_find_ns_records_with_name_and_type.go
@@ -0,0 +1,21 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package edgeapi
+
+type FindNSRecordsWithNameAndTypeResponse struct {
+	BaseResponse
+
+	Data struct {
+		NSRecords []struct {
+			Id       int64  `json:"id"`
+			Name     string `json:"name"`
+			Type     string `json:"type"`
+			Value    string `json:"value"`
+			TTL      int32  `json:"ttl"`
+			NSRoutes []struct {
+				Name string `json:"name"`
+				Code string `json:"code"`
+			} `json:"nsRoutes"`
+		} `json:"nsRecords"`
+	}
+}
--- a/internal/dnsclients/provider_alidns.go
+++ b/internal/dnsclients/provider_alidns.go
@@ -154,7 +154,30 @@ func (this *AliDNSProvider) QueryRecord(domain string, name string, recordType d
 			return record, nil
 		}
 	}
-	return nil, err
+	return nil, nil
+}
+
+// QueryRecords 查询多个记录
+func (this *AliDNSProvider) QueryRecords(domain string, name string, recordType dnstypes.RecordType) ([]*dnstypes.Record, error) {
+	// 从缓存中读取
+	if this.ProviderId > 0 {
+		records, hasRecords, _ := sharedDomainRecordsCache.QueryDomainRecords(this.ProviderId, domain, name, recordType)
+		if hasRecords { // 有效的搜索
+			return records, nil
+		}
+	}
+
+	records, err := this.GetRecords(domain)
+	if err != nil {
+		return nil, err
+	}
+	var result = []*dnstypes.Record{}
+	for _, record := range records {
+		if record.Name == name && record.Type == recordType {
+			result = append(result, record)
+		}
+	}
+	return result, nil
 }

 // AddRecord 设置记录
--- a/internal/dnsclients/provider_alidns_test.go
+++ b/internal/dnsclients/provider_alidns_test.go
@@ -53,6 +53,20 @@ func TestAliDNSProvider_QueryRecord(t *testing.T) {
 	}
 }

+func TestAliDNSProvider_QueryRecords(t *testing.T) {
+	provider, err := testAliDNSProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+	{
+		records, err := provider.QueryRecords("meloy.cn", "www", "A")
+		if err != nil {
+			t.Fatal(err)
+		}
+		t.Logf("%+v", records)
+	}
+}
+
 func TestAliDNSProvider_DeleteRecord(t *testing.T) {
 	provider, err := testAliDNSProvider()
 	if err != nil {
--- a/internal/dnsclients/provider_cloud_flare.go
+++ b/internal/dnsclients/provider_cloud_flare.go
@@ -30,6 +30,9 @@ var cloudFlareHTTPClient = &http.Client{
 		TLSClientConfig: &tls.Config{
 			InsecureSkipVerify: true,
 		},
+		/**Proxy: func(req *http.Request) (*url.URL, error) {
+			return url.Parse("socks5://127.0.0.1:7890")
+		},**/
 	},
 }

@@ -64,14 +67,22 @@ func (this *CloudFlareProvider) Auth(params maps.Map) error {

 // GetDomains 获取所有域名列表
 func (this *CloudFlareProvider) GetDomains() (domains []string, err error) {
-	resp := new(cloudflare.ZonesResponse)
-	err = this.doAPI(http.MethodGet, "zones", map[string]string{}, nil, resp)
-	if err != nil {
-		return nil, err
-	}
+	for page := 1; page <= 500; page++ {
+		var resp = new(cloudflare.ZonesResponse)
+		err = this.doAPI(http.MethodGet, "zones", map[string]string{
+			"per_page": "50",
+			"page":     types.String(page),
+		}, nil, resp)
+		if err != nil {
+			return nil, err
+		}
+		if len(resp.Result) == 0 {
+			break
+		}

-	for _, zone := range resp.Result {
-		domains = append(domains, zone.Name)
+		for _, zone := range resp.Result {
+			domains = append(domains, zone.Name)
+		}
 	}

 	return
@@ -134,7 +145,7 @@ func (this *CloudFlareProvider) QueryRecord(domain string, name string, recordTy
 		return nil, err
 	}

-	resp := new(cloudflare.GetDNSRecordsResponse)
+	var resp = new(cloudflare.GetDNSRecordsResponse)
 	err = this.doAPI(http.MethodGet, "zones/"+zoneId+"/dns_records", map[string]string{
 		"per_page": "100",
 		"name":     name + "." + domain,
@@ -147,7 +158,7 @@ func (this *CloudFlareProvider) QueryRecord(domain string, name string, recordTy
 		return nil, nil
 	}

-	record := resp.Result[0]
+	var record = resp.Result[0]

 	// 修正Record
 	if record.Type == dnstypes.RecordTypeCNAME && !strings.HasSuffix(record.Content, ".") {
@@ -166,6 +177,46 @@ func (this *CloudFlareProvider) QueryRecord(domain string, name string, recordTy
 	}, nil
 }

+// QueryRecords 查询多个记录
+func (this *CloudFlareProvider) QueryRecords(domain string, name string, recordType dnstypes.RecordType) (records []*dnstypes.Record, err error) {
+	zoneId, err := this.findZoneIdWithDomain(domain)
+	if err != nil {
+		return nil, err
+	}
+
+	var resp = new(cloudflare.GetDNSRecordsResponse)
+	err = this.doAPI(http.MethodGet, "zones/"+zoneId+"/dns_records", map[string]string{
+		"per_page": "100",
+		"name":     name + "." + domain,
+		"type":     recordType,
+	}, nil, resp)
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.Result) == 0 {
+		return nil, nil
+	}
+
+	for _, record := range resp.Result {
+		// 修正Record
+		if record.Type == dnstypes.RecordTypeCNAME && !strings.HasSuffix(record.Content, ".") {
+			record.Content += "."
+		}
+
+		record.Name = strings.TrimSuffix(record.Name, "."+domain)
+
+		records = append(records, &dnstypes.Record{
+			Id:    record.Id,
+			Name:  record.Name,
+			Type:  record.Type,
+			Value: record.Content,
+			TTL:   types.Int32(record.Ttl),
+			Route: CloudFlareDefaultRoute,
+		})
+	}
+	return records, nil
+}
+
 // AddRecord 设置记录
 func (this *CloudFlareProvider) AddRecord(domain string, newRecord *dnstypes.Record) error {
 	zoneId, err := this.findZoneIdWithDomain(domain)
--- a/internal/dnsclients/provider_cloud_flare_test.go
+++ b/internal/dnsclients/provider_cloud_flare_test.go
@@ -86,6 +86,21 @@ func TestCloudFlareProvider_QueryRecord(t *testing.T) {
 	}
 }

+func TestCloudFlareProvider_QueryRecords(t *testing.T) {
+	provider, err := testCloudFlareProvider()
+	if err != nil {
+		t.Fatal(err)
+	}
+	{
+		t.Log("== www.meloy.cn/A ==")
+		records, err := provider.QueryRecords("meloy.cn", "www", dnstypes.RecordTypeA)
+		if err != nil {
+			t.Fatal(err)
+		}
+		logs.PrintAsJSON(records, t)
+	}
+}
+
 func TestCloudFlareProvider_AddRecord(t *testing.T) {
 	provider, err := testCloudFlareProvider()
 	if err != nil {
@@ -156,19 +171,19 @@ func testCloudFlareProvider() (ProviderInterface, error) {
 	if err != nil {
 		return nil, err
 	}
-	one, err := db.FindOne("SELECT * FROM edgeDNSProviders WHERE type='cloudFlare' ORDER BY id DESC")
+	one, err := db.FindOne("SELECT * FROM edgeDNSProviders WHERE type='cloudFlare' AND state=1 ORDER BY id DESC")
 	if err != nil {
 		return nil, err
 	}
 	if one == nil {
 		return nil, errors.New("can not find providers with type 'cloudFlare'")
 	}
-	apiParams := maps.Map{}
+	var apiParams = maps.Map{}
 	err = json.Unmarshal([]byte(one.GetString("apiParams")), &apiParams)
 	if err != nil {
 		return nil, err
 	}
-	provider := &CloudFlareProvider{}
+	var provider = &CloudFlareProvider{}
 	err = provider.Auth(apiParams)
 	if err != nil {
 		return nil, err
--- a/internal/dnsclients/provider_custom_http.go
+++ b/internal/dnsclients/provider_custom_http.go
@@ -103,7 +103,7 @@ func (this *CustomHTTPProvider) QueryRecord(domain string, name string, recordTy
 	if len(resp) == 0 || string(resp) == "null" {
 		return nil, nil
 	}
-	record := &dnstypes.Record{}
+	var record = &dnstypes.Record{}
 	err = json.Unmarshal(resp, record)
 	if err != nil {
 		return nil, err
@@ -114,6 +114,28 @@ func (this *CustomHTTPProvider) QueryRecord(domain string, name string, recordTy
 	return record, nil
 }

+// QueryRecords 查询多个记录
+func (this *CustomHTTPProvider) QueryRecords(domain string, name string, recordType dnstypes.RecordType) (result []*dnstypes.Record, err error) {
+	resp, err := this.post(maps.Map{
+		"action":     "QueryRecords",
+		"domain":     domain,
+		"name":       name,
+		"recordType": recordType,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp) == 0 || string(resp) == "null" {
+		return nil, nil
+	}
+	result = []*dnstypes.Record{}
+	err = json.Unmarshal(resp, &result)
+	if err != nil {
+		return nil, err
+	}
+	return result, nil
+}
+
 // AddRecord 设置记录
 func (this *CustomHTTPProvider) AddRecord(domain string, newRecord *dnstypes.Record) error {
 	_, err := this.post(maps.Map{
--- a/internal/dnsclients/provider_dnspod.go
+++ b/internal/dnsclients/provider_dnspod.go
@@ -186,7 +186,30 @@ func (this *DNSPodProvider) QueryRecord(domain string, name string, recordType d
 			return record, nil
 		}
 	}
-	return nil, err
+	return nil, nil
+}
+
+// QueryRecords 查询多个记录
+func (this *DNSPodProvider) QueryRecords(domain string, name string, recordType dnstypes.RecordType) ([]*dnstypes.Record, error) {
+	// 从缓存中读取
+	if this.ProviderId > 0 {
+		records, hasRecords, _ := sharedDomainRecordsCache.QueryDomainRecords(this.ProviderId, domain, name, recordType)
+		if hasRecords { // 有效的搜索
+			return records, nil
+		}
+	}
+
+	records, err := this.GetRecords(domain)
+	if err != nil {
+		return nil, err
+	}
+	var result = []*dnstypes.Record{}
+	for _, record := range records {
+		if record.Name == name && record.Type == recordType {
+			result = append(result, record)
+		}
+	}
+	return result, nil
 }

 // AddRecord 设置记录
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
刘祥超	b512f3d680	删除用户的时候更改以往同名用户的用户名，防止冲突	2023-01-13 18:51:50 +08:00
刘祥超	d4e829e57c	版本号修改为0.6.3	2023-01-11 15:45:13 +08:00
刘祥超	78798060e7	版本号更改为0.6.2	2023-01-10 21:18:08 +08:00
刘祥超	b2569a8dac	版本修改为0.6.1	2023-01-09 16:06:34 +08:00
刘祥超	4bd7ec9871	优化远程安装时uname读取方法	2023-01-08 20:13:09 +08:00
刘祥超	95cfad60c4	更新SQL	2023-01-08 20:12:38 +08:00
刘祥超	7f51d451f7	用户Dashboard信息中增加缓存、攻击相关信息	2023-01-08 11:50:47 +08:00
刘祥超	a4fb0fd795	更新SQL	2023-01-07 19:36:09 +08:00
刘祥超	c02928dd44	升级数据库时同时升级edgeClientAgentIPs中的countIPs字段值	2023-01-07 10:29:08 +08:00
刘祥超	e70c49d407	创建缓存任务时即使没有有效的Key，也可以在后台查看创建的任务	2023-01-05 17:09:20 +08:00
刘祥超	e1c1984fd4	华为云可以设置终端节点（endpoint）	2023-01-01 18:29:33 +08:00
刘祥超	f801d304c6	优化代码	2022-12-31 17:31:27 +08:00
刘祥超	178a38c6d9	优化证书加载速度	2022-12-31 17:21:40 +08:00
刘祥超	e356707db7	优化证书数量很多时的页面加载速度	2022-12-31 17:12:39 +08:00
刘祥超	8d3043d0fe	实现UA名单功能	2022-12-30 20:49:20 +08:00
刘祥超	1e494bd1fd	更新SQL	2022-12-29 19:15:01 +08:00
刘祥超	b726c8d589	增加CORS自适应跨域	2022-12-29 17:16:21 +08:00
刘祥超	e71e80703d	远程安装时使用uname取代/usr/bin/uname命令	2022-12-28 19:01:09 +08:00
刘祥超	c9b666e5bc	增加基础的用户邮件通知	2022-12-27 18:53:49 +08:00
刘祥超	874139ea07	调整Agent相关接口权限	2022-12-22 11:42:30 +08:00
刘祥超	05d79ad606	服务没有所属用户时，可以修改所属用户	2022-12-21 17:07:02 +08:00
刘祥超	13c78a5fec	修改/取消服务套餐同时按需变更DNS	2022-12-17 15:16:01 +08:00
刘祥超	f3e3824b7d	DNS完善实现SRV和CAA记录	2022-12-15 16:17:54 +08:00
刘祥超	67473c2dcf	优化代码	2022-12-14 17:32:24 +08:00
刘祥超	3921c547be	智能DNS初步支持搜索引擎线路	2022-12-13 18:39:23 +08:00
刘祥超	3e0d2fda6a	优化代码	2022-12-12 11:12:55 +08:00
刘祥超	7ff6c0c18b	优化代码	2022-12-12 10:28:22 +08:00
刘祥超	e76464673a	实现用户通过邮件重置密码功能	2022-12-10 15:57:17 +08:00
刘祥超	1ab849d9b0	初步完成用户电子邮箱绑定（激活）	2022-12-08 20:25:46 +08:00
刘祥超	781c851571	增加测试用例	2022-12-06 14:53:38 +08:00
刘祥超	0b19d93a47	缩短访问日志自动清理时间（从每12个小时改成每6个小时）	2022-12-03 21:51:55 +08:00
刘祥超	2856f7716b	实现线路优先级	2022-12-03 20:49:53 +08:00
刘祥超	c9ba24dc96	操作系统和浏览器ID字段改为bigint	2022-12-03 20:49:46 +08:00
刘祥超	a660fb1f42	调整自动远程启动离线节点的错误级别	2022-12-02 17:34:24 +08:00
刘祥超	8586ad6478	管理员和用户状态为不可用时，删除已生成的API令牌	2022-12-02 17:33:45 +08:00
刘祥超	0fab6fecfe	获取API令牌时检查管理员和用户状态	2022-12-02 17:33:01 +08:00
刘祥超	d752bb08c7	版本号更改为0.6.0	2022-11-29 15:41:21 +08:00
刘祥超	6f845f36c9	版本号修改为0.5.10	2022-11-28 18:59:09 +08:00
刘祥超	66bc60a47c	更新SQL	2022-11-28 18:17:25 +08:00
刘祥超	1c048da1f0	节点版本号修改为0.5.9	2022-11-28 18:14:17 +08:00
刘祥超	da8aa20f83	版本号修改为0.5.9	2022-11-28 15:58:40 +08:00
刘祥超	14315923d8	删除不必要的文件	2022-11-26 19:49:05 +08:00
刘祥超	3d3228fe96	修复删除节点时不能自动同步DNS的问题	2022-11-26 19:02:08 +08:00
刘祥超	173ac5a8aa	优化健康检查连接超时时间	2022-11-26 18:11:35 +08:00
刘祥超	e9c5d7e7cf	健康检查没有开启上下线的时候也发送节点状态变更通知	2022-11-26 15:54:16 +08:00
刘祥超	194127dce9	提交SQL	2022-11-26 15:39:16 +08:00
刘祥超	86cb7e9d41	缓存任务：校验缓存Key时支持域名中含有星号通配符	2022-11-26 15:03:24 +08:00
刘祥超	b2774de6a2	健康检查时只有开启了自动下线才发送上线通知	2022-11-25 15:48:57 +08:00
刘祥超	3a4722b701	用户可以使用管理员设置的公用线路	2022-11-24 17:19:51 +08:00
刘祥超	028aea4e3d	完全没有设置过SSH登录参数的节点也可以远程安装	2022-11-23 19:39:35 +08:00
刘祥超	c3dd97a7c1	增加数据库版本号	2022-11-22 14:32:04 +08:00
刘祥超	d527fcdd78	在节点详情中显示API节点地址	2022-11-21 21:09:06 +08:00
刘祥超	d6f311e057	节点可以单独设置所使用的API节点地址	2022-11-21 19:55:01 +08:00
刘祥超	991e08fa71	远程安装节点时uname读取失败时自动重试	2022-11-18 15:57:06 +08:00
刘祥超	06b44dc101	提升ssh sudo安装的稳定性	2022-11-18 15:44:53 +08:00
刘祥超	2d94b994fa	DNS API支持查询多个同名记录/优化ACME申请	2022-11-17 17:33:59 +08:00
刘祥超	c036186dde	优化代码	2022-11-17 10:01:07 +08:00
刘祥超	bc2ad13037	集群被删除或者不可用时，健康检查时不提示错误	2022-11-16 14:10:03 +08:00
刘祥超	bfa04856aa	同步域名解析时自动剔除相同的节点A记录	2022-11-16 09:01:41 +08:00
刘祥超	feb1068441	边缘节点支持设置多个缓存目录	2022-11-15 20:35:59 +08:00
刘祥超	181a4d05b0	生成账单时只处理用户ID大于0的记录	2022-11-15 16:34:33 +08:00
刘祥超	c449265e05	cloudflare域名单页读取数从20修改为50，修复测试用例	2022-11-14 21:15:10 +08:00
刘祥超	e778616b5c	修复cloudflare域名只能读取第一页的问题	2022-11-14 21:04:13 +08:00
刘祥超	dad5be2670	缩短节点运行日志队列长度	2022-11-14 16:42:18 +08:00
刘祥超	414afd17b8	在写入API节点日志时尽量避免重复内容	2022-11-14 16:38:11 +08:00
刘祥超	86a806bca2	修复默认黑白名单不是全局的问题	2022-11-13 10:31:42 +08:00
刘祥超	faed7420a7	安装过程显示更详细内容	2022-11-11 21:48:00 +08:00
刘祥超	ae14ff4f9f	优化操作系统和浏览器统计相关程序	2022-11-11 17:48:30 +08:00
刘祥超	99e1658fdf	默认创建的IP名单设置为全局有效	2022-11-11 16:12:15 +08:00
刘祥超	e79264eefc	检查检查时先检查集群是否已经部署服务，如果没有部署服务，则直接跳过	2022-11-10 12:44:12 +08:00
刘祥超	dd0e26e7bc	访问日志搜索method:XXX和requestMethod:XXX方法	2022-11-09 11:58:50 +08:00
刘祥超	342c4bfbc2	NSRecords增加mxPriority字段	2022-11-06 20:34:57 +08:00
刘祥超	7d2b8fd4c8	保持导出SQL的稳定性	2022-11-06 19:26:23 +08:00
刘祥超	6426622992	优化代码	2022-11-06 19:13:47 +08:00
刘祥超	3d154411de	将指标统计导入到数据库时忽略 transaction deadlock错误	2022-11-06 16:03:33 +08:00
刘祥超	241f41e900	使用版本号来读取节点任务，提升任务同步稳定性	2022-11-06 12:03:11 +08:00
刘祥超	6c3d24d895	修复域名解析--DNS服务商--同步域名时无法解析集群额外附加的CNAME的问题	2022-11-05 19:25:35 +08:00
刘祥超	b2a0204f6b	优化代码	2022-11-05 14:39:40 +08:00
刘祥超	a9d71652b7	带宽相关数据增加百分位	2022-11-04 20:30:53 +08:00
刘祥超	1b6bfb33d6	用户看板增加带宽百分位	2022-11-04 17:39:53 +08:00
刘祥超	aec0d8d681	优化代码	2022-11-04 15:23:02 +08:00
刘祥超	e38871b52d	优化代码	2022-11-03 15:17:59 +08:00
刘祥超	c1b4551dd1	提升数据库升级速度	2022-11-02 16:58:09 +08:00
刘祥超	d479140f87	版本修改为0.5.8	2022-11-02 15:11:27 +08:00