DNS任务增加失败重试

.golangci.yaml

@@ -0,0 +1,75 @@
+# https://golangci-lint.run/usage/configuration/
+
+linters:
+  enable-all: true
+  disable:
+    - ifshort
+    - exhaustivestruct
+    - golint
+    - nosnakecase
+    - scopelint
+    - varcheck
+    - structcheck
+    - interfacer
+    - maligned
+    - deadcode
+    - dogsled
+    - wrapcheck
+    - wastedassign
+    - varnamelen
+    - testpackage
+    - thelper
+    - nilerr
+    - sqlclosecheck
+    - paralleltest
+    - nonamedreturns
+    - nlreturn
+    - nakedret
+    - ireturn
+    - interfacebloat
+    - gosmopolitan
+    - gomnd
+    - goerr113
+    - gochecknoglobals
+    - exhaustruct
+    - errorlint
+    - depguard
+    - exhaustive
+    - containedctx
+    - wsl
+    - cyclop
+    - dupword
+    - errchkjson
+    - contextcheck
+    - tagalign
+    - dupl
+    - forbidigo
+    - funlen
+    - goconst
+    - godox
+    - gosec
+    - lll
+    - nestif
+    - revive
+    - unparam
+    - stylecheck
+    - gocritic
+    - gofumpt
+    - gomoddirectives
+    - godot
+    - gofmt
+    - gocognit
+    - mirror
+    - gocyclo
+    - gochecknoinits
+    - gci
+    - maintidx
+    - prealloc
+    - goimports
+    - errname
+    - musttag
+    - forcetypeassert
+    - whitespace
+    - noctx
+    - tagliatelle
+    - nilnil

internal/acme/acme_test.go

@@ -130,6 +130,9 @@ func TestGenerate_EAB(t *testing.T) {
 	} else {
 		reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 	}
+	if err != nil {
+		t.Fatal(err)
+	}
 	myUser.Registration = reg
 
 	request := certificate.ObtainRequest{

internal/acme/dns_provider.go

@@ -1,6 +1,7 @@
 package acme
 
 import (
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
@@ -45,7 +46,7 @@ func (this *DNSProvider) Present(domain, token, keyAuth string) error {
 	if !wasDeleted {
 		records, err := this.raw.QueryRecords(this.dnsDomain, recordName, dnstypes.RecordTypeTXT)
 		if err != nil {
-			return errors.New("query DNS record failed: " + err.Error())
+			return fmt.Errorf("query DNS record failed: %w", err)
 		}
 		for _, record := range records {
 			err = this.raw.DeleteRecord(this.dnsDomain, record)
@@ -67,7 +68,7 @@ func (this *DNSProvider) Present(domain, token, keyAuth string) error {
 		Route: this.raw.DefaultRoute(),
 	})
 	if err != nil {
-		return errors.New("create DNS record failed: " + err.Error())
+		return fmt.Errorf("create DNS record failed: %w", err)
 	}
 
 	return nil

internal/acme/request.go

@@ -1,6 +1,7 @@
 package acme
 
 import (
+	"fmt"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/go-acme/lego/v4/certcrypto"
@@ -92,26 +93,26 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	// 注册用户
 	var resource = this.task.User.GetRegistration()
 	if resource != nil {
-		resource, err = client.Registration.QueryRegistration()
+		_, err = client.Registration.QueryRegistration()
 		if err != nil {
 			return nil, nil, err
 		}
 	} else {
 		if this.task.Provider.RequireEAB {
-			resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+			resource, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 				TermsOfServiceAgreed: true,
 				Kid:                  this.task.Account.EABKid,
 				HmacEncoded:          this.task.Account.EABKey,
 			})
 			if err != nil {
-				return nil, nil, errors.New("register user failed: " + err.Error())
+				return nil, nil, fmt.Errorf("register user failed: %w", err)
 			}
 			err = this.task.User.Register(resource)
 			if err != nil {
 				return nil, nil, err
 			}
 		} else {
-			resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+			resource, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 			if err != nil {
 				return nil, nil, err
 			}
@@ -134,7 +135,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
 	}
 	certResource, err := client.Certificate.Obtain(request)
 	if err != nil {
-		return nil, nil, errors.New("obtain cert failed: " + err.Error())
+		return nil, nil, fmt.Errorf("obtain cert failed: %w", err)
 	}
 
 	return certResource.Certificate, certResource.PrivateKey, nil
@@ -165,26 +166,26 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
 	// 注册用户
 	var resource = this.task.User.GetRegistration()
 	if resource != nil {
-		resource, err = client.Registration.QueryRegistration()
+		_, err = client.Registration.QueryRegistration()
 		if err != nil {
 			return nil, nil, err
 		}
 	} else {
 		if this.task.Provider.RequireEAB {
-			resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+			resource, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 				TermsOfServiceAgreed: true,
 				Kid:                  this.task.Account.EABKid,
 				HmacEncoded:          this.task.Account.EABKey,
 			})
 			if err != nil {
-				return nil, nil, errors.New("register user failed: " + err.Error())
+				return nil, nil, fmt.Errorf("register user failed: %w", err)
 			}
 			err = this.task.User.Register(resource)
 			if err != nil {
 				return nil, nil, err
 			}
 		} else {
-			resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+			resource, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 			if err != nil {
 				return nil, nil, err
 			}

internal/apps/app_cmd.go

@@ -1,6 +1,7 @@
 package apps
 
 import (
+	"errors"
 	"fmt"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/iwind/TeaGo/logs"
@@ -9,8 +10,10 @@ import (
 	"github.com/iwind/gosock/pkg/gosock"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"runtime"
 	"strconv"
+	"strings"
 	"time"
 )
 
@@ -184,13 +187,16 @@ func (this *AppCmd) runStart() {
 		return
 	}
 
-	cmd := exec.Command(os.Args[0])
+	var cmd = exec.Command(this.exe())
 	err := cmd.Start()
 	if err != nil {
 		fmt.Println(this.product+"  start failed:", err.Error())
 		return
 	}
 
+	// create symbolic links
+	_ = this.createSymLinks()
+
 	fmt.Println(this.product+" started ok, pid:", cmd.Process.Pid)
 }
 
@@ -237,3 +243,58 @@ func (this *AppCmd) getPID() int {
 	}
 	return maps.NewMap(reply.Params).GetInt("pid")
 }
+
+func (this *AppCmd) exe() string {
+	var exe, _ = os.Executable()
+	if len(exe) == 0 {
+		exe = os.Args[0]
+	}
+	return exe
+}
+
+// 创建软链接
+func (this *AppCmd) createSymLinks() error {
+	if runtime.GOOS != "linux" {
+		return nil
+	}
+
+	var exe, _ = os.Executable()
+	if len(exe) == 0 {
+		return nil
+	}
+
+	var errorList = []string{}
+
+	// bin
+	{
+		var target = "/usr/bin/" + teaconst.ProcessName
+		old, _ := filepath.EvalSymlinks(target)
+		if old != exe {
+			_ = os.Remove(target)
+			err := os.Symlink(exe, target)
+			if err != nil {
+				errorList = append(errorList, err.Error())
+			}
+		}
+	}
+
+	// log
+	{
+		var realPath = filepath.Dir(filepath.Dir(exe)) + "/logs/run.log"
+		var target = "/var/log/" + teaconst.ProcessName + ".log"
+		old, _ := filepath.EvalSymlinks(target)
+		if old != realPath {
+			_ = os.Remove(target)
+			err := os.Symlink(realPath, target)
+			if err != nil {
+				errorList = append(errorList, err.Error())
+			}
+		}
+	}
+
+	if len(errorList) > 0 {
+		return errors.New(strings.Join(errorList, "\n"))
+	}
+
+	return nil
+}

internal/const/const.go

@@ -1,7 +1,7 @@
 package teaconst
 
 const (
-	Version = "1.2.1"
+	Version = "1.2.7"
 
 	ProductName   = "Edge API"
 	ProcessName   = "edge-api"
@@ -18,7 +18,7 @@ const (
 
 	// 其他节点版本号，用来检测是否有需要升级的节点
 
-	NodeVersion = "1.2.1"
+	NodeVersion = "1.2.7"
 
 	// SQLVersion SQL版本号
 	SQLVersion = "11"

internal/db/models/acme/acme_task_dao.go

@@ -2,6 +2,7 @@ package acme
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	acmeutils "github.com/TeaOSLab/EdgeAPI/internal/acme"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
@@ -434,7 +435,7 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
 		CertData: certData,
 		KeyData:  keyData,
 	}
-	err = sslConfig.Init(nil)
+	err = sslConfig.Init(context.Background())
 	if err != nil {
 		errMsg = "证书生成成功，但是分析证书信息时发生错误：" + err.Error()
 		return

internal/db/models/api_node_model_ext.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
@@ -37,7 +38,7 @@ func (this *APINode) DecodeHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*serverc
 		return nil, err
 	}
 
-	err = config.Init(nil)
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}
@@ -55,7 +56,7 @@ func (this *APINode) DecodeHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*serverc
 		}
 	}
 
-	err = config.Init(nil)
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}
@@ -135,7 +136,7 @@ func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*ser
 		return nil, err
 	}
 
-	err = config.Init(nil)
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}
@@ -153,7 +154,7 @@ func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx, cacheMap *utils.CacheMap) (*ser
 		}
 	}
 
-	err = config.Init(nil)
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}

internal/db/models/dns/dns_task_dao.go

@@ -61,11 +61,12 @@ func (this *DNSTaskDAO) CreateDNSTask(tx *dbs.Tx, clusterId int64, serverId int6
 		"error":      "",
 		"version":    time.Now().UnixNano(),
 	}, maps.Map{
-		"updatedAt": time.Now().Unix(),
-		"isDone":    false,
-		"isOk":      false,
-		"error":     "",
-		"version":   time.Now().UnixNano(),
+		"updatedAt":  time.Now().Unix(),
+		"isDone":     false,
+		"isOk":       false,
+		"error":      "",
+		"version":    time.Now().UnixNano(),
+		"countFails": 0,
 	})
 	if err != nil {
 		return err
@@ -108,7 +109,7 @@ func (this *DNSTaskDAO) CreateDomainTask(tx *dbs.Tx, domainId int64, taskType DN
 // FindAllDoingTasks 查找所有正在执行的任务
 func (this *DNSTaskDAO) FindAllDoingTasks(tx *dbs.Tx) (result []*DNSTask, err error) {
 	_, err = this.Query(tx).
-		Attr("isDone", 0).
+		Where("(isDone=0 OR (isDone=1 AND isOk=0 AND countFails<3))"). // 3 = retry times
 		Asc("version").
 		AscPk().
 		Slice(&result).
@@ -171,6 +172,7 @@ func (this *DNSTaskDAO) UpdateDNSTaskError(tx *dbs.Tx, taskId int64, err string)
 	op.IsDone = true
 	op.Error = err
 	op.IsOk = false
+	op.CountFails = dbs.SQL("countFails+1")
 	return this.Save(tx, op)
 }
 
@@ -197,6 +199,7 @@ func (this *DNSTaskDAO) UpdateDNSTaskDone(tx *dbs.Tx, taskId int64, taskVersion
 	op.Id = taskId
 	op.IsDone = true
 	op.IsOk = true
+	op.CountFails = 0
 	op.Error = ""
 	return this.Save(tx, op)
 }
@@ -219,6 +222,7 @@ func (this *DNSTaskDAO) UpdateClusterDNSTasksDone(tx *dbs.Tx, clusterId int64, m
 		Set("isDone", true).
 		Set("isOk", true).
 		Set("error", "").
+		Set("countFails", 0).
 		UpdateQuickly()
 }
 

internal/db/models/dns/dns_task_model.go

@@ -1,5 +1,23 @@
 package dns
 
+import "github.com/iwind/TeaGo/dbs"
+
+const (
+	DNSTaskField_Id         dbs.FieldName = "id"         // ID
+	DNSTaskField_ClusterId  dbs.FieldName = "clusterId"  // 集群ID
+	DNSTaskField_ServerId   dbs.FieldName = "serverId"   // 服务ID
+	DNSTaskField_NodeId     dbs.FieldName = "nodeId"     // 节点ID
+	DNSTaskField_DomainId   dbs.FieldName = "domainId"   // 域名ID
+	DNSTaskField_RecordName dbs.FieldName = "recordName" // 记录名
+	DNSTaskField_Type       dbs.FieldName = "type"       // 任务类型
+	DNSTaskField_UpdatedAt  dbs.FieldName = "updatedAt"  // 更新时间
+	DNSTaskField_IsDone     dbs.FieldName = "isDone"     // 是否已完成
+	DNSTaskField_IsOk       dbs.FieldName = "isOk"       // 是否成功
+	DNSTaskField_Error      dbs.FieldName = "error"      // 错误信息
+	DNSTaskField_Version    dbs.FieldName = "version"    // 版本
+	DNSTaskField_CountFails dbs.FieldName = "countFails" // 尝试失败次数
+)
+
 // DNSTask DNS更新任务
 type DNSTask struct {
 	Id         uint64 `field:"id"`         // ID
@@ -14,6 +32,7 @@ type DNSTask struct {
 	IsOk       bool   `field:"isOk"`       // 是否成功
 	Error      string `field:"error"`      // 错误信息
 	Version    uint64 `field:"version"`    // 版本
+	CountFails uint32 `field:"countFails"` // 尝试失败次数
 }
 
 type DNSTaskOperator struct {
@@ -29,6 +48,7 @@ type DNSTaskOperator struct {
 	IsOk       any // 是否成功
 	Error      any // 错误信息
 	Version    any // 版本
+	CountFails any // 尝试失败次数
 }
 
 func NewDNSTaskOperator() *DNSTaskOperator {

internal/db/models/dns/dnsutils/dns_utils.go

@@ -3,6 +3,7 @@
 package dnsutils
 
 import (
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/dns"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients"
@@ -217,7 +218,7 @@ func FindDefaultDomainRoute(tx *dbs.Tx, domain *dns.DNSDomain) (string, error) {
 	}
 	paramsMap, err := provider.DecodeAPIParams()
 	if err != nil {
-		return "", errors.New("decode provider params failed: " + err.Error())
+		return "", fmt.Errorf("decode provider params failed: %w", err)
 	}
 	var dnsProvider = dnsclients.FindProvider(provider.Type, int64(provider.Id))
 	if dnsProvider == nil {

internal/db/models/http_access_log_dao.go

@@ -232,7 +232,7 @@ Loop:
 
 // CreateHTTPAccessLog 写入单条访问日志
 func (this *HTTPAccessLogDAO) CreateHTTPAccessLog(tx *dbs.Tx, dao *HTTPAccessLogDAO, accessLog *pb.HTTPAccessLog) error {
-	var day = ""
+	var day string
 	// 注意：如果你修改了 TimeISO8601 的逻辑，这里也需要同步修改
 	if len(accessLog.TimeISO8601) > 10 {
 		day = strings.ReplaceAll(accessLog.TimeISO8601[:10], "-", "")

internal/db/models/http_access_log_manager.go

@@ -41,7 +41,7 @@ func (this *HTTPAccessLogManager) FindTableNames(db *dbs.DB, day string) ([]stri
 	for _, prefix := range []string{"edgeHTTPAccessLogs_" + day + "%", "edgehttpaccesslogs_" + day + "%"} {
 		ones, columnNames, err := db.FindPreparedOnes(`SHOW TABLES LIKE '` + prefix + `'`)
 		if err != nil {
-			return nil, errors.New("query table names error: " + err.Error())
+			return nil, fmt.Errorf("query table names error: %w", err)
 		}
 
 		var columnName = columnNames[0]
@@ -88,7 +88,7 @@ func (this *HTTPAccessLogManager) FindTables(db *dbs.DB, day string) ([]*httpAcc
 	for _, prefix := range []string{"edgeHTTPAccessLogs_" + day + "%", "edgehttpaccesslogs_" + day + "%"} {
 		ones, columnNames, err := db.FindPreparedOnes(`SHOW TABLES LIKE '` + prefix + `'`)
 		if err != nil {
-			return nil, errors.New("query table names error: " + err.Error())
+			return nil, fmt.Errorf("query table names error: %w", err)
 		}
 
 		var columnName = columnNames[0]
@@ -373,7 +373,7 @@ func (this *HTTPAccessLogManager) findTableWithoutCache(db *dbs.DB, day string,
 		var lastInt64Id = types.Int64(lastId)
 		if accessLogRowsPerTable > 0 && lastInt64Id >= accessLogRowsPerTable {
 			// create next partial table
-			var nextTableName = ""
+			var nextTableName string
 			if accessLogTableMainReg.MatchString(lastTableName) {
 				nextTableName = prefix + "_0001"
 			} else if accessLogTablePartialReg.MatchString(lastTableName) {

internal/db/models/http_cache_policy_dao.go

@@ -96,7 +96,7 @@ func (this *HTTPCachePolicyDAO) FindAllEnabledCachePolicies(tx *dbs.Tx) (result
 }
 
 // CreateCachePolicy 创建缓存策略
-func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name string, description string, capacityJSON []byte, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool) (int64, error) {
+func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name string, description string, capacityJSON []byte, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool, fetchTimeoutJSON []byte) (int64, error) {
 	var op = NewHTTPCachePolicyOperator()
 	op.State = HTTPCachePolicyStateEnabled
 	op.IsOn = isOn
@@ -114,6 +114,10 @@ func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name st
 	}
 	op.SyncCompressionCache = syncCompressionCache
 
+	if len(fetchTimeoutJSON) > 0 {
+		op.FetchTimeout = fetchTimeoutJSON
+	}
+
 	// 默认的缓存条件
 	cacheRef := &serverconfigs.HTTPCacheRef{
 		IsOn:                  true,
@@ -183,7 +187,7 @@ func (this *HTTPCachePolicyDAO) CreateDefaultCachePolicy(tx *dbs.Tx, name string
 		return 0, err
 	}
 
-	policyId, err := this.CreateCachePolicy(tx, true, "\""+name+"\"缓存策略", "默认创建的缓存策略", capacityJSON, maxSizeJSON, serverconfigs.CachePolicyStorageFile, storageOptionsJSON, false)
+	policyId, err := this.CreateCachePolicy(tx, true, "\""+name+"\"缓存策略", "默认创建的缓存策略", capacityJSON, maxSizeJSON, serverconfigs.CachePolicyStorageFile, storageOptionsJSON, false, nil)
 	if err != nil {
 		return 0, err
 	}
@@ -191,7 +195,7 @@ func (this *HTTPCachePolicyDAO) CreateDefaultCachePolicy(tx *dbs.Tx, name string
 }
 
 // UpdateCachePolicy 修改缓存策略
-func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, capacityJSON []byte, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool) error {
+func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, capacityJSON []byte, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte, syncCompressionCache bool, fetchTimeoutJSON []byte) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -212,6 +216,9 @@ func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, is
 		op.Options = storageOptionsJSON
 	}
 	op.SyncCompressionCache = syncCompressionCache
+	if len(fetchTimeoutJSON) > 0 {
+		op.FetchTimeout = fetchTimeoutJSON
+	}
 	err := this.Save(tx, op)
 	if err != nil {
 		return err
@@ -237,7 +244,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 	if policy == nil {
 		return nil, nil
 	}
-	config := &serverconfigs.HTTPCachePolicy{}
+	var config = &serverconfigs.HTTPCachePolicy{}
 	config.Id = int64(policy.Id)
 	config.IsOn = policy.IsOn
 	config.Name = policy.Name
@@ -246,7 +253,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 
 	// capacity
 	if IsNotNull(policy.Capacity) {
-		capacityConfig := &shared.SizeCapacity{}
+		var capacityConfig = &shared.SizeCapacity{}
 		err = json.Unmarshal(policy.Capacity, capacityConfig)
 		if err != nil {
 			return nil, err
@@ -256,7 +263,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 
 	// max size
 	if IsNotNull(policy.MaxSize) {
-		maxSizeConfig := &shared.SizeCapacity{}
+		var maxSizeConfig = &shared.SizeCapacity{}
 		err = json.Unmarshal(policy.MaxSize, maxSizeConfig)
 		if err != nil {
 			return nil, err
@@ -268,7 +275,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 
 	// options
 	if IsNotNull(policy.Options) {
-		m := map[string]interface{}{}
+		var m = map[string]any{}
 		err = json.Unmarshal(policy.Options, &m)
 		if err != nil {
 			return nil, errors.Wrap(err)
@@ -278,7 +285,7 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 
 	// refs
 	if IsNotNull(policy.Refs) {
-		refs := []*serverconfigs.HTTPCacheRef{}
+		var refs = []*serverconfigs.HTTPCacheRef{}
 		err = json.Unmarshal(policy.Refs, &refs)
 		if err != nil {
 			return nil, err
@@ -286,6 +293,16 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, c
 		config.CacheRefs = refs
 	}
 
+	// fetch timeout
+	if IsNotNull(policy.FetchTimeout) {
+		var timeoutDuration = &shared.TimeDuration{}
+		err = json.Unmarshal(policy.FetchTimeout, timeoutDuration)
+		if err != nil {
+			return nil, err
+		}
+		config.FetchTimeout = timeoutDuration
+	}
+
 	if cacheMap != nil {
 		cacheMap.Put(cacheKey, config)
 	}

internal/db/models/http_cache_policy_model.go

@@ -2,6 +2,26 @@ package models
 
 import "github.com/iwind/TeaGo/dbs"
 
+const (
+	HTTPCachePolicyField_Id                   dbs.FieldName = "id"                   // ID
+	HTTPCachePolicyField_AdminId              dbs.FieldName = "adminId"              // 管理员ID
+	HTTPCachePolicyField_UserId               dbs.FieldName = "userId"               // 用户ID
+	HTTPCachePolicyField_TemplateId           dbs.FieldName = "templateId"           // 模版ID
+	HTTPCachePolicyField_IsOn                 dbs.FieldName = "isOn"                 // 是否启用
+	HTTPCachePolicyField_Name                 dbs.FieldName = "name"                 // 名称
+	HTTPCachePolicyField_Capacity             dbs.FieldName = "capacity"             // 容量数据
+	HTTPCachePolicyField_MaxKeys              dbs.FieldName = "maxKeys"              // 最多Key值
+	HTTPCachePolicyField_MaxSize              dbs.FieldName = "maxSize"              // 最大缓存内容尺寸
+	HTTPCachePolicyField_Type                 dbs.FieldName = "type"                 // 存储类型
+	HTTPCachePolicyField_Options              dbs.FieldName = "options"              // 存储选项
+	HTTPCachePolicyField_CreatedAt            dbs.FieldName = "createdAt"            // 创建时间
+	HTTPCachePolicyField_State                dbs.FieldName = "state"                // 状态
+	HTTPCachePolicyField_Description          dbs.FieldName = "description"          // 描述
+	HTTPCachePolicyField_Refs                 dbs.FieldName = "refs"                 // 默认的缓存设置
+	HTTPCachePolicyField_SyncCompressionCache dbs.FieldName = "syncCompressionCache" // 是否同步写入压缩缓存
+	HTTPCachePolicyField_FetchTimeout         dbs.FieldName = "fetchTimeout"         // 预热超时时间
+)
+
 // HTTPCachePolicy HTTP缓存策略
 type HTTPCachePolicy struct {
 	Id                   uint32   `field:"id"`                   // ID
@@ -20,25 +40,27 @@ type HTTPCachePolicy struct {
 	Description          string   `field:"description"`          // 描述
 	Refs                 dbs.JSON `field:"refs"`                 // 默认的缓存设置
 	SyncCompressionCache uint8    `field:"syncCompressionCache"` // 是否同步写入压缩缓存
+	FetchTimeout         dbs.JSON `field:"fetchTimeout"`         // 预热超时时间
 }
 
 type HTTPCachePolicyOperator struct {
-	Id                   interface{} // ID
-	AdminId              interface{} // 管理员ID
-	UserId               interface{} // 用户ID
-	TemplateId           interface{} // 模版ID
-	IsOn                 interface{} // 是否启用
-	Name                 interface{} // 名称
-	Capacity             interface{} // 容量数据
-	MaxKeys              interface{} // 最多Key值
-	MaxSize              interface{} // 最大缓存内容尺寸
-	Type                 interface{} // 存储类型
-	Options              interface{} // 存储选项
-	CreatedAt            interface{} // 创建时间
-	State                interface{} // 状态
-	Description          interface{} // 描述
-	Refs                 interface{} // 默认的缓存设置
-	SyncCompressionCache interface{} // 是否同步写入压缩缓存
+	Id                   any // ID
+	AdminId              any // 管理员ID
+	UserId               any // 用户ID
+	TemplateId           any // 模版ID
+	IsOn                 any // 是否启用
+	Name                 any // 名称
+	Capacity             any // 容量数据
+	MaxKeys              any // 最多Key值
+	MaxSize              any // 最大缓存内容尺寸
+	Type                 any // 存储类型
+	Options              any // 存储选项
+	CreatedAt            any // 创建时间
+	State                any // 状态
+	Description          any // 描述
+	Refs                 any // 默认的缓存设置
+	SyncCompressionCache any // 是否同步写入压缩缓存
+	FetchTimeout         any // 预热超时时间
 }
 
 func NewHTTPCachePolicyOperator() *HTTPCachePolicyOperator {

internal/db/models/http_firewall_policy_dao.go

@@ -172,16 +172,18 @@ func (this *HTTPFirewallPolicyDAO) CreateDefaultFirewallPolicy(tx *dbs.Tx, name
 	// 初始化
 	var groupCodes = []string{}
 
-	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
+	var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
 	for _, group := range templatePolicy.AllRuleGroups() {
-		groupCodes = append(groupCodes, group.Code)
+		if group.IsOn {
+			groupCodes = append(groupCodes, group.Code)
+		}
 	}
 
 	var inboundConfig = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
 	var outboundConfig = &firewallconfigs.HTTPFirewallOutboundConfig{IsOn: true}
 	if templatePolicy.Inbound != nil {
 		for _, group := range templatePolicy.Inbound.Groups {
-			isOn := lists.ContainsString(groupCodes, group.Code)
+			var isOn = lists.ContainsString(groupCodes, group.Code)
 			group.IsOn = isOn
 
 			groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
@@ -196,7 +198,7 @@ func (this *HTTPFirewallPolicyDAO) CreateDefaultFirewallPolicy(tx *dbs.Tx, name
 	}
 	if templatePolicy.Outbound != nil {
 		for _, group := range templatePolicy.Outbound.Groups {
-			isOn := lists.ContainsString(groupCodes, group.Code)
+			var isOn = lists.ContainsString(groupCodes, group.Code)
 			group.IsOn = isOn
 
 			groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
@@ -290,7 +292,10 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	mode firewallconfigs.FirewallMode,
 	useLocalFirewall bool,
 	synFloodConfig *firewallconfigs.SYNFloodConfig,
-	logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig) error {
+	logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig,
+	maxRequestBodySize int64,
+	denyCountryHTML string,
+	denyProvinceHTML string) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -338,6 +343,10 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	}
 
 	op.UseLocalFirewall = useLocalFirewall
+	op.MaxRequestBodySize = maxRequestBodySize
+	op.DenyCountryHTML = denyCountryHTML
+	op.DenyProvinceHTML = denyProvinceHTML
+
 	err := this.Save(tx, op)
 	if err != nil {
 		return err
@@ -390,7 +399,7 @@ func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx *dbs.Tx, clust
 }
 
 // ComposeFirewallPolicy 组合策略配置
-func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId int64, cacheMap *utils.CacheMap) (*firewallconfigs.HTTPFirewallPolicy, error) {
+func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId int64, forNode bool, cacheMap *utils.CacheMap) (*firewallconfigs.HTTPFirewallPolicy, error) {
 	if cacheMap == nil {
 		cacheMap = utils.NewCacheMap()
 	}
@@ -414,6 +423,9 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 	config.Name = policy.Name
 	config.Description = policy.Description
 	config.UseLocalFirewall = policy.UseLocalFirewall == 1
+	config.MaxRequestBodySize = int64(policy.MaxRequestBodySize)
+	config.DenyCountryHTML = policy.DenyCountryHTML
+	config.DenyProvinceHTML = policy.DenyProvinceHTML
 
 	if len(policy.Mode) == 0 {
 		policy.Mode = firewallconfigs.FirewallModeDefend
@@ -421,18 +433,18 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 	config.Mode = policy.Mode
 
 	// Inbound
-	inbound := &firewallconfigs.HTTPFirewallInboundConfig{}
+	var inbound = &firewallconfigs.HTTPFirewallInboundConfig{}
 	if IsNotNull(policy.Inbound) {
 		err = json.Unmarshal(policy.Inbound, inbound)
 		if err != nil {
 			return nil, err
 		}
 		if len(inbound.GroupRefs) > 0 {
-			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
-			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+			var resultGroupRefs = []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+			var resultGroups = []*firewallconfigs.HTTPFirewallRuleGroup{}
 
 			for _, groupRef := range inbound.GroupRefs {
-				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)
+				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId, forNode)
 				if err != nil {
 					return nil, err
 				}
@@ -449,18 +461,18 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 	config.Inbound = inbound
 
 	// Outbound
-	outbound := &firewallconfigs.HTTPFirewallOutboundConfig{}
+	var outbound = &firewallconfigs.HTTPFirewallOutboundConfig{}
 	if IsNotNull(policy.Outbound) {
 		err = json.Unmarshal(policy.Outbound, outbound)
 		if err != nil {
 			return nil, err
 		}
 		if len(outbound.GroupRefs) > 0 {
-			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
-			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+			var resultGroupRefs = []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+			var resultGroups = []*firewallconfigs.HTTPFirewallRuleGroup{}
 
 			for _, groupRef := range outbound.GroupRefs {
-				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)
+				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId, forNode)
 				if err != nil {
 					return nil, err
 				}

internal/db/models/http_firewall_policy_model.go

@@ -2,49 +2,80 @@ package models
 
 import "github.com/iwind/TeaGo/dbs"
 
+const (
+	HTTPFirewallPolicyField_Id                 dbs.FieldName = "id"                 // ID
+	HTTPFirewallPolicyField_TemplateId         dbs.FieldName = "templateId"         // 模版ID
+	HTTPFirewallPolicyField_AdminId            dbs.FieldName = "adminId"            // 管理员ID
+	HTTPFirewallPolicyField_UserId             dbs.FieldName = "userId"             // 用户ID
+	HTTPFirewallPolicyField_ServerId           dbs.FieldName = "serverId"           // 服务ID
+	HTTPFirewallPolicyField_GroupId            dbs.FieldName = "groupId"            // 服务分组ID
+	HTTPFirewallPolicyField_State              dbs.FieldName = "state"              // 状态
+	HTTPFirewallPolicyField_CreatedAt          dbs.FieldName = "createdAt"          // 创建时间
+	HTTPFirewallPolicyField_IsOn               dbs.FieldName = "isOn"               // 是否启用
+	HTTPFirewallPolicyField_Name               dbs.FieldName = "name"               // 名称
+	HTTPFirewallPolicyField_Description        dbs.FieldName = "description"        // 描述
+	HTTPFirewallPolicyField_Inbound            dbs.FieldName = "inbound"            // 入站规则
+	HTTPFirewallPolicyField_Outbound           dbs.FieldName = "outbound"           // 出站规则
+	HTTPFirewallPolicyField_BlockOptions       dbs.FieldName = "blockOptions"       // BLOCK选项
+	HTTPFirewallPolicyField_CaptchaOptions     dbs.FieldName = "captchaOptions"     // 验证码选项
+	HTTPFirewallPolicyField_Mode               dbs.FieldName = "mode"               // 模式
+	HTTPFirewallPolicyField_UseLocalFirewall   dbs.FieldName = "useLocalFirewall"   // 是否自动使用本地防火墙
+	HTTPFirewallPolicyField_SynFlood           dbs.FieldName = "synFlood"           // SynFlood防御设置
+	HTTPFirewallPolicyField_Log                dbs.FieldName = "log"                // 日志配置
+	HTTPFirewallPolicyField_MaxRequestBodySize dbs.FieldName = "maxRequestBodySize" // 可以检查的最大请求内容尺寸
+	HTTPFirewallPolicyField_DenyCountryHTML    dbs.FieldName = "denyCountryHTML"    // 区域封禁提示
+	HTTPFirewallPolicyField_DenyProvinceHTML   dbs.FieldName = "denyProvinceHTML"   // 省份封禁提示
+)
+
 // HTTPFirewallPolicy HTTP防火墙
 type HTTPFirewallPolicy struct {
-	Id               uint32   `field:"id"`               // ID
-	TemplateId       uint32   `field:"templateId"`       // 模版ID
-	AdminId          uint32   `field:"adminId"`          // 管理员ID
-	UserId           uint32   `field:"userId"`           // 用户ID
-	ServerId         uint32   `field:"serverId"`         // 服务ID
-	GroupId          uint32   `field:"groupId"`          // 服务分组ID
-	State            uint8    `field:"state"`            // 状态
-	CreatedAt        uint64   `field:"createdAt"`        // 创建时间
-	IsOn             bool     `field:"isOn"`             // 是否启用
-	Name             string   `field:"name"`             // 名称
-	Description      string   `field:"description"`      // 描述
-	Inbound          dbs.JSON `field:"inbound"`          // 入站规则
-	Outbound         dbs.JSON `field:"outbound"`         // 出站规则
-	BlockOptions     dbs.JSON `field:"blockOptions"`     // BLOCK选项
-	CaptchaOptions   dbs.JSON `field:"captchaOptions"`   // 验证码选项
-	Mode             string   `field:"mode"`             // 模式
-	UseLocalFirewall uint8    `field:"useLocalFirewall"` // 是否自动使用本地防火墙
-	SynFlood         dbs.JSON `field:"synFlood"`         // SynFlood防御设置
-	Log              dbs.JSON `field:"log"`              // 日志配置
+	Id                 uint32   `field:"id"`                 // ID
+	TemplateId         uint32   `field:"templateId"`         // 模版ID
+	AdminId            uint32   `field:"adminId"`            // 管理员ID
+	UserId             uint32   `field:"userId"`             // 用户ID
+	ServerId           uint32   `field:"serverId"`           // 服务ID
+	GroupId            uint32   `field:"groupId"`            // 服务分组ID
+	State              uint8    `field:"state"`              // 状态
+	CreatedAt          uint64   `field:"createdAt"`          // 创建时间
+	IsOn               bool     `field:"isOn"`               // 是否启用
+	Name               string   `field:"name"`               // 名称
+	Description        string   `field:"description"`        // 描述
+	Inbound            dbs.JSON `field:"inbound"`            // 入站规则
+	Outbound           dbs.JSON `field:"outbound"`           // 出站规则
+	BlockOptions       dbs.JSON `field:"blockOptions"`       // BLOCK选项
+	CaptchaOptions     dbs.JSON `field:"captchaOptions"`     // 验证码选项
+	Mode               string   `field:"mode"`               // 模式
+	UseLocalFirewall   uint8    `field:"useLocalFirewall"`   // 是否自动使用本地防火墙
+	SynFlood           dbs.JSON `field:"synFlood"`           // SynFlood防御设置
+	Log                dbs.JSON `field:"log"`                // 日志配置
+	MaxRequestBodySize uint32   `field:"maxRequestBodySize"` // 可以检查的最大请求内容尺寸
+	DenyCountryHTML    string   `field:"denyCountryHTML"`    // 区域封禁提示
+	DenyProvinceHTML   string   `field:"denyProvinceHTML"`   // 省份封禁提示
 }
 
 type HTTPFirewallPolicyOperator struct {
-	Id               interface{} // ID
-	TemplateId       interface{} // 模版ID
-	AdminId          interface{} // 管理员ID
-	UserId           interface{} // 用户ID
-	ServerId         interface{} // 服务ID
-	GroupId          interface{} // 服务分组ID
-	State            interface{} // 状态
-	CreatedAt        interface{} // 创建时间
-	IsOn             interface{} // 是否启用
-	Name             interface{} // 名称
-	Description      interface{} // 描述
-	Inbound          interface{} // 入站规则
-	Outbound         interface{} // 出站规则
-	BlockOptions     interface{} // BLOCK选项
-	CaptchaOptions   interface{} // 验证码选项
-	Mode             interface{} // 模式
-	UseLocalFirewall interface{} // 是否自动使用本地防火墙
-	SynFlood         interface{} // SynFlood防御设置
-	Log              interface{} // 日志配置
+	Id                 any // ID
+	TemplateId         any // 模版ID
+	AdminId            any // 管理员ID
+	UserId             any // 用户ID
+	ServerId           any // 服务ID
+	GroupId            any // 服务分组ID
+	State              any // 状态
+	CreatedAt          any // 创建时间
+	IsOn               any // 是否启用
+	Name               any // 名称
+	Description        any // 描述
+	Inbound            any // 入站规则
+	Outbound           any // 出站规则
+	BlockOptions       any // BLOCK选项
+	CaptchaOptions     any // 验证码选项
+	Mode               any // 模式
+	UseLocalFirewall   any // 是否自动使用本地防火墙
+	SynFlood           any // SynFlood防御设置
+	Log                any // 日志配置
+	MaxRequestBodySize any // 可以检查的最大请求内容尺寸
+	DenyCountryHTML    any // 区域封禁提示
+	DenyProvinceHTML   any // 省份封禁提示
 }
 
 func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator {

internal/db/models/http_firewall_rule_group_dao.go

@@ -81,7 +81,7 @@ func (this *HTTPFirewallRuleGroupDAO) FindHTTPFirewallRuleGroupName(tx *dbs.Tx,
 }
 
 // ComposeFirewallRuleGroup 组合配置
-func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, groupId int64) (*firewallconfigs.HTTPFirewallRuleGroup, error) {
+func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, groupId int64, forNode bool) (*firewallconfigs.HTTPFirewallRuleGroup, error) {
 	group, err := this.FindEnabledHTTPFirewallRuleGroup(tx, groupId)
 	if err != nil {
 		return nil, err
@@ -89,7 +89,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
 	if group == nil {
 		return nil, nil
 	}
-	config := &firewallconfigs.HTTPFirewallRuleGroup{}
+	var config = &firewallconfigs.HTTPFirewallRuleGroup{}
 	config.Id = int64(group.Id)
 	config.IsOn = group.IsOn
 	config.Name = group.Name
@@ -98,7 +98,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
 	config.IsTemplate = group.IsTemplate
 
 	if IsNotNull(group.Sets) {
-		setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
+		var setRefs = []*firewallconfigs.HTTPFirewallRuleSetRef{}
 		err = json.Unmarshal(group.Sets, &setRefs)
 		if err != nil {
 			return nil, err
@@ -108,7 +108,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
 			if err != nil {
 				return nil, err
 			}
-			if setConfig != nil {
+			if setConfig != nil && (!forNode || setConfig.IsOn) {
 				config.SetRefs = append(config.SetRefs, setRef)
 				config.Sets = append(config.Sets, setConfig)
 			}

internal/db/models/http_web_dao.go

@@ -101,7 +101,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, isLocationOrGr
 
 	// root
 	if IsNotNull(web.Root) {
-		var rootConfig = &serverconfigs.HTTPRootConfig{}
+		var rootConfig = serverconfigs.NewHTTPRootConfig()
 		err = json.Unmarshal(web.Root, rootConfig)
 		if err != nil {
 			return nil, err
@@ -301,7 +301,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, isLocationOrGr
 
 			// 自定义防火墙设置
 			if firewallRef.FirewallPolicyId > 0 {
-				firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, firewallRef.FirewallPolicyId, cacheMap)
+				firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, firewallRef.FirewallPolicyId, forNode, cacheMap)
 				if err != nil {
 					return nil, err
 				}
@@ -519,6 +519,14 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, isLocationOrGr
 		}
 		if this.shouldCompose(isLocationOrGroup, forNode, ccConfig.IsPrior, ccConfig.IsOn) {
 			config.CC = ccConfig
+
+			if forNode {
+				for index, threshold := range ccConfig.Thresholds {
+					if index < len(serverconfigs.DefaultHTTPCCThresholds) {
+						threshold.MergeIfEmpty(serverconfigs.DefaultHTTPCCThresholds[index])
+					}
+				}
+			}
 		}
 	}
 

internal/db/models/ip_item_dao.go

@@ -14,6 +14,7 @@ import (
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/types"
 	"math"
+	"net"
 	"time"
 )
 
@@ -498,7 +499,11 @@ func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, ke
 		}
 	}
 	if len(keyword) > 0 {
-		query.Like("ipFrom", dbutils.QuoteLike(keyword))
+		if net.ParseIP(keyword) != nil { // 是一个IP地址
+			query.Attr("ipFrom", keyword)
+		} else {
+			query.Like("ipFrom", dbutils.QuoteLike(keyword))
+		}
 	}
 	if len(ip) > 0 {
 		query.Attr("ipFrom", ip)
@@ -540,7 +545,11 @@ func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, key
 		}
 	}
 	if len(keyword) > 0 {
-		query.Like("ipFrom", dbutils.QuoteLike(keyword))
+		if net.ParseIP(keyword) != nil { // 是一个IP地址
+			query.Attr("ipFrom", keyword)
+		} else {
+			query.Like("ipFrom", dbutils.QuoteLike(keyword))
+		}
 	}
 	if len(ip) > 0 {
 		query.Attr("ipFrom", ip)
@@ -665,6 +674,9 @@ func (this *IPItemDAO) NotifyUpdate(tx *dbs.Tx, itemId int64) error {
 			}
 		} else {
 			clusterIds, err := SharedNodeClusterDAO.FindAllEnabledNodeClusterIds(tx)
+			if err != nil {
+				return err
+			}
 			for _, clusterId := range clusterIds {
 				err = SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, 0, NodeTaskTypeIPItemChanged)
 				if err != nil {

internal/db/models/ip_library_file_dao.go

@@ -3,6 +3,7 @@ package models
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/regions"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
@@ -299,7 +300,7 @@ func (this *IPLibraryFileDAO) GenerateIPLibrary(tx *dbs.Tx, libraryFileId int64)
 	var libraryFile = one.(*IPLibraryFile)
 	template, err := iplibrary.NewTemplate(libraryFile.Template)
 	if err != nil {
-		return errors.New("create template from '" + libraryFile.Template + "' failed: " + err.Error())
+		return fmt.Errorf("create template from '%s' failed: %w", libraryFile.Template, err)
 	}
 
 	var fileId = int64(libraryFile.FileId)
@@ -314,17 +315,17 @@ func (this *IPLibraryFileDAO) GenerateIPLibrary(tx *dbs.Tx, libraryFileId int64)
 		if os.IsNotExist(err) {
 			err = os.Mkdir(dir, 0777)
 			if err != nil {
-				return errors.New("can not open dir '" + dir + "' to write: " + err.Error())
+				return fmt.Errorf("can not open dir '%s' to write: %w", dir, err)
 			}
 		} else {
-			return errors.New("can not open dir '" + dir + "' to write: " + err.Error())
+			return fmt.Errorf("can not open dir '%s' to write: %w", dir, err)
 		}
 	} else if !stat.IsDir() {
 		_ = os.Remove(dir)
 
 		err = os.Mkdir(dir, 0777)
 		if err != nil {
-			return errors.New("can not open dir '" + dir + "' to write: " + err.Error())
+			return fmt.Errorf("can not open dir '%s' to write: %w", dir, err)
 		}
 	}
 
@@ -428,7 +429,7 @@ func (this *IPLibraryFileDAO) GenerateIPLibrary(tx *dbs.Tx, libraryFileId int64)
 
 	err = writer.WriteMeta()
 	if err != nil {
-		return errors.New("write meta failed: " + err.Error())
+		return fmt.Errorf("write meta failed: %w", err)
 	}
 
 	chunkIds, err := SharedFileChunkDAO.FindAllFileChunkIds(tx, fileId)
@@ -503,7 +504,7 @@ func (this *IPLibraryFileDAO) GenerateIPLibrary(tx *dbs.Tx, libraryFileId int64)
 
 			err = writer.Write(ipFrom, ipTo, countryId, provinceId, cityId, townId, providerId)
 			if err != nil {
-				return errors.New("write failed: " + err.Error())
+				return fmt.Errorf("write failed: %w", err)
 			}
 
 			return nil
@@ -536,7 +537,7 @@ func (this *IPLibraryFileDAO) GenerateIPLibrary(tx *dbs.Tx, libraryFileId int64)
 	// 将生成的内容写入到文件
 	stat, err = os.Stat(filePath)
 	if err != nil {
-		return errors.New("stat generated file failed: " + err.Error())
+		return fmt.Errorf("stat generated file failed: %w", err)
 	}
 	generatedFileId, err := SharedFileDAO.CreateFile(tx, 0, 0, "ipLibraryFile", "", libraryCode+".db", stat.Size(), "", false)
 	if err != nil {
@@ -545,7 +546,7 @@ func (this *IPLibraryFileDAO) GenerateIPLibrary(tx *dbs.Tx, libraryFileId int64)
 
 	fp, err := os.Open(filePath)
 	if err != nil {
-		return errors.New("open generated file failed: " + err.Error())
+		return fmt.Errorf("open generated file failed: %w", err)
 	}
 	var buf = make([]byte, 256*1024)
 	for {

internal/db/models/node_cluster_dao.go

@@ -647,10 +647,10 @@ func (this *NodeClusterDAO) FindClusterTOAConfig(tx *dbs.Tx, clusterId int64, ca
 		return nil, err
 	}
 	if !IsNotNull([]byte(toa)) {
-		return nodeconfigs.DefaultTOAConfig(), nil
+		return nodeconfigs.NewTOAConfig(), nil
 	}
 
-	config := &nodeconfigs.TOAConfig{}
+	var config = nodeconfigs.NewTOAConfig()
 	err = json.Unmarshal([]byte(toa), config)
 	if err != nil {
 		return nil, err
@@ -675,7 +675,7 @@ func (this *NodeClusterDAO) UpdateClusterTOA(tx *dbs.Tx, clusterId int64, toaJSO
 	if err != nil {
 		return err
 	}
-	return this.NotifyUpdate(tx, clusterId)
+	return this.NotifyTOAUpdate(tx, clusterId)
 }
 
 // CountAllEnabledNodeClustersWithHTTPCachePolicyId 计算使用某个缓存策略的集群数量
@@ -1454,12 +1454,13 @@ func (this *NodeClusterDAO) NotifyHTTPPagesPolicyUpdate(tx *dbs.Tx, clusterId in
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, 0, NodeTaskTypeHTTPPagesPolicyChanged)
 }
 
+// NotifyTOAUpdate 通知TOA变化
+func (this *NodeClusterDAO) NotifyTOAUpdate(tx *dbs.Tx, clusterId int64) error {
+	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, 0, NodeTaskTypeTOAChanged)
+}
+
 // NotifyDNSUpdate 通知DNS更新
 // TODO 更新新的DNS解析记录的同时，需要删除老的DNS解析记录
 func (this *NodeClusterDAO) NotifyDNSUpdate(tx *dbs.Tx, clusterId int64) error {
-	err := dns.SharedDNSTaskDAO.CreateClusterTask(tx, clusterId, dns.DNSTaskTypeClusterChange)
-	if err != nil {
-		return err
-	}
-	return nil
+	return dns.SharedDNSTaskDAO.CreateClusterTask(tx, clusterId, dns.DNSTaskTypeClusterChange)
 }

internal/db/models/node_dao.go

@@ -1039,9 +1039,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 		if err != nil {
 			return nil, err
 		}
-		for _, clusterServer := range clusterServers {
-			servers = append(servers, clusterServer)
-		}
+		servers = append(servers, clusterServers...)
 	}
 
 	for _, server := range servers {
@@ -1063,7 +1061,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 	// TODO 根据用户的不同读取不同的全局设置
 	var settingCacheKey = "SharedSysSettingDAO:" + systemconfigs.SettingCodeServerGlobalConfig
 	settingJSONCache, ok := cacheMap.Get(settingCacheKey)
-	var settingJSON = []byte{}
+	var settingJSON []byte
 	if ok {
 		settingJSON = settingJSONCache.([]byte)
 	} else {
@@ -1089,6 +1087,9 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 	config.HTTPCCPolicies = map[int64]*nodeconfigs.HTTPCCPolicy{}
 	config.HTTP3Policies = map[int64]*nodeconfigs.HTTP3Policy{}
 	config.HTTPPagesPolicies = map[int64]*nodeconfigs.HTTPPagesPolicy{}
+
+	var cachePolicyIds = []int64{}
+
 	var allowIPMaps = map[string]bool{}
 	for _, clusterId := range clusterIds {
 		nodeCluster, err := SharedNodeClusterDAO.FindClusterBasicInfo(tx, clusterId, cacheMap)
@@ -1116,7 +1117,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 		// 防火墙
 		var httpFirewallPolicyId = int64(nodeCluster.HttpFirewallPolicyId)
 		if httpFirewallPolicyId > 0 {
-			firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, httpFirewallPolicyId, cacheMap)
+			firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, httpFirewallPolicyId, true, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -1128,12 +1129,15 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 		// 缓存策略
 		var httpCachePolicyId = int64(nodeCluster.CachePolicyId)
 		if httpCachePolicyId > 0 {
-			cachePolicy, err := SharedHTTPCachePolicyDAO.ComposeCachePolicy(tx, httpCachePolicyId, cacheMap)
-			if err != nil {
-				return nil, err
-			}
-			if cachePolicy != nil {
-				config.HTTPCachePolicies = append(config.HTTPCachePolicies, cachePolicy)
+			if !lists.ContainsInt64(cachePolicyIds, httpCachePolicyId) {
+				cachePolicyIds = append(cachePolicyIds, httpCachePolicyId)
+				cachePolicy, err := SharedHTTPCachePolicyDAO.ComposeCachePolicy(tx, httpCachePolicyId, cacheMap)
+				if err != nil {
+					return nil, err
+				}
+				if cachePolicy != nil {
+					config.HTTPCachePolicies = append(config.HTTPCachePolicies, cachePolicy)
+				}
 			}
 		}
 
@@ -2118,7 +2122,7 @@ func (this *NodeDAO) FindParentNodeConfigs(tx *dbs.Tx, nodeId int64, groupId int
 			var secretHash = fmt.Sprintf("%x", sha256.Sum256([]byte(node.UniqueId+"@"+node.Secret)))
 
 			for _, clusterId := range node.AllClusterIds() {
-				parentNodeConfigs, _ := result[clusterId]
+				var parentNodeConfigs = result[clusterId]
 				parentNodeConfigs = append(parentNodeConfigs, &nodeconfigs.ParentNodeConfig{
 					Id:         int64(node.Id),
 					Addrs:      addrStrings,

internal/db/models/node_model_ext.go

@@ -70,8 +70,7 @@ func (this *Node) DNSRouteCodesForDomainId(dnsDomainId int64) ([]string, error)
 	if err != nil {
 		return nil, err
 	}
-	domainRoutes, _ := routes[dnsDomainId]
-
+	var domainRoutes = routes[dnsDomainId]
 	if len(domainRoutes) > 0 {
 		sort.Strings(domainRoutes)
 	}

internal/db/models/node_task_dao.go

@@ -29,6 +29,7 @@ const (
 	NodeTaskTypeHTTPCCPolicyChanged       NodeTaskType = "httpCCPolicyChanged"       // CC策略变化
 	NodeTaskTypeHTTP3PolicyChanged        NodeTaskType = "http3PolicyChanged"        // HTTP3策略变化
 	NodeTaskTypeUpdatingServers           NodeTaskType = "updatingServers"           // 更新一组服务
+	NodeTaskTypeTOAChanged                NodeTaskType = "toaChanged"                // TOA配置变化
 
 	// NS相关
 
@@ -234,7 +235,7 @@ func (this *NodeTaskDAO) DeleteNodeTasks(tx *dbs.Tx, role string, nodeId int64)
 }
 
 // DeleteAllNodeTasks 删除所有节点相关任务
-func (this *NodeTaskDAO)DeleteAllNodeTasks(tx *dbs.Tx) error {
+func (this *NodeTaskDAO) DeleteAllNodeTasks(tx *dbs.Tx) error {
 	return this.Query(tx).
 		DeleteQuickly()
 }

internal/db/models/regions/region_country_dao.go

@@ -127,6 +127,9 @@ func (this *RegionCountryDAO) CreateCountry(tx *dbs.Tx, name string, dataId stri
 		pinyinResult = append(pinyinResult, strings.Join(piece, " "))
 	}
 	pinyinJSON, err := json.Marshal([]string{strings.Join(pinyinResult, " ")})
+	if err != nil {
+		return 0, err
+	}
 	op.Pinyin = pinyinJSON
 
 	codes := []string{name}

internal/db/models/server_bandwidth_stat_dao.go

@@ -844,6 +844,11 @@ func (this *ServerBandwidthStatDAO) fixServerStats(stats []*ServerBandwidthStat,
 // HasFullData 检查一个月是否完整数据
 // 是为了兼容以前数据，以前的表中没有缓存流量、请求数等字段
 func (this *ServerBandwidthStatDAO) HasFullData(tx *dbs.Tx, serverId int64, month string) (bool, error) {
+	// 最迟在2024年完成过渡
+	if time.Now().Year() >= 2024 {
+		return true, nil
+	}
+
 	var monthKey = month + "@" + types.String(serverId)
 
 	if !regexputils.YYYYMM.MatchString(month) {

internal/db/models/server_model_ext.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
@@ -78,7 +79,7 @@ func (this *Server) DecodeHTTPSPorts() (ports []int) {
 		if err != nil {
 			return nil
 		}
-		err = config.Init(nil)
+		err = config.Init(context.TODO())
 		if err != nil {
 			return nil
 		}
@@ -120,7 +121,7 @@ func (this *Server) DecodeTLSPorts() (ports []int) {
 		if err != nil {
 			return nil
 		}
-		err = config.Init(nil)
+		err = config.Init(context.TODO())
 		if err != nil {
 			return nil
 		}

internal/db/models/ssl_cert_dao.go

@@ -701,7 +701,7 @@ func (this *SSLCertDAO) buildDomainSearchingQuery(query *dbs.Query, domains []st
 	}
 
 	// 检测 JSON_OVERLAPS() 函数是否可用
-	var canJSONOverlaps = false
+	var canJSONOverlaps bool
 	_, funcErr := this.Instance.FindCol(0, "SELECT JSON_OVERLAPS('[1]', '[1]')")
 	canJSONOverlaps = funcErr == nil
 	if canJSONOverlaps {

internal/db/models/stats/server_domain_hourly_stat_dao_test.go

@@ -70,7 +70,7 @@ func TestServerDomainHourlyStatDAO_FindTopDomainStats(t *testing.T) {
 
 func TestServerDomainHourlyStatDAO_Clean(t *testing.T) {
 	var dao = NewServerDomainHourlyStatDAO()
-	err := dao.Clean(nil, 10)
+	err := dao.CleanDays(nil, 10)
 	if err != nil {
 		t.Fatal(err)
 	}

internal/db/models/sys_locker_dao.go

@@ -2,7 +2,6 @@ package models
 
 import (
 	"errors"
-	"github.com/TeaOSLab/EdgeAPI/internal/zero"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -14,10 +13,6 @@ import (
 
 type SysLockerDAO dbs.DAO
 
-// concurrent transactions control
-// 考虑到存在多个API节点的可能性，容量不能太大，也不能使用mutex
-var sysLockerConcurrentLimiter = make(chan zero.Zero, 8)
-
 func NewSysLockerDAO() *SysLockerDAO {
 	return dbs.NewDAO(&SysLockerDAO{
 		DAOObject: dbs.DAOObject{
@@ -71,7 +66,7 @@ func (this *SysLockerDAO) Lock(tx *dbs.Tx, key string, timeout int64) (ok bool,
 		}
 
 		// 如果已经有锁
-		locker := one.(*SysLocker)
+		var locker = one.(*SysLocker)
 		if time.Now().Unix() <= int64(locker.TimeoutAt) {
 			return false, nil
 		}
@@ -102,7 +97,7 @@ func (this *SysLockerDAO) Lock(tx *dbs.Tx, key string, timeout int64) (ok bool,
 			}
 			continue
 		}
-		if types.Int64(version) != int64(locker.Version)+1 {
+		if types.Int64(version) > int64(locker.Version)+1 {
 			return false, nil
 		}
 
@@ -119,6 +114,10 @@ func (this *SysLockerDAO) Unlock(tx *dbs.Tx, key string) error {
 	return err
 }
 
+const sysLockerStep = 8
+
+var increment = NewSysLockerIncrement(sysLockerStep)
+
 // Increase 增加版本号
 func (this *SysLockerDAO) Increase(tx *dbs.Tx, key string, defaultValue int64) (int64, error) {
 	// validate key
@@ -130,10 +129,22 @@ func (this *SysLockerDAO) Increase(tx *dbs.Tx, key string, defaultValue int64) (
 		var result int64
 		var err error
 
-		sysLockerConcurrentLimiter <- zero.Zero{} // push
-		defer func() {
-			<-sysLockerConcurrentLimiter // pop
-		}()
+		{
+			colValue, err := this.Query(tx).
+				Result("version").
+				Attr("key", key).
+				FindInt64Col(0)
+			if err != nil {
+				return 0, err
+			}
+			var lastVersion = types.Int64(colValue)
+			if lastVersion <= increment.MaxValue(key) {
+				value, ok := increment.Pop(key)
+				if ok {
+					return value, nil
+				}
+			}
+		}
 
 		err = this.Instance.RunTx(func(tx *dbs.Tx) error {
 			result, err = this.Increase(tx, key, defaultValue)
@@ -146,16 +157,20 @@ func (this *SysLockerDAO) Increase(tx *dbs.Tx, key string, defaultValue int64) (
 	}
 
 	// combine statements to make increasing faster
-	colValue, err := tx.FindCol(0, "INSERT INTO `"+this.Table+"` (`key`, `version`) VALUES ('"+key+"', "+types.String(defaultValue)+") ON DUPLICATE KEY UPDATE `version`=`version`+1; SELECT `version` FROM `"+this.Table+"` WHERE `key`='"+key+"'")
+	colValue, err := tx.FindCol(0, "INSERT INTO `"+this.Table+"` (`key`, `version`) VALUES ('"+key+"', "+types.String(defaultValue+sysLockerStep)+") ON DUPLICATE KEY UPDATE `version`=`version`+"+types.String(sysLockerStep)+"; SELECT `version` FROM `"+this.Table+"` WHERE `key`='"+key+"'")
 	if err != nil {
 		if CheckSQLErrCode(err, 1064 /** syntax error **/) {
-			// continue to use seperated query
+			// continue to use separated query
 			err = nil
 		} else {
 			return 0, err
 		}
 	} else {
-		return types.Int64(colValue), nil
+		var maxVersion = types.Int64(colValue)
+		var minVersion = maxVersion - sysLockerStep + 1
+		increment.Push(key, minVersion+1, maxVersion)
+
+		return minVersion, nil
 	}
 
 	err = this.Query(tx).

internal/db/models/sys_locker_dao_test.go

@@ -43,12 +43,54 @@ func TestSysLocker_Increase_SQL(t *testing.T) {
 	t.Log("after:", v)
 }
 
+func TestSysLocker_Increase_New_Key(t *testing.T) {
+	var key = "KEY" + types.String(time.Now().Unix())
+
+	var dao = NewSysLockerDAO()
+	value, err := dao.Read(nil, key)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("before:", value)
+	for i := 0; i < 2; i++ {
+		v, err := dao.Increase(nil, key, 0)
+		if err != nil {
+			t.Log("err:", err)
+			return
+		}
+		t.Log("after:", v)
+	}
+}
+
+func TestSysLocker_Increase_Cache(t *testing.T) {
+	var dao = NewSysLockerDAO()
+	for i := 0; i < 11; i++ {
+		v, err := dao.Increase(nil, "hello", 0)
+		if err != nil {
+			t.Log("err:", err)
+			return
+		}
+		t.Log("hello", i, "after:", v)
+	}
+
+	for i := 0; i < 11; i++ {
+		v, err := dao.Increase(nil, "hello2", 0)
+		if err != nil {
+			t.Log("err:", err)
+			return
+		}
+		t.Log("hello2", i, "after:", v)
+	}
+}
+
 func TestSysLocker_Increase(t *testing.T) {
 	dbs.NotifyReady()
 
+	var dao = NewSysLockerDAO()
+	dao.Instance.Raw().SetMaxOpenConns(64)
+
 	var count = 1000
 
-	var dao = NewSysLockerDAO()
 	value, err := dao.Read(nil, "hello")
 	if err != nil {
 		t.Fatal(err)
@@ -133,6 +175,8 @@ func TestSysLocker_Increase_Performance(t *testing.T) {
 
 func BenchmarkSysLockerDAO_Increase(b *testing.B) {
 	var dao = NewSysLockerDAO()
+	dao.Instance.Raw().SetMaxOpenConns(64)
+
 	_, _ = dao.Increase(nil, "hello", 0)
 
 	b.ResetTimer()

internal/db/models/sys_locker_increment.go

@@ -0,0 +1,110 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package models
+
+import (
+	"sync"
+)
+
+type SysLockerIncrementItem struct {
+	size     int
+	c        chan int64
+	maxValue int64
+}
+
+func NewSysLockerIncrementItem(size int) *SysLockerIncrementItem {
+	if size <= 0 {
+		size = 10
+	}
+
+	return &SysLockerIncrementItem{
+		size: size,
+		c:    make(chan int64, size),
+	}
+}
+
+func (this *SysLockerIncrementItem) Pop() (result int64, ok bool) {
+	select {
+	case v := <-this.c:
+		result = v
+		ok = true
+		return
+	default:
+		return
+	}
+}
+
+func (this *SysLockerIncrementItem) Push(value int64) {
+	if this.maxValue < value {
+		this.maxValue = value
+	}
+
+	select {
+	case this.c <- value:
+	default:
+	}
+}
+
+func (this *SysLockerIncrementItem) Reset() {
+	close(this.c)
+	this.c = make(chan int64, this.size)
+}
+
+func (this *SysLockerIncrementItem) MaxValue() int64 {
+	return this.maxValue
+}
+
+type SysLockerIncrement struct {
+	itemMap map[string]*SysLockerIncrementItem // key => item
+	size    int
+	locker  sync.RWMutex
+}
+
+func NewSysLockerIncrement(size int) *SysLockerIncrement {
+	if size <= 0 {
+		size = 10
+	}
+
+	return &SysLockerIncrement{
+		itemMap: map[string]*SysLockerIncrementItem{},
+		size:    size,
+	}
+}
+
+func (this *SysLockerIncrement) Pop(key string) (result int64, ok bool) {
+	this.locker.Lock()
+	defer this.locker.Unlock()
+
+	item, itemOk := this.itemMap[key]
+	if itemOk {
+		result, ok = item.Pop()
+	}
+	return
+}
+
+func (this *SysLockerIncrement) Push(key string, minValue int64, maxValue int64) {
+	this.locker.Lock()
+	defer this.locker.Unlock()
+
+	item, itemOk := this.itemMap[key]
+	if itemOk {
+		item.Reset()
+	} else {
+		item = NewSysLockerIncrementItem(this.size)
+		this.itemMap[key] = item
+	}
+	for i := minValue; i <= maxValue; i++ {
+		item.Push(i)
+	}
+}
+
+func (this *SysLockerIncrement) MaxValue(key string) int64 {
+	this.locker.RLock()
+	defer this.locker.RUnlock()
+
+	item, itemOk := this.itemMap[key]
+	if itemOk {
+		return item.MaxValue()
+	}
+	return 0
+}

internal/db/models/sys_locker_increment_test.go

@@ -0,0 +1,23 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package models_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"testing"
+)
+
+func TestNewSysLockerIncrement(t *testing.T) {
+	var increment = models.NewSysLockerIncrement(10)
+	increment.Push("key", 1, 10)
+	t.Log(increment.MaxValue("key"))
+	for i := 0; i < 11; i++ {
+		result, value := increment.Pop("key")
+		t.Log(i, "=>", result, value)
+	}
+
+	for i := 0; i < 11; i++ {
+		result, value := increment.Pop("key1")
+		t.Log(i, "=>", result, value)
+	}
+}

internal/db/models/user_bandwidth_stat_dao.go

@@ -522,16 +522,6 @@ func (this *UserBandwidthStatDAO) sumBytesField(useAvg bool) string {
 	return "SUM(bytes) AS bytes"
 }
 
-func (this *UserBandwidthStatDAO) fixUserStat(stat *UserBandwidthStat, useAvg bool) *UserBandwidthStat {
-	if stat == nil {
-		return nil
-	}
-	if useAvg {
-		stat.Bytes = stat.AvgBytes
-	}
-	return stat
-}
-
 // HasFullData 检查一个月是否完整数据
 // 是为了兼容以前数据，以前的表中没有缓存流量、请求数等字段
 func (this *UserBandwidthStatDAO) HasFullData(tx *dbs.Tx, userId int64, month string) (bool, error) {

internal/db/models/user_node_model_ext.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
@@ -36,7 +37,7 @@ func (this *UserNode) DecodeHTTPS(cacheMap *utils.CacheMap) (*serverconfigs.HTTP
 		return nil, err
 	}
 
-	err = config.Init(nil)
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}
@@ -54,7 +55,7 @@ func (this *UserNode) DecodeHTTPS(cacheMap *utils.CacheMap) (*serverconfigs.HTTP
 		}
 	}
 
-	err = config.Init(nil)
+	err = config.Init(context.TODO())
 	if err != nil {
 		return nil, err
 	}

internal/dnsclients/domain_records_cache.go

@@ -61,10 +61,7 @@ func (this *DomainRecordsCache) WriteDomainRecords(providerId int64, domain stri
 		return
 	}
 
-	var clonedRecords = []*dnstypes.Record{}
-	for _, record := range records {
-		clonedRecords = append(clonedRecords, record)
-	}
+	var clonedRecords = append([]*dnstypes.Record{}, records...)
 	this.domainRecordsMap[domain] = &recordList{
 		version:   version,
 		updatedAt: time.Now().Unix(),

internal/dnsclients/provider_base.go

@@ -1,9 +1,8 @@
 package dnsclients
 
 import (
-	"errors"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
-	"github.com/iwind/TeaGo/types"
 )
 
 type BaseProvider struct{}
@@ -18,11 +17,11 @@ func (this *BaseProvider) WrapError(err error, domain string, record *dnstypes.R
 		return err
 	}
 
-	var fullname = ""
+	var fullname string
 	if len(record.Name) == 0 {
 		fullname = domain
 	} else {
 		fullname = record.Name + "." + domain
 	}
-	return errors.New("record operation failed: '" + fullname + " " + record.Type + " " + record.Value + " " + types.String(record.TTL) + "': " + err.Error())
+	return fmt.Errorf("record operation failed: '%s %s %s %d': %w", fullname, record.Type, record.Value, record.TTL, err)
 }

internal/dnsclients/provider_cloud_flare.go

@@ -6,6 +6,7 @@ import (
 	"bytes"
 	"crypto/tls"
 	"encoding/json"
+	"fmt"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/cloudflare"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
@@ -337,7 +338,7 @@ func (this *CloudFlareProvider) doAPI(method string, apiPath string, args map[st
 
 	err = json.Unmarshal(data, respPtr)
 	if err != nil {
-		return errors.New("decode json failed: " + err.Error() + ", response text: " + string(data))
+		return fmt.Errorf("decode json failed: %w, response text: %s", err, string(data))
 	}
 
 	return nil

internal/dnsclients/provider_custom_http.go

@@ -201,7 +201,7 @@ func (this *CustomHTTPProvider) post(params maps.Map) (respData []byte, err erro
 	defer func() {
 		_ = resp.Body.Close()
 	}()
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return nil, errors.New("status should be 200, but got '" + strconv.Itoa(resp.StatusCode) + "'")
 	}
 	return io.ReadAll(resp.Body)

internal/dnsclients/provider_dnspod.go

@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnspod"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils"
@@ -380,7 +381,7 @@ func (this *DNSPodProvider) doAPI(path string, params map[string]string, respPtr
 
 	req, err := http.NewRequest(http.MethodPost, apiHost+path, strings.NewReader(query.Encode()))
 	if err != nil {
-		return errors.New("create request failed: " + err.Error())
+		return fmt.Errorf("create request failed: %w", err)
 	}
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.Header.Set("User-Agent", "GoEdge-Client/1.0.0 (iwind.liu@gmail.com)")

internal/dnsclients/provider_edge_dns_api.go

@@ -7,6 +7,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"errors"
+	"fmt"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/dnstypes"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients/edgeapi"
@@ -435,6 +436,11 @@ func (this *EdgeDNSAPIProvider) doAPI(path string, params map[string]any, respPt
 	if err != nil {
 		return err
 	}
+	defer func() {
+		if resp.Body != nil {
+			_ = resp.Body.Close()
+		}
+	}()
 
 	if resp.StatusCode != http.StatusOK {
 		return errors.New("invalid response status code '" + types.String(resp.StatusCode) + "'")
@@ -447,7 +453,7 @@ func (this *EdgeDNSAPIProvider) doAPI(path string, params map[string]any, respPt
 
 	err = json.Unmarshal(data, respPtr)
 	if err != nil {
-		return errors.New("decode response failed: " + err.Error() + ", JSON: " + string(data))
+		return fmt.Errorf("decode response failed: %w, JSON: %s", err, string(data))
 	}
 
 	if !respPtr.IsValid() {

internal/encrypt/method_aes_128_cfb_test.go

@@ -19,7 +19,6 @@ func TestAES128CFBMethod_Encrypt(t *testing.T) {
 	dst = dst[:len(src)]
 	t.Log("dst:", string(dst))
 
-	src = make([]byte, len(src))
 	src, err = method.Decrypt(dst)
 	if err != nil {
 		t.Fatal(err)
@@ -64,7 +63,6 @@ func TestAES128CFBMethod_Encrypt2(t *testing.T) {
 
 	for _, dst := range sources {
 		dst2 := append([]byte{}, dst...)
-		src2 := make([]byte, len(dst2))
 		src2, err := method.Decrypt(dst2)
 		if err != nil {
 			t.Fatal(err)

internal/errors/detailed_error.go

@@ -13,9 +13,9 @@ func (this *DetailedError) Code() string {
 	return this.code
 }
 
-func NewDetailedError(code string, error string) *DetailedError {
+func NewDetailedError(code string, errString string) *DetailedError {
 	return &DetailedError{
-		msg:  error,
+		msg:  errString,
 		code: code,
 	}
 }

internal/events/utils.go

@@ -10,7 +10,7 @@ func On(event string, callback func()) {
 	locker.Lock()
 	defer locker.Unlock()
 
-	callbacks, _ := eventsMap[event]
+	var callbacks = eventsMap[event]
 	callbacks = append(callbacks, callback)
 	eventsMap[event] = callbacks
 }
@@ -18,9 +18,9 @@ func On(event string, callback func()) {
 // Notify 通知事件
 func Notify(event string) {
 	locker.Lock()
-	callbacks, _ := eventsMap[event]
+	var callbacks = eventsMap[event]
 	locker.Unlock()
-	
+
 	for _, callback := range callbacks {
 		callback()
 	}

internal/installers/installer_base.go

@@ -2,6 +2,7 @@ package installers
 
 import (
 	"errors"
+	"fmt"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/iwind/TeaGo/Tea"
@@ -67,7 +68,7 @@ func (this *BaseInstaller) Login(credentials *Credentials) error {
 			signer, err = ssh.ParsePrivateKey([]byte(credentials.PrivateKey))
 		}
 		if err != nil {
-			return errors.New("parse private key: " + err.Error())
+			return fmt.Errorf("parse private key: %w", err)
 		}
 		authMethod := ssh.PublicKeys(signer)
 		methods = append(methods, authMethod)
@@ -149,8 +150,8 @@ func (this *BaseInstaller) LookupLatestInstaller(filePrefix string) (string, err
 func (this *BaseInstaller) InstallHelper(targetDir string, role nodeconfigs.NodeRole) (env *Env, err error) {
 	var uname = this.uname()
 
-	var osName = ""
-	var archName = ""
+	var osName string
+	var archName string
 	if strings.Contains(uname, "Darwin") {
 		osName = "darwin"
 	} else if strings.Contains(uname, "Linux") {

internal/installers/installer_node.go

@@ -3,6 +3,7 @@ package installers
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"os"
@@ -24,7 +25,7 @@ func (this *NodeInstaller) Install(dir string, params interface{}, installStatus
 	}
 	err := nodeParams.Validate()
 	if err != nil {
-		return errors.New("params validation: " + err.Error())
+		return fmt.Errorf("params validation: %w", err)
 	}
 
 	// 检查目标目录是否存在
@@ -33,7 +34,7 @@ func (this *NodeInstaller) Install(dir string, params interface{}, installStatus
 		err = this.client.MkdirAll(dir)
 		if err != nil {
 			installStatus.ErrorCode = "CREATE_ROOT_DIRECTORY_FAILED"
-			return errors.New("create directory  '" + dir + "' failed: " + err.Error())
+			return fmt.Errorf("create directory  '%s' failed: %w", dir, err)
 		}
 	}
 
@@ -74,7 +75,7 @@ func (this *NodeInstaller) Install(dir string, params interface{}, installStatus
 		}
 	}
 	if firstCopyErr != nil {
-		return errors.New("upload node file failed: " + firstCopyErr.Error())
+		return fmt.Errorf("upload node file failed: %w", firstCopyErr)
 	}
 
 	// 测试运行环境
@@ -82,7 +83,7 @@ func (this *NodeInstaller) Install(dir string, params interface{}, installStatus
 	if !nodeParams.IsUpgrading {
 		_, stderr, err := this.client.Exec(env.HelperPath + " -cmd=test")
 		if err != nil {
-			return errors.New("test failed: " + err.Error())
+			return fmt.Errorf("test failed: %w", err)
 		}
 		if len(stderr) > 0 {
 			return errors.New("test failed: " + stderr)
@@ -99,7 +100,7 @@ func (this *NodeInstaller) Install(dir string, params interface{}, installStatus
 			// 删除可执行文件防止冲突
 			err = this.client.Remove(exePath)
 			if err != nil && err != os.ErrNotExist {
-				return errors.New("remove old file failed: " + err.Error())
+				return fmt.Errorf("remove old file failed: %w", err)
 			}
 		}
 	}
@@ -115,15 +116,14 @@ func (this *NodeInstaller) Install(dir string, params interface{}, installStatus
 
 	// 修改配置文件
 	{
-		configFile := dir + "/edge-node/configs/api.yaml"
+		var configFile = dir + "/edge-node/configs/api_node.yaml"
 
 		// sudo之后我们需要修改配置目录才能写入文件
 		if this.client.sudo {
 			_, _, _ = this.client.Exec("chown " + this.client.User() + " " + filepath.Dir(configFile))
 		}
 
-		var data = []byte(`rpc:
-  endpoints: [ ${endpoints} ]
+		var data = []byte(`rpc.endpoints: [ ${endpoints} ]
 nodeId: "${nodeId}"
 secret: "${nodeSecret}"`)
 
@@ -133,7 +133,7 @@ secret: "${nodeSecret}"`)
 
 		_, err = this.client.WriteFile(configFile, data)
 		if err != nil {
-			return errors.New("write '" + configFile + "': " + err.Error())
+			return fmt.Errorf("write '%s': %w", configFile, err)
 		}
 	}
 
@@ -141,7 +141,7 @@ secret: "${nodeSecret}"`)
 	_, stderr, err = this.client.Exec(dir + "/edge-node/bin/edge-node test")
 	if err != nil {
 		installStatus.ErrorCode = "TEST_FAILED"
-		return errors.New("test edge node failed: " + err.Error() + ", stderr: " + stderr)
+		return fmt.Errorf("test edge node failed:  %w, stderr: %s", err, stderr)
 	}
 	if len(stderr) > 0 {
 		if regexp.MustCompile(`(?i)rpc`).MatchString(stderr) {
@@ -154,7 +154,7 @@ secret: "${nodeSecret}"`)
 	// 启动
 	_, stderr, err = this.client.Exec(dir + "/edge-node/bin/edge-node start")
 	if err != nil {
-		return errors.New("start edge node failed: " + err.Error())
+		return fmt.Errorf("start edge node failed: %w", err)
 	}
 
 	if len(stderr) > 0 {

internal/installers/queue_node.go

@@ -167,7 +167,7 @@ func (this *NodeQueue) InstallNode(nodeId int64, installStatus *models.NodeInsta
 	for _, apiNode := range apiNodes {
 		addrConfigs, err := apiNode.DecodeAccessAddrs()
 		if err != nil {
-			return errors.New("decode api node access addresses failed: " + err.Error())
+			return fmt.Errorf("decode api node access addresses failed: %w", err)
 		}
 		for _, addrConfig := range addrConfigs {
 			apiEndpoints = append(apiEndpoints, addrConfig.FullAddresses()...)
@@ -320,7 +320,7 @@ func (this *NodeQueue) StartNode(nodeId int64) error {
 	// 执行start
 	_, stderr, err := installer.client.Exec("sudo " + exe + " start")
 	if err != nil {
-		return errors.New("start failed: " + err.Error())
+		return fmt.Errorf("start failed: %w", err)
 	}
 	if len(stderr) > 0 {
 		return errors.New("start failed: " + stderr)
@@ -427,7 +427,7 @@ func (this *NodeQueue) StopNode(nodeId int64) error {
 	// 执行stop
 	_, stderr, err := installer.client.Exec(exe + " stop")
 	if err != nil {
-		return errors.New("stop failed: " + err.Error())
+		return fmt.Errorf("stop failed: %w", err)
 	}
 	if len(stderr) > 0 {
 		return errors.New("stop failed: " + stderr)

internal/nodes/api_node.go

@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/configs"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
@@ -285,7 +286,7 @@ func (this *APINode) listenRPC(listener net.Listener, tlsConfig *tls.Config) err
 	this.registerServices(rpcServer)
 	err := rpcServer.Serve(listener)
 	if err != nil {
-		return errors.New("[API_NODE]start rpc failed: " + err.Error())
+		return fmt.Errorf("[API_NODE]start rpc failed: %w", err)
 	}
 
 	return nil
@@ -354,23 +355,23 @@ func (this *APINode) autoUpgrade() error {
 	var config = &dbs.Config{}
 	configData, err := os.ReadFile(Tea.ConfigFile("db.yaml"))
 	if err != nil {
-		return errors.New("read database config file failed: " + err.Error())
+		return fmt.Errorf("read database config file failed: %w", err)
 	}
 	err = yaml.Unmarshal(configData, config)
 	if err != nil {
-		return errors.New("decode database config failed: " + err.Error())
+		return fmt.Errorf("decode database config failed: %w", err)
 	}
 	var dbConfig = config.DBs[Tea.Env]
 	db, err := dbs.NewInstanceFromConfig(dbConfig)
 	if err != nil {
-		return errors.New("load database failed: " + err.Error())
+		return fmt.Errorf("load database failed: %w", err)
 	}
 	defer func() {
 		_ = db.Close()
 	}()
 	one, err := db.FindOne("SELECT version FROM edgeVersions LIMIT 1")
 	if err != nil {
-		return errors.New("query version failed: " + err.Error())
+		return fmt.Errorf("query version failed: %w", err)
 	}
 	if one != nil {
 		// 如果是同样的版本，则直接认为是最新版本
@@ -384,7 +385,7 @@ func (this *APINode) autoUpgrade() error {
 	logs.Println("[API_NODE]upgrade database starting ...")
 	err = setup.NewSQLExecutor(dbConfig).Run(false)
 	if err != nil {
-		return errors.New("execute sql failed: " + err.Error())
+		return fmt.Errorf("execute sql failed: %w", err)
 	}
 	// 不使用remotelog
 	logs.Println("[API_NODE]upgrade database done")

internal/rpc/services/service_http_cache_policy.go

@@ -4,7 +4,9 @@ import (
 	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 )
 
 type HTTPCachePolicyService struct {
@@ -46,7 +48,26 @@ func (this *HTTPCachePolicyService) CreateHTTPCachePolicy(ctx context.Context, r
 
 	var tx = this.NullTx()
 
-	policyId, err := models.SharedHTTPCachePolicyDAO.CreateCachePolicy(tx, req.IsOn, req.Name, req.Description, req.CapacityJSON, req.MaxSizeJSON, req.Type, req.OptionsJSON, req.SyncCompressionCache)
+	if req.CapacityJSON != nil {
+		req.CapacityJSON, err = utils.JSONDecodeConfig(req.CapacityJSON, &shared.SizeCapacity{})
+		if err != nil {
+			return nil, err
+		}
+	}
+	if req.MaxSizeJSON != nil {
+		req.MaxSizeJSON, err = utils.JSONDecodeConfig(req.MaxSizeJSON, &shared.SizeCapacity{})
+		if err != nil {
+			return nil, err
+		}
+	}
+	if req.FetchTimeoutJSON != nil {
+		req.FetchTimeoutJSON, err = utils.JSONDecodeConfig(req.FetchTimeoutJSON, &shared.TimeDuration{})
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	policyId, err := models.SharedHTTPCachePolicyDAO.CreateCachePolicy(tx, req.IsOn, req.Name, req.Description, req.CapacityJSON, req.MaxSizeJSON, req.Type, req.OptionsJSON, req.SyncCompressionCache, req.FetchTimeoutJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +84,26 @@ func (this *HTTPCachePolicyService) UpdateHTTPCachePolicy(ctx context.Context, r
 
 	var tx = this.NullTx()
 
-	err = models.SharedHTTPCachePolicyDAO.UpdateCachePolicy(tx, req.HttpCachePolicyId, req.IsOn, req.Name, req.Description, req.CapacityJSON, req.MaxSizeJSON, req.Type, req.OptionsJSON, req.SyncCompressionCache)
+	if req.CapacityJSON != nil {
+		req.CapacityJSON, err = utils.JSONDecodeConfig(req.CapacityJSON, &shared.SizeCapacity{})
+		if err != nil {
+			return nil, err
+		}
+	}
+	if req.MaxSizeJSON != nil {
+		req.MaxSizeJSON, err = utils.JSONDecodeConfig(req.MaxSizeJSON, &shared.SizeCapacity{})
+		if err != nil {
+			return nil, err
+		}
+	}
+	if req.FetchTimeoutJSON != nil {
+		req.FetchTimeoutJSON, err = utils.JSONDecodeConfig(req.FetchTimeoutJSON, &shared.TimeDuration{})
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err = models.SharedHTTPCachePolicyDAO.UpdateCachePolicy(tx, req.HttpCachePolicyId, req.IsOn, req.Name, req.Description, req.CapacityJSON, req.MaxSizeJSON, req.Type, req.OptionsJSON, req.SyncCompressionCache, req.FetchTimeoutJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -147,7 +187,7 @@ func (this *HTTPCachePolicyService) FindEnabledHTTPCachePolicyConfig(ctx context
 
 // FindEnabledHTTPCachePolicy 查找单个缓存策略信息
 func (this *HTTPCachePolicyService) FindEnabledHTTPCachePolicy(ctx context.Context, req *pb.FindEnabledHTTPCachePolicyRequest) (*pb.FindEnabledHTTPCachePolicyResponse, error) {
-	_, err := this.ValidateAdmin(ctx)
+	_, _, err := this.ValidateAdminAndUser(ctx, false)
 	if err != nil {
 		return nil, err
 	}
@@ -162,9 +202,10 @@ func (this *HTTPCachePolicyService) FindEnabledHTTPCachePolicy(ctx context.Conte
 		return &pb.FindEnabledHTTPCachePolicyResponse{HttpCachePolicy: nil}, nil
 	}
 	return &pb.FindEnabledHTTPCachePolicyResponse{HttpCachePolicy: &pb.HTTPCachePolicy{
-		Id:   int64(policy.Id),
-		Name: policy.Name,
-		IsOn: policy.IsOn,
+		Id:           int64(policy.Id),
+		Name:         policy.Name,
+		IsOn:         policy.IsOn,
+		MaxBytesJSON: policy.MaxSize,
 	}}, nil
 }
 

internal/rpc/services/service_http_cache_task_key.go

@@ -97,16 +97,12 @@ func (this *HTTPCacheTaskKeyService) ValidateHTTPCacheTaskKeys(ctx context.Conte
 		}
 
 		var serverClusterId = int64(server.ClusterId)
-		if serverClusterId == 0 {
-			if clusterId > 0 {
-				serverClusterId = clusterId
-			} else {
-				pbFailResults = append(pbFailResults, &pb.ValidateHTTPCacheTaskKeysResponse_FailKey{
-					Key:        key,
-					ReasonCode: "requireClusterId",
-				})
-				continue
-			}
+		if serverClusterId == 0 && clusterId <= 0 {
+			pbFailResults = append(pbFailResults, &pb.ValidateHTTPCacheTaskKeysResponse_FailKey{
+				Key:        key,
+				ReasonCode: "requireClusterId",
+			})
+			continue
 		}
 	}
 

internal/rpc/services/service_http_firewall_policy.go

@@ -177,7 +177,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 	var tx = this.NullTx()
 
 	// 已经有的数据
-	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, false, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -300,7 +300,12 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 		}
 	}
 
-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig)
+	// MaxRequestBodySize
+	if req.MaxRequestBodySize < 0 {
+		req.MaxRequestBodySize = 0
+	}
+
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig, req.MaxRequestBodySize, req.DenyCountryHTML, req.DenyProvinceHTML)
 	if err != nil {
 		return nil, err
 	}
@@ -443,7 +448,7 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicyConfig(ctx c
 
 	var tx = this.NullTx()
 
-	config, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
+	config, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, false, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -507,7 +512,7 @@ func (this *HTTPFirewallPolicyService) ImportHTTPFirewallPolicy(ctx context.Cont
 
 	var tx = this.NullTx()
 
-	oldConfig, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
+	oldConfig, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, false, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -670,7 +675,7 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
 	ipLong := utils.IP2Long(req.Ip)
 
 	var tx = this.NullTx()
-	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, false, nil)
 	if err != nil {
 		return nil, err
 	}

internal/rpc/services/service_http_firewall_rule_group.go

@@ -101,7 +101,7 @@ func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig
 
 	var tx = this.NullTx()
 
-	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId)
+	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId, false)
 	if err != nil {
 		return nil, err
 	}
@@ -198,7 +198,7 @@ func (this *HTTPFirewallRuleGroupService) AddHTTPFirewallRuleGroupSet(ctx contex
 	var tx = this.NullTx()
 
 	// 已经有的规则
-	config, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId)
+	config, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId, false)
 	if err != nil {
 		return nil, err
 	}

internal/rpc/services/service_http_web.go

@@ -369,7 +369,7 @@ func (this *HTTPWebService) UpdateHTTPWebShutdown(ctx context.Context, req *pb.U
 			if len(shutdownConfig.URL) > maxURLLength {
 				return nil, errors.New("'url' too long")
 			}
-			if !regexputils.HTTPProtocol.MatchString(shutdownConfig.URL) {
+			if shutdownConfig.IsOn /** validate when it's on **/ && !regexputils.HTTPProtocol.MatchString(shutdownConfig.URL) {
 				return nil, errors.New("invalid 'url' format")
 			}
 
@@ -425,6 +425,9 @@ func (this *HTTPWebService) UpdateHTTPWebPages(ctx context.Context, req *pb.Upda
 	if len(req.PagesJSON) > 0 {
 		var pages = []*serverconfigs.HTTPPageConfig{}
 		err = json.Unmarshal(req.PagesJSON, &pages)
+		if err != nil {
+			return nil, err
+		}
 
 		for _, page := range pages {
 			err = page.Init()

internal/rpc/services/service_node_cluster.go

@@ -1102,7 +1102,7 @@ func (this *NodeClusterService) FindEnabledNodeClusterConfigInfo(ctx context.Con
 
 	// toa
 	if models.IsNotNull(cluster.Toa) {
-		var toaConfig = &nodeconfigs.TOAConfig{}
+		var toaConfig = nodeconfigs.NewTOAConfig()
 		err = json.Unmarshal(cluster.Toa, toaConfig)
 		if err != nil {
 			return nil, err

internal/rpc/services/service_node_ext.go

@@ -47,3 +47,8 @@ func (this *NodeService) CopyNodeActionsToNodeGroup(ctx context.Context, req *pb
 func (this *NodeService) CopyNodeActionsToNodeCluster(ctx context.Context, req *pb.CopyNodeActionsToNodeClusterRequest) (*pb.RPCSuccess, error) {
 	return nil, this.NotImplementedYet()
 }
+
+// FindNodeTOAConfig 查找节点的TOA配置
+func (this *NodeService) FindNodeTOAConfig(ctx context.Context, req *pb.FindNodeTOAConfigRequest) (*pb.FindNodeTOAConfigResponse, error) {
+	return nil, this.NotImplementedYet()
+}

internal/rpc/services/service_node_stream.go

@@ -34,7 +34,7 @@ type CommandRequestWaiting struct {
 
 func (this *CommandRequestWaiting) Close() {
 	defer func() {
-		recover()
+		_ = recover()
 	}()
 
 	close(this.Chan)
@@ -207,7 +207,7 @@ func (this *NodeService) NodeStream(server pb.NodeService_NodeStreamServer) erro
 		func(req *pb.NodeStreamMessage) {
 			// 因为 responseChan.Chan 有被关闭的风险，所以我们使用recover防止panic
 			defer func() {
-				recover()
+				_ = recover()
 			}()
 
 			nodeLocker.Lock()

internal/rpc/services/service_server.go

@@ -346,6 +346,9 @@ func (this *ServerService) CreateBasicHTTPServer(ctx context.Context, req *pb.Cr
 		Options: nil,
 	}
 	reverseProxyScheduleJSON, err := json.Marshal(reverseProxyScheduleConfig)
+	if err != nil {
+		return nil, err
+	}
 
 	var primaryOrigins = []*serverconfigs.OriginRef{}
 	for _, originAddr := range req.OriginAddrs {
@@ -615,6 +618,9 @@ func (this *ServerService) CreateBasicTCPServer(ctx context.Context, req *pb.Cre
 		Options: nil,
 	}
 	reverseProxyScheduleJSON, err := json.Marshal(reverseProxyScheduleConfig)
+	if err != nil {
+		return nil, err
+	}
 
 	var primaryOrigins = []*serverconfigs.OriginRef{}
 	for _, originAddr := range req.OriginAddrs {
@@ -2911,8 +2917,14 @@ func (this *ServerService) CopyServerConfig(ctx context.Context, req *pb.CopySer
 			if err != nil {
 				return nil, err
 			}
+			if req.TargetUserId <= 0 {
+				req.TargetUserId = userId
+			}
 
-			// 此时如果用户为0，则同步到未分配用户的服务
+			// 此时如果用户为0，则同步到未分配用户的网站
+		} else {
+			// 只能同步到自己的网站
+			req.TargetUserId = userId
 		}
 		err = models.SharedServerDAO.CopyServerConfigToUser(tx, req.ServerId, req.TargetUserId, req.ConfigCode)
 		if err != nil {

internal/rpc/services/service_server_bandwidth_stat.go

@@ -177,7 +177,7 @@ func (this *ServerBandwidthStatService) FindServerBandwidthStats(ctx context.Con
 		req.Algo = bandwidthAlgo
 	}
 
-	var stats = []*models.ServerBandwidthStat{}
+	var stats []*models.ServerBandwidthStat
 	if len(req.Day) > 0 {
 		stats, err = models.SharedServerBandwidthStatDAO.FindAllServerStatsWithDay(tx, req.ServerId, req.Day, req.Algo == systemconfigs.BandwidthAlgoAvg)
 	} else if len(req.Month) > 0 {
@@ -398,7 +398,7 @@ func (this *ServerBandwidthStatService) FindDailyServerBandwidthStatsBetweenDays
 		return nil, errors.New("invalid dayTo '" + req.DayTo + "'")
 	}
 
-	var pbStats = []*pb.FindDailyServerBandwidthStatsBetweenDaysResponse_Stat{}
+	var pbStats []*pb.FindDailyServerBandwidthStatsBetweenDaysResponse_Stat
 	var pbNthStat *pb.FindDailyServerBandwidthStatsBetweenDaysResponse_Stat
 	if req.ServerId > 0 { // 服务统计
 		pbStats, err = models.SharedServerBandwidthStatDAO.FindBandwidthStatsBetweenDays(tx, req.ServerId, req.DayFrom, req.DayTo, req.Algo == systemconfigs.BandwidthAlgoAvg)

internal/rpc/utils/utils.go

@@ -2,6 +2,7 @@ package rpcutils
 
 import (
 	"errors"
+	"fmt"
 )
 
 type UserType = string
@@ -27,5 +28,5 @@ func Wrap(description string, err error) error {
 	if err == nil {
 		return errors.New(description)
 	}
-	return errors.New(description + ": " + err.Error())
+	return fmt.Errorf("%s: %w", description, err)
 }

internal/setup/setup.go

@@ -2,6 +2,7 @@ package setup
 
 import (
 	"encoding/json"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/configs"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
@@ -150,7 +151,7 @@ func (this *Setup) Run() error {
 		}
 		addrsJSON, err := json.Marshal([]*serverconfigs.NetworkAddressConfig{addr})
 		if err != nil {
-			return errors.New("json encode api node addr failed: " + err.Error())
+			return fmt.Errorf("json encode api node addr failed: %w", err)
 		}
 
 		var httpJSON []byte = nil
@@ -166,7 +167,7 @@ func (this *Setup) Run() error {
 			}
 			httpJSON, err = json.Marshal(httpConfig)
 			if err != nil {
-				return errors.New("json encode api node http config failed: " + err.Error())
+				return fmt.Errorf("json encode api node http config failed: %w", err)
 			}
 		}
 		if this.config.APINodeProtocol == "https" {
@@ -181,14 +182,14 @@ func (this *Setup) Run() error {
 			}
 			httpsJSON, err = json.Marshal(httpsConfig)
 			if err != nil {
-				return errors.New("json encode api node https config failed: " + err.Error())
+				return fmt.Errorf("json encode api node https config failed: %w", err)
 			}
 		}
 
 		// 创建API节点
 		nodeId, err := dao.CreateAPINode(nil, "默认API节点", "这是默认创建的第一个API节点", httpJSON, httpsJSON, false, nil, nil, addrsJSON, true)
 		if err != nil {
-			return errors.New("create api node in database failed: " + err.Error())
+			return fmt.Errorf("create api node in database failed: %w", err)
 		}
 		apiNodeId = nodeId
 	}
@@ -208,7 +209,7 @@ func (this *Setup) Run() error {
 	}
 	err = apiConfig.WriteFile(Tea.ConfigFile("api.yaml"))
 	if err != nil {
-		return errors.New("save config failed: " + err.Error())
+		return fmt.Errorf("save config failed: %w", err)
 	}
 
 	return nil

internal/setup/sql.json

@@ -87506,7 +87506,7 @@
       "name": "edgeDNSTasks",
       "engine": "InnoDB",
       "charset": "utf8mb4_general_ci",
-      "definition": "CREATE TABLE `edgeDNSTasks` (\n  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `clusterId` int(11) unsigned DEFAULT '0' COMMENT '集群ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `nodeId` int(11) unsigned DEFAULT '0' COMMENT '节点ID',\n  `domainId` int(11) unsigned DEFAULT '0' COMMENT '域名ID',\n  `recordName` varchar(255) DEFAULT NULL COMMENT '记录名',\n  `type` varchar(255) DEFAULT NULL COMMENT '任务类型',\n  `updatedAt` bigint(11) unsigned DEFAULT '0' COMMENT '更新时间',\n  `isDone` tinyint(1) unsigned DEFAULT '0' COMMENT '是否已完成',\n  `isOk` tinyint(1) unsigned DEFAULT '0' COMMENT '是否成功',\n  `error` varchar(1024) DEFAULT NULL COMMENT '错误信息',\n  `version` bigint(20) unsigned DEFAULT '0' COMMENT '版本',\n  PRIMARY KEY (`id`),\n  UNIQUE KEY `uniqueId` (`clusterId`,`serverId`,`nodeId`,`domainId`,`recordName`,`type`) USING BTREE,\n  KEY `isDone` (`isDone`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='DNS更新任务'",
+      "definition": "CREATE TABLE `edgeDNSTasks` (\n  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `clusterId` int(11) unsigned DEFAULT '0' COMMENT '集群ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `nodeId` int(11) unsigned DEFAULT '0' COMMENT '节点ID',\n  `domainId` int(11) unsigned DEFAULT '0' COMMENT '域名ID',\n  `recordName` varchar(255) DEFAULT NULL COMMENT '记录名',\n  `type` varchar(255) DEFAULT NULL COMMENT '任务类型',\n  `updatedAt` bigint(11) unsigned DEFAULT '0' COMMENT '更新时间',\n  `isDone` tinyint(1) unsigned DEFAULT '0' COMMENT '是否已完成',\n  `isOk` tinyint(1) unsigned DEFAULT '0' COMMENT '是否成功',\n  `error` varchar(1024) DEFAULT NULL COMMENT '错误信息',\n  `version` bigint(20) unsigned DEFAULT '0' COMMENT '版本',\n  `countFails` int(11) unsigned DEFAULT '0' COMMENT '尝试失败次数',\n  PRIMARY KEY (`id`),\n  UNIQUE KEY `uniqueId` (`clusterId`,`serverId`,`nodeId`,`domainId`,`recordName`,`type`) USING BTREE,\n  KEY `isDone` (`isDone`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='DNS更新任务'",
       "fields": [
         {
           "name": "id",
@@ -87555,6 +87555,10 @@
         {
           "name": "version",
           "definition": "bigint(20) unsigned DEFAULT '0' COMMENT '版本'"
+        },
+        {
+          "name": "countFails",
+          "definition": "int(11) unsigned DEFAULT '0' COMMENT '尝试失败次数'"
         }
       ],
       "indexes": [
@@ -91371,7 +91375,7 @@
       "name": "edgeHTTPCachePolicies",
       "engine": "InnoDB",
       "charset": "utf8mb4_general_ci",
-      "definition": "CREATE TABLE `edgeHTTPCachePolicies` (\n  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n  `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n  `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n  `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n  `name` varchar(255) DEFAULT NULL COMMENT '名称',\n  `capacity` json DEFAULT NULL COMMENT '容量数据',\n  `maxKeys` bigint(20) unsigned DEFAULT '0' COMMENT '最多Key值',\n  `maxSize` json DEFAULT NULL COMMENT '最大缓存内容尺寸',\n  `type` varchar(255) DEFAULT NULL COMMENT '存储类型',\n  `options` json DEFAULT NULL COMMENT '存储选项',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n  `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n  `refs` json DEFAULT NULL COMMENT '默认的缓存设置',\n  `syncCompressionCache` tinyint(1) unsigned DEFAULT '0' COMMENT '是否同步写入压缩缓存',\n  PRIMARY KEY (`id`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP缓存策略'",
+      "definition": "CREATE TABLE `edgeHTTPCachePolicies` (\n  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n  `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n  `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n  `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n  `name` varchar(255) DEFAULT NULL COMMENT '名称',\n  `capacity` json DEFAULT NULL COMMENT '容量数据',\n  `maxKeys` bigint(20) unsigned DEFAULT '0' COMMENT '最多Key值',\n  `maxSize` json DEFAULT NULL COMMENT '最大缓存内容尺寸',\n  `type` varchar(255) DEFAULT NULL COMMENT '存储类型',\n  `options` json DEFAULT NULL COMMENT '存储选项',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n  `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n  `refs` json DEFAULT NULL COMMENT '默认的缓存设置',\n  `syncCompressionCache` tinyint(1) unsigned DEFAULT '0' COMMENT '是否同步写入压缩缓存',\n  `fetchTimeout` json DEFAULT NULL COMMENT '预热超时时间',\n  PRIMARY KEY (`id`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP缓存策略'",
       "fields": [
         {
           "name": "id",
@@ -91436,6 +91440,10 @@
         {
           "name": "syncCompressionCache",
           "definition": "tinyint(1) unsigned DEFAULT '0' COMMENT '是否同步写入压缩缓存'"
+        },
+        {
+          "name": "fetchTimeout",
+          "definition": "json COMMENT '预热超时时间'"
         }
       ],
       "indexes": [
@@ -91702,7 +91710,7 @@
       "name": "edgeHTTPFirewallPolicies",
       "engine": "InnoDB",
       "charset": "utf8mb4_general_ci",
-      "definition": "CREATE TABLE `edgeHTTPFirewallPolicies` (\n  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n  `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n  `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `groupId` int(11) unsigned DEFAULT '0' COMMENT '服务分组ID',\n  `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n  `name` varchar(255) DEFAULT NULL COMMENT '名称',\n  `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n  `inbound` json DEFAULT NULL COMMENT '入站规则',\n  `outbound` json DEFAULT NULL COMMENT '出站规则',\n  `blockOptions` json DEFAULT NULL COMMENT 'BLOCK选项',\n  `captchaOptions` json DEFAULT NULL COMMENT '验证码选项',\n  `mode` varchar(32) DEFAULT 'defend' COMMENT '模式',\n  `useLocalFirewall` tinyint(1) unsigned DEFAULT '1' COMMENT '是否自动使用本地防火墙',\n  `synFlood` json DEFAULT NULL COMMENT 'SynFlood防御设置',\n  `log` json DEFAULT NULL COMMENT '日志配置',\n  PRIMARY KEY (`id`),\n  KEY `userId` (`userId`),\n  KEY `serverId` (`serverId`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP防火墙'",
+      "definition": "CREATE TABLE `edgeHTTPFirewallPolicies` (\n  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n  `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n  `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `groupId` int(11) unsigned DEFAULT '0' COMMENT '服务分组ID',\n  `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n  `name` varchar(255) DEFAULT NULL COMMENT '名称',\n  `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n  `inbound` json DEFAULT NULL COMMENT '入站规则',\n  `outbound` json DEFAULT NULL COMMENT '出站规则',\n  `blockOptions` json DEFAULT NULL COMMENT 'BLOCK选项',\n  `captchaOptions` json DEFAULT NULL COMMENT '验证码选项',\n  `mode` varchar(32) DEFAULT 'defend' COMMENT '模式',\n  `useLocalFirewall` tinyint(1) unsigned DEFAULT '1' COMMENT '是否自动使用本地防火墙',\n  `synFlood` json DEFAULT NULL COMMENT 'SynFlood防御设置',\n  `log` json DEFAULT NULL COMMENT '日志配置',\n  `maxRequestBodySize` int(11) unsigned DEFAULT '0' COMMENT '可以检查的最大请求内容尺寸',\n  `denyCountryHTML` text COMMENT '区域封禁提示',\n  `denyProvinceHTML` varchar(255) DEFAULT NULL COMMENT '省份封禁提示',\n  PRIMARY KEY (`id`),\n  KEY `userId` (`userId`),\n  KEY `serverId` (`serverId`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP防火墙'",
       "fields": [
         {
           "name": "id",
@@ -91779,6 +91787,18 @@
         {
           "name": "log",
           "definition": "json COMMENT '日志配置'"
+        },
+        {
+          "name": "maxRequestBodySize",
+          "definition": "int(11) unsigned DEFAULT '0' COMMENT '可以检查的最大请求内容尺寸'"
+        },
+        {
+          "name": "denyCountryHTML",
+          "definition": "text COMMENT '区域封禁提示'"
+        },
+        {
+          "name": "denyProvinceHTML",
+          "definition": "varchar(255) COMMENT '省份封禁提示'"
         }
       ],
       "indexes": [

internal/setup/sql_executor.go

@@ -2,8 +2,8 @@ package setup
 
 import (
 	"encoding/json"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	_ "github.com/go-sql-driver/mysql"
@@ -68,7 +68,7 @@ func (this *SQLExecutor) Run(showLog bool) error {
 	var sqlResult = &SQLDumpResult{}
 	err = json.Unmarshal(sqlData, sqlResult)
 	if err != nil {
-		return errors.New("decode sql data failed: " + err.Error())
+		return fmt.Errorf("decode sql data failed: %w", err)
 	}
 
 	_, err = sqlDump.Apply(db, sqlResult, showLog)
@@ -227,7 +227,7 @@ func (this *SQLExecutor) checkCluster(db *dbs.DB) error {
 	/// 检查是否有集群数字
 	stmt, err := db.Prepare("SELECT COUNT(*) FROM edgeNodeClusters")
 	if err != nil {
-		return errors.New("query clusters failed: " + err.Error())
+		return fmt.Errorf("query clusters failed: %w", err)
 	}
 	defer func() {
 		_ = stmt.Close()
@@ -235,7 +235,7 @@ func (this *SQLExecutor) checkCluster(db *dbs.DB) error {
 
 	col, err := stmt.FindCol(0)
 	if err != nil {
-		return errors.New("query clusters failed: " + err.Error())
+		return fmt.Errorf("query clusters failed: %w", err)
 	}
 	count := types.Int(col)
 	if count > 0 {
@@ -311,7 +311,7 @@ func (this *SQLExecutor) checkCluster(db *dbs.DB) error {
 func (this *SQLExecutor) checkIPList(db *dbs.DB) error {
 	stmt, err := db.Prepare("SELECT COUNT(*) FROM edgeIPLists")
 	if err != nil {
-		return errors.New("query ip lists failed: " + err.Error())
+		return fmt.Errorf("query ip lists failed: %w", err)
 	}
 	defer func() {
 		_ = stmt.Close()
@@ -319,7 +319,7 @@ func (this *SQLExecutor) checkIPList(db *dbs.DB) error {
 
 	col, err := stmt.FindCol(0)
 	if err != nil {
-		return errors.New("query ip lists failed: " + err.Error())
+		return fmt.Errorf("query ip lists failed: %w", err)
 	}
 	count := types.Int(col)
 	if count > 0 {
@@ -508,7 +508,7 @@ func (this *SQLExecutor) checkClientAgents(db *dbs.DB) error {
 func (this *SQLExecutor) updateVersion(db *dbs.DB, version string) error {
 	stmt, err := db.Prepare("SELECT COUNT(*) FROM edgeVersions")
 	if err != nil {
-		return errors.New("query version failed: " + err.Error())
+		return fmt.Errorf("query version failed: %w", err)
 	}
 	defer func() {
 		_ = stmt.Close()
@@ -516,20 +516,20 @@ func (this *SQLExecutor) updateVersion(db *dbs.DB, version string) error {
 
 	col, err := stmt.FindCol(0)
 	if err != nil {
-		return errors.New("query version failed: " + err.Error())
+		return fmt.Errorf("query version failed: %w", err)
 	}
 	count := types.Int(col)
 	if count > 0 {
 		_, err = db.Exec("UPDATE edgeVersions SET version=?", version)
 		if err != nil {
-			return errors.New("update version failed: " + err.Error())
+			return fmt.Errorf("update version failed: %w", err)
 		}
 		return nil
 	}
 
 	_, err = db.Exec("INSERT edgeVersions (version) VALUES (?)", version)
 	if err != nil {
-		return errors.New("create version failed: " + err.Error())
+		return fmt.Errorf("create version failed: %w", err)
 	}
 
 	return nil

internal/setup/sql_upgrade.go

@@ -424,9 +424,7 @@ func upgradeV0_3_2(db *dbs.DB) error {
 			if err != nil {
 				continue
 			}
-			if sizeCapacity != nil {
-				compressionConfig.MinLength = sizeCapacity
-			}
+			compressionConfig.MinLength = sizeCapacity
 		}
 
 		var maxLengthBytes = []byte(gzipOne.GetString("maxLength"))
@@ -436,9 +434,7 @@ func upgradeV0_3_2(db *dbs.DB) error {
 			if err != nil {
 				continue
 			}
-			if sizeCapacity != nil {
-				compressionConfig.MaxLength = sizeCapacity
-			}
+			compressionConfig.MaxLength = sizeCapacity
 		}
 
 		var condsBytes = []byte(gzipOne.GetString("conds"))
@@ -448,9 +444,7 @@ func upgradeV0_3_2(db *dbs.DB) error {
 			if err != nil {
 				continue
 			}
-			if conds != nil {
-				compressionConfig.Conds = conds
-			}
+			compressionConfig.Conds = conds
 		}
 
 		configJSON, err := json.Marshal(compressionConfig)

internal/setup/sql_upgrade_ext.go

@@ -5,7 +5,7 @@ package setup
 
 import (
 	"encoding/json"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"fmt"
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
@@ -79,7 +79,7 @@ func upgradeV0_4_9(db *dbs.DB) error {
 					config.DenySpiders = true
 					configJSON, err := json.Marshal(config)
 					if err != nil {
-						return errors.New("encode SecurityConfig failed: " + err.Error())
+						return fmt.Errorf("encode SecurityConfig failed: %w", err)
 					} else {
 						_, err := db.Exec("UPDATE edgeSysSettings SET value=? WHERE code=?", configJSON, systemconfigs.SettingCodeAdminSecurityConfig)
 						if err != nil {

internal/tasks/health_check_executor.go

@@ -177,7 +177,7 @@ func (this *HealthCheckExecutor) runNode(healthCheckConfig *serverconfigs.Health
 			// 在线状态发生变化
 			if healthCheckConfig.AutoDown {
 				// 发送消息
-				var message = ""
+				var message string
 				var messageType string
 				var messageLevel string
 				if result.IsOk {

internal/tasks/ssl_cert_update_ocsp_task.go

@@ -8,6 +8,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
+	"fmt"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/goman"
@@ -63,7 +64,7 @@ func (this *SSLCertUpdateOCSPTask) Loop() error {
 	var maxTries = 5
 	certs, err := models.SharedSSLCertDAO.ListCertsToUpdateOCSP(tx, maxTries, size)
 	if err != nil {
-		return errors.New("list certs failed: " + err.Error())
+		return fmt.Errorf("list certs failed: %w", err)
 	}
 
 	if len(certs) == 0 {
@@ -74,7 +75,7 @@ func (this *SSLCertUpdateOCSPTask) Loop() error {
 	for _, cert := range certs {
 		err := models.SharedSSLCertDAO.PrepareCertOCSPUpdating(tx, int64(cert.Id))
 		if err != nil {
-			return errors.New("prepare cert ocsp updating failed: " + err.Error())
+			return fmt.Errorf("prepare cert ocsp updating failed: %w", err)
 		}
 	}
 
@@ -90,7 +91,7 @@ func (this *SSLCertUpdateOCSPTask) Loop() error {
 		}
 		err = models.SharedSSLCertDAO.UpdateCertOCSP(tx, int64(cert.Id), ocspData, expiresAt, hasErr, errString)
 		if err != nil {
-			return errors.New("update ocsp failed: " + err.Error())
+			return fmt.Errorf("update ocsp failed: %w", err)
 		}
 	}
 

internal/utils/expires/list_test.go

@@ -122,7 +122,7 @@ func TestList_ManyItems(t *testing.T) {
 	})
 	list.GC(time.Now().Unix() + 1)
 	t.Log("gc", count, "items")
-	t.Log(time.Now().Sub(now))
+	t.Log(time.Since(now))
 }
 
 func TestList_Map_Performance(t *testing.T) {
@@ -140,7 +140,7 @@ func TestList_Map_Performance(t *testing.T) {
 		for i := 0; i < 100_000; i++ {
 			delete(m, int64(i))
 		}
-		t.Log(time.Now().Sub(now))
+		t.Log(time.Since(now))
 	}
 
 	{
@@ -153,7 +153,7 @@ func TestList_Map_Performance(t *testing.T) {
 		for i := 0; i < 100_000; i++ {
 			delete(m, uint64(i))
 		}
-		t.Log(time.Now().Sub(now))
+		t.Log(time.Since(now))
 	}
 
 	{
@@ -166,7 +166,7 @@ func TestList_Map_Performance(t *testing.T) {
 		for i := 0; i < 100_000; i++ {
 			delete(m, uint32(i))
 		}
-		t.Log(time.Now().Sub(now))
+		t.Log(time.Since(now))
 	}
 }
 

internal/utils/json.go

@@ -43,3 +43,32 @@ func JSONClone[T any](ptr T) (newPtr T, err error) {
 
 	return newValue.(T), nil
 }
+
+// JSONDecodeConfig 解码并重新编码
+// 是为了去除原有JSON中不需要的数据
+func JSONDecodeConfig(data []byte, ptr any) (encodeJSON []byte, err error) {
+	err = json.Unmarshal(data, ptr)
+	if err != nil {
+		return
+	}
+
+	encodeJSON, err = json.Marshal(ptr)
+	if err != nil {
+		return
+	}
+
+	// validate config
+	if ptr != nil {
+		config, ok := ptr.(interface {
+			Init() error
+		})
+		if ok {
+			initErr := config.Init()
+			if initErr != nil {
+				err = errors.New("validate config failed: " + initErr.Error())
+			}
+		}
+	}
+
+	return
+}

internal/utils/json_test.go

@@ -3,6 +3,7 @@
 package utils_test
 
 import (
+	"errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/iwind/TeaGo/logs"
 	"testing"
@@ -49,3 +50,38 @@ func TestJSONClone_Slice(t *testing.T) {
 	}
 	logs.PrintAsJSON(newU, t)
 }
+
+type jsonUserType struct {
+	Name string `json:"name"`
+	Age  int    `json:"age"`
+}
+
+func (this *jsonUserType) Init() error {
+	if len(this.Name) < 10 {
+		return errors.New("'name' too short")
+	}
+	return nil
+}
+
+func TestJSONDecodeConfig(t *testing.T) {
+	var data = []byte(`{ "name":"Lily", "age":20, "description": "Nice" }`)
+
+	var u = &jsonUserType{}
+	newJSON, err := utils.JSONDecodeConfig(data, u)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("%+v, %s", u, string(newJSON))
+}
+
+func TestJSONDecodeConfig_Validate(t *testing.T) {
+	var data = []byte(`{ "name":"Lily", "age":20, "description": "Nice" }`)
+
+	var u = &jsonUserType{}
+
+	newJSON, err := utils.JSONDecodeConfig(data, u)
+	if err != nil {
+		t.Log("ignore error:", err) // error expected
+	}
+	t.Logf("%+v, %s", u, string(newJSON))
+}

internal/utils/rlimit_darwin.go

@@ -25,5 +25,5 @@ func SetRLimit(limit uint64) error {
 
 // set best resource limit value
 func SetSuitableRLimit() {
-	SetRLimit(4096 * 100) // 1M=100Files
+	_ = SetRLimit(4096 * 100) // 1M=100Files
 }

internal/utils/service.go

@@ -39,7 +39,7 @@ func (this *ServiceManager) setup() {
 	this.onceLocker.Do(func() {
 		logFile := files.NewFile(Tea.Root + "/logs/service.log")
 		if logFile.Exists() {
-			logFile.Delete()
+			_ = logFile.Delete()
 		}
 
 		//logger

internal/utils/service_linux.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package utils
@@ -47,7 +48,7 @@ func (this *ServiceManager) Start() error {
 	return exec.Command("service", teaconst.ProcessName, "start").Start()
 }
 
-// 删除服务
+// Uninstall 删除服务
 func (this *ServiceManager) Uninstall() error {
 	if os.Getgid() != 0 {
 		return errors.New("only root users can uninstall the service")
@@ -60,10 +61,10 @@ func (this *ServiceManager) Uninstall() error {
 		}
 
 		// disable service
-		exec.Command(systemd, "disable", teaconst.SystemdServiceName+".service").Start()
+		_ = exec.Command(systemd, "disable", teaconst.SystemdServiceName+".service").Start()
 
 		// reload
-		exec.Command(systemd, "daemon-reload")
+		_ = exec.Command(systemd, "daemon-reload").Start()
 
 		return files.NewFile(systemdServiceFile).Delete()
 	}
@@ -144,10 +145,10 @@ WantedBy=multi-user.target`
 	}
 
 	// stop current systemd service if running
-	exec.Command(systemd, "stop", shortName+".service")
+	_ = exec.Command(systemd, "stop", shortName+".service").Start()
 
 	// reload
-	exec.Command(systemd, "daemon-reload")
+	_ = exec.Command(systemd, "daemon-reload").Start()
 
 	// enable
 	cmd := exec.Command(systemd, "enable", shortName+".service")

internal/utils/service_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package utils
@@ -16,7 +17,7 @@ import (
 func (this *ServiceManager) Install(exePath string, args []string) error {
 	m, err := mgr.Connect()
 	if err != nil {
-		return fmt.Errorf("connecting: %s please 'Run as administrator' again", err.Error())
+		return fmt.Errorf("connecting: %w please 'Run as administrator' again", err)
 	}
 	defer m.Disconnect()
 	s, err := m.OpenService(this.Name)
@@ -31,7 +32,7 @@ func (this *ServiceManager) Install(exePath string, args []string) error {
 		StartType:   windows.SERVICE_AUTO_START,
 	}, args...)
 	if err != nil {
-		return fmt.Errorf("creating: %s", err.Error())
+		return fmt.Errorf("creating: %w", err)
 	}
 	defer s.Close()
 
@@ -47,12 +48,12 @@ func (this *ServiceManager) Start() error {
 	defer m.Disconnect()
 	s, err := m.OpenService(this.Name)
 	if err != nil {
-		return fmt.Errorf("could not access service: %v", err)
+		return fmt.Errorf("could not access service: %w", err)
 	}
 	defer s.Close()
 	err = s.Start("service")
 	if err != nil {
-		return fmt.Errorf("could not start service: %v", err)
+		return fmt.Errorf("could not start service: %w", err)
 	}
 
 	return nil
@@ -62,12 +63,12 @@ func (this *ServiceManager) Start() error {
 func (this *ServiceManager) Uninstall() error {
 	m, err := mgr.Connect()
 	if err != nil {
-		return fmt.Errorf("connecting: %s please 'Run as administrator' again", err.Error())
+		return fmt.Errorf("connecting: %w please 'Run as administrator' again", err)
 	}
 	defer m.Disconnect()
 	s, err := m.OpenService(this.Name)
 	if err != nil {
-		return fmt.Errorf("open service: %s", err.Error())
+		return fmt.Errorf("open service: %w", err)
 	}
 
 	// shutdown service
@@ -79,7 +80,7 @@ func (this *ServiceManager) Uninstall() error {
 	defer s.Close()
 	err = s.Delete()
 	if err != nil {
-		return fmt.Errorf("deleting: %s", err.Error())
+		return fmt.Errorf("deleting: %w", err)
 	}
 	return nil
 }

internal/utils/ttlcache/cache.go

@@ -10,8 +10,10 @@ var SharedCache = NewCache()
 // Cache TTL缓存
 // 最大的缓存时间为30 * 86400
 // Piece数据结构：
-//      Piece1            |  Piece2 | Piece3 | ...
-//  [ Item1, Item2, ... ] |   ...
+//
+//	    Piece1            |  Piece2 | Piece3 | ...
+//	[ Item1, Item2, ... ] |   ...
+//
 // KeyMap列表数据结构
 // { timestamp1 => [key1, key2, ...] }, ...
 type Cache struct {
@@ -115,19 +117,11 @@ func (this *Cache) Read(key string) (item *Item) {
 	return this.pieces[uint64Key%this.countPieces].Read(uint64Key)
 }
 
-func (this *Cache) readIntKey(key uint64) (value *Item) {
-	return this.pieces[key%this.countPieces].Read(key)
-}
-
 func (this *Cache) Delete(key string) {
 	uint64Key := HashKey([]byte(key))
 	this.pieces[uint64Key%this.countPieces].Delete(uint64Key)
 }
 
-func (this *Cache) deleteIntKey(key uint64) {
-	this.pieces[key%this.countPieces].Delete(key)
-}
-
 func (this *Cache) Count() (count int) {
 	for _, piece := range this.pieces {
 		count += piece.Count()