fix: Normal user can not change the name of their own address book (#341 )

feat: Optimize login workflow (#345 )
* add "disable_pwd" and "auto_oidc" at /admin/login-options * fix: build RedirectURL by host and scheme, not Origin
2025-08-10 11:17:51 +08:00 · 2025-07-31 10:46:11 +08:00 · 2025-07-31 10:42:56 +08:00 · 2025-07-19 21:08:40 +08:00 · 2025-07-14 20:36:33 +08:00 · 2025-07-11 09:55:48 +08:00
272 changed files with 237271 additions and 2705 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,29 @@
 # Ignore Docker Compose configuration files
 docker-compose.yaml
 docker-compose-dev.yaml
 # Ignore development Dockerfile
 Dockerfile
 Dockerfile.dev
 docker-dev.sh
 # Ignore the data directory
 data/
 # Ignore version control system directories
 .git/
 # Ignore log and temporary files
 *.log
 *.tmp
 *.swp
 # Ignore editor/IDE configuration files
 .vscode/
 .idea/
 # Ignore binaries and build cache
 release/
 bin/
 *.exe
 *.out
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1,2 @@
-resources/web/**/* linguist-vendored
+resources/web/**/* linguist-vendored
 resources/web2/**/* linguist-vendored
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -55,30 +55,44 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/checkout@v4
        with:
          repository: lejianwen/rustdesk-api-web
          path: rustdesk-api-web
          ref: master
      - name: Set up Go environment
        uses: actions/setup-go@v4
        with:
-          go-version: '1.22'  # 选择 Go 版本
+          go-version: '1.23'  # 选择 Go 版本
      - name: Set up npm
        uses: actions/setup-node@v2
        with:
          node-version: '20'
      - name: build rustdesk-api-web
        working-directory: rustdesk-api-web
        run: |
          git clone ${{ env.WEBCLIENT_SOURCE_LOCATION }}
          cd rustdesk-api-web
          npm install
          npm run build
-          mkdir ../resources/admin/ -p
+          mkdir -p ../resources/admin/
          cp -ar dist/* ../resources/admin/
      - name: tidy
        run: go mod tidy
      - name: Get tag version
        run: |
          TAG_VERSION="${GITHUB_REF##*/}"
          VERSION="${TAG_VERSION#v}" 
          echo "VERSION=$VERSION" >> $GITHUB_ENV
      - name: Write version to resources/version
        run:  echo $VERSION > resources/version
      - name: swag
        run: |
          go install github.com/swaggo/swag/cmd/swag@latest
@@ -96,15 +110,17 @@ jobs:
          if [ "${{ matrix.job.goos }}" = "windows" ]; then
            sudo apt-get install gcc-mingw-w64-x86-64 zip -y
            GOOS=${{ matrix.job.goos }} GOARCH=${{ matrix.job.platform }} CC=x86_64-w64-mingw32-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain.exe ./cmd/apimain.go
            echo @echo off > release/start.bat
            echo cmd /c \"%~dp0apimain.exe\" >> release/start.bat
            zip -r ${{ matrix.job.goos}}-${{ matrix.job.platform }}.${{matrix.job.file_ext}} ./release
          else
            if [ "${{ matrix.job.platform }}" = "arm64" ]; then
-                wget https://musl.cc/aarch64-linux-musl-cross.tgz
+                wget https://musl.ljw.red/aarch64-linux-musl-cross.tgz
                tar -xf aarch64-linux-musl-cross.tgz
                export PATH=$PATH:$PWD/aarch64-linux-musl-cross/bin
                GOOS=${{ matrix.job.goos }} GOARCH=${{ matrix.job.platform }} CC=aarch64-linux-musl-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain ./cmd/apimain.go
            elif [ "${{ matrix.job.platform }}" = "armv7l" ]; then
-                wget https://musl.cc/armv7l-linux-musleabihf-cross.tgz
+                wget https://musl.ljw.red/armv7l-linux-musleabihf-cross.tgz
                tar -xf armv7l-linux-musleabihf-cross.tgz
                export PATH=$PATH:$PWD/armv7l-linux-musleabihf-cross/bin
                GOOS=${{ matrix.job.goos }} GOARCH=arm GOARM=7 CC=armv7l-linux-musleabihf-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain ./cmd/apimain.go
@@ -121,15 +137,94 @@ jobs:
          name: rustdesk-api-${{ matrix.job.goos }}-${{ matrix.job.platform }}
          path: |
            ${{ matrix.job.goos}}-${{ matrix.job.platform }}.${{matrix.job.file_ext}}
      - name: Upload to GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          files: |
            ${{ matrix.job.goos}}-${{ matrix.job.platform }}.${{matrix.job.file_ext}}
        #          tag_name: ${{ env.LATEST_TAG }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate Changelog
        if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
        run: npx changelogithub # or changelogithub@0.12 if ensure the stable result
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
  deb-package:
    name: debian package - ${{ matrix.job.platform }}
    needs: build
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        job:
          - { platform: "amd64", goos: "linux", debian_platform: "amd64", crossbuild_package: ""}
          - { platform: "arm64", goos: "linux", debian_platform: "arm64", crossbuild_package: "crossbuild-essential-arm64" }
          - { platform: "armv7l", goos: "linux", debian_platform: "armhf", crossbuild_package: "crossbuild-essential-armhf" }
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Create packaging env
        run: |
          sudo apt update
          DEBIAN_FRONTEND=noninteractive sudo apt install -y devscripts build-essential debhelper pkg-config ${{ matrix.job.crossbuild_package }}
          mkdir -p debian-build/${{ matrix.job.platform }}/bin
      - name: Get tag version
        id: get_tag
        run: |
          TAG_VERSION="${GITHUB_REF##*/}"
          VERSION="${TAG_VERSION#v}" 
          echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV
          echo "VERSION=$VERSION" >> $GITHUB_ENV
      - name: Update changelog
        run: |
          DATE=$(date -R)
          sed -i "1i rustdesk-api-server (${VERSION}) stable; urgency=medium\n\n  * Automatically generated release for version ${VERSION}.\n\n -- GitHub Actions <actions@github.com>  ${DATE}\n" debian/changelog
      - name: Download binaries
        uses: actions/download-artifact@v4
        with:
          name: rustdesk-api-${{ matrix.job.goos }}-${{ matrix.job.platform }}
          path: .
      - name: Unzip binaries
        run: |
          mkdir -p ${{ matrix.job.platform }}
          tar -xzf ${{ matrix.job.goos }}-${{ matrix.job.platform }}.tar.gz -C ${{ matrix.job.platform }}
      - name: Build package for ${{ matrix.job.platform }} arch
        run: |
          mv ${{ matrix.job.platform }}/release/apimain debian-build/${{ matrix.job.platform }}/bin/rustdesk-api 
          mv ${{ matrix.job.platform }}/release/resources/admin resources
          chmod -v a+x debian-build/${{ matrix.job.platform }}/bin/*
          mkdir -p data
          cp -vr debian systemd conf data resources runtime debian-build/${{ matrix.job.platform }}/
          cat debian/control.tpl | sed 's/{{ ARCH }}/${{ matrix.job.debian_platform }}/' > debian-build/${{ matrix.job.platform }}/debian/control
          cd debian-build/${{ matrix.job.platform }}/
          debuild -i -us -uc -b -a${{ matrix.job.debian_platform}}
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: rustdesk-api-${{ matrix.job.debian_platform }}
          path: |
            debian-build/*.deb
      - name: Create Release
        uses: softprops/action-gh-release@v2
        with:
          files: |
            debian-build/rustdesk-api-server_*_${{ matrix.job.debian_platform }}.deb
  docker:
    name: Push Docker Image
    needs: build
@@ -191,7 +286,6 @@ jobs:
        run: |
          mkdir -p ${{ matrix.job.platform }}
          tar -xzf ${{ matrix.job.goos }}-${{ matrix.job.platform }}.tar.gz -C ${{ matrix.job.platform }}
          file ${{ matrix.job.platform }}/apimain
      - name: Build and push Docker image to Docker Hub ${{ matrix.job.platform }}
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}  # Only run this step if SKIP_DOCKER_HUB is false
@@ -209,6 +303,21 @@ jobs:
            ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-${{ matrix.job.platform }}
          labels: ${{ steps.meta.outputs.labels }}
      - name: Build and push Docker Full S6 image to Docker Hub ${{ matrix.job.platform }}
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}  # Only run this step if SKIP_DOCKER_HUB is false
        uses: docker/build-push-action@v5
        with:
          context: "."
          file: ./Dockerfile_full_s6
          platforms: ${{ matrix.job.docker_platform }}
          push: true
          provenance: false
          build-args: |
            BUILDARCH=${{ matrix.job.platform }}
          tags: |
            ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-${{ matrix.job.platform }}
          labels: ${{ steps.meta.outputs.labels }}
      - name: Build and push Docker image to GHCR ${{ matrix.job.platform }}
        if: ${{ env.SKIP_GHCR == 'false' }}  # Only run this step if SKIP_GHCR is false
        uses: docker/build-push-action@v5
@@ -225,6 +334,21 @@ jobs:
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-${{ matrix.job.platform }}
          labels: ${{ steps.meta.outputs.labels }}
      - name: Build and push Docker Full S6 image to GHCR ${{ matrix.job.platform }}
        if: ${{ env.SKIP_GHCR == 'false' }}  # Only run this step if SKIP_GHCR is false
        uses: docker/build-push-action@v5
        with:
          context: "."
          file: ./Dockerfile
          platforms: ${{ matrix.job.docker_platform }}
          push: true
          provenance: false
          build-args: |
            BUILDARCH=${{ matrix.job.platform }}
          tags: |
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-${{ matrix.job.platform }}
          labels: ${{ steps.meta.outputs.labels }}
  #
  docker-manifest:
    name: Push Docker Manifest
@@ -257,7 +381,7 @@ jobs:
      - name: Create and push manifest Docker Hub (:version)
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}
-        uses: Noelware/docker-manifest-action@master
+        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}
          extra-images: ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-amd64,
@@ -267,7 +391,7 @@ jobs:
      - name: Create and push manifest GHCR (:version)
        if: ${{ env.SKIP_GHCR == 'false' }}
-        uses: Noelware/docker-manifest-action@master
+        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ghcr.io/${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}
          extra-images: ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-amd64,
@@ -278,7 +402,7 @@ jobs:
      - name: Create and push manifest Docker Hub (:latest)
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}
-        uses: Noelware/docker-manifest-action@master
+        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:latest
          extra-images: ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:latest-amd64,
@@ -288,11 +412,33 @@ jobs:
      - name: Create and push manifest GHCR (:latest)
        if: ${{ env.SKIP_GHCR == 'false' }}
-        uses: Noelware/docker-manifest-action@master
+        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ghcr.io/${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:latest
          extra-images: ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:latest-amd64,
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:latest-armv7l,
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:latest-arm64
          push: true
          amend: true
      - name: Create and push Full S6 manifest Docker Hub (:version)
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}
        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:full-s6
          extra-images: ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-amd64,
            ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-armv7l,
            ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-arm64
          push: true
          amend: true
      - name: Create and push Full S6 manifest GHCR (:latest)
        if: ${{ env.SKIP_GHCR == 'false' }}
        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ghcr.io/${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:full-s6
          extra-images: ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-amd64,
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-armv7l,
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:full-s6-arm64
          push: true
          amend: true
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -0,0 +1,337 @@
 name: Build Test
 on:
  workflow_dispatch:
    inputs:
      BASE_IMAGE_NAMESPACE:
        description: 'Base image namespace (Default: Your Github username)'
        required: false
        default: ''
      DOCKERHUB_IMAGE_NAMESPACE:
        description: 'Docker Hub image namespace (Default: Your Github username)'
        required: false
        default: ''
      GHCR_IMAGE_NAMESPACE:
        description: 'GitHub Container Registry image namespace (Default: Your Github username)'
        required: false
        default: ''
      SKIP_DOCKER_HUB:
        description: 'Set to true to skip pushing to Docker Hub (default: false)'
        required: false
        default: 'false'
      SKIP_GHCR:
        description: 'Set to true to skip pushing to GHCR (default: false)'
        required: false
        default: 'false'
      WEBCLIENT_SOURCE_LOCATION:
        description: 'Web Client API Repository'
        required: true
        default: 'https://github.com/lejianwen/rustdesk-api-web'
 env:
  LATEST_TAG: latest
  WEBCLIENT_SOURCE_LOCATION: ${{ github.event.inputs.WEBCLIENT_SOURCE_LOCATION || 'https://github.com/lejianwen/rustdesk-api-web' }}
  BASE_IMAGE_NAMESPACE: ${{ github.event.inputs.BASE_IMAGE_NAMESPACE || github.actor }}
  DOCKERHUB_IMAGE_NAMESPACE: ${{ github.event.inputs.DOCKERHUB_IMAGE_NAMESPACE || github.actor }}
  GHCR_IMAGE_NAMESPACE: ${{ github.event.inputs.GHCR_IMAGE_NAMESPACE || github.actor }}
  SKIP_DOCKER_HUB: ${{ github.event.inputs.SKIP_DOCKER_HUB || 'false' }}
  SKIP_GHCR: ${{ github.event.inputs.SKIP_GHCR || 'false' }}
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        job:
          - { platform: "amd64", goos: "linux", file_ext: "tar.gz" }
          - { platform: "arm64", goos: "linux", file_ext: "tar.gz" }
          - { platform: "armv7l", goos: "linux", file_ext: "tar.gz" }
          - { platform: "amd64", goos: "windows", file_ext: "zip" }
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - uses: actions/checkout@v4
        with:
          repository: lejianwen/rustdesk-api-web
          path: rustdesk-api-web
          ref: master
      - name: Set up Go environment
        uses: actions/setup-go@v4
        with:
          go-version: '1.23'  # 选择 Go 版本
      - name: Set up npm
        uses: actions/setup-node@v2
        with:
          node-version: '20'
      - name: build rustdesk-api-web
        working-directory: rustdesk-api-web
        run: |
          npm install
          npm run build
          mkdir -p ../resources/admin/
          cp -ar dist/* ../resources/admin/
      - name: tidy
        run: go mod tidy
      - name: swag
        run: |
          go install github.com/swaggo/swag/cmd/swag@latest
          swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin
          swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
      - name: Build for ${{ matrix.job.goos }}-${{ matrix.job.platform }}
        run: |
          mkdir release -p
          cp -ar resources release/
          cp -ar docs release/
          cp -ar conf release/
          mkdir -p release/data
          mkdir -p release/runtime
          if [ "${{ matrix.job.goos }}" = "windows" ]; then
            sudo apt-get install gcc-mingw-w64-x86-64 zip -y
            GOOS=${{ matrix.job.goos }} GOARCH=${{ matrix.job.platform }} CC=x86_64-w64-mingw32-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain.exe ./cmd/apimain.go
            echo @echo off > release/start.bat
            echo cmd /c \"%~dp0apimain.exe\" >> release/start.bat
            zip -r ${{ matrix.job.goos}}-${{ matrix.job.platform }}.${{matrix.job.file_ext}} ./release
          else
            if [ "${{ matrix.job.platform }}" = "arm64" ]; then
                wget https://musl.ljw.red/aarch64-linux-musl-cross.tgz
                tar -xf aarch64-linux-musl-cross.tgz
                export PATH=$PATH:$PWD/aarch64-linux-musl-cross/bin
                GOOS=${{ matrix.job.goos }} GOARCH=${{ matrix.job.platform }} CC=aarch64-linux-musl-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain ./cmd/apimain.go
            elif [ "${{ matrix.job.platform }}" = "armv7l" ]; then
                wget https://musl.ljw.red/armv7l-linux-musleabihf-cross.tgz
                tar -xf armv7l-linux-musleabihf-cross.tgz
                export PATH=$PATH:$PWD/armv7l-linux-musleabihf-cross/bin
                GOOS=${{ matrix.job.goos }} GOARCH=arm GOARM=7 CC=armv7l-linux-musleabihf-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain ./cmd/apimain.go
            else
              sudo apt-get install musl musl-dev musl-tools -y
              GOOS=${{ matrix.job.goos }} GOARCH=${{ matrix.job.platform }} CC=musl-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain ./cmd/apimain.go
            fi
            tar -czf ${{ matrix.job.goos}}-${{ matrix.job.platform }}.${{matrix.job.file_ext}} ./release
          fi
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: rustdesk-api-${{ matrix.job.goos }}-${{ matrix.job.platform }}
          path: |
            ${{ matrix.job.goos}}-${{ matrix.job.platform }}.${{matrix.job.file_ext}}
      - name: Upload to GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          files: |
            ${{ matrix.job.goos}}-${{ matrix.job.platform }}.${{matrix.job.file_ext}}
          tag_name: test
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  deb-package:
    name: debian package - ${{ matrix.job.platform }}
    needs: build
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        job:
          - { platform: "amd64", goos: "linux", debian_platform: "amd64", crossbuild_package: ""}
          - { platform: "arm64", goos: "linux", debian_platform: "arm64", crossbuild_package: "crossbuild-essential-arm64" }
          - { platform: "armv7l", goos: "linux", debian_platform: "armhf", crossbuild_package: "crossbuild-essential-armhf" }
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Create packaging env
        run: |
          sudo apt update
          DEBIAN_FRONTEND=noninteractive sudo apt install -y devscripts build-essential debhelper pkg-config ${{ matrix.job.crossbuild_package }}
          mkdir -p debian-build/${{ matrix.job.platform }}/bin
      - name: Download binaries
        uses: actions/download-artifact@v4
        with:
          name: rustdesk-api-${{ matrix.job.goos }}-${{ matrix.job.platform }}
          path: .
      - name: Unzip binaries
        run: |
          mkdir -p ${{ matrix.job.platform }}
          tar -xzf ${{ matrix.job.goos }}-${{ matrix.job.platform }}.tar.gz -C ${{ matrix.job.platform }}
      - name: Build package for ${{ matrix.job.platform }} arch
        run: |
          mv ${{ matrix.job.platform }}/release/apimain debian-build/${{ matrix.job.platform }}/bin/rustdesk-api 
          chmod -v a+x debian-build/${{ matrix.job.platform }}/bin/*
          mkdir -p data
          cp -vr debian systemd conf data resources runtime debian-build/${{ matrix.job.platform }}/
          cat debian/control.tpl | sed 's/{{ ARCH }}/${{ matrix.job.debian_platform }}/' > debian-build/${{ matrix.job.platform }}/debian/control
          cd debian-build/${{ matrix.job.platform }}/
          debuild -i -us -uc -b -a${{ matrix.job.debian_platform}}
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: rustdesk-api-${{ matrix.job.debian_platform }}
          path: |
            debian-build/*.deb
      - name: Upload to GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: test
          files: |
            debian-build/rustdesk-api-server_*_${{ matrix.job.debian_platform }}.deb
  docker:
    name: Push Docker Image
    needs: build
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        job:
          - { platform: "amd64", goos: "linux",  docker_platform: "linux/amd64" }
          - { platform: "arm64", goos: "linux",  docker_platform: "linux/arm64" }
          - { platform: "armv7l", goos: "linux",  docker_platform: "linux/arm/v7" }
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Log in to Docker Hub
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}  # Only log in if SKIP_DOCKER_HUB is false
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
      - name: Log in to GitHub Container Registry
        if: ${{ env.SKIP_GHCR == 'false' }}  # Only log in if GHCR push is enabled
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Extract version from tag
        id: vars
        run: |
          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
            echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
          else
            echo "TAG=test" >> $GITHUB_ENV  # Default to 'test' if not a tag
          fi
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api
      - name: Download binaries
        uses: actions/download-artifact@v4
        with:
          name: rustdesk-api-${{ matrix.job.goos }}-${{ matrix.job.platform }}
          path: ./
      - name: Unzip binaries
        run: |
          mkdir -p ${{ matrix.job.platform }}
          tar -xzf ${{ matrix.job.goos }}-${{ matrix.job.platform }}.tar.gz -C ${{ matrix.job.platform }}
      - name: Build and push Docker image to Docker Hub ${{ matrix.job.platform }}
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}  # Only run this step if SKIP_DOCKER_HUB is false
        uses: docker/build-push-action@v5
        with:
          context: "."
          file: ./Dockerfile
          platforms: ${{ matrix.job.docker_platform }}
          push: true
          provenance: false
          build-args: |
            BUILDARCH=${{ matrix.job.platform }}
          tags: |
            ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-${{ matrix.job.platform }}
          labels: ${{ steps.meta.outputs.labels }}
      - name: Build and push Docker image to GHCR ${{ matrix.job.platform }}
        if: ${{ env.SKIP_GHCR == 'false' }}  # Only run this step if SKIP_GHCR is false
        uses: docker/build-push-action@v5
        with:
          context: "."
          file: ./Dockerfile
          platforms: ${{ matrix.job.docker_platform }}
          push: true
          provenance: false
          build-args: |
            BUILDARCH=${{ matrix.job.platform }}
          tags: |
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-${{ matrix.job.platform }}
          labels: ${{ steps.meta.outputs.labels }}
  #
  docker-manifest:
    name: Push Docker Manifest
    needs: docker
    runs-on: ubuntu-latest
    steps:
      - name: Extract version from tag
        id: vars
        run: |
          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
            echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
          else
            echo "TAG=test" >> $GITHUB_ENV  # Default to 'test' if not a tag
          fi
      - name: Log in to Docker Hub
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}  # Only log in if Docker Hub push is enabled
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
      - name: Log in to GitHub Container Registry
        if: ${{ env.SKIP_GHCR == 'false' }}  # Only log in if GHCR push is enabled
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Create and push manifest Docker Hub (:version)
        if: ${{ env.SKIP_DOCKER_HUB == 'false' }}
        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}
          extra-images: ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-amd64,
            ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-armv7l,
            ${{ env.DOCKERHUB_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-arm64
          push: true
      - name: Create and push manifest GHCR (:version)
        if: ${{ env.SKIP_GHCR == 'false' }}
        uses: Noelware/docker-manifest-action@v0.2.3
        with:
          base-image: ghcr.io/${{ env.BASE_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}
          extra-images: ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-amd64,
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-armv7l,
            ghcr.io/${{ env.GHCR_IMAGE_NAMESPACE }}/rustdesk-api:${{ env.TAG }}-arm64
          push: true
          amend: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,95 +0,0 @@
 name: Build and Release
 on:
  workflow_dispatch:
 #    tags:
 #      - 'v*.*.*'  # 当推送带有版本号的 tag（例如 v1.0.0）时触发工作流
 #on:
 #  push:
 #    branches: [ "master" ]
 #  pull_request:
 #    branches: [ "master" ]
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        goos: [ linux, windows ] # 指定要构建的操作系统
        goarch: [ amd64 ]         # 指定架构
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up Go environment
        uses: actions/setup-go@v4
        with:
          go-version: '1.22'  # 选择 Go 版本
      - name: Set up npm
        uses: actions/setup-node@v2
        with:
          node-version: '20'
      - name: install gcc zip musl
        run: |
          if [ "${{ matrix.goos }}" = "windows" ]; then
            sudo apt-get install gcc-mingw-w64-x86-64 zip -y
          else
            sudo apt-get install musl musl-dev musl-tools -y
          fi
      - name: build rustdesk-api-web
        run: |
          git clone https://github.com/lejianwen/rustdesk-api-web
          cd rustdesk-api-web
          npm install
          npm run build
          mkdir ../resources/admin/ -p
          cp -ar dist/* ../resources/admin/
      - name: tidy
        run: go mod tidy
      - name: swag
        run: |
          go install github.com/swaggo/swag/cmd/swag@latest
          swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin
          swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
      - name: Build for ${{ matrix.goos }}-${{ matrix.goarch }}
        run: |
          mkdir release -p
          cp -ar resources release/
          cp -ar docs release/
          cp -ar conf release/
          mkdir -p release/data
          mkdir -p release/runtime
          if [ "${{ matrix.goos }}" = "windows" ]; then
            GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} CC=x86_64-w64-mingw32-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain.exe ./cmd/apimain.go
            zip -r ${{ matrix.goos}}-${{ matrix.goarch }}.zip ./release
          else
            GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} CC=musl-gcc CGO_LDFLAGS="-static" CGO_ENABLED=1 go build -ldflags "-s -w" -o ./release/apimain ./cmd/apimain.go
            tar -czf ${{ matrix.goos}}-${{ matrix.goarch }}.tar.gz ./release 
          fi
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: myapp-${{ matrix.goos }}-${{ matrix.goarch }}
          path: |
            ${{ matrix.goos}}-${{ matrix.goarch }}.tar.gz
            ${{ matrix.goos}}-${{ matrix.goarch }}.zip
      - name: Upload to GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          files: |
            ${{ matrix.goos}}-${{ matrix.goarch }}.tar.gz
            ${{ matrix.goos}}-${{ matrix.goarch }}.zip
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,8 @@
 .idea
 runtime/*
-!runtime/cache/.gitignore
+!runtime
 !runtime/cache/.gitkeep
 go.sum
-resources/*
+resources/admin
 !resources/public/upload/.gitignore
 !resources/web
 !resources/i18n
 release
-data
+data/rustdeskapi.db
--- a/3
+++ b/3
@@ -2,9 +2,8 @@ FROM alpine
 ARG BUILDARCH
 WORKDIR /app
-RUN apk add --no-cache tzdata file
+RUN apk add --no-cache tzdata
 COPY ./${BUILDARCH}/release /app/
 RUN file /app/apimain
 VOLUME /app/data
 EXPOSE 21114
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -0,0 +1,94 @@
 # Use build arguments for Go version and architecture
 ARG GO_VERSION=1.22
 ARG BUILDARCH=amd64
 # Stage 1: Builder Stage
 # FROM golang:${GO_VERSION}-alpine AS builder
 FROM crazymax/xgo:${GO_VERSION} AS builder-backend
 # Set up working directory
 WORKDIR /app
 # Step 1: Copy the source code
 COPY . .
 # use --mount=type=cache,target=/go/pkg/mod to cache the go mod
 # Step 2: Download dependencies
 RUN --mount=type=cache,target=/go/pkg/mod \
    go mod tidy && go mod download && go install github.com/swaggo/swag/cmd/swag@latest
 # Step 3: Run swag build script
 RUN --mount=type=cache,target=/go/pkg/mod \
    swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin && \
    swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api 
 # Step 4: Build the Go application with CGO enabled and specified ldflags
 RUN --mount=type=cache,target=/go/pkg/mod \
    CGO_ENABLED=1 GOOS=linux go build -a \
    -ldflags "-s -w --extldflags '-static -fpic'" \
    -installsuffix cgo -o release/apimain cmd/apimain.go
 # Stage 2: Frontend Build Stage (builder2)
 FROM node:18-alpine AS builder-admin-frontend
 # Set working directory
 WORKDIR /frontend
 ARG COUNTRY
 # Install required tools without caching index to minimize image size
 RUN if [ "$COUNTRY" = "CN" ] ; then \
        echo "It is in China, updating the repositories"; \
        sed -i 's#https\?://dl-cdn.alpinelinux.org/alpine#https://mirrors.tuna.tsinghua.edu.cn/alpine#g' /etc/apk/repositories; \
    fi && \
    apk update && apk add --no-cache git
 ARG FRONTEND_GIT_REPO=https://github.com/lejianwen/rustdesk-api-web.git
 ARG FRONTEND_GIT_BRANCH=master
 # Clone the frontend repository
 RUN git clone -b $FRONTEND_GIT_BRANCH $FRONTEND_GIT_REPO .
 # Install required tools without caching index to minimize image size
 RUN if [ "$COUNTRY" = "CN" ] ; then \
        echo "It is in China, updating NPM_CONFIG_REGISTRY"; \
        export NPM_CONFIG_REGISTRY="https://mirrors.huaweicloud.com/repository/npm/"; \
    fi && \
    npm install && npm run build
 # Stage 2: Final Image
 FROM alpine:latest
 # Set up working directory
 WORKDIR /app
 # Install necessary runtime dependencies
 # Install required tools without caching index to minimize image size
 ARG COUNTRY
 RUN if [ "$COUNTRY" = "CN" ] ; then \
        echo "It is in China, updating the repositories"; \
        sed -i 's#https\?://dl-cdn.alpinelinux.org/alpine#https://mirrors.tuna.tsinghua.edu.cn/alpine#g' /etc/apk/repositories; \
    fi && \
    apk update && apk add --no-cache tzdata file
 # Copy the built application and resources from the builder stage
 COPY --from=builder-backend /app/release /app/
 COPY --from=builder-backend /app/conf /app/conf/
 COPY --from=builder-backend /app/resources /app/resources/
 COPY --from=builder-backend /app/docs /app/docs/
 # Copy frontend build from builder2 stage
 COPY --from=builder-admin-frontend /frontend/dist/ /app/resources/admin/
 # Ensure the binary is correctly built and linked
 RUN file /app/apimain && \
    mkdir -p /app/data && \
    mkdir -p /app/runtime
 # Set up a volume for persistent data
 VOLUME /app/data
 # Expose the necessary port
 EXPOSE 21114
 # Define the command to run the application
 CMD ["./apimain"]
--- a/38
+++ b/38
@@ -0,0 +1,38 @@
 FROM rustdesk/rustdesk-server-s6:latest AS server
 FROM alpine
 ARG BUILDARCH
 WORKDIR /app
 RUN apk add --no-cache tzdata
 COPY ./${BUILDARCH}/release /app/
 COPY --from=server /init /init
 COPY --from=server /etc/s6-overlay /etc/s6-overlay
 COPY --from=server /package /package
 COPY --from=server /usr/bin/healthcheck.sh /usr/bin/healthcheck.sh
 COPY --from=server /usr/bin/hbbr /usr/bin/hbbr
 COPY --from=server /usr/bin/hbbs /usr/bin/hbbs
 COPY --from=server /usr/bin/rustdesk-utils /usr/bin/rustdesk-utils
 COPY --from=server /command /command
 RUN \
  mkdir -p /etc/s6-overlay/s6-rc.d/api && \
  echo -e "key-secret\nhbbs" > /etc/s6-overlay/s6-rc.d/api/dependencies && \
  echo "longrun" > /etc/s6-overlay/s6-rc.d/api/type && \
  echo "#!/command/with-contenv sh" > /etc/s6-overlay/s6-rc.d/api/run && \
  echo "cd /app" >> /etc/s6-overlay/s6-rc.d/api/run && \
  echo "./apimain" >> /etc/s6-overlay/s6-rc.d/api/run && \
  touch /etc/s6-overlay/s6-rc.d/user/contents.d/api && \
  echo "/package/admin/s6/command/s6-svstat /run/s6-rc/servicedirs/api || exit 1" >> /usr/bin/healthcheck.sh && \
  ln -s /run /var/run
 ENV RELAY=relay.example.com
 ENV ENCRYPTED_ONLY=0
 VOLUME /data
 VOLUME /app/data
 EXPOSE 21114 21115 21116 21116/udp 21117 21118 21119
 ENTRYPOINT ["/init"]
--- a/21
+++ b/21
@@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2024-present Lejianwen and contributors
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@@ -4,11 +4,12 @@
 本项目使用 Go 实现了 RustDesk 的 API，并包含了 Web Admin 和 Web 客户端。RustDesk 是一个远程桌面软件，提供了自托管的解决方案。
- <div align=center>
+<div align=center>
 <img src="https://img.shields.io/badge/golang-1.22-blue"/>
 <img src="https://img.shields.io/badge/gin-v1.9.0-lightBlue"/>
 <img src="https://img.shields.io/badge/gorm-v1.25.7-green"/>
 <img src="https://img.shields.io/badge/swag-v1.16.3-yellow"/>
 <img src="https://goreportcard.com/badge/github.com/lejianwen/rustdesk-api/v2"/>
 <img src="https://github.com/lejianwen/rustdesk-api/actions/workflows/build.yml/badge.svg"/>
 </div>
@@ -19,7 +20,10 @@
    - 登录
    - 地址簿
    - 群组
-    - 授权登录，支持`github`和`google`登录，支持`web后台`授权登录
+    - 授权登录
      - 支持`github`, `google` 和 `OIDC` 登录，
      - 支持`web后台`授权登录
      - 支持`LDAP`(AD和OpenLDAP已测试), 如果API Server配置了LDAP
    - i18n
 - Web Admin
    - 用户管理
@@ -28,116 +32,96 @@
    - 标签管理
    - 群组管理
    - Oauth 管理
    - 配置LDAP, 配置文件或者环境变量
    - 登录日志
    - 链接日志
    - 文件传输日志
    - 快速使用web client
    - i18n
    - 通过 web client 分享给游客
    - server控制(一些官方的简单的指令 [WIKI](https://github.com/lejianwen/rustdesk-api/wiki/Rustdesk-Command))
 - Web Client
    - 自动获取API server
    - 自动获取ID服务器和KEY
    - 自动获取地址簿
    - 游客通过临时分享链接直接远程到设备
-
+    - v2 Preview
-## 使用前准备
+- CLI
-
+    - 重置管理员密码
 ### [Rustdesk](https://github.com/rustdesk/rustdesk)
 #### PC客户端使用的是 ***1.3.0***，经测试 ***1.2.6+*** 都可以
 #### 关于PC端链接超时或者链接不上的问题以及解决方案
 ##### 链接不上或者超时
 因为server端相对于客户端落后版本，server不会响应客户端的`secure_tcp`请求，所以客户端超时。
 相关代码代码位置在`https://github.com/rustdesk/rustdesk/blob/master/src/client.rs#L322`
  ```rust
    if !key.is_empty() && !token.is_empty() {
    // mainly for the security of token
    allow_err!(secure_tcp(&mut socket, key).await);
    }
  ```
  可看到当`key`和`token`都不为空时，会调用`secure_tcp`，但是server端不会响应，所以客户端超时
  `secure_tcp` 代码位置在 `https://github.com/rustdesk/rustdesk/blob/master/src/common.rs#L1203`
 ##### 4种解决方案
 1. server端指定key。
    - 优点：简单
    - 缺点：链接不是加密的
       ```bash
       hbbs -r <relay-server-ip[:port]> -k <key>
       hbbr -k <key>
       ```
       比如
       ```bash
         hbbs -r <relay-server-ip[:port]> -k abc1234567
         hbbr -k abc1234567
       ```
 2. server端使用系统生成的key，或者自定义的密钥对，但如果client已登录，链接时容易超时或者链接不上，可以退出登录后再链接就可以了，webclient可以不用退出登录
    - 优点：链接加密
    - 缺点：操作麻烦
 3. server端使用系统生成的key，或者自定义的密钥对，fork官方客户端的代码将`secure_tcp`修改成直接返回，然后通过`Github Actions`编译，下载编译后的客户端。
 参考[官方文档](https://rustdesk.com/docs/en/dev/build/all/)
    - 优点：链接加密，可以自定义客户端一些功能，编译后直接可用
    - 缺点：需要自己fork代码，编译，有点难度
 4. 使用[我fork的代码](https://github.com/lejianwen/rustdesk)，已经修改了`secure_tcp`，可以直接下载使用，[下载地址](https://github.com/lejianwen/rustdesk/releases)
    - 优点：代码改动可查看，`Github Actions`编译，链接加密，直接下载使用
    - 缺点：可能跟不上官方版本更新
 ***对链接加密要求不高的可以使用`1`，对链接加密要求高的可以使用`3`或`4`***
 ## 功能
 ### API 服务 
 基本实现了PC端基础的接口。支持Personal版本接口，可以通过配置文件`rustdesk.personal`或环境变量`RUSTDESK_API_RUSTDESK_PERSONAL`来控制是否启用
-#### 登录
+<table>
-
+    <tr>
- 添加了`github`和`google`授权登录，需要在后台配置好就可以用了，具体可看后台OAuth配置
+      <td width="50%" align="center" colspan="2"><b>登录</b></td>
- 添加了web后台授权登录,点击后直接登录后台就自动登录客户端了
+    </tr>
-
+    <tr>
-![pc_login](docs/pc_login.png)
+        <td width="50%" align="center" colspan="2"><img src="docs/pc_login.png"></td>
-
+    </tr>
-#### 地址簿
+     <tr>
-
+      <td width="50%" align="center"><b>地址簿</b></td>
-![pc_ab](docs/pc_ab.png)
+      <td width="50%" align="center"><b>群组</b></td>
-
+    </tr>
-#### 群组
+    <tr>
-群组分为`共享组`和`普通组`，共享组中所有人都能看到小组成员的设备，普通组只有管理员能看到所有小组成员的设备
+        <td width="50%" align="center"><img src="docs/pc_ab.png"></td>
-
+        <td width="50%" align="center"><img src="docs/pc_gr.png"></td>
-![pc_gr](docs/pc_gr.png)
+    </tr>
 </table>
 ### Web Admin:
 * 使用前后端分离，提供用户友好的管理界面，主要用来管理和展示。前端代码在[rustdesk-api-web](https://github.com/lejianwen/rustdesk-api-web)
-* 后台访问地址是`http://<your server>[:port]/_admin/`初次安装管理员为用户名密码为`admin` `admin`，请即时更改密码
+* 后台访问地址是`http://<your server>[:port]/_admin/`
 * 初次安装管理员为用户名为`admin`，密码将在控制台打印，可以通过[命令行](#CLI)更改密码
  ![img.png](./docs/init_admin_pwd.png)
 1. 管理员界面
   ![web_admin](docs/web_admin.png)
 2. 普通用户界面
   ![web_user](docs/web_admin_user.png)
   右上角可以更改密码,可以切换语言，可以切换`白天/黑夜`模式
   ![web_resetpwd](docs/web_resetpwd.png)
-3. 分组可以自定义，方便管理，暂时支持两种类型: `共享组` 和 `普通组`
+3. 每个用户可以多个地址簿，也可以将地址簿共享给其他用户
-   ![web_admin_gr](docs/web_admin_gr.png)
+4. 分组可以自定义，方便管理，暂时支持两种类型: `共享组` 和 `普通组`
-4. 可以直接打开webclient，方便使用；也可以分享给游客，游客可以直接通过webclient远程到设备
+5. 可以直接打开webclient，方便使用；也可以分享给游客，游客可以直接通过webclient远程到设备
-
+6. Oauth,支持了`Github`, `Google` 以及 `OIDC`, 需要创建一个`OAuth App`，然后配置到后台
-   ![web_webclient](docs/admin_webclient.png)
+    - 对于`Google` 和 `Github`, `Issuer` 和 `Scopes`不需要填写.
-5. Oauth,暂时只支持了`Github`和`Google`, 需要创建一个`OAuth App`，然后配置到后台
+    - 对于`OIDC`, `Issuer`是必须的。`Scopes`是可选的，默认为 `openid,profile,email`. 确保可以获取 `sub`,`email` 和`preferred_username`
   ![web_admin_oauth](docs/web_admin_oauth.png)
    - `github oauth app`在`Settings`->`Developer settings`->`OAuth Apps`->`New OAuth App`
      中创建,地址 [https://github.com/settings/developers](https://github.com/settings/developers)
-    - `Authorization callback URL`填写`http://<your server[:port]>/api/oauth/callback`
+    - `Authorization callback URL`填写`http://<your server[:port]>/api/oidc/callback`
-      ，比如`http://127.0.0.1:21114/api/oauth/callback`
+      ，比如`http://127.0.0.1:21114/api/oidc/callback`
 7. 登录日志
 8. 链接日志
 9. 文件传输日志
 10. server控制
  - `简易模式`,已经界面化了一些简单的指令，可以直接在后台执行
    ![rustdesk_command_simple](./docs/rustdesk_command_simple.png)
  - `高级模式`,直接在后台执行指令
      * 可以官方指令
      * 可以添加自定义指令
      * 可以执行自定义指令
 11. **LDAP 支持**, 当在API Server上设置了LDAP(已测试AD和LDAP),可以通过LDAP中的用户信息进行登录 https://github.com/lejianwen/rustdesk-api/issues/114 ,如果LDAP验证失败，返回本地用户
 ### Web Client:
 1. 如果已经登录了后台，web client将自动直接登录
 2. 如果没登录后台，点击右上角登录即可，api server已经自动配置好了
   ![webclient_conf](docs/webclient_conf.png)
 3. 登录后，会自动同步ID服务器和KEY
 4. 登录后，会将地址簿自动保存到web client中，方便使用
 5. 现已支持`v2 Preview`，访问路径是`/webclient2`
   ![webclientv2](./docs/webclientv2.png)
 6. `v2 preview` 部署，参考[WIKI](https://github.com/lejianwen/rustdesk-api/wiki)
 ### 自动化文档: 使用 Swag 生成 API 文档，方便开发者理解和使用 API。
@@ -145,75 +129,73 @@
 2. PC端文档 `<youer server[:port]>/swagger/index.html`
   ![api_swag](docs/api_swag.png)
 ### CLI
 ```bash
 # 查看帮助
 ./apimain -h
 ```
 #### 重置管理员密码
 ```bash
 ./apimain reset-admin-pwd <pwd>
 ```
 ## 安装与运行
 ### 相关配置
 * [配置文件](./conf/config.yaml)
 * 参考`conf/config.yaml`配置文件，修改相关配置。
 * 如果`gorm.type`是`sqlite`，则不需要配置mysql相关配置。
 * 语言如果不设置默认为`zh-CN`
 ```yaml
 lang: "en"
 app:
  web-client: 1  # 1:启用 0:禁用
 gin:
  api-addr: "0.0.0.0:21114"
  mode: "release"
  resources-path: 'resources'
  trust-proxy: ""
 gorm:
  type: "sqlite"
  max-idle-conns: 10
  max-open-conns: 100
 mysql:
  username: "root"
  password: "111111"
  addr: "192.168.1.66:3308"
  dbname: "rustdesk"
 rustdesk:
  id-server: "192.168.1.66:21116"
  relay-server: "192.168.1.66:21117"
  api-server: "http://192.168.1.66:21114"
  key: "123456789"
  personal: 1
 logger:
  path: "./runtime/log.txt"
  level: "warn" #trace,debug,info,warn,error,fatal
  report-caller: true
 proxy:
  enable: false
  host: ""
 ```
 ### 环境变量
-变量名前缀是`RUSTDESK_API`，环境变量如果存在将覆盖配置文件中的配置
+环境变量和配置文件`conf/config.yaml`中的配置一一对应，变量名前缀是`RUSTDESK_API`
 下面表格并未全部列出，可以参考`conf/config.yaml`中的配置。
-| 变量名                                | 说明                                   | 示例                          |
+| 变量名                                                    | 说明                                                                             | 示例                           |
-|------------------------------------|--------------------------------------|-----------------------------|
+|--------------------------------------------------------|--------------------------------------------------------------------------------|------------------------------|
-| TZ                                 | 时区                                   | Asia/Shanghai               |
+| TZ                                                     | 时区                                                                             | Asia/Shanghai                |
-| RUSTDESK_API_LANG                  | 语言                                   | `en`,`zh-CN`                |
+| RUSTDESK_API_LANG                                      | 语言                                                                             | `en`,`zh-CN`                 |
-| RUSTDESK_API_APP_WEB_CLIENT        | 是否启用web-client; 1:启用,0:不启用; 默认启用     | 1                           |
+| RUSTDESK_API_APP_WEB_CLIENT                            | 是否启用web-client; 1:启用,0:不启用; 默认启用                                               | 1                            |
-| -----GIN配置-----                    | ----------                           | ----------                  |
+| RUSTDESK_API_APP_REGISTER                              | 是否开启注册; `true`, `false`  默认`false`                                             | `false`                      |
-| RUSTDESK_API_GIN_TRUST_PROXY       | 信任的代理IP列表，以`,`分割，默认信任所有              | 192.168.1.2,192.168.1.3     |
+| RUSTDESK_API_APP_SHOW_SWAGGER                          | 是否可见swagger文档;`1`显示，`0`不显示，默认`0`不显示                                            | `1`                          |
-| -----------GORM配置----------------  | ------------------------------------ | --------------------------- |
+| RUSTDESK_API_APP_TOKEN_EXPIRE                          | token有效时长                                                                      | `168h`                       |
-| RUSTDESK_API_GORM_TYPE             | 数据库类型sqlite或者mysql，默认sqlite          | sqlite                      |
+| RUSTDESK_API_APP_DISABLE_PWD_LOGIN                     | 是否禁用密码登录;  `true`, `false`  默认`false`                                          | `false`                      |
-| RUSTDESK_API_GORM_MAX_IDLE_CONNS   | 数据库最大空闲连接数                           | 10                          |
+| RUSTDESK_API_APP_REGISTER_STATUS                       | 注册用户默认状态; 1 启用，2 禁用, 默认 1                                                      | `1`                          |
-| RUSTDESK_API_GORM_MAX_OPEN_CONNS   | 数据库最大打开连接数                           | 100                         |
+| RUSTDESK_API_APP_CAPTCHA_THRESHOLD                     | 验证码触发次数; -1 不启用， 0 一直启用， >0 登录错误次数后启用 ;默认 `3`                                  | `3`                          |
-| RUSTDESK_API_RUSTDESK_PERSONAL     | 是否启用个人版API， 1:启用,0:不启用； 默认启用         | 1                           |
+| RUSTDESK_API_APP_BAN_THRESHOLD                         | 封禁IP触发次数; 0 不启用, >0 登录错误次数后封禁IP; 默认 `0`                                        | `0`                          |
-| -----MYSQL配置-----                  | ----------                           | ----------                  |
+| -----ADMIN配置-----                                      | ----------                                                                     | ----------                   |
-| RUSTDESK_API_MYSQL_USERNAME        | mysql用户名                             | root                        |
+| RUSTDESK_API_ADMIN_TITLE                               | 后台标题                                                                           | `RustDesk Api Admin`         |
-| RUSTDESK_API_MYSQL_PASSWORD        | mysql密码                              | 111111                      |
+| RUSTDESK_API_ADMIN_HELLO                               | 后台欢迎语，可以使用`html`                                                               |                              |
-| RUSTDESK_API_MYSQL_ADDR            | mysql地址                              | 192.168.1.66:3306           |
+| RUSTDESK_API_ADMIN_HELLO_FILE                          | 后台欢迎语文件，如果内容多，使用文件更方便。<br>会覆盖`RUSTDESK_API_ADMIN_HELLO`                        | `./conf/admin/hello.html`    |
-| RUSTDESK_API_MYSQL_DBNAME          | mysql数据库名                            | rustdesk                    |
+| -----GIN配置-----                                        | ----------                                                                     | ----------                   |
-| -----RUSTDESK配置-----               | ---------------                      | ----------                  |
+| RUSTDESK_API_GIN_TRUST_PROXY                           | 信任的代理IP列表，以`,`分割，默认信任所有                                                        | 192.168.1.2,192.168.1.3      |
-| RUSTDESK_API_RUSTDESK_ID_SERVER    | Rustdesk的id服务器地址                     | 192.168.1.66:21116          |
+| -----GORM配置-----                                       | ----------                                                                     | ---------------------------  |
-| RUSTDESK_API_RUSTDESK_RELAY_SERVER | Rustdesk的relay服务器地址                  | 192.168.1.66:21117          |
+| RUSTDESK_API_GORM_TYPE                                 | 数据库类型sqlite或者mysql，默认sqlite                                                    | sqlite                       |
-| RUSTDESK_API_RUSTDESK_API_SERVER   | Rustdesk的api服务器地址                    | http://192.168.1.66:21114   |
+| RUSTDESK_API_GORM_MAX_IDLE_CONNS                       | 数据库最大空闲连接数                                                                     | 10                           |
-| RUSTDESK_API_RUSTDESK_KEY          | Rustdesk的key                         | 123456789                   |
+| RUSTDESK_API_GORM_MAX_OPEN_CONNS                       | 数据库最大打开连接数                                                                     | 100                          |
-| ----PROXY配置-----                   | ---------------                      | ----------                  |
+| RUSTDESK_API_RUSTDESK_PERSONAL                         | 是否启用个人版API， 1:启用,0:不启用； 默认启用                                                   | 1                            |
-| RUSTDESK_API_PROXY_ENABLE          | 是否启用代理:`false`, `true`               | `false`                     |
+| -----MYSQL配置-----                                      | ----------                                                                     | ----------                   |
-| RUSTDESK_API_PROXY_HOST            | 代理地址                                 | `http://127.0.0.1:1080`     |
+| RUSTDESK_API_MYSQL_USERNAME                            | mysql用户名                                                                       | root                         |
 | RUSTDESK_API_MYSQL_PASSWORD                            | mysql密码                                                                        | 111111                       |
 | RUSTDESK_API_MYSQL_ADDR                                | mysql地址                                                                        | 192.168.1.66:3306            |
 | RUSTDESK_API_MYSQL_DBNAME                              | mysql数据库名                                                                      | rustdesk                     |
 | -----RUSTDESK配置-----                                   | ----------                                                                     | ----------                   |
 | RUSTDESK_API_RUSTDESK_ID_SERVER                        | Rustdesk的id服务器地址                                                               | 192.168.1.66:21116           |
 | RUSTDESK_API_RUSTDESK_RELAY_SERVER                     | Rustdesk的relay服务器地址                                                            | 192.168.1.66:21117           |
 | RUSTDESK_API_RUSTDESK_API_SERVER                       | Rustdesk的api服务器地址                                                              | http://192.168.1.66:21114    |
 | RUSTDESK_API_RUSTDESK_KEY                              | Rustdesk的key                                                                   | 123456789                    |
 | RUSTDESK_API_RUSTDESK_KEY_FILE                         | Rustdesk存放key的文件                                                               | `./conf/data/id_ed25519.pub` |
 | RUSTDESK_API_RUSTDESK_WEBCLIENT<br/>_MAGIC_QUERYONLINE | Web client v2 中是否启用新的在线状态查询方法; `1`:启用,`0`:不启用,默认不启用                            | `0`                          |
 | RUSTDESK_API_RUSTDESK_WS_HOST                          | 自定义Websocket Host                                                              | `wss://192.168.1.123:1234`   |
 | ----PROXY配置-----                                       | ----------                                                                     | ----------                   |
 | RUSTDESK_API_PROXY_ENABLE                              | 是否启用代理:`false`, `true`                                                         | `false`                      |
 | RUSTDESK_API_PROXY_HOST                                | 代理地址                                                                           | `http://127.0.0.1:1080`      |
 | ----JWT配置----                                          | --------                                                                       | --------                     |
 | RUSTDESK_API_JWT_KEY                                   | 自定义JWT KEY,为空则不启用JWT<br/>如果没使用`lejianwen/rustdesk-server`中的`MUST_LOGIN`，建议设置为空 |                              |
 | RUSTDESK_API_JWT_EXPIRE_DURATION                       | JWT有效时间                                                                        | `168h`                       |
 ### 运行
@@ -234,189 +216,8 @@ proxy:
    lejianwen/rustdesk-api
    ```
-2. 使用`docker compose`
+2. 使用`docker compose`，参考[WIKI](https://github.com/lejianwen/rustdesk-api/wiki)
   - 简单示例
   ```yaml
   services:
      rustdesk-api:
       container_name: rustdesk-api
       environment:
         - TZ=Asia/Shanghai
         - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
         - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
         - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
         - RUSTDESK_API_RUSTDESK_KEY=<key>
       ports:
         - 21114:21114
       image: lejianwen/rustdesk-api
       volumes:
         - /data/rustdesk/api:/app/data #将数据库挂载出来方便备份
       networks:
         - rustdesk-net
       restart: unless-stopped
   ```
   - 根据rustdesk官方提供的示例，加上自己的rustdesk-api
     - 如果是使用的系统生成的KEY，去掉`-k <key>`参数，在启动后运行`docker-compose logs hbbs`或者`cat ./data/id_ed25519.pub`查看KEY，然后再修改`RUSTDESK_API_RUSTDESK_KEY=<key>`再执行`docker-compose up -d`
      ```yaml
      networks:
        rustdesk-net:
          external: false
      services:
        hbbs:
          container_name: hbbs
          ports:
            - 21115:21115
            - 21116:21116 # 自定义 hbbs 映射端口
            - 21116:21116/udp # 自定义 hbbs 映射端口
            - 21118:21118 # web client
          image: rustdesk/rustdesk-server
          command: hbbs -r <relay-server-ip[:port]> -k <key> # 填入个人域名或 IP + hbbr 暴露端口
          volumes:
            - ./data:/root # 自定义挂载目录
          networks:
            - rustdesk-net
          depends_on:
            - hbbr
          restart: unless-stopped
          deploy:
            resources:
              limits:
                memory: 64M
        hbbr:
          container_name: hbbr
          ports:
            - 21117:21117 # 自定义 hbbr 映射端口
            - 21119:21119 # web client
          image: rustdesk/rustdesk-server
          command: hbbr -k <key>
          volumes:
            - ./data:/root
          networks:
            - rustdesk-net
          restart: unless-stopped
          deploy:
            resources:
              limits:
                memory: 64M
        rustdesk-api:
          container_name: rustdesk-api
          environment:
            - TZ=Asia/Shanghai
            - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
            - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
            - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
            - RUSTDESK_API_RUSTDESK_KEY=<key>
          ports:
            - 21114:21114
          image: lejianwen/rustdesk-api
          volumes:
            - /data/rustdesk/api:/app/data #将数据库挂载出来方便备份
          networks:
            - rustdesk-net
          restart: unless-stopped
      ```
   - S6的镜像
     - 如果使用***自定义KEY***，会需要修改启动脚本，覆盖镜像中的`/etc/s6-overlay/s6-rc.d/hbbr/run`和`/etc/s6-overlay/s6-rc.d/hbbr/run`
         1. 创建`hbbr/run`，自定义KEY才需要
            ```bash
            #!/command/with-contenv sh
            cd /data
            PARAMS=
            [ "${ENCRYPTED_ONLY}" = "1" ] && PARAMS="-k ${KEY}"
            /usr/bin/hbbr $PARAMS
            ```
         2. 创建`hbbs/run`，自定义KEY才需要
             ```bash
             #!/command/with-contenv sh
             sleep 2
             cd /data
             PARAMS=
             [ "${ENCRYPTED_ONLY}" = "1" ] && PARAMS="-k ${KEY}"
             /usr/bin/hbbs -r $RELAY $PARAMS
             ```
         3. 修改`docker-compose.yml`中的`s6`部分
         ```yaml
         networks:
           rustdesk-net:
             external: false
         services:
           rustdesk-server:
             container_name: rustdesk-server
             ports:
               - 21115:21115
               - 21116:21116
               - 21116:21116/udp
               - 21117:21117
               - 21118:21118
               - 21119:21119
             image: rustdesk/rustdesk-server-s6:latest
             environment:
               - RELAY=192.168.1.66:21117
               - ENCRYPTED_ONLY=1
               - KEY=<key>  #自定义KEY
             volumes:
               - ./data:/data
               - ./hbbr/run:/etc/s6-overlay/s6-rc.d/hbbr/run 
               - ./hbbs/run:/etc/s6-overlay/s6-rc.d/hbbs/run 
             restart: unless-stopped
           rustdesk-api:
             container_name: rustdesk-api
             ports:
               - 21114:21114
             image: lejianwen/rustdesk-api
             environment:
               - TZ=Asia/Shanghai
               - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
               - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
               - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
               - RUSTDESK_API_RUSTDESK_KEY=<key>
             volumes:
               - /data/rustdesk/api:/app/data #将数据库挂载
             networks:
               - rustdesk-net
             restart: unless-stopped
         ```
   - 如果使用***系统生成的KEY***或者***自定义KEY_PUB,KEY_PRIV***，不需要修改启动脚本，但要在生成KEY后获取到KEY再`docker-compose up -d`
       ```yaml
       networks:
         rustdesk-net:
           external: false
       services:
         rustdesk-server:
           container_name: rustdesk-server
           ports:
             - 21115:21115
             - 21116:21116
             - 21116:21116/udp
             - 21117:21117
             - 21118:21118
             - 21119:21119
           image: rustdesk/rustdesk-server-s6:latest
           environment:
             - RELAY=192.168.1.66:21117
             - ENCRYPTED_ONLY=1
           volumes:
             - ./data:/data
           restart: unless-stopped
         rustdesk-api:
           container_name: rustdesk-api
           ports:
             - 21114:21114
           image: lejianwen/rustdesk-api
           environment:
             - TZ=Asia/Shanghai
             - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
             - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
             - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
             - RUSTDESK_API_RUSTDESK_KEY=<key> #系统生成的KEY
           volumes:
             - /data/rustdesk/api:/app/data #将数据库挂载
           networks:
             - rustdesk-net
           restart: unless-stopped
       ```
 #### 下载release直接运行
 [下载地址](https://github.com/lejianwen/rustdesk-api/releases)
@@ -454,27 +255,73 @@ proxy:
    #或者使用generate_api.go生成api并运行
    go generate generate_api.go
    ```
   > 注意：使用 `go run` 或编译后的二进制时，当前目录下必须存在 `conf` 和 `resources`
   > 目录。如果在其他目录运行，可通过 `-c` 和环境变量
   > `RUSTDESK_API_GIN_RESOURCES_PATH` 指定绝对路径，例如：
   > ```bash
   > RUSTDESK_API_GIN_RESOURCES_PATH=/opt/rustdesk-api/resources ./apimain -c /opt/rustdesk-api/conf/config.yaml
   > ```
 5. 编译，如果想自己编译,先cd到项目根目录，然后windows下直接运行`build.bat`,linux下运行`build.sh`,编译后会在`release`
   目录下生成对应的可执行文件。直接运行编译后的可执行文件即可。
 6. 打开浏览器访问`http://<your server[:port]>/_admin/`，默认用户名密码为`admin`，请及时更改密码。
-#### nginx反代
+
-在`nginx`中配置反代
+#### 使用`lejianwen/server-s6`镜像运行
-```
+
-server {
+- 已解决链接超时问题
-    listen <your port>;
+- 可以强制登录后才能发起链接
-    server_name <your server>;
+- github https://github.com/lejianwen/rustdesk-server
-    location / {
+
-        proxy_pass http://<api-server[:port]>;
+```yaml
-        proxy_set_header Host $host;
+ networks:
-        proxy_set_header X-Real-IP $remote_addr;
+   rustdesk-net:
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+     external: false
-        proxy_set_header X-Forwarded-Proto $scheme;
+ services:
-    }
+   rustdesk:
-}
+     ports:
       - 21114:21114
       - 21115:21115
       - 21116:21116
       - 21116:21116/udp
       - 21117:21117
       - 21118:21118
       - 21119:21119
     image: lejianwen/rustdesk-server-s6:latest
     environment:
       - RELAY=<relay_server[:port]>
       - ENCRYPTED_ONLY=1
       - MUST_LOGIN=N
       - TZ=Asia/Shanghai
       - RUSTDESK_API_RUSTDESK_ID_SERVER=<id_server[:21116]>
       - RUSTDESK_API_RUSTDESK_RELAY_SERVER=<relay_server[:21117]>
       - RUSTDESK_API_RUSTDESK_API_SERVER=http://<api_server[:21114]>
       - RUSTDESK_API_KEY_FILE=/data/id_ed25519.pub
       - RUSTDESK_API_JWT_KEY=xxxxxx # jwt key
     volumes:
       - /data/rustdesk/server:/data
       - /data/rustdesk/api:/app/data #将数据库挂载
     networks:
       - rustdesk-net
     restart: unless-stopped
 ```
 ## 其他
 - [WIKI](https://github.com/lejianwen/rustdesk-api/wiki)
 - [链接超时问题](https://github.com/lejianwen/rustdesk-api/issues/92)
 - [修改客户端ID](https://github.com/abdullah-erturk/RustDesk-ID-Changer)
- [webclient来源](https://hub.docker.com/r/keyurbhole/flutter_web_desk)
+- [webclient来源](https://hub.docker.com/r/keyurbhole/flutter_web_desk)
 ## 鸣谢
 感谢所有做过贡献的人!
 <a href="https://github.com/lejianwen/rustdesk-api/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=lejianwen/rustdesk-api" />
 </a>
 ## 感谢你的支持！如果这个项目对你有帮助，请点个⭐️鼓励一下，谢谢！
--- a/README_EN.md
+++ b/README_EN.md
@@ -8,6 +8,7 @@ desktop software that provides self-hosted solutions.
 <img src="https://img.shields.io/badge/gin-v1.9.0-lightBlue"/>
 <img src="https://img.shields.io/badge/gorm-v1.25.7-green"/>
 <img src="https://img.shields.io/badge/swag-v1.16.3-yellow"/>
 <img src="https://goreportcard.com/badge/github.com/lejianwen/rustdesk-api/v2"/>
 <img src="https://github.com/lejianwen/rustdesk-api/actions/workflows/build.yml/badge.svg"/>
 </div>
@@ -18,7 +19,10 @@ desktop software that provides self-hosted solutions.
    - Login
    - Address Book
    - Groups
-    - Authorized login, supports `GitHub` and `Google` login, supports `web admin` authorized login
+    - Authorized login, 
      - supports `GitHub`, `Google` and `OIDC` login, 
      - supports `web admin` authorized login, 
      - supports LDAP(test AD and openladp) if API Server config
    - i18n
 - Web Admin
    - User Management
@@ -27,123 +31,96 @@ desktop software that provides self-hosted solutions.
    - Tag Management
    - Group Management
    - OAuth Management
    - LDAP Config by config file or ENV
    - Login Logs
    - Connection Logs
    - File Transfer Logs
    - Quick access to web client
    - i18n
    - Share to guest by web client
    - Server control (some simple official commands [WIKI](https://github.com/lejianwen/rustdesk-api/wiki/Rustdesk-Command))
 - Web Client
    - Automatically obtain API server
    - Automatically obtain ID server and KEY
    - Automatically obtain address book
    - Visitors are remotely to the device via a temporary sharing link
-
+- CLI
-## Prerequisites
+    - Reset admin password
 ### [Rustdesk](https://github.com/rustdesk/rustdesk)
 #### The PC client uses version ***1.3.0***, and versions ***1.2.6+*** have been tested to work.
 #### Solutions for PC client connection timeout or connection issues
 ##### Connection issues or timeouts
 Because the server version lags behind the client version, the server does not respond to the client's `secure_tcp` request, causing the client to timeout.
  Relevant code can be found at `https://github.com/rustdesk/rustdesk/blob/master/src/client.rs#L322`
  ```rust
    if !key.is_empty() && !token.is_empty() {
    // mainly for the security of token
    allow_err!(secure_tcp(&mut socket, key).await);
    }
  ```
 As seen, when both `key` and `token` are not empty, `secure_tcp` is called, but the server does not respond, causing the client to timeout.
 The `secure_tcp` code is located at `https://github.com/rustdesk/rustdesk/blob/master/src/common.rs#L1203`
 ##### Four Solutions
 1. Specify the key on the server.
    - Advantage: Simple
    - Disadvantage: The connection is not encrypted
       ```bash
       hbbs -r <relay-server-ip[:port]> -k <key>
       hbbr -k <key>
       ```
      For example
       ```bash
         hbbs -r <relay-server-ip[:port]> -k abc1234567
         hbbr -k abc1234567
       ```
 2. Use a system-generated key or a custom key pair on the server. If the client is already logged in, it may timeout or fail to connect. Logging out and reconnecting usually resolves the issue, and the web client does not need to log out.
    - Advantage: Encrypted connection
    - Disadvantage: Complicated operation
 3. Use a system-generated key or a custom key pair on the server, fork the official client code to modify `secure_tcp` to return directly, then compile using `Github Actions` and download the compiled client.
   Refer to [official documentation](https://rustdesk.com/docs/en/dev/build/all/)
    - Advantage: Encrypted connection, customizable client features, ready to use after compilation
    - Disadvantage: Requires forking code and compiling, which can be challenging
 4. Use [my forked code](https://github.com/lejianwen/rustdesk), which has already modified `secure_tcp`. You can download and use it directly from [here](https://github.com/lejianwen/rustdesk/releases)
    - Advantage: Code changes are viewable, compiled with `Github Actions`, encrypted connection, ready to use
    - Disadvantage: May not keep up with official version updates
 ***If encryption is not a high priority, use `1`. If encryption is important, use `3` or `4`.***
 ## Overview
 ### API Service
 Basic implementation of the PC client's primary interfaces.Supports the Personal version api, which can be enabled by configuring the `rustdesk.personal` file or the `RUSTDESK_API_RUSTDESK_PERSONAL` environment variable.
-#### Login
+<table>
-
+    <tr>
- Added `GitHub` and `Google` login, which can be used after configuration in the admin panel. See the OAuth
+      <td width="50%" align="center" colspan="2"><b>Login</b></td>
-  configuration section for details.
+    </tr>
- Added authorization login for the web admin panel.
+    <tr>
-
+        <td width="50%" align="center" colspan="2"><img src="docs/en_img/pc_login.png"></td>
-![pc_login](docs/en_img/pc_login.png)
+    </tr>
-
+     <tr>
-#### Address Book
+      <td width="50%" align="center"><b>Address Book</b></td>
-
+      <td width="50%" align="center"><b>Groups</b></td>
-![pc_ab](docs/en_img/pc_ab.png)
+    </tr>
-
+    <tr>
-#### Groups
+        <td width="50%" align="center"><img src="docs/en_img/pc_ab.png"></td>
-Groups are divided into `shared groups` and `regular groups`. In shared groups, everyone can see the peers of all group members, while in regular groups, only administrators can see all members' peers.
+        <td width="50%" align="center"><img src="docs/en_img/pc_gr.png"></td>
-
+    </tr>
-![pc_gr](docs/en_img/pc_gr.png)
+</table>
 ### Web Admin
 * The frontend and backend are separated to provide a user-friendly management interface, primarily for managing and
 displaying data.Frontend code is available at [rustdesk-api-web](https://github.com/lejianwen/rustdesk-api-web)
-* Admin panel URL: `http://<your server[:port]>/_admin/`. The default username and password for the initial
+* Admin panel URL: `http://<your server[:port]>/_admin/`
-installation are `admin` `admin`, please change the password immediately.
+* For the initial installation, the admin username is `admin`, and the password will be printed in the console. You can change the password via the [command line](#CLI).
  ![img.png](./docs/init_admin_pwd.png)
 1. Admin interface:
   ![web_admin](docs/en_img/web_admin.png)
 2. Regular user interface:
   ![web_user](docs/en_img/web_admin_user.png)
   In the top right corner, you can change the password, switch languages, and toggle between `day/night` mode.
-   ![web_resetpwd](docs/en_img/web_resetpwd.png)
+3. Each user can have multiple address books, which can also be shared with other users.
-3. Groups can be customized for easy management. Currently, two types are supported: `shared group` and `regular group`.
+4. Groups can be customized for easy management. Currently, two types are supported: `shared group` and `regular group`.
-   ![web_admin_gr](docs/en_img/web_admin_gr.png)
+5. You can directly launch the client or open the web client for convenience; you can also share it with guests, who can remotely access the device via the web client.
-4. You can directly launch the client or open the web client for convenience; you can also share it with guests, who can remotely access the device via the web client.
+6. OAuth support: Currently, `GitHub`, `Google` and `OIDC`  are supported. You need to create an `OAuth App` and configure it in
   ![web_webclient](docs/en_img/admin_webclient.png)
 5. OAuth support: Currently, `GitHub` and `Google`  is supported. You need to create an `OAuth App` and configure it in
   the admin panel.
-   ![web_admin_oauth](docs/en_img/web_admin_oauth.png)
+    - For `Google` and `Github`, you don't need to fill the `Issuer` and `Scpoes`
    - For `OIDC`, you must set the `Issuer`. And `Scopes` is optional which default is `openid,email,profile`, please make sure this `Oauth App` can access `sub`, `email` and `preferred_username`
    - Create a `GitHub OAuth App`
      at `Settings` -> `Developer settings` -> `OAuth Apps` -> `New OAuth App` [here](https://github.com/settings/developers).
-    - Set the `Authorization callback URL` to `http://<your server[:port]>/api/oauth/callback`,
+    - Set the `Authorization callback URL` to `http://<your server[:port]>/api/oidc/callback`,
-      e.g., `http://127.0.0.1:21114/api/oauth/callback`.
+      e.g., `http://127.0.0.1:21114/api/oidc/callback`.
 7. Login logs
 8. Connection logs
 9. File transfer logs
 10. Server control
  - `Simple mode`, some simple commands have been GUI-ized and can be executed directly in the backend
    ![rustdesk_command_simple](./docs/en_img/rustdesk_command_simple.png)
  - `Advanced mode`, commands can be executed directly in the backend
    * Official commands can be used
    * Custom commands can be added
    * Custom commands can be executed
 11. **LDAP Support**, When you setup the LDAP(test for OpenLDAP and AD), you can login with the LDAP's user. https://github.com/lejianwen/rustdesk-api/issues/114 , if LDAP fail fallback local user
 ### Web Client:
 1. If you're already logged into the admin panel, the web client will log in automatically.
 2. If you're not logged in, simply click the login button in the top right corner, and the API server will be
   pre-configured.
   ![webclient_conf](docs/webclient_conf.png)
 3. After logging in, the ID server and key will be automatically synced.
 4. The address book will also be automatically saved to the web client for convenient use.
 5. Now supports `v2 Preview`, accessible at `/webclient2`
   ![webclientv2](./docs/webclientv2.png)
 6. `v2 preview` deployment, [WIKI](https://github.com/lejianwen/rustdesk-api/wiki)
 ### Automated Documentation : API documentation is generated using Swag, making it easier for developers to understand and use the API.
@@ -151,75 +128,73 @@ installation are `admin` `admin`, please change the password immediately.
 2. PC client docs: `<your server[:port]>/swagger/index.html`
   ![api_swag](docs/api_swag.png)
 ### CLI
 ```bash
 # help
 ./apimain -h
 ```
 #### Reset admin password
 ```bash
 ./apimain reset-admin-pwd <pwd>
 ```
 ## Installation and Setup
 ### Configuration
 * [Config File](./conf/config.yaml)
 * Modify the configuration in `conf/config.yaml`. 
 * If `gorm.type` is set to `sqlite`, MySQL-related configurations are not required.
 * Language support: `en` and `zh-CN` are supported. The default is `zh-CN`.
 ```yaml
 lang: "en"
 app:
  web-client: 1  # web client route 1:open 0:close  
 gin:
  api-addr: "0.0.0.0:21114"
  mode: "release"
  resources-path: 'resources'
  trust-proxy: ""
 gorm:
  type: "sqlite"
  max-idle-conns: 10
  max-open-conns: 100
 mysql:
  username: "root"
  password: "111111"
  addr: "192.168.1.66:3308"
  dbname: "rustdesk"
 rustdesk:
  id-server: "192.168.1.66:21116"
  relay-server: "192.168.1.66:21117"
  api-server: "http://192.168.1.66:21114"
  key: "123456789"
  personal: 1
 logger:
  path: "./runtime/log.txt"
  level: "warn" #trace,debug,info,warn,error,fatal
  report-caller: true
 proxy:
  enable: false
  host: ""
 ```
 ### Environment Variables
-The prefix for variable names is `RUSTDESK_API`. If environment variables exist, they will override the configurations in the configuration file.
+The environment variables correspond one-to-one with the configurations in the `conf/config.yaml` file. The prefix for variable names is `RUSTDESK_API`.
 The table below does not list all configurations. Please refer to the configurations in `conf/config.yaml`.
-| Variable Name                      | Description                                               | Example                       |
+| Variable Name                                          | Description                                                                                                                                         | Example                       |
-|------------------------------------|-----------------------------------------------------------|-------------------------------|
+|--------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------|
-| TZ                                 | timezone                                                  | Asia/Shanghai                 |
+| TZ                                                     | timezone                                                                                                                                            | Asia/Shanghai                 |
-| RUSTDESK_API_LANG                  | Language                                                  | `en`,`zh-CN`                  |
+| RUSTDESK_API_LANG                                      | Language                                                                                                                                            | `en`,`zh-CN`                  |
-| RUSTDESK_API_APP_WEB_CLIENT        | web client on/off; 1: on, 0 off, deault 1                 | 1                             |
+| RUSTDESK_API_APP_WEB_CLIENT                            | web client on/off; 1: on, 0 off, default: 1                                                                                                         | 1                             |
-| ----- GIN Configuration -----      | ---------------------------------------                   | ----------------------------- |
+| RUSTDESK_API_APP_REGISTER                              | register enable; `true`, `false`; default:`false`                                                                                                   | `false`                       |
-| RUSTDESK_API_GIN_TRUST_PROXY       | Trusted proxy IPs, separated by commas.                   | 192.168.1.2,192.168.1.3       |
+| RUSTDESK_API_APP_SHOW_SWAGGER                          | swagger visible; 1: yes, 0: no; default: 0                                                                                                          | `0`                           |
-| ----- GORM Configuration -----     | ---------------------------------------                   | ----------------------------- |
+| RUSTDESK_API_APP_TOKEN_EXPIRE                          | token expire duration                                                                                                                               | `168h`                        |
-| RUSTDESK_API_GORM_TYPE             | Database type (`sqlite` or `mysql`). Default is `sqlite`. | sqlite                        |
+| RUSTDESK_API_APP_DISABLE_PWD_LOGIN                     | disable password login                                                                                                                              | `false`                       |
-| RUSTDESK_API_GORM_MAX_IDLE_CONNS   | Maximum idle connections                                  | 10                            |
+| RUSTDESK_API_APP_REGISTER_STATUS                       | register user default status ; 1 enabled , 2 disabled ; default 1                                                                                   | `1`                           |
-| RUSTDESK_API_GORM_MAX_OPEN_CONNS   | Maximum open connections                                  | 100                           |
+| RUSTDESK_API_APP_CAPTCHA_THRESHOLD                     | captcha threshold; -1 disabled, 0 always enable, >0 threshold  ;default `3`                                                                         | `3`                           |
-| RUSTDESK_API_RUSTDESK_PERSONAL     | Open Personal Api 1:Enable,0:Disable                      | 1                             |
+| RUSTDESK_API_APP_BAN_THRESHOLD                         | ban ip threshold; 0 disabled, >0 threshold ; default `0`                                                                                            | `0`                           |
-| ----- MYSQL Configuration -----    | ---------------------------------------                   | ----------------------------- |
+| ----- ADMIN Configuration-----                         | ----------                                                                                                                                          | ----------                    |
-| RUSTDESK_API_MYSQL_USERNAME        | MySQL username                                            | root                          |
+| RUSTDESK_API_ADMIN_TITLE                               | Admin Title                                                                                                                                         | `RustDesk Api Admin`          |
-| RUSTDESK_API_MYSQL_PASSWORD        | MySQL password                                            | 111111                        |
+| RUSTDESK_API_ADMIN_HELLO                               | Admin welcome message, you can use `html`                                                                                                           |                               |
-| RUSTDESK_API_MYSQL_ADDR            | MySQL address                                             | 192.168.1.66:3306             |
+| RUSTDESK_API_ADMIN_HELLO_FILE                          | Admin welcome message file,<br>will override `RUSTDESK_API_ADMIN_HELLO`                                                                             | `./conf/admin/hello.html`     |
-| RUSTDESK_API_MYSQL_DBNAME          | MySQL database name                                       | rustdesk                      |
+| ----- GIN Configuration -----                          | ---------------------------------------                                                                                                             | ----------------------------- |
-| ----- RUSTDESK Configuration ----- | ---------------------------------------                   | ----------------------------- |
+| RUSTDESK_API_GIN_TRUST_PROXY                           | Trusted proxy IPs, separated by commas.                                                                                                             | 192.168.1.2,192.168.1.3       |
-| RUSTDESK_API_RUSTDESK_ID_SERVER    | Rustdesk ID server address                                | 192.168.1.66:21116            |
+| ----- GORM Configuration -----                         | ---------------------------------------                                                                                                             | ----------------------------- |
-| RUSTDESK_API_RUSTDESK_RELAY_SERVER | Rustdesk relay server address                             | 192.168.1.66:21117            |
+| RUSTDESK_API_GORM_TYPE                                 | Database type (`sqlite` or `mysql`). Default is `sqlite`.                                                                                           | sqlite                        |
-| RUSTDESK_API_RUSTDESK_API_SERVER   | Rustdesk API server address                               | http://192.168.1.66:21114     |
+| RUSTDESK_API_GORM_MAX_IDLE_CONNS                       | Maximum idle connections                                                                                                                            | 10                            |
-| RUSTDESK_API_RUSTDESK_KEY          | Rustdesk key                                              | 123456789                     |
+| RUSTDESK_API_GORM_MAX_OPEN_CONNS                       | Maximum open connections                                                                                                                            | 100                           |
-| ---- PROXY -----                   | ---------------                                           | ----------                    |
+| RUSTDESK_API_RUSTDESK_PERSONAL                         | Open Personal Api 1:Enable,0:Disable                                                                                                                | 1                             |
-| RUSTDESK_API_PROXY_ENABLE          | proxy_enable :`false`, `true`                             | `false`                       |
+| ----- MYSQL Configuration -----                        | ---------------------------------------                                                                                                             | ----------------------------- |
-| RUSTDESK_API_PROXY_HOST            | proxy_host                                                | `http://127.0.0.1:1080`       |
+| RUSTDESK_API_MYSQL_USERNAME                            | MySQL username                                                                                                                                      | root                          |
 | RUSTDESK_API_MYSQL_PASSWORD                            | MySQL password                                                                                                                                      | 111111                        |
 | RUSTDESK_API_MYSQL_ADDR                                | MySQL address                                                                                                                                       | 192.168.1.66:3306             |
 | RUSTDESK_API_MYSQL_DBNAME                              | MySQL database name                                                                                                                                 | rustdesk                      |
 | ----- RUSTDESK Configuration -----                     | ---------------------------------------                                                                                                             | ----------------------------- |
 | RUSTDESK_API_RUSTDESK_ID_SERVER                        | Rustdesk ID server address                                                                                                                          | 192.168.1.66:21116            |
 | RUSTDESK_API_RUSTDESK_RELAY_SERVER                     | Rustdesk relay server address                                                                                                                       | 192.168.1.66:21117            |
 | RUSTDESK_API_RUSTDESK_API_SERVER                       | Rustdesk API server address                                                                                                                         | http://192.168.1.66:21114     |
 | RUSTDESK_API_RUSTDESK_KEY                              | Rustdesk key                                                                                                                                        | 123456789                     |
 | RUSTDESK_API_RUSTDESK_KEY_FILE                         | Rustdesk key file                                                                                                                                   | `./conf/data/id_ed25519.pub`  |
 | RUSTDESK_API_RUSTDESK<br/>_WEBCLIENT_MAGIC_QUERYONLINE | New online query method is enabled in the web client v2; '1': Enabled, '0': Disabled, not enabled by default                                        | `0`                           |
 | RUSTDESK_API_RUSTDESK_WS_HOST                          | Custom Websocket Host                                                                                                                               | `wss://192.168.1.123:1234`    |
 | ---- PROXY -----                                       | ---------------                                                                                                                                     | ----------                    |
 | RUSTDESK_API_PROXY_ENABLE                              | proxy_enable :`false`, `true`                                                                                                                       | `false`                       |
 | RUSTDESK_API_PROXY_HOST                                | proxy_host                                                                                                                                          | `http://127.0.0.1:1080`       |
 | ----JWT----                                            | --------                                                                                                                                            | --------                      |
 | RUSTDESK_API_JWT_KEY                                   | Custom JWT KEY, if empty JWT is not enabled.<br/>If `MUST_LOGIN` from `lejianwen/rustdesk-server` is not used, it is recommended to leave it empty. |                               |
 | RUSTDESK_API_JWT_EXPIRE_DURATION                       | JWT expire duration                                                                                                                                 | `168h`                        |
 ### Installation Steps
@@ -239,189 +214,7 @@ The prefix for variable names is `RUSTDESK_API`. If environment variables exist,
    lejianwen/rustdesk-api
    ```
-2. Using `docker-compose`
+2. Using `docker-compose`,look [WIKI](https://github.com/lejianwen/rustdesk-api/wiki)
    - Simple example:
       ```yaml
       services:
          rustdesk-api:
           container_name: rustdesk-api
           environment:
             - RUSTDESK_API_LANG=en
             - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
             - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
             - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
             - RUSTDESK_API_RUSTDESK_KEY=<key>
           ports:
             - 21114:21114
           image: lejianwen/rustdesk-api
           volumes:
             - /data/rustdesk/api:/app/data # Mount the database for easy backup
           networks:
             - rustdesk-net
           restart: unless-stopped
       ```
    - Example with RustDesk's official Docker Compose file, adding your `rustdesk-api` service:
     - If you are using a system-generated KEY, remove the `-k <key>` parameter. However, after the first startup, run `docker-compose logs hbbs` or `cat ./data/id_ed25519.pub` to view the KEY, then modify `RUSTDESK_API_RUSTDESK_KEY=<key>` and execute `docker-compose up -d` again.
       ```yaml
          networks:
            rustdesk-net:
              external: false
          services:
            hbbs:
              container_name: hbbs
              ports:
                - 21115:21115
                - 21116:21116 # 自定义 hbbs 映射端口
                - 21116:21116/udp # 自定义 hbbs 映射端口
                - 21118:21118 # web client
              image: rustdesk/rustdesk-server
              command: hbbs -r <relay-server-ip[:port]> -k <key> # 填入个人域名或 IP + hbbr 暴露端口
              volumes:
                - ./data:/root # 自定义挂载目录
              networks:
                - rustdesk-net
              depends_on:
                - hbbr
              restart: unless-stopped
              deploy:
                resources:
                  limits:
                    memory: 64M
            hbbr:
              container_name: hbbr
              ports:
                - 21117:21117 # 自定义 hbbr 映射端口
                - 21119:21119 # web client
              image: rustdesk/rustdesk-server
              command: hbbr -k <key>
              volumes:
                - ./data:/root
              networks:
                - rustdesk-net
              restart: unless-stopped
              deploy:
                resources:
                  limits:
                    memory: 64M
            rustdesk-api:
              container_name: rustdesk-api
              environment:
                - TZ=Asia/Shanghai
                - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
                - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
                - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
                - RUSTDESK_API_RUSTDESK_KEY=<key>
              ports:
                - 21114:21114
              image: lejianwen/rustdesk-api
              volumes:
                - /data/rustdesk/api:/app/data #将数据库挂载出来方便备份
              networks:
                - rustdesk-net
              restart: unless-stopped
          ```
   - S6 image
       - - If using ***custom KEY***, you will need to modify the startup script to override the `/etc/s6-overlay/s6-rc.d/hbbr/run` and `/etc/s6-overlay/s6-rc.d/hbbr/run` in the image.
           1. Create `hbbr/run`, only needed for custom KEY
              ```bash
              #!/command/with-contenv sh
              cd /data
              PARAMS=
              [ "${ENCRYPTED_ONLY}" = "1" ] && PARAMS="-k ${KEY}"
              /usr/bin/hbbr $PARAMS
              ```
           2. Create `hbbs/run`, only needed for custom KEY
               ```bash
               #!/command/with-contenv sh
               sleep 2
               cd /data
               PARAMS=
               [ "${ENCRYPTED_ONLY}" = "1" ] && PARAMS="-k ${KEY}"
               /usr/bin/hbbs -r $RELAY $PARAMS
               ```
           3. Modify the `s6` section in `docker-compose.yml`
           ```yaml
           networks:
             rustdesk-net:
               external: false
           services:
             rustdesk-server:
               container_name: rustdesk-server
               ports:
                 - 21115:21115
                 - 21116:21116
                 - 21116:21116/udp
                 - 21117:21117
                 - 21118:21118
                 - 21119:21119
               image: rustdesk/rustdesk-server-s6:latest
               environment:
                 - RELAY=192.168.1.66:21117
                 - ENCRYPTED_ONLY=1
                 - KEY=<key>  #KEY
               volumes:
                 - ./data:/data
                 - ./hbbr/run:/etc/s6-overlay/s6-rc.d/hbbr/run 
                 - ./hbbs/run:/etc/s6-overlay/s6-rc.d/hbbs/run 
               restart: unless-stopped
             rustdesk-api:
               container_name: rustdesk-api
               ports:
                 - 21114:21114
               image: lejianwen/rustdesk-api
               environment:
                 - TZ=Asia/Shanghai
                 - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
                 - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
                 - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
                 - RUSTDESK_API_RUSTDESK_KEY=<key>
               volumes:
                 - /data/rustdesk/api:/app/data 
               networks:
                 - rustdesk-net
               restart: unless-stopped
           ```
   - If using ***system-generated KEY*** or ***custom KEY_PUB, KEY_PRIV***, you do not need to modify the startup script, but you need to obtain the KEY after it is generated and then run `docker-compose up -d`
       ```yaml
       networks:
         rustdesk-net:
           external: false
       services:
         rustdesk-server:
           container_name: rustdesk-server
           ports:
             - 21115:21115
             - 21116:21116
             - 21116:21116/udp
             - 21117:21117
             - 21118:21118
             - 21119:21119
           image: rustdesk/rustdesk-server-s6:latest
           environment:
             - RELAY=192.168.1.66:21117
             - ENCRYPTED_ONLY=1
           volumes:
             - ./data:/data
           restart: unless-stopped
         rustdesk-api:
           container_name: rustdesk-api
           ports:
             - 21114:21114
           image: lejianwen/rustdesk-api
           environment:
             - TZ=Asia/Shanghai
             - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
             - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
             - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
             - RUSTDESK_API_RUSTDESK_KEY=<key>
           volumes:
             - /data/rustdesk/api:/app/data 
           networks:
             - rustdesk-net
           restart: unless-stopped
       ```
 #### Running from Release
@@ -458,10 +251,17 @@ Download the release from [release](https://github.com/lejianwen/rustdesk-api/re
 4. Run:
    ```bash
    # Run directly
-    go run cmd/apimain.go
+   go run cmd/apimain.go
-    # Or generate and run the API using generate_api.go
+   # Or generate and run the API using generate_api.go
-    go generate generate_api.go
+   go generate generate_api.go
-    ```
+   ```
   > **Note:** When using `go run` or the compiled binary, the `conf` and `resources`
   > directories must exist relative to the current working directory. If you run
   > the program from another location, specify absolute paths with `-c` and the
   > `RUSTDESK_API_GIN_RESOURCES_PATH` environment variable. Example:
   > ```bash
   > RUSTDESK_API_GIN_RESOURCES_PATH=/opt/rustdesk-api/resources ./apimain -c /opt/rustdesk-api/conf/config.yaml
   > ```
 5. To compile, change to the project root directory. For Windows, run `build.bat`, and for Linux, run `build.sh`. After
   compiling, the corresponding executables will be generated in the `release` directory. Run the compiled executables
@@ -470,22 +270,58 @@ Download the release from [release](https://github.com/lejianwen/rustdesk-api/re
 6. Open your browser and visit `http://<your server[:port]>/_admin/`, with default credentials `admin admin`. Please
   change the password promptly.
-#### nginx reverse proxy
+#### Running with my forked server-s6 image
-Configure reverse proxy in `nginx`
+
-```
+- Connection timeout issue resolved
-server {
+- Can enforce login before initiating a connection
-    listen <your port>;
+- github https://github.com/lejianwen/rustdesk-server
-    server_name <your server>;
+
-    location / {
+```yaml
-        proxy_pass http://<api-server[:port]>;
+ networks:
-        proxy_set_header Host $host;
+   rustdesk-net:
-        proxy_set_header X-Real-IP $remote_addr;
+     external: false
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ services:
-        proxy_set_header X-Forwarded-Proto $scheme;
+   rustdesk:
-    }
+     ports:
-}
+       - 21114:21114
       - 21115:21115
       - 21116:21116
       - 21116:21116/udp
       - 21117:21117
       - 21118:21118
       - 21119:21119
     image: lejianwen/rustdesk-server-s6:latest
     environment:
       - RELAY=<relay_server[:port]>
       - ENCRYPTED_ONLY=1
       - MUST_LOGIN=N
       - TZ=Asia/Shanghai
       - RUSTDESK_API_RUSTDESK_ID_SERVER=<id_server[:21116]>
       - RUSTDESK_API_RUSTDESK_RELAY_SERVER=<relay_server[:21117]>
       - RUSTDESK_API_RUSTDESK_API_SERVER=http://<api_server[:21114]>
       - RUSTDESK_API_KEY_FILE=/data/id_ed25519.pub
       - RUSTDESK_API_JWT_KEY=xxxxxx # jwt key
     volumes:
       - /data/rustdesk/server:/data
       - /data/rustdesk/api:/app/data #将数据库挂载
     networks:
       - rustdesk-net
     restart: unless-stopped
 ```
 ## Others
 - [WIKI](https://github.com/lejianwen/rustdesk-api/wiki)
 - [Connection Timeout](https://github.com/lejianwen/rustdesk-api/issues/92)
 - [Change client ID](https://github.com/abdullah-erturk/RustDesk-ID-Changer)
- [Web client source](https://hub.docker.com/r/keyurbhole/flutter_web_desk)
+- [Web client source](https://hub.docker.com/r/keyurbhole/flutter_web_desk)
 ## Acknowledgements
 Thanks to everyone who contributed!
 <a href="https://github.com/lejianwen/rustdesk-api/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=lejianwen/rustdesk-api" />
 </a>
 ## Thanks for your support! If you find this project useful, please give it a ⭐️. Thank you!
--- a/build.sh
+++ b/build.sh
@@ -1,16 +1,46 @@
 #!/bin/sh
-rm release -rf
+set -e
 # Automatically get the current environment's GOARCH; if not defined, use the detected system architecture
 GOARCH=${GOARCH:-$(go env GOARCH)}
 DOCS="true"
 # Safely remove the old release directory
 rm -rf release
 # Set Go environment variables
 go env -w GO111MODULE=on
 go env -w GOPROXY=https://goproxy.cn,direct
 go env -w CGO_ENABLED=1
 go env -w GOOS=linux
-go env -w GOARCH=amd64
+go env -w GOARCH=${GOARCH}
-swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin
+
-swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
+
 # Generate Swagger documentation if DOCS is not empty
 if [ -n "${DOCS}" ]; then
    # Check if swag is installed
    if ! command -v swag &> /dev/null; then
        echo "swag command not found. Please install it using:"
        echo "go install github.com/swaggo/swag/cmd/swag@latest"
        echo "Skipping Swagger documentation generation due to missing swag tool."
    else
        echo "Generating Swagger documentation..."
        swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin
        swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
    fi
 else
    echo "Skipping Swagger documentation generation due to DOCS is empty."
 fi
 # Compile the Go code and output it to the release directory
 go build -o release/apimain cmd/apimain.go
 # Copy resource files to the release directory
 cp -ar resources release/
 cp -ar docs release/
 cp -ar conf release/
 # Create necessary directory structures
 mkdir -p release/data
 mkdir -p release/runtime
 echo "Build and setup completed successfully."
--- a/cmd/apimain.go
+++ b/cmd/apimain.go
@@ -1,21 +1,30 @@
 package main
 import (
 	"Gwen/config"
 	"Gwen/global"
 	"Gwen/http"
 	"Gwen/lib/cache"
 	"Gwen/lib/lock"
 	"Gwen/lib/logger"
 	"Gwen/lib/orm"
 	"Gwen/lib/upload"
 	"Gwen/model"
 	"Gwen/service"
 	"fmt"
 	"os"
 	"strconv"
 	"time"
 	"github.com/go-redis/redis/v8"
 	"github.com/lejianwen/rustdesk-api/v2/config"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http"
 	"github.com/lejianwen/rustdesk-api/v2/lib/cache"
 	"github.com/lejianwen/rustdesk-api/v2/lib/jwt"
 	"github.com/lejianwen/rustdesk-api/v2/lib/lock"
 	"github.com/lejianwen/rustdesk-api/v2/lib/logger"
 	"github.com/lejianwen/rustdesk-api/v2/lib/orm"
 	"github.com/lejianwen/rustdesk-api/v2/lib/upload"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"github.com/lejianwen/rustdesk-api/v2/utils"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/spf13/cobra"
 )
 const DatabaseVersion = 264
 // @title 管理系统API
 // @version 1.0
 // @description 接口
@@ -26,9 +35,84 @@ import (
 // @securitydefinitions.apikey BearerAuth
 // @in header
 // @name Authorization
 var rootCmd = &cobra.Command{
 	Use:   "apimain",
 	Short: "RUSTDESK API SERVER",
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
 		InitGlobal()
 	},
 	Run: func(cmd *cobra.Command, args []string) {
 		global.Logger.Info("API SERVER START")
 		http.ApiInit()
 	},
 }
 var resetPwdCmd = &cobra.Command{
 	Use:     "reset-admin-pwd [pwd]",
 	Example: "reset-admin-pwd 123456",
 	Short:   "Reset Admin Password",
 	Args:    cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		pwd := args[0]
 		admin := service.AllService.UserService.InfoById(1)
 		if admin.Id == 0 {
 			global.Logger.Warn("user not found! ")
 			return
 		}
 		err := service.AllService.UserService.UpdatePassword(admin, pwd)
 		if err != nil {
 			global.Logger.Error("reset password fail! ", err)
 			return
 		}
 		global.Logger.Info("reset password success! ")
 	},
 }
 var resetUserPwdCmd = &cobra.Command{
 	Use:     "reset-pwd [userId] [pwd]",
 	Example: "reset-pwd 2 123456",
 	Short:   "Reset User Password",
 	Args:    cobra.ExactArgs(2),
 	Run: func(cmd *cobra.Command, args []string) {
 		userId := args[0]
 		pwd := args[1]
 		uid, err := strconv.Atoi(userId)
 		if err != nil {
 			global.Logger.Warn("userId must be int!")
 			return
 		}
 		if uid <= 0 {
 			global.Logger.Warn("userId must be greater than 0! ")
 			return
 		}
 		u := service.AllService.UserService.InfoById(uint(uid))
 		if u.Id == 0 {
 			global.Logger.Warn("user not found! ")
 			return
 		}
 		err = service.AllService.UserService.UpdatePassword(u, pwd)
 		if err != nil {
 			global.Logger.Warn("reset password fail! ", err)
 			return
 		}
 		global.Logger.Info("reset password success!")
 	},
 }
 func init() {
 	rootCmd.PersistentFlags().StringVarP(&global.ConfigPath, "config", "c", "./conf/config.yaml", "choose config file")
 	rootCmd.AddCommand(resetPwdCmd, resetUserPwdCmd)
 }
 func main() {
 	if err := rootCmd.Execute(); err != nil {
 		global.Logger.Error(err)
 		os.Exit(1)
 	}
 }
 func InitGlobal() {
 	//配置解析
-	global.Viper = config.Init(&global.Config)
+	global.Viper = config.Init(&global.Config, global.ConfigPath)
 	//日志
 	global.Logger = logger.New(&logger.Config{
@@ -60,20 +144,41 @@ func main() {
 	}
 	//gorm
 	if global.Config.Gorm.Type == config.TypeMysql {
-		dns := global.Config.Mysql.Username + ":" + global.Config.Mysql.Password + "@(" + global.Config.Mysql.Addr + ")/" + global.Config.Mysql.Dbname + "?charset=utf8mb4&parseTime=True&loc=Local"
+
 		dsn := fmt.Sprintf("%s:%s@(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local",
 			global.Config.Mysql.Username,
 			global.Config.Mysql.Password,
 			global.Config.Mysql.Addr,
 			global.Config.Mysql.Dbname,
 		)
 		global.DB = orm.NewMysql(&orm.MysqlConfig{
-			Dns:          dns,
+			Dsn:          dsn,
 			MaxIdleConns: global.Config.Gorm.MaxIdleConns,
 			MaxOpenConns: global.Config.Gorm.MaxOpenConns,
-		})
+		}, global.Logger)
 	} else if global.Config.Gorm.Type == config.TypePostgresql {
 		dsn := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s TimeZone=%s",
 			global.Config.Postgresql.Host,
 			global.Config.Postgresql.Port,
 			global.Config.Postgresql.User,
 			global.Config.Postgresql.Password,
 			global.Config.Postgresql.Dbname,
 			global.Config.Postgresql.Sslmode,
 			global.Config.Postgresql.TimeZone,
 		)
 		global.DB = orm.NewPostgresql(&orm.PostgresqlConfig{
 			Dsn:          dsn,
 			MaxIdleConns: global.Config.Gorm.MaxIdleConns,
 			MaxOpenConns: global.Config.Gorm.MaxOpenConns,
 		}, global.Logger)
 	} else {
 		//sqlite
 		global.DB = orm.NewSqlite(&orm.SqliteConfig{
 			MaxIdleConns: global.Config.Gorm.MaxIdleConns,
 			MaxOpenConns: global.Config.Gorm.MaxOpenConns,
-		})
+		}, global.Logger)
 	}
 	DatabaseAutoUpdate()
 	//validator
 	global.ApiInitValidator()
@@ -90,48 +195,60 @@ func main() {
 	//jwt
 	//fmt.Println(global.Config.Jwt.PrivateKey)
-	//global.Jwt = jwt.NewJwt(global.Config.Jwt.PrivateKey, global.Config.Jwt.ExpireDuration*time.Second)
+	global.Jwt = jwt.NewJwt(global.Config.Jwt.Key, global.Config.Jwt.ExpireDuration)
 	//locker
 	global.Lock = lock.NewLocal()
-	//gin
+	//service
-	http.ApiInit()
+	service.New(&global.Config, global.DB, global.Logger, global.Jwt, global.Lock)
 	global.LoginLimiter = utils.NewLoginLimiter(utils.SecurityPolicy{
 		CaptchaThreshold: global.Config.App.CaptchaThreshold,
 		BanThreshold:     global.Config.App.BanThreshold,
 		AttemptsWindow:   10 * time.Minute,
 		BanDuration:      30 * time.Minute,
 	})
 	global.LoginLimiter.RegisterProvider(utils.B64StringCaptchaProvider{})
 	DatabaseAutoUpdate()
 }
 func DatabaseAutoUpdate() {
-	version := 240
+	version := DatabaseVersion
 	db := global.DB
 	if global.Config.Gorm.Type == config.TypeMysql {
 		//检查存不存在数据库，不存在则创建
 		dbName := db.Migrator().CurrentDatabase()
 		fmt.Println("dbName", dbName)
 		if dbName == "" {
 			dbName = global.Config.Mysql.Dbname
 			// 移除 DSN 中的数据库名称，以便初始连接时不指定数据库
-			dsnWithoutDB := global.Config.Mysql.Username + ":" + global.Config.Mysql.Password + "@(" + global.Config.Mysql.Addr + ")/?charset=utf8mb4&parseTime=True&loc=Local"
+			dsnWithoutDB := fmt.Sprintf("%s:%s@(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local",
 				global.Config.Mysql.Username,
 				global.Config.Mysql.Password,
 				global.Config.Mysql.Addr,
 				"",
 			)
 			//新链接
 			dbWithoutDB := orm.NewMysql(&orm.MysqlConfig{
-				Dns: dsnWithoutDB,
+				Dsn: dsnWithoutDB,
-			})
+			}, global.Logger)
 			// 获取底层的 *sql.DB 对象，并确保在程序退出时关闭连接
 			sqlDBWithoutDB, err := dbWithoutDB.DB()
 			if err != nil {
-				fmt.Printf("获取底层 *sql.DB 对象失败: %v\n", err)
+				global.Logger.Errorf("获取底层 *sql.DB 对象失败: %v", err)
 				return
 			}
 			defer func() {
 				if err := sqlDBWithoutDB.Close(); err != nil {
-					fmt.Printf("关闭连接失败: %v\n", err)
+					global.Logger.Errorf("关闭连接失败: %v", err)
 				}
 			}()
 			err = dbWithoutDB.Exec("CREATE DATABASE IF NOT EXISTS " + dbName + " DEFAULT CHARSET utf8mb4").Error
 			if err != nil {
-				fmt.Println(err)
+				global.Logger.Error(err)
 				return
 			}
 		}
@@ -146,11 +263,30 @@ func DatabaseAutoUpdate() {
 		if v.Version < uint(version) {
 			Migrate(uint(version))
 		}
 		// 245迁移
 		if v.Version < 245 {
 			//oauths 表的 oauth_type 字段设置为 op同样的值
 			db.Exec("update oauths set oauth_type = op")
 			db.Exec("update oauths set issuer = 'https://accounts.google.com' where op = 'google'")
 			db.Exec("update user_thirds set oauth_type = third_type, op = third_type")
 			//通过email迁移旧的google授权
 			uts := make([]model.UserThird, 0)
 			db.Where("oauth_type = ?", "google").Find(&uts)
 			for _, ut := range uts {
 				if ut.UserId > 0 {
 					db.Model(&model.User{}).Where("id = ?", ut.UserId).Update("email", ut.OpenId)
 				}
 			}
 		}
 		if v.Version < 246 {
 			db.Exec("update oauths set issuer = 'https://accounts.google.com' where op = 'google' and issuer is null")
 		}
 	}
 }
 func Migrate(version uint) {
-	fmt.Println("migrating....", version)
+	global.Logger.Info("Migrating....", version)
 	err := global.DB.AutoMigrate(
 		&model.Version{},
 		&model.User{},
@@ -167,9 +303,11 @@ func Migrate(version uint) {
 		&model.AuditFile{},
 		&model.AddressBookCollection{},
 		&model.AddressBookCollectionRule{},
 		&model.ServerCmd{},
 		&model.DeviceGroup{},
 	)
 	if err != nil {
-		fmt.Println("migrate err :=>", err)
+		global.Logger.Error("migrate err :=>", err)
 	}
 	global.DB.Create(&model.Version{Version: version})
 	//如果是初次则创建一个默认用户
@@ -203,7 +341,15 @@ func Migrate(version uint) {
 			IsAdmin:  &is_admin,
 			GroupId:  1,
 		}
-		admin.Password = service.AllService.UserService.EncryptPassword("admin")
+
 		// 生成随机密码
 		pwd := utils.RandomString(8)
 		global.Logger.Info("Admin Password Is: ", pwd)
 		var err error
 		admin.Password, err = utils.EncryptPassword(pwd)
 		if err != nil {
 			global.Logger.Fatalf("failed to generate admin password: %v", err)
 		}
 		global.DB.Create(admin)
 	}
--- a/conf/admin/hello.html
+++ b/conf/admin/hello.html
@@ -0,0 +1 @@
 ### 👏👏👏 你好 ***{{username}}***， 欢迎使用 [RustDesk API](https://github.com/lejianwen/rustdesk-api)
--- a/conf/config.yaml
+++ b/conf/config.yaml
@@ -1,6 +1,22 @@
 lang: "zh-CN"
 app:
  web-client: 1  # 1:启用 0:禁用
  register: false #是否开启注册
  register-status: 1 # 注册用户默认状态 1:启用 2:禁用
  captcha-threshold: 3 #   <0:disabled, 0 always, >0:enabled
  ban-threshold: 0 # 0:disabled, >0:enabled
  show-swagger: 0 # 1:启用 0:禁用
  token-expire: 168h
  web-sso: true #web auth sso
  disable-pwd-login: false #禁用密码登录
 admin:
  title: "RustDesk API Admin"
  hello-file: "./conf/admin/hello.html"  #优先使用file
  hello: ""
  # ID Server and Relay Server ports https://github.com/lejianwen/rustdesk-api/issues/257
  id-server-port: 21116  # ID Server port (for server cmd)
  relay-server-port: 21117 # ID Server port (for server cmd)
 gin:
  api-addr: "0.0.0.0:21114"
  mode: "release" #release,debug,test
@@ -15,36 +31,53 @@ mysql:
  password: ""
  addr: ""
  dbname: ""
 postgresql:
  host: "127.0.0.1"
  port: "5432"
  user: ""
  password: ""
  dbname: "postgres"
  sslmode: "disable" # disable, require, verify-ca, verify-full
  time-zone: "Asia/Shanghai" # Time zone for PostgreSQL connection
 rustdesk:
  id-server: "192.168.1.66:21116"
  relay-server: "192.168.1.66:21117"
  api-server: "http://127.0.0.1:21114"
-  key: "123456789"
+  key: ""
  key-file: "/data/id_ed25519.pub"
  personal: 1
  webclient-magic-queryonline: 0
  ws-host: ""  #eg: wss://192.168.1.3:4443
 logger:
  path: "./runtime/log.txt"
-  level: "warn" #trace,debug,info,warn,error,fatal
+  level: "info" #trace,debug,info,warn,error,fatal
  report-caller: true
 proxy:
  enable: false
  host: "http://127.0.0.1:1080"
 redis:
  addr: "127.0.0.1:6379"
  password: ""
  db: 0
 cache:
  type: "file"
  file-dir: "./runtime/cache"
  redis-addr: "127.0.0.1:6379"
  redis-pwd: ""
  redis-db: 0
 oss:
  access-key-id: ""
  access-key-secret: ""
  host: ""
  callback-url: ""
  expire-time: 30
  max-byte: 10240
 jwt:
-  private-key: "./conf/jwt_pri.pem"
+  key: ""
-  expire-duration: 360000
+  expire-duration: 168h
 ldap:
  enable: false
  url: "ldap://ldap.example.com:389"
  tls-ca-file: ""
  tls-verify: false
  base-dn: "dc=example,dc=com"
  bind-dn: "cn=admin,dc=example,dc=com"
  bind-password: "password"
  user:
    base-dn: "ou=users,dc=example,dc=com"
    enable-attr: ""       #The attribute name of the user for enabling, in AD it is "userAccountControl", empty means no enable attribute, all users are enabled
    enable-attr-value: "" # The value of the enable attribute when the user is enabled. If you are using AD, just set random value, it will be ignored.
    filter: "(cn=*)"
    username: "uid"       # The attribute name of the user for usernamem if you are using AD, it should be "sAMAccountName"
    email: "mail"
    first-name: "givenName"
    last-name: "sn"
    sync: false         # If true, the user will be synchronized to the database when the user logs in. If false, the user will be synchronized to the database when the user be created.
    admin-group: "cn=admin,dc=example,dc=com" # The group name of the admin group, if the user is in this group, the user will be an admin.
--- a/config/config.go
+++ b/config/config.go
@@ -1,11 +1,10 @@
 package config
 import (
 	"flag"
 	"fmt"
 	"github.com/fsnotify/fsnotify"
 	"github.com/spf13/viper"
 	"strings"
 	"time"
 )
 const (
@@ -15,53 +14,85 @@ const (
 )
 type App struct {
-	WebClient int `mapstructure:"web-client"`
+	WebClient        int           `mapstructure:"web-client"`
 	Register         bool          `mapstructure:"register"`
 	RegisterStatus   int           `mapstructure:"register-status"`
 	ShowSwagger      int           `mapstructure:"show-swagger"`
 	TokenExpire      time.Duration `mapstructure:"token-expire"`
 	WebSso           bool          `mapstructure:"web-sso"`
 	DisablePwdLogin  bool          `mapstructure:"disable-pwd-login"`
 	CaptchaThreshold int           `mapstructure:"captcha-threshold"`
 	BanThreshold     int           `mapstructure:"ban-threshold"`
 }
 type Admin struct {
 	Title           string `mapstructure:"title"`
 	Hello           string `mapstructure:"hello"`
 	HelloFile       string `mapstructure:"hello-file"`
 	IdServerPort    int    `mapstructure:"id-server-port"`
 	RelayServerPort int    `mapstructure:"relay-server-port"`
 }
 type Config struct {
 	Lang       string `mapstructure:"lang"`
 	App        App
 	Admin      Admin
 	Gorm       Gorm
 	Mysql      Mysql
 	Postgresql Postgresql
 	Gin        Gin
 	Logger     Logger
 	Redis      Redis
 	Cache      Cache
 	Oss        Oss
 	Jwt        Jwt
 	Rustdesk   Rustdesk
 	Proxy      Proxy
 	Ldap       Ldap
 }
-type Config struct {
+func (a *Admin) Init() {
-	Lang     string `mapstructure:"lang"`
+	if a.IdServerPort == 0 {
-	App      App
+		a.IdServerPort = DefaultIdServerPort
-	Gorm     Gorm
+	}
-	Mysql    Mysql
+	if a.RelayServerPort == 0 {
-	Gin      Gin
+		a.RelayServerPort = DefaultRelayServerPort
-	Logger   Logger
+	}
 	Redis    Redis
 	Cache    Cache
 	Oss      Oss
 	Jwt      Jwt
 	Rustdesk Rustdesk
 	Proxy    Proxy
 }
 // Init 初始化配置
-func Init(rowVal interface{}) *viper.Viper {
+func Init(rowVal *Config, path string) *viper.Viper {
-	var config string
+	if path == "" {
-	flag.StringVar(&config, "c", "", "choose config file.")
+		path = DefaultConfig
 	flag.Parse()
 	if config == "" { // 优先级: 命令行 > 默认值
 		config = DefaultConfig
 	}
-	v := viper.New()
+	v := viper.GetViper()
 	v.AutomaticEnv()
 	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_", "-", "_"))
 	v.SetEnvPrefix("RUSTDESK_API")
-	v.SetConfigFile(config)
+	v.SetConfigFile(path)
 	v.SetConfigType("yaml")
 	err := v.ReadInConfig()
 	if err != nil {
 		panic(fmt.Errorf("Fatal error config file: %s \n", err))
 	}
-	v.WatchConfig()
+	/*
-	v.OnConfigChange(func(e fsnotify.Event) {
+		v.WatchConfig()
-		//配置文件修改监听
+
-		fmt.Println("config file changed:", e.Name)
+
-		if err2 := v.Unmarshal(rowVal); err2 != nil {
+			//监听配置修改没什么必要
-			fmt.Println(err2)
+			v.OnConfigChange(func(e fsnotify.Event) {
-		}
+				//配置文件修改监听
-	})
+				fmt.Println("config file changed:", e.Name)
 				if err2 := v.Unmarshal(rowVal); err2 != nil {
 					fmt.Println(err2)
 				}
 				rowVal.Rustdesk.LoadKeyFile()
 				rowVal.Rustdesk.ParsePort()
 			})
 	*/
 	if err := v.Unmarshal(rowVal); err != nil {
-		fmt.Println(err)
+		panic(fmt.Errorf("Fatal error config: %s \n", err))
 	}
 	rowVal.Rustdesk.LoadKeyFile()
 	rowVal.Admin.Init()
 	return v
 }
--- a/config/gorm.go
+++ b/config/gorm.go
@@ -1,8 +1,9 @@
 package config
 const (
-	TypeSqlite = "sqlite"
+	TypeSqlite     = "sqlite"
-	TypeMysql  = "mysql"
+	TypeMysql      = "mysql"
 	TypePostgresql = "postgresql"
 )
 type Gorm struct {
@@ -17,3 +18,13 @@ type Mysql struct {
 	Password string `mapstructure:"password"`
 	Dbname   string `mapstructure:"dbname"`
 }
 type Postgresql struct {
 	Host     string `mapstructure:"host"`
 	Port     string `mapstructure:"port"`
 	User     string `mapstructure:"user"`
 	Password string `mapstructure:"password"`
 	Dbname   string `mapstructure:"dbname"`
 	Sslmode  string `mapstructure:"sslmode"`   // "disable", "require", "verify-ca", "verify-full"
 	TimeZone string `mapstructure:"time-zone"` // e.g., "Asia/Shanghai"
 }
--- a/config/jwt.go
+++ b/config/jwt.go
@@ -3,6 +3,6 @@ package config
 import "time"
 type Jwt struct {
-	PrivateKey     string        `mapstructure:"private-key"`
+	Key            string        `mapstructure:"key"`
 	ExpireDuration time.Duration `mapstructure:"expire-duration"`
 }
--- a/config/ldap.go
+++ b/config/ldap.go
@@ -0,0 +1,36 @@
 package config
 type LdapUser struct {
 	BaseDn          string `mapstructure:"base-dn"`           // The base DN of the user for searching
 	EnableAttr      string `mapstructure:"enable-attr"`       // The attribute name of the user for enabling, in AD it is "userAccountControl", empty means no enable attribute, all users are enabled
 	EnableAttrValue string `mapstructure:"enable-attr-value"` // The value of the enable attribute when the user is enabled. If you are using AD, just leave it random str, it will be ignored.
 	Filter          string `mapstructure:"filter"`
 	Username        string `mapstructure:"username"`
 	Email           string `mapstructure:"email"`
 	FirstName       string `mapstructure:"first-name"`
 	LastName        string `mapstructure:"last-name"`
 	Sync            bool   `mapstructure:"sync"`        // Will sync the user's information to the internal database
 	AdminGroup      string `mapstructure:"admin-group"` // Which group is the admin group
 }
 // type LdapGroup struct {
 // 	BaseDn 		string            `mapstructure:"base-dn"` // The base DN of the group for searching
 // 	Name        string            `mapstructure:"name"`    // The attribute name of the group
 // 	Filter      string            `mapstructure:"filter"`
 // 	Admin       string            `mapstructure:"admin"`   // Which group is the admin group
 // 	Member      string            `mapstructure:"member"`  // How to get the member of the group: member, uniqueMember, or memberOf (default: member)
 // 	Mode        string            `mapstructure:"mode"`
 // 	Map         map[string]string `mapstructure:"map"`     // If mode is "map", map the LDAP group to the internal group
 // }
 type Ldap struct {
 	Enable       bool     `mapstructure:"enable"`
 	Url          string   `mapstructure:"url"`
 	TlsCaFile    string   `mapstructure:"tls-ca-file"`
 	TlsVerify    bool     `mapstructure:"tls-verify"`
 	BaseDn       string   `mapstructure:"base-dn"`
 	BindDn       string   `mapstructure:"bind-dn"`
 	BindPassword string   `mapstructure:"bind-password"`
 	User         LdapUser `mapstructure:"user"`
 	// Group        LdapGroup `mapstructure:"group"`
 }
--- a/config/oauth.go
+++ b/config/oauth.go
@@ -3,11 +3,20 @@ package config
 type GithubOauth struct {
 	ClientId     string `mapstructure:"client-id"`
 	ClientSecret string `mapstructure:"client-secret"`
 	RedirectUrl  string `mapstructure:"redirect-url"`
 }
 type GoogleOauth struct {
 	ClientId     string `mapstructure:"client-id"`
 	ClientSecret string `mapstructure:"client-secret"`
-	RedirectUrl  string `mapstructure:"redirect-url"`
+}
 type OidcOauth struct {
 	Issuer       string `mapstructure:"issuer"`
 	ClientId     string `mapstructure:"client-id"`
 	ClientSecret string `mapstructure:"client-secret"`
 }
 type LinuxdoOauth struct {
 	ClientId     string `mapstructure:"client-id"`
 	ClientSecret string `mapstructure:"client-secret"`
 }
--- a/config/rustdesk.go
+++ b/config/rustdesk.go
@@ -1,9 +1,40 @@
 package config
 import (
 	"os"
 )
 const (
 	DefaultIdServerPort    = 21116
 	DefaultRelayServerPort = 21117
 )
 type Rustdesk struct {
-	IdServer    string `mapstructure:"id-server"`
+	IdServer        string `mapstructure:"id-server"`
-	RelayServer string `mapstructure:"relay-server"`
+	IdServerPort    int    `mapstructure:"-"`
-	ApiServer   string `mapstructure:"api-server"`
+	RelayServer     string `mapstructure:"relay-server"`
-	Key         string `mapstructure:"key"`
+	RelayServerPort int    `mapstructure:"-"`
-	Personal    int    `mapstructure:"personal"`
+	ApiServer       string `mapstructure:"api-server"`
 	Key             string `mapstructure:"key"`
 	KeyFile         string `mapstructure:"key-file"`
 	Personal        int    `mapstructure:"personal"`
 	//webclient-magic-queryonline
 	WebclientMagicQueryonline int    `mapstructure:"webclient-magic-queryonline"`
 	WsHost                    string `mapstructure:"ws-host"`
 }
 func (rd *Rustdesk) LoadKeyFile() {
 	// Load key file
 	if rd.Key != "" {
 		return
 	}
 	if rd.KeyFile != "" {
 		// Load key from file
 		b, err := os.ReadFile(rd.KeyFile)
 		if err != nil {
 			return
 		}
 		rd.Key = string(b)
 		return
 	}
 }
--- a/conf/jwt_pri.pem
+++ b/conf/jwt_pri.pem
--- a/debian/changelog
+++ b/debian/changelog
@@ -0,0 +1,5 @@
 rustdesk-api-server (1.3.6) UNRELEASED; urgency=medium
  * Update the version to 1.3.6 to match the client.
 -- rustdesk-api <ymwlpoolc@qq.com>  Tue, 24 Dec 2024 13:48:34 +0800
--- a/debian/compat
+++ b/debian/compat
@@ -0,0 +1 @@
 10
--- a/debian/control.tpl
+++ b/debian/control.tpl
@@ -0,0 +1,13 @@
 Source: rustdesk-api-server
 Section: net
 Priority: optional
 Maintainer: ymwl <ymwlpoolc@qq.com>
 Build-Depends: debhelper (>= 10), pkg-config
 Standards-Version: 4.5.0
 Homepage: https://github.com/lejianwen/rustdesk-api/
 Package: rustdesk-api-server
 Architecture: {{ ARCH }}
 Depends: systemd ${misc:Depends}
 Description: RustDesk api server
 RustDesk api server, it is free and open source.
--- a/debian/copyright
+++ b/debian/copyright
@@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2024-present Lejianwen and contributors
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/debian/rules
+++ b/debian/rules
@@ -0,0 +1,6 @@
 #!/usr/bin/make -f
 %:
 	dh $@
 override_dh_builddeb:
 	dh_builddeb -- -Zgzip
--- a/debian/rustdesk-api-server.install
+++ b/debian/rustdesk-api-server.install
@@ -0,0 +1,6 @@
 bin/rustdesk-api usr/bin
 systemd/rustdesk-api.service lib/systemd/system
 conf var/lib/rustdesk-api
 data var/lib/rustdesk-api
 resources var/lib/rustdesk-api
 runtime var/lib/rustdesk-api
--- a/debian/rustdesk-api-server.postinst
+++ b/debian/rustdesk-api-server.postinst
@@ -0,0 +1,28 @@
 #!/bin/sh
 set -e
 SERVICE=rustdesk-api.service
 if [ "$1" = "configure" ]; then
    mkdir -p /var/log/rustdesk-api
 fi
 case "$1" in
    configure|abort-upgrade|abort-deconfigure|abort-remove)
      mkdir -p /var/lib/rustdesk-api/
 	  deb-systemd-helper unmask "${SERVICE}" >/dev/null || true
 	  if deb-systemd-helper --quiet was-enabled "${SERVICE}"; then
 		deb-systemd-invoke enable "${SERVICE}" >/dev/null || true
 	  else
 		deb-systemd-invoke update-state "${SERVICE}" >/dev/null || true
 	  fi
 	  systemctl --system daemon-reload >/dev/null || true
 	  if [ -n "$2" ]; then
 		deb-systemd-invoke restart "${SERVICE}" >/dev/null || true
 	  else
 		deb-systemd-invoke start "${SERVICE}" >/dev/null || true
 	  fi
    ;;
 esac
 exit 0
--- a/debian/rustdesk-api-server.postrm
+++ b/debian/rustdesk-api-server.postrm
@@ -0,0 +1,18 @@
 #!/bin/sh
 set -e
 SERVICE=rustdesk-api.service
 systemctl --system daemon-reload >/dev/null || true
 if [ "$1" = "purge" ]; then
 	rm -rf /var/log/rustdesk-api/rustdesk-api.*
 	deb-systemd-helper purge "${SERVICE}" >/dev/null || true
 	deb-systemd-helper unmask "${SERVICE}" >/dev/null || true
 fi
 if [ "$1" = "remove" ]; then
 	deb-systemd-helper mask "${SERVICE}" >/dev/null || true
 fi
 exit 0
--- a/debian/rustdesk-api-server.prerm
+++ b/debian/rustdesk-api-server.prerm
@@ -0,0 +1,13 @@
 #!/bin/sh
 set -e
 SERVICE=rustdesk-api.service
 case "$1" in
    remove|deconfigure)
 	  deb-systemd-invoke stop "${SERVICE}" >/dev/null || true
 	  deb-systemd-invoke disable "${SERVICE}" >/dev/null || true
 	;;
 esac
 exit 0
--- a/debian/source/format
+++ b/debian/source/format
@@ -0,0 +1 @@
 3.0 (native)
--- a/docker-compose-dev.yaml
+++ b/docker-compose-dev.yaml
@@ -0,0 +1,24 @@
 services:
  rustdesk-api:
    build: 
      context: .
      dockerfile: Dockerfile.dev
      args:
        COUNTRY: CN
        FRONTEND_GIT_REPO: https://github.com/lejianwen/rustdesk-api-web.git
        FRONTEND_GIT_BRANCH: master
    # image: lejianwen/rustdesk-api
    container_name: rustdesk-api
    environment:
      - TZ=Asia/Shanghai
      - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
      - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
      - RUSTDESK_API_RUSTDESK_API_SERVER=http://127.0.0.1:21114
      - RUSTDESK_API_RUSTDESK_KEY=123456789
    ports:
      - 21114:21114
    volumes:
      - ./data/rustdesk/api:/app/data #将数据库挂载出来方便备份
      - ./conf:/app/conf # config
      # - ./resources:/app/resources # 静态资源
    restart: unless-stopped
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -6,10 +6,12 @@ services:
      - TZ=Asia/Shanghai
      - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
      - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
-      - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
+      - RUSTDESK_API_RUSTDESK_API_SERVER=http://127.0.0.1:21114
      - RUSTDESK_API_RUSTDESK_KEY=123456789
    ports:
      - 21114:21114
    volumes:
-      - /data/rustdesk/api:/app/data #将数据库挂载出来方便备份
+      - ./data/rustdesk/api:/app/data # database
      # - ./conf:/app/conf # config
      # - ./resources:/app/resources # 静态资源
    restart: unless-stopped
--- a/docker-dev.sh
+++ b/docker-dev.sh
@@ -0,0 +1,35 @@
 #!/bin/bash
 set -e
 # Define Docker Compose file and cache option
 COMPOSE_FILE_NAME="docker-compose-dev.yaml"
 CACHE=""
 # Uncomment the next line to enable no-cache option
 # CACHE="--no-cache"
 # Define the base Docker Compose command
 DCS="docker compose -f ${COMPOSE_FILE_NAME}"
 # Function to build and start services
 build_and_run() {
    echo "Building services..."
    if ! $DCS build ${CACHE}; then
        echo "Error: Failed to build services"
        exit 1
    fi
    echo "Starting services..."
    if ! $DCS up -d; then
        echo "Error: Failed to start services"
        exit 1
    fi
    echo "Services started successfully"
    echo "If you want to stop the services, run"
    echo "docker compose -f ${COMPOSE_FILE_NAME} down"
    echo "If you want to see the logs, run"
    echo "docker compose -f ${COMPOSE_FILE_NAME} logs -f"
 }
 # Execute build and start function
 build_and_run
--- a/docs/admin/admin_docs.go
+++ b/docs/admin/admin_docs.go
--- a/docs/admin/admin_swagger.json
+++ b/docs/admin/admin_swagger.json
--- a/docs/admin/admin_swagger.yaml
+++ b/docs/admin/admin_swagger.yaml
--- a/docs/admin_webclient.png
+++ b/docs/admin_webclient.png
--- a/docs/api/api_docs.go
+++ b/docs/api/api_docs.go
@@ -653,40 +653,6 @@ const docTemplateapi = `{
                }
            }
        },
        "/api": {
            "get": {
                "security": [
                    {
                        "token": []
                    }
                ],
                "description": "用户信息",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "用户"
                ],
                "summary": "用户信息",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.UserPayload"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/audit/conn": {
            "post": {
                "description": "审计连接",
@@ -767,6 +733,100 @@ const docTemplateapi = `{
                }
            }
        },
        "/currentUser": {
            "get": {
                "security": [
                    {
                        "token": []
                    }
                ],
                "description": "用户信息",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "用户"
                ],
                "summary": "用户信息",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.UserPayload"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/device-group/accessible": {
            "get": {
                "security": [
                    {
                        "BearerAuth": []
                    }
                ],
                "description": "机器",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "群组"
                ],
                "summary": "设备",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "页码",
                        "name": "page",
                        "in": "query"
                    },
                    {
                        "type": "integer",
                        "description": "每页数量",
                        "name": "pageSize",
                        "in": "query"
                    },
                    {
                        "type": "integer",
                        "description": "状态",
                        "name": "status",
                        "in": "query"
                    },
                    {
                        "type": "string",
                        "description": "accessible",
                        "name": "accessible",
                        "in": "query"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/response.DataResponse"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/heartbeat": {
            "post": {
                "description": "心跳",
@@ -834,7 +894,7 @@ const docTemplateapi = `{
            }
        },
        "/login-options": {
-            "post": {
+            "get": {
                "description": "登录选项",
                "consumes": [
                    "application/json"
@@ -894,35 +954,6 @@ const docTemplateapi = `{
                }
            }
        },
        "/oauth/callback": {
            "get": {
                "description": "OauthCallback",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "Oauth"
                ],
                "summary": "OauthCallback",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.LoginRes"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.ErrorResponse"
                        }
                    }
                }
            }
        },
        "/oidc/auth": {
            "post": {
                "description": "OidcAuth",
@@ -981,6 +1012,35 @@ const docTemplateapi = `{
                }
            }
        },
        "/oidc/callback": {
            "get": {
                "description": "OauthCallback",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "Oauth"
                ],
                "summary": "OauthCallback",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.LoginRes"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.ErrorResponse"
                        }
                    }
                }
            }
        },
        "/peers": {
            "get": {
                "security": [
@@ -1075,6 +1135,40 @@ const docTemplateapi = `{
                }
            }
        },
        "/server-config-v2": {
            "get": {
                "security": [
                    {
                        "token": []
                    }
                ],
                "description": "服务配置,给webclient提供api-server",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "WEBCLIENT_V2"
                ],
                "summary": "服务配置",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/shared-peer": {
            "post": {
                "description": "分享的peer",
@@ -1114,7 +1208,7 @@ const docTemplateapi = `{
                    "application/json"
                ],
                "tags": [
-                    "地址"
+                    "System"
                ],
                "summary": "提交系统信息",
                "parameters": [
@@ -1144,14 +1238,9 @@ const docTemplateapi = `{
                }
            }
        },
-        "/tags": {
+        "/sysinfo_ver": {
            "post": {
-                "security": [
+                "description": "获取系统版本信息",
                    {
                        "BearerAuth": []
                    }
                ],
                "description": "标签",
                "consumes": [
                    "application/json"
                ],
@@ -1159,17 +1248,14 @@ const docTemplateapi = `{
                    "application/json"
                ],
                "tags": [
-                    "地址"
+                    "System"
                ],
-                "summary": "标签",
+                "summary": "获取系统版本信息",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
-                            "type": "array",
+                            "type": "string"
                            "items": {
                                "$ref": "#/definitions/model.Tag"
                            }
                        }
                    },
                    "500": {
@@ -1255,6 +1341,35 @@ const docTemplateapi = `{
                    }
                }
            }
        },
        "/version": {
            "get": {
                "description": "版本",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "首页"
                ],
                "summary": "版本",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        }
    },
    "definitions": {
@@ -1356,7 +1471,7 @@ const docTemplateapi = `{
                },
                "password": {
                    "type": "string",
-                    "maxLength": 20,
+                    "maxLength": 32,
                    "minLength": 4
                },
                "type": {
@@ -1364,8 +1479,8 @@ const docTemplateapi = `{
                },
                "username": {
                    "type": "string",
-                    "maxLength": 10,
+                    "maxLength": 32,
-                    "minLength": 4
+                    "minLength": 2
                },
                "uuid": {
                    "type": "string"
--- a/docs/api/api_swagger.json
+++ b/docs/api/api_swagger.json
@@ -646,40 +646,6 @@
                }
            }
        },
        "/api": {
            "get": {
                "security": [
                    {
                        "token": []
                    }
                ],
                "description": "用户信息",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "用户"
                ],
                "summary": "用户信息",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.UserPayload"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/audit/conn": {
            "post": {
                "description": "审计连接",
@@ -760,6 +726,100 @@
                }
            }
        },
        "/currentUser": {
            "get": {
                "security": [
                    {
                        "token": []
                    }
                ],
                "description": "用户信息",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "用户"
                ],
                "summary": "用户信息",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.UserPayload"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/device-group/accessible": {
            "get": {
                "security": [
                    {
                        "BearerAuth": []
                    }
                ],
                "description": "机器",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "群组"
                ],
                "summary": "设备",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "页码",
                        "name": "page",
                        "in": "query"
                    },
                    {
                        "type": "integer",
                        "description": "每页数量",
                        "name": "pageSize",
                        "in": "query"
                    },
                    {
                        "type": "integer",
                        "description": "状态",
                        "name": "status",
                        "in": "query"
                    },
                    {
                        "type": "string",
                        "description": "accessible",
                        "name": "accessible",
                        "in": "query"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/response.DataResponse"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/heartbeat": {
            "post": {
                "description": "心跳",
@@ -827,7 +887,7 @@
            }
        },
        "/login-options": {
-            "post": {
+            "get": {
                "description": "登录选项",
                "consumes": [
                    "application/json"
@@ -887,35 +947,6 @@
                }
            }
        },
        "/oauth/callback": {
            "get": {
                "description": "OauthCallback",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "Oauth"
                ],
                "summary": "OauthCallback",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.LoginRes"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.ErrorResponse"
                        }
                    }
                }
            }
        },
        "/oidc/auth": {
            "post": {
                "description": "OidcAuth",
@@ -974,6 +1005,35 @@
                }
            }
        },
        "/oidc/callback": {
            "get": {
                "description": "OauthCallback",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "Oauth"
                ],
                "summary": "OauthCallback",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/api.LoginRes"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.ErrorResponse"
                        }
                    }
                }
            }
        },
        "/peers": {
            "get": {
                "security": [
@@ -1068,6 +1128,40 @@
                }
            }
        },
        "/server-config-v2": {
            "get": {
                "security": [
                    {
                        "token": []
                    }
                ],
                "description": "服务配置,给webclient提供api-server",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "WEBCLIENT_V2"
                ],
                "summary": "服务配置",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        },
        "/shared-peer": {
            "post": {
                "description": "分享的peer",
@@ -1107,7 +1201,7 @@
                    "application/json"
                ],
                "tags": [
-                    "地址"
+                    "System"
                ],
                "summary": "提交系统信息",
                "parameters": [
@@ -1137,14 +1231,9 @@
                }
            }
        },
-        "/tags": {
+        "/sysinfo_ver": {
            "post": {
-                "security": [
+                "description": "获取系统版本信息",
                    {
                        "BearerAuth": []
                    }
                ],
                "description": "标签",
                "consumes": [
                    "application/json"
                ],
@@ -1152,17 +1241,14 @@
                    "application/json"
                ],
                "tags": [
-                    "地址"
+                    "System"
                ],
-                "summary": "标签",
+                "summary": "获取系统版本信息",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
-                            "type": "array",
+                            "type": "string"
                            "items": {
                                "$ref": "#/definitions/model.Tag"
                            }
                        }
                    },
                    "500": {
@@ -1248,6 +1334,35 @@
                    }
                }
            }
        },
        "/version": {
            "get": {
                "description": "版本",
                "consumes": [
                    "application/json"
                ],
                "produces": [
                    "application/json"
                ],
                "tags": [
                    "首页"
                ],
                "summary": "版本",
                "responses": {
                    "200": {
                        "description": "OK",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    },
                    "500": {
                        "description": "Internal Server Error",
                        "schema": {
                            "$ref": "#/definitions/response.Response"
                        }
                    }
                }
            }
        }
    },
    "definitions": {
@@ -1349,7 +1464,7 @@
                },
                "password": {
                    "type": "string",
-                    "maxLength": 20,
+                    "maxLength": 32,
                    "minLength": 4
                },
                "type": {
@@ -1357,8 +1472,8 @@
                },
                "username": {
                    "type": "string",
-                    "maxLength": 10,
+                    "maxLength": 32,
-                    "minLength": 4
+                    "minLength": 2
                },
                "uuid": {
                    "type": "string"
--- a/docs/api/api_swagger.yaml
+++ b/docs/api/api_swagger.yaml
@@ -62,14 +62,14 @@ definitions:
      id:
        type: string
      password:
-        maxLength: 20
+        maxLength: 32
        minLength: 4
        type: string
      type:
        type: string
      username:
-        maxLength: 10
+        maxLength: 32
-        minLength: 4
+        minLength: 2
        type: string
      uuid:
        type: string
@@ -598,27 +598,6 @@ paths:
      summary: 标签
      tags:
      - 地址[Personal]
  /api:
    get:
      consumes:
      - application/json
      description: 用户信息
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
            $ref: '#/definitions/api.UserPayload'
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.Response'
      security:
      - token: []
      summary: 用户信息
      tags:
      - 用户
  /audit/conn:
    post:
      consumes:
@@ -671,6 +650,65 @@ paths:
      summary: 审计文件
      tags:
      - 审计
  /currentUser:
    get:
      consumes:
      - application/json
      description: 用户信息
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
            $ref: '#/definitions/api.UserPayload'
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.Response'
      security:
      - token: []
      summary: 用户信息
      tags:
      - 用户
  /device-group/accessible:
    get:
      consumes:
      - application/json
      description: 机器
      parameters:
      - description: 页码
        in: query
        name: page
        type: integer
      - description: 每页数量
        in: query
        name: pageSize
        type: integer
      - description: 状态
        in: query
        name: status
        type: integer
      - description: accessible
        in: query
        name: accessible
        type: string
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
            $ref: '#/definitions/response.DataResponse'
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.Response'
      security:
      - BearerAuth: []
      summary: 设备
      tags:
      - 群组
  /heartbeat:
    post:
      consumes:
@@ -715,7 +753,7 @@ paths:
      tags:
      - 登录
  /login-options:
-    post:
+    get:
      consumes:
      - application/json
      description: 登录选项
@@ -754,25 +792,6 @@ paths:
      summary: 登出
      tags:
      - 登录
  /oauth/callback:
    get:
      consumes:
      - application/json
      description: OauthCallback
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
            $ref: '#/definitions/api.LoginRes'
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.ErrorResponse'
      summary: OauthCallback
      tags:
      - Oauth
  /oidc/auth:
    post:
      consumes:
@@ -811,6 +830,25 @@ paths:
      summary: OidcAuthQuery
      tags:
      - Oauth
  /oidc/callback:
    get:
      consumes:
      - application/json
      description: OauthCallback
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
            $ref: '#/definitions/api.LoginRes'
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.ErrorResponse'
      summary: OauthCallback
      tags:
      - Oauth
  /peers:
    get:
      consumes:
@@ -870,6 +908,27 @@ paths:
      summary: 服务配置
      tags:
      - WEBCLIENT
  /server-config-v2:
    get:
      consumes:
      - application/json
      description: 服务配置,给webclient提供api-server
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
            $ref: '#/definitions/response.Response'
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.Response'
      security:
      - token: []
      summary: 服务配置
      tags:
      - WEBCLIENT_V2
  /shared-peer:
    post:
      consumes:
@@ -914,30 +973,26 @@ paths:
            $ref: '#/definitions/response.ErrorResponse'
      summary: 提交系统信息
      tags:
-      - 地址
+      - System
-  /tags:
+  /sysinfo_ver:
    post:
      consumes:
      - application/json
-      description: 标签
+      description: 获取系统版本信息
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
-            items:
+            type: string
              $ref: '#/definitions/model.Tag'
            type: array
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.ErrorResponse'
-      security:
+      summary: 获取系统版本信息
      - BearerAuth: []
      summary: 标签
      tags:
-      - 地址
+      - System
  /users:
    get:
      consumes:
@@ -983,6 +1038,25 @@ paths:
      summary: 用户列表
      tags:
      - 群组
  /version:
    get:
      consumes:
      - application/json
      description: 版本
      produces:
      - application/json
      responses:
        "200":
          description: OK
          schema:
            $ref: '#/definitions/response.Response'
        "500":
          description: Internal Server Error
          schema:
            $ref: '#/definitions/response.Response'
      summary: 版本
      tags:
      - 首页
 securityDefinitions:
  BearerAuth:
    in: header
--- a/docs/en_img/admin_webclient.png
+++ b/docs/en_img/admin_webclient.png
--- a/docs/en_img/rustdesk_command_advance.png
+++ b/docs/en_img/rustdesk_command_advance.png
--- a/docs/en_img/rustdesk_command_simple.png
+++ b/docs/en_img/rustdesk_command_simple.png
--- a/docs/en_img/web_admin.png
+++ b/docs/en_img/web_admin.png
--- a/docs/en_img/web_admin_oauth.png
+++ b/docs/en_img/web_admin_oauth.png
--- a/docs/en_img/web_admin_user.png
+++ b/docs/en_img/web_admin_user.png
--- a/docs/en_img/web_resetpwd.png
+++ b/docs/en_img/web_resetpwd.png
--- a/docs/init_admin_pwd.png
+++ b/docs/init_admin_pwd.png
--- a/docs/rustdesk_command_advance.png
+++ b/docs/rustdesk_command_advance.png
--- a/docs/rustdesk_command_simple.png
+++ b/docs/rustdesk_command_simple.png
--- a/docs/web_admin.png
+++ b/docs/web_admin.png
--- a/docs/web_admin_oauth.png
+++ b/docs/web_admin_oauth.png
--- a/docs/web_admin_user.png
+++ b/docs/web_admin_user.png
--- a/docs/web_resetpwd.png
+++ b/docs/web_resetpwd.png
--- a/docs/webclient_conf.png
+++ b/docs/webclient_conf.png
--- a/docs/webclientv2.png
+++ b/docs/webclientv2.png
--- a/generate_api.go
+++ b/generate_api.go
@@ -1,4 +1,4 @@
-package Gwen
+package main
 //go:generate swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin
 //go:generate swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
--- a/generate_run.go
+++ b/generate_run.go
@@ -1,3 +1,3 @@
-package Gwen
+package main
 //go:generate go run cmd/apimain.go
--- a/global/apiValidator.go
+++ b/global/apiValidator.go
@@ -3,15 +3,21 @@ package global
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/go-playground/locales/en"
 	"github.com/go-playground/locales/es"
 	"github.com/go-playground/locales/fr"
 	"github.com/go-playground/locales/ko"
 	"github.com/go-playground/locales/ru"
 	"github.com/go-playground/locales/zh_Hans_CN"
-
+	"github.com/go-playground/locales/zh_Hant"
 	ut "github.com/go-playground/universal-translator"
 	"github.com/go-playground/validator/v10"
 	en_translations "github.com/go-playground/validator/v10/translations/en"
 	es_translations "github.com/go-playground/validator/v10/translations/es"
 	fr_translations "github.com/go-playground/validator/v10/translations/fr"
 	ko_translations "github.com/go-playground/validator/v10/translations/ko"
 	ru_translations "github.com/go-playground/validator/v10/translations/ru"
 	zh_translations "github.com/go-playground/validator/v10/translations/zh"
 	zh_tw_translations "github.com/go-playground/validator/v10/translations/zh_tw"
 	"reflect"
 )
@@ -23,13 +29,19 @@ func ApiInitValidator() {
 	cn := zh_Hans_CN.New()
 	koT := ko.New()
 	ruT := ru.New()
 	esT := es.New()
 	frT := fr.New()
 	zhTwT := zh_Hant.New()
-	uni := ut.New(enT, cn, koT, ruT)
+	uni := ut.New(enT, cn, koT, ruT, esT, frT, zhTwT)
 	enTrans, _ := uni.GetTranslator("en")
 	zhTrans, _ := uni.GetTranslator("zh_Hans_CN")
 	koTrans, _ := uni.GetTranslator("ko")
 	ruTrans, _ := uni.GetTranslator("ru")
 	esTrans, _ := uni.GetTranslator("es")
 	frTrans, _ := uni.GetTranslator("fr")
 	zhTwTrans, _ := uni.GetTranslator("zh_Hant")
 	err := zh_translations.RegisterDefaultTranslations(validate, zhTrans)
 	if err != nil {
@@ -40,8 +52,7 @@ func ApiInitValidator() {
 		panic(err)
 	}
-	//validate没有ko的翻译，使用zh的翻译
+	err = ko_translations.RegisterDefaultTranslations(validate, koTrans)
 	err = zh_translations.RegisterDefaultTranslations(validate, koTrans)
 	if err != nil {
 		panic(err)
 	}
@@ -49,6 +60,18 @@ func ApiInitValidator() {
 	if err != nil {
 		panic(err)
 	}
 	err = es_translations.RegisterDefaultTranslations(validate, esTrans)
 	if err != nil {
 		panic(err)
 	}
 	err = fr_translations.RegisterDefaultTranslations(validate, frTrans)
 	if err != nil {
 		panic(err)
 	}
 	err = zh_tw_translations.RegisterDefaultTranslations(validate, zhTwTrans)
 	if err != nil {
 		panic(err)
 	}
 	validate.RegisterTagNameFunc(func(field reflect.StructField) string {
 		label := field.Tag.Get("label")
@@ -109,12 +132,25 @@ func getTranslatorForLang(lang string) ut.Translator {
 	case "zh":
 		trans, _ := Validator.UT.GetTranslator("zh_Hans_CN")
 		return trans
 	case "zh_TW":
 		fallthrough
 	case "zh-TW":
 		fallthrough
 	case "zh-tw":
 		trans, _ := Validator.UT.GetTranslator("zh_Hant")
 		return trans
 	case "ko":
 		trans, _ := Validator.UT.GetTranslator("ko")
 		return trans
 	case "ru":
 		trans, _ := Validator.UT.GetTranslator("ru")
 		return trans
 	case "es":
 		trans, _ := Validator.UT.GetTranslator("es")
 		return trans
 	case "fr":
 		trans, _ := Validator.UT.GetTranslator("fr")
 		return trans
 	case "en":
 		fallthrough
 	default:
--- a/global/global.go
+++ b/global/global.go
@@ -1,15 +1,16 @@
 package global
 import (
 	"Gwen/config"
 	"Gwen/lib/cache"
 	"Gwen/lib/jwt"
 	"Gwen/lib/lock"
 	"Gwen/lib/upload"
 	"github.com/gin-gonic/gin"
 	ut "github.com/go-playground/universal-translator"
 	"github.com/go-playground/validator/v10"
 	"github.com/go-redis/redis/v8"
 	"github.com/lejianwen/rustdesk-api/v2/config"
 	"github.com/lejianwen/rustdesk-api/v2/lib/cache"
 	"github.com/lejianwen/rustdesk-api/v2/lib/jwt"
 	"github.com/lejianwen/rustdesk-api/v2/lib/lock"
 	"github.com/lejianwen/rustdesk-api/v2/lib/upload"
 	"github.com/lejianwen/rustdesk-api/v2/utils"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
@@ -17,21 +18,23 @@ import (
 )
 var (
-	DB        *gorm.DB
+	DB         *gorm.DB
-	Logger    *logrus.Logger
+	Logger     *logrus.Logger
-	Config    config.Config
+	ConfigPath string = ""
-	Viper     *viper.Viper
+	Config     config.Config
-	Redis     *redis.Client
+	Viper      *viper.Viper
-	Cache     cache.Handler
+	Redis      *redis.Client
-	Validator struct {
+	Cache      cache.Handler
 	Validator  struct {
 		Validate    *validator.Validate
 		UT          *ut.UniversalTranslator
 		VTrans      ut.Translator
 		ValidStruct func(*gin.Context, interface{}) []string
 		ValidVar    func(ctx *gin.Context, field interface{}, tag string) []string
 	}
-	Oss       *upload.Oss
+	Oss          *upload.Oss
-	Jwt       *jwt.Jwt
+	Jwt          *jwt.Jwt
-	Lock      lock.Locker
+	Lock         lock.Locker
-	Localizer func(lang string) *i18n.Localizer
+	Localizer    func(lang string) *i18n.Localizer
 	LoginLimiter *utils.LoginLimiter
 )
--- a/global/i18n.go
+++ b/global/i18n.go
@@ -15,7 +15,6 @@ func InitI18n() {
 	fileInfos, err := os.ReadDir(dir)
 	if err != nil {
 		panic(err)
 		return
 	}
 	for _, fileInfo := range fileInfos {
 		//如果文件名不是.toml结尾
--- a/go.mod
+++ b/go.mod
@@ -1,34 +1,40 @@
-module Gwen
+module github.com/lejianwen/rustdesk-api/v2
-go 1.22
+go 1.23
 toolchain go1.23.10
 require (
 	github.com/BurntSushi/toml v1.3.2
 	github.com/antonfisher/nested-logrus-formatter v1.3.1
-	github.com/fsnotify/fsnotify v1.5.1
+	github.com/coreos/go-oidc/v3 v3.12.0
 	github.com/fvbock/endless v0.0.0-20170109170031-447134032cb6
 	github.com/gin-gonic/gin v1.9.0
 	github.com/go-ldap/ldap/v3 v3.4.10
 	github.com/go-playground/locales v0.14.1
 	github.com/go-playground/universal-translator v0.18.1
-	github.com/go-playground/validator/v10 v10.11.2
+	github.com/go-playground/validator/v10 v10.26.0
 	github.com/go-redis/redis/v8 v8.11.4
 	github.com/golang-jwt/jwt/v5 v5.2.1
-	github.com/google/uuid v1.1.2
+	github.com/google/uuid v1.6.0
 	github.com/mojocn/base64Captcha v1.3.6
 	github.com/nicksnyder/go-i18n/v2 v2.4.0
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.9.0
 	github.com/swaggo/files v1.0.1
 	github.com/swaggo/gin-swagger v1.6.0
 	github.com/swaggo/swag v1.16.3
 	golang.org/x/oauth2 v0.23.0
-	golang.org/x/text v0.18.0
+	golang.org/x/text v0.22.0
 	gorm.io/driver/mysql v1.5.7
 	gorm.io/driver/postgres v1.6.0
 	gorm.io/driver/sqlite v1.5.6
-	gorm.io/gorm v1.25.7
+	gorm.io/gorm v1.25.10
 )
 require (
-	cloud.google.com/go/compute/metadata v0.5.1 // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/KyleBanks/depth v1.2.1 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
@@ -36,20 +42,30 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.6 // indirect
 	github.com/go-openapi/spec v0.20.4 // indirect
 	github.com/go-openapi/swag v0.19.15 // indirect
 	github.com/go-sql-driver/mysql v1.7.0 // indirect
 	github.com/goccy/go-json v0.10.0 // indirect
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/pgx/v5 v5.6.0 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
@@ -59,6 +75,7 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml v1.9.4 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
@@ -67,10 +84,12 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.9 // indirect
 	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
-	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/crypto v0.33.0 // indirect
-	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/image v0.13.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/ini.v1 v1.63.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
--- a/http/controller/admin/addressBook.go
+++ b/http/controller/admin/addressBook.go
@@ -1,13 +1,13 @@
 package admin
 import (
-	"Gwen/global"
+	"encoding/json"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	_ "encoding/json"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 	"strconv"
 )
@@ -30,11 +30,6 @@ func (ct *AddressBook) Detail(c *gin.Context) {
 	id := c.Param("id")
 	iid, _ := strconv.Atoi(id)
 	t := service.AllService.AddressBookService.InfoByRowId(uint(iid))
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	if t.RowId > 0 {
 		response.Success(c, t)
 		return
@@ -66,9 +61,9 @@ func (ct *AddressBook) Create(c *gin.Context) {
 		return
 	}
 	t := f.ToAddressBook()
-	u := service.AllService.UserService.CurUser(c)
+	if t.UserId == 0 {
-	if !service.AllService.UserService.IsAdmin(u) || t.UserId == 0 {
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
-		t.UserId = u.Id
+		return
 	}
 	if t.CollectionId > 0 && !service.AllService.AddressBookService.CheckCollectionOwner(t.UserId, t.CollectionId) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
@@ -98,7 +93,7 @@ func (ct *AddressBook) Create(c *gin.Context) {
 // @Param body body admin.AddressBookForm true "地址簿信息"
 // @Success 200 {object} response.Response{data=model.AddressBook}
 // @Failure 500 {object} response.Response
-// @Router /admin/address_book/create [post]
+// @Router /admin/address_book/batchCreate [post]
 // @Security token
 func (ct *AddressBook) BatchCreate(c *gin.Context) {
 	f := &admin.AddressBookForm{}
@@ -111,9 +106,21 @@ func (ct *AddressBook) BatchCreate(c *gin.Context) {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	ul := len(f.UserIds)
 	if ul == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	if ul > 1 {
 		//多用户置空标签
 		f.Tags = []string{}
 		//多用户只能创建到默认地址簿
 		f.CollectionId = 0
 	}
 	//创建标签
-	for _, fu := range f.UserIds {
+	/*for _, fu := range f.UserIds {
 		if fu == 0 {
 			continue
 		}
@@ -126,13 +133,13 @@ func (ct *AddressBook) BatchCreate(c *gin.Context) {
 				})
 			}
 		}
-	}
+	}*/
 	ts := f.ToAddressBooks()
 	for _, t := range ts {
 		if t.UserId == 0 {
 			continue
 		}
-		ex := service.AllService.AddressBookService.InfoByUserIdAndId(t.UserId, t.Id)
+		ex := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(t.UserId, t.Id, t.CollectionId)
 		if ex.RowId == 0 {
 			service.AllService.AddressBookService.Create(t)
 		}
@@ -161,10 +168,6 @@ func (ct *AddressBook) List(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) || query.IsMy == 1 {
 		query.UserId = int(u.Id)
 	}
 	res := service.AllService.AddressBookService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Preload("Collection", func(txc *gorm.DB) *gorm.DB {
 			return txc.Select("id,name")
@@ -190,11 +193,6 @@ func (ct *AddressBook) List(c *gin.Context) {
 	for _, ab := range res.AddressBooks {
 		abCIds = append(abCIds, ab.CollectionId)
 	}
 	//获取地址簿名称
 	//cRes := service.AllService.AddressBookService.ListCollection(1, 999, func(tx *gorm.DB) {
 	//		tx.Where("id in ?", abCIds)
 	//})
 	//
 	response.Success(c, res)
 }
@@ -221,15 +219,15 @@ func (ct *AddressBook) Update(c *gin.Context) {
 		return
 	}
 	if f.RowId == 0 {
-		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
+		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	ex := service.AllService.AddressBookService.InfoByRowId(f.RowId)
 	if ex.RowId == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	t := f.ToAddressBook()
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	if t.CollectionId > 0 && !service.AllService.AddressBookService.CheckCollectionOwner(t.UserId, t.CollectionId) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
@@ -270,21 +268,12 @@ func (ct *AddressBook) Delete(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
-	u := service.AllService.UserService.CurUser(c)
+	err := service.AllService.AddressBookService.Delete(t)
-	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
+	if err == nil {
-		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
+		response.Success(c, nil)
 		return
 	}
-	if u.Id > 0 {
+	response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		err := service.AllService.AddressBookService.Delete(t)
 		if err == nil {
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 }
 // ShareByWebClient
@@ -327,3 +316,47 @@ func (ct *AddressBook) ShareByWebClient(c *gin.Context) {
 		"share_token": m.ShareToken,
 	})
 }
 func (ct *AddressBook) BatchCreateFromPeers(c *gin.Context) {
 	f := &admin.BatchCreateFromPeersForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if f.UserId == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	if f.CollectionId != 0 {
 		collection := service.AllService.AddressBookService.CollectionInfoById(f.CollectionId)
 		if collection.Id == 0 {
 			response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 			return
 		}
 	}
 	pl := int64(len(f.PeerIds))
 	peers := service.AllService.PeerService.List(1, uint(pl), func(tx *gorm.DB) {
 		tx.Where("row_id in ?", f.PeerIds)
 	})
 	if peers.Total == 0 || pl != peers.Total {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	tags, _ := json.Marshal(f.Tags)
 	for _, peer := range peers.Peers {
 		ab := service.AllService.AddressBookService.FromPeer(peer)
 		ab.Tags = tags
 		ab.CollectionId = f.CollectionId
 		ab.UserId = f.UserId
 		ex := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(f.UserId, ab.Id, ab.CollectionId)
 		if ex.RowId != 0 {
 			continue
 		}
 		service.AllService.AddressBookService.Create(ab)
 	}
 	response.Success(c, nil)
 }
--- a/http/controller/admin/addressBookCollection.go
+++ b/http/controller/admin/addressBookCollection.go
@@ -1,12 +1,12 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 	"strconv"
 )
@@ -14,10 +14,10 @@ import (
 type AddressBookCollection struct {
 }
-// Detail 地址簿集合
+// Detail 地址簿名称
-// @AddressBookCollections 地址簿集合
+// @Tags 地址簿名称
-// @Summary 地址簿集合详情
+// @Summary 地址簿名称详情
-// @Description 地址簿集合详情
+// @Description 地址簿名称详情
 // @Accept  json
 // @Produce  json
 // @Param id path int true "ID"
@@ -29,11 +29,6 @@ func (abc *AddressBookCollection) Detail(c *gin.Context) {
 	id := c.Param("id")
 	iid, _ := strconv.Atoi(id)
 	t := service.AllService.AddressBookService.CollectionInfoById(uint(iid))
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	if t.Id > 0 {
 		response.Success(c, t)
 		return
@@ -42,13 +37,13 @@ func (abc *AddressBookCollection) Detail(c *gin.Context) {
 	return
 }
-// Create 创建地址簿集合
+// Create 创建地址簿名称
-// @AddressBookCollections 地址簿集合
+// @Tags 地址簿名称
-// @Summary 创建地址簿集合
+// @Summary 创建地址簿名称
-// @Description 创建地址簿集合
+// @Description 创建地址簿名称
 // @Accept  json
 // @Produce  json
-// @Param body body model.AddressBookCollection true "地址簿集合信息"
+// @Param body body model.AddressBookCollection true "地址簿名称信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/address_book_collection/create [post]
@@ -64,12 +59,11 @@ func (abc *AddressBookCollection) Create(c *gin.Context) {
 		response.Fail(c, 101, errList[0])
 		return
 	}
-	//t := f.ToAddressBookCollection()
+	if f.UserId == 0 {
-	t := f
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
-	u := service.AllService.UserService.CurUser(c)
+		return
 	if !service.AllService.UserService.IsAdmin(u) || t.UserId == 0 {
 		t.UserId = u.Id
 	}
 	t := f
 	err := service.AllService.AddressBookService.CreateCollection(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
@@ -79,9 +73,9 @@ func (abc *AddressBookCollection) Create(c *gin.Context) {
 }
 // List 列表
-// @AddressBookCollections 地址簿集合
+// @Tags 地址簿名称
-// @Summary 地址簿集合列表
+// @Summary 地址簿名称列表
-// @Description 地址簿集合列表
+// @Description 地址簿名称列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
@@ -98,10 +92,6 @@ func (abc *AddressBookCollection) List(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) || query.IsMy == 1 {
 		query.UserId = int(u.Id)
 	}
 	res := service.AllService.AddressBookService.ListCollection(query.Page, query.PageSize, func(tx *gorm.DB) {
 		if query.UserId > 0 {
 			tx.Where("user_id = ?", query.UserId)
@@ -111,12 +101,12 @@ func (abc *AddressBookCollection) List(c *gin.Context) {
 }
 // Update 编辑
-// @AddressBookCollections 地址簿集合
+// @Tags 地址簿名称
-// @Summary 地址簿集合编辑
+// @Summary 地址簿名称编辑
-// @Description 地址簿集合编辑
+// @Description 地址簿名称编辑
 // @Accept  json
 // @Produce  json
-// @Param body body model.AddressBookCollection true "地址簿集合信息"
+// @Param body body model.AddressBookCollection true "地址簿名称信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/address_book_collection/update [post]
@@ -137,11 +127,6 @@ func (abc *AddressBookCollection) Update(c *gin.Context) {
 		return
 	}
 	t := f //f.ToAddressBookCollection()
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	err := service.AllService.AddressBookService.UpdateCollection(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
@@ -151,12 +136,12 @@ func (abc *AddressBookCollection) Update(c *gin.Context) {
 }
 // Delete 删除
-// @AddressBookCollections 地址簿集合
+// @Tags 地址簿名称
-// @Summary 地址簿集合删除
+// @Summary 地址簿名称删除
-// @Description 地址簿集合删除
+// @Description 地址簿名称删除
 // @Accept  json
 // @Produce  json
-// @Param body body model.AddressBookCollection true "地址簿集合信息"
+// @Param body body model.AddressBookCollection true "地址簿名称信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/address_book_collection/delete [post]
@@ -173,20 +158,15 @@ func (abc *AddressBookCollection) Delete(c *gin.Context) {
 		response.Fail(c, 101, errList[0])
 		return
 	}
-	t := service.AllService.AddressBookService.CollectionInfoById(f.Id)
+	ex := service.AllService.AddressBookService.CollectionInfoById(f.Id)
-	u := service.AllService.UserService.CurUser(c)
+	if ex.Id == 0 {
-	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
+		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
-	if u.Id > 0 {
+	err := service.AllService.AddressBookService.DeleteCollection(ex)
-		err := service.AllService.AddressBookService.DeleteCollection(t)
+	if err == nil {
-		if err == nil {
+		response.Success(c, nil)
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, err.Error())
 		return
 	}
-	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
+	response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 }
--- a/http/controller/admin/addressBookCollectionRule.go
+++ b/http/controller/admin/addressBookCollectionRule.go
@@ -1,12 +1,12 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 	"strconv"
 )
@@ -15,9 +15,9 @@ type AddressBookCollectionRule struct {
 }
 // List 列表
-// @AddressBookCollectionRule 地址簿集合规则
+// @Tags 地址簿规则
-// @Summary 地址簿集合规则列表
+// @Summary 地址簿规则列表
-// @Description 地址簿集合规则列表
+// @Description 地址簿规则列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
@@ -35,10 +35,6 @@ func (abcr *AddressBookCollectionRule) List(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) || query.IsMy == 1 {
 		query.UserId = int(u.Id)
 	}
 	res := service.AllService.AddressBookService.ListRules(query.Page, query.PageSize, func(tx *gorm.DB) {
 		if query.UserId > 0 {
@@ -51,10 +47,10 @@ func (abcr *AddressBookCollectionRule) List(c *gin.Context) {
 	response.Success(c, res)
 }
-// Detail 地址簿集合规则
+// Detail 地址簿规则
-// @AddressBookCollectionRule 地址簿集合规则
+// @Tags 地址簿规则
-// @Summary 地址簿集合规则详情
+// @Summary 地址簿规则详情
-// @Description 地址簿集合规则详情
+// @Description 地址簿规则详情
 // @Accept  json
 // @Produce  json
 // @Param id path int true "ID"
@@ -66,26 +62,20 @@ func (abcr *AddressBookCollectionRule) Detail(c *gin.Context) {
 	id := c.Param("id")
 	iid, _ := strconv.Atoi(id)
 	t := service.AllService.AddressBookService.RuleInfoById(uint(iid))
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	if t.Id > 0 {
 		response.Success(c, t)
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 	return
 }
-// Create 创建地址簿集合规则
+// Create 创建地址簿规则
-// @AddressBookCollectionRule 地址簿集合规则
+// @Tags 地址簿规则
-// @Summary 创建地址簿集合规则
+// @Summary 创建地址簿规则
-// @Description 创建地址簿集合规则
+// @Description 创建地址簿规则
 // @Accept  json
 // @Produce  json
-// @Param body body model.AddressBookCollectionRule true "地址簿集合规则信息"
+// @Param body body model.AddressBookCollectionRule true "地址簿规则信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/address_book_collection_rule/create [post]
@@ -105,13 +95,8 @@ func (abcr *AddressBookCollectionRule) Create(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	//t := f.ToAddressBookCollection()
 	t := f
-	u := service.AllService.UserService.CurUser(c)
+	msg, res := abcr.CheckForm(t)
 	if t.UserId == 0 {
 		t.UserId = u.Id
 	}
 	msg, res := abcr.CheckForm(u, t)
 	if !res {
 		response.Fail(c, 101, response.TranslateMsg(c, msg))
 		return
@@ -124,9 +109,9 @@ func (abcr *AddressBookCollectionRule) Create(c *gin.Context) {
 	response.Success(c, nil)
 }
-func (abcr *AddressBookCollectionRule) CheckForm(u *model.User, t *model.AddressBookCollectionRule) (string, bool) {
+func (abcr *AddressBookCollectionRule) CheckForm(t *model.AddressBookCollectionRule) (string, bool) {
-	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
+	if t.UserId == 0 {
-		return "NoAccess", false
+		return "ParamsError", false
 	}
 	if t.CollectionId > 0 && !service.AllService.AddressBookService.CheckCollectionOwner(t.UserId, t.CollectionId) {
 		return "ParamsError", false
@@ -135,21 +120,13 @@ func (abcr *AddressBookCollectionRule) CheckForm(u *model.User, t *model.Address
 	//check to_id
 	if t.Type == model.ShareAddressBookRuleTypePersonal {
 		if t.ToId == t.UserId {
-			return "ParamsError", false
+			return "CannotShareToSelf", false
 		}
 		tou := service.AllService.UserService.InfoById(t.ToId)
 		if tou.Id == 0 {
 			return "ItemNotFound", false
 		}
 		//非管理员不能分享给非本组织用户
 		if tou.GroupId != u.GroupId && !service.AllService.UserService.IsAdmin(u) {
 			return "NoAccess", false
 		}
 	} else if t.Type == model.ShareAddressBookRuleTypeGroup {
 		if t.ToId != u.GroupId && !service.AllService.UserService.IsAdmin(u) {
 			return "NoAccess", false
 		}
 		tog := service.AllService.GroupService.InfoById(t.ToId)
 		if tog.Id == 0 {
 			return "ItemNotFound", false
@@ -158,7 +135,7 @@ func (abcr *AddressBookCollectionRule) CheckForm(u *model.User, t *model.Address
 		return "ParamsError", false
 	}
 	// 重复检查
-	ex := service.AllService.AddressBookService.RulePersonalInfoByToIdAndCid(t.ToId, t.CollectionId)
+	ex := service.AllService.AddressBookService.RuleInfoByToIdAndCid(t.Type, t.ToId, t.CollectionId)
 	if t.Id == 0 && ex.Id > 0 {
 		return "ItemExists", false
 	}
@@ -169,12 +146,12 @@ func (abcr *AddressBookCollectionRule) CheckForm(u *model.User, t *model.Address
 }
 // Update 编辑
-// @AddressBookCollectionRule 地址簿集合规则
+// @Tags 地址簿规则
-// @Summary 地址簿集合规则编辑
+// @Summary 地址簿规则编辑
-// @Description 地址簿集合规则编辑
+// @Description 地址簿规则编辑
 // @Accept  json
 // @Produce  json
-// @Param body body model.AddressBookCollectionRule true "地址簿集合规则信息"
+// @Param body body model.AddressBookCollectionRule true "地址簿规则信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/address_book_collection_rule/update [post]
@@ -194,9 +171,8 @@ func (abcr *AddressBookCollectionRule) Update(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
-	t := f //f.ToAddressBookCollection()
+	t := f
-	u := service.AllService.UserService.CurUser(c)
+	msg, res := abcr.CheckForm(t)
 	msg, res := abcr.CheckForm(u, t)
 	if !res {
 		response.Fail(c, 101, response.TranslateMsg(c, msg))
 		return
@@ -210,12 +186,12 @@ func (abcr *AddressBookCollectionRule) Update(c *gin.Context) {
 }
 // Delete 删除
-// @AddressBookCollectionRule 地址簿集合规则
+// @Tags 地址簿规则
-// @Summary 地址簿集合规则删除
+// @Summary 地址簿规则删除
-// @Description 地址簿集合规则删除
+// @Description 地址簿规则删除
 // @Accept  json
 // @Produce  json
-// @Param body body model.AddressBookCollectionRule true "地址簿集合规则信息"
+// @Param body body model.AddressBookCollectionRule true "地址簿规则信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/address_book_collection_rule/delete [post]
@@ -232,20 +208,15 @@ func (abcr *AddressBookCollectionRule) Delete(c *gin.Context) {
 		response.Fail(c, 101, errList[0])
 		return
 	}
-	t := service.AllService.AddressBookService.RuleInfoById(f.Id)
+	ex := service.AllService.AddressBookService.RuleInfoById(f.Id)
-	u := service.AllService.UserService.CurUser(c)
+	if ex.Id == 0 {
-	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
+		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
-	if t.Id > 0 {
+	err := service.AllService.AddressBookService.DeleteRule(ex)
-		err := service.AllService.AddressBookService.DeleteRule(t)
+	if err == nil {
-		if err == nil {
+		response.Success(c, nil)
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, err.Error())
 		return
 	}
-	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
+	response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 }
--- a/http/controller/admin/audit.go
+++ b/http/controller/admin/audit.go
@@ -1,12 +1,12 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
@@ -81,6 +81,37 @@ func (a *Audit) ConnDelete(c *gin.Context) {
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 }
 // BatchConnDelete 删除
 // @Tags 链接日志
 // @Summary 链接日志批量删除
 // @Description 链接日志批量删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.AuditConnLogIds true "链接日志"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/audit_conn/batchDelete [post]
 // @Security token
 func (a *Audit) BatchConnDelete(c *gin.Context) {
 	f := &admin.AuditConnLogIds{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if len(f.Ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	err := service.AllService.AuditService.BatchDeleteAuditConn(f.Ids)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, err.Error())
 	return
 }
 // FileList 列表
 // @Tags 文件日志
 // @Summary 文件日志列表
@@ -93,7 +124,7 @@ func (a *Audit) ConnDelete(c *gin.Context) {
 // @Param from_peer query int false "来源设备"
 // @Success 200 {object} response.Response{data=model.AuditFileList}
 // @Failure 500 {object} response.Response
-// @Router /admin/audit_conn/list [get]
+// @Router /admin/audit_file/list [get]
 // @Security token
 func (a *Audit) FileList(c *gin.Context) {
 	query := &admin.AuditQuery{}
@@ -122,7 +153,7 @@ func (a *Audit) FileList(c *gin.Context) {
 // @Param body body model.AuditFile true "文件日志信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
-// @Router /admin/audit_conn/delete [post]
+// @Router /admin/audit_file/delete [post]
 // @Security token
 func (a *Audit) FileDelete(c *gin.Context) {
 	f := &model.AuditFile{}
@@ -148,3 +179,34 @@ func (a *Audit) FileDelete(c *gin.Context) {
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 }
 // BatchFileDelete 删除
 // @Tags 文件日志
 // @Summary 文件日志批量删除
 // @Description 文件日志批量删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.AuditFileLogIds true "文件日志"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/audit_file/batchDelete [post]
 // @Security token
 func (a *Audit) BatchFileDelete(c *gin.Context) {
 	f := &admin.AuditFileLogIds{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if len(f.Ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	err := service.AllService.AuditService.BatchDeleteAuditFile(f.Ids)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, err.Error())
 	return
 }
--- a/http/controller/admin/config.go
+++ b/http/controller/admin/config.go
@@ -0,0 +1,97 @@
 package admin
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"os"
 	"strings"
 )
 type Config struct {
 }
 // ServerConfig RUSTDESK服务配置
 // @Tags ADMIN
 // @Summary RUSTDESK服务配置
 // @Description 服务配置,给webclient提供api-server
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/config/server [get]
 // @Security token
 func (co *Config) ServerConfig(c *gin.Context) {
 	cf := &response.ServerConfigResponse{
 		IdServer:    global.Config.Rustdesk.IdServer,
 		Key:         global.Config.Rustdesk.Key,
 		RelayServer: global.Config.Rustdesk.RelayServer,
 		ApiServer:   global.Config.Rustdesk.ApiServer,
 	}
 	response.Success(c, cf)
 }
 // AppConfig APP服务配置
 // @Tags ADMIN
 // @Summary APP服务配置
 // @Description APP服务配置
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/config/app [get]
 // @Security token
 func (co *Config) AppConfig(c *gin.Context) {
 	response.Success(c, &gin.H{
 		"web_client": global.Config.App.WebClient,
 	})
 }
 // AdminConfig ADMIN服务配置
 // @Tags ADMIN
 // @Summary ADMIN服务配置
 // @Description ADMIN服务配置
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/config/admin [get]
 // @Security token
 func (co *Config) AdminConfig(c *gin.Context) {
 	u := &model.User{}
 	token := c.GetHeader("api-token")
 	if token != "" {
 		u, _ = service.AllService.UserService.InfoByAccessToken(token)
 		if !service.AllService.UserService.CheckUserEnable(u) {
 			u.Id = 0
 		}
 	}
 	if u.Id == 0 {
 		response.Success(c, &gin.H{
 			"title": global.Config.Admin.Title,
 		})
 		return
 	}
 	hello := global.Config.Admin.Hello
 	if hello == "" {
 		helloFile := global.Config.Admin.HelloFile
 		if helloFile != "" {
 			b, err := os.ReadFile(helloFile)
 			if err == nil && len(b) > 0 {
 				hello = string(b)
 			}
 		}
 	}
 	//replace {{username}} to username
 	hello = strings.Replace(hello, "{{username}}", u.Username, -1)
 	response.Success(c, &gin.H{
 		"title": global.Config.Admin.Title,
 		"hello": hello,
 	})
 }
--- a/http/controller/admin/deviceGroup.go
+++ b/http/controller/admin/deviceGroup.go
@@ -0,0 +1,160 @@
 package admin
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"strconv"
 )
 type DeviceGroup struct {
 }
 // Detail 设备群组
 // @Tags 设备群组
 // @Summary 设备群组详情
 // @Description 设备群组详情
 // @Accept  json
 // @Produce  json
 // @Param id path int true "ID"
 // @Success 200 {object} response.Response{data=model.Group}
 // @Failure 500 {object} response.Response
 // @Router /admin/device_group/detail/{id} [get]
 // @Security token
 func (ct *DeviceGroup) Detail(c *gin.Context) {
 	id := c.Param("id")
 	iid, _ := strconv.Atoi(id)
 	u := service.AllService.GroupService.DeviceGroupInfoById(uint(iid))
 	if u.Id > 0 {
 		response.Success(c, u)
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 	return
 }
 // Create 创建设备群组
 // @Tags 设备群组
 // @Summary 创建设备群组
 // @Description 创建设备群组
 // @Accept  json
 // @Produce  json
 // @Param body body admin.DeviceGroupForm true "设备群组信息"
 // @Success 200 {object} response.Response{data=model.DeviceGroup}
 // @Failure 500 {object} response.Response
 // @Router /admin/device_group/create [post]
 // @Security token
 func (ct *DeviceGroup) Create(c *gin.Context) {
 	f := &admin.DeviceGroupForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	u := f.ToDeviceGroup()
 	err := service.AllService.GroupService.DeviceGroupCreate(u)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // List 列表
 // @Tags 群组
 // @Summary 群组列表
 // @Description 群组列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Success 200 {object} response.Response{data=model.GroupList}
 // @Failure 500 {object} response.Response
 // @Router /admin/device_group/list [get]
 // @Security token
 func (ct *DeviceGroup) List(c *gin.Context) {
 	query := &admin.PageQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	res := service.AllService.GroupService.DeviceGroupList(query.Page, query.PageSize, nil)
 	response.Success(c, res)
 }
 // Update 编辑
 // @Tags 设备群组
 // @Summary 设备群组编辑
 // @Description 设备群组编辑
 // @Accept  json
 // @Produce  json
 // @Param body body admin.DeviceGroupForm true "群组信息"
 // @Success 200 {object} response.Response{data=model.Group}
 // @Failure 500 {object} response.Response
 // @Router /admin/device_group/update [post]
 // @Security token
 func (ct *DeviceGroup) Update(c *gin.Context) {
 	f := &admin.DeviceGroupForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if f.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	u := f.ToDeviceGroup()
 	err := service.AllService.GroupService.DeviceGroupUpdate(u)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // Delete 删除
 // @Tags 设备群组
 // @Summary 设备群组删除
 // @Description 设备群组删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.DeviceGroupForm true "群组信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/device_group/delete [post]
 // @Security token
 func (ct *DeviceGroup) Delete(c *gin.Context) {
 	f := &admin.DeviceGroupForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	u := service.AllService.GroupService.DeviceGroupInfoById(f.Id)
 	if u.Id > 0 {
 		err := service.AllService.GroupService.DeviceGroupDelete(u)
 		if err == nil {
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 }
--- a/http/controller/admin/file.go
+++ b/http/controller/admin/file.go
@@ -1,11 +1,11 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/response"
 	"Gwen/lib/upload"
 	"fmt"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/lib/upload"
 	"os"
 	"time"
 )
@@ -38,7 +38,7 @@ func (f *File) Notify(c *gin.Context) {
 	res := global.Oss.Verify(c.Request)
 	if !res {
-		response.Fail(c, 101, "权限错误")
+		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	fm := &FileBack{}
--- a/http/controller/admin/group.go
+++ b/http/controller/admin/group.go
@@ -1,11 +1,11 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"strconv"
 )
--- a/http/controller/admin/login.go
+++ b/http/controller/admin/login.go
@@ -1,14 +1,17 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	adResp "Gwen/http/response/admin"
 	"Gwen/model"
 	"Gwen/service"
 	"fmt"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/controller/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	apiReq "github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	adResp "github.com/lejianwen/rustdesk-api/v2/http/response/admin"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 )
 type Login struct {
@@ -26,42 +29,103 @@ type Login struct {
 // @Router /admin/login [post]
 // @Security token
 func (ct *Login) Login(c *gin.Context) {
 	if global.Config.App.DisablePwdLogin {
 		response.Fail(c, 101, response.TranslateMsg(c, "PwdLoginDisabled"))
 		return
 	}
 	// 检查登录限制
 	loginLimiter := global.LoginLimiter
 	clientIp := c.ClientIP()
 	_, needCaptcha := loginLimiter.CheckSecurityStatus(clientIp)
 	f := &admin.Login{}
 	err := c.ShouldBindJSON(f)
 	if err != nil {
-		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "ParamsError", c.RemoteIP(), c.ClientIP()))
+		loginLimiter.RecordFailedAttempt(clientIp)
 		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "ParamsError", c.RemoteIP(), clientIp))
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
-		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "ParamsError", c.RemoteIP(), c.ClientIP()))
+		loginLimiter.RecordFailedAttempt(clientIp)
 		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "ParamsError", c.RemoteIP(), clientIp))
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	// 检查是否需要验证码
 	if needCaptcha {
 		if f.CaptchaId == "" || f.Captcha == "" || !loginLimiter.VerifyCaptcha(f.CaptchaId, f.Captcha) {
 			response.Fail(c, 101, response.TranslateMsg(c, "CaptchaError"))
 			return
 		}
 	}
 	u := service.AllService.UserService.InfoByUsernamePassword(f.Username, f.Password)
 	if u.Id == 0 {
-		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "UsernameOrPasswordError", c.RemoteIP(), c.ClientIP()))
+		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "UsernameOrPasswordError", c.RemoteIP(), clientIp))
-		response.Fail(c, 101, response.TranslateMsg(c, "UsernameOrPasswordError"))
+		loginLimiter.RecordFailedAttempt(clientIp)
 		if _, needCaptcha = loginLimiter.CheckSecurityStatus(clientIp); needCaptcha {
 			response.Fail(c, 110, response.TranslateMsg(c, "UsernameOrPasswordError"))
 		} else {
 			response.Fail(c, 101, response.TranslateMsg(c, "UsernameOrPasswordError"))
 		}
 		return
 	}
 	if !service.AllService.UserService.CheckUserEnable(u) {
 		if needCaptcha {
 			response.Fail(c, 110, response.TranslateMsg(c, "UserDisabled"))
 			return
 		}
 		response.Fail(c, 101, response.TranslateMsg(c, "UserDisabled"))
 		return
 	}
 	ut := service.AllService.UserService.Login(u, &model.LoginLog{
 		UserId:   u.Id,
-		Client:   "webadmin",
+		Client:   model.LoginLogClientWebAdmin,
-		Uuid:     "",
+		Uuid:     "", //must be empty
-		Ip:       c.ClientIP(),
+		Ip:       clientIp,
-		Type:     "account",
+		Type:     model.LoginLogTypeAccount,
 		Platform: f.Platform,
 	})
-	response.Success(c, &adResp.LoginPayload{
+	// 登录成功，清除登录限制
-		Token:      ut.Token,
+	loginLimiter.RemoveAttempts(clientIp)
-		Username:   u.Username,
+	responseLoginSuccess(c, u, ut.Token)
-		RouteNames: service.AllService.UserService.RouteNames(u),
+}
-		Nickname:   u.Nickname,
+func (ct *Login) Captcha(c *gin.Context) {
 	loginLimiter := global.LoginLimiter
 	clientIp := c.ClientIP()
 	banned, needCaptcha := loginLimiter.CheckSecurityStatus(clientIp)
 	if banned {
 		response.Fail(c, 101, response.TranslateMsg(c, "LoginBanned"))
 		return
 	}
 	if !needCaptcha {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoCaptchaRequired"))
 		return
 	}
 	err, captcha := loginLimiter.RequireCaptcha()
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "CaptchaError")+err.Error())
 		return
 	}
 	err, b64 := loginLimiter.DrawCaptcha(captcha.Content)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "CaptchaError")+err.Error())
 		return
 	}
 	response.Success(c, gin.H{
 		"captcha": gin.H{
 			"id":  captcha.Id,
 			"b64": b64,
 		},
 	})
 }
@@ -82,3 +146,97 @@ func (ct *Login) Logout(c *gin.Context) {
 	}
 	response.Success(c, nil)
 }
 // LoginOptions
 // @Tags 登录
 // @Summary 登录选项
 // @Description 登录选项
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} []string
 // @Failure 500 {object} response.ErrorResponse
 // @Router /admin/login-options [post]
 func (ct *Login) LoginOptions(c *gin.Context) {
 	loginLimiter := global.LoginLimiter
 	clientIp := c.ClientIP()
 	banned, needCaptcha := loginLimiter.CheckSecurityStatus(clientIp)
 	if banned {
 		response.Fail(c, 101, response.TranslateMsg(c, "LoginBanned"))
 		return
 	}
 	ops := service.AllService.OauthService.GetOauthProviders()
 	response.Success(c, gin.H{
 		"ops":          ops,
 		"register":     global.Config.App.Register,
 		"need_captcha": needCaptcha,
 		"disable_pwd": 	global.Config.App.DisablePwdLogin,
 		"auto_oidc":  	global.Config.App.DisablePwdLogin && len(ops) == 1,
 	})
 }
 // OidcAuth
 // @Tags Oauth
 // @Summary OidcAuth
 // @Description OidcAuth
 // @Accept  json
 // @Produce  json
 // @Router /admin/oidc/auth [post]
 func (ct *Login) OidcAuth(c *gin.Context) {
 	// o := &api.Oauth{}
 	// o.OidcAuth(c)
 	f := &apiReq.OidcAuthRequest{}
 	err := c.ShouldBindJSON(f)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(c, f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
 	}
 	service.AllService.OauthService.SetOauthCache(state, &service.OauthCacheItem{
 		Action:     service.OauthActionTypeLogin,
 		Op:         f.Op,
 		Id:         f.Id,
 		DeviceType: "webadmin",
 		// DeviceOs: ct.Platform(c),
 		DeviceOs: f.DeviceInfo.Os,
 		Uuid:     f.Uuid,
 		Verifier: verifier,
 		Nonce:    nonce,
 	}, 5*60)
 	response.Success(c, gin.H{
 		"code": state,
 		"url":  url,
 	})
 }
 // OidcAuthQuery
 // @Tags Oauth
 // @Summary OidcAuthQuery
 // @Description OidcAuthQuery
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} response.Response{data=adResp.LoginPayload}
 // @Failure 500 {object} response.Response
 // @Router /admin/oidc/auth-query [get]
 func (ct *Login) OidcAuthQuery(c *gin.Context) {
 	o := &api.Oauth{}
 	u, ut := o.OidcAuthQueryPre(c)
 	if ut == nil {
 		return
 	}
 	responseLoginSuccess(c, u, ut.Token)
 }
 func responseLoginSuccess(c *gin.Context, u *model.User, token string) {
 	lp := &adResp.LoginPayload{}
 	lp.FromUser(u)
 	lp.Token = token
 	lp.RouteNames = service.AllService.UserService.RouteNames(u)
 	response.Success(c, lp)
 }
--- a/http/controller/admin/loginLog.go
+++ b/http/controller/admin/loginLog.go
@@ -1,12 +1,12 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 	"strconv"
 )
@@ -23,7 +23,7 @@ type LoginLog struct {
 // @Param id path int true "ID"
 // @Success 200 {object} response.Response{data=model.LoginLog}
 // @Failure 500 {object} response.Response
-// @Router /admin/loginLog/detail/{id} [get]
+// @Router /admin/login_log/detail/{id} [get]
 // @Security token
 func (ct *LoginLog) Detail(c *gin.Context) {
 	id := c.Param("id")
@@ -48,7 +48,7 @@ func (ct *LoginLog) Detail(c *gin.Context) {
 // @Param user_id query int false "用户ID"
 // @Success 200 {object} response.Response{data=model.LoginLogList}
 // @Failure 500 {object} response.Response
-// @Router /admin/loginLog/list [get]
+// @Router /admin/login_log/list [get]
 // @Security token
 func (ct *LoginLog) List(c *gin.Context) {
 	query := &admin.LoginLogQuery{}
@@ -56,10 +56,6 @@ func (ct *LoginLog) List(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) || query.IsMy == 1 {
 		query.UserId = int(u.Id)
 	}
 	res := service.AllService.LoginLogService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		if query.UserId > 0 {
 			tx.Where("user_id = ?", query.UserId)
@@ -78,7 +74,7 @@ func (ct *LoginLog) List(c *gin.Context) {
 // @Param body body model.LoginLog true "登录日志信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
-// @Router /admin/loginLog/delete [post]
+// @Router /admin/login_log/delete [post]
 // @Security token
 func (ct *LoginLog) Delete(c *gin.Context) {
 	f := &model.LoginLog{}
@@ -93,19 +89,45 @@ func (ct *LoginLog) Delete(c *gin.Context) {
 		return
 	}
 	l := service.AllService.LoginLogService.InfoById(f.Id)
-	u := service.AllService.UserService.CurUser(c)
+	if l.Id == 0 {
-	if !service.AllService.UserService.IsAdmin(u) && l.UserId != u.Id {
+		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
-	if l.Id > 0 {
+	err := service.AllService.LoginLogService.Delete(l)
-		err := service.AllService.LoginLogService.Delete(l)
+	if err == nil {
-		if err == nil {
+		response.Success(c, nil)
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, err.Error())
 		return
 	}
-	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
+	response.Fail(c, 101, err.Error())
 }
 // BatchDelete 删除
 // @Tags 登录日志
 // @Summary 登录日志批量删除
 // @Description 登录日志批量删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.LoginLogIds true "登录日志"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/login_log/batchDelete [post]
 // @Security token
 func (ct *LoginLog) BatchDelete(c *gin.Context) {
 	f := &admin.LoginLogIds{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if len(f.Ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	err := service.AllService.LoginLogService.BatchDelete(f.Ids)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, err.Error())
 	return
 }
--- a/http/controller/admin/my/addressBook.go
+++ b/http/controller/admin/my/addressBook.go
@@ -0,0 +1,271 @@
 package my
 import (
 	"encoding/json"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type AddressBook struct{}
 // List 列表
 // @Tags 我的地址簿
 // @Summary 地址簿列表
 // @Description 地址簿列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Param user_id query int false "用户id"
 // @Success 200 {object} response.Response{data=model.AddressBookList}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book/list [get]
 // @Security token
 func (ct *AddressBook) List(c *gin.Context) {
 	query := &admin.AddressBookQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	query.UserId = int(u.Id)
 	res := service.AllService.AddressBookService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		//预加载地址簿名称
 		tx.Preload("Collection", func(txc *gorm.DB) *gorm.DB {
 			return txc.Select("id,name")
 		})
 		if query.Id != "" {
 			tx.Where("id like ?", "%"+query.Id+"%")
 		}
 		tx.Where("user_id = ?", query.UserId)
 		if query.Username != "" {
 			tx.Where("username like ?", "%"+query.Username+"%")
 		}
 		if query.Hostname != "" {
 			tx.Where("hostname like ?", "%"+query.Hostname+"%")
 		}
 		if query.CollectionId != nil && *query.CollectionId >= 0 {
 			tx.Where("collection_id = ?", query.CollectionId)
 		}
 	})
 	abCIds := make([]uint, 0)
 	for _, ab := range res.AddressBooks {
 		abCIds = append(abCIds, ab.CollectionId)
 	}
 	response.Success(c, res)
 }
 // Create 创建地址簿
 // @Tags 我的地址簿
 // @Summary 创建地址簿
 // @Description 创建地址簿
 // @Accept  json
 // @Produce  json
 // @Param body body admin.AddressBookForm true "地址簿信息"
 // @Success 200 {object} response.Response{data=model.AddressBook}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book/create [post]
 // @Security token
 func (ct *AddressBook) Create(c *gin.Context) {
 	f := &admin.AddressBookForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	t := f.ToAddressBook()
 	u := service.AllService.UserService.CurUser(c)
 	t.UserId = u.Id
 	if t.CollectionId > 0 && !service.AllService.AddressBookService.CheckCollectionOwner(t.UserId, t.CollectionId) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	ex := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(t.UserId, t.Id, t.CollectionId)
 	if ex.RowId > 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemExists"))
 		return
 	}
 	err := service.AllService.AddressBookService.Create(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // Update 编辑
 // @Tags 我的地址簿
 // @Summary 地址簿编辑
 // @Description 地址簿编辑
 // @Accept  json
 // @Produce  json
 // @Param body body admin.AddressBookForm true "地址簿信息"
 // @Success 200 {object} response.Response{data=model.AddressBook}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book/update [post]
 // @Security token
 func (ct *AddressBook) Update(c *gin.Context) {
 	f := &admin.AddressBookForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	if f.RowId == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if f.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	ex := service.AllService.AddressBookService.InfoByRowId(f.RowId)
 	if ex.RowId == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	t := f.ToAddressBook()
 	if t.CollectionId > 0 && !service.AllService.AddressBookService.CheckCollectionOwner(t.UserId, t.CollectionId) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	err := service.AllService.AddressBookService.UpdateAll(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // Delete 删除
 // @Tags 我的地址簿
 // @Summary 地址簿删除
 // @Description 地址簿删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.AddressBookForm true "地址簿信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book/delete [post]
 // @Security token
 func (ct *AddressBook) Delete(c *gin.Context) {
 	f := &admin.AddressBookForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.RowId
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	ex := service.AllService.AddressBookService.InfoByRowId(f.RowId)
 	if ex.RowId == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	err := service.AllService.AddressBookService.Delete(ex)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 	return
 }
 func (ct *AddressBook) BatchCreateFromPeers(c *gin.Context) {
 	f := &admin.BatchCreateFromPeersForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if f.CollectionId != 0 {
 		collection := service.AllService.AddressBookService.CollectionInfoById(f.CollectionId)
 		if collection.Id == 0 {
 			response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 			return
 		}
 		if collection.UserId != u.Id {
 			response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 			return
 		}
 	}
 	if len(f.PeerIds) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	pl := int64(len(f.PeerIds))
 	peers := service.AllService.PeerService.List(1, uint(pl), func(tx *gorm.DB) {
 		tx.Where("row_id in ?", f.PeerIds)
 		tx.Where("user_id = ?", u.Id)
 	})
 	if peers.Total == 0 || pl != peers.Total {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	tags, _ := json.Marshal(f.Tags)
 	for _, peer := range peers.Peers {
 		ab := service.AllService.AddressBookService.FromPeer(peer)
 		ab.Tags = tags
 		ab.CollectionId = f.CollectionId
 		ex := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(u.Id, ab.Id, ab.CollectionId)
 		if ex.RowId != 0 {
 			continue
 		}
 		service.AllService.AddressBookService.Create(ab)
 	}
 	response.Success(c, nil)
 }
 func (ct *AddressBook) BatchUpdateTags(c *gin.Context) {
 	f := &admin.BatchUpdateTagsForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	abs := service.AllService.AddressBookService.List(1, 999, func(tx *gorm.DB) {
 		tx.Where("row_id in ?", f.RowIds)
 		tx.Where("user_id = ?", u.Id)
 	})
 	if abs.Total == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	err := service.AllService.AddressBookService.BatchUpdateTags(abs.AddressBooks, f.Tags)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
--- a/http/controller/admin/my/addressBookCollection.go
+++ b/http/controller/admin/my/addressBookCollection.go
@@ -0,0 +1,162 @@
 package my
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type AddressBookCollection struct {
 }
 // Create 创建地址簿名称
 // @Tags 我的地址簿名称
 // @Summary 创建地址簿名称
 // @Description 创建地址簿名称
 // @Accept  json
 // @Produce  json
 // @Param body body model.AddressBookCollection true "地址簿名称信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection/create [post]
 // @Security token
 func (abc *AddressBookCollection) Create(c *gin.Context) {
 	f := &model.AddressBookCollection{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	f.UserId = u.Id
 	err := service.AllService.AddressBookService.CreateCollection(f)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // List 列表
 // @Tags 我的地址簿名称
 // @Summary 地址簿名称列表
 // @Description 地址簿名称列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Success 200 {object} response.Response{data=model.AddressBookCollectionList}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection/list [get]
 // @Security token
 func (abc *AddressBookCollection) List(c *gin.Context) {
 	query := &admin.AddressBookCollectionQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	query.UserId = int(u.Id)
 	res := service.AllService.AddressBookService.ListCollection(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Where("user_id = ?", query.UserId)
 	})
 	response.Success(c, res)
 }
 // Update 编辑
 // @Tags 我的地址簿名称
 // @Summary 地址簿名称编辑
 // @Description 地址簿名称编辑
 // @Accept  json
 // @Produce  json
 // @Param body body model.AddressBookCollection true "地址簿名称信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection/update [post]
 // @Security token
 func (abc *AddressBookCollection) Update(c *gin.Context) {
 	f := &model.AddressBookCollection{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	if f.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	//if f.UserId != u.Id {
 	//	response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 	//	return
 	//}
 	ex := service.AllService.AddressBookService.CollectionInfoById(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	err := service.AllService.AddressBookService.UpdateCollection(f)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // Delete 删除
 // @Tags 我的地址簿名称
 // @Summary 地址簿名称删除
 // @Description 地址簿名称删除
 // @Accept  json
 // @Produce  json
 // @Param body body model.AddressBookCollection true "地址簿名称信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection/delete [post]
 // @Security token
 func (abc *AddressBookCollection) Delete(c *gin.Context) {
 	f := &model.AddressBookCollection{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	ex := service.AllService.AddressBookService.CollectionInfoById(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	err := service.AllService.AddressBookService.DeleteCollection(ex)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 }
--- a/http/controller/admin/my/addressBookCollectionRule.go
+++ b/http/controller/admin/my/addressBookCollectionRule.go
@@ -0,0 +1,228 @@
 package my
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type AddressBookCollectionRule struct {
 }
 // List 列表
 // @Tags 我的地址簿规则
 // @Summary 地址簿规则列表
 // @Description 地址簿规则列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Param is_my query int false "是否是我的"
 // @Param user_id query int false "用户id"
 // @Param collection_id query int false "地址簿集合id"
 // @Success 200 {object} response.Response{data=model.AddressBookCollectionList}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection_rule/list [get]
 // @Security token
 func (abcr *AddressBookCollectionRule) List(c *gin.Context) {
 	query := &admin.AddressBookCollectionRuleQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	query.UserId = int(u.Id)
 	res := service.AllService.AddressBookService.ListRules(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Where("user_id = ?", query.UserId)
 		if query.CollectionId > 0 {
 			tx.Where("collection_id = ?", query.CollectionId)
 		}
 	})
 	response.Success(c, res)
 }
 // Create 创建地址簿规则
 // @Tags 我的地址簿规则
 // @Summary 创建地址簿规则
 // @Description 创建地址簿规则
 // @Accept  json
 // @Produce  json
 // @Param body body model.AddressBookCollectionRule true "地址簿规则信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection_rule/create [post]
 // @Security token
 func (abcr *AddressBookCollectionRule) Create(c *gin.Context) {
 	f := &model.AddressBookCollectionRule{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	if f.Type != model.ShareAddressBookRuleTypePersonal && f.Type != model.ShareAddressBookRuleTypeGroup {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	//t := f.ToAddressBookCollection()
 	t := f
 	u := service.AllService.UserService.CurUser(c)
 	t.UserId = u.Id
 	msg, res := abcr.CheckForm(u, t)
 	if !res {
 		response.Fail(c, 101, response.TranslateMsg(c, msg))
 		return
 	}
 	err := service.AllService.AddressBookService.CreateRule(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 func (abcr *AddressBookCollectionRule) CheckForm(u *model.User, t *model.AddressBookCollectionRule) (string, bool) {
 	if t.UserId != u.Id {
 		return "NoAccess", false
 	}
 	if t.CollectionId > 0 && !service.AllService.AddressBookService.CheckCollectionOwner(t.UserId, t.CollectionId) {
 		return "ParamsError", false
 	}
 	//check to_id
 	if t.Type == model.ShareAddressBookRuleTypePersonal {
 		if t.ToId == t.UserId {
 			return "CannotShareToSelf", false
 		}
 		tou := service.AllService.UserService.InfoById(t.ToId)
 		if tou.Id == 0 {
 			return "ItemNotFound", false
 		}
 		//非管理员不能分享给非本组织用户
 		//if tou.GroupId != u.GroupId {
 		//	return "NoAccess", false
 		//}
 	} else if t.Type == model.ShareAddressBookRuleTypeGroup {
 		//非管理员不能分享给其他组
 		//if t.ToId != u.GroupId {
 		//	return "NoAccess", false
 		//}
 		tog := service.AllService.GroupService.InfoById(t.ToId)
 		if tog.Id == 0 {
 			return "ItemNotFound", false
 		}
 	} else {
 		return "ParamsError", false
 	}
 	// 重复检查
 	ex := service.AllService.AddressBookService.RuleInfoByToIdAndCid(t.Type, t.ToId, t.CollectionId)
 	if t.Id == 0 && ex.Id > 0 {
 		return "ItemExists", false
 	}
 	if t.Id > 0 && ex.Id > 0 && t.Id != ex.Id {
 		return "ItemExists", false
 	}
 	return "", true
 }
 // Update 编辑
 // @Tags 我的地址簿规则
 // @Summary 地址簿规则编辑
 // @Description 地址簿规则编辑
 // @Accept  json
 // @Produce  json
 // @Param body body model.AddressBookCollectionRule true "地址簿规则信息"
 // @Success 200 {object} response.Response{data=model.AddressBookCollection}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection_rule/update [post]
 // @Security token
 func (abcr *AddressBookCollectionRule) Update(c *gin.Context) {
 	f := &model.AddressBookCollectionRule{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	if f.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	ex := service.AllService.AddressBookService.RuleInfoById(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	t := f
 	msg, res := abcr.CheckForm(u, t)
 	if !res {
 		response.Fail(c, 101, response.TranslateMsg(c, msg))
 		return
 	}
 	err := service.AllService.AddressBookService.UpdateRule(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // Delete 删除
 // @Tags 我的地址簿规则
 // @Summary 地址簿规则删除
 // @Description 地址簿规则删除
 // @Accept  json
 // @Produce  json
 // @Param body body model.AddressBookCollectionRule true "地址簿规则信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/address_book_collection_rule/delete [post]
 // @Security token
 func (abcr *AddressBookCollectionRule) Delete(c *gin.Context) {
 	f := &model.AddressBookCollectionRule{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	ex := service.AllService.AddressBookService.RuleInfoById(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	err := service.AllService.AddressBookService.DeleteRule(ex)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 }
--- a/http/controller/admin/my/loginLog.go
+++ b/http/controller/admin/my/loginLog.go
@@ -0,0 +1,113 @@
 package my
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type LoginLog struct {
 }
 // List 列表
 // @Tags 我的登录日志
 // @Summary 登录日志列表
 // @Description 登录日志列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Param user_id query int false "用户ID"
 // @Success 200 {object} response.Response{data=model.LoginLogList}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/login_log/list [get]
 // @Security token
 func (ct *LoginLog) List(c *gin.Context) {
 	query := &admin.LoginLogQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	res := service.AllService.LoginLogService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Where("user_id = ? and is_deleted = ?", u.Id, model.IsDeletedNo)
 		tx.Order("id desc")
 	})
 	response.Success(c, res)
 }
 // Delete 删除
 // @Tags 我的登录日志
 // @Summary 登录日志删除
 // @Description 登录日志删除
 // @Accept  json
 // @Produce  json
 // @Param body body model.LoginLog true "登录日志信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/login_log/delete [post]
 // @Security token
 func (ct *LoginLog) Delete(c *gin.Context) {
 	f := &model.LoginLog{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	l := service.AllService.LoginLogService.InfoById(f.Id)
 	if l.Id == 0 || l.IsDeleted == model.IsDeletedYes {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if l.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	err := service.AllService.LoginLogService.SoftDelete(l)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, err.Error())
 }
 // BatchDelete 删除
 // @Tags 我的登录日志
 // @Summary 登录日志批量删除
 // @Description 登录日志批量删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.LoginLogIds true "登录日志"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/login_log/batchDelete [post]
 // @Security token
 func (ct *LoginLog) BatchDelete(c *gin.Context) {
 	f := &admin.LoginLogIds{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if len(f.Ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	err := service.AllService.LoginLogService.BatchSoftDelete(u.Id, f.Ids)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, err.Error())
 	return
 }
--- a/http/controller/admin/my/peer.go
+++ b/http/controller/admin/my/peer.go
@@ -0,0 +1,59 @@
 package my
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 	"time"
 )
 type Peer struct {
 }
 // List 列表
 // @Tags 我的设备
 // @Summary 设备列表
 // @Description 设备列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Param time_ago query int false "时间"
 // @Param id query string false "ID"
 // @Param hostname query string false "主机名"
 // @Param uuids query string false "uuids 用逗号分隔"
 // @Success 200 {object} response.Response{data=model.PeerList}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/peer/list [get]
 // @Security token
 func (ct *Peer) List(c *gin.Context) {
 	query := &admin.PeerQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	res := service.AllService.PeerService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Where("user_id = ?", u.Id)
 		if query.TimeAgo > 0 {
 			lt := time.Now().Unix() - int64(query.TimeAgo)
 			tx.Where("last_online_time < ?", lt)
 		}
 		if query.TimeAgo < 0 {
 			lt := time.Now().Unix() + int64(query.TimeAgo)
 			tx.Where("last_online_time > ?", lt)
 		}
 		if query.Id != "" {
 			tx.Where("id like ?", "%"+query.Id+"%")
 		}
 		if query.Hostname != "" {
 			tx.Where("hostname like ?", "%"+query.Hostname+"%")
 		}
 		if query.Uuids != "" {
 			tx.Where("uuid in (?)", query.Uuids)
 		}
 	})
 	response.Success(c, res)
 }
--- a/http/controller/admin/my/shareRecord.go
+++ b/http/controller/admin/my/shareRecord.go
@@ -0,0 +1,119 @@
 package my
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type ShareRecord struct {
 }
 // List 分享记录列表
 // @Tags 我的分享记录
 // @Summary 分享记录列表
 // @Description 分享记录列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/share_record/list [get]
 // @Security token
 func (sr *ShareRecord) List(c *gin.Context) {
 	query := &admin.PageQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	res := service.AllService.ShareRecordService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Where("user_id = ?", u.Id)
 	})
 	response.Success(c, res)
 }
 // Delete 分享记录删除
 // @Tags 我的分享记录
 // @Summary 分享记录删除
 // @Description 分享记录删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.ShareRecordForm true "分享记录信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/share_record/delete [post]
 // @Security token
 func (sr *ShareRecord) Delete(c *gin.Context) {
 	f := &admin.ShareRecordForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	i := service.AllService.ShareRecordService.InfoById(f.Id)
 	if i.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	if i.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	err := service.AllService.ShareRecordService.Delete(i)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 }
 // BatchDelete 批量删除我的分享记录
 // @Tags 我的
 // @Summary 批量删除我的分享记录
 // @Description 批量删除我的分享记录
 // @Accept  json
 // @Produce  json
 // @Param body body admin.PeerShareRecordBatchDeleteForm true "id"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/share_record/batchDelete [post]
 // @Security token
 func (sr *ShareRecord) BatchDelete(c *gin.Context) {
 	f := &admin.PeerShareRecordBatchDeleteForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if len(f.Ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	var l int64
 	l = int64(len(f.Ids))
 	res := service.AllService.ShareRecordService.List(1, uint(l), func(tx *gorm.DB) {
 		tx.Where("user_id = ?", u.Id)
 		tx.Where("id in ?", f.Ids)
 	})
 	if res.Total != l {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	err := service.AllService.ShareRecordService.BatchDelete(f.Ids)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
--- a/http/controller/admin/my/tag.go
+++ b/http/controller/admin/my/tag.go
@@ -0,0 +1,176 @@
 package my
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type Tag struct{}
 // List 列表
 // @Tags 我的标签
 // @Summary 标签列表
 // @Description 标签列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Param is_my query int false "是否是我的"
 // @Param user_id query int false "用户id"
 // @Success 200 {object} response.Response{data=model.TagList}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/tag/list [get]
 // @Security token
 func (ct *Tag) List(c *gin.Context) {
 	query := &admin.TagQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	query.UserId = int(u.Id)
 	res := service.AllService.TagService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Preload("Collection", func(txc *gorm.DB) *gorm.DB {
 			return txc.Select("id,name")
 		})
 		tx.Where("user_id = ?", query.UserId)
 		if query.CollectionId != nil && *query.CollectionId >= 0 {
 			tx.Where("collection_id = ?", query.CollectionId)
 		}
 	})
 	response.Success(c, res)
 }
 // Create 创建标签
 // @Tags 我的标签
 // @Summary 创建标签
 // @Description 创建标签
 // @Accept  json
 // @Produce  json
 // @Param body body admin.TagForm true "标签信息"
 // @Success 200 {object} response.Response{data=model.Tag}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/tag/create [post]
 // @Security token
 func (ct *Tag) Create(c *gin.Context) {
 	f := &admin.TagForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	t := f.ToTag()
 	u := service.AllService.UserService.CurUser(c)
 	t.UserId = u.Id
 	err := service.AllService.TagService.Create(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // Update 编辑
 // @Tags 我的标签
 // @Summary 标签编辑
 // @Description 标签编辑
 // @Accept  json
 // @Produce  json
 // @Param body body admin.TagForm true "标签信息"
 // @Success 200 {object} response.Response{data=model.Tag}
 // @Failure 500 {object} response.Response
 // @Router /admin/my/tag/update [post]
 // @Security token
 func (ct *Tag) Update(c *gin.Context) {
 	f := &admin.TagForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	if f.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if f.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	ex := service.AllService.TagService.InfoById(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	t := f.ToTag()
 	if t.CollectionId > 0 && !service.AllService.AddressBookService.CheckCollectionOwner(t.UserId, t.CollectionId) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	err := service.AllService.TagService.Update(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 // Delete 删除
 // @Tags 标签
 // @Summary 标签删除
 // @Description 标签删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.TagForm true "标签信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/my/tag/delete [post]
 // @Security token
 func (ct *Tag) Delete(c *gin.Context) {
 	f := &admin.TagForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	ex := service.AllService.TagService.InfoById(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if ex.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	err := service.AllService.TagService.Delete(ex)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, err.Error())
 	return
 }
--- a/http/controller/admin/oauth.go
+++ b/http/controller/admin/oauth.go
@@ -1,14 +1,14 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	adminReq "Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"strconv"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	adminReq "github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 )
 type Oauth struct {
@@ -44,20 +44,22 @@ func (o *Oauth) ToBind(c *gin.Context) {
 		return
 	}
-	err, code, url := service.AllService.OauthService.BeginAuth(f.Op)
+	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(c, f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
 	}
-	service.AllService.OauthService.SetOauthCache(code, &service.OauthCacheItem{
+	service.AllService.OauthService.SetOauthCache(state, &service.OauthCacheItem{
-		Action: service.OauthActionTypeBind,
+		Action:   service.OauthActionTypeBind,
-		Op:     f.Op,
+		Op:       f.Op,
-		UserId: u.Id,
+		UserId:   u.Id,
 		Verifier: verifier,
 		Nonce:    nonce,
 	}, 5*60)
 	response.Success(c, gin.H{
-		"code": code,
+		"code": state,
 		"url":  url,
 	})
 }
@@ -67,16 +69,16 @@ func (o *Oauth) Confirm(c *gin.Context) {
 	j := &adminReq.OauthConfirmForm{}
 	err := c.ShouldBindJSON(j)
 	if err != nil {
-		response.Fail(c, 101, "参数错误"+err.Error())
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if j.Code == "" {
-		response.Fail(c, 101, "参数错误: code 不存在")
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	v := service.AllService.OauthService.GetOauthCache(j.Code)
 	if v == nil {
-		response.Fail(c, 101, "授权已过期")
+		response.Fail(c, 101, response.TranslateMsg(c, "OauthExpired"))
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
@@ -96,21 +98,23 @@ func (o *Oauth) BindConfirm(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
-	v := service.AllService.OauthService.GetOauthCache(j.Code)
+	oauthService := service.AllService.OauthService
-	if v == nil {
+	oauthCache := oauthService.GetOauthCache(j.Code)
 	if oauthCache == nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OauthExpired"))
 		return
 	}
-	u := service.AllService.UserService.CurUser(c)
+	oauthUser := oauthCache.ToOauthUser()
-	err = service.AllService.OauthService.BindGithubUser(v.ThirdOpenId, v.ThirdOpenId, u.Id)
+	user := service.AllService.UserService.CurUser(c)
 	err = oauthService.BindOauthUser(user.Id, oauthUser, oauthCache.Op)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "BindFail"))
 		return
 	}
-	v.UserId = u.Id
+	oauthCache.UserId = user.Id
-	service.AllService.OauthService.SetOauthCache(j.Code, v, 0)
+	oauthService.SetOauthCache(j.Code, oauthCache, 0)
-	response.Success(c, v)
+	response.Success(c, oauthCache)
 }
 func (o *Oauth) Unbind(c *gin.Context) {
@@ -126,21 +130,11 @@ func (o *Oauth) Unbind(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
-	if f.Op == model.OauthTypeGithub {
+	err = service.AllService.OauthService.UnBindOauthUser(u.Id, f.Op)
-		err = service.AllService.OauthService.UnBindGithubUser(u.Id)
+	if err != nil {
-		if err != nil {
+		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
-			response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
+		return
 			return
 		}
 	}
 	if f.Op == model.OauthTypeGoogle {
 		err = service.AllService.OauthService.UnBindGoogleUser(u.Id)
 		if err != nil {
 			response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 			return
 		}
 	}
 	response.Success(c, nil)
 }
@@ -189,15 +183,18 @@ func (o *Oauth) Create(c *gin.Context) {
 		response.Fail(c, 101, errList[0])
 		return
 	}
-
+	u := f.ToOauth()
-	ex := service.AllService.OauthService.InfoByOp(f.Op)
+	err := u.FormatOauthInfo()
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	ex := service.AllService.OauthService.InfoByOp(u.Op)
 	if ex.Id > 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemExists"))
 		return
 	}
-
+	err = service.AllService.OauthService.Create(u)
 	u := f.ToOauth()
 	err := service.AllService.OauthService.Create(u)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
--- a/http/controller/admin/peer.go
+++ b/http/controller/admin/peer.go
@@ -1,11 +1,11 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 	"strconv"
 	"time"
@@ -79,6 +79,7 @@ func (ct *Peer) Create(c *gin.Context) {
 // @Param time_ago query int false "时间"
 // @Param id query string false "ID"
 // @Param hostname query string false "主机名"
 // @Param uuids query string false "uuids 用逗号分隔"
 // @Success 200 {object} response.Response{data=model.PeerList}
 // @Failure 500 {object} response.Response
 // @Router /admin/peer/list [get]
@@ -104,6 +105,15 @@ func (ct *Peer) List(c *gin.Context) {
 		if query.Hostname != "" {
 			tx.Where("hostname like ?", "%"+query.Hostname+"%")
 		}
 		if query.Uuids != "" {
 			tx.Where("uuid in (?)", query.Uuids)
 		}
 		if query.Username != "" {
 			tx.Where("username like ?", "%"+query.Username+"%")
 		}
 		if query.Ip != "" {
 			tx.Where("last_online_ip like ?", "%"+query.Ip+"%")
 		}
 	})
 	response.Success(c, res)
 }
@@ -188,7 +198,7 @@ func (ct *Peer) Delete(c *gin.Context) {
 // @Param body body admin.PeerBatchDeleteForm true "设备id"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
-// @Router /admin/peer/delete [post]
+// @Router /admin/peer/batchDelete [post]
 // @Security token
 func (ct *Peer) BatchDelete(c *gin.Context) {
 	f := &admin.PeerBatchDeleteForm{}
@@ -207,3 +217,21 @@ func (ct *Peer) BatchDelete(c *gin.Context) {
 	}
 	response.Success(c, nil)
 }
 func (ct *Peer) SimpleData(c *gin.Context) {
 	f := &admin.SimpleDataQuery{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if len(f.Ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	res := service.AllService.PeerService.List(1, 99999, func(tx *gorm.DB) {
 		//可以公开的情报
 		tx.Select("id,version")
 		tx.Where("id in (?)", f.Ids)
 	})
 	response.Success(c, res)
 }
--- a/http/controller/admin/rustdesk.go
+++ b/http/controller/admin/rustdesk.go
@@ -1,46 +1,137 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/response"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 )
 type Rustdesk struct {
 }
-// ServerConfig RUSTDESK服务配置
+type RustdeskCmd struct {
-// @Tags ADMIN
+	Cmd    string `json:"cmd"`
-// @Summary RUSTDESK服务配置
+	Option string `json:"option"`
-// @Description 服务配置,给webclient提供api-server
+	Target string `json:"target"`
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/server-config [get]
 // @Security token
 func (r *Rustdesk) ServerConfig(c *gin.Context) {
 	cf := &response.ServerConfigResponse{
 		IdServer:    global.Config.Rustdesk.IdServer,
 		Key:         global.Config.Rustdesk.Key,
 		RelayServer: global.Config.Rustdesk.RelayServer,
 		ApiServer:   global.Config.Rustdesk.ApiServer,
 	}
 	response.Success(c, cf)
 }
-// AppConfig APP服务配置
+func (r *Rustdesk) CmdList(c *gin.Context) {
-// @Tags ADMIN
+	q := &admin.PageQuery{}
-// @Summary APP服务配置
+	if err := c.ShouldBindQuery(q); err != nil {
-// @Description APP服务配置
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
-// @Accept  json
+		return
-// @Produce  json
+	}
-// @Success 200 {object} response.Response
+	res := service.AllService.ServerCmdService.List(q.Page, 9999)
-// @Failure 500 {object} response.Response
+	//在列表前添加系统命令
-// @Router /admin/app-config [get]
+	list := make([]*model.ServerCmd, 0)
-// @Security token
+	list = append(list, model.SysIdServerCmds...)
-func (r *Rustdesk) AppConfig(c *gin.Context) {
+	list = append(list, model.SysRelayServerCmds...)
-	response.Success(c, &gin.H{
+	list = append(list, res.ServerCmds...)
-		"web_client": global.Config.App.WebClient,
+	res.ServerCmds = list
-	})
+	response.Success(c, res)
 }
 func (r *Rustdesk) CmdDelete(c *gin.Context) {
 	f := &model.ServerCmd{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if f.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	ex := service.AllService.ServerCmdService.Info(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	err := service.AllService.ServerCmdService.Delete(ex)
 	if err != nil {
 		response.Fail(c, 101, err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 func (r *Rustdesk) CmdCreate(c *gin.Context) {
 	f := &model.ServerCmd{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	err := service.AllService.ServerCmdService.Create(f)
 	if err != nil {
 		response.Fail(c, 101, err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 func (r *Rustdesk) CmdUpdate(c *gin.Context) {
 	f := &model.ServerCmd{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	ex := service.AllService.ServerCmdService.Info(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
 	err := service.AllService.ServerCmdService.Update(f)
 	if err != nil {
 		response.Fail(c, 101, err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
 func (r *Rustdesk) SendCmd(c *gin.Context) {
 	rc := &RustdeskCmd{}
 	if err := c.ShouldBindJSON(rc); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if rc.Cmd == "" {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	if rc.Target == "" {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	if rc.Target != model.ServerCmdTargetIdServer && rc.Target != model.ServerCmdTargetRelayServer {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	port := 0
 	switch rc.Target {
 	case model.ServerCmdTargetIdServer:
 		port = global.Config.Admin.IdServerPort - 1
 	case model.ServerCmdTargetRelayServer:
 		port = global.Config.Admin.RelayServerPort
 	}
 	res, err := service.AllService.ServerCmdService.SendCmd(port, rc.Cmd, rc.Option)
 	if err != nil {
 		response.Fail(c, 101, err.Error())
 		return
 	}
 	response.Success(c, res)
 }
--- a/http/controller/admin/shareRecord.go
+++ b/http/controller/admin/shareRecord.go
@@ -0,0 +1,105 @@
 package admin
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type ShareRecord struct {
 }
 // List 列表
 // @Tags 分享记录
 // @Summary 分享记录列表
 // @Description 分享记录列表
 // @Accept  json
 // @Produce  json
 // @Param user_id query int false "用户ID"
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/share_record/list [get]
 // @Security token
 func (sr *ShareRecord) List(c *gin.Context) {
 	query := &admin.ShareRecordQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	res := service.AllService.ShareRecordService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		if query.UserId > 0 {
 			tx.Where("user_id = ?", query.UserId)
 		}
 	})
 	response.Success(c, res)
 }
 // Delete 删除
 // @Tags 分享记录
 // @Summary 分享记录删除
 // @Description 分享记录删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.ShareRecordForm true "分享记录信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/share_record/delete [post]
 // @Security token
 func (sr *ShareRecord) Delete(c *gin.Context) {
 	f := &admin.ShareRecordForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	i := service.AllService.ShareRecordService.InfoById(f.Id)
 	if i.Id > 0 {
 		err := service.AllService.ShareRecordService.Delete(i)
 		if err == nil {
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 }
 // BatchDelete 批量删除
 // @Tags 分享记录
 // @Summary 批量分享记录
 // @Description 批量分享记录
 // @Accept  json
 // @Produce  json
 // @Param body body admin.PeerShareRecordBatchDeleteForm true "id"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/share_record/batchDelete [post]
 // @Security token
 func (sr *ShareRecord) BatchDelete(c *gin.Context) {
 	f := &admin.PeerShareRecordBatchDeleteForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if len(f.Ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	err := service.AllService.ShareRecordService.BatchDelete(f.Ids)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
 	}
 	response.Success(c, nil)
 }
--- a/http/controller/admin/tag.go
+++ b/http/controller/admin/tag.go
@@ -1,11 +1,11 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 	"strconv"
 )
@@ -64,9 +64,9 @@ func (ct *Tag) Create(c *gin.Context) {
 		return
 	}
 	t := f.ToTag()
-	u := service.AllService.UserService.CurUser(c)
+	if t.UserId == 0 {
-	if !service.AllService.UserService.IsAdmin(u) || t.UserId == 0 {
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
-		t.UserId = u.Id
+		return
 	}
 	err := service.AllService.TagService.Create(t)
 	if err != nil {
@@ -96,10 +96,6 @@ func (ct *Tag) List(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) || query.IsMy == 1 {
 		query.UserId = int(u.Id)
 	}
 	res := service.AllService.TagService.List(query.Page, query.PageSize, func(tx *gorm.DB) {
 		tx.Preload("Collection", func(txc *gorm.DB) *gorm.DB {
 			return txc.Select("id,name")
@@ -140,12 +136,12 @@ func (ct *Tag) Update(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
-	t := f.ToTag()
+	ex := service.AllService.TagService.InfoById(f.Id)
-	u := service.AllService.UserService.CurUser(c)
+	if ex.Id == 0 {
-	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
+		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	t := f.ToTag()
 	err := service.AllService.TagService.Update(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
@@ -177,20 +173,15 @@ func (ct *Tag) Delete(c *gin.Context) {
 		response.Fail(c, 101, errList[0])
 		return
 	}
-	t := service.AllService.TagService.InfoById(f.Id)
+	ex := service.AllService.TagService.InfoById(f.Id)
-	u := service.AllService.UserService.CurUser(c)
+	if ex.Id == 0 {
-	if !service.AllService.UserService.IsAdmin(u) && t.UserId != u.Id {
+		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
-	if u.Id > 0 {
+	err := service.AllService.TagService.Delete(ex)
-		err := service.AllService.TagService.Delete(t)
+	if err == nil {
-		if err == nil {
+		response.Success(c, nil)
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, err.Error())
 		return
 	}
-	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
+	response.Fail(c, 101, err.Error())
 }
--- a/http/controller/admin/user.go
+++ b/http/controller/admin/user.go
@@ -1,12 +1,14 @@
 package admin
 import (
 	"Gwen/global"
 	"Gwen/http/request/admin"
 	"Gwen/http/response"
 	adResp "Gwen/http/response/admin"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	adResp "github.com/lejianwen/rustdesk-api/v2/http/response/admin"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"github.com/lejianwen/rustdesk-api/v2/utils"
 	"gorm.io/gorm"
 	"strconv"
 )
@@ -215,12 +217,7 @@ func (ct *User) Current(c *gin.Context) {
 	u := service.AllService.UserService.CurUser(c)
 	token, _ := c.Get("token")
 	t := token.(string)
-	response.Success(c, &adResp.LoginPayload{
+	responseLoginSuccess(c, u, t)
 		Token:      t,
 		Username:   u.Username,
 		RouteNames: service.AllService.UserService.RouteNames(u),
 		Nickname:   u.Nickname,
 	})
 }
 // ChangeCurPwd 修改当前用户密码
@@ -247,10 +244,13 @@ func (ct *User) ChangeCurPwd(c *gin.Context) {
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
-	oldPwd := service.AllService.UserService.EncryptPassword(f.OldPassword)
+	// Verify the old password only when the account already has one set
-	if u.Password != oldPwd {
+	if !service.AllService.UserService.IsPasswordEmptyByUser(u) {
-		response.Fail(c, 101, response.TranslateMsg(c, "OldPasswordError"))
+		ok, _, err := utils.VerifyPassword(u.Password, f.OldPassword)
-		return
+		if err != nil || !ok {
 			response.Fail(c, 101, response.TranslateMsg(c, "OldPasswordError"))
 			return
 		}
 	}
 	err := service.AllService.UserService.UpdatePassword(u, f.NewPassword)
 	if err != nil {
@@ -281,10 +281,10 @@ func (ct *User) MyOauth(c *gin.Context) {
 	var res []*adResp.UserOauthItem
 	for _, oa := range oal.Oauths {
 		item := &adResp.UserOauthItem{
-			ThirdType: oa.Op,
+			Op: oa.Op,
 		}
 		for _, ut := range uts {
-			if ut.ThirdType == oa.Op {
+			if ut.Op == oa.Op {
 				item.Status = 1
 				break
 			}
@@ -296,30 +296,53 @@ func (ct *User) MyOauth(c *gin.Context) {
 // groupUsers
 func (ct *User) GroupUsers(c *gin.Context) {
-	q := &admin.GroupUsersQuery{}
+	aG := service.AllService.GroupService.List(1, 999, nil)
-	if err := c.ShouldBindJSON(q); err != nil {
+	aU := service.AllService.UserService.List(1, 9999, nil)
 	response.Success(c, gin.H{
 		"groups": aG.Groups,
 		"users":  aU.Users,
 	})
 }
 // Register
 func (ct *User) Register(c *gin.Context) {
 	if !global.Config.App.Register {
 		response.Fail(c, 101, response.TranslateMsg(c, "RegisterClosed"))
 		return
 	}
 	f := &admin.RegisterForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
-	u := service.AllService.UserService.CurUser(c)
+	errList := global.Validator.ValidStruct(c, f)
-	gid := u.GroupId
+	if len(errList) > 0 {
-	uid := u.Id
+		response.Fail(c, 101, errList[0])
-	if service.AllService.UserService.IsAdmin(u) && q.UserId > 0 {
+		return
 		nu := service.AllService.UserService.InfoById(q.UserId)
 		gid = nu.GroupId
 		uid = q.UserId
 	}
-	res := service.AllService.UserService.List(1, 999, func(tx *gorm.DB) {
+	regStatus := model.StatusCode(global.Config.App.RegisterStatus)
-		tx.Where("group_id = ?", gid)
+	// 注册状态可能未配置，默认启用
 	if regStatus != model.COMMON_STATUS_DISABLED && regStatus != model.COMMON_STATUS_ENABLE {
 		regStatus = model.COMMON_STATUS_ENABLE
 	}
 	u := service.AllService.UserService.Register(f.Username, f.Email, f.Password, regStatus)
 	if u == nil || u.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed"))
 		return
 	}
 	if regStatus == model.COMMON_STATUS_DISABLED {
 		// 需要管理员审核
 		response.Fail(c, 101, response.TranslateMsg(c, "RegisterSuccessWaitAdminConfirm"))
 		return
 	}
 	// 注册成功后自动登录
 	ut := service.AllService.UserService.Login(u, &model.LoginLog{
 		UserId: u.Id,
 		Client: model.LoginLogClientWebAdmin,
 		Uuid:   "",
 		Ip:     c.ClientIP(),
 		Type:   model.LoginLogTypeAccount,
 	})
-	var data []*adResp.GroupUsersPayload
+	responseLoginSuccess(c, u, ut.Token)
 	for _, _u := range res.Users {
 		gup := &adResp.GroupUsersPayload{}
 		gup.FromUser(_u)
 		if _u.Id == uid {
 			gup.Status = 0
 		}
 		data = append(data, gup)
 	}
 	response.Success(c, data)
 }
--- a/http/controller/admin/userToken.go
+++ b/http/controller/admin/userToken.go
@@ -0,0 +1,113 @@
 package admin
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"gorm.io/gorm"
 )
 type UserToken struct {
 }
 // List 列表
 // @Tags 登录凭证
 // @Summary 登录凭证列表
 // @Description 登录凭证列表
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param page_size query int false "页大小"
 // @Param user_id query int false "用户ID"
 // @Success 200 {object} response.Response{data=model.UserTokenList}
 // @Failure 500 {object} response.Response
 // @Router /admin/user_token/list [get]
 // @Security token
 func (ct *UserToken) List(c *gin.Context) {
 	query := &admin.LoginTokenQuery{}
 	if err := c.ShouldBindQuery(query); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	res := service.AllService.UserService.TokenList(query.Page, query.PageSize, func(tx *gorm.DB) {
 		if query.UserId > 0 {
 			tx.Where("user_id = ?", query.UserId)
 		}
 		tx.Order("id desc")
 	})
 	response.Success(c, res)
 }
 // Delete 删除
 // @Tags 登录凭证
 // @Summary 登录凭证删除
 // @Description 登录凭证删除
 // @Accept  json
 // @Produce  json
 // @Param body body model.UserToken true "登录凭证信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/user_token/delete [post]
 // @Security token
 func (ct *UserToken) Delete(c *gin.Context) {
 	f := &model.UserToken{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	id := f.Id
 	errList := global.Validator.ValidVar(c, id, "required,gt=0")
 	if len(errList) > 0 {
 		response.Fail(c, 101, errList[0])
 		return
 	}
 	l := service.AllService.UserService.TokenInfoById(f.Id)
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) && l.UserId != u.Id {
 		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	if l.Id > 0 {
 		err := service.AllService.UserService.DeleteToken(l)
 		if err == nil {
 			response.Success(c, nil)
 			return
 		}
 		response.Fail(c, 101, err.Error())
 		return
 	}
 	response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
 }
 // BatchDelete 批量删除
 // @Tags 登录凭证
 // @Summary 登录凭证批量删除
 // @Description 登录凭证批量删除
 // @Accept  json
 // @Produce  json
 // @Param body body admin.UserTokenBatchDeleteForm true "登录凭证信息"
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /admin/user_token/batchDelete [post]
 // @Security token
 func (ct *UserToken) BatchDelete(c *gin.Context) {
 	f := &admin.UserTokenBatchDeleteForm{}
 	if err := c.ShouldBindJSON(f); err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	ids := f.Ids
 	if len(ids) == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	err := service.AllService.UserService.BatchDeleteUserToken(ids)
 	if err == nil {
 		response.Success(c, nil)
 		return
 	}
 	response.Fail(c, 101, err.Error())
 }
--- a/http/controller/api/ab.go
+++ b/http/controller/api/ab.go
@@ -1,16 +1,16 @@
 package api
 import (
 	"Gwen/global"
 	requstform "Gwen/http/request/api"
 	"Gwen/http/response"
 	"Gwen/http/response/api"
 	"Gwen/model"
 	"Gwen/service"
 	"Gwen/utils"
 	"encoding/json"
 	"errors"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	requstform "github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/http/response/api"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"github.com/lejianwen/rustdesk-api/v2/utils"
 	"net/http"
 	"strconv"
 	"strings"
@@ -32,8 +32,8 @@ type Ab struct {
 func (a *Ab) Ab(c *gin.Context) {
 	user := service.AllService.UserService.CurUser(c)
-	al := service.AllService.AddressBookService.ListByUserId(user.Id, 1, 1000)
+	al := service.AllService.AddressBookService.ListByUserIdAndCollectionId(user.Id, 0, 1, 1000)
-	tags := service.AllService.TagService.ListByUserId(user.Id)
+	tags := service.AllService.TagService.ListByUserIdAndCollectionId(user.Id, 0)
 	tagColors := map[string]uint{}
 	//将tags中的name转成一个以逗号分割的字符串
@@ -98,23 +98,6 @@ func (a *Ab) UpAb(c *gin.Context) {
 	c.JSON(http.StatusOK, nil)
 }
 // Tags
 // @Tags 地址
 // @Summary 标签
 // @Description 标签
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} []model.Tag
 // @Failure 500 {object} response.ErrorResponse
 // @Router /tags [post]
 // @Security BearerAuth
 func (a *Ab) Tags(c *gin.Context) {
 	user := service.AllService.UserService.CurUser(c)
 	tags := service.AllService.TagService.ListByUserId(user.Id)
 	c.JSON(http.StatusOK, tags.Tags)
 }
 // PTags
 // @Tags 地址[Personal]
 // @Summary 标签
@@ -689,9 +672,9 @@ func (a *Ab) PeerDel(c *gin.Context) {
 // @Router /ab/peer/update/{guid} [put]
 // @Security BearerAuth
 func (a *Ab) PeerUpdate(c *gin.Context) {
-	//f := &gin.H{}
+	f := gin.H{}
-	f := &requstform.PersonalAddressBookForm{}
+	//f := &requstform.PersonalAddressBookForm{}
-	err := c.ShouldBindJSON(f)
+	err := c.ShouldBindJSON(&f)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
@@ -709,17 +692,33 @@ func (a *Ab) PeerUpdate(c *gin.Context) {
 		response.Error(c, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
 	//fmt.Println(f)
-	//return
+	//判断f["Id"]是否存在
-	ab := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(uid, f.Id, cid)
+	fid, ok := f["id"]
 	if !ok {
 		response.Error(c, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
 	fidstr := fid.(string)
 	ab := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(uid, fidstr, cid)
 	if ab == nil || ab.RowId == 0 {
 		response.Error(c, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
-	nab := f.ToAddressBook()
+	//允许的字段
-	nab.RowId = ab.RowId
+	allowUp := []string{"password", "hash", "tags", "alias"}
-	err = service.AllService.AddressBookService.Update(nab)
+	//f中的字段如果不在allowUp中，就删除
 	for k := range f {
 		if !utils.InArray(k, allowUp) {
 			delete(f, k)
 		}
 	}
 	//fmt.Println(f)
 	if tags, _ok := f["tags"]; _ok {
 		f["tags"], _ = json.Marshal(tags)
 	}
 	err = service.AllService.AddressBookService.UpdateByMap(ab, f)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return
--- a/http/controller/api/audit.go
+++ b/http/controller/api/audit.go
@@ -1,12 +1,12 @@
 package api
 import (
 	request "Gwen/http/request/api"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
 	request "github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"time"
 )
--- a/http/controller/api/group.go
+++ b/http/controller/api/group.go
@@ -1,12 +1,12 @@
 package api
 import (
 	apiReq "Gwen/http/request/api"
 	"Gwen/http/response"
 	apiResp "Gwen/http/response/api"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	apiReq "github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	apiResp "github.com/lejianwen/rustdesk-api/v2/http/response/api"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"net/http"
 )
@@ -45,7 +45,7 @@ func (g *Group) Users(c *gin.Context) {
 		userList = service.AllService.UserService.ListByGroupId(u.GroupId, q.Page, q.PageSize)
 	}
-	var data []*apiResp.UserPayload
+	data := make([]*apiResp.UserPayload, 0, len(userList.Users))
 	for _, user := range userList.Users {
 		up := &apiResp.UserPayload{}
 		up.FromUser(user)
@@ -88,21 +88,30 @@ func (g *Group) Peers(c *gin.Context) {
 		users = service.AllService.UserService.ListIdAndNameByGroupId(u.GroupId)
 	}
-	namesById := make(map[uint]string)
+	namesById := make(map[uint]string, len(users))
-	userIds := make([]uint, 0)
+	userIds := make([]uint, 0, len(users))
 	for _, user := range users {
 		namesById[user.Id] = user.Username
 		userIds = append(userIds, user.Id)
 	}
 	dGroupNameById := make(map[uint]string)
 	allGroup := service.AllService.GroupService.DeviceGroupList(1, 999, nil)
 	for _, group := range allGroup.DeviceGroups {
 		dGroupNameById[group.Id] = group.Name
 	}
 	peerList := service.AllService.PeerService.ListByUserIds(userIds, q.Page, q.PageSize)
-	var data []*apiResp.GroupPeerPayload
+	data := make([]*apiResp.GroupPeerPayload, 0, len(peerList.Peers))
 	for _, peer := range peerList.Peers {
 		uname, ok := namesById[peer.UserId]
 		if !ok {
 			uname = ""
 		}
 		dGroupName, ok2 := dGroupNameById[peer.GroupId]
 		if !ok2 {
 			dGroupName = ""
 		}
 		pp := &apiResp.GroupPeerPayload{}
-		pp.FromPeer(peer, uname)
+		pp.FromPeer(peer, uname, dGroupName)
 		data = append(data, pp)
 	}
@@ -111,3 +120,31 @@ func (g *Group) Peers(c *gin.Context) {
 		Data:  data,
 	})
 }
 // Device
 // @Tags 群组
 // @Summary 设备
 // @Description 机器
 // @Accept  json
 // @Produce  json
 // @Param page query int false "页码"
 // @Param pageSize query int false "每页数量"
 // @Param status query int false "状态"
 // @Param accessible query string false "accessible"
 // @Success 200 {object} response.DataResponse
 // @Failure 500 {object} response.Response
 // @Router /device-group/accessible [get]
 // @Security BearerAuth
 func (g *Group) Device(c *gin.Context) {
 	u := service.AllService.UserService.CurUser(c)
 	if !service.AllService.UserService.IsAdmin(u) {
 		response.Error(c, "Permission denied")
 		return
 	}
 	allGroup := service.AllService.GroupService.DeviceGroupList(1, 999, nil)
 	c.JSON(http.StatusOK, response.DataResponse{
 		Total: 0,
 		Data:  allGroup.DeviceGroups,
 	})
 }
--- a/http/controller/api/index.go
+++ b/http/controller/api/index.go
@@ -1,11 +1,11 @@
 package api
 import (
 	requstform "Gwen/http/request/api"
 	"Gwen/http/response"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	requstform "github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"net/http"
 	"time"
 )
@@ -54,11 +54,28 @@ func (i *Index) Heartbeat(c *gin.Context) {
 		c.JSON(http.StatusOK, gin.H{})
 		return
 	}
-	//如果在一分钟以内则不更新
+	//如果在40s以内则不更新
-	if time.Now().Unix()-peer.LastOnlineTime > 60 {
+	if time.Now().Unix()-peer.LastOnlineTime >= 30 {
-		peer.LastOnlineTime = time.Now().Unix()
+		upp := &model.Peer{RowId: peer.RowId, LastOnlineTime: time.Now().Unix(), LastOnlineIp: c.ClientIP()}
 		upp := &model.Peer{RowId: peer.RowId, LastOnlineTime: peer.LastOnlineTime}
 		service.AllService.PeerService.Update(upp)
 	}
 	c.JSON(http.StatusOK, gin.H{})
 }
 // Version 版本
 // @Tags 首页
 // @Summary 版本
 // @Description 版本
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /version [get]
 func (i *Index) Version(c *gin.Context) {
 	//读取resources/version文件
 	v := service.AllService.AppService.GetAppVersion()
 	response.Success(
 		c,
 		v,
 	)
 }
--- a/http/controller/api/login.go
+++ b/http/controller/api/login.go
@@ -1,15 +1,15 @@
 package api
 import (
 	"Gwen/global"
 	"Gwen/http/request/api"
 	"Gwen/http/response"
 	apiResp "Gwen/http/response/api"
 	"Gwen/model"
 	"Gwen/service"
 	"encoding/json"
 	"fmt"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	apiResp "github.com/lejianwen/rustdesk-api/v2/http/response/api"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"net/http"
 )
@@ -27,10 +27,20 @@ type Login struct {
 // @Failure 500 {object} response.ErrorResponse
 // @Router /login [post]
 func (l *Login) Login(c *gin.Context) {
 	if global.Config.App.DisablePwdLogin {
 		response.Error(c, response.TranslateMsg(c, "PwdLoginDisabled"))
 		return
 	}
 	// 检查登录限制
 	loginLimiter := global.LoginLimiter
 	clientIp := c.ClientIP()
 	f := &api.LoginForm{}
 	err := c.ShouldBindJSON(f)
 	//fmt.Println(f)
 	if err != nil {
 		loginLimiter.RecordFailedAttempt(clientIp)
 		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "ParamsError", c.RemoteIP(), c.ClientIP()))
 		response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
@@ -38,6 +48,7 @@ func (l *Login) Login(c *gin.Context) {
 	errList := global.Validator.ValidStruct(c, f)
 	if len(errList) > 0 {
 		loginLimiter.RecordFailedAttempt(clientIp)
 		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "ParamsError", c.RemoteIP(), c.ClientIP()))
 		response.Error(c, errList[0])
 		return
@@ -46,20 +57,27 @@ func (l *Login) Login(c *gin.Context) {
 	u := service.AllService.UserService.InfoByUsernamePassword(f.Username, f.Password)
 	if u.Id == 0 {
 		loginLimiter.RecordFailedAttempt(clientIp)
 		global.Logger.Warn(fmt.Sprintf("Login Fail: %s %s %s", "UsernameOrPasswordError", c.RemoteIP(), c.ClientIP()))
 		response.Error(c, response.TranslateMsg(c, "UsernameOrPasswordError"))
 		return
 	}
 	if !service.AllService.UserService.CheckUserEnable(u) {
 		response.Error(c, response.TranslateMsg(c, "UserDisabled"))
 		return
 	}
 	//根据refer判断是webclient还是app
 	ref := c.GetHeader("referer")
 	if ref != "" {
-		f.DeviceInfo.Type = "webclient"
+		f.DeviceInfo.Type = model.LoginLogClientWeb
 	}
 	ut := service.AllService.UserService.Login(u, &model.LoginLog{
 		UserId:   u.Id,
 		Client:   f.DeviceInfo.Type,
 		DeviceId: f.Id,
 		Uuid:     f.Uuid,
 		Ip:       c.ClientIP(),
 		Type:     model.LoginLogTypeAccount,
@@ -81,20 +99,14 @@ func (l *Login) Login(c *gin.Context) {
 // @Produce  json
 // @Success 200 {object} []string
 // @Failure 500 {object} response.ErrorResponse
-// @Router /login-options [post]
+// @Router /login-options [get]
 func (l *Login) LoginOptions(c *gin.Context) {
-	oauthOks := []string{}
+	ops := service.AllService.OauthService.GetOauthProviders()
-	err, _ := service.AllService.OauthService.GetOauthConfig(model.OauthTypeGithub)
+	if global.Config.App.WebSso {
-	if err == nil {
+		ops = append(ops, model.OauthTypeWebauth)
 		oauthOks = append(oauthOks, model.OauthTypeGithub)
 	}
 	err, _ = service.AllService.OauthService.GetOauthConfig(model.OauthTypeGoogle)
 	if err == nil {
 		oauthOks = append(oauthOks, model.OauthTypeGoogle)
 	}
 	oauthOks = append(oauthOks, model.OauthTypeWebauth)
 	var oidcItems []map[string]string
-	for _, v := range oauthOks {
+	for _, v := range ops {
 		oidcItems = append(oidcItems, map[string]string{"name": v})
 	}
 	common, err := json.Marshal(oidcItems)
@@ -104,7 +116,7 @@ func (l *Login) LoginOptions(c *gin.Context) {
 	}
 	var res []string
 	res = append(res, "common-oidc/"+string(common))
-	for _, v := range oauthOks {
+	for _, v := range ops {
 		res = append(res, "oidc/"+v)
 	}
 	c.JSON(http.StatusOK, res)
--- a/http/controller/api/ouath.go
+++ b/http/controller/api/ouath.go
@@ -1,16 +1,17 @@
 package api
 import (
 	"Gwen/global"
 	"Gwen/http/request/api"
 	"Gwen/http/response"
 	apiResp "Gwen/http/response/api"
 	"Gwen/model"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"net/http"
-	"strconv"
+
-	"strings"
+	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	apiResp "github.com/lejianwen/rustdesk-api/v2/http/response/api"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"github.com/lejianwen/rustdesk-api/v2/utils"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 )
 type Oauth struct {
@@ -32,18 +33,16 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
 		response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	if f.Op != model.OauthTypeWebauth && f.Op != model.OauthTypeGoogle && f.Op != model.OauthTypeGithub {
 		response.Error(c, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
-	err, code, url := service.AllService.OauthService.BeginAuth(f.Op)
+	oauthService := service.AllService.OauthService
 	err, state, verifier, nonce, url := oauthService.BeginAuth(c, f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
 	}
-	service.AllService.OauthService.SetOauthCache(code, &service.OauthCacheItem{
+	service.AllService.OauthService.SetOauthCache(state, &service.OauthCacheItem{
 		Action:     service.OauthActionTypeLogin,
 		Id:         f.Id,
 		Op:         f.Op,
@@ -51,14 +50,70 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
 		DeviceName: f.DeviceInfo.Name,
 		DeviceOs:   f.DeviceInfo.Os,
 		DeviceType: f.DeviceInfo.Type,
 		Verifier:   verifier,
 		Nonce:      nonce,
 	}, 5*60)
 	//fmt.Println("code url", code, url)
 	c.JSON(http.StatusOK, gin.H{
-		"code": code,
+		"code": state,
 		"url":  url,
 	})
 }
 func (o *Oauth) OidcAuthQueryPre(c *gin.Context) (*model.User, *model.UserToken) {
 	var u *model.User
 	var ut *model.UserToken
 	q := &api.OidcAuthQuery{}
 	// 解析查询参数并处理错误
 	if err := c.ShouldBindQuery(q); err != nil {
 		response.Error(c, response.TranslateMsg(c, "ParamsError")+": "+err.Error())
 		return nil, nil
 	}
 	// 获取 OAuth 缓存
 	v := service.AllService.OauthService.GetOauthCache(q.Code)
 	if v == nil {
 		response.Error(c, response.TranslateMsg(c, "OauthExpired"))
 		return nil, nil
 	}
 	// 如果 UserId 为 0，说明还在授权中
 	if v.UserId == 0 {
 		c.JSON(http.StatusOK, gin.H{"message": "Authorization in progress, please login and bind"})
 		return nil, nil
 	}
 	// 获取用户信息
 	u = service.AllService.UserService.InfoById(v.UserId)
 	if u == nil {
 		response.Error(c, response.TranslateMsg(c, "UserNotFound"))
 		return nil, nil
 	}
 	// 删除 OAuth 缓存
 	service.AllService.OauthService.DeleteOauthCache(q.Code)
 	// 创建登录日志并生成用户令牌
 	ut = service.AllService.UserService.Login(u, &model.LoginLog{
 		UserId:   u.Id,
 		Client:   v.DeviceType,
 		DeviceId: v.Id,
 		Uuid:     v.Uuid,
 		Ip:       c.ClientIP(),
 		Type:     model.LoginLogTypeOauth,
 		Platform: v.DeviceOs,
 	})
 	if ut == nil {
 		response.Error(c, response.TranslateMsg(c, "LoginFailed"))
 		return nil, nil
 	}
 	// 返回用户令牌
 	return u, ut
 }
 // OidcAuthQuery
 // @Tags Oauth
 // @Summary OidcAuthQuery
@@ -69,33 +124,10 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
 // @Failure 500 {object} response.ErrorResponse
 // @Router /oidc/auth-query [get]
 func (o *Oauth) OidcAuthQuery(c *gin.Context) {
-	q := &api.OidcAuthQuery{}
+	u, ut := o.OidcAuthQueryPre(c)
-	err := c.ShouldBindQuery(q)
+	if u == nil || ut == nil {
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
 	v := service.AllService.OauthService.GetOauthCache(q.Code)
 	if v == nil {
 		response.Error(c, response.TranslateMsg(c, "OauthExpired"))
 		return
 	}
 	if v.UserId == 0 {
 		//正在授权
 		c.JSON(http.StatusOK, gin.H{})
 		return
 	}
 	u := service.AllService.UserService.InfoById(v.UserId)
 	//fmt.Println("auth success u", u)
 	service.AllService.OauthService.DeleteOauthCache(q.Code)
 	ut := service.AllService.UserService.Login(u, &model.LoginLog{
 		UserId:   u.Id,
 		Client:   v.DeviceType,
 		Uuid:     v.Uuid,
 		Ip:       c.ClientIP(),
 		Type:     model.LoginLogTypeOauth,
 		Platform: v.DeviceOs,
 	})
 	c.JSON(http.StatusOK, apiResp.LoginRes{
 		AccessToken: ut.Token,
 		Type:        "access_token",
@@ -111,149 +143,162 @@ func (o *Oauth) OidcAuthQuery(c *gin.Context) {
 // @Produce  json
 // @Success 200 {object} apiResp.LoginRes
 // @Failure 500 {object} response.ErrorResponse
-// @Router /oauth/callback [get]
+// @Router /oidc/callback [get]
 func (o *Oauth) OauthCallback(c *gin.Context) {
 	state := c.Query("state")
 	if state == "" {
-		c.String(http.StatusInternalServerError, response.TranslateParamMsg(c, "ParamIsEmpty", "state"))
+		c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 			"message":     "ParamIsEmpty",
 			"sub_message": "state",
 		})
 		return
 	}
 	cacheKey := state
 	oauthService := service.AllService.OauthService
 	//从缓存中获取
-	v := service.AllService.OauthService.GetOauthCache(cacheKey)
+	oauthCache := oauthService.GetOauthCache(cacheKey)
-	if v == nil {
+	if oauthCache == nil {
-		c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthExpired"))
+		c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 			"message": "OauthExpired",
 		})
 		return
 	}
-
+	nonce := oauthCache.Nonce
-	ty := v.Op
+	op := oauthCache.Op
-	ac := v.Action
+	action := oauthCache.Action
-	//fmt.Println("ty ac ", ty, ac)
+	verifier := oauthCache.Verifier
-	if ty == model.OauthTypeGithub {
+	var user *model.User
-		code := c.Query("code")
+	// 获取用户信息
-		err, userData := service.AllService.OauthService.GithubCallback(code)
+	code := c.Query("code")
-		if err != nil {
+	err, oauthUser := oauthService.Callback(c, code, verifier, op, nonce)
-			c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
+	if err != nil {
-			return
+		c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
-		}
+			"message":     "OauthFailed",
-		if ac == service.OauthActionTypeBind {
+			"sub_message": err.Error(),
-			//fmt.Println("bind", ty, userData)
+		})
-			utr := service.AllService.OauthService.UserThirdInfo(ty, strconv.Itoa(userData.Id))
+		return
 			if utr.UserId > 0 {
 				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBindOtherUser"))
 				return
 			}
 			//绑定
 			u := service.AllService.UserService.InfoById(v.UserId)
 			if u == nil {
 				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ItemNotFound"))
 				return
 			}
 			//绑定github
 			err = service.AllService.OauthService.BindGithubUser(strconv.Itoa(userData.Id), userData.Login, v.UserId)
 			if err != nil {
 				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "BindFail"))
 				return
 			}
 			c.String(http.StatusOK, response.TranslateMsg(c, "BindSuccess"))
 			return
 		} else if ac == service.OauthActionTypeLogin {
 			//登录
 			if v.UserId != 0 {
 				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBeenSuccess"))
 				return
 			}
 			u := service.AllService.UserService.InfoByGithubId(strconv.Itoa(userData.Id))
 			if u == nil {
 				oa := service.AllService.OauthService.InfoByOp(ty)
 				if !*oa.AutoRegister {
 					//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")
 					v.ThirdName = userData.Login
 					v.ThirdOpenId = strconv.Itoa(userData.Id)
 					url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
 					c.Redirect(http.StatusFound, url)
 					return
 				}
 				//自动注册
 				u = service.AllService.UserService.RegisterByGithub(userData.Login, strconv.Itoa(userData.Id))
 				if u.Id == 0 {
 					c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthRegisterFailed"))
 					return
 				}
 			}
 			v.UserId = u.Id
 			service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
 			c.String(http.StatusOK, response.TranslateMsg(c, "OauthSuccess"))
 			return
 		}
 	}
 	userId := oauthCache.UserId
 	openid := oauthUser.OpenId
 	if action == service.OauthActionTypeBind {
-	if ty == model.OauthTypeGoogle {
+		//fmt.Println("bind", ty, userData)
-		code := c.Query("code")
+		// 检查此openid是否已经绑定过
-		err, userData := service.AllService.OauthService.GoogleCallback(code)
+		utr := oauthService.UserThirdInfo(op, openid)
 		if utr.UserId > 0 {
 			c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 				"message": "OauthHasBindOtherUser",
 			})
 			return
 		}
 		//绑定
 		user = service.AllService.UserService.InfoById(userId)
 		if user == nil {
 			c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 				"message": "ItemNotFound",
 			})
 			return
 		}
 		//绑定
 		err := oauthService.BindOauthUser(userId, oauthUser, op)
 		if err != nil {
-			c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
+			c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 				"message": "BindFail",
 			})
 			return
 		}
-		//将空格替换成_
+		c.HTML(http.StatusOK, "oauth_success.html", gin.H{
-		googleName := strings.Replace(userData.Name, " ", "_", -1)
+			"message": "BindSuccess",
-		if ac == service.OauthActionTypeBind {
+		})
-			//fmt.Println("bind", ty, userData)
+		return
-			utr := service.AllService.OauthService.UserThirdInfo(ty, userData.Email)
+
-			if utr.UserId > 0 {
+	} else if action == service.OauthActionTypeLogin {
-				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBindOtherUser"))
+		//登录
 		if userId != 0 {
 			c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 				"message": "OauthHasBeenSuccess",
 			})
 			return
 		}
 		user = service.AllService.UserService.InfoByOauthId(op, openid)
 		if user == nil {
 			oauthConfig := oauthService.InfoByOp(op)
 			if !*oauthConfig.AutoRegister {
 				//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")
 				oauthCache.UpdateFromOauthUser(oauthUser)
 				c.Redirect(http.StatusFound, "/_admin/#/oauth/bind/"+cacheKey)
 				return
 			}
-			//绑定
+
-			u := service.AllService.UserService.InfoById(v.UserId)
+			//自动注册
-			if u == nil {
+			err, user = service.AllService.UserService.RegisterByOauth(oauthUser, op)
 				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ItemNotFound"))
 				return
 			}
 			//绑定
 			err = service.AllService.OauthService.BindGoogleUser(userData.Email, googleName, v.UserId)
 			if err != nil {
-				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "BindFail"))
+				c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 					"message": err.Error(),
 				})
 				return
 			}
-			c.String(http.StatusOK, response.TranslateMsg(c, "BindSuccess"))
+		}
-			return
+		oauthCache.UserId = user.Id
-		} else if ac == service.OauthActionTypeLogin {
+		oauthService.SetOauthCache(cacheKey, oauthCache, 0)
-			if v.UserId != 0 {
+		// 如果是webadmin，登录成功后跳转到webadmin
-				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBeenSuccess"))
+		if oauthCache.DeviceType == model.LoginLogClientWebAdmin {
-				return
+			/*service.AllService.UserService.Login(u, &model.LoginLog{
-			}
+				UserId:   u.Id,
-			u := service.AllService.UserService.InfoByGoogleEmail(userData.Email)
+				Client:   "webadmin",
-			if u == nil {
+				Uuid:     "", //must be empty
-				oa := service.AllService.OauthService.InfoByOp(ty)
+				Ip:       c.ClientIP(),
-				if !*oa.AutoRegister {
+				Type:     model.LoginLogTypeOauth,
-					//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")
+				Platform: oauthService.DeviceOs,
-
+			})*/
-					v.ThirdName = googleName
+			c.Redirect(http.StatusFound, "/_admin/#/")
 					v.ThirdOpenId = userData.Email
 					url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
 					c.Redirect(http.StatusFound, url)
 					return
 				}
 				//自动注册
 				u = service.AllService.UserService.RegisterByGoogle(googleName, userData.Email)
 				if u.Id == 0 {
 					c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthRegisterFailed"))
 					return
 				}
 			}
 			v.UserId = u.Id
 			service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
 			c.String(http.StatusOK, response.TranslateMsg(c, "OauthSuccess"))
 			return
 		}
 		c.HTML(http.StatusOK, "oauth_success.html", gin.H{
 			"message": "OauthSuccess",
 		})
 		return
 	} else {
 		c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 			"message": "ParamsError",
 		})
 		return
 	}
 	c.String(http.StatusInternalServerError, response.TranslateMsg(c, "SystemError"))
 }
 type MessageParams struct {
 	Lang  string `json:"lang" form:"lang"`
 	Title string `json:"title" form:"title"`
 	Msg   string `json:"msg" form:"msg"`
 }
 func (o *Oauth) Message(c *gin.Context) {
 	mp := &MessageParams{}
 	if err := c.ShouldBindQuery(mp); err != nil {
 		return
 	}
 	localizer := global.Localizer(mp.Lang)
 	res := ""
 	if mp.Title != "" {
 		title, err := localizer.LocalizeMessage(&i18n.Message{
 			ID: mp.Title,
 		})
 		if err == nil {
 			res = utils.StringConcat(";title='", title, "';")
 		}
 	}
 	if mp.Msg != "" {
 		msg, err := localizer.LocalizeMessage(&i18n.Message{
 			ID: mp.Msg,
 		})
 		if err == nil {
 			res = utils.StringConcat(res, "msg = '", msg, "';")
 		}
 	}
 	//返回js内容
 	c.Header("Content-Type", "application/javascript")
 	c.String(http.StatusOK, res)
 }
--- a/http/controller/api/peer.go
+++ b/http/controller/api/peer.go
@@ -1,11 +1,12 @@
 package api
 import (
-	requstform "Gwen/http/request/api"
+	"fmt"
 	"Gwen/http/response"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
 	requstform "github.com/lejianwen/rustdesk-api/v2/http/request/api"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"net/http"
 )
@@ -13,7 +14,7 @@ type Peer struct {
 }
 // SysInfo
-// @Tags 地址
+// @Tags System
 // @Summary 提交系统信息
 // @Description 提交系统信息
 // @Accept  json
@@ -30,7 +31,7 @@ func (p *Peer) SysInfo(c *gin.Context) {
 		return
 	}
 	fpe := f.ToPeer()
-	pe := service.AllService.PeerService.FindById(f.Id)
+	pe := service.AllService.PeerService.FindByUuid(f.Uuid)
 	if pe.RowId == 0 {
 		pe = f.ToPeer()
 		pe.UserId = service.AllService.UserService.FindLatestUserIdFromLoginLogByUuid(pe.Uuid)
@@ -56,3 +57,20 @@ func (p *Peer) SysInfo(c *gin.Context) {
 	//直接响应文本
 	c.String(http.StatusOK, "SYSINFO_UPDATED")
 }
 // SysInfoVer
 // @Tags System
 // @Summary 获取系统版本信息
 // @Description 获取系统版本信息
 // @Accept  json
 // @Produce  json
 // @Success 200 {string} string ""
 // @Failure 500 {object} response.ErrorResponse
 // @Router /sysinfo_ver [post]
 func (p *Peer) SysInfoVer(c *gin.Context) {
 	//读取resources/version文件
 	v := service.AllService.AppService.GetAppVersion()
 	// 加上启动时间，方便client上传信息
 	v = fmt.Sprintf("%s\n%s", v, service.AllService.AppService.GetStartTime())
 	c.String(http.StatusOK, v)
 }
--- a/http/controller/api/user.go
+++ b/http/controller/api/user.go
@@ -1,9 +1,9 @@
 package api
 import (
 	apiResp "Gwen/http/response/api"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	apiResp "github.com/lejianwen/rustdesk-api/v2/http/response/api"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"net/http"
 )
@@ -34,7 +34,7 @@ type User struct {
 // @Produce  json
 // @Success 200 {object} apiResp.UserPayload
 // @Failure 500 {object} response.Response
-// @Router /api [get]
+// @Router /currentUser [get]
 // @Security token
 func (u *User) Info(c *gin.Context) {
 	user := service.AllService.UserService.CurUser(c)
--- a/http/controller/api/webClient.go
+++ b/http/controller/api/webClient.go
@@ -1,11 +1,11 @@
 package api
 import (
 	"Gwen/global"
 	"Gwen/http/response"
 	"Gwen/http/response/api"
 	"Gwen/service"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/http/response/api"
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"time"
 )
@@ -26,7 +26,7 @@ func (i *WebClient) ServerConfig(c *gin.Context) {
 	u := service.AllService.UserService.CurUser(c)
 	peers := map[string]*api.WebClientPeerPayload{}
-	abs := service.AllService.AddressBookService.ListByUserId(u.Id, 1, 100)
+	abs := service.AllService.AddressBookService.ListByUserIdAndCollectionId(u.Id, 0, 1, 100)
 	for _, ab := range abs.AddressBooks {
 		pp := &api.WebClientPeerPayload{}
 		pp.FromAddressBook(ab)
@@ -64,12 +64,15 @@ func (i *WebClient) SharedPeer(c *gin.Context) {
 		response.Fail(c, 101, "share not found")
 		return
 	}
-	//判断是否过期,created_at + expire > now
+	if sr.Expire != 0 {
-	ca := time.Time(sr.CreatedAt)
+		//判断是否过期,created_at + expire > now
-	if ca.Add(time.Second * time.Duration(sr.Expire)).Before(time.Now()) {
+		ca := time.Time(sr.CreatedAt)
-		response.Fail(c, 101, "share expired")
+		if ca.Add(time.Second * time.Duration(sr.Expire)).Before(time.Now()) {
-		return
+			response.Fail(c, 101, "share expired")
 			return
 		}
 	}
 	ab := service.AllService.AddressBookService.InfoByUserIdAndId(sr.UserId, sr.PeerId)
 	if ab.RowId == 0 {
 		response.Fail(c, 101, "peer not found")
@@ -85,3 +88,23 @@ func (i *WebClient) SharedPeer(c *gin.Context) {
 		"peer":      pp,
 	})
 }
 // ServerConfigV2 服务配置
 // @Tags WEBCLIENT_V2
 // @Summary 服务配置
 // @Description 服务配置,给webclient提供api-server
 // @Accept  json
 // @Produce  json
 // @Success 200 {object} response.Response
 // @Failure 500 {object} response.Response
 // @Router /server-config-v2 [get]
 // @Security token
 func (i *WebClient) ServerConfigV2(c *gin.Context) {
 	response.Success(
 		c,
 		gin.H{
 			"id_server": global.Config.Rustdesk.IdServer,
 			"key":       global.Config.Rustdesk.Key,
 		},
 	)
 }
--- a/http/controller/web/index.go
+++ b/http/controller/web/index.go
@@ -1,8 +1,9 @@
 package web
 import (
-	"Gwen/global"
+	"fmt"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 )
 type Index struct {
@@ -14,9 +15,21 @@ func (i *Index) Index(c *gin.Context) {
 func (i *Index) ConfigJs(c *gin.Context) {
 	apiServer := global.Config.Rustdesk.ApiServer
 	magicQueryonline := global.Config.Rustdesk.WebclientMagicQueryonline
 	tmp := fmt.Sprintf(`localStorage.setItem('api-server', '%v');
 const ws2_prefix = 'wc-';
 localStorage.setItem(ws2_prefix+'api-server', '%v');
-	tmp := `
+window.webclient_magic_queryonline = %d;
-localStorage.setItem('api-server', "` + apiServer + `")
+window.ws_host = '%v';
-`
+`, apiServer, apiServer, magicQueryonline, global.Config.Rustdesk.WsHost)
 	//	tmp := `
 	//localStorage.setItem('api-server', "` + apiServer + `")
 	//const ws2_prefix = 'wc-'
 	//localStorage.setItem(ws2_prefix+'api-server', "` + apiServer + `")
 	//
 	//window.webclient_magic_queryonline = ` + magicQueryonline + ``
 	c.Header("Content-Type", "application/javascript")
 	c.String(200, tmp)
 }
--- a/http/http.go
+++ b/http/http.go
@@ -1,10 +1,10 @@
 package http
 import (
 	"Gwen/global"
 	"Gwen/http/middleware"
 	"Gwen/http/router"
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/middleware"
 	"github.com/lejianwen/rustdesk-api/v2/http/router"
 	"github.com/sirupsen/logrus"
 	"net/http"
 	"strings"
@@ -33,7 +33,7 @@ func ApiInit() {
 	g.NoRoute(func(c *gin.Context) {
 		c.String(http.StatusNotFound, "404 not found")
 	})
-	g.Use(middleware.Logger(), gin.Recovery())
+	g.Use(middleware.Logger(), middleware.Limiter(), gin.Recovery())
 	router.WebInit(g)
 	router.Init(g)
 	router.ApiInit(g)
--- a/Show More
+++ b/Show More
`@@ -1 +1,2 @@`
	`resources/web/*/ linguist-vendored`	`resources/web/*/ linguist-vendored`
		`resources/web2/*/ linguist-vendored`
		`@@ -0,0 +1 @@`
							`### 👏👏👏 你好 *{{username}}*，欢迎使用 [RustDesk API](https://github.com/lejianwen/rustdesk-api)`
`@@ -1,3 +1,3 @@`
	`package Gwen`	`package main`

	`//go:generate go run cmd/apimain.go`	`//go:generate go run cmd/apimain.go`