test: add tests in time util package (#474)

* test: add tests in time util package

* Add copyright

conf/app.conf

@@ -16,4 +16,4 @@ httpProxy = "127.0.0.1:10808"
 verificationCodeTimeout = 10
 initScore = 2000
 logPostOnly = true
-origin = "https://door.casbin.com"
+origin =

controllers/auth.go

@@ -55,7 +55,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		challengeMethod := c.Input().Get("code_challenge_method")
 		codeChallenge := c.Input().Get("code_challenge")
 
-		if challengeMethod != "S256" && challengeMethod != "null" {
+		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
 			c.ResponseError("Challenge method should be S256")
 			return
 		}
@@ -221,7 +221,7 @@ func (c *ApiController) Login() {
 				clientSecret = provider.ClientSecret2
 			}
 
-			idProvider := idp.GetIdProvider(provider.Type, clientId, clientSecret, form.RedirectUri)
+			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri)
 			if idProvider == nil {
 				c.ResponseError(fmt.Sprintf("The provider type: %s is not supported", provider.Type))
 				return

controllers/oidc_discovery.go

@@ -20,7 +20,8 @@ import "github.com/casdoor/casdoor/object"
 // @Tag OIDC API
 // @router /.well-known/openid-configuration [get]
 func (c *RootController) GetOidcDiscovery() {
-	c.Data["json"] = object.GetOidcDiscovery()
+	host := c.Ctx.Request.Host
+	c.Data["json"] = object.GetOidcDiscovery(host)
 	c.ServeJSON()
 }
 

controllers/payment.go

@@ -0,0 +1,116 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/astaxie/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetPayments
+// @Title GetPayments
+// @Tag Payment API
+// @Description get payments
+// @Param   owner     query    string  true        "The owner of payments"
+// @Success 200 {array} object.Payment The Response object
+// @router /get-payments [get]
+func (c *ApiController) GetPayments() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetPayments(owner)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPaymentCount(owner, field, value)))
+		payments := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(payments, paginator.Nums())
+	}
+}
+
+// @Title GetPayment
+// @Tag Payment API
+// @Description get payment
+// @Param   id    query    string  true        "The id of the payment"
+// @Success 200 {object} object.Payment The Response object
+// @router /get-payment [get]
+func (c *ApiController) GetPayment() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetPayment(id)
+	c.ServeJSON()
+}
+
+// @Title UpdatePayment
+// @Tag Payment API
+// @Description update payment
+// @Param   id    query    string  true        "The id of the payment"
+// @Param   body    body   object.Payment  true        "The details of the payment"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-payment [post]
+func (c *ApiController) UpdatePayment() {
+	id := c.Input().Get("id")
+
+	var payment object.Payment
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdatePayment(id, &payment))
+	c.ServeJSON()
+}
+
+// @Title AddPayment
+// @Tag Payment API
+// @Description add payment
+// @Param   body    body   object.Payment  true        "The details of the payment"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-payment [post]
+func (c *ApiController) AddPayment() {
+	var payment object.Payment
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddPayment(&payment))
+	c.ServeJSON()
+}
+
+// @Title DeletePayment
+// @Tag Payment API
+// @Description delete payment
+// @Param   body    body   object.Payment  true        "The details of the payment"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-payment [post]
+func (c *ApiController) DeletePayment() {
+	var payment object.Payment
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeletePayment(&payment))
+	c.ServeJSON()
+}

controllers/token.go

@@ -145,7 +145,7 @@ func (c *ApiController) GetOAuthCode() {
 	challengeMethod := c.Input().Get("code_challenge_method")
 	codeChallenge := c.Input().Get("code_challenge")
 
-	if challengeMethod != "S256" && challengeMethod != "null" {
+	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
 		c.ResponseError("Challenge method should be S256")
 		return
 	}

docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3.1'
 services:
-  restart: always
   casdoor:
+    restart: always
     build:
       context: ./
       dockerfile: Dockerfile
@@ -16,6 +16,7 @@ services:
   db:
     restart: always
     image: mysql:8.0.25
+    platform: linux/amd64
     ports:
       - "3306:3306"
     environment:

go.mod

@@ -25,6 +25,7 @@ require (
 	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/smartystreets/goconvey v1.6.4 // indirect
+	github.com/stretchr/testify v1.6.1
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
@@ -35,6 +36,7 @@ require (
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
+	gopkg.in/yaml.v2 v2.3.0 // indirect
 	xorm.io/core v0.7.2
 	xorm.io/xorm v1.0.3
 )

go.sum

@@ -667,8 +667,9 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

idp/infoflow_internal.go

@@ -0,0 +1,192 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+)
+
+type InfoflowInternalIdProvider struct {
+	Client  *http.Client
+	Config  *oauth2.Config
+	AgentId string
+}
+
+func NewInfoflowInternalIdProvider(clientId string, clientSecret string, appId string, redirectUrl string) *InfoflowInternalIdProvider {
+	idp := &InfoflowInternalIdProvider{}
+
+	config := idp.getConfig(clientId, clientSecret, redirectUrl)
+	idp.Config = config
+	idp.AgentId = appId
+	return idp
+}
+
+func (idp *InfoflowInternalIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *InfoflowInternalIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
+	var config = &oauth2.Config{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
+		RedirectURL:  redirectUrl,
+	}
+
+	return config
+}
+
+type InfoflowInterToken struct {
+	Errcode     int    `json:"errcode"`
+	Errmsg      string `json:"errmsg"`
+	AccessToken string `json:"access_token"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/inner_quickstart/flow?id=%E8%8E%B7%E5%8F%96accesstoken
+func (idp *InfoflowInternalIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	pTokenParams := &struct {
+		CorpId     string `json:"corpid"`
+		Corpsecret string `json:"corpsecret"`
+	}{idp.Config.ClientID, idp.Config.ClientSecret}
+	resp, err := idp.Client.Get(fmt.Sprintf("https://qy.im.baidu.com/api/gettoken?corpid=%s&corpsecret=%s", pTokenParams.CorpId, pTokenParams.Corpsecret))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	pToken := &InfoflowInterToken{}
+	err = json.Unmarshal(data, pToken)
+	if err != nil {
+		return nil, err
+	}
+	if pToken.Errcode != 0 {
+		return nil, fmt.Errorf("pToken.Errcode = %d, pToken.Errmsg = %s", pToken.Errcode, pToken.Errmsg)
+	}
+	token := &oauth2.Token{
+		AccessToken: pToken.AccessToken,
+	}
+
+	raw := make(map[string]interface{})
+	raw["code"] = code
+	token = token.WithExtra(raw)
+
+	return token, nil
+}
+
+/*
+{
+    "errcode": 0,
+    "errmsg": "ok",
+    "userid": "lili",
+    "name": "丽丽",
+    "department": [1],
+    "mobile": "13500088888",
+    "email": "lili4@gzdev.com",
+    "imid": 40000318,
+    "hiuname": "lili4",
+    "status": 1,
+    "extattr":
+        {
+            "attrs": [
+                {
+                    "name": "爱好",
+                    "value": "旅游"
+                },
+                {
+                    "name": "卡号,
+                    "value": "1234567234"
+                }
+            ]
+        },
+   "lm": 14236463257
+}
+*/
+
+type InfoflowInternalUserResp struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	UserId  string `json:"UserId"`
+}
+
+type InfoflowInternalUserInfo struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	UserId  string `json:"userid"`
+	Imid    int    `json:"imid"`
+	Name    string `json:"name"`
+	Avatar  string `json:"headimg"`
+	Email   string `json:"email"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/inner_serverapi/contacts?id=%e8%8e%b7%e5%8f%96%e6%88%90%e5%91%98
+func (idp *InfoflowInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	//Get userid first
+	accessToken := token.AccessToken
+	code := token.Extra("code").(string)
+	resp, err := idp.Client.Get(fmt.Sprintf("https://qy.im.baidu.com/api/user/getuserinfo?access_token=%s&code=%s&agentid=%s", accessToken, code, idp.AgentId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	userResp := &InfoflowInternalUserResp{}
+	err = json.Unmarshal(data, userResp)
+	if err != nil {
+		return nil, err
+	}
+	if userResp.Errcode != 0 {
+		return nil, fmt.Errorf("userIdResp.Errcode = %d, userIdResp.Errmsg = %s", userResp.Errcode, userResp.Errmsg)
+	}
+	//Use userid and accesstoken to get user information
+	resp, err = idp.Client.Get(fmt.Sprintf("https://api.im.baidu.com/api/user/get?access_token=%s&userid=%s", accessToken, userResp.UserId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err = io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	infoResp := &InfoflowInternalUserInfo{}
+	err = json.Unmarshal(data, infoResp)
+	if err != nil {
+		return nil, err
+	}
+	if infoResp.Errcode != 0 {
+		return nil, fmt.Errorf("userInfoResp.errcode = %d, userInfoResp.errmsg = %s", infoResp.Errcode, infoResp.Errmsg)
+	}
+	userInfo := UserInfo{
+		Id:          infoResp.UserId,
+		Username:    infoResp.UserId,
+		DisplayName: infoResp.Name,
+		AvatarUrl:   infoResp.Avatar,
+		Email:       infoResp.Email,
+	}
+
+	if userInfo.Id == "" {
+		userInfo.Id = userInfo.Username
+	}
+	return &userInfo, nil
+}

idp/infoflow_third_party.go

@@ -0,0 +1,211 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2"
+)
+
+type InfoflowIdProvider struct {
+	Client  *http.Client
+	Config  *oauth2.Config
+	AgentId string
+	Ticket  string
+}
+
+func NewInfoflowIdProvider(clientId string, clientSecret string, appId string, redirectUrl string) *InfoflowIdProvider {
+	idp := &InfoflowIdProvider{}
+
+	config := idp.getConfig(clientId, clientSecret, redirectUrl)
+	idp.Config = config
+	idp.AgentId = appId
+	return idp
+}
+
+func (idp *InfoflowIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *InfoflowIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
+	var config = &oauth2.Config{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
+		RedirectURL:  redirectUrl,
+	}
+
+	return config
+}
+
+type InfoflowToken struct {
+	Errcode     int    `json:"errcode"`
+	Errmsg      string `json:"errmsg"`
+	AccessToken string `json:"suite_access_token"`
+	ExpiresIn   int    `json:"expires_in"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/third_serverapi/authority
+func (idp *InfoflowIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	pTokenParams := &struct {
+		SuiteId     string `json:"suite_id"`
+		SuiteSecret string `json:"suite_secret"`
+		SuiteTicket string `json:"suite_ticket"`
+	}{idp.Config.ClientID, idp.Config.ClientSecret, idp.Ticket}
+	data, err := idp.postWithBody(pTokenParams, "https://api.im.baidu.com/api/service/get_suite_token")
+
+	pToken := &InfoflowToken{}
+	err = json.Unmarshal(data, pToken)
+	if err != nil {
+		return nil, err
+	}
+	if pToken.Errcode != 0 {
+		return nil, fmt.Errorf("pToken.Errcode = %d, pToken.Errmsg = %s", pToken.Errcode, pToken.Errmsg)
+	}
+	token := &oauth2.Token{
+		AccessToken: pToken.AccessToken,
+		Expiry:      time.Unix(time.Now().Unix()+int64(pToken.ExpiresIn), 0),
+	}
+
+	raw := make(map[string]interface{})
+	raw["code"] = code
+	token = token.WithExtra(raw)
+
+	return token, nil
+}
+
+/*
+{
+    "errcode": 0,
+    "errmsg": "ok",
+    "userid": "lili",
+    "name": "丽丽",
+    "department": [1],
+    "mobile": "13500088888",
+    "email": "lili4@gzdev.com",
+    "imid": 40000318,
+    "hiuname": "lili4",
+    "status": 1,
+    "extattr": {
+        "attrs": [
+            {
+                "name": "爱好",
+                "value": "旅游"
+            },
+            {
+                "name": "卡号",
+                "value": "1234567234"
+            }
+        ]
+    },
+    "lm" : 14236463257
+}
+*/
+
+type InfoflowUserResp struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	UserId  string `json:"UserId"`
+}
+
+type InfoflowUserInfo struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	Imid    string `json:"imid"`
+	Name    string `json:"name"`
+	Email   string `json:"email"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/third_serverapi/contacts?id=%e8%8e%b7%e5%8f%96%e6%88%90%e5%91%98
+func (idp *InfoflowIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	//Get userid first
+	accessToken := token.AccessToken
+	code := token.Extra("code").(string)
+	resp, err := idp.Client.Get(fmt.Sprintf("https://api.im.baidu.com/api/user/getuserinfo?access_token=%s&code=%s&agentid=%s", accessToken, code, idp.AgentId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	userResp := &InfoflowUserResp{}
+	err = json.Unmarshal(data, userResp)
+	if err != nil {
+		return nil, err
+	}
+	if userResp.Errcode != 0 {
+		return nil, fmt.Errorf("userIdResp.Errcode = %d, userIdResp.Errmsg = %s", userResp.Errcode, userResp.Errmsg)
+	}
+	//Use userid and accesstoken to get user information
+	resp, err = idp.Client.Get(fmt.Sprintf("https://api.im.baidu.com/api/user/get?access_token=%s&userid=%s", accessToken, userResp.UserId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err = io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	infoResp := &InfoflowUserInfo{}
+	err = json.Unmarshal(data, infoResp)
+	if err != nil {
+		return nil, err
+	}
+	if infoResp.Errcode != 0 {
+		return nil, fmt.Errorf("userInfoResp.errcode = %d, userInfoResp.errmsg = %s", infoResp.Errcode, infoResp.Errmsg)
+	}
+	userInfo := UserInfo{
+		Id:          infoResp.Imid,
+		Username:    infoResp.Name,
+		DisplayName: infoResp.Name,
+		Email:       infoResp.Email,
+	}
+
+	if userInfo.Id == "" {
+		userInfo.Id = userInfo.Username
+	}
+	return &userInfo, nil
+}
+
+func (idp *InfoflowIdProvider) postWithBody(body interface{}, url string) ([]byte, error) {
+	bs, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	r := strings.NewReader(string(bs))
+	resp, err := idp.Client.Post(url, "application/json;charset=UTF-8", r)
+	if err != nil {
+		return nil, err
+	}
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			return
+		}
+	}(resp.Body)
+
+	return data, nil
+}

idp/provider.go

@@ -35,35 +35,49 @@ type IdProvider interface {
 	GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 }
 
-func GetIdProvider(providerType string, clientId string, clientSecret string, redirectUrl string) IdProvider {
-	if providerType == "GitHub" {
+func GetIdProvider(typ string, subType string, clientId string, clientSecret string, appId string, redirectUrl string) IdProvider {
+	if typ == "GitHub" {
 		return NewGithubIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "Google" {
+	} else if typ == "Google" {
 		return NewGoogleIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "QQ" {
+	} else if typ == "QQ" {
 		return NewQqIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "WeChat" {
+	} else if typ == "WeChat" {
 		return NewWeChatIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "Facebook" {
+	} else if typ == "Facebook" {
 		return NewFacebookIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "DingTalk" {
+	} else if typ == "DingTalk" {
 		return NewDingTalkIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "Weibo" {
+	} else if typ == "Weibo" {
 		return NewWeiBoIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "Gitee" {
+	} else if typ == "Gitee" {
 		return NewGiteeIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "LinkedIn" {
+	} else if typ == "LinkedIn" {
 		return NewLinkedInIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "WeCom" {
-		return NewWeComIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "Lark" {
+	} else if typ == "WeCom" {
+		if subType == "Internal" {
+			return NewWeComInternalIdProvider(clientId, clientSecret, redirectUrl)
+		} else if subType == "Third-party" {
+			return NewWeComIdProvider(clientId, clientSecret, redirectUrl)
+		} else {
+			return nil
+		}
+	} else if typ == "Lark" {
 		return NewLarkIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "GitLab" {
+	} else if typ == "GitLab" {
 		return NewGitlabIdProvider(clientId, clientSecret, redirectUrl)
-	} else if providerType == "Baidu" {
+	} else if typ == "Baidu" {
 		return NewBaiduIdProvider(clientId, clientSecret, redirectUrl)
-	} else if isGothSupport(providerType) {
-		return NewGothIdProvider(providerType, clientId, clientSecret, redirectUrl)
+	} else if typ == "Infoflow" {
+		if subType == "Internal" {
+			return NewInfoflowInternalIdProvider(clientId, clientSecret, appId, redirectUrl)
+		} else if subType == "Third-party" {
+			return NewInfoflowIdProvider(clientId, clientSecret, appId, redirectUrl)
+		} else {
+			return nil
+		}
+	} else if isGothSupport(typ) {
+		return NewGothIdProvider(typ, clientId, clientSecret, redirectUrl)
 	}
 
 	return nil

idp/wecom_internal.go

@@ -163,5 +163,9 @@ func (idp *WeComInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo,
 		AvatarUrl:   infoResp.Avatar,
 	}
 
+	if userInfo.Id == "" {
+		userInfo.Id = userInfo.Username
+	}
+
 	return &userInfo, nil
 }

main.go

@@ -19,7 +19,6 @@ import (
 
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/logs"
-	"github.com/astaxie/beego/plugins/cors"
 	_ "github.com/astaxie/beego/session/redis"
 	"github.com/casdoor/casdoor/authz"
 	"github.com/casdoor/casdoor/object"
@@ -40,14 +39,6 @@ func main() {
 
 	go object.RunSyncUsersJob()
 
-	beego.InsertFilter("*", beego.BeforeRouter, cors.Allow(&cors.Options{
-		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"GET", "PUT", "PATCH"},
-		AllowHeaders:     []string{"Origin"},
-		ExposeHeaders:    []string{"Content-Length"},
-		AllowCredentials: true,
-	}))
-
 	//beego.DelStaticPath("/static")
 	beego.SetStaticPath("/static", "web/build/static")
 	beego.BConfig.WebConfig.DirectoryIndex = true

object/adapter.go

@@ -183,6 +183,11 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}
 
+	err = a.Engine.Sync2(new(Payment))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Ldap))
 	if err != nil {
 		panic(err)
@@ -211,4 +216,4 @@ func GetSession(owner string, offset, limit int, field, value, sortField, sortOr
 		session = session.Desc(util.SnakeString(sortField))
 	}
 	return session
-}
+}

object/oidc_discovery.go

@@ -18,6 +18,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"strings"
 
 	"github.com/astaxie/beego"
 	"gopkg.in/square/go-jose.v2"
@@ -40,22 +41,39 @@ type OidcDiscovery struct {
 	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
 }
 
-var oidcDiscovery OidcDiscovery
+func getOriginFromHost(host string) (string, string) {
+	protocol := "https://"
+	if strings.HasPrefix(host, "localhost") {
+		protocol = "http://"
+	}
+
+	if host == "localhost:8000" {
+		return fmt.Sprintf("%s%s", protocol, "localhost:7001"), fmt.Sprintf("%s%s", protocol, "localhost:8000")
+	} else {
+		return fmt.Sprintf("%s%s", protocol, host), fmt.Sprintf("%s%s", protocol, host)
+	}
+}
+
+func GetOidcDiscovery(host string) OidcDiscovery {
+	originFrontend, originBackend := getOriginFromHost(host)
 
-func init() {
 	origin := beego.AppConfig.String("origin")
+	if origin != "" {
+		originFrontend = origin
+		originBackend = origin
+	}
 
 	// Examples:
 	// https://login.okta.com/.well-known/openid-configuration
 	// https://auth0.auth0.com/.well-known/openid-configuration
 	// https://accounts.google.com/.well-known/openid-configuration
 	// https://access.line.me/.well-known/openid-configuration
-	oidcDiscovery = OidcDiscovery{
-		Issuer:                                 origin,
-		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", origin),
-		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", origin),
-		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", origin),
-		JwksUri:                                fmt.Sprintf("%s/api/certs", origin),
+	oidcDiscovery := OidcDiscovery{
+		Issuer:                                 originFrontend,
+		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", originFrontend),
+		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", originBackend),
+		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", originBackend),
+		JwksUri:                                fmt.Sprintf("%s/api/certs", originBackend),
 		ResponseTypesSupported:                 []string{"id_token"},
 		ResponseModesSupported:                 []string{"login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
@@ -66,9 +84,7 @@ func init() {
 		RequestParameterSupported:              true,
 		RequestObjectSigningAlgValuesSupported: []string{"HS256", "HS384", "HS512"},
 	}
-}
 
-func GetOidcDiscovery() OidcDiscovery {
 	return oidcDiscovery
 }
 

object/payment.go

@@ -0,0 +1,129 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"xorm.io/core"
+)
+
+type Payment struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+
+	Provider     string `xorm:"varchar(100)" json:"provider"`
+	Type         string `xorm:"varchar(100)" json:"type"`
+	Organization string `xorm:"varchar(100)" json:"organization"`
+	User         string `xorm:"varchar(100)" json:"user"`
+	Good         string `xorm:"varchar(100)" json:"good"`
+	Amount       string `xorm:"varchar(100)" json:"amount"`
+	Currency     string `xorm:"varchar(100)" json:"currency"`
+
+	State string `xorm:"varchar(100)" json:"state"`
+}
+
+func GetPaymentCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Payment{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetPayments(owner string) []*Payment {
+	payments := []*Payment{}
+	err := adapter.Engine.Desc("created_time").Find(&payments, &Payment{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return payments
+}
+
+func GetPaginationPayments(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Payment {
+	payments := []*Payment{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&payments)
+	if err != nil {
+		panic(err)
+	}
+
+	return payments
+}
+
+func getPayment(owner string, name string) *Payment {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	payment := Payment{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&payment)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &payment
+	} else {
+		return nil
+	}
+}
+
+func GetPayment(id string) *Payment {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getPayment(owner, name)
+}
+
+func UpdatePayment(id string, payment *Payment) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getPayment(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(payment)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddPayment(payment *Payment) bool {
+	affected, err := adapter.Engine.Insert(payment)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeletePayment(payment *Payment) bool {
+	affected, err := adapter.Engine.ID(core.PK{payment.Owner, payment.Name}).Delete(&Payment{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (payment *Payment) GetId() string {
+	return fmt.Sprintf("%s/%s", payment.Owner, payment.Name)
+}

object/provider.go

@@ -29,6 +29,7 @@ type Provider struct {
 	DisplayName   string `xorm:"varchar(100)" json:"displayName"`
 	Category      string `xorm:"varchar(100)" json:"category"`
 	Type          string `xorm:"varchar(100)" json:"type"`
+	SubType       string `xorm:"varchar(100)" json:"subType"`
 	Method        string `xorm:"varchar(100)" json:"method"`
 	ClientId      string `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret  string `xorm:"varchar(100)" json:"clientSecret"`

object/token.go

@@ -19,6 +19,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"strings"
+	"time"
 
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
@@ -45,6 +46,8 @@ type Token struct {
 	Scope         string `xorm:"varchar(100)" json:"scope"`
 	TokenType     string `xorm:"varchar(100)" json:"tokenType"`
 	CodeChallenge string `xorm:"varchar(100)" json:"codeChallenge"`
+	CodeIsUsed    bool   `json:"codeIsUsed"`
+	CodeExpireIn  int64  `json:"codeExpireIn"`
 }
 
 type TokenWrapper struct {
@@ -106,8 +109,8 @@ func getToken(owner string, name string) *Token {
 }
 
 func getTokenByCode(code string) *Token {
-	token := Token{}
-	existed, err := adapter.Engine.Where("code=?", code).Get(&token)
+	token := Token{Code: code}
+	existed, err := adapter.Engine.Get(&token)
 	if err != nil {
 		panic(err)
 	}
@@ -119,6 +122,15 @@ func getTokenByCode(code string) *Token {
 	return nil
 }
 
+func updateUsedByCode(token *Token) bool {
+	affected, err := adapter.Engine.Where("code=?", token.Code).Cols("code_is_used").Update(token)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
 func GetToken(id string) *Token {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getToken(owner, name)
@@ -156,6 +168,16 @@ func DeleteToken(token *Token) bool {
 	return affected != 0
 }
 
+func GetTokenByAccessToken(accessToken string) *Token {
+	//Check if the accessToken is in the database
+	token := Token{AccessToken: accessToken}
+	existed, err := adapter.Engine.Get(&token)
+	if err != nil || !existed {
+		return nil
+	}
+	return &token
+}
+
 func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string) (string, *Application) {
 	if responseType != "code" {
 		return "response_type should be \"code\"", nil
@@ -228,6 +250,8 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 		Scope:         scope,
 		TokenType:     "Bearer",
 		CodeChallenge: challenge,
+		CodeIsUsed:    false,
+		CodeExpireIn:  time.Now().Add(time.Minute * 5).Unix(),
 	}
 	AddToken(token)
 
@@ -301,7 +325,29 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 			Scope:       "",
 		}
 	}
+	if token.CodeIsUsed {
+		//Resist replay attacks, if the code is reused, the token generated with this code will be deleted
+		DeleteToken(token)
+		return &TokenWrapper{
+			AccessToken: "error: code has been used.",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
+	if time.Now().Unix() > token.CodeExpireIn {
+		//can only use the code to generate a token within five minutes
+		DeleteToken(token)
+		return &TokenWrapper{
+			AccessToken: "error: code has expired",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
 
+	token.CodeIsUsed = true
+	updateUsedByCode(token)
 	tokenWrapper := &TokenWrapper{
 		AccessToken:  token.AccessToken,
 		IdToken:      token.AccessToken,

object/user.go

@@ -80,6 +80,7 @@ type User struct {
 	Lark     string `xorm:"lark varchar(100)" json:"lark"`
 	Gitlab   string `xorm:"gitlab varchar(100)" json:"gitlab"`
 	Baidu    string `xorm:"baidu varchar(100)" json:"baidu"`
+	Infoflow string `xorm:"infoflow varchar(100)" json:"infoflow"`
 	Apple    string `xorm:"apple varchar(100)" json:"apple"`
 	AzureAD  string `xorm:"azuread varchar(100)" json:"azuread"`
 	Slack    string `xorm:"slack varchar(100)" json:"slack"`

routers/auto_signin_filter.go

@@ -16,7 +16,6 @@ package routers
 
 import (
 	"fmt"
-	"time"
 
 	"github.com/astaxie/beego/context"
 	"github.com/casdoor/casdoor/object"
@@ -28,22 +27,28 @@ func AutoSigninFilter(ctx *context.Context) {
 	//	return
 	//}
 
-	// "/page?access_token=123"
+	// GET parameter like "/page?access_token=123" or
+	// HTTP Bearer token like "Authorization: Bearer 123"
 	accessToken := ctx.Input.Query("accessToken")
+	if accessToken == "" {
+		accessToken = parseBearerToken(ctx)
+	}
 	if accessToken != "" {
-		cert := object.GetDefaultCert()
-		claims, err := object.ParseJwtToken(accessToken, cert)
-		if err != nil {
-			responseError(ctx, "invalid JWT token")
+		token := object.GetTokenByAccessToken(accessToken)
+		if token == nil {
+			responseError(ctx, "Access token doesn't exist")
 			return
 		}
-		if time.Now().Unix() > claims.ExpiresAt.Unix() {
-			responseError(ctx, "expired JWT token")
+
+		if util.IsTokenExpired(token.CreatedTime, token.ExpiresIn) {
+			responseError(ctx, "Access token has expired")
+			return
 		}
 
-		userId := fmt.Sprintf("%s/%s", claims.User.Owner, claims.User.Name)
+		userId := fmt.Sprintf("%s/%s", token.Organization, token.User)
+		application, _ := object.GetApplicationByUserId(fmt.Sprintf("app/%s", token.Application))
 		setSessionUser(ctx, userId)
-		setSessionOidc(ctx, claims.Scope, claims.Audience[0])
+		setSessionOidc(ctx, token.Scope, application.ClientId)
 		return
 	}
 
@@ -69,19 +74,4 @@ func AutoSigninFilter(ctx *context.Context) {
 		return
 	}
 
-	// HTTP Bearer token
-	// Authorization: Bearer bearerToken
-	bearerToken := parseBearerToken(ctx)
-	if bearerToken != "" {
-		cert := object.GetDefaultCert()
-		claims, err := object.ParseJwtToken(bearerToken, cert)
-		if err != nil {
-			responseError(ctx, err.Error())
-			return
-		}
-
-		setSessionUser(ctx, fmt.Sprintf("%s/%s", claims.Owner, claims.Name))
-		setSessionExpire(ctx, claims.ExpiresAt.Unix())
-		setSessionOidc(ctx, claims.Scope, claims.Audience[0])
-	}
 }

routers/router.go

@@ -149,6 +149,12 @@ func initAPI() {
 	beego.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
 	beego.Router("/api/delete-cert", &controllers.ApiController{}, "POST:DeleteCert")
 
+	beego.Router("/api/get-payments", &controllers.ApiController{}, "GET:GetPayments")
+	beego.Router("/api/get-payment", &controllers.ApiController{}, "GET:GetPayment")
+	beego.Router("/api/update-payment", &controllers.ApiController{}, "POST:UpdatePayment")
+	beego.Router("/api/add-payment", &controllers.ApiController{}, "POST:AddPayment")
+	beego.Router("/api/delete-payment", &controllers.ApiController{}, "POST:DeletePayment")
+
 	beego.Router("/api/send-email", &controllers.ApiController{}, "POST:SendEmail")
 	beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")
 

util/time.go

@@ -28,3 +28,9 @@ func GetCurrentTime() string {
 func GetCurrentUnixTime() string {
 	return strconv.FormatInt(time.Now().UnixNano(), 10)
 }
+
+func IsTokenExpired(createdTime string, expiresIn int) bool {
+	createdTimeObj, _ := time.Parse(time.RFC3339, createdTime)
+	expiresAtObj := createdTimeObj.Add(time.Duration(expiresIn) * time.Minute)
+	return time.Now().After(expiresAtObj)
+}

util/time_test.go

@@ -0,0 +1,111 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_GetCurrentTime(t *testing.T) {
+	test := GetCurrentTime()
+	expected := time.Now().Format(time.RFC3339)
+
+	assert.Equal(t, test, expected, "The times not are equals")
+
+	types := reflect.TypeOf(test).Kind()
+	assert.Equal(t, types, reflect.String, "GetCurrentUnixTime should be return string")
+
+}
+
+func Test_GetCurrentUnixTime_Shoud_Return_String(t *testing.T) {
+	test := GetCurrentUnixTime()
+	types := reflect.TypeOf(test).Kind()
+	assert.Equal(t, types, reflect.String, "GetCurrentUnixTime should be return string")
+}
+
+func Test_IsTokenExpired(t *testing.T) {
+
+	type input struct {
+		createdTime string
+		expiresIn   int
+	}
+
+	type testCases struct {
+		description string
+		input       input
+		expected    bool
+	}
+
+	for _, scenario := range []testCases{
+		{
+			description: "Token emited now is valid for 60 minutes",
+			input: input{
+				createdTime: time.Now().Format(time.RFC3339),
+				expiresIn:   60,
+			},
+			expected: false,
+		},
+		{
+			description: "Token emited 60 minutes before now is valid for 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Minute * 60).Format(time.RFC3339),
+				expiresIn:   61,
+			},
+			expected: false,
+		},
+		{
+			description: "Token emited 2 hours before now is Expired after 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Hour * 2).Format(time.RFC3339),
+				expiresIn:   60,
+			},
+			expected: true,
+		},
+		{
+			description: "Token emited 61 minutes before now is Expired after 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Minute * 61).Format(time.RFC3339),
+				expiresIn:   60,
+			},
+			expected: true,
+		},
+		{
+			description: "Token emited 2 hours before now  is velid for 120 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Hour * 2).Format(time.RFC3339),
+				expiresIn:   121,
+			},
+			expected: false,
+		},
+		{
+			description: "Token emited 159 minutes before now is Expired after 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Minute * 159).Format(time.RFC3339),
+				expiresIn:   120,
+			},
+			expected: true,
+		},
+	} {
+		t.Run(scenario.description, func(t *testing.T) {
+			result := IsTokenExpired(scenario.input.createdTime, scenario.input.expiresIn)
+			assert.Equal(t, scenario.expected, result, fmt.Sprintf("Expected %t, but was founded %t", scenario.expected, result))
+		})
+	}
+}

web/craco.config.js

@@ -1,13 +1,33 @@
 const CracoLessPlugin = require('craco-less');
 
 module.exports = {
+  devServer: {
+    proxy: {
+      '/api': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      },
+      '/swagger': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      },
+      '/files': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      },
+      '/.well-known/openid-configuration': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      }
+    },
+  },
   plugins: [
     {
       plugin: CracoLessPlugin,
       options: {
         lessLoaderOptions: {
           lessOptions: {
-            modifyVars: { '@primary-color': 'rgb(45,120,213)' },
+            modifyVars: {'@primary-color': 'rgb(45,120,213)'},
             javascriptEnabled: true,
           },
         },

web/src/App.js

@@ -43,6 +43,8 @@ import SyncerListPage from "./SyncerListPage";
 import SyncerEditPage from "./SyncerEditPage";
 import CertListPage from "./CertListPage";
 import CertEditPage from "./CertEditPage";
+import PaymentListPage from "./PaymentListPage";
+import PaymentEditPage from "./PaymentEditPage";
 import AccountPage from "./account/AccountPage";
 import HomePage from "./basic/HomePage";
 import CustomGithubCorner from "./CustomGithubCorner";
@@ -126,6 +128,8 @@ class App extends Component {
       this.setState({ selectedMenuKey: '/syncers' });
     } else if (uri.includes('/certs')) {
       this.setState({ selectedMenuKey: '/certs' });
+    } else if (uri.includes('/payments')) {
+      this.setState({ selectedMenuKey: '/payments' });
     } else if (uri.includes('/signup')) {
       this.setState({ selectedMenuKey: '/signup' });
     } else if (uri.includes('/login')) {
@@ -408,6 +412,13 @@ class App extends Component {
           </Link>
         </Menu.Item>
       );
+      res.push(
+        <Menu.Item key="/payments">
+          <Link to="/payments">
+            {i18next.t("general:Payments")}
+          </Link>
+        </Menu.Item>
+      );
       res.push(
         <Menu.Item key="/swagger">
           <a target="_blank" rel="noreferrer" href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
@@ -478,6 +489,8 @@ class App extends Component {
           <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)}/>
           <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)}/>
           <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)}/>
           <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)}/>
           <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />}/>
           <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}

web/src/PaymentEditPage.js

@@ -0,0 +1,210 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select, Switch} from 'antd';
+import * as PaymentBackend from "./backend/PaymentBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+import * as RoleBackend from "./backend/RoleBackend";
+
+const { Option } = Select;
+
+class PaymentEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      paymentName: props.match.params.paymentName,
+      payment: null,
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getPayment();
+  }
+
+  getPayment() {
+    PaymentBackend.getPayment("admin", this.state.paymentName)
+      .then((payment) => {
+        this.setState({
+          payment: payment,
+        });
+      });
+  }
+
+  parsePaymentField(key, value) {
+    if ([""].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updatePaymentField(key, value) {
+    value = this.parsePaymentField(key, value);
+
+    let payment = this.state.payment;
+    payment[key] = value;
+    this.setState({
+      payment: payment,
+    });
+  }
+
+  renderPayment() {
+    return (
+      <Card size="small" title={
+        <div>
+          {i18next.t("payment:Edit Payment")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitPaymentEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" onClick={() => this.submitPaymentEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      } style={(Setting.isMobile())? {margin: '5px'}:{}} type="inner">
+        <Row style={{marginTop: '10px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.organization} onChange={e => {
+              // this.updatePaymentField('organization', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.name} onChange={e => {
+              // this.updatePaymentField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.displayName} onChange={e => {
+              this.updatePaymentField('displayName', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.name} onChange={e => {
+              // this.updatePaymentField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Provider"), i18next.t("general:Provider - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.provider} onChange={e => {
+              // this.updatePaymentField('provider', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Type"), i18next.t("provider:Type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.type} onChange={e => {
+              // this.updatePaymentField('type', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Good"), i18next.t("payment:Good - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.good} onChange={e => {
+              // this.updatePaymentField('good', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Amount"), i18next.t("payment:Amount - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.amount} onChange={e => {
+              // this.updatePaymentField('amount', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Currency"), i18next.t("payment:Currency - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.currency} onChange={e => {
+              // this.updatePaymentField('currency', e.target.value);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    )
+  }
+
+  submitPaymentEdit(willExist) {
+    let payment = Setting.deepCopy(this.state.payment);
+    PaymentBackend.updatePayment(this.state.organizationName, this.state.paymentName, payment)
+      .then((res) => {
+        if (res.msg === "") {
+          Setting.showMessage("success", `Successfully saved`);
+          this.setState({
+            paymentName: this.state.payment.name,
+          });
+
+          if (willExist) {
+            this.props.history.push(`/payments`);
+          } else {
+            this.props.history.push(`/payments/${this.state.payment.name}`);
+          }
+        } else {
+          Setting.showMessage("error", res.msg);
+          this.updatePaymentField('name', this.state.paymentName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.payment !== null ? this.renderPayment() : null
+        }
+        <div style={{marginTop: '20px', marginLeft: '40px'}}>
+          <Button size="large" onClick={() => this.submitPaymentEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" size="large" onClick={() => this.submitPaymentEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      </div>
+    );
+  }
+}
+
+export default PaymentEditPage;

web/src/PaymentListPage.js

@@ -0,0 +1,264 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Popconfirm, Switch, Table} from 'antd';
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as PaymentBackend from "./backend/PaymentBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+import * as Provider from "./auth/Provider";
+
+class PaymentListPage extends BaseListPage {
+  newPayment() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin",
+      name: `payment_${randomName}`,
+      createdTime: moment().format(),
+      displayName: `New Payment - ${randomName}`,
+      provider: "provider_pay_paypal",
+      type: "PayPal",
+      organization: "built-in",
+      user: "admin",
+      good: "A notebook computer",
+      amount: "300",
+      currency: "USD",
+      state: "Paid",
+    }
+  }
+
+  addPayment() {
+    const newPayment = this.newPayment();
+    PaymentBackend.addPayment(newPayment)
+      .then((res) => {
+          Setting.showMessage("success", `Payment added successfully`);
+          this.props.history.push(`/payments/${newPayment.name}`);
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Payment failed to add: ${error}`);
+      });
+  }
+
+  deletePayment(i) {
+    PaymentBackend.deletePayment(this.state.data[i])
+      .then((res) => {
+          Setting.showMessage("success", `Payment deleted successfully`);
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Payment failed to delete: ${error}`);
+      });
+  }
+
+  renderTable(payments) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: 'owner',
+        key: 'owner',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('owner'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:User"),
+        dataIndex: 'user',
+        key: 'user',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('user'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${record.organization}/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: 'name',
+        key: 'name',
+        width: '150px',
+        fixed: 'left',
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/payments/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: 'createdTime',
+        key: 'createdTime',
+        width: '160px',
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        }
+      },
+      // {
+      //   title: i18next.t("general:Display name"),
+      //   dataIndex: 'displayName',
+      //   key: 'displayName',
+      //   width: '160px',
+      //   sorter: true,
+      //   ...this.getColumnSearchProps('displayName'),
+      // },
+      {
+        title: i18next.t("general:Provider"),
+        dataIndex: 'provider',
+        key: 'provider',
+        width: '150px',
+        fixed: 'left',
+        sorter: true,
+        ...this.getColumnSearchProps('provider'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/providers/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("provider:Type"),
+        dataIndex: 'type',
+        key: 'type',
+        width: '110px',
+        align: 'center',
+        filterMultiple: false,
+        filters: [
+          {text: 'Payment', value: 'Payment', children: Setting.getProviderTypeOptions('Payment').map((o) => {return {text:o.id, value:o.name}})},
+        ],
+        sorter: true,
+        render: (text, record, index) => {
+          return Provider.getProviderLogoWidget(record);
+        }
+      },
+      {
+        title: i18next.t("payment:Good"),
+        dataIndex: 'good',
+        key: 'good',
+        width: '160px',
+        sorter: true,
+        ...this.getColumnSearchProps('good'),
+      },
+      {
+        title: i18next.t("payment:Amount"),
+        dataIndex: 'amount',
+        key: 'amount',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('amount'),
+      },
+      {
+        title: i18next.t("payment:Currency"),
+        dataIndex: 'currency',
+        key: 'currency',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('currency'),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: '',
+        key: 'op',
+        width: '170px',
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: '10px', marginBottom: '10px', marginRight: '10px'}} type="primary" onClick={() => this.props.history.push(`/payments/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Popconfirm
+                title={`Sure to delete payment: ${record.name} ?`}
+                onConfirm={() => this.deletePayment(index)}
+              >
+                <Button style={{marginBottom: '10px'}} type="danger">{i18next.t("general:Delete")}</Button>
+              </Popconfirm>
+            </div>
+          )
+        }
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: 'max-content'}} columns={columns} dataSource={payments} rowKey="name" size="middle" bordered pagination={paginationProps}
+               title={() => (
+                 <div>
+                   {i18next.t("general:Payments")}&nbsp;&nbsp;&nbsp;&nbsp;
+                   <Button type="primary" size="small" onClick={this.addPayment.bind(this)}>{i18next.t("general:Add")}</Button>
+                 </div>
+               )}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({ loading: true });
+    PaymentBackend.getPayments("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        }
+      });
+  };
+}
+
+export default PaymentListPage;

web/src/ProviderEditPage.js

@@ -91,18 +91,24 @@ class ProviderEditPage extends React.Component {
   getAppIdRow() {
     let text, tooltip;
     if (this.state.provider.category === "SMS" && this.state.provider.type === "Tencent Cloud SMS") {
-      text = "provider:App ID";
-      tooltip = "provider:App ID - Tooltip";
+      text = i18next.t("provider:App ID");
+      tooltip = i18next.t("provider:App ID - Tooltip");
+    } else if (this.state.provider.type === "WeCom" && this.state.provider.subType === "Internal") {
+      text = i18next.t("provider:Agent ID");
+      tooltip = i18next.t("provider:Agent ID - Tooltip");
+    } else if (this.state.provider.type === "Infoflow"){
+      text = i18next.t("provider:Agent ID");
+      tooltip = i18next.t("provider:Agent ID - Tooltip");
     } else if (this.state.provider.category === "SMS" && this.state.provider.type === "Volc Engine SMS") {
-      text = "provider:SMS account";
-      tooltip = "provider:SMS account - Tooltip";
+      text = i18next.t("provider:SMS account");
+      tooltip = i18next.t("provider:SMS account - Tooltip");
     } else {
       return null;
     }
 
     return <Row style={{marginTop: '20px'}} >
       <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
-        {Setting.getLabel(i18next.t(text), i18next.t(tooltip))} :
+        {Setting.getLabel(text, tooltip)} :
       </Col>
       <Col span={22} >
         <Input value={this.state.provider.appId} onChange={e => {
@@ -181,6 +187,7 @@ class ProviderEditPage extends React.Component {
                   {id: 'SMS', name: 'SMS'},
                   {id: 'Storage', name: 'Storage'},
                   {id: 'SAML', name: 'SAML'},
+                  {id: 'Payment', name: 'Payment'},
                 ].map((providerCategory, index) => <Option key={index} value={providerCategory.id}>{providerCategory.name}</Option>)
               }
             </Select>
@@ -204,21 +211,40 @@ class ProviderEditPage extends React.Component {
           </Col>
         </Row>
         {
-          this.state.provider.type !== "WeCom" ? null : (
-            <Row style={{marginTop: '20px'}} >
-              <Col style={{marginTop: '5px'}} span={2}>
-                {Setting.getLabel(i18next.t("provider:Method"), i18next.t("provider:Method - Tooltip"))} :
-              </Col>
-              <Col span={22} >
-                <Select virtual={false} style={{width: '100%'}} value={this.state.provider.method} onChange={value => {
-                  this.updateProviderField('method', value);
-                }}>
-                  {
-                    [{name: "Normal"}, {name: "Silent"}].map((method, index) => <Option key={index} value={method.name}>{method.name}</Option>)
-                  }
-                </Select>
-              </Col>
-            </Row>
+          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" ? null : (
+            <React.Fragment>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={2}>
+                  {Setting.getLabel(i18next.t("provider:Sub type"), i18next.t("provider:Sub type - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Select virtual={false} style={{width: '100%'}} value={this.state.provider.subType} onChange={value => {
+                    this.updateProviderField('subType', value);
+                  }}>
+                    {
+                      Setting.getProviderSubTypeOptions(this.state.provider.type).map((providerSubType, index) => <Option key={index} value={providerSubType.id}>{providerSubType.name}</Option>)
+                    }
+                  </Select>
+                </Col>
+              </Row>
+              {
+                this.state.provider.type !== "WeCom"  ? null : (    
+                  <Row style={{marginTop: '20px'}} >
+                    <Col style={{marginTop: '5px'}} span={2}>
+                      {Setting.getLabel(i18next.t("provider:Method"), i18next.t("provider:Method - Tooltip"))} :
+                    </Col>
+                    <Col span={22} >
+                      <Select virtual={false} style={{width: '100%'}} value={this.state.provider.method} onChange={value => {
+                        this.updateProviderField('method', value);
+                      }}>
+                        {
+                          [{name: "Normal"}, {name: "Silent"}].map((method, index) => <Option key={index} value={method.name}>{method.name}</Option>)
+                        }
+                      </Select>
+                    </Col>
+                  </Row>)
+              }
+            </React.Fragment>
           )
         }
         <Row style={{marginTop: '20px'}} >

web/src/Setting.js

@@ -42,10 +42,10 @@ export function getCountryRegionData() {
 }
 
 export function initServerUrl() {
-  const hostname = window.location.hostname;
-  if (hostname === "localhost") {
-    ServerUrl = `http://${hostname}:8000`;
-  }
+  //const hostname = window.location.hostname;
+  // if (hostname === "localhost") {
+  //   ServerUrl = `http://${hostname}:8000`;
+  // }
 }
 
 export function isLocalhost() {
@@ -399,6 +399,7 @@ export function getProviderTypeOptions(category) {
         {id: 'Lark', name: 'Lark'},
         {id: 'GitLab', name: 'GitLab'},
         {id: 'Baidu', name: 'Baidu'},
+        {id: 'Infoflow', name: 'Infoflow'},
         {id: 'Apple', name: 'Apple'},
         {id: 'AzureAD', name: 'AzureAD'},
         {id: 'Slack', name: 'Slack'},
@@ -432,6 +433,25 @@ export function getProviderTypeOptions(category) {
       {id: 'Aliyun IDaaS', name: 'Aliyun IDaaS'},
       {id: 'Keycloak', name: 'Keycloak'},
     ]);
+  } else if (category === "Payment") {
+    return ([
+      {id: 'Alipay', name: 'Alipay'},
+      {id: 'WeChat Pay', name: 'WeChat Pay'},
+      {id: 'PayPal', name: 'PayPal'},
+    ]);
+  } else {
+    return [];
+  }
+}
+
+export function getProviderSubTypeOptions(type) {
+  if (type === "WeCom" || type === "Infoflow") {
+    return (
+      [
+        {id: 'Internal', name: 'Internal'},
+        {id: 'Third-party', name: 'Third-party'},
+      ]
+    );
   } else {
     return [];
   }

web/src/auth/InfoflowLoginButton.js

@@ -0,0 +1,32 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {createButton} from "react-social-login-buttons";
+import {StaticBaseUrl} from "../Setting";
+
+function Icon({ width = 24, height = 24, color }) {
+    return <img src={`${StaticBaseUrl}/buttons/infoflow.svg`} alt="Sign in with Infoflow" style={{width: 24, height: 24}} />;
+}
+
+const config = {
+    text: "Sign in with Infoflow",
+    icon: Icon,
+    iconFormat: name => `fa fa-${name}`,
+    style: {background: "#ffffff", color: "#000000"},
+    activeStyle: {background: "#ededee"},
+};
+
+const InfoflowLoginButton = createButton(config);
+
+export default InfoflowLoginButton;

web/src/auth/LoginPage.js

@@ -35,6 +35,7 @@ import WeComLoginButton from "./WeComLoginButton";
 import LarkLoginButton from "./LarkLoginButton";
 import GitLabLoginButton from "./GitLabLoginButton";
 import BaiduLoginButton from "./BaiduLoginButton";
+import InfoflowLoginButton from "./InfoflowLoginButton";
 import AppleLoginButton from "./AppleLoginButton"
 import AzureADLoginButton from "./AzureADLoginButton";
 import SlackLoginButton from "./SlackLoginButton";
@@ -186,6 +187,8 @@ class LoginPage extends React.Component {
       return <GitLabLoginButton text={text} align={"center"} />
     } else if (type === "Baidu") {
       return <BaiduLoginButton text={text} align={"center"} />
+    } else if (type === "Infoflow") {
+      return <InfoflowLoginButton text={text} align={"center"} />
     } else if (type === "Apple") {
       return <AppleLoginButton text={text} align={"center"} />
     } else if (type === "AzureAD") {

web/src/auth/Provider.js

@@ -60,6 +60,7 @@ const authInfo = {
     scope: "snsapi_userinfo",
     endpoint: "https://open.work.weixin.qq.com/wwopen/sso/3rd_qrConnect",
     silentEndpoint: "https://open.weixin.qq.com/connect/oauth2/authorize",
+    internalEndpoint: "https://open.work.weixin.qq.com/wwopen/sso/qrConnect",
   },
   Lark: {
     // scope: "email",
@@ -73,6 +74,9 @@ const authInfo = {
     scope: "basic",
     endpoint: "http://openapi.baidu.com/oauth/2.0/authorize",
   },
+  Infoflow: {
+    endpoint: "https://xpc.im.baidu.com/oauth2/authorize",
+  },
   Apple: {
     scope: "name%20email",
     endpoint: "https://appleid.apple.com/auth/authorize",
@@ -136,6 +140,20 @@ const otherProviderInfo = {
       url: "https://www.keycloak.org/"
     },
   },
+  Payment: {
+    "Alipay": {
+      logo: `${StaticBaseUrl}/img/payment_alipay.png`,
+      url: "https://www.alipay.com/"
+    },
+    "WeChat Pay": {
+      logo: `${StaticBaseUrl}/img/payment_wechat_pay.png`,
+      url: "https://pay.weixin.qq.com/"
+    },
+    "PayPal": {
+      logo: `${StaticBaseUrl}/img/payment_paypal.png`,
+      url: "https://www.paypal.com/"
+    },
+  },
 };
 
 export function getProviderLogo(provider) {
@@ -192,7 +210,7 @@ export function getAuthUrl(application, provider, method) {
     return "";
   }
 
-  const endpoint = authInfo[provider.type].endpoint;
+  let endpoint = authInfo[provider.type].endpoint;
   const redirectUri = `${window.location.origin}/callback`;
   const scope = authInfo[provider.type].scope;
   const state = Util.getQueryParamsToState(application.name, provider.name, method);
@@ -220,12 +238,27 @@ export function getAuthUrl(application, provider, method) {
   } else if (provider.type === "LinkedIn") {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}`;
   } else if (provider.type === "WeCom") {
-    if (provider.method === "Silent") {
-      return `${authInfo[provider.type].silentEndpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${scope}&response_type=code#wechat_redirect`;
-    } else if (provider.method === "Normal") {
-      return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&usertype=member`;
+    if (provider.subType === "Internal") {
+      if (provider.method === "Silent") {
+        endpoint = authInfo[provider.type].silentEndpoint;
+        return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${scope}&response_type=code#wechat_redirect`;
+      } else if (provider.method === "Normal") {
+        endpoint = authInfo[provider.type].internalEndpoint;
+        return `${endpoint}?appid=${provider.clientId}&agentid=${provider.appId}&redirect_uri=${redirectUri}&state=${state}&usertype=member`;
+      } else {
+        return `https://error:not-supported-provider-method:${provider.method}`;
+      }
+    } else if (provider.subType === "Third-party") {
+      if (provider.method === "Silent") {
+        endpoint = authInfo[provider.type].silentEndpoint;
+        return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${scope}&response_type=code#wechat_redirect`;
+      } else if (provider.method === "Normal") {
+        return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&usertype=member`;
+      } else {
+        return `https://error:not-supported-provider-method:${provider.method}`;
+      }
     } else {
-      return `https://error:not-supported-provider-method:${provider.method}`;
+      return `https://error:not-supported-provider-sub-type:${provider.subType}`;
     }
   } else if (provider.type === "Lark") {
     return `${endpoint}?app_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}`;
@@ -233,6 +266,8 @@ export function getAuthUrl(application, provider, method) {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}`;
   } else if (provider.type === "Baidu") {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}&display=popup`;
+  } else if (provider.type === "Infoflow"){
+    return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}?state=${state}`
   } else if (provider.type === "Apple") {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}&response_mode=form_post`;
   } else if (provider.type === "AzureAD") {

web/src/auth/Util.js

@@ -75,18 +75,22 @@ export function renderMessageLarge(ths, msg) {
   }
 }
 
+function getRefinedValue(value){
+  return (value === null)? "" : value
+}
+
 export function getOAuthGetParameters(params) {
   const queries = (params !== undefined) ? params : new URLSearchParams(window.location.search);
-  const clientId = queries.get("client_id");
-  const responseType = queries.get("response_type");
-  const redirectUri = queries.get("redirect_uri");
-  const scope = queries.get("scope");
-  const state = queries.get("state");
-  const nonce = queries.get("nonce")
-  const challengeMethod = queries.get("code_challenge_method")
-  const codeChallenge = queries.get("code_challenge")
+  const clientId = getRefinedValue(queries.get("client_id"));
+  const responseType = getRefinedValue(queries.get("response_type"));
+  const redirectUri = getRefinedValue(queries.get("redirect_uri"));
+  const scope = getRefinedValue(queries.get("scope"));
+  const state = getRefinedValue(queries.get("state"));
+  const nonce = getRefinedValue(queries.get("nonce"))
+  const challengeMethod = getRefinedValue(queries.get("code_challenge_method"))
+  const codeChallenge = getRefinedValue(queries.get("code_challenge"))
   
-  if (clientId === undefined || clientId === null) {
+  if (clientId === undefined || clientId === null || clientId === "") {
     // login
     return null;
   } else {

web/src/backend/PaymentBackend.js

@@ -0,0 +1,56 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getPayments(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-payments?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function getPayment(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-payment?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function updatePayment(owner, name, payment) {
+  let newPayment = Setting.deepCopy(payment);
+  return fetch(`${Setting.ServerUrl}/api/update-payment?id=${owner}/${encodeURIComponent(name)}`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPayment),
+  }).then(res => res.json());
+}
+
+export function addPayment(payment) {
+  let newPayment = Setting.deepCopy(payment);
+  return fetch(`${Setting.ServerUrl}/api/add-payment`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPayment),
+  }).then(res => res.json());
+}
+
+export function deletePayment(payment) {
+  let newPayment = Setting.deepCopy(payment);
+  return fetch(`${Setting.ServerUrl}/api/delete-payment`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPayment),
+  }).then(res => res.json());
+}

web/src/locales/de/data.json

@@ -133,6 +133,7 @@
     "Password salt - Tooltip": "Random parameters used for password encryption",
     "Password type": "Passworttyp",
     "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
     "Permissions": "Berechtigungen",
     "Personal name": "Persönlicher Name",
     "Phone": "Telefon",
@@ -142,6 +143,7 @@
     "Preview": "Vorschau",
     "Preview - Tooltip": "The form in which the password is stored in the database",
     "Provider": "Anbieter",
+    "Provider - Tooltip": "Provider - Tooltip",
     "Providers": "Anbieter",
     "Providers - Tooltip": "List of third-party applications that can be used to log in",
     "Records": "Datensätze",
@@ -234,6 +236,15 @@
     "Website URL": "Website-URL",
     "Website URL - Tooltip": "Unique string-style identifier"
   },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
   "permission": {
     "Actions": "Aktionen",
     "Actions - Tooltip": "Aktionen - Tooltip",
@@ -247,6 +258,10 @@
   "provider": {
     "Access key": "Zugangsschlüssel",
     "Access key - Tooltip": "Zugriffsschlüssel - Tooltip",
+    "Agent ID": "Agent ID",
+    "Agent ID - Tooltip": "Agent ID - Tooltip",
+    "App ID": "App ID",
+    "App ID - Tooltip": "App ID - Tooltip",
     "Bucket": "Eimer",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Metadaten können nicht analysiert werden",
@@ -293,6 +308,8 @@
     "Region endpoint for Internet": "Region Endpunkt für Internet",
     "Region endpoint for Intranet": "Region Endpunkt für Intranet",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "SMS account": "SMS account",
+    "SMS account - Tooltip": "SMS account - Tooltip",
     "SP ACS URL": "SP-ACS-URL",
     "SP ACS URL - Tooltip": "SP ACS URL - Tooltip",
     "SP Entity ID": "SP Entity ID",
@@ -308,6 +325,8 @@
     "Signup HTML": "HTML registrieren",
     "Signup HTML - Edit": "HTML registrieren - Bearbeiten",
     "Signup HTML - Tooltip": "HTML registrieren - Tooltip",
+    "Sub type": "Sub type",
+    "Sub type - Tooltip": "Sub type - Tooltip",
     "Template Code": "Vorlagencode",
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Nutzungsbedingungen",

web/src/locales/en/data.json

@@ -133,6 +133,7 @@
     "Password salt - Tooltip": "Password salt - Tooltip",
     "Password type": "Password type",
     "Password type - Tooltip": "Password type - Tooltip",
+    "Payments": "Payments",
     "Permissions": "Permissions",
     "Personal name": "Personal name",
     "Phone": "Phone",
@@ -142,6 +143,7 @@
     "Preview": "Preview",
     "Preview - Tooltip": "Preview - Tooltip",
     "Provider": "Provider",
+    "Provider - Tooltip": "Provider - Tooltip",
     "Providers": "Providers",
     "Providers - Tooltip": "Providers - Tooltip",
     "Records": "Records",
@@ -234,6 +236,15 @@
     "Website URL": "Website URL",
     "Website URL - Tooltip": "Website URL - Tooltip"
   },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
   "permission": {
     "Actions": "Actions",
     "Actions - Tooltip": "Actions - Tooltip",
@@ -247,6 +258,10 @@
   "provider": {
     "Access key": "Access key",
     "Access key - Tooltip": "Access key - Tooltip",
+    "Agent ID": "Agent ID",
+    "Agent ID - Tooltip": "Agent ID - Tooltip",
+    "App ID": "App ID",
+    "App ID - Tooltip": "App ID - Tooltip",
     "Bucket": "Bucket",
     "Bucket - Tooltip": "Bucket - Tooltip",
     "Can not parse Metadata": "Can not parse Metadata",
@@ -293,6 +308,8 @@
     "Region endpoint for Internet": "Region endpoint for Internet",
     "Region endpoint for Intranet": "Region endpoint for Intranet",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "SMS account": "SMS account",
+    "SMS account - Tooltip": "SMS account - Tooltip",
     "SP ACS URL": "SP ACS URL",
     "SP ACS URL - Tooltip": "SP ACS URL - Tooltip",
     "SP Entity ID": "SP Entity ID",
@@ -308,6 +325,8 @@
     "Signup HTML": "Signup HTML",
     "Signup HTML - Edit": "Signup HTML - Edit",
     "Signup HTML - Tooltip": "Signup HTML - Tooltip",
+    "Sub type": "Sub type",
+    "Sub type - Tooltip": "Sub type - Tooltip",
     "Template Code": "Template Code",
     "Template Code - Tooltip": "Template Code - Tooltip",
     "Terms of Use": "Terms of Use",

web/src/locales/fr/data.json

@@ -133,6 +133,7 @@
     "Password salt - Tooltip": "Random parameters used for password encryption",
     "Password type": "Type de mot de passe",
     "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
     "Permissions": "Permissions",
     "Personal name": "Nom personnel",
     "Phone": "Téléphone",
@@ -142,6 +143,7 @@
     "Preview": "Aperçu",
     "Preview - Tooltip": "The form in which the password is stored in the database",
     "Provider": "Fournisseur",
+    "Provider - Tooltip": "Provider - Tooltip",
     "Providers": "Fournisseurs",
     "Providers - Tooltip": "List of third-party applications that can be used to log in",
     "Records": "Enregistrements",
@@ -234,6 +236,15 @@
     "Website URL": "URL du site web",
     "Website URL - Tooltip": "Unique string-style identifier"
   },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
   "permission": {
     "Actions": "Actions",
     "Actions - Tooltip": "Actions - Info-bulle",
@@ -247,6 +258,10 @@
   "provider": {
     "Access key": "Clé d'accès",
     "Access key - Tooltip": "Touche d'accès - Infobulle",
+    "Agent ID": "Agent ID",
+    "Agent ID - Tooltip": "Agent ID - Tooltip",
+    "App ID": "App ID",
+    "App ID - Tooltip": "App ID - Tooltip",
     "Bucket": "Seau",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Impossible d'analyser les métadonnées",
@@ -293,6 +308,8 @@
     "Region endpoint for Internet": "Point de terminaison de la région pour Internet",
     "Region endpoint for Intranet": "Point de terminaison de la région pour Intranet",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "SMS account": "SMS account",
+    "SMS account - Tooltip": "SMS account - Tooltip",
     "SP ACS URL": "URL du SP ACS",
     "SP ACS URL - Tooltip": "URL SP ACS - infobulle",
     "SP Entity ID": "ID de l'entité SP",
@@ -308,6 +325,8 @@
     "Signup HTML": "Inscription HTML",
     "Signup HTML - Edit": "Inscription HTML - Modifier",
     "Signup HTML - Tooltip": "Inscription HTML - infobulle",
+    "Sub type": "Sub type",
+    "Sub type - Tooltip": "Sub type - Tooltip",
     "Template Code": "Code du modèle",
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Conditions d'utilisation",

web/src/locales/ja/data.json

@@ -133,6 +133,7 @@
     "Password salt - Tooltip": "Random parameters used for password encryption",
     "Password type": "パスワードの種類",
     "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
     "Permissions": "アクセス許可",
     "Personal name": "個人名",
     "Phone": "電話番号",
@@ -142,6 +143,7 @@
     "Preview": "プレビュー",
     "Preview - Tooltip": "The form in which the password is stored in the database",
     "Provider": "プロバイダー",
+    "Provider - Tooltip": "Provider - Tooltip",
     "Providers": "プロバイダー",
     "Providers - Tooltip": "List of third-party applications that can be used to log in",
     "Records": "レコード",
@@ -234,6 +236,15 @@
     "Website URL": "Website URL",
     "Website URL - Tooltip": "Unique string-style identifier"
   },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
   "permission": {
     "Actions": "アクション",
     "Actions - Tooltip": "アクション → ツールチップ",
@@ -247,6 +258,10 @@
   "provider": {
     "Access key": "アクセスキー",
     "Access key - Tooltip": "アクセスキー → ツールチップ",
+    "Agent ID": "Agent ID",
+    "Agent ID - Tooltip": "Agent ID - Tooltip",
+    "App ID": "App ID",
+    "App ID - Tooltip": "App ID - Tooltip",
     "Bucket": "バケツ入りバケツ",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "メタデータをパースできません",
@@ -293,6 +308,8 @@
     "Region endpoint for Internet": "インターネットのリージョンエンドポイント",
     "Region endpoint for Intranet": "イントラネットのリージョンエンドポイント",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "SMS account": "SMS account",
+    "SMS account - Tooltip": "SMS account - Tooltip",
     "SP ACS URL": "SP ACS URL",
     "SP ACS URL - Tooltip": "SP ACS URL - ツールチップ",
     "SP Entity ID": "SP ID",
@@ -308,6 +325,8 @@
     "Signup HTML": "HTMLの登録",
     "Signup HTML - Edit": "HTMLの登録 - 編集",
     "Signup HTML - Tooltip": "サインアップ HTML - ツールチップ",
+    "Sub type": "Sub type",
+    "Sub type - Tooltip": "Sub type - Tooltip",
     "Template Code": "テンプレートコード",
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "利用規約",

web/src/locales/ko/data.json

@@ -133,6 +133,7 @@
     "Password salt - Tooltip": "Random parameters used for password encryption",
     "Password type": "Password type",
     "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
     "Permissions": "Permissions",
     "Personal name": "Personal name",
     "Phone": "Phone",
@@ -142,6 +143,7 @@
     "Preview": "Preview",
     "Preview - Tooltip": "The form in which the password is stored in the database",
     "Provider": "Provider",
+    "Provider - Tooltip": "Provider - Tooltip",
     "Providers": "Providers",
     "Providers - Tooltip": "List of third-party applications that can be used to log in",
     "Records": "Records",
@@ -234,6 +236,15 @@
     "Website URL": "Website URL",
     "Website URL - Tooltip": "Unique string-style identifier"
   },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
   "permission": {
     "Actions": "Actions",
     "Actions - Tooltip": "Actions - Tooltip",
@@ -247,6 +258,10 @@
   "provider": {
     "Access key": "Access key",
     "Access key - Tooltip": "Access key - Tooltip",
+    "Agent ID": "Agent ID",
+    "Agent ID - Tooltip": "Agent ID - Tooltip",
+    "App ID": "App ID",
+    "App ID - Tooltip": "App ID - Tooltip",
     "Bucket": "Bucket",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Can not parse Metadata",
@@ -293,6 +308,8 @@
     "Region endpoint for Internet": "Region endpoint for Internet",
     "Region endpoint for Intranet": "Region endpoint for Intranet",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "SMS account": "SMS account",
+    "SMS account - Tooltip": "SMS account - Tooltip",
     "SP ACS URL": "SP ACS URL",
     "SP ACS URL - Tooltip": "SP ACS URL - Tooltip",
     "SP Entity ID": "SP Entity ID",
@@ -308,6 +325,8 @@
     "Signup HTML": "Signup HTML",
     "Signup HTML - Edit": "Signup HTML - Edit",
     "Signup HTML - Tooltip": "Signup HTML - Tooltip",
+    "Sub type": "Sub type",
+    "Sub type - Tooltip": "Sub type - Tooltip",
     "Template Code": "Template Code",
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Terms of Use",

web/src/locales/ru/data.json

@@ -133,6 +133,7 @@
     "Password salt - Tooltip": "Random parameters used for password encryption",
     "Password type": "Тип пароля",
     "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
     "Permissions": "Права доступа",
     "Personal name": "Личное имя",
     "Phone": "Телефон",
@@ -142,6 +143,7 @@
     "Preview": "Предпросмотр",
     "Preview - Tooltip": "The form in which the password is stored in the database",
     "Provider": "Поставщик",
+    "Provider - Tooltip": "Provider - Tooltip",
     "Providers": "Поставщики",
     "Providers - Tooltip": "List of third-party applications that can be used to log in",
     "Records": "Отчеты",
@@ -234,6 +236,15 @@
     "Website URL": "URL сайта",
     "Website URL - Tooltip": "Unique string-style identifier"
   },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
   "permission": {
     "Actions": "Действия",
     "Actions - Tooltip": "Действия - Подсказка",
@@ -247,6 +258,10 @@
   "provider": {
     "Access key": "Ключ доступа",
     "Access key - Tooltip": "Ключ доступа - Подсказка",
+    "Agent ID": "Agent ID",
+    "Agent ID - Tooltip": "Agent ID - Tooltip",
+    "App ID": "App ID",
+    "App ID - Tooltip": "App ID - Tooltip",
     "Bucket": "Ведро",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Невозможно разобрать метаданные",
@@ -293,6 +308,8 @@
     "Region endpoint for Internet": "Конечная точка региона для Интернета",
     "Region endpoint for Intranet": "Конечная точка региона Интранета",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "SMS account": "SMS account",
+    "SMS account - Tooltip": "SMS account - Tooltip",
     "SP ACS URL": "SP ACS URL",
     "SP ACS URL - Tooltip": "SP ACS URL - Подсказка",
     "SP Entity ID": "Идентификатор сущности SP",
@@ -308,6 +325,8 @@
     "Signup HTML": "Регистрация HTML",
     "Signup HTML - Edit": "Регистрация HTML - Редактировать",
     "Signup HTML - Tooltip": "Регистрация HTML - Подсказка",
+    "Sub type": "Sub type",
+    "Sub type - Tooltip": "Sub type - Tooltip",
     "Template Code": "Код шаблона",
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Условия использования",

web/src/locales/zh/data.json

@@ -133,6 +133,7 @@
     "Password salt - Tooltip": "用于密码加密的随机参数",
     "Password type": "密码类型",
     "Password type - Tooltip": "密码在数据库中存储的形式",
+    "Payments": "付款",
     "Permissions": "权限",
     "Personal name": "姓名",
     "Phone": "手机号",
@@ -142,6 +143,7 @@
     "Preview": "预览",
     "Preview - Tooltip": "预览",
     "Provider": "提供商",
+    "Provider - Tooltip": "第三方登录需要配置的提供方",
     "Providers": "提供商",
     "Providers - Tooltip": "第三方登录需要配置的提供方",
     "Records": "日志",
@@ -234,6 +236,15 @@
     "Website URL": "网页地址",
     "Website URL - Tooltip": "网页地址"
   },
+  "payment": {
+    "Amount": "金额",
+    "Amount - Tooltip": "付款的金额",
+    "Currency": "币种",
+    "Currency - Tooltip": "如USD（美元），CNY（人民币）等",
+    "Edit Payment": "编辑付款",
+    "Good": "商品",
+    "Good - Tooltip": "购买的商品名称"
+  },
   "permission": {
     "Actions": "动作",
     "Actions - Tooltip": "授权的动作",
@@ -247,6 +258,10 @@
   "provider": {
     "Access key": "访问密钥",
     "Access key - Tooltip": "Access key",
+    "Agent ID": "Agent ID",
+    "Agent ID - Tooltip": "Agent ID - Tooltip",
+    "App ID": "App ID",
+    "App ID - Tooltip": "App ID - Tooltip",
     "Bucket": "存储桶",
     "Bucket - Tooltip": "Bucket名称",
     "Can not parse Metadata": "无法解析元数据",
@@ -293,6 +308,8 @@
     "Region endpoint for Internet": "地域节点 (外网)",
     "Region endpoint for Intranet": "地域节点 (内网)",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "SMS account": "SMS account",
+    "SMS account - Tooltip": "SMS account - Tooltip",
     "SP ACS URL": "SP ACS URL",
     "SP ACS URL - Tooltip": "SP ACS URL - 工具提示",
     "SP Entity ID": "SP 实体 ID",
@@ -308,6 +325,8 @@
     "Signup HTML": "注册 HTML",
     "Signup HTML - Edit": "注册 HTML - 编辑",
     "Signup HTML - Tooltip": "注册 HTML - 工具提示",
+    "Sub type": "子类型",
+    "Sub type - Tooltip": "子类型",
     "Template Code": "模板CODE",
     "Template Code - Tooltip": "模板CODE",
     "Terms of Use": "使用条款",