Merge pull request #7 from nodece/feat_application

feat: add application module
Merge pull request #6 from nodece/improve_user_style
2025-08-06 12:59:02 +08:00 · 2020-11-24 14:48:25 +00:00 · 2020-11-24 14:04:29 +00:00 · 2020-11-23 23:50:59 +08:00 · 2020-11-23 22:10:11 +08:00 · 2020-11-12 00:09:18 +08:00
464 changed files with 14329 additions and 87623 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1 +0,0 @@
-web/node_modules/
--- a/.env.template
+++ b/.env.template
@@ -0,0 +1,2 @@
+HTTP_PORT=:7000
+DB_DATABASE_SOURCE=root:123@tcp(localhost:3306)/casdoor
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +0,0 @@
-*.go linguist-detectable=true
-*.js linguist-detectable=false
-# Declare files that will always have LF line endings on checkout.
-# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
-*.sh text eol=lf
--- a/.github/semantic.yml
+++ b/.github/semantic.yml
@@ -1,12 +0,0 @@
-# Always validate the PR title AND all the commits
-titleAndCommits: true
-# Require at least one commit to be valid
-# this is only relevant when using commitsOnly: true or titleAndCommits: true,
-# which validate all commits by default
-anyCommit: true
-# Allow use of Merge commits (eg on github: "Merge branch 'master' into feature/ride-unicorns")
-# this is only relevant when using commitsOnly: true (or titleAndCommits: true)
-allowMergeCommits: false
-# Allow use of Revert commits (eg on github: "Revert "feat: ride unicorns"")
-# this is only relevant when using commitsOnly: true (or titleAndCommits: true)
-allowRevertCommits: false
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,207 +0,0 @@
-name: Build
-
-on: [push, pull_request]
-
-jobs:
-
-  go-tests:
-    name: Running Go tests
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-          image: mysql:5.7
-          env:
-            MYSQL_DATABASE: casdoor
-            MYSQL_ROOT_PASSWORD: 123456
-          ports:
-              - 3306:3306
-          options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: '^1.16.5'
-      - name: Tests
-        run: |
-          go test -v $(go list ./...) -tags skipCi
-        working-directory: ./
-
-  frontend:
-    name: Front-end
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 16
-      # cache
-      - uses: c-hive/gha-yarn-cache@v2
-        with:
-          directory: ./web
-      - run: yarn install && CI=false yarn run build
-        working-directory: ./web
-
-  backend:
-    name: Back-end
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: '^1.16.5'
-      - run: go version
-      - name: Build
-        run: |
-          go build -race -ldflags "-extldflags '-static'"
-        working-directory: ./
-
-  linter:
-    name: Go-Linter
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version: '^1.16.5'
-
-      # gen a dummy config file
-      - run: touch dummy.yml
-      
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: latest
-          args: --disable-all -c dummy.yml -E=gofumpt --max-same-issues=0 --timeout 5m --modules-download-mode=mod
-
-  e2e:
-    name: e2e-test
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    services:
-      mysql:
-          image: mysql:5.7
-          env:
-            MYSQL_DATABASE: casdoor
-            MYSQL_ROOT_PASSWORD: 123456
-          ports:
-              - 3306:3306
-          options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: '^1.16.5'
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 16    
-      - name: back start
-        run: nohup go run ./main.go &
-        working-directory: ./
-      - name: front install
-        run: yarn install
-        working-directory: ./web
-      - name: front start
-        run: nohup yarn start &
-        working-directory: ./web  
-      - uses: cypress-io/github-action@v4
-        with:
-          working-directory: ./web
-          wait-on: 'http://localhost:7001'
-          wait-on-timeout: 180
-
-      - uses: actions/upload-artifact@v3
-        if: failure()
-        with:
-          name: cypress-screenshots
-          path: ./web/cypress/screenshots
-      - uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: cypress-videos
-          path: ./web/cypress/videos    
-
-  release-and-push:
-    name: Release And Push
-    runs-on: ubuntu-latest
-    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
-    needs: [ frontend, backend, linter, e2e ]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js
-        uses: actions/setup-node@v2
-        with:
-          node-version: 16
-
-      - name: Fetch Previous version
-        id: get-previous-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1.6.0
-
-      - name: Release
-        run: yarn global add semantic-release@17.4.4 && semantic-release
-        env:
-          GH_TOKEN: ${{ secrets.GH_BOT_TOKEN }}
-
-      - name: Fetch Current version
-        id: get-current-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1.6.0
-
-      - name: Decide Should_Push Or Not
-        id: should_push
-        run: |
-          old_version=${{steps.get-previous-tag.outputs.tag}}
-          new_version=${{steps.get-current-tag.outputs.tag }}
-
-          old_array=(${old_version//\./ })
-          new_array=(${new_version//\./ })
-
-          if [ ${old_array[0]} != ${new_array[0]} ]
-          then 
-              echo ::set-output name=push::'true'
-          elif [ ${old_array[1]} != ${new_array[1]} ]
-          then 
-              echo ::set-output name=push::'true'
-              
-          else
-              echo ::set-output name=push::'false'
-              
-          fi
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          version: latest
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v1
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Push to Docker Hub
-        uses: docker/build-push-action@v3
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
-        with:
-          target: STANDARD
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
-
-      - name: Push All In One Version to Docker Hub
-        uses: docker/build-push-action@v3
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
-        with:
-          target: ALLINONE
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest
--- a/.github/workflows/migrate.yml
+++ b/.github/workflows/migrate.yml
@@ -1,61 +0,0 @@
-name: Migration Test
-
-on:
-  push:
-    paths:
-      - 'object/migrator**'
-  pull_request:
-    paths:
-      - 'object/migrator**'
-
-jobs:
-
-  db-migrator-test:
-    name: db-migrator-test
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_DATABASE: casdoor
-          MYSQL_ROOT_PASSWORD: 123456
-        ports:
-          - 3306:3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: '^1.16.5'
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 16
-      - name: pull casdoor-master-latest
-        run: |
-          sudo apt update
-          sudo apt install git
-          sudo apt install net-tools
-          sudo mkdir tmp
-          cd tmp
-          sudo git clone https://github.com/casdoor/casdoor.git
-          cd ..
-        working-directory: ./
-      - name: run casdoor-master-latest
-        run: |
-          sudo nohup go run main.go &
-          sudo sleep 2m
-        working-directory: ./tmp/casdoor
-      - name: stop casdoor-master-latest
-        run: |
-          sudo kill -9 `sudo netstat -anltp | grep 8000 | awk '{print $7}' | cut -d / -f 1`
-        working-directory: ./
-      - name: run casdoor-current-version
-        run: |
-          sudo nohup go run ./main.go &
-          sudo sleep 2m
-        working-directory: ./
-      - name: test port-8000
-        run: |
-          if [[ `sudo netstat -anltp | grep 8000 | awk '{print $7}'` == "" ]];then echo 'db-migrator-test fail' && exit 1;fi;
-          echo 'db-migrator-test pass'
-        working-directory: ./
--- a/.github/workflows/sync.yml
+++ b/.github/workflows/sync.yml
@@ -1,56 +0,0 @@
-name: Crowdin Action
-
-on:
-  push:
-    branches: [ master ]
-
-jobs:
-  synchronize-with-crowdin:
-    runs-on: ubuntu-latest
-    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
-    steps:
-
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: crowdin action
-      uses: crowdin/github-action@1.4.8
-      with:
-        upload_translations: true
-
-        download_translations: true
-        push_translations: true
-        commit_message: 'refactor: New Crowdin translations by Github Action'
-
-        localization_branch_name: l10n_crowdin_action
-        create_pull_request: true
-        pull_request_title: 'refactor: New Crowdin translations'
-
-        crowdin_branch_name: l10n_branch
-        config: './web/crowdin.yml'
-
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        CROWDIN_PROJECT_ID: '463556'
-        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
-
-    - name: crowdin backend action
-      uses: crowdin/github-action@1.4.8
-      with:
-        upload_translations: true
-
-        download_translations: true
-        push_translations: true
-        commit_message: 'refactor: New Crowdin Backend translations by Github Action'
-
-        localization_branch_name: l10n_crowdin_action
-        create_pull_request: true
-        pull_request_title: 'refactor: New Crowdin Backend translations'
-
-        crowdin_branch_name: l10n_branch
-        config: './crowdin.yml'
-
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        CROWDIN_PROJECT_ID: '463556'
-        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,6 @@
 *.dll
 *.so
 *.dylib
-*.swp

 # Test binary, built with `go test -c`
 *.test
@@ -13,20 +12,16 @@
 *.out

 # Dependency directories (remove the comment below to include it)
-vendor/
-bin/
+# vendor/

 .idea/
 *.iml
-.vscode/

 tmp/
 tmpFiles/
 *.tmp
 logs/
-files/
 lastupdate.tmp
 commentsRouter*.go

-# ignore build result
-casdoor
+.env
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,42 +0,0 @@
-linters:
-  disable-all: true
-  enable:
-    - deadcode
-    - dupl
-    - errcheck
-    - goconst
-    - gocyclo
-    - gofmt
-    - goimports
-    - gosec
-    - gosimple
-    - govet
-    - ineffassign
-    - lll
-    - misspell
-    - nakedret
-    - prealloc
-    - staticcheck
-    - structcheck
-    - typecheck
-    - unconvert
-    - unparam
-    - unused
-    - varcheck
-    - revive
-    - exportloopref
-run:
-  deadline: 5m
-  skip-dirs:
-    - api
-  # skip-files:
-  #   - ".*_test\\.go$"
-  modules-download-mode: mod
-# all available settings of specific linters
-linters-settings:
-  lll:
-    # max line length, lines longer will be reported. Default is 120.
-    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
-    line-length: 150
-    # tab width in spaces. Default to 1.
-    tab-width: 1
--- a/.releaserc.json
+++ b/.releaserc.json
@@ -1,23 +0,0 @@
-{
-  "debug": true,
-  "branches": [
-    "+([0-9])?(.{+([0-9]),x}).x",
-    "master",
-    {
-      "name": "rc"
-    },
-    {
-      "name": "beta",
-      "prerelease": true
-    },
-    {
-      "name": "alpha",
-      "prerelease": true
-    }
-  ],
-  "plugins": [
-    "@semantic-release/commit-analyzer",
-    "@semantic-release/release-notes-generator",
-    "@semantic-release/github"
-  ]
-}
--- a/67
+++ b/67
@@ -1,67 +0,0 @@
-FROM node:16.13.0 AS FRONT
-WORKDIR /web
-COPY ./web .
-RUN yarn config set registry https://registry.npmmirror.com
-RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build
-
-
-FROM golang:1.17.5 AS BACK
-WORKDIR /go/src/casdoor
-COPY . .
-RUN ./build.sh
-
-
-FROM alpine:latest AS STANDARD
-LABEL MAINTAINER="https://casdoor.org/"
-ARG USER=casdoor
-ARG TARGETOS
-ARG TARGETARCH
-ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
-
-RUN sed -i 's/https/http/' /etc/apk/repositories
-RUN apk add --update sudo
-RUN apk add curl
-RUN apk add ca-certificates && update-ca-certificates
-
-RUN adduser -D $USER -u 1000 \
-    && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
-    && chmod 0440 /etc/sudoers.d/$USER \
-    && mkdir logs \
-    && chown -R $USER:$USER logs
-
-USER 1000
-WORKDIR /
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
-
-ENTRYPOINT ["/server"]
-
-
-FROM debian:latest AS db
-RUN apt update \
-    && apt install -y \
-        mariadb-server \
-        mariadb-client \
-    && rm -rf /var/lib/apt/lists/*
-
-
-FROM db AS ALLINONE
-LABEL MAINTAINER="https://casdoor.org/"
-ARG TARGETOS
-ARG TARGETARCH
-ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
-
-RUN apt update
-RUN apt install -y ca-certificates && update-ca-certificates
-
-WORKDIR /
-COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
-COPY --from=BACK /go/src/casdoor/swagger ./swagger
-COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
-COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=FRONT /web/build ./web/build
-
-ENTRYPOINT ["/bin/bash"]
-CMD ["/docker-entrypoint.sh"]
--- a/113
+++ b/113
@@ -1,113 +0,0 @@
-
-# Image URL to use all building/pushing image targets
-REGISTRY ?= casbin
-IMG ?= casdoor
-IMG_TAG ?=$(shell git --no-pager log -1 --format="%ad" --date=format:"%Y%m%d")-$(shell git describe --tags --always --dirty --abbrev=6)
-NAMESPACE ?= casdoor
-APP ?= casdoor
-HOST ?= test.com
-
-
-# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
-ifeq (,$(shell go env GOBIN))
-GOBIN=$(shell go env GOPATH)/bin
-else
-GOBIN=$(shell go env GOBIN)
-endif
-
-# Setting SHELL to bash allows bash commands to be executed by recipes.
-# This is a requirement for 'setup-envtest.sh' in the test target.
-# Options are set to exit when a recipe line exits non-zero or a piped command fails.
-SHELL = /usr/bin/env bash -o pipefail
-.SHELLFLAGS = -ec
-
-.PHONY: all
-all: docker-build docker-push deploy
-
-##@ General
-
-# The help target prints out all targets with their descriptions organized
-# beneath their categories. The categories are represented by '##@' and the
-# target descriptions by '##'. The awk commands is responsible for reading the
-# entire set of makefiles included in this invocation, looking for lines of the
-# file as xyz: ## something, and then pretty-format the target and help. Then,
-# if there's a line with ##@ something, that gets pretty-printed as a category.
-# More info on the usage of ANSI control characters for terminal formatting:
-# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
-# More info on the awk command:
-# http://linuxcommand.org/lc3_adv_awk.php
-
-.PHONY: help
-help: ## Display this help.
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
-
-##@ Development
-
-.PHONY: fmt
-fmt: ## Run go fmt against code.
-	go fmt ./...
-
-.PHONY: vet
-vet: ## Run go vet against code.
-	go vet ./...
-
-.PHONY: ut
-ut: ## UT test
-	go test -v -cover -coverprofile=coverage.out ./...
-	go tool cover -func=coverage.out
-
-##@ Build
-
-.PHONY: backend
-backend: fmt vet ## Build backend binary.
-	go build -o bin/manager main.go
-
-.PHONY: backend-vendor
-backend-vendor: vendor fmt vet ## Build backend binary with vendor.
-	go build -mod=vendor -o bin/manager main.go
-
-.PHONY: frontend
-frontend: ## Build backend binary.
-	cd web/ && yarn && yarn run build && cd -
-
-.PHONY: vendor
-vendor: ## Update vendor.
-	go mod vendor
-
-.PHONY: run
-run: fmt vet ## Run backend in local 
-	go run ./main.go
-
-.PHONY: docker-build
-docker-build: ## Build docker image with the manager.
-	docker build -t ${REGISTRY}/${IMG}:${IMG_TAG} .
-
-.PHONY: docker-push
-docker-push: ## Push docker image with the manager.
-	docker push ${REGISTRY}/${IMG}:${IMG_TAG}
-
-lint-install: ## Install golangci-lint
-	@# The following installs a specific version of golangci-lint, which is appropriate for a CI server to avoid different results from build to build
-	go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1
-
-lint: ## Run golangci-lint
-	@echo "---lint---"
-	golangci-lint run --modules-download-mode=vendor ./...
-
-##@ Deployment
-
-.PHONY: deploy
-deploy:  ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	helm upgrade --install ${APP} manifests/casdoor --create-namespace --set ingress.enabled=true \
-	--set "ingress.hosts[0].host=${HOST},ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=ImplementationSpecific" \
-	--set image.tag=${IMG_TAG} --set image.repository=${REGISTRY} --set image.name=${IMG} --version ${IMG_TAG} -n ${NAMESPACE}
-
-.PHONY: dry-run
-dry-run: ## Dry run for helm install
-	helm upgrade --install ${APP} manifests/casdoor --set ingress.enabled=true \
-	--set "ingress.hosts[0].host=${HOST},ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=ImplementationSpecific" \
-	--set image.tag=${IMG_TAG} --set image.repository=${REGISTRY} --set image.name=${IMG} --version ${IMG_TAG} -n ${NAMESPACE} --dry-run
-
-.PHONY: undeploy
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	helm delete ${APP} -n ${NAMESPACE}
--- a/README.md
+++ b/README.md
@@ -1,88 +1,36 @@
-<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.</h3>
-<p align="center">
-  <a href="#badge">
-    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
-    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casbin/casdoor.svg">
-  </a>
-  <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
-    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
-  </a>
-</p>
-
-<p align="center">
-  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
-    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casbin/casdoor?style=flat-square" alt="license">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casbin/casdoor?style=flat-square">
-  </a>
-  <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casbin/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casbin/casdoor?style=flat-square">
-  </a>
-  <a href="https://crowdin.com/project/casdoor-site">
-    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
-  </a>
-  <a href="https://gitter.im/casbin/casdoor">
-    <img alt="Gitter" src="https://badges.gitter.im/casbin/casdoor.svg">
-  </a>
-</p>
-
-## Online demo
-
- Read-only site: https://door.casdoor.com (any modification operation will fail)
- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
-
-## Documentation
-
-https://casdoor.org
-
-## Install
-
- By source code: https://casdoor.org/docs/basic/server-installation
- By Docker: https://casdoor.org/docs/basic/try-with-docker
-
-## How to connect to Casdoor?
-
-https://casdoor.org/docs/how-to-connect/overview
-
-## Casdoor Public API
-
- Docs: https://casdoor.org/docs/basic/public-api
- Swagger: https://door.casdoor.com/swagger
-
-## Integrations
-
-https://casdoor.org/docs/category/integrations
-
-## How to contact?
-
- Gitter: https://gitter.im/casbin/casdoor
- Forum: https://forum.casbin.com
- Contact: https://tawk.to/chat/623352fea34c2456412b8c51/1fuc7od6e
-
-## Contribute
-
-For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
-
-### I18n translation
-
-If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
-
-## License
-
-[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
+# Casdoor
+
+## Development
+
+### Prerequisites
+
+Go (1.15 or later)
+MySQL (5.8 or higher)
+Node.js (version 8 or higher)
+Yarn
+
+### Initialize project
+
+Create a database named casdoor.
+
+```sql
+CREATE DATABASE IF NOT EXISTS casdoor default charset utf8 COLLATE utf8_general_ci
+```
+
+Configure database source in the `.env` file. If you have not copied the `.env.template` file to a new file named `.env`, which should now be performed.
+
+### Run project
+
+#### backend
+
+```shell
+go run cmd/main.go
+```
+
+### frontend
+
+```shell
+cd web
+yarn
+yarn start
+```
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,9 +0,0 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-We are grateful for security researchers and users reporting a vulnerability to us first. To ensure that your request is handled in a timely manner and we can keep users safe, please follow the below guidelines.
-
- **Please do not report security vulnerabilities directly on GitHub.**
-
- To report a vulnerability, please email [admin@casdoor.org](admin@casdoor.org).
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -1,178 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package authz
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/casbin/casbin/v2"
-	"github.com/casbin/casbin/v2/model"
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/object"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
-	stringadapter "github.com/qiangmzsx/string-adapter/v2"
-)
-
-var Enforcer *casbin.Enforcer
-
-func InitAuthz() {
-	var err error
-
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	driverName := conf.GetConfigString("driverName")
-	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
-	a, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, "casbin_rule", tableNamePrefix, true)
-	if err != nil {
-		panic(err)
-	}
-
-	modelText := `
-[request_definition]
-r = subOwner, subName, method, urlPath, objOwner, objName
-
-[policy_definition]
-p = subOwner, subName, method, urlPath, objOwner, objName
-
-[role_definition]
-g = _, _
-
-[policy_effect]
-e = some(where (p.eft == allow))
-
-[matchers]
-m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
-    (r.subName == p.subName || p.subName == "*" || r.subName != "anonymous" && p.subName == "!anonymous") && \
-    (r.method == p.method || p.method == "*") && \
-    (r.urlPath == p.urlPath || p.urlPath == "*") && \
-    (r.objOwner == p.objOwner || p.objOwner == "*") && \
-    (r.objName == p.objName || p.objName == "*") || \
-    (r.subOwner == r.objOwner && r.subName == r.objName)
-`
-
-	m, err := model.NewModelFromString(modelText)
-	if err != nil {
-		panic(err)
-	}
-
-	Enforcer, err = casbin.NewEnforcer(m, a)
-	if err != nil {
-		panic(err)
-	}
-
-	Enforcer.ClearPolicy()
-
-	// if len(Enforcer.GetPolicy()) == 0 {
-	if true {
-		ruleText := `
-p, built-in, *, *, *, *, *
-p, app, *, *, *, *, *
-p, *, *, POST, /api/signup, *, *
-p, *, *, GET, /api/get-email-and-phone, *, *
-p, *, *, POST, /api/login, *, *
-p, *, *, GET, /api/get-app-login, *, *
-p, *, *, POST, /api/logout, *, *
-p, *, *, GET, /api/logout, *, *
-p, *, *, GET, /api/get-account, *, *
-p, *, *, GET, /api/userinfo, *, *
-p, *, *, POST, /api/webhook, *, *
-p, *, *, GET, /api/get-webhook-event, *, *
-p, *, *, *, /api/login/oauth, *, *
-p, *, *, GET, /api/get-application, *, *
-p, *, *, GET, /api/get-organization-applications, *, *
-p, *, *, GET, /api/get-user, *, *
-p, *, *, GET, /api/get-user-application, *, *
-p, *, *, GET, /api/get-resources, *, *
-p, *, *, GET, /api/get-records, *, *
-p, *, *, GET, /api/get-product, *, *
-p, *, *, POST, /api/buy-product, *, *
-p, *, *, GET, /api/get-payment, *, *
-p, *, *, POST, /api/update-payment, *, *
-p, *, *, POST, /api/invoice-payment, *, *
-p, *, *, POST, /api/notify-payment, *, *
-p, *, *, POST, /api/unlink, *, *
-p, *, *, POST, /api/set-password, *, *
-p, *, *, POST, /api/send-verification-code, *, *
-p, *, *, GET, /api/get-captcha, *, *
-p, *, *, POST, /api/verify-captcha, *, *
-p, *, *, POST, /api/reset-email-or-phone, *, *
-p, *, *, POST, /api/upload-resource, *, *
-p, *, *, GET, /.well-known/openid-configuration, *, *
-p, *, *, *, /.well-known/jwks, *, *
-p, *, *, GET, /api/get-saml-login, *, *
-p, *, *, POST, /api/acs, *, *
-p, *, *, GET, /api/saml/metadata, *, *
-p, *, *, *, /cas, *, *
-p, *, *, *, /api/webauthn, *, *
-p, *, *, GET, /api/get-release, *, *
-p, *, *, GET, /api/get-default-application, *, *
-`
-
-		sa := stringadapter.NewAdapter(ruleText)
-		// load all rules from string adapter to enforcer's memory
-		err := sa.LoadPolicy(Enforcer.GetModel())
-		if err != nil {
-			panic(err)
-		}
-
-		// save all rules from enforcer's memory to Xorm adapter (DB)
-		// same as:
-		// a.SavePolicy(Enforcer.GetModel())
-		err = Enforcer.SavePolicy()
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
-func IsAllowed(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
-	if conf.IsDemoMode() {
-		if !isAllowedInDemoMode(subOwner, subName, method, urlPath, objOwner, objName) {
-			return false
-		}
-	}
-
-	userId := fmt.Sprintf("%s/%s", subOwner, subName)
-	user := object.GetUser(userId)
-	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin" && subOwner == objName)) {
-		return true
-	}
-
-	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
-	if err != nil {
-		panic(err)
-	}
-
-	return res
-}
-
-func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
-	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
-			return true
-		} else if urlPath == "/api/update-user" {
-			// Allow ordinary users to update their own information
-			if subOwner == objOwner && subName == objName && !(subOwner == "built-in" && subName == "admin") {
-				return true
-			}
-			return false
-		} else {
-			return false
-		}
-	}
-
-	// If method equals GET
-	return true
-}
--- a/build.sh
+++ b/build.sh
@@ -1,12 +0,0 @@
-#!/bin/bash
-#try to connect to google to determine whether user need to use proxy
-curl www.google.com -o /dev/null --connect-timeout 5 2> /dev/null
-if [ $? == 0 ]
-then
-    echo "Successfully connected to Google, no need to use Go proxy"
-else
-    echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
-    export GOPROXY="https://goproxy.cn,direct"
-fi
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
-CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@@ -1,115 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/casdoor/casdoor/util"
-)
-
-const AliyunCaptchaVerifyUrl = "http://afs.aliyuncs.com"
-
-type captchaSuccessResponse struct {
-	Code int    `json:"Code"`
-	Msg  string `json:"Msg"`
-}
-
-type captchaFailResponse struct {
-	Code    string `json:"Code"`
-	Message string `json:"Message"`
-}
-
-type AliyunCaptchaProvider struct{}
-
-func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
-	captcha := &AliyunCaptchaProvider{}
-	return captcha
-}
-
-func contentEscape(str string) string {
-	str = strings.Replace(str, " ", "%20", -1)
-	str = url.QueryEscape(str)
-	return str
-}
-
-func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	pathData, err := url.ParseQuery(token)
-	if err != nil {
-		return false, err
-	}
-
-	pathData["Action"] = []string{"AuthenticateSig"}
-	pathData["Format"] = []string{"json"}
-	pathData["SignatureMethod"] = []string{"HMAC-SHA1"}
-	pathData["SignatureNonce"] = []string{strconv.FormatInt(time.Now().UnixNano(), 10)}
-	pathData["SignatureVersion"] = []string{"1.0"}
-	pathData["Timestamp"] = []string{time.Now().UTC().Format("2006-01-02T15:04:05Z")}
-	pathData["Version"] = []string{"2018-01-12"}
-
-	var keys []string
-	for k := range pathData {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-
-	sortQuery := ""
-	for _, k := range keys {
-		sortQuery += k + "=" + contentEscape(pathData[k][0]) + "&"
-	}
-	sortQuery = strings.TrimSuffix(sortQuery, "&")
-
-	stringToSign := fmt.Sprintf("GET&%s&%s", url.QueryEscape("/"), url.QueryEscape(sortQuery))
-
-	signature := util.GetHmacSha1(clientSecret+"&", stringToSign)
-
-	resp, err := http.Get(fmt.Sprintf("%s?%s&Signature=%s", AliyunCaptchaVerifyUrl, sortQuery, url.QueryEscape(signature)))
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	return handleCaptchaResponse(body)
-}
-
-func handleCaptchaResponse(body []byte) (bool, error) {
-	captchaResp := &captchaSuccessResponse{}
-	err := json.Unmarshal(body, captchaResp)
-	if err != nil {
-		captchaFailResp := &captchaFailResponse{}
-		err = json.Unmarshal(body, captchaFailResp)
-		if err != nil {
-			return false, err
-		}
-
-		return false, errors.New(captchaFailResp.Message)
-	}
-
-	return true, nil
-}
--- a/captcha/default.go
+++ b/captcha/default.go
@@ -1,28 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import "github.com/casdoor/casdoor/object"
-
-type DefaultCaptchaProvider struct{}
-
-func NewDefaultCaptchaProvider() *DefaultCaptchaProvider {
-	captcha := &DefaultCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	return object.VerifyCaptcha(clientSecret, token), nil
-}
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@@ -1,81 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/casdoor/casdoor/util"
-)
-
-const GEETESTCaptchaVerifyUrl = "http://gcaptcha4.geetest.com/validate"
-
-type GEETESTCaptchaProvider struct{}
-
-func NewGEETESTCaptchaProvider() *GEETESTCaptchaProvider {
-	captcha := &GEETESTCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	pathData, err := url.ParseQuery(token)
-	if err != nil {
-		return false, err
-	}
-
-	signToken := util.GetHmacSha256(clientSecret, pathData["lot_number"][0])
-
-	formData := make(url.Values)
-	formData["lot_number"] = []string{pathData["lot_number"][0]}
-	formData["captcha_output"] = []string{pathData["captcha_output"][0]}
-	formData["pass_token"] = []string{pathData["pass_token"][0]}
-	formData["gen_time"] = []string{pathData["gen_time"][0]}
-	formData["sign_token"] = []string{signToken}
-	captchaId := pathData["captcha_id"][0]
-
-	cli := http.Client{Timeout: time.Second * 5}
-	resp, err := cli.PostForm(fmt.Sprintf("%s?captcha_id=%s", GEETESTCaptchaVerifyUrl, captchaId), formData)
-	if err != nil || resp.StatusCode != 200 {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Result string `json:"result"`
-		Reason string `json:"reason"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if captchaResp.Result == "success" {
-		return true, nil
-	}
-
-	return false, errors.New(captchaResp.Reason)
-}
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@@ -1,66 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-const HCaptchaVerifyUrl = "https://hcaptcha.com/siteverify"
-
-type HCaptchaProvider struct{}
-
-func NewHCaptchaProvider() *HCaptchaProvider {
-	captcha := &HCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	reqData := url.Values{
-		"secret":   {clientSecret},
-		"response": {token},
-	}
-	resp, err := http.PostForm(HCaptchaVerifyUrl, reqData)
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Success    bool     `json:"success"`
-		ErrorCodes []string `json:"error-codes"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if len(captchaResp.ErrorCodes) > 0 {
-		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
-	}
-
-	return captchaResp.Success, nil
-}
--- a/captcha/provider.go
+++ b/captcha/provider.go
@@ -1,49 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import "fmt"
-
-type CaptchaProvider interface {
-	VerifyCaptcha(token, clientSecret string) (bool, error)
-}
-
-func GetCaptchaProvider(captchaType string) CaptchaProvider {
-	switch captchaType {
-	case "Default":
-		return NewDefaultCaptchaProvider()
-	case "reCAPTCHA":
-		return NewReCaptchaProvider()
-	case "Aliyun Captcha":
-		return NewAliyunCaptchaProvider()
-	case "hCaptcha":
-		return NewHCaptchaProvider()
-	case "GEETEST":
-		return NewGEETESTCaptchaProvider()
-	case "Cloudflare Turnstile":
-		return NewCloudflareTurnstileProvider()
-	}
-
-	return nil
-}
-
-func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
-	provider := GetCaptchaProvider(captchaType)
-	if provider == nil {
-		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
-	}
-
-	return provider.VerifyCaptcha(token, clientSecret)
-}
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@@ -1,66 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-const ReCaptchaVerifyUrl = "https://recaptcha.net/recaptcha/api/siteverify"
-
-type ReCaptchaProvider struct{}
-
-func NewReCaptchaProvider() *ReCaptchaProvider {
-	captcha := &ReCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	reqData := url.Values{
-		"secret":   {clientSecret},
-		"response": {token},
-	}
-	resp, err := http.PostForm(ReCaptchaVerifyUrl, reqData)
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Success    bool     `json:"success"`
-		ErrorCodes []string `json:"error-codes"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if len(captchaResp.ErrorCodes) > 0 {
-		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
-	}
-
-	return captchaResp.Success, nil
-}
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@@ -1,66 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-const CloudflareTurnstileVerifyUrl = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
-
-type CloudflareTurnstileProvider struct{}
-
-func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
-	captcha := &CloudflareTurnstileProvider{}
-	return captcha
-}
-
-func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	reqData := url.Values{
-		"secret":   {clientSecret},
-		"response": {token},
-	}
-	resp, err := http.PostForm(CloudflareTurnstileVerifyUrl, reqData)
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Success    bool     `json:"success"`
-		ErrorCodes []string `json:"error-codes"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if len(captchaResp.ErrorCodes) > 0 {
-		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
-	}
-
-	return captchaResp.Success, nil
-}
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -0,0 +1,68 @@
+// Copyright 2020 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"context"
+	"log"
+	"net/http"
+	"os"
+	"os/signal"
+	"time"
+
+	"github.com/casdoor/casdoor/internal/config"
+	"github.com/casdoor/casdoor/internal/handler"
+	"github.com/casdoor/casdoor/internal/store"
+	"github.com/casdoor/casdoor/internal/store/shared"
+)
+
+func main() {
+	cfg, err := config.NewConfig()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	db, err := shared.NewDB(cfg)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	userStore := store.NewUserStore(db)
+	applicationStore := store.NewApplicationStore(db)
+
+	srv := &http.Server{
+		Addr:    cfg.HTTPPort,
+		Handler: handler.New(userStore, applicationStore),
+	}
+
+	go func() {
+		log.Printf("listen and serve on %s", srv.Addr)
+		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			log.Fatalf("listen: %s\n", err)
+		}
+	}()
+
+	quit := make(chan os.Signal)
+	signal.Notify(quit, os.Interrupt)
+	<-quit
+	log.Println("Shutdown Server ...")
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	if err := srv.Shutdown(ctx); err != nil {
+		log.Fatal("Server Shutdown:", err)
+	}
+	log.Println("Server exiting")
+}
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -1,24 +0,0 @@
-appname = casdoor
-httpport = 8000
-runmode = dev
-copyrequestbody = true
-driverName = mysql
-dataSourceName = root:123456@tcp(localhost:3306)/
-dbName = casdoor
-tableNamePrefix =
-showSql = false
-redisEndpoint =
-defaultStorageProvider = 
-isCloudIntranet = false
-authState = "casdoor"
-socks5Proxy = "127.0.0.1:10808"
-verificationCodeTimeout = 10
-initScore = 2000
-logPostOnly = true
-origin =
-staticBaseUrl = "https://cdn.casbin.org"
-isDemoMode = false
-batchSize = 100
-ldapServerPort = 389
-languages = en,zh,es,fr,de,ja,ko,ru,vi
-quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -1,149 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package conf
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"runtime"
-	"strconv"
-	"strings"
-
-	"github.com/beego/beego"
-)
-
-type Quota struct {
-	Organization int `json:"organization"`
-	User         int `json:"user"`
-	Application  int `json:"application"`
-	Provider     int `json:"provider"`
-}
-
-var quota = &Quota{-1, -1, -1, -1}
-
-func init() {
-	// this array contains the beego configuration items that may be modified via env
-	presetConfigItems := []string{"httpport", "appname"}
-	for _, key := range presetConfigItems {
-		if value, ok := os.LookupEnv(key); ok {
-			err := beego.AppConfig.Set(key, value)
-			if err != nil {
-				panic(err)
-			}
-		}
-	}
-	initQuota()
-}
-
-func initQuota() {
-	res := beego.AppConfig.String("quota")
-	if res != "" {
-		err := json.Unmarshal([]byte(res), quota)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
-func GetConfigString(key string) string {
-	if value, ok := os.LookupEnv(key); ok {
-		return value
-	}
-
-	res := beego.AppConfig.String(key)
-	if res == "" {
-		if key == "staticBaseUrl" {
-			res = "https://cdn.casbin.org"
-		}
-	}
-
-	return res
-}
-
-func GetConfigBool(key string) (bool, error) {
-	value := GetConfigString(key)
-	if value == "true" {
-		return true, nil
-	} else if value == "false" {
-		return false, nil
-	}
-	return false, fmt.Errorf("value %s cannot be converted into bool", value)
-}
-
-func GetConfigInt64(key string) (int64, error) {
-	value := GetConfigString(key)
-	num, err := strconv.ParseInt(value, 10, 64)
-	return num, err
-}
-
-func GetConfigDataSourceName() string {
-	dataSourceName := GetConfigString("dataSourceName")
-
-	runningInDocker := os.Getenv("RUNNING_IN_DOCKER")
-	if runningInDocker == "true" {
-		// https://stackoverflow.com/questions/48546124/what-is-linux-equivalent-of-host-docker-internal
-		if runtime.GOOS == "linux" {
-			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "172.17.0.1")
-		} else {
-			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "host.docker.internal")
-		}
-	}
-
-	return dataSourceName
-}
-
-func GetLanguage(language string) string {
-	if language == "" || language == "*" {
-		return "en"
-	}
-
-	if len(language) < 2 {
-		return "en"
-	}
-
-	language = language[0:2]
-	if strings.Contains(GetConfigString("languages"), language) {
-		return language
-	} else {
-		return "en"
-	}
-}
-
-func IsDemoMode() bool {
-	return strings.ToLower(GetConfigString("isDemoMode")) == "true"
-}
-
-func GetConfigBatchSize() int {
-	res, err := strconv.Atoi(GetConfigString("batchSize"))
-	if err != nil {
-		res = 100
-	}
-	return res
-}
-
-func GetConfigQuota() *Quota {
-	return quota
-}
-
-func GetConfigRealDataSourceName(driverName string) string {
-	var dataSourceName string
-	if driverName != "mysql" {
-		dataSourceName = GetConfigDataSourceName()
-	} else {
-		dataSourceName = GetConfigDataSourceName() + GetConfigString("dbName")
-	}
-	return dataSourceName
-}
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@@ -1,111 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package conf
-
-import (
-	"os"
-	"testing"
-
-	"github.com/beego/beego"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetConfString(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       string
-		expected    interface{}
-	}{
-		{"Should be return casbin", "appname", "casbin"},
-		{"Should be return 8000", "httpport", "8000"},
-		{"Should be return  value", "key", "value"},
-	}
-
-	// do some set up job
-
-	os.Setenv("appname", "casbin")
-	os.Setenv("key", "value")
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetConfigString(scenery.input)
-			assert.Equal(t, scenery.expected, actual)
-		})
-	}
-}
-
-func TestGetConfInt(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       string
-		expected    interface{}
-	}{
-		{"Should be return 8000", "httpport", 8001},
-		{"Should be return 8000", "verificationCodeTimeout", 10},
-	}
-
-	// do some set up job
-	os.Setenv("httpport", "8001")
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual, err := GetConfigInt64(scenery.input)
-			assert.Nil(t, err)
-			assert.Equal(t, scenery.expected, int(actual))
-		})
-	}
-}
-
-func TestGetConfBool(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       string
-		expected    interface{}
-	}{
-		{"Should be return false", "copyrequestbody", true},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual, err := GetConfigBool(scenery.input)
-			assert.Nil(t, err)
-			assert.Equal(t, scenery.expected, actual)
-		})
-	}
-}
-
-func TestGetConfigQuota(t *testing.T) {
-	scenarios := []struct {
-		description string
-		expected    *Quota
-	}{
-		{"default", &Quota{-1, -1, -1, -1}},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		quota := GetConfigQuota()
-		assert.Equal(t, scenery.expected, quota)
-	}
-}
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -1,400 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-const (
-	ResponseTypeLogin   = "login"
-	ResponseTypeCode    = "code"
-	ResponseTypeToken   = "token"
-	ResponseTypeIdToken = "id_token"
-	ResponseTypeSaml    = "saml"
-	ResponseTypeCas     = "cas"
-)
-
-type RequestForm struct {
-	Type string `json:"type"`
-
-	Organization string `json:"organization"`
-	Username     string `json:"username"`
-	Password     string `json:"password"`
-	Name         string `json:"name"`
-	FirstName    string `json:"firstName"`
-	LastName     string `json:"lastName"`
-	Email        string `json:"email"`
-	Phone        string `json:"phone"`
-	Affiliation  string `json:"affiliation"`
-	IdCard       string `json:"idCard"`
-	Region       string `json:"region"`
-
-	Application string `json:"application"`
-	Provider    string `json:"provider"`
-	Code        string `json:"code"`
-	State       string `json:"state"`
-	RedirectUri string `json:"redirectUri"`
-	Method      string `json:"method"`
-
-	EmailCode   string `json:"emailCode"`
-	PhoneCode   string `json:"phoneCode"`
-	CountryCode string `json:"countryCode"`
-
-	AutoSignin bool `json:"autoSignin"`
-
-	RelayState   string `json:"relayState"`
-	SamlRequest  string `json:"samlRequest"`
-	SamlResponse string `json:"samlResponse"`
-
-	CaptchaType  string `json:"captchaType"`
-	CaptchaToken string `json:"captchaToken"`
-	ClientSecret string `json:"clientSecret"`
-}
-
-type Response struct {
-	Status string      `json:"status"`
-	Msg    string      `json:"msg"`
-	Sub    string      `json:"sub"`
-	Name   string      `json:"name"`
-	Data   interface{} `json:"data"`
-	Data2  interface{} `json:"data2"`
-}
-
-type Captcha struct {
-	Type          string `json:"type"`
-	AppKey        string `json:"appKey"`
-	Scene         string `json:"scene"`
-	CaptchaId     string `json:"captchaId"`
-	CaptchaImage  []byte `json:"captchaImage"`
-	ClientId      string `json:"clientId"`
-	ClientSecret  string `json:"clientSecret"`
-	ClientId2     string `json:"clientId2"`
-	ClientSecret2 string `json:"clientSecret2"`
-	SubType       string `json:"subType"`
-}
-
-// Signup
-// @Tag Login API
-// @Title Signup
-// @Description sign up a new user
-// @Param   username     formData    string  true        "The username to sign up"
-// @Param   password     formData    string  true        "The password"
-// @Success 200 {object} controllers.Response The Response object
-// @router /signup [post]
-func (c *ApiController) Signup() {
-	if c.GetSessionUsername() != "" {
-		c.ResponseError(c.T("account:Please sign out first before signing up"), c.GetSessionUsername())
-		return
-	}
-
-	var form RequestForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
-	if !application.EnableSignUp {
-		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
-		return
-	}
-
-	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", form.Organization))
-	msg := object.CheckUserSignup(application, organization, form.Username, form.Password, form.Name, form.FirstName, form.LastName, form.Email, form.Phone, form.CountryCode, form.Affiliation, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && form.Email != "" {
-		checkResult := object.CheckVerificationCode(form.Email, form.EmailCode, c.GetAcceptLanguage())
-		if len(checkResult) != 0 {
-			c.ResponseError(c.T("account:Email: %s"), checkResult)
-			return
-		}
-	}
-
-	var checkPhone string
-	if application.IsSignupItemVisible("Phone") && form.Phone != "" {
-		checkPhone, _ = util.GetE164Number(form.Phone, form.CountryCode)
-		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode, c.GetAcceptLanguage())
-		if len(checkResult) != 0 {
-			c.ResponseError(c.T("account:Phone: %s"), checkResult)
-			return
-		}
-	}
-
-	id := util.GenerateId()
-	if application.GetSignupItemRule("ID") == "Incremental" {
-		lastUser := object.GetLastUser(form.Organization)
-
-		lastIdInt := -1
-		if lastUser != nil {
-			lastIdInt = util.ParseInt(lastUser.Id)
-		}
-
-		id = strconv.Itoa(lastIdInt + 1)
-	}
-
-	username := form.Username
-	if !application.IsSignupItemVisible("Username") {
-		username = id
-	}
-
-	initScore, err := getInitScore(organization)
-	if err != nil {
-		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
-		return
-	}
-
-	user := &object.User{
-		Owner:             form.Organization,
-		Name:              username,
-		CreatedTime:       util.GetCurrentTime(),
-		Id:                id,
-		Type:              "normal-user",
-		Password:          form.Password,
-		DisplayName:       form.Name,
-		Avatar:            organization.DefaultAvatar,
-		Email:             form.Email,
-		Phone:             form.Phone,
-		CountryCode:       form.CountryCode,
-		Address:           []string{},
-		Affiliation:       form.Affiliation,
-		IdCard:            form.IdCard,
-		Region:            form.Region,
-		Score:             initScore,
-		IsAdmin:           false,
-		IsGlobalAdmin:     false,
-		IsForbidden:       false,
-		IsDeleted:         false,
-		SignupApplication: application.Name,
-		Properties:        map[string]string{},
-		Karma:             0,
-	}
-
-	if len(organization.Tags) > 0 {
-		tokens := strings.Split(organization.Tags[0], "|")
-		if len(tokens) > 0 {
-			user.Tag = tokens[0]
-		}
-	}
-
-	if application.GetSignupItemRule("Display name") == "First, last" {
-		if form.FirstName != "" || form.LastName != "" {
-			user.DisplayName = fmt.Sprintf("%s %s", form.FirstName, form.LastName)
-			user.FirstName = form.FirstName
-			user.LastName = form.LastName
-		}
-	}
-
-	affected := object.AddUser(user)
-	if !affected {
-		c.ResponseError(c.T("account:Invalid information"), util.StructToJson(user))
-		return
-	}
-
-	object.AddUserToOriginalDatabase(user)
-
-	if application.HasPromptPage() {
-		// The prompt page needs the user to be signed in
-		c.SetSessionUsername(user.GetId())
-	}
-
-	object.DisableVerificationCode(form.Email)
-	object.DisableVerificationCode(checkPhone)
-
-	record := object.NewRecord(c.Ctx)
-	record.Organization = application.Organization
-	record.User = user.Name
-	util.SafeGoroutine(func() { object.AddRecord(record) })
-
-	userId := user.GetId()
-	util.LogInfo(c.Ctx, "API: [%s] is signed up as new user", userId)
-
-	c.ResponseOk(userId)
-}
-
-// Logout
-// @Title Logout
-// @Tag Login API
-// @Description logout the current user
-// @Param   id_token_hint   query        string  false        "id_token_hint"
-// @Param   post_logout_redirect_uri    query    string  false     "post_logout_redirect_uri"
-// @Param   state     query    string  false     "state"
-// @Success 200 {object} controllers.Response The Response object
-// @router /logout [get,post]
-func (c *ApiController) Logout() {
-	user := c.GetSessionUsername()
-
-	// https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html
-	accessToken := c.Input().Get("id_token_hint")
-	redirectUri := c.Input().Get("post_logout_redirect_uri")
-	state := c.Input().Get("state")
-
-	if accessToken == "" && redirectUri == "" {
-		c.ClearUserSession()
-		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-		owner, username := util.GetOwnerAndNameFromId(user)
-
-		object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-		application := c.GetSessionApplication()
-		if application == nil || application.Name == "app-built-in" || application.HomepageUrl == "" {
-			c.ResponseOk(user)
-			return
-		}
-		c.ResponseOk(user, application.HomepageUrl)
-		return
-	} else {
-		if redirectUri == "" {
-			c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
-			return
-		}
-		if accessToken == "" {
-			c.ResponseError(c.T("general:Missing parameter") + ": id_token_hint")
-			return
-		}
-
-		affected, application, token := object.ExpireTokenByAccessToken(accessToken)
-		if !affected {
-			c.ResponseError(c.T("token:Token not found, invalid accessToken"))
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist")), token.Application)
-			return
-		}
-
-		if application.IsRedirectUriValid(redirectUri) {
-			if user == "" {
-				user = util.GetId(token.Organization, token.User)
-			}
-
-			c.ClearUserSession()
-			// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-			owner, username := util.GetOwnerAndNameFromId(user)
-
-			object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-			util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-			c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
-		} else {
-			c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
-			return
-		}
-	}
-}
-
-// GetAccount
-// @Title GetAccount
-// @Tag Account API
-// @Description get the details of the current account
-// @Success 200 {object} controllers.Response The Response object
-// @router /get-account [get]
-func (c *ApiController) GetAccount() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	managedAccounts := c.Input().Get("managedAccounts")
-	if managedAccounts == "1" {
-		user = object.ExtendManagedAccountsWithUser(user)
-	}
-
-	object.ExtendUserWithRolesAndPermissions(user)
-
-	user.Permissions = object.GetMaskedPermissions(user.Permissions)
-	user.Roles = object.GetMaskedRoles(user.Roles)
-
-	organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
-	resp := Response{
-		Status: "ok",
-		Sub:    user.Id,
-		Name:   user.Name,
-		Data:   object.GetMaskedUser(user),
-		Data2:  organization,
-	}
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-// GetUserinfo
-// UserInfo
-// @Title UserInfo
-// @Tag Account API
-// @Description return user information according to OIDC standards
-// @Success 200 {object} object.Userinfo The Response object
-// @router /userinfo [get]
-func (c *ApiController) GetUserinfo() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	scope, aud := c.GetSessionOidc()
-	host := c.Ctx.Request.Host
-	userInfo := object.GetUserInfo(user, scope, aud, host)
-
-	c.Data["json"] = userInfo
-	c.ServeJSON()
-}
-
-// GetCaptcha ...
-// @Tag Login API
-// @Title GetCaptcha
-// @router /api/get-captcha [get]
-func (c *ApiController) GetCaptcha() {
-	applicationId := c.Input().Get("applicationId")
-	isCurrentProvider := c.Input().Get("isCurrentProvider")
-
-	captchaProvider, err := object.GetCaptchaProviderByApplication(applicationId, isCurrentProvider, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if captchaProvider != nil {
-		if captchaProvider.Type == "Default" {
-			id, img := object.GetCaptcha()
-			c.ResponseOk(Captcha{Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
-			return
-		} else if captchaProvider.Type != "" {
-			c.ResponseOk(Captcha{
-				Type:          captchaProvider.Type,
-				SubType:       captchaProvider.SubType,
-				ClientId:      captchaProvider.ClientId,
-				ClientSecret:  captchaProvider.ClientSecret,
-				ClientId2:     captchaProvider.ClientId2,
-				ClientSecret2: captchaProvider.ClientSecret2,
-			})
-			return
-		}
-	}
-
-	c.ResponseOk(Captcha{Type: "none"})
-}
--- a/controllers/application.go
+++ b/controllers/application.go
@@ -1,197 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetApplications
-// @Title GetApplications
-// @Tag Application API
-// @Description get all applications
-// @Param   owner     query    string  true        "The owner of applications."
-// @Success 200 {array} object.Application The Response object
-// @router /get-applications [get]
-func (c *ApiController) GetApplications() {
-	userId := c.GetSessionUsername()
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
-
-	if limit == "" || page == "" {
-		var applications []*object.Application
-		if organization == "" {
-			applications = object.GetApplications(owner)
-		} else {
-			applications = object.GetOrganizationApplications(owner, organization)
-		}
-
-		c.Data["json"] = object.GetMaskedApplications(applications, userId)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetApplicationCount(owner, field, value)))
-		applications := object.GetMaskedApplications(object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
-		c.ResponseOk(applications, paginator.Nums())
-	}
-}
-
-// GetApplication
-// @Title GetApplication
-// @Tag Application API
-// @Description get the detail of an application
-// @Param   id     query    string  true        "The id ( owner/name ) of the application."
-// @Success 200 {object} object.Application The Response object
-// @router /get-application [get]
-func (c *ApiController) GetApplication() {
-	userId := c.GetSessionUsername()
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetMaskedApplication(object.GetApplication(id), userId)
-	c.ServeJSON()
-}
-
-// GetUserApplication
-// @Title GetUserApplication
-// @Tag Application API
-// @Description get the detail of the user's application
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
-// @Success 200 {object} object.Application The Response object
-// @router /get-user-application [get]
-func (c *ApiController) GetUserApplication() {
-	userId := c.GetSessionUsername()
-	id := c.Input().Get("id")
-	user := object.GetUser(id)
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
-		return
-	}
-
-	c.Data["json"] = object.GetMaskedApplication(object.GetApplicationByUser(user), userId)
-	c.ServeJSON()
-}
-
-// GetOrganizationApplications
-// @Title GetOrganizationApplications
-// @Tag Application API
-// @Description get the detail of the organization's application
-// @Param   organization     query    string  true        "The organization name"
-// @Success 200 {array} object.Application The Response object
-// @router /get-organization-applications [get]
-func (c *ApiController) GetOrganizationApplications() {
-	userId := c.GetSessionUsername()
-	organization := c.Input().Get("organization")
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if organization == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": organization")
-		return
-	}
-
-	if limit == "" || page == "" {
-		var applications []*object.Application
-		applications = object.GetOrganizationApplications(owner, organization)
-		c.Data["json"] = object.GetMaskedApplications(applications, userId)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationApplicationCount(owner, organization, field, value)))
-		applications := object.GetMaskedApplications(object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
-		c.ResponseOk(applications, paginator.Nums())
-	}
-}
-
-// UpdateApplication
-// @Title UpdateApplication
-// @Tag Application API
-// @Description update an application
-// @Param   id     query    string  true        "The id ( owner/name ) of the application"
-// @Param   body    body   object.Application  true        "The details of the application"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-application [post]
-func (c *ApiController) UpdateApplication() {
-	id := c.Input().Get("id")
-
-	var application object.Application
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
-	c.ServeJSON()
-}
-
-// AddApplication
-// @Title AddApplication
-// @Tag Application API
-// @Description add an application
-// @Param   body    body   object.Application  true        "The details of the application"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-application [post]
-func (c *ApiController) AddApplication() {
-	var application object.Application
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count := object.GetApplicationCount("", "", "")
-	if err := checkQuotaForApplication(count); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddApplication(&application))
-	c.ServeJSON()
-}
-
-// DeleteApplication
-// @Title DeleteApplication
-// @Tag Application API
-// @Description delete an application
-// @Param   body    body   object.Application  true        "The details of the application"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-application [post]
-func (c *ApiController) DeleteApplication() {
-	var application object.Application
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteApplication(&application))
-	c.ServeJSON()
-}
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -1,624 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"encoding/xml"
-	"fmt"
-	"io/ioutil"
-	"net/url"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/casdoor/casdoor/captcha"
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/idp"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/proxy"
-	"github.com/casdoor/casdoor/util"
-	"github.com/google/uuid"
-)
-
-var (
-	wechatScanType string
-	lock           sync.RWMutex
-)
-
-func codeToResponse(code *object.Code) *Response {
-	if code.Code == "" {
-		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
-	}
-
-	return &Response{Status: "ok", Msg: "", Data: code.Code}
-}
-
-func tokenToResponse(token *object.Token) *Response {
-	if token.AccessToken == "" {
-		return &Response{Status: "error", Msg: "fail to get accessToken", Data: token.AccessToken}
-	}
-	return &Response{Status: "ok", Msg: "", Data: token.AccessToken, Data2: token.RefreshToken}
-}
-
-// HandleLoggedIn ...
-func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *RequestForm) (resp *Response) {
-	userId := user.GetId()
-
-	allowed, err := object.CheckAccessPermission(userId, application)
-	if err != nil {
-		c.ResponseError(err.Error(), nil)
-		return
-	}
-	if !allowed {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	if form.Type == ResponseTypeLogin {
-		c.SetSessionUsername(userId)
-		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-		resp = &Response{Status: "ok", Msg: "", Data: userId}
-	} else if form.Type == ResponseTypeCode {
-		clientId := c.Input().Get("clientId")
-		responseType := c.Input().Get("responseType")
-		redirectUri := c.Input().Get("redirectUri")
-		scope := c.Input().Get("scope")
-		state := c.Input().Get("state")
-		nonce := c.Input().Get("nonce")
-		challengeMethod := c.Input().Get("code_challenge_method")
-		codeChallenge := c.Input().Get("code_challenge")
-
-		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-			c.ResponseError(c.T("auth:Challenge method should be S256"))
-			return
-		}
-		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
-		resp = codeToResponse(code)
-
-		if application.EnableSigninSession || application.HasPromptPage() {
-			// The prompt page needs the user to be signed in
-			c.SetSessionUsername(userId)
-		}
-	} else if form.Type == ResponseTypeToken || form.Type == ResponseTypeIdToken { // implicit flow
-		if !object.IsGrantTypeValid(form.Type, application.GrantTypes) {
-			resp = &Response{Status: "error", Msg: fmt.Sprintf("error: grant_type: %s is not supported in this application", form.Type), Data: ""}
-		} else {
-			scope := c.Input().Get("scope")
-			token, _ := object.GetTokenByUser(application, user, scope, c.Ctx.Request.Host)
-			resp = tokenToResponse(token)
-		}
-	} else if form.Type == ResponseTypeSaml { // saml flow
-		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]string{"redirectUrl": redirectUrl, "method": method}}
-	} else if form.Type == ResponseTypeCas {
-		// not oauth but CAS SSO protocol
-		service := c.Input().Get("service")
-		resp = wrapErrorResponse(nil)
-		if service != "" {
-			st, err := object.GenerateCasToken(userId, service)
-			if err != nil {
-				resp = wrapErrorResponse(err)
-			} else {
-				resp.Data = st
-			}
-		}
-		if application.EnableSigninSession || application.HasPromptPage() {
-			// The prompt page needs the user to be signed in
-			c.SetSessionUsername(userId)
-		}
-
-	} else {
-		resp = wrapErrorResponse(fmt.Errorf("unknown response type: %s", form.Type))
-	}
-
-	// if user did not check auto signin
-	if resp.Status == "ok" && !form.AutoSignin {
-		timestamp := time.Now().Unix()
-		timestamp += 3600 * 24
-		c.SetSessionData(&SessionData{
-			ExpireTime: timestamp,
-		})
-	}
-
-	if resp.Status == "ok" && user.Owner == object.CasdoorOrganization && application.Name == object.CasdoorApplication {
-		object.AddSession(&object.Session{
-			Owner:       user.Owner,
-			Name:        user.Name,
-			Application: application.Name,
-			SessionId:   []string{c.Ctx.Input.CruSession.SessionID()},
-		})
-	}
-
-	return resp
-}
-
-// GetApplicationLogin ...
-// @Title GetApplicationLogin
-// @Tag Login API
-// @Description get application login
-// @Param   clientId    query    string  true        "client id"
-// @Param   responseType    query    string  true        "response type"
-// @Param   redirectUri    query    string  true        "redirect uri"
-// @Param   scope    query    string  true        "scope"
-// @Param   state    query    string  true        "state"
-// @Success 200 {object}  Response The Response object
-// @router /get-app-login [get]
-func (c *ApiController) GetApplicationLogin() {
-	clientId := c.Input().Get("clientId")
-	responseType := c.Input().Get("responseType")
-	redirectUri := c.Input().Get("redirectUri")
-	scope := c.Input().Get("scope")
-	state := c.Input().Get("state")
-
-	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
-	application = object.GetMaskedApplication(application, "")
-	if msg != "" {
-		c.ResponseError(msg, application)
-	} else {
-		c.ResponseOk(application)
-	}
-}
-
-func setHttpClient(idProvider idp.IdProvider, providerType string) {
-	if isProxyProviderType(providerType) {
-		idProvider.SetHttpClient(proxy.ProxyHttpClient)
-	} else {
-		idProvider.SetHttpClient(proxy.DefaultHttpClient)
-	}
-}
-
-func isProxyProviderType(providerType string) bool {
-	providerTypes := []string{
-		"GitHub",
-		"Google",
-		"Facebook",
-		"LinkedIn",
-		"Steam",
-		"Line",
-		"Amazon",
-		"Instagram",
-		"TikTok",
-		"Twitter",
-		"Uber",
-		"Yahoo",
-	}
-	for _, v := range providerTypes {
-		if strings.EqualFold(v, providerType) {
-			return true
-		}
-	}
-	return false
-}
-
-// Login ...
-// @Title Login
-// @Tag Login API
-// @Description login
-// @Param clientId        query    string  true clientId
-// @Param responseType    query    string  true responseType
-// @Param redirectUri     query    string  true redirectUri
-// @Param scope     query    string  false  scope
-// @Param state     query    string  false  state
-// @Param nonce     query    string  false nonce
-// @Param code_challenge_method   query    string  false code_challenge_method
-// @Param code_challenge          query    string  false code_challenge
-// @Param   form   body   controllers.RequestForm  true        "Login information"
-// @Success 200 {object} Response The Response object
-// @router /login [post]
-func (c *ApiController) Login() {
-	resp := &Response{}
-
-	var form RequestForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if form.Username != "" {
-		if form.Type == ResponseTypeLogin {
-			if c.GetSessionUsername() != "" {
-				c.ResponseError(c.T("account:Please sign out first before signing in"), c.GetSessionUsername())
-				return
-			}
-		}
-
-		var user *object.User
-		var msg string
-
-		if form.Password == "" {
-			var verificationCodeType string
-			var checkResult string
-
-			if form.Name != "" {
-				user = object.GetUserByFields(form.Organization, form.Name)
-			}
-
-			// check result through Email or Phone
-			var checkDest string
-			if strings.Contains(form.Username, "@") {
-				verificationCodeType = "email"
-				if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
-					form.Username = user.Email
-				}
-				checkDest = form.Username
-			} else {
-				verificationCodeType = "phone"
-				if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
-					form.Username = user.Phone
-				}
-			}
-
-			if user = object.GetUserByFields(form.Organization, form.Username); user == nil {
-				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
-				return
-			}
-			if verificationCodeType == "phone" {
-				form.CountryCode = user.GetCountryCode(form.CountryCode)
-				var ok bool
-				if checkDest, ok = util.GetE164Number(form.Username, form.CountryCode); !ok {
-					c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), form.CountryCode))
-					return
-				}
-			}
-
-			checkResult = object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
-			if len(checkResult) != 0 {
-				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, checkResult))
-				return
-			}
-
-			// disable the verification code
-			object.DisableVerificationCode(checkDest)
-		} else {
-			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
-			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
-				return
-			}
-			if !application.EnablePassword {
-				c.ResponseError(c.T("auth:The login method: login with password is not enabled for the application"))
-				return
-			}
-
-			if object.CheckToEnableCaptcha(application) {
-				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-
-				if !isHuman {
-					c.ResponseError(c.T("auth:Turing test failed."))
-					return
-				}
-			}
-
-			password := form.Password
-			user, msg = object.CheckUserPassword(form.Organization, form.Username, password, c.GetAcceptLanguage())
-		}
-
-		if msg != "" {
-			resp = &Response{Status: "error", Msg: msg}
-		} else {
-			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
-			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
-				return
-			}
-
-			resp = c.HandleLoggedIn(application, user, &form)
-
-			record := object.NewRecord(c.Ctx)
-			record.Organization = application.Organization
-			record.User = user.Name
-			util.SafeGoroutine(func() { object.AddRecord(record) })
-		}
-	} else if form.Provider != "" {
-		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
-			return
-		}
-
-		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
-		provider := object.GetProvider(util.GetId("admin", form.Provider))
-		providerItem := application.GetProviderItem(provider.Name)
-		if !providerItem.IsProviderVisible() {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s is not enabled for the application"), provider.Name))
-			return
-		}
-
-		userInfo := &idp.UserInfo{}
-		if provider.Category == "SAML" {
-			// SAML
-			userInfo.Id, err = object.ParseSamlResponse(form.SamlResponse, provider.Type)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		} else if provider.Category == "OAuth" {
-			// OAuth
-
-			clientId := provider.ClientId
-			clientSecret := provider.ClientSecret
-			if provider.Type == "WeChat" && strings.Contains(c.Ctx.Request.UserAgent(), "MicroMessenger") {
-				clientId = provider.ClientId2
-				clientSecret = provider.ClientSecret2
-			}
-
-			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
-			if idProvider == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The provider type: %s is not supported"), provider.Type))
-				return
-			}
-
-			setHttpClient(idProvider, provider.Type)
-
-			if form.State != conf.GetConfigString("authState") && form.State != application.Name {
-				c.ResponseError(fmt.Sprintf(c.T("auth:State expected: %s, but got: %s"), conf.GetConfigString("authState"), form.State))
-				return
-			}
-
-			// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
-			token, err := idProvider.GetToken(form.Code)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			if !token.Valid() {
-				c.ResponseError(c.T("auth:Invalid token"))
-				return
-			}
-
-			userInfo, err = idProvider.GetUserInfo(token)
-			if err != nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:Failed to login in: %s"), err.Error()))
-				return
-			}
-		}
-
-		if form.Method == "signup" {
-			user := &object.User{}
-			if provider.Category == "SAML" {
-				user = object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Id))
-			} else if provider.Category == "OAuth" {
-				user = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-			}
-
-			if user != nil && !user.IsDeleted {
-				// Sign in via OAuth (want to sign up but already have account)
-
-				if user.IsForbidden {
-					c.ResponseError(c.T("auth:The user is forbidden to sign in, please contact the administrator"))
-				}
-
-				resp = c.HandleLoggedIn(application, user, &form)
-
-				record := object.NewRecord(c.Ctx)
-				record.Organization = application.Organization
-				record.User = user.Name
-				util.SafeGoroutine(func() { object.AddRecord(record) })
-			} else if provider.Category == "OAuth" {
-				// Sign up via OAuth
-				if !application.EnableSignUp {
-					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
-					return
-				}
-
-				if !providerItem.CanSignUp {
-					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
-					return
-				}
-
-				if application.EnableLinkWithEmail {
-					// find user that has the same email
-					user = object.GetUserByField(application.Organization, "email", userInfo.Email)
-				}
-
-				if user == nil || user.IsDeleted {
-					// Handle username conflicts
-					tmpUser := object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Username))
-					if tmpUser != nil {
-						uid, err := uuid.NewRandom()
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
-
-						uidStr := strings.Split(uid.String(), "-")
-						userInfo.Username = fmt.Sprintf("%s_%s", userInfo.Username, uidStr[1])
-					}
-
-					properties := map[string]string{}
-					properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
-					initScore, err := getInitScore(organization)
-					if err != nil {
-						c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
-						return
-					}
-
-					user = &object.User{
-						Owner:             application.Organization,
-						Name:              userInfo.Username,
-						CreatedTime:       util.GetCurrentTime(),
-						Id:                util.GenerateId(),
-						Type:              "normal-user",
-						DisplayName:       userInfo.DisplayName,
-						Avatar:            userInfo.AvatarUrl,
-						Address:           []string{},
-						Email:             userInfo.Email,
-						Score:             initScore,
-						IsAdmin:           false,
-						IsGlobalAdmin:     false,
-						IsForbidden:       false,
-						IsDeleted:         false,
-						SignupApplication: application.Name,
-						Properties:        properties,
-					}
-
-					affected := object.AddUser(user)
-					if !affected {
-						c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
-						return
-					}
-				}
-
-				// sync info from 3rd-party if possible
-				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-				object.LinkUserAccount(user, provider.Type, userInfo.Id)
-
-				resp = c.HandleLoggedIn(application, user, &form)
-
-				record := object.NewRecord(c.Ctx)
-				record.Organization = application.Organization
-				record.User = user.Name
-				util.SafeGoroutine(func() { object.AddRecord(record) })
-
-				record2 := object.NewRecord(c.Ctx)
-				record2.Action = "signup"
-				record2.Organization = application.Organization
-				record2.User = user.Name
-				util.SafeGoroutine(func() { object.AddRecord(record2) })
-			} else if provider.Category == "SAML" {
-				resp = &Response{Status: "error", Msg: fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id))}
-			}
-			// resp = &Response{Status: "ok", Msg: "", Data: res}
-		} else { // form.Method != "signup"
-			userId := c.GetSessionUsername()
-			if userId == "" {
-				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id)), userInfo)
-				return
-			}
-
-			oldUser := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-			if oldUser != nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)"), provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
-				return
-			}
-
-			user := object.GetUser(userId)
-
-			// sync info from 3rd-party if possible
-			object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-
-			isLinked := object.LinkUserAccount(user, provider.Type, userInfo.Id)
-			if isLinked {
-				resp = &Response{Status: "ok", Msg: "", Data: isLinked}
-			} else {
-				resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}
-			}
-		}
-	} else {
-		if c.GetSessionUsername() != "" {
-			// user already signed in to Casdoor, so let the user click the avatar button to do the quick sign-in
-			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
-			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
-				return
-			}
-
-			user := c.getCurrentUser()
-			resp = c.HandleLoggedIn(application, user, &form)
-
-			record := object.NewRecord(c.Ctx)
-			record.Organization = application.Organization
-			record.User = user.Name
-			util.SafeGoroutine(func() { object.AddRecord(record) })
-		} else {
-			c.ResponseError(fmt.Sprintf(c.T("auth:Unknown authentication type (not password or provider), form = %s"), util.StructToJson(form)))
-			return
-		}
-	}
-
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-func (c *ApiController) GetSamlLogin() {
-	providerId := c.Input().Get("id")
-	relayState := c.Input().Get("relayState")
-	authURL, method, err := object.GenerateSamlLoginUrl(providerId, relayState, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	c.ResponseOk(authURL, method)
-}
-
-func (c *ApiController) HandleSamlLogin() {
-	relayState := c.Input().Get("RelayState")
-	samlResponse := c.Input().Get("SAMLResponse")
-	decode, err := base64.StdEncoding.DecodeString(relayState)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	slice := strings.Split(string(decode), "&")
-	relayState = url.QueryEscape(relayState)
-	samlResponse = url.QueryEscape(samlResponse)
-	targetUrl := fmt.Sprintf("%s?relayState=%s&samlResponse=%s",
-		slice[4], relayState, samlResponse)
-	c.Redirect(targetUrl, 303)
-}
-
-// HandleOfficialAccountEvent ...
-// @Tag HandleOfficialAccountEvent API
-// @Title HandleOfficialAccountEvent
-// @router /api/webhook [POST]
-func (c *ApiController) HandleOfficialAccountEvent() {
-	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	var data struct {
-		MsgType  string `xml:"MsgType"`
-		Event    string `xml:"Event"`
-		EventKey string `xml:"EventKey"`
-	}
-	err = xml.Unmarshal(respBytes, &data)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	lock.Lock()
-	defer lock.Unlock()
-	if data.EventKey != "" {
-		wechatScanType = data.Event
-		c.Ctx.WriteString("")
-	}
-}
-
-// GetWebhookEventType ...
-// @Tag GetWebhookEventType API
-// @Title GetWebhookEventType
-// @router /api/get-webhook-event [GET]
-func (c *ApiController) GetWebhookEventType() {
-	lock.Lock()
-	defer lock.Unlock()
-	resp := &Response{
-		Status: "ok",
-		Msg:    "",
-		Data:   wechatScanType,
-	}
-	c.Data["json"] = resp
-	wechatScanType = ""
-	c.ServeJSON()
-}
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -1,159 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"strings"
-	"time"
-
-	"github.com/beego/beego"
-	"github.com/beego/beego/logs"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// ApiController
-// controller for handlers under /api uri
-type ApiController struct {
-	beego.Controller
-}
-
-// RootController
-// controller for handlers directly under / (root)
-type RootController struct {
-	ApiController
-}
-
-type SessionData struct {
-	ExpireTime int64
-}
-
-func (c *ApiController) IsGlobalAdmin() bool {
-	username := c.GetSessionUsername()
-	if strings.HasPrefix(username, "app/") {
-		// e.g., "app/app-casnode"
-		return true
-	}
-
-	user := object.GetUser(username)
-	if user == nil {
-		return false
-	}
-
-	return user.Owner == "built-in" || user.IsGlobalAdmin
-}
-
-// GetSessionUsername ...
-func (c *ApiController) GetSessionUsername() string {
-	// check if user session expired
-	sessionData := c.GetSessionData()
-
-	if sessionData != nil &&
-		sessionData.ExpireTime != 0 &&
-		sessionData.ExpireTime < time.Now().Unix() {
-		c.ClearUserSession()
-		return ""
-	}
-
-	user := c.GetSession("username")
-	if user == nil {
-		return ""
-	}
-
-	return user.(string)
-}
-
-func (c *ApiController) GetSessionApplication() *object.Application {
-	clientId := c.GetSession("aud")
-	if clientId == nil {
-		return nil
-	}
-	application := object.GetApplicationByClientId(clientId.(string))
-	return application
-}
-
-func (c *ApiController) ClearUserSession() {
-	c.SetSessionUsername("")
-	c.SetSessionData(nil)
-}
-
-func (c *ApiController) GetSessionOidc() (string, string) {
-	sessionData := c.GetSessionData()
-	if sessionData != nil &&
-		sessionData.ExpireTime != 0 &&
-		sessionData.ExpireTime < time.Now().Unix() {
-		c.ClearUserSession()
-		return "", ""
-	}
-	scopeValue := c.GetSession("scope")
-	audValue := c.GetSession("aud")
-	var scope, aud string
-	var ok bool
-	if scope, ok = scopeValue.(string); !ok {
-		scope = ""
-	}
-	if aud, ok = audValue.(string); !ok {
-		aud = ""
-	}
-	return scope, aud
-}
-
-// SetSessionUsername ...
-func (c *ApiController) SetSessionUsername(user string) {
-	c.SetSession("username", user)
-}
-
-// GetSessionData ...
-func (c *ApiController) GetSessionData() *SessionData {
-	session := c.GetSession("SessionData")
-	if session == nil {
-		return nil
-	}
-
-	sessionData := &SessionData{}
-	err := util.JsonToStruct(session.(string), sessionData)
-	if err != nil {
-		logs.Error("GetSessionData failed, error: %s", err)
-		return nil
-	}
-
-	return sessionData
-}
-
-// SetSessionData ...
-func (c *ApiController) SetSessionData(s *SessionData) {
-	if s == nil {
-		c.DelSession("SessionData")
-		return
-	}
-
-	c.SetSession("SessionData", util.StructToJson(s))
-}
-
-func wrapActionResponse(affected bool) *Response {
-	if affected {
-		return &Response{Status: "ok", Msg: "", Data: "Affected"}
-	} else {
-		return &Response{Status: "ok", Msg: "", Data: "Unaffected"}
-	}
-}
-
-func wrapErrorResponse(err error) *Response {
-	if err == nil {
-		return &Response{Status: "ok", Msg: ""}
-	} else {
-		return &Response{Status: "error", Msg: err.Error()}
-	}
-}
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -1,269 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/xml"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-const (
-	InvalidRequest           string = "INVALID_REQUEST"
-	InvalidTicketSpec        string = "INVALID_TICKET_SPEC"
-	UnauthorizedServiceProxy string = "UNAUTHORIZED_SERVICE_PROXY"
-	InvalidProxyCallback     string = "INVALID_PROXY_CALLBACK"
-	InvalidTicket            string = "INVALID_TICKET"
-	InvalidService           string = "INVALID_SERVICE"
-	InternalError            string = "INTERNAL_ERROR"
-	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
-)
-
-func (c *RootController) CasValidate() {
-	ticket := c.Input().Get("ticket")
-	service := c.Input().Get("service")
-	c.Ctx.Output.Header("Content-Type", "text/html; charset=utf-8")
-	if service == "" || ticket == "" {
-		c.Ctx.Output.Body([]byte("no\n"))
-		return
-	}
-	if ok, response, issuedService, _ := object.GetCasTokenByTicket(ticket); ok {
-		// check whether service is the one for which we previously issued token
-		if issuedService == service {
-			c.Ctx.Output.Body([]byte(fmt.Sprintf("yes\n%s\n", response.User)))
-			return
-		}
-	}
-	// token not found
-	c.Ctx.Output.Body([]byte("no\n"))
-}
-
-func (c *RootController) CasServiceValidate() {
-	ticket := c.Input().Get("ticket")
-	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "ST") {
-		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
-	}
-	c.CasP3ServiceAndProxyValidate()
-}
-
-func (c *RootController) CasProxyValidate() {
-	ticket := c.Input().Get("ticket")
-	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "PT") {
-		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
-	}
-	c.CasP3ServiceAndProxyValidate()
-}
-
-func (c *RootController) CasP3ServiceAndProxyValidate() {
-	ticket := c.Input().Get("ticket")
-	format := c.Input().Get("format")
-	service := c.Input().Get("service")
-	pgtUrl := c.Input().Get("pgtUrl")
-
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-	}
-
-	// check whether all required parameters are met
-	if service == "" || ticket == "" {
-		c.sendCasAuthenticationResponseErr(InvalidRequest, "service and ticket must exist", format)
-		return
-	}
-	ok, response, issuedService, userId := object.GetCasTokenByTicket(ticket)
-	// find the token
-	if ok {
-		// check whether service is the one for which we previously issued token
-		if strings.HasPrefix(service, issuedService) {
-			serviceResponse.Success = response
-		} else {
-			// service not match
-			c.sendCasAuthenticationResponseErr(InvalidService, fmt.Sprintf("service %s and %s does not match", service, issuedService), format)
-			return
-		}
-	} else {
-		// token not found
-		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
-		return
-	}
-
-	if pgtUrl != "" && serviceResponse.Failure == nil {
-		// that means we are in proxy web flow
-		pgt := object.StoreCasTokenForPgt(serviceResponse.Success, service, userId)
-		pgtiou := serviceResponse.Success.ProxyGrantingTicket
-		// todo: check whether it is https
-		pgtUrlObj, err := url.Parse(pgtUrl)
-		if pgtUrlObj.Scheme != "https" {
-			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
-			return
-		}
-		// make a request to pgturl passing pgt and pgtiou
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
-			return
-		}
-		param := pgtUrlObj.Query()
-		param.Add("pgtId", pgt)
-		param.Add("pgtIou", pgtiou)
-		pgtUrlObj.RawQuery = param.Encode()
-
-		request, err := http.NewRequest("GET", pgtUrlObj.String(), nil)
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
-			return
-		}
-
-		resp, err := http.DefaultClient.Do(request)
-		if err != nil || !(resp.StatusCode >= 200 && resp.StatusCode < 400) {
-			// failed to send request
-			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
-			return
-		}
-	}
-	// everything is ok, send the response
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
-
-func (c *RootController) CasProxy() {
-	pgt := c.Input().Get("pgt")
-	targetService := c.Input().Get("targetService")
-	format := c.Input().Get("format")
-	if pgt == "" || targetService == "" {
-		c.sendCasProxyResponseErr(InvalidRequest, "pgt and targetService must exist", format)
-		return
-	}
-
-	ok, authenticationSuccess, issuedService, userId := object.GetCasTokenByPgt(pgt)
-	if !ok {
-		c.sendCasProxyResponseErr(UnauthorizedService, "service not authorized", format)
-		return
-	}
-
-	newAuthenticationSuccess := authenticationSuccess.DeepCopy()
-	if newAuthenticationSuccess.Proxies == nil {
-		newAuthenticationSuccess.Proxies = &object.CasProxies{}
-	}
-	newAuthenticationSuccess.Proxies.Proxies = append(newAuthenticationSuccess.Proxies.Proxies, issuedService)
-	proxyTicket := object.StoreCasTokenForProxyTicket(&newAuthenticationSuccess, targetService, userId)
-
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-		ProxySuccess: &object.CasProxySuccess{
-			ProxyTicket: proxyTicket,
-		},
-	}
-
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
-
-func (c *RootController) SamlValidate() {
-	c.Ctx.Output.Header("Content-Type", "text/xml; charset=utf-8")
-	target := c.Input().Get("TARGET")
-	body := c.Ctx.Input.RequestBody
-	envelopRequest := struct {
-		XMLName xml.Name `xml:"Envelope"`
-		Body    struct {
-			XMLName xml.Name `xml:"Body"`
-			Content string   `xml:",innerxml"`
-		}
-	}{}
-
-	err := xml.Unmarshal(body, &envelopRequest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	response, service, err := object.GetValidationBySaml(envelopRequest.Body.Content, c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !strings.HasPrefix(target, service) {
-		c.ResponseError(fmt.Sprintf(c.T("cas:Service %s and %s do not match"), target, service))
-		return
-	}
-
-	envelopResponse := struct {
-		XMLName xml.Name `xml:"SOAP-ENV:Envelope"`
-		Xmlns   string   `xml:"xmlns:SOAP-ENV"`
-		Body    struct {
-			XMLName xml.Name `xml:"SOAP-ENV:Body"`
-			Content string   `xml:",innerxml"`
-		}
-	}{}
-	envelopResponse.Xmlns = "http://schemas.xmlsoap.org/soap/envelope/"
-	envelopResponse.Body.Content = response
-
-	data, err := xml.Marshal(envelopResponse)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Ctx.Output.Body(data)
-}
-
-func (c *RootController) sendCasProxyResponseErr(code, msg, format string) {
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-		ProxyFailure: &object.CasProxyFailure{
-			Code:    code,
-			Message: msg,
-		},
-	}
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
-
-func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format string) {
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-		Failure: &object.CasAuthenticationFailure{
-			Code:    code,
-			Message: msg,
-		},
-	}
-
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
--- a/controllers/casbin_adapter.go
+++ b/controllers/casbin_adapter.go
@@ -1,157 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
-)
-
-func (c *ApiController) GetCasbinAdapters() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		adapters := object.GetCasbinAdapters(owner)
-		c.ResponseOk(adapters)
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, field, value)))
-		adapters := object.GetPaginationCasbinAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(adapters, paginator.Nums())
-	}
-}
-
-func (c *ApiController) GetCasbinAdapter() {
-	id := c.Input().Get("id")
-	adapter := object.GetCasbinAdapter(id)
-	c.ResponseOk(adapter)
-}
-
-func (c *ApiController) UpdateCasbinAdapter() {
-	id := c.Input().Get("id")
-
-	var casbinAdapter object.CasbinAdapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateCasbinAdapter(id, &casbinAdapter))
-	c.ServeJSON()
-}
-
-func (c *ApiController) AddCasbinAdapter() {
-	var casbinAdapter object.CasbinAdapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddCasbinAdapter(&casbinAdapter))
-	c.ServeJSON()
-}
-
-func (c *ApiController) DeleteCasbinAdapter() {
-	var casbinAdapter object.CasbinAdapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteCasbinAdapter(&casbinAdapter))
-	c.ServeJSON()
-}
-
-func (c *ApiController) SyncPolicies() {
-	id := c.Input().Get("id")
-	adapter := object.GetCasbinAdapter(id)
-
-	policies, err := object.SyncPolicies(adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(policies)
-}
-
-func (c *ApiController) UpdatePolicy() {
-	id := c.Input().Get("id")
-	adapter := object.GetCasbinAdapter(id)
-	var policies []xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdatePolicy(util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) AddPolicy() {
-	id := c.Input().Get("id")
-	adapter := object.GetCasbinAdapter(id)
-	var policy xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.AddPolicy(util.CasbinToSlice(policy), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) RemovePolicy() {
-	id := c.Input().Get("id")
-	adapter := object.GetCasbinAdapter(id)
-	var policy xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.RemovePolicy(util.CasbinToSlice(policy), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
--- a/controllers/cert.go
+++ b/controllers/cert.go
@@ -1,123 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetCerts
-// @Title GetCerts
-// @Tag Cert API
-// @Description get certs
-// @Param   owner     query    string  true        "The owner of certs"
-// @Success 200 {array} object.Cert The Response object
-// @router /get-certs [get]
-func (c *ApiController) GetCerts() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedCerts(object.GetCerts(owner))
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCertCount(owner, field, value)))
-		certs := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		c.ResponseOk(certs, paginator.Nums())
-	}
-}
-
-// GetCert
-// @Title GetCert
-// @Tag Cert API
-// @Description get cert
-// @Param   id     query    string  true        "The id ( owner/name ) of the cert"
-// @Success 200 {object} object.Cert The Response object
-// @router /get-cert [get]
-func (c *ApiController) GetCert() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetMaskedCert(object.GetCert(id))
-	c.ServeJSON()
-}
-
-// UpdateCert
-// @Title UpdateCert
-// @Tag Cert API
-// @Description update cert
-// @Param   id     query    string  true        "The id ( owner/name ) of the cert"
-// @Param   body    body   object.Cert  true        "The details of the cert"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-cert [post]
-func (c *ApiController) UpdateCert() {
-	id := c.Input().Get("id")
-
-	var cert object.Cert
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateCert(id, &cert))
-	c.ServeJSON()
-}
-
-// AddCert
-// @Title AddCert
-// @Tag Cert API
-// @Description add cert
-// @Param   body    body   object.Cert  true        "The details of the cert"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-cert [post]
-func (c *ApiController) AddCert() {
-	var cert object.Cert
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddCert(&cert))
-	c.ServeJSON()
-}
-
-// DeleteCert
-// @Title DeleteCert
-// @Tag Cert API
-// @Description delete cert
-// @Param   body    body   object.Cert  true        "The details of the cert"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-cert [post]
-func (c *ApiController) DeleteCert() {
-	var cert object.Cert
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteCert(&cert))
-	c.ServeJSON()
-}
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -1,78 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-func (c *ApiController) Enforce() {
-	var permissionRule object.PermissionRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = object.Enforce(&permissionRule)
-	c.ServeJSON()
-}
-
-func (c *ApiController) BatchEnforce() {
-	var permissionRules []object.PermissionRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = object.BatchEnforce(permissionRules)
-	c.ServeJSON()
-}
-
-func (c *ApiController) GetAllObjects() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	c.Data["json"] = object.GetAllObjects(userId)
-	c.ServeJSON()
-}
-
-func (c *ApiController) GetAllActions() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	c.Data["json"] = object.GetAllActions(userId)
-	c.ServeJSON()
-}
-
-func (c *ApiController) GetAllRoles() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	c.Data["json"] = object.GetAllRoles(userId)
-	c.ServeJSON()
-}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -1,251 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-type LdapServer struct {
-	Host   string `json:"host"`
-	Port   int    `json:"port"`
-	Admin  string `json:"admin"`
-	Passwd string `json:"passwd"`
-	BaseDn string `json:"baseDn"`
-}
-
-type LdapResp struct {
-	// Groups []LdapRespGroup `json:"groups"`
-	Users []object.LdapRespUser `json:"users"`
-}
-
-//type LdapRespGroup struct {
-//	GroupId   string
-//	GroupName string
-//}
-
-type LdapSyncResp struct {
-	Exist  []object.LdapRespUser `json:"exist"`
-	Failed []object.LdapRespUser `json:"failed"`
-}
-
-// GetLdapUser
-// @Tag Account API
-// @Title GetLdapser
-// @router /get-ldap-user [post]
-func (c *ApiController) GetLdapUser() {
-	ldapServer := LdapServer{}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldapServer)
-	if err != nil || util.IsStringsEmpty(ldapServer.Host, ldapServer.Admin, ldapServer.Passwd, ldapServer.BaseDn) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	var resp LdapResp
-
-	conn, err := object.GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
-	//if err != nil {
-	//  c.ResponseError(err.Error())
-	//	return
-	//}
-
-	//for _, group := range groupsMap {
-	//	resp.Groups = append(resp.Groups, LdapRespGroup{
-	//		GroupId:   group.GidNumber,
-	//		GroupName: group.Cn,
-	//	})
-	//}
-
-	users, err := conn.GetLdapUsers(ldapServer.BaseDn)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	for _, user := range users {
-		resp.Users = append(resp.Users, object.LdapRespUser{
-			UidNumber: user.UidNumber,
-			Uid:       user.Uid,
-			Cn:        user.Cn,
-			GroupId:   user.GidNumber,
-			// GroupName: groupsMap[user.GidNumber].Cn,
-			Uuid:    user.Uuid,
-			Email:   util.GetMaxLenStr(user.Mail, user.Email, user.EmailAddress),
-			Phone:   util.GetMaxLenStr(user.TelephoneNumber, user.Mobile, user.MobileTelephoneNumber),
-			Address: util.GetMaxLenStr(user.RegisteredAddress, user.PostalAddress),
-		})
-	}
-
-	c.Data["json"] = Response{Status: "ok", Data: resp}
-	c.ServeJSON()
-}
-
-// GetLdaps
-// @Tag Account API
-// @Title GetLdaps
-// @router /get-ldaps [get]
-func (c *ApiController) GetLdaps() {
-	owner := c.Input().Get("owner")
-
-	c.Data["json"] = Response{Status: "ok", Data: object.GetLdaps(owner)}
-	c.ServeJSON()
-}
-
-// GetLdap
-// @Tag Account API
-// @Title GetLdap
-// @router /get-ldap [get]
-func (c *ApiController) GetLdap() {
-	id := c.Input().Get("id")
-
-	if util.IsStringsEmpty(id) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	c.Data["json"] = Response{Status: "ok", Data: object.GetLdap(id)}
-	c.ServeJSON()
-}
-
-// AddLdap
-// @Tag Account API
-// @Title AddLdap
-// @router /add-ldap [post]
-func (c *ApiController) AddLdap() {
-	var ldap object.Ldap
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	if object.CheckLdapExist(&ldap) {
-		c.ResponseError(c.T("ldap:Ldap server exist"))
-		return
-	}
-
-	affected := object.AddLdap(&ldap)
-	resp := wrapActionResponse(affected)
-	if affected {
-		resp.Data2 = ldap
-	}
-	if ldap.AutoSync != 0 {
-		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-	}
-
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-// UpdateLdap
-// @Tag Account API
-// @Title UpdateLdap
-// @router /update-ldap [post]
-func (c *ApiController) UpdateLdap() {
-	var ldap object.Ldap
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	prevLdap := object.GetLdap(ldap.Id)
-	affected := object.UpdateLdap(&ldap)
-	resp := wrapActionResponse(affected)
-	if affected {
-		resp.Data2 = ldap
-	}
-	if ldap.AutoSync != 0 {
-		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-	} else if ldap.AutoSync == 0 && prevLdap.AutoSync != 0 {
-		object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
-	}
-
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-// DeleteLdap
-// @Tag Account API
-// @Title DeleteLdap
-// @router /delete-ldap [post]
-func (c *ApiController) DeleteLdap() {
-	var ldap object.Ldap
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
-	c.Data["json"] = wrapActionResponse(object.DeleteLdap(&ldap))
-	c.ServeJSON()
-}
-
-// SyncLdapUsers
-// @Tag Account API
-// @Title SyncLdapUsers
-// @router /sync-ldap-users [post]
-func (c *ApiController) SyncLdapUsers() {
-	owner := c.Input().Get("owner")
-	ldapId := c.Input().Get("ldapId")
-	var users []object.LdapRespUser
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	object.UpdateLdapSyncTime(ldapId)
-
-	exist, failed := object.SyncLdapUsers(owner, users, ldapId)
-	c.Data["json"] = &Response{Status: "ok", Data: &LdapSyncResp{
-		Exist:  *exist,
-		Failed: *failed,
-	}}
-	c.ServeJSON()
-}
-
-// CheckLdapUsersExist
-// @Tag Account API
-// @Title CheckLdapUserExist
-// @router /check-ldap-users-exist [post]
-func (c *ApiController) CheckLdapUsersExist() {
-	owner := c.Input().Get("owner")
-	var uuids []string
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &uuids)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	exist := object.CheckLdapUuidExist(owner, uuids)
-	c.Data["json"] = &Response{Status: "ok", Data: exist}
-	c.ServeJSON()
-}
--- a/controllers/ldapserver.go
+++ b/controllers/ldapserver.go
@@ -1,138 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"log"
-
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/object"
-	"github.com/forestmgy/ldapserver"
-	"github.com/lor00x/goldap/message"
-)
-
-func StartLdapServer() {
-	server := ldapserver.NewServer()
-	routes := ldapserver.NewRouteMux()
-
-	routes.Bind(handleBind)
-	routes.Search(handleSearch).Label(" SEARCH****")
-
-	server.Handle(routes)
-	server.ListenAndServe("0.0.0.0:" + conf.GetConfigString("ldapServerPort"))
-}
-
-func handleBind(w ldapserver.ResponseWriter, m *ldapserver.Message) {
-	r := m.GetBindRequest()
-	res := ldapserver.NewBindResponse(ldapserver.LDAPResultSuccess)
-
-	if r.AuthenticationChoice() == "simple" {
-		bindusername, bindorg, err := object.GetNameAndOrgFromDN(string(r.Name()))
-		if err != "" {
-			log.Printf("Bind failed ,ErrMsg=%s", err)
-			res.SetResultCode(ldapserver.LDAPResultInvalidDNSyntax)
-			res.SetDiagnosticMessage("bind failed ErrMsg: " + err)
-			w.Write(res)
-			return
-		}
-		bindpassword := string(r.AuthenticationSimple())
-		binduser, err := object.CheckUserPassword(bindorg, bindusername, bindpassword, "en")
-		if err != "" {
-			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
-			res.SetResultCode(ldapserver.LDAPResultInvalidCredentials)
-			res.SetDiagnosticMessage("invalid credentials ErrMsg: " + err)
-			w.Write(res)
-			return
-		}
-		if bindorg == "built-in" {
-			m.Client.IsGlobalAdmin, m.Client.IsOrgAdmin = true, true
-		} else if binduser.IsAdmin {
-			m.Client.IsOrgAdmin = true
-		}
-		m.Client.IsAuthenticated = true
-		m.Client.UserName = bindusername
-		m.Client.OrgName = bindorg
-	} else {
-		res.SetResultCode(ldapserver.LDAPResultAuthMethodNotSupported)
-		res.SetDiagnosticMessage("Authentication method not supported,Please use Simple Authentication")
-	}
-	w.Write(res)
-}
-
-func handleSearch(w ldapserver.ResponseWriter, m *ldapserver.Message) {
-	res := ldapserver.NewSearchResultDoneResponse(ldapserver.LDAPResultSuccess)
-	if !m.Client.IsAuthenticated {
-		res.SetResultCode(ldapserver.LDAPResultUnwillingToPerform)
-		w.Write(res)
-		return
-	}
-	r := m.GetSearchRequest()
-	if r.FilterString() == "(objectClass=*)" {
-		w.Write(res)
-		return
-	}
-	name, org, errCode := object.GetUserNameAndOrgFromBaseDnAndFilter(string(r.BaseObject()), r.FilterString())
-	if errCode != ldapserver.LDAPResultSuccess {
-		res.SetResultCode(errCode)
-		w.Write(res)
-		return
-	}
-	// Handle Stop Signal (server stop / client disconnected / Abandoned request....)
-	select {
-	case <-m.Done:
-		log.Print("Leaving handleSearch...")
-		return
-	default:
-	}
-	users, errCode := object.GetFilteredUsers(m, name, org)
-	if errCode != ldapserver.LDAPResultSuccess {
-		res.SetResultCode(errCode)
-		w.Write(res)
-		return
-	}
-	for i := 0; i < len(users); i++ {
-		user := users[i]
-		dn := fmt.Sprintf("cn=%s,%s", user.Name, string(r.BaseObject()))
-		e := ldapserver.NewSearchResultEntry(dn)
-		e.AddAttribute("cn", message.AttributeValue(user.Name))
-		e.AddAttribute("uid", message.AttributeValue(user.Name))
-		e.AddAttribute("email", message.AttributeValue(user.Email))
-		e.AddAttribute("mobile", message.AttributeValue(user.Phone))
-		e.AddAttribute("userPassword", message.AttributeValue(getUserPasswordWithType(user)))
-		// e.AddAttribute("postalAddress", message.AttributeValue(user.Address[0]))
-		w.Write(e)
-	}
-	w.Write(res)
-}
-
-// get user password with hash type prefix
-// TODO not handle salt yet
-// @return {md5}5f4dcc3b5aa765d61d8327deb882cf99
-func getUserPasswordWithType(user *object.User) string {
-	org := object.GetOrganizationByUser(user)
-	if org.PasswordType == "" || org.PasswordType == "plain" {
-		return user.Password
-	}
-	prefix := org.PasswordType
-	if prefix == "salt" {
-		prefix = "sha256"
-	} else if prefix == "md5-salt" {
-		prefix = "md5"
-	} else if prefix == "pbkdf2-salt" {
-		prefix = "pbkdf2"
-	}
-	return fmt.Sprintf("{%s}%s", prefix, user.Password)
-}
--- a/controllers/link.go
+++ b/controllers/link.go
@@ -1,95 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-type LinkForm struct {
-	ProviderType string      `json:"providerType"`
-	User         object.User `json:"user"`
-}
-
-// Unlink ...
-// @router /unlink [post]
-// @Tag Login API
-func (c *ApiController) Unlink() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	var form LinkForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	providerType := form.ProviderType
-
-	// the user will be unlinked from the provider
-	unlinkedUser := form.User
-
-	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
-		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
-		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
-		return
-	}
-
-	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin {
-		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
-		application := object.GetApplicationByUser(user)
-		if application == nil {
-			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
-			return
-		}
-
-		if len(application.Providers) == 0 {
-			c.ResponseError(c.T("link:This application has no providers"))
-			return
-		}
-
-		provider := application.GetProviderItemByType(providerType)
-		if provider == nil {
-			c.ResponseError(c.T("link:This application has no providers of type") + providerType)
-			return
-		}
-
-		if !provider.CanUnlink {
-			c.ResponseError(c.T("link:This provider can't be unlinked"))
-			return
-		}
-
-	}
-
-	// only two situations can happen here
-	// 1. the user is the global admin
-	// 2. the user is unlinking themselves and provider can be unlinked
-
-	value := object.GetUserField(&unlinkedUser, providerType)
-
-	if value == "" {
-		c.ResponseError(c.T("link:Please link first"), value)
-		return
-	}
-
-	object.ClearUserOAuthProperties(&unlinkedUser, providerType)
-
-	object.LinkUserAccount(&unlinkedUser, providerType, "")
-	c.ResponseOk()
-}
--- a/controllers/model.go
+++ b/controllers/model.go
@@ -1,123 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetModels
-// @Title GetModels
-// @Tag Model API
-// @Description get models
-// @Param   owner     query    string  true        "The owner of models"
-// @Success 200 {array} object.Model The Response object
-// @router /get-models [get]
-func (c *ApiController) GetModels() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetModels(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetModelCount(owner, field, value)))
-		models := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(models, paginator.Nums())
-	}
-}
-
-// GetModel
-// @Title GetModel
-// @Tag Model API
-// @Description get model
-// @Param   id     query    string  true        "The id ( owner/name ) of the model"
-// @Success 200 {object} object.Model The Response object
-// @router /get-model [get]
-func (c *ApiController) GetModel() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetModel(id)
-	c.ServeJSON()
-}
-
-// UpdateModel
-// @Title UpdateModel
-// @Tag Model API
-// @Description update model
-// @Param   id     query    string  true        "The id ( owner/name ) of the model"
-// @Param   body    body   object.Model  true        "The details of the model"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-model [post]
-func (c *ApiController) UpdateModel() {
-	id := c.Input().Get("id")
-
-	var model object.Model
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapErrorResponse(object.UpdateModelWithCheck(id, &model))
-	c.ServeJSON()
-}
-
-// AddModel
-// @Title AddModel
-// @Tag Model API
-// @Description add model
-// @Param   body    body   object.Model  true        "The details of the model"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-model [post]
-func (c *ApiController) AddModel() {
-	var model object.Model
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddModel(&model))
-	c.ServeJSON()
-}
-
-// DeleteModel
-// @Title DeleteModel
-// @Tag Model API
-// @Description delete model
-// @Param   body    body   object.Model  true        "The details of the model"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-model [post]
-func (c *ApiController) DeleteModel() {
-	var model object.Model
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteModel(&model))
-	c.ServeJSON()
-}
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -1,44 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import "github.com/casdoor/casdoor/object"
-
-// GetOidcDiscovery
-// @Title GetOidcDiscovery
-// @Tag OIDC API
-// @Description Get Oidc Discovery
-// @Success 200 {object} object.OidcDiscovery
-// @router /.well-known/openid-configuration [get]
-func (c *RootController) GetOidcDiscovery() {
-	host := c.Ctx.Request.Host
-	c.Data["json"] = object.GetOidcDiscovery(host)
-	c.ServeJSON()
-}
-
-// GetJwks
-// @Title GetJwks
-// @Tag OIDC API
-// @Success 200 {object} jose.JSONWebKey
-// @router /.well-known/jwks [get]
-func (c *RootController) GetJwks() {
-	jwks, err := object.GetJsonWebKeySet()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = jwks
-	c.ServeJSON()
-}
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -1,150 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetOrganizations ...
-// @Title GetOrganizations
-// @Tag Organization API
-// @Description get organizations
-// @Param   owner     query    string  true        "owner"
-// @Success 200 {array} object.Organization The Response object
-// @router /get-organizations [get]
-func (c *ApiController) GetOrganizations() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedOrganizations(object.GetOrganizations(owner))
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationCount(owner, field, value)))
-		organizations := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		c.ResponseOk(organizations, paginator.Nums())
-	}
-}
-
-// GetOrganization ...
-// @Title GetOrganization
-// @Tag Organization API
-// @Description get organization
-// @Param   id     query    string  true        "organization id"
-// @Success 200 {object} object.Organization The Response object
-// @router /get-organization [get]
-func (c *ApiController) GetOrganization() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetMaskedOrganization(object.GetOrganization(id))
-	c.ServeJSON()
-}
-
-// UpdateOrganization ...
-// @Title UpdateOrganization
-// @Tag Organization API
-// @Description update organization
-// @Param   id     query    string  true        "The id ( owner/name ) of the organization"
-// @Param   body    body   object.Organization  true        "The details of the organization"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-organization [post]
-func (c *ApiController) UpdateOrganization() {
-	id := c.Input().Get("id")
-
-	var organization object.Organization
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization))
-	c.ServeJSON()
-}
-
-// AddOrganization ...
-// @Title AddOrganization
-// @Tag Organization API
-// @Description add organization
-// @Param   body    body   object.Organization  true        "The details of the organization"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-organization [post]
-func (c *ApiController) AddOrganization() {
-	var organization object.Organization
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count := object.GetOrganizationCount("", "", "")
-	if err := checkQuotaForOrganization(count); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
-	c.ServeJSON()
-}
-
-// DeleteOrganization ...
-// @Title DeleteOrganization
-// @Tag Organization API
-// @Description delete organization
-// @Param   body    body   object.Organization  true        "The details of the organization"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-organization [post]
-func (c *ApiController) DeleteOrganization() {
-	var organization object.Organization
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteOrganization(&organization))
-	c.ServeJSON()
-}
-
-// GetDefaultApplication ...
-// @Title GetDefaultApplication
-// @Tag Organization API
-// @Description get default application
-// @Param   id     query    string  true        "organization id"
-// @Success 200 {object}  Response The Response object
-// @router /get-default-application [get]
-func (c *ApiController) GetDefaultApplication() {
-	userId := c.GetSessionUsername()
-	id := c.Input().Get("id")
-
-	application, err := object.GetDefaultApplication(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	maskedApplication := object.GetMaskedApplication(application, userId)
-	c.ResponseOk(maskedApplication)
-}
--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -1,187 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPayments
-// @Title GetPayments
-// @Tag Payment API
-// @Description get payments
-// @Param   owner     query    string  true        "The owner of payments"
-// @Success 200 {array} object.Payment The Response object
-// @router /get-payments [get]
-func (c *ApiController) GetPayments() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetPayments(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPaymentCount(owner, field, value)))
-		payments := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(payments, paginator.Nums())
-	}
-}
-
-// GetUserPayments
-// @Title GetUserPayments
-// @Tag Payment API
-// @Description get payments for a user
-// @Param   owner     query    string  true        "The owner of payments"
-// @Param   organization    query   string  true   "The organization of the user"
-// @Param   user    query   string  true           "The username of the user"
-// @Success 200 {array} object.Payment The Response object
-// @router /get-user-payments [get]
-func (c *ApiController) GetUserPayments() {
-	owner := c.Input().Get("owner")
-	organization := c.Input().Get("organization")
-	user := c.Input().Get("user")
-
-	payments := object.GetUserPayments(owner, organization, user)
-	c.ResponseOk(payments)
-}
-
-// GetPayment
-// @Title GetPayment
-// @Tag Payment API
-// @Description get payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Success 200 {object} object.Payment The Response object
-// @router /get-payment [get]
-func (c *ApiController) GetPayment() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetPayment(id)
-	c.ServeJSON()
-}
-
-// UpdatePayment
-// @Title UpdatePayment
-// @Tag Payment API
-// @Description update payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-payment [post]
-func (c *ApiController) UpdatePayment() {
-	id := c.Input().Get("id")
-
-	var payment object.Payment
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePayment(id, &payment))
-	c.ServeJSON()
-}
-
-// AddPayment
-// @Title AddPayment
-// @Tag Payment API
-// @Description add payment
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-payment [post]
-func (c *ApiController) AddPayment() {
-	var payment object.Payment
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPayment(&payment))
-	c.ServeJSON()
-}
-
-// DeletePayment
-// @Title DeletePayment
-// @Tag Payment API
-// @Description delete payment
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-payment [post]
-func (c *ApiController) DeletePayment() {
-	var payment object.Payment
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePayment(&payment))
-	c.ServeJSON()
-}
-
-// NotifyPayment
-// @Title NotifyPayment
-// @Tag Payment API
-// @Description notify payment
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /notify-payment [post]
-func (c *ApiController) NotifyPayment() {
-	owner := c.Ctx.Input.Param(":owner")
-	providerName := c.Ctx.Input.Param(":provider")
-	productName := c.Ctx.Input.Param(":product")
-	paymentName := c.Ctx.Input.Param(":payment")
-
-	body := c.Ctx.Input.RequestBody
-
-	ok := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName)
-	if ok {
-		_, err := c.Ctx.ResponseWriter.Write([]byte("success"))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		panic(fmt.Errorf("NotifyPayment() failed: %v", ok))
-	}
-}
-
-// InvoicePayment
-// @Title InvoicePayment
-// @Tag Payment API
-// @Description invoice payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /invoice-payment [post]
-func (c *ApiController) InvoicePayment() {
-	id := c.Input().Get("id")
-
-	payment := object.GetPayment(id)
-	invoiceUrl, err := object.InvoicePayment(payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	c.ResponseOk(invoiceUrl)
-}
--- a/controllers/permission.go
+++ b/controllers/permission.go
@@ -1,154 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPermissions
-// @Title GetPermissions
-// @Tag Permission API
-// @Description get permissions
-// @Param   owner     query    string  true        "The owner of permissions"
-// @Success 200 {array} object.Permission The Response object
-// @router /get-permissions [get]
-func (c *ApiController) GetPermissions() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetPermissions(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPermissionCount(owner, field, value)))
-		permissions := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(permissions, paginator.Nums())
-	}
-}
-
-// GetPermissionsBySubmitter
-// @Title GetPermissionsBySubmitter
-// @Tag Permission API
-// @Description get permissions by submitter
-// @Success 200 {array} object.Permission The Response object
-// @router /get-permissions-by-submitter [get]
-func (c *ApiController) GetPermissionsBySubmitter() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	permissions := object.GetPermissionsBySubmitter(user.Owner, user.Name)
-	c.ResponseOk(permissions, len(permissions))
-	return
-}
-
-// GetPermissionsByRole
-// @Title GetPermissionsByRole
-// @Tag Permission API
-// @Description get permissions by role
-// @Param   id     query    string  true        "The id ( owner/name ) of the role"
-// @Success 200 {array} object.Permission The Response object
-// @router /get-permissions-by-role [get]
-func (c *ApiController) GetPermissionsByRole() {
-	id := c.Input().Get("id")
-	permissions := object.GetPermissionsByRole(id)
-	c.ResponseOk(permissions, len(permissions))
-	return
-}
-
-// GetPermission
-// @Title GetPermission
-// @Tag Permission API
-// @Description get permission
-// @Param   id     query    string  true        "The id ( owner/name ) of the permission"
-// @Success 200 {object} object.Permission The Response object
-// @router /get-permission [get]
-func (c *ApiController) GetPermission() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetPermission(id)
-	c.ServeJSON()
-}
-
-// UpdatePermission
-// @Title UpdatePermission
-// @Tag Permission API
-// @Description update permission
-// @Param   id     query    string  true        "The id ( owner/name ) of the permission"
-// @Param   body    body   object.Permission  true        "The details of the permission"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-permission [post]
-func (c *ApiController) UpdatePermission() {
-	id := c.Input().Get("id")
-
-	var permission object.Permission
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePermission(id, &permission))
-	c.ServeJSON()
-}
-
-// AddPermission
-// @Title AddPermission
-// @Tag Permission API
-// @Description add permission
-// @Param   body    body   object.Permission  true        "The details of the permission"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-permission [post]
-func (c *ApiController) AddPermission() {
-	var permission object.Permission
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPermission(&permission))
-	c.ServeJSON()
-}
-
-// DeletePermission
-// @Title DeletePermission
-// @Tag Permission API
-// @Description delete permission
-// @Param   body    body   object.Permission  true        "The details of the permission"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-permission [post]
-func (c *ApiController) DeletePermission() {
-	var permission object.Permission
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePermission(&permission))
-	c.ServeJSON()
-}
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -1,161 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetProducts
-// @Title GetProducts
-// @Tag Product API
-// @Description get products
-// @Param   owner     query    string  true        "The owner of products"
-// @Success 200 {array} object.Product The Response object
-// @router /get-products [get]
-func (c *ApiController) GetProducts() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetProducts(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProductCount(owner, field, value)))
-		products := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(products, paginator.Nums())
-	}
-}
-
-// GetProduct
-// @Title GetProduct
-// @Tag Product API
-// @Description get product
-// @Param   id     query    string  true        "The id ( owner/name ) of the product"
-// @Success 200 {object} object.Product The Response object
-// @router /get-product [get]
-func (c *ApiController) GetProduct() {
-	id := c.Input().Get("id")
-
-	product := object.GetProduct(id)
-	object.ExtendProductWithProviders(product)
-
-	c.Data["json"] = product
-	c.ServeJSON()
-}
-
-// UpdateProduct
-// @Title UpdateProduct
-// @Tag Product API
-// @Description update product
-// @Param   id     query    string  true        "The id ( owner/name ) of the product"
-// @Param   body    body   object.Product  true        "The details of the product"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-product [post]
-func (c *ApiController) UpdateProduct() {
-	id := c.Input().Get("id")
-
-	var product object.Product
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateProduct(id, &product))
-	c.ServeJSON()
-}
-
-// AddProduct
-// @Title AddProduct
-// @Tag Product API
-// @Description add product
-// @Param   body    body   object.Product  true        "The details of the product"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-product [post]
-func (c *ApiController) AddProduct() {
-	var product object.Product
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddProduct(&product))
-	c.ServeJSON()
-}
-
-// DeleteProduct
-// @Title DeleteProduct
-// @Tag Product API
-// @Description delete product
-// @Param   body    body   object.Product  true        "The details of the product"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-product [post]
-func (c *ApiController) DeleteProduct() {
-	var product object.Product
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteProduct(&product))
-	c.ServeJSON()
-}
-
-// BuyProduct
-// @Title BuyProduct
-// @Tag Product API
-// @Description buy product
-// @Param   id     query    string  true        "The id ( owner/name ) of the product"
-// @Param   providerName    query    string  true  "The name of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /buy-product [post]
-func (c *ApiController) BuyProduct() {
-	id := c.Input().Get("id")
-	providerName := c.Input().Get("providerName")
-	host := c.Ctx.Request.Host
-
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	user := object.GetUser(userId)
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
-
-	payUrl, err := object.BuyProduct(id, providerName, user, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payUrl)
-}
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -1,152 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetProviders
-// @Title GetProviders
-// @Tag Provider API
-// @Description get providers
-// @Param   owner     query    string  true        "The owner of providers"
-// @Success 200 {array} object.Provider The Response object
-// @router /get-providers [get]
-func (c *ApiController) GetProviders() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner))
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner, field, value)))
-		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		c.ResponseOk(providers, paginator.Nums())
-	}
-}
-
-// GetGlobalProviders
-// @Title GetGlobalProviders
-// @Tag Provider API
-// @Description get Global providers
-// @Success 200 {array} object.Provider The Response object
-// @router /get-global-providers [get]
-func (c *ApiController) GetGlobalProviders() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders())
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
-		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder))
-		c.ResponseOk(providers, paginator.Nums())
-	}
-}
-
-// GetProvider
-// @Title GetProvider
-// @Tag Provider API
-// @Description get provider
-// @Param   id     query    string  true        "The id ( owner/name ) of the provider"
-// @Success 200 {object} object.Provider The Response object
-// @router /get-provider [get]
-func (c *ApiController) GetProvider() {
-	id := c.Input().Get("id")
-	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
-	c.ServeJSON()
-}
-
-// UpdateProvider
-// @Title UpdateProvider
-// @Tag Provider API
-// @Description update provider
-// @Param   id     query    string  true        "The id ( owner/name ) of the provider"
-// @Param   body    body   object.Provider  true        "The details of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-provider [post]
-func (c *ApiController) UpdateProvider() {
-	id := c.Input().Get("id")
-
-	var provider object.Provider
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateProvider(id, &provider))
-	c.ServeJSON()
-}
-
-// AddProvider
-// @Title AddProvider
-// @Tag Provider API
-// @Description add provider
-// @Param   body    body   object.Provider  true        "The details of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-provider [post]
-func (c *ApiController) AddProvider() {
-	var provider object.Provider
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count := object.GetProviderCount("", "", "")
-	if err := checkQuotaForProvider(count); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
-	c.ServeJSON()
-}
-
-// DeleteProvider
-// @Title DeleteProvider
-// @Tag Provider API
-// @Description delete provider
-// @Param   body    body   object.Provider  true        "The details of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-provider [post]
-func (c *ApiController) DeleteProvider() {
-	var provider object.Provider
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteProvider(&provider))
-	c.ServeJSON()
-}
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -1,95 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetRecords
-// @Title GetRecords
-// @Tag Record API
-// @Description get all records
-// @Param   pageSize     query    string  true        "The size of each page"
-// @Param   p     query    string  true        "The number of the page"
-// @Success 200 {object} object.Record The Response object
-// @router /get-records [get]
-func (c *ApiController) GetRecords() {
-	organization, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetRecords()
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		filterRecord := &object.Record{Organization: organization}
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRecordCount(field, value, filterRecord)))
-		records := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
-		c.ResponseOk(records, paginator.Nums())
-	}
-}
-
-// GetRecordsByFilter
-// @Tag Record API
-// @Title GetRecordsByFilter
-// @Description get records by filter
-// @Param   filter  body string     true  "filter Record message"
-// @Success 200 {object} object.Record The Response object
-// @router /get-records-filter [post]
-func (c *ApiController) GetRecordsByFilter() {
-	body := string(c.Ctx.Input.RequestBody)
-
-	record := &object.Record{}
-	err := util.JsonToStruct(body, record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = object.GetRecordsByField(record)
-	c.ServeJSON()
-}
-
-// AddRecord
-// @Title AddRecord
-// @Tag Record API
-// @Description add a record
-// @Param   body    body   object.Record  true        "The details of the record"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-record [post]
-func (c *ApiController) AddRecord() {
-	var record object.Record
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddRecord(&record))
-	c.ServeJSON()
-}
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -1,245 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"mime"
-	"path/filepath"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetResources
-// @router /get-resources [get]
-// @Tag Resource API
-// @Title GetResources
-func (c *ApiController) GetResources() {
-	owner := c.Input().Get("owner")
-	user := c.Input().Get("user")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	userObj, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-	if userObj.IsAdmin {
-		user = ""
-	}
-
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetResources(owner, user)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetResourceCount(owner, user, field, value)))
-		resources := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(resources, paginator.Nums())
-	}
-}
-
-// GetResource
-// @Tag Resource API
-// @Title GetResource
-// @router /get-resource [get]
-func (c *ApiController) GetResource() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetResource(id)
-	c.ServeJSON()
-}
-
-// UpdateResource
-// @Tag Resource API
-// @Title UpdateResource
-// @router /update-resource [post]
-func (c *ApiController) UpdateResource() {
-	id := c.Input().Get("id")
-
-	var resource object.Resource
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateResource(id, &resource))
-	c.ServeJSON()
-}
-
-// AddResource
-// @Tag Resource API
-// @Title AddResource
-// @router /add-resource [post]
-func (c *ApiController) AddResource() {
-	var resource object.Resource
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddResource(&resource))
-	c.ServeJSON()
-}
-
-// DeleteResource
-// @Tag Resource API
-// @Title DeleteResource
-// @router /delete-resource [post]
-func (c *ApiController) DeleteResource() {
-	var resource object.Resource
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	provider, _, ok := c.GetProviderFromContext("Storage")
-	if !ok {
-		return
-	}
-
-	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteResource(&resource))
-	c.ServeJSON()
-}
-
-// UploadResource
-// @Tag Resource API
-// @Title UploadResource
-// @router /upload-resource [post]
-func (c *ApiController) UploadResource() {
-	owner := c.Input().Get("owner")
-	username := c.Input().Get("user")
-	application := c.Input().Get("application")
-	tag := c.Input().Get("tag")
-	parent := c.Input().Get("parent")
-	fullFilePath := c.Input().Get("fullFilePath")
-	createdTime := c.Input().Get("createdTime")
-	description := c.Input().Get("description")
-
-	file, header, err := c.GetFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	defer file.Close()
-
-	if username == "" || fullFilePath == "" {
-		c.ResponseError(fmt.Sprintf(c.T("resource:Username or fullFilePath is empty: username = %s, fullFilePath = %s"), username, fullFilePath))
-		return
-	}
-
-	filename := filepath.Base(fullFilePath)
-	fileBuffer := bytes.NewBuffer(nil)
-	if _, err = io.Copy(fileBuffer, file); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	provider, _, ok := c.GetProviderFromContext("Storage")
-	if !ok {
-		return
-	}
-
-	fileType := "unknown"
-	contentType := header.Header.Get("Content-Type")
-	fileType, _ = util.GetOwnerAndNameFromId(contentType)
-
-	if fileType != "image" && fileType != "video" {
-		ext := filepath.Ext(filename)
-		mimeType := mime.TypeByExtension(ext)
-		fileType, _ = util.GetOwnerAndNameFromId(mimeType)
-	}
-
-	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
-	if tag != "avatar" && tag != "termsOfUse" {
-		ext := filepath.Ext(filepath.Base(fullFilePath))
-		index := len(fullFilePath) - len(ext)
-		for i := 1; ; i++ {
-			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
-			if object.GetResourceCount(owner, username, "name", objectKey) == 0 {
-				break
-			}
-
-			// duplicated fullFilePath found, change it
-			fullFilePath = fullFilePath[:index] + fmt.Sprintf("-%d", i) + ext
-		}
-	}
-
-	fileUrl, objectKey, err := object.UploadFileSafe(provider, fullFilePath, fileBuffer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if createdTime == "" {
-		createdTime = util.GetCurrentTime()
-	}
-	fileFormat := filepath.Ext(fullFilePath)
-	fileSize := int(header.Size)
-	resource := &object.Resource{
-		Owner:       owner,
-		Name:        objectKey,
-		CreatedTime: createdTime,
-		User:        username,
-		Provider:    provider.Name,
-		Application: application,
-		Tag:         tag,
-		Parent:      parent,
-		FileName:    filename,
-		FileType:    fileType,
-		FileFormat:  fileFormat,
-		FileSize:    fileSize,
-		Url:         fileUrl,
-		Description: description,
-	}
-	object.AddOrUpdateResource(resource)
-
-	switch tag {
-	case "avatar":
-		user := object.GetUserNoCheck(util.GetId(owner, username))
-		if user == nil {
-			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
-			return
-		}
-
-		user.Avatar = fileUrl
-		object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
-	case "termsOfUse":
-		applicationId := fmt.Sprintf("admin/%s", parent)
-		app := object.GetApplication(applicationId)
-		app.TermsOfUse = fileUrl
-		object.UpdateApplication(applicationId, app)
-	}
-
-	c.ResponseOk(fileUrl, objectKey)
-}
--- a/controllers/role.go
+++ b/controllers/role.go
@@ -1,123 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetRoles
-// @Title GetRoles
-// @Tag Role API
-// @Description get roles
-// @Param   owner     query    string  true        "The owner of roles"
-// @Success 200 {array} object.Role The Response object
-// @router /get-roles [get]
-func (c *ApiController) GetRoles() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetRoles(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRoleCount(owner, field, value)))
-		roles := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(roles, paginator.Nums())
-	}
-}
-
-// GetRole
-// @Title GetRole
-// @Tag Role API
-// @Description get role
-// @Param   id     query    string  true        "The id ( owner/name ) of the role"
-// @Success 200 {object} object.Role The Response object
-// @router /get-role [get]
-func (c *ApiController) GetRole() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetRole(id)
-	c.ServeJSON()
-}
-
-// UpdateRole
-// @Title UpdateRole
-// @Tag Role API
-// @Description update role
-// @Param   id     query    string  true        "The id ( owner/name ) of the role"
-// @Param   body    body   object.Role  true        "The details of the role"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-role [post]
-func (c *ApiController) UpdateRole() {
-	id := c.Input().Get("id")
-
-	var role object.Role
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateRole(id, &role))
-	c.ServeJSON()
-}
-
-// AddRole
-// @Title AddRole
-// @Tag Role API
-// @Description add role
-// @Param   body    body   object.Role  true        "The details of the role"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-role [post]
-func (c *ApiController) AddRole() {
-	var role object.Role
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddRole(&role))
-	c.ServeJSON()
-}
-
-// DeleteRole
-// @Title DeleteRole
-// @Tag Role API
-// @Description delete role
-// @Param   body    body   object.Role  true        "The details of the role"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-role [post]
-func (c *ApiController) DeleteRole() {
-	var role object.Role
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteRole(&role))
-	c.ServeJSON()
-}
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -1,34 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-func (c *ApiController) GetSamlMeta() {
-	host := c.Ctx.Request.Host
-	paramApp := c.Input().Get("application")
-	application := object.GetApplication(paramApp)
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
-		return
-	}
-	metadata, _ := object.GetSamlMeta(application, host)
-	c.Data["xml"] = metadata
-	c.ServeXML()
-}
--- a/controllers/service.go
+++ b/controllers/service.go
@@ -1,150 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Casdoor will expose its providers as services to SDK
-// We are going to implement those services as APIs here
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-type EmailForm struct {
-	Title     string   `json:"title"`
-	Content   string   `json:"content"`
-	Sender    string   `json:"sender"`
-	Receivers []string `json:"receivers"`
-	Provider  string   `json:"provider"`
-}
-
-type SmsForm struct {
-	Content   string   `json:"content"`
-	Receivers []string `json:"receivers"`
-	OrgId     string   `json:"organizationId"` // e.g. "admin/built-in"
-}
-
-// SendEmail
-// @Title SendEmail
-// @Tag Service API
-// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
-// @Param   clientId    query    string  true        "The clientId of the application"
-// @Param   clientSecret    query    string  true    "The clientSecret of the application"
-// @Param   from    body   controllers.EmailForm    true         "Details of the email request"
-// @Success 200 {object}  Response object
-// @router /api/send-email [post]
-func (c *ApiController) SendEmail() {
-	var emailForm EmailForm
-
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &emailForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var provider *object.Provider
-	if emailForm.Provider != "" {
-		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
-	} else {
-		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
-		var ok bool
-		provider, _, ok = c.GetProviderFromContext("Email")
-		if !ok {
-			return
-		}
-	}
-
-	// when receiver is the reserved keyword: "TestSmtpServer", it means to test the SMTP server instead of sending a real Email
-	if len(emailForm.Receivers) == 1 && emailForm.Receivers[0] == "TestSmtpServer" {
-		err := object.DailSmtpServer(provider)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk()
-	}
-
-	if util.IsStringsEmpty(emailForm.Title, emailForm.Content, emailForm.Sender) {
-		c.ResponseError(fmt.Sprintf(c.T("service:Empty parameters for emailForm: %v"), emailForm))
-		return
-	}
-
-	invalidReceivers := []string{}
-	for _, receiver := range emailForm.Receivers {
-		if !util.IsEmailValid(receiver) {
-			invalidReceivers = append(invalidReceivers, receiver)
-		}
-	}
-
-	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf(c.T("service:Invalid Email receivers: %s"), invalidReceivers))
-		return
-	}
-
-	code := "123456"
-	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content := fmt.Sprintf(emailForm.Content, code)
-	for _, receiver := range emailForm.Receivers {
-		err = object.SendEmail(provider, emailForm.Title, content, receiver, emailForm.Sender)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.ResponseOk()
-}
-
-// SendSms
-// @Title SendSms
-// @Tag Service API
-// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
-// @Param   clientId    query    string  true        "The clientId of the application"
-// @Param   clientSecret    query    string  true    "The clientSecret of the application"
-// @Param   from    body   controllers.SmsForm    true           "Details of the sms request"
-// @Success 200 {object}  Response object
-// @router /api/send-sms [post]
-func (c *ApiController) SendSms() {
-	provider, _, ok := c.GetProviderFromContext("SMS")
-	if !ok {
-		return
-	}
-
-	var smsForm SmsForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	invalidReceivers := getInvalidSmsReceivers(smsForm)
-	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
-		return
-	}
-
-	err = object.SendSms(provider, smsForm.Content, smsForm.Receivers...)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/session.go
+++ b/controllers/session.go
@@ -1,139 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetSessions
-// @Title GetSessions
-// @Tag Session API
-// @Description Get organization user sessions.
-// @Param   owner     query    string  true        "The organization name"
-// @Success 200 {array} string The Response object
-// @router /get-sessions [get]
-func (c *ApiController) GetSessions() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	owner := c.Input().Get("owner")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetSessions(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSessionCount(owner, field, value)))
-		sessions := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(sessions, paginator.Nums())
-	}
-}
-
-// GetSingleSession
-// @Title GetSingleSession
-// @Tag Session API
-// @Description Get session for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Success 200 {array} string The Response object
-// @router /get-session [get]
-func (c *ApiController) GetSingleSession() {
-	id := c.Input().Get("sessionPkId")
-
-	c.Data["json"] = object.GetSingleSession(id)
-	c.ServeJSON()
-}
-
-// UpdateSession
-// @Title UpdateSession
-// @Tag Session API
-// @Description Update session for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Success 200 {array} string The Response object
-// @router /update-session [post]
-func (c *ApiController) UpdateSession() {
-	var session object.Session
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateSession(util.GetSessionId(session.Owner, session.Name, session.Application), &session))
-	c.ServeJSON()
-}
-
-// AddSession
-// @Title AddSession
-// @Tag Session API
-// @Description Add session for one user in one application. If there are other existing sessions, join the session into the list.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Param   sessionId     query    string  true        "sessionId to be added"
-// @Success 200 {array} string The Response object
-// @router /add-session [post]
-func (c *ApiController) AddSession() {
-	var session object.Session
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddSession(&session))
-	c.ServeJSON()
-}
-
-// DeleteSession
-// @Title DeleteSession
-// @Tag Session API
-// @Description Delete session for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Success 200 {array} string The Response object
-// @router /delete-session [post]
-func (c *ApiController) DeleteSession() {
-	var session object.Session
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteSession(util.GetSessionId(session.Owner, session.Name, session.Application)))
-	c.ServeJSON()
-}
-
-// IsSessionDuplicated
-// @Title IsSessionDuplicated
-// @Tag Session API
-// @Description Check if there are other different sessions for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Param   sessionId     query    string  true        "sessionId to be checked"
-// @Success 200 {array} string The Response object
-// @router /is-session-duplicated [get]
-func (c *ApiController) IsSessionDuplicated() {
-	id := c.Input().Get("sessionPkId")
-	sessionId := c.Input().Get("sessionId")
-
-	isUserSessionDuplicated := object.IsSessionDuplicated(id, sessionId)
-	c.Data["json"] = &Response{Status: "ok", Msg: "", Data: isUserSessionDuplicated}
-
-	c.ServeJSON()
-}
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@@ -1,139 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetSyncers
-// @Title GetSyncers
-// @Tag Syncer API
-// @Description get syncers
-// @Param   owner     query    string  true        "The owner of syncers"
-// @Success 200 {array} object.Syncer The Response object
-// @router /get-syncers [get]
-func (c *ApiController) GetSyncers() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetSyncers(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, field, value)))
-		syncers := object.GetPaginationSyncers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(syncers, paginator.Nums())
-	}
-}
-
-// GetSyncer
-// @Title GetSyncer
-// @Tag Syncer API
-// @Description get syncer
-// @Param   id     query    string  true        "The id ( owner/name ) of the syncer"
-// @Success 200 {object} object.Syncer The Response object
-// @router /get-syncer [get]
-func (c *ApiController) GetSyncer() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetSyncer(id)
-	c.ServeJSON()
-}
-
-// UpdateSyncer
-// @Title UpdateSyncer
-// @Tag Syncer API
-// @Description update syncer
-// @Param   id     query    string  true        "The id ( owner/name ) of the syncer"
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-syncer [post]
-func (c *ApiController) UpdateSyncer() {
-	id := c.Input().Get("id")
-
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateSyncer(id, &syncer))
-	c.ServeJSON()
-}
-
-// AddSyncer
-// @Title AddSyncer
-// @Tag Syncer API
-// @Description add syncer
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-syncer [post]
-func (c *ApiController) AddSyncer() {
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddSyncer(&syncer))
-	c.ServeJSON()
-}
-
-// DeleteSyncer
-// @Title DeleteSyncer
-// @Tag Syncer API
-// @Description delete syncer
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-syncer [post]
-func (c *ApiController) DeleteSyncer() {
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteSyncer(&syncer))
-	c.ServeJSON()
-}
-
-// RunSyncer
-// @Title RunSyncer
-// @Tag Syncer API
-// @Description run syncer
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /run-syncer [get]
-func (c *ApiController) RunSyncer() {
-	id := c.Input().Get("id")
-	syncer := object.GetSyncer(id)
-
-	object.RunSyncer(syncer)
-
-	c.ResponseOk()
-}
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -1,82 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-type SystemInfo struct {
-	MemoryUsed  uint64    `json:"memory_used"`
-	MemoryTotal uint64    `json:"memory_total"`
-	CpuUsage    []float64 `json:"cpu_usage"`
-}
-
-// GetSystemInfo
-// @Title GetSystemInfo
-// @Tag System API
-// @Description get user's system info
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
-// @Success 200 {object} object.SystemInfo The Response object
-// @router /get-system-info [get]
-func (c *ApiController) GetSystemInfo() {
-	id := c.GetString("id")
-	if id == "" {
-		id = c.GetSessionUsername()
-	}
-
-	user := object.GetUser(id)
-	if user == nil || !user.IsGlobalAdmin {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	cpuUsage, err := util.GetCpuUsage()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	memoryUsed, memoryTotal, err := util.GetMemoryUsage()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = SystemInfo{
-		CpuUsage:    cpuUsage,
-		MemoryUsed:  memoryUsed,
-		MemoryTotal: memoryTotal,
-	}
-	c.ServeJSON()
-}
-
-// GitRepoVersion
-// @Title GitRepoVersion
-// @Tag System API
-// @Description get local github repo's latest release version info
-// @Success 200 {string} local latest version hash of casdoor
-// @router /get-release [get]
-func (c *ApiController) GitRepoVersion() {
-	version, err := util.GetGitRepoVersion()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = version
-	c.ServeJSON()
-}
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -1,321 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetTokens
-// @Title GetTokens
-// @Tag Token API
-// @Description get tokens
-// @Param   owner     query    string  true        "The owner of tokens"
-// @Param   pageSize     query    string  true        "The size of each page"
-// @Param   p     query    string  true        "The number of the page"
-// @Success 200 {array} object.Token The Response object
-// @router /get-tokens [get]
-func (c *ApiController) GetTokens() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetTokens(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, field, value)))
-		tokens := object.GetPaginationTokens(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(tokens, paginator.Nums())
-	}
-}
-
-// GetToken
-// @Title GetToken
-// @Tag Token API
-// @Description get token
-// @Param   id     query    string  true        "The id ( owner/name ) of token"
-// @Success 200 {object} object.Token The Response object
-// @router /get-token [get]
-func (c *ApiController) GetToken() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetToken(id)
-	c.ServeJSON()
-}
-
-// UpdateToken
-// @Title UpdateToken
-// @Tag Token API
-// @Description update token
-// @Param   id     query    string  true        "The id ( owner/name ) of token"
-// @Param   body    body   object.Token  true        "Details of the token"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-token [post]
-func (c *ApiController) UpdateToken() {
-	id := c.Input().Get("id")
-
-	var token object.Token
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateToken(id, &token))
-	c.ServeJSON()
-}
-
-// AddToken
-// @Title AddToken
-// @Tag Token API
-// @Description add token
-// @Param   body    body   object.Token  true        "Details of the token"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-token [post]
-func (c *ApiController) AddToken() {
-	var token object.Token
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddToken(&token))
-	c.ServeJSON()
-}
-
-// DeleteToken
-// @Tag Token API
-// @Title DeleteToken
-// @Description delete token
-// @Param   body    body   object.Token  true        "Details of the token"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-token [post]
-func (c *ApiController) DeleteToken() {
-	var token object.Token
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteToken(&token))
-	c.ServeJSON()
-}
-
-// GetOAuthCode
-// @Title GetOAuthCode
-// @Tag Token API
-// @Description get OAuth code
-// @Param   id     query    string  true        "The id ( owner/name ) of user"
-// @Param   client_id     query    string  true        "OAuth client id"
-// @Param   response_type     query    string  true        "OAuth response type"
-// @Param   redirect_uri     query    string  true        "OAuth redirect URI"
-// @Param   scope     query    string  true        "OAuth scope"
-// @Param   state     query    string  true        "OAuth state"
-// @Success 200 {object} object.TokenWrapper The Response object
-// @router /login/oauth/code [post]
-func (c *ApiController) GetOAuthCode() {
-	userId := c.Input().Get("user_id")
-	clientId := c.Input().Get("client_id")
-	responseType := c.Input().Get("response_type")
-	redirectUri := c.Input().Get("redirect_uri")
-	scope := c.Input().Get("scope")
-	state := c.Input().Get("state")
-	nonce := c.Input().Get("nonce")
-
-	challengeMethod := c.Input().Get("code_challenge_method")
-	codeChallenge := c.Input().Get("code_challenge")
-
-	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-		c.ResponseError(c.T("auth:Challenge method should be S256"))
-		return
-	}
-	host := c.Ctx.Request.Host
-
-	c.Data["json"] = object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, host, c.GetAcceptLanguage())
-	c.ServeJSON()
-}
-
-// GetOAuthToken
-// @Title GetOAuthToken
-// @Tag Token API
-// @Description get OAuth access token
-// @Param   grant_type     query    string  true        "OAuth grant type"
-// @Param   client_id     query    string  true        "OAuth client id"
-// @Param   client_secret     query    string  true        "OAuth client secret"
-// @Param   code     query    string  true        "OAuth code"
-// @Success 200 {object} object.TokenWrapper The Response object
-// @Success 400 {object} object.TokenError The Response object
-// @Success 401 {object} object.TokenError The Response object
-// @router /login/oauth/access_token [post]
-func (c *ApiController) GetOAuthToken() {
-	grantType := c.Input().Get("grant_type")
-	refreshToken := c.Input().Get("refresh_token")
-	clientId := c.Input().Get("client_id")
-	clientSecret := c.Input().Get("client_secret")
-	code := c.Input().Get("code")
-	verifier := c.Input().Get("code_verifier")
-	scope := c.Input().Get("scope")
-	username := c.Input().Get("username")
-	password := c.Input().Get("password")
-	tag := c.Input().Get("tag")
-	avatar := c.Input().Get("avatar")
-
-	if clientId == "" && clientSecret == "" {
-		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
-	}
-	if clientId == "" {
-		// If clientID is empty, try to read data from RequestBody
-		var tokenRequest TokenRequest
-		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
-			clientId = tokenRequest.ClientId
-			clientSecret = tokenRequest.ClientSecret
-			grantType = tokenRequest.GrantType
-			refreshToken = tokenRequest.RefreshToken
-			code = tokenRequest.Code
-			verifier = tokenRequest.Verifier
-			scope = tokenRequest.Scope
-			username = tokenRequest.Username
-			password = tokenRequest.Password
-			tag = tokenRequest.Tag
-			avatar = tokenRequest.Avatar
-		}
-	}
-	host := c.Ctx.Request.Host
-
-	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
-	c.SetTokenErrorHttpStatus()
-	c.ServeJSON()
-}
-
-// RefreshToken
-// @Title RefreshToken
-// @Tag Token API
-// @Description refresh OAuth access token
-// @Param   grant_type     query    string  true        "OAuth grant type"
-// @Param	refresh_token	query	string	true		"OAuth refresh token"
-// @Param   scope     query    string  true        "OAuth scope"
-// @Param   client_id     query    string  true        "OAuth client id"
-// @Param   client_secret     query    string  false        "OAuth client secret"
-// @Success 200 {object} object.TokenWrapper The Response object
-// @Success 400 {object} object.TokenError The Response object
-// @Success 401 {object} object.TokenError The Response object
-// @router /login/oauth/refresh_token [post]
-func (c *ApiController) RefreshToken() {
-	grantType := c.Input().Get("grant_type")
-	refreshToken := c.Input().Get("refresh_token")
-	scope := c.Input().Get("scope")
-	clientId := c.Input().Get("client_id")
-	clientSecret := c.Input().Get("client_secret")
-	host := c.Ctx.Request.Host
-
-	if clientId == "" {
-		// If clientID is empty, try to read data from RequestBody
-		var tokenRequest TokenRequest
-		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
-			clientId = tokenRequest.ClientId
-			clientSecret = tokenRequest.ClientSecret
-			grantType = tokenRequest.GrantType
-			scope = tokenRequest.Scope
-			refreshToken = tokenRequest.RefreshToken
-		}
-	}
-
-	c.Data["json"] = object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
-	c.SetTokenErrorHttpStatus()
-	c.ServeJSON()
-}
-
-// IntrospectToken
-// @Title IntrospectToken
-// @Description The introspection endpoint is an OAuth 2.0 endpoint that takes a
-// parameter representing an OAuth 2.0 token and returns a JSON document
-// representing the meta information surrounding the
-// token, including whether this token is currently active.
-// This endpoint only support Basic Authorization.
-//
-// @Param token formData string true "access_token's value or refresh_token's value"
-// @Param token_type_hint formData string true "the token type access_token or refresh_token"
-// @Success 200 {object} object.IntrospectionResponse The Response object
-// @Success 400 {object} object.TokenError The Response object
-// @Success 401 {object} object.TokenError The Response object
-// @router /login/oauth/introspect [post]
-func (c *ApiController) IntrospectToken() {
-	tokenValue := c.Input().Get("token")
-	clientId, clientSecret, ok := c.Ctx.Request.BasicAuth()
-	if !ok {
-		clientId = c.Input().Get("client_id")
-		clientSecret = c.Input().Get("client_secret")
-		if clientId == "" || clientSecret == "" {
-			c.ResponseError(c.T("token:Empty clientId or clientSecret"))
-			c.Data["json"] = &object.TokenError{
-				Error: object.InvalidRequest,
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			return
-		}
-	}
-	application := object.GetApplicationByClientId(clientId)
-	if application == nil || application.ClientSecret != clientSecret {
-		c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
-		c.Data["json"] = &object.TokenError{
-			Error: object.InvalidClient,
-		}
-		c.SetTokenErrorHttpStatus()
-		return
-	}
-	token := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
-	if token == nil {
-		c.Data["json"] = &object.IntrospectionResponse{Active: false}
-		c.ServeJSON()
-		return
-	}
-	jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
-	if err != nil || jwtToken.Valid() != nil {
-		// and token revoked case. but we not implement
-		// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
-		// refs: https://tools.ietf.org/html/rfc7009
-		c.Data["json"] = &object.IntrospectionResponse{Active: false}
-		c.ServeJSON()
-		return
-	}
-
-	c.Data["json"] = &object.IntrospectionResponse{
-		Active:    true,
-		Scope:     jwtToken.Scope,
-		ClientId:  clientId,
-		Username:  token.User,
-		TokenType: token.TokenType,
-		Exp:       jwtToken.ExpiresAt.Unix(),
-		Iat:       jwtToken.IssuedAt.Unix(),
-		Nbf:       jwtToken.NotBefore.Unix(),
-		Sub:       jwtToken.Subject,
-		Aud:       jwtToken.Audience,
-		Iss:       jwtToken.Issuer,
-		Jti:       jwtToken.Id,
-	}
-	c.ServeJSON()
-}
--- a/controllers/types.go
+++ b/controllers/types.go
@@ -1,29 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-type TokenRequest struct {
-	GrantType    string `json:"grant_type"`
-	Code         string `json:"code"`
-	ClientId     string `json:"client_id"`
-	ClientSecret string `json:"client_secret"`
-	Verifier     string `json:"code_verifier"`
-	Scope        string `json:"scope"`
-	Username     string `json:"username"`
-	Password     string `json:"password"`
-	Tag          string `json:"tag"`
-	Avatar       string `json:"avatar"`
-	RefreshToken string `json:"refresh_token"`
-}
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -1,372 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGlobalUsers
-// @Title GetGlobalUsers
-// @Tag User API
-// @Description get global users
-// @Success 200 {array} object.User The Response object
-// @router /get-global-users [get]
-func (c *ApiController) GetGlobalUsers() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedUsers(object.GetGlobalUsers())
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalUserCount(field, value)))
-		users := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		users = object.GetMaskedUsers(users)
-		c.ResponseOk(users, paginator.Nums())
-	}
-}
-
-// GetUsers
-// @Title GetUsers
-// @Tag User API
-// @Description
-// @Param   owner     query    string  true        "The owner of users"
-// @Success 200 {array} object.User The Response object
-// @router /get-users [get]
-func (c *ApiController) GetUsers() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedUsers(object.GetUsers(owner))
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetUserCount(owner, field, value)))
-		users := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		users = object.GetMaskedUsers(users)
-		c.ResponseOk(users, paginator.Nums())
-	}
-}
-
-// GetUser
-// @Title GetUser
-// @Tag User API
-// @Description get user
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
-// @Param   owner  query    string  false        "The owner of the user"
-// @Param   email  query    string  false 	     "The email of the user"
-// @Param   phone  query    string  false 	     "The phone of the user"
-// @Success 200 {object} object.User The Response object
-// @router /get-user [get]
-func (c *ApiController) GetUser() {
-	id := c.Input().Get("id")
-	email := c.Input().Get("email")
-	phone := c.Input().Get("phone")
-	userId := c.Input().Get("userId")
-
-	owner := c.Input().Get("owner")
-	if owner == "" {
-		owner, _ = util.GetOwnerAndNameFromId(id)
-	}
-
-	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", owner))
-	if !organization.IsProfilePublic {
-		requestUserId := c.GetSessionUsername()
-		hasPermission, err := object.CheckUserPermission(requestUserId, id, owner, false, c.GetAcceptLanguage())
-		if !hasPermission {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	var user *object.User
-	switch {
-	case email != "":
-		user = object.GetUserByEmail(owner, email)
-	case phone != "":
-		user = object.GetUserByPhone(owner, phone)
-	case userId != "":
-		user = object.GetUserByUserId(owner, userId)
-	default:
-		user = object.GetUser(id)
-	}
-
-	object.ExtendUserWithRolesAndPermissions(user)
-
-	c.Data["json"] = object.GetMaskedUser(user)
-	c.ServeJSON()
-}
-
-// UpdateUser
-// @Title UpdateUser
-// @Tag User API
-// @Description update user
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
-// @Param   body    body   object.User  true        "The details of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-user [post]
-func (c *ApiController) UpdateUser() {
-	id := c.Input().Get("id")
-	columnsStr := c.Input().Get("columns")
-
-	if id == "" {
-		id = c.GetSessionUsername()
-	}
-
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if msg := object.CheckUpdateUser(object.GetUser(id), &user, c.GetAcceptLanguage()); msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	columns := []string{}
-	if columnsStr != "" {
-		columns = strings.Split(columnsStr, ",")
-	}
-
-	isGlobalAdmin := c.IsGlobalAdmin()
-
-	if pass, err := checkPermissionForUpdateUser(id, user, c); !pass {
-		c.ResponseError(err)
-		return
-	}
-
-	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
-	if affected {
-		object.UpdateUserToOriginalDatabase(&user)
-	}
-
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-// AddUser
-// @Title AddUser
-// @Tag User API
-// @Description add user
-// @Param   body    body   object.User  true        "The details of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-user [post]
-func (c *ApiController) AddUser() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count := object.GetUserCount("", "", "")
-	if err := checkQuotaForUser(count); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	msg := object.CheckUsername(user.Name, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
-	c.ServeJSON()
-}
-
-// DeleteUser
-// @Title DeleteUser
-// @Tag User API
-// @Description delete user
-// @Param   body    body   object.User  true        "The details of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-user [post]
-func (c *ApiController) DeleteUser() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteUser(&user))
-	c.ServeJSON()
-}
-
-// GetEmailAndPhone
-// @Title GetEmailAndPhone
-// @Tag User API
-// @Description get email and phone by username
-// @Param   username    formData   string  true        "The username of the user"
-// @Param   organization    formData   string  true        "The organization of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /get-email-and-phone [get]
-func (c *ApiController) GetEmailAndPhone() {
-	organization := c.Ctx.Request.Form.Get("organization")
-	username := c.Ctx.Request.Form.Get("username")
-
-	user := object.GetUserByFields(organization, username)
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(organization, username)))
-		return
-	}
-
-	respUser := object.User{Name: user.Name}
-	var contentType string
-	switch username {
-	case user.Email:
-		contentType = "email"
-		respUser.Email = user.Email
-	case user.Phone:
-		contentType = "phone"
-		respUser.Phone = user.Phone
-	case user.Name:
-		contentType = "username"
-		respUser.Email = util.GetMaskedEmail(user.Email)
-		respUser.Phone = util.GetMaskedPhone(user.Phone)
-	}
-
-	c.ResponseOk(respUser, contentType)
-}
-
-// SetPassword
-// @Title SetPassword
-// @Tag Account API
-// @Description set password
-// @Param   userOwner   formData    string  true        "The owner of the user"
-// @Param   userName   formData    string  true        "The name of the user"
-// @Param   oldPassword   formData    string  true        "The old password of the user"
-// @Param   newPassword   formData    string  true        "The new password of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /set-password [post]
-func (c *ApiController) SetPassword() {
-	userOwner := c.Ctx.Request.Form.Get("userOwner")
-	userName := c.Ctx.Request.Form.Get("userName")
-	oldPassword := c.Ctx.Request.Form.Get("oldPassword")
-	newPassword := c.Ctx.Request.Form.Get("newPassword")
-
-	requestUserId := c.GetSessionUsername()
-	userId := util.GetId(userOwner, userName)
-
-	hasPermission, err := object.CheckUserPermission(requestUserId, userId, userOwner, true, c.GetAcceptLanguage())
-	if !hasPermission {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	targetUser := object.GetUser(userId)
-
-	if oldPassword != "" {
-		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-		if msg != "" {
-			c.ResponseError(msg)
-			return
-		}
-	}
-
-	if strings.Contains(newPassword, " ") {
-		c.ResponseError(c.T("user:New password cannot contain blank space."))
-		return
-	}
-
-	if len(newPassword) <= 5 {
-		c.ResponseError(c.T("user:New password must have at least 6 characters"))
-		return
-	}
-
-	targetUser.Password = newPassword
-	object.SetUserField(targetUser, "password", targetUser.Password)
-	c.ResponseOk()
-}
-
-// CheckUserPassword
-// @Title CheckUserPassword
-// @router /check-user-password [post]
-// @Tag User API
-func (c *ApiController) CheckUserPassword() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
-	if msg == "" {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(msg)
-	}
-}
-
-// GetSortedUsers
-// @Title GetSortedUsers
-// @Tag User API
-// @Description
-// @Param   owner     query    string  true        "The owner of users"
-// @Param   sorter     query    string  true        "The DB column name to sort by, e.g., created_time"
-// @Param   limit     query    string  true        "The count of users to return, e.g., 25"
-// @Success 200 {array} object.User The Response object
-// @router /get-sorted-users [get]
-func (c *ApiController) GetSortedUsers() {
-	owner := c.Input().Get("owner")
-	sorter := c.Input().Get("sorter")
-	limit := util.ParseInt(c.Input().Get("limit"))
-
-	c.Data["json"] = object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
-	c.ServeJSON()
-}
-
-// GetUserCount
-// @Title GetUserCount
-// @Tag User API
-// @Description
-// @Param   owner     query    string  true        "The owner of users"
-// @Param   isOnline     query    string  true        "The filter for query, 1 for online, 0 for offline, empty string for all users"
-// @Success 200 {int} int The count of filtered users for an organization
-// @router /get-user-count [get]
-func (c *ApiController) GetUserCount() {
-	owner := c.Input().Get("owner")
-	isOnline := c.Input().Get("isOnline")
-
-	count := 0
-	if isOnline == "" {
-		count = object.GetUserCount(owner, "", "")
-	} else {
-		count = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
-	}
-
-	c.Data["json"] = count
-	c.ServeJSON()
-}
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@@ -1,66 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"io"
-	"mime/multipart"
-	"os"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func saveFile(path string, file *multipart.File) (err error) {
-	f, err := os.Create(path)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	_, err = io.Copy(f, *file)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *ApiController) UploadUsers() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
-	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected := object.UploadUsers(owner, fileId)
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}
--- a/controllers/user_util.go
+++ b/controllers/user_util.go
@@ -1,139 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-func checkPermissionForUpdateUser(userId string, newUser object.User, c *ApiController) (bool, string) {
-	oldUser := object.GetUser(userId)
-	organization := object.GetOrganizationByUser(oldUser)
-	var itemsChanged []*object.AccountItem
-
-	if oldUser.Owner != newUser.Owner {
-		item := object.GetAccountItemByName("Organization", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Name != newUser.Name {
-		item := object.GetAccountItemByName("Name", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Id != newUser.Id {
-		item := object.GetAccountItemByName("ID", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.DisplayName != newUser.DisplayName {
-		item := object.GetAccountItemByName("Display name", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Avatar != newUser.Avatar {
-		item := object.GetAccountItemByName("Avatar", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Type != newUser.Type {
-		item := object.GetAccountItemByName("User type", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	// The password is *** when not modified
-	if oldUser.Password != newUser.Password && newUser.Password != "***" {
-		item := object.GetAccountItemByName("Password", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Email != newUser.Email {
-		item := object.GetAccountItemByName("Email", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Phone != newUser.Phone {
-		item := object.GetAccountItemByName("Phone", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.CountryCode != newUser.CountryCode {
-		item := object.GetAccountItemByName("Country code", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Region != newUser.Region {
-		item := object.GetAccountItemByName("Country/Region", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Location != newUser.Location {
-		item := object.GetAccountItemByName("Location", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Affiliation != newUser.Affiliation {
-		item := object.GetAccountItemByName("Affiliation", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Title != newUser.Title {
-		item := object.GetAccountItemByName("Title", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Homepage != newUser.Homepage {
-		item := object.GetAccountItemByName("Homepage", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Bio != newUser.Bio {
-		item := object.GetAccountItemByName("Bio", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.Tag != newUser.Tag {
-		item := object.GetAccountItemByName("Tag", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.SignupApplication != newUser.SignupApplication {
-		item := object.GetAccountItemByName("Signup application", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-
-	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
-	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
-	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
-		item := object.GetAccountItemByName("Properties", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-
-	if oldUser.IsAdmin != newUser.IsAdmin {
-		item := object.GetAccountItemByName("Is admin", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.IsGlobalAdmin != newUser.IsGlobalAdmin {
-		item := object.GetAccountItemByName("Is global admin", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.IsForbidden != newUser.IsForbidden {
-		item := object.GetAccountItemByName("Is forbidden", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-	if oldUser.IsDeleted != newUser.IsDeleted {
-		item := object.GetAccountItemByName("Is deleted", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-
-	currentUser := c.getCurrentUser()
-	if currentUser == nil && c.IsGlobalAdmin() {
-		currentUser = &object.User{
-			IsGlobalAdmin: true,
-		}
-	}
-
-	for i := range itemsChanged {
-		if pass, err := object.CheckAccountItemModifyRule(itemsChanged[i], currentUser, c.GetAcceptLanguage()); !pass {
-			return pass, err
-		}
-	}
-	return true, ""
-}
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -1,210 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"strconv"
-
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/i18n"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// ResponseJsonData ...
-func (c *ApiController) ResponseJsonData(resp *Response, data ...interface{}) {
-	switch len(data) {
-	case 2:
-		resp.Data2 = data[1]
-		fallthrough
-	case 1:
-		resp.Data = data[0]
-	}
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-// ResponseOk ...
-func (c *ApiController) ResponseOk(data ...interface{}) {
-	resp := &Response{Status: "ok"}
-	c.ResponseJsonData(resp, data...)
-}
-
-// ResponseError ...
-func (c *ApiController) ResponseError(error string, data ...interface{}) {
-	resp := &Response{Status: "error", Msg: error}
-	c.ResponseJsonData(resp, data...)
-}
-
-func (c *ApiController) T(error string) string {
-	return i18n.Translate(c.GetAcceptLanguage(), error)
-}
-
-// GetAcceptLanguage ...
-func (c *ApiController) GetAcceptLanguage() string {
-	language := c.Ctx.Request.Header.Get("Accept-Language")
-	return conf.GetLanguage(language)
-}
-
-// SetTokenErrorHttpStatus ...
-func (c *ApiController) SetTokenErrorHttpStatus() {
-	_, ok := c.Data["json"].(*object.TokenError)
-	if ok {
-		if c.Data["json"].(*object.TokenError).Error == object.InvalidClient {
-			c.Ctx.Output.SetStatus(401)
-			c.Ctx.Output.Header("WWW-Authenticate", "Basic realm=\"OAuth2\"")
-		} else {
-			c.Ctx.Output.SetStatus(400)
-		}
-	}
-	_, ok = c.Data["json"].(*object.TokenWrapper)
-	if ok {
-		c.Ctx.Output.SetStatus(200)
-	}
-}
-
-// RequireSignedIn ...
-func (c *ApiController) RequireSignedIn() (string, bool) {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
-		return "", false
-	}
-	return userId, true
-}
-
-// RequireSignedInUser ...
-func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return nil, false
-	}
-
-	user := object.GetUser(userId)
-	if user == nil {
-		c.ClearUserSession()
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return nil, false
-	}
-	return user, true
-}
-
-// RequireAdmin ...
-func (c *ApiController) RequireAdmin() (string, bool) {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return "", false
-	}
-
-	if user.Owner == "built-in" {
-		return "", true
-	}
-	return user.Owner, true
-}
-
-func getInitScore(organization *object.Organization) (int, error) {
-	if organization != nil {
-		return organization.InitScore, nil
-	} else {
-		return strconv.Atoi(conf.GetConfigString("initScore"))
-	}
-}
-
-func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
-	providerName := c.Input().Get("provider")
-	if providerName != "" {
-		provider := object.GetProvider(util.GetId("admin", providerName))
-		if provider == nil {
-			c.ResponseError(c.T("util:The provider: %s is not found"), providerName)
-			return nil, nil, false
-		}
-		return provider, nil, true
-	}
-
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return nil, nil, false
-	}
-
-	application, user := object.GetApplicationByUserId(userId)
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("util:No application is found for userId: %s"), userId))
-		return nil, nil, false
-	}
-
-	provider := application.GetProviderByCategory(category)
-	if provider == nil {
-		c.ResponseError(fmt.Sprintf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name))
-		return nil, nil, false
-	}
-
-	return provider, user, true
-}
-
-func checkQuotaForApplication(count int) error {
-	quota := conf.GetConfigQuota().Application
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("application quota is exceeded")
-	}
-	return nil
-}
-
-func checkQuotaForOrganization(count int) error {
-	quota := conf.GetConfigQuota().Organization
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("organization quota is exceeded")
-	}
-	return nil
-}
-
-func checkQuotaForProvider(count int) error {
-	quota := conf.GetConfigQuota().Provider
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("provider quota is exceeded")
-	}
-	return nil
-}
-
-func checkQuotaForUser(count int) error {
-	quota := conf.GetConfigQuota().User
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("user quota is exceeded")
-	}
-	return nil
-}
-
-func getInvalidSmsReceivers(smsForm SmsForm) []string {
-	var invalidReceivers []string
-	for _, receiver := range smsForm.Receivers {
-		// The receiver phone format: E164 like +8613854673829 +441932567890
-		if !util.IsPhoneValid(receiver, "") {
-			invalidReceivers = append(invalidReceivers, receiver)
-		}
-	}
-	return invalidReceivers
-}
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -1,279 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/casdoor/casdoor/captcha"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-const (
-	SignupVerification = "signup"
-	ResetVerification  = "reset"
-	LoginVerification  = "login"
-	ForgetVerification = "forget"
-)
-
-func (c *ApiController) getCurrentUser() *object.User {
-	var user *object.User
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		user = nil
-	} else {
-		user = object.GetUser(userId)
-	}
-	return user
-}
-
-// SendVerificationCode ...
-// @Title SendVerificationCode
-// @Tag Verification API
-// @router /send-verification-code [post]
-func (c *ApiController) SendVerificationCode() {
-	destType := c.Ctx.Request.Form.Get("type")
-	dest := c.Ctx.Request.Form.Get("dest")
-	countryCode := c.Ctx.Request.Form.Get("countryCode")
-	checkType := c.Ctx.Request.Form.Get("checkType")
-	clientSecret := c.Ctx.Request.Form.Get("clientSecret")
-	captchaToken := c.Ctx.Request.Form.Get("captchaToken")
-	applicationId := c.Ctx.Request.Form.Get("applicationId")
-	method := c.Ctx.Request.Form.Get("method")
-	checkUser := c.Ctx.Request.Form.Get("checkUser")
-	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)
-
-	if dest == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": dest.")
-		return
-	}
-	if applicationId == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": applicationId.")
-		return
-	}
-	if checkType == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": checkType.")
-		return
-	}
-	if !strings.Contains(applicationId, "/") {
-		c.ResponseError(c.T("verification:Wrong parameter") + ": applicationId.")
-		return
-	}
-
-	if checkType != "none" {
-		if captchaToken == "" {
-			c.ResponseError(c.T("general:Missing parameter") + ": captchaToken.")
-			return
-		}
-
-		if captchaProvider := captcha.GetCaptchaProvider(checkType); captchaProvider == nil {
-			c.ResponseError(c.T("general:don't support captchaProvider: ") + checkType)
-			return
-		} else if isHuman, err := captchaProvider.VerifyCaptcha(captchaToken, clientSecret); err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else if !isHuman {
-			c.ResponseError(c.T("verification:Turing test failed."))
-			return
-		}
-	}
-
-	application := object.GetApplication(applicationId)
-	organization := object.GetOrganization(util.GetId(application.Owner, application.Organization))
-	if organization == nil {
-		c.ResponseError(c.T("verification:Organization does not exist"))
-		return
-	}
-
-	var user *object.User
-	// checkUser != "", means method is ForgetVerification
-	if checkUser != "" {
-		owner := application.Organization
-		user = object.GetUser(util.GetId(owner, checkUser))
-	}
-
-	sendResp := errors.New("invalid dest type")
-
-	switch destType {
-	case "email":
-		if !util.IsEmailValid(dest) {
-			c.ResponseError(c.T("verification:Email is invalid"))
-			return
-		}
-
-		if method == LoginVerification || method == ForgetVerification {
-			if user != nil && util.GetMaskedEmail(user.Email) == dest {
-				dest = user.Email
-			}
-
-			user = object.GetUserByEmail(organization.Name, dest)
-			if user == nil {
-				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-				return
-			}
-		} else if method == ResetVerification {
-			user = c.getCurrentUser()
-		}
-
-		provider := application.GetEmailProvider()
-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
-	case "phone":
-		if method == LoginVerification || method == ForgetVerification {
-			if user != nil && util.GetMaskedPhone(user.Phone) == dest {
-				dest = user.Phone
-			}
-
-			if user = object.GetUserByPhone(organization.Name, dest); user == nil {
-				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-				return
-			}
-
-			countryCode = user.GetCountryCode(countryCode)
-		} else if method == ResetVerification {
-			if user = c.getCurrentUser(); user != nil {
-				countryCode = user.GetCountryCode(countryCode)
-			}
-		}
-
-		provider := application.GetSmsProvider()
-		if phone, ok := util.GetE164Number(dest, countryCode); !ok {
-			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), countryCode))
-			return
-		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, phone)
-		}
-	}
-
-	if sendResp != nil {
-		c.ResponseError(sendResp.Error())
-	} else {
-		c.ResponseOk()
-	}
-}
-
-// ResetEmailOrPhone ...
-// @Tag Account API
-// @Title ResetEmailOrPhone
-// @router /api/reset-email-or-phone [post]
-func (c *ApiController) ResetEmailOrPhone() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	destType := c.Ctx.Request.Form.Get("type")
-	dest := c.Ctx.Request.Form.Get("dest")
-	code := c.Ctx.Request.Form.Get("code")
-
-	if util.IsStringsEmpty(destType, dest, code) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	checkDest := dest
-	organization := object.GetOrganizationByUser(user)
-	if destType == "phone" {
-		if object.HasUserByField(user.Owner, "phone", dest) {
-			c.ResponseError(c.T("check:Phone already exists"))
-			return
-		}
-
-		phoneItem := object.GetAccountItemByName("Phone", organization)
-		if phoneItem == nil {
-			c.ResponseError(c.T("verification:Unable to get the phone modify rule."))
-			return
-		}
-
-		if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user, c.GetAcceptLanguage()); !pass {
-			c.ResponseError(errMsg)
-			return
-		}
-		if checkDest, ok = util.GetE164Number(dest, user.GetCountryCode("")); !ok {
-			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), user.CountryCode))
-			return
-		}
-	} else if destType == "email" {
-		if object.HasUserByField(user.Owner, "email", dest) {
-			c.ResponseError(c.T("check:Email already exists"))
-			return
-		}
-
-		emailItem := object.GetAccountItemByName("Email", organization)
-		if emailItem == nil {
-			c.ResponseError(c.T("verification:Unable to get the email modify rule."))
-			return
-		}
-
-		if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user, c.GetAcceptLanguage()); !pass {
-			c.ResponseError(errMsg)
-			return
-		}
-	}
-	if msg := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); len(msg) != 0 {
-		c.ResponseError(msg)
-		return
-	}
-
-	switch destType {
-	case "email":
-		user.Email = dest
-		object.SetUserField(user, "email", user.Email)
-	case "phone":
-		user.Phone = dest
-		object.SetUserField(user, "phone", user.Phone)
-	default:
-		c.ResponseError(c.T("verification:Unknown type"))
-		return
-	}
-
-	object.DisableVerificationCode(checkDest)
-	c.ResponseOk()
-}
-
-// VerifyCaptcha ...
-// @Title VerifyCaptcha
-// @Tag Verification API
-// @router /verify-captcha [post]
-func (c *ApiController) VerifyCaptcha() {
-	captchaType := c.Ctx.Request.Form.Get("captchaType")
-
-	captchaToken := c.Ctx.Request.Form.Get("captchaToken")
-	clientSecret := c.Ctx.Request.Form.Get("clientSecret")
-	if captchaToken == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": captchaToken.")
-		return
-	}
-	if clientSecret == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": clientSecret.")
-		return
-	}
-
-	provider := captcha.GetCaptchaProvider(captchaType)
-	if provider == nil {
-		c.ResponseError(c.T("verification:Invalid captcha provider."))
-		return
-	}
-
-	isValid, err := provider.VerifyCaptcha(captchaToken, clientSecret)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(isValid)
-}
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -1,155 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-	"github.com/duo-labs/webauthn/protocol"
-	"github.com/duo-labs/webauthn/webauthn"
-)
-
-// WebAuthnSignupBegin
-// @Title WebAuthnSignupBegin
-// @Tag User API
-// @Description WebAuthn Registration Flow 1st stage
-// @Success 200 {object} protocol.CredentialCreation The CredentialCreationOptions object
-// @router /webauthn/signup/begin [get]
-func (c *ApiController) WebAuthnSignupBegin() {
-	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	user := c.getCurrentUser()
-	if user == nil {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	registerOptions := func(credCreationOpts *protocol.PublicKeyCredentialCreationOptions) {
-		credCreationOpts.CredentialExcludeList = user.CredentialExcludeList()
-	}
-	options, sessionData, err := webauthnObj.BeginRegistration(
-		user,
-		registerOptions,
-	)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSession("registration", *sessionData)
-	c.Data["json"] = options
-	c.ServeJSON()
-}
-
-// WebAuthnSignupFinish
-// @Title WebAuthnSignupFinish
-// @Tag User API
-// @Description WebAuthn Registration Flow 2nd stage
-// @Param   body    body   protocol.CredentialCreationResponse  true        "authenticator attestation Response"
-// @Success 200 {object} Response "The Response object"
-// @router /webauthn/signup/finish [post]
-func (c *ApiController) WebAuthnSignupFinish() {
-	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	user := c.getCurrentUser()
-	if user == nil {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-	sessionObj := c.GetSession("registration")
-	sessionData, ok := sessionObj.(webauthn.SessionData)
-	if !ok {
-		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
-		return
-	}
-	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-
-	credential, err := webauthnObj.FinishRegistration(user, sessionData, c.Ctx.Request)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	isGlobalAdmin := c.IsGlobalAdmin()
-	user.AddCredentials(*credential, isGlobalAdmin)
-	c.ResponseOk()
-}
-
-// WebAuthnSigninBegin
-// @Title WebAuthnSigninBegin
-// @Tag Login API
-// @Description WebAuthn Login Flow 1st stage
-// @Param   owner     query    string  true        "owner"
-// @Param   name     query    string  true        "name"
-// @Success 200 {object} protocol.CredentialAssertion The CredentialAssertion object
-// @router /webauthn/signin/begin [get]
-func (c *ApiController) WebAuthnSigninBegin() {
-	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	userOwner := c.Input().Get("owner")
-	userName := c.Input().Get("name")
-	user := object.GetUserByFields(userOwner, userName)
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-		return
-	}
-	if len(user.WebauthnCredentials) == 0 {
-		c.ResponseError(c.T("webauthn:Found no credentials for this user"))
-		return
-	}
-
-	options, sessionData, err := webauthnObj.BeginLogin(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSession("authentication", *sessionData)
-	c.Data["json"] = options
-	c.ServeJSON()
-}
-
-// WebAuthnSigninFinish
-// @Title WebAuthnSigninBegin
-// @Tag Login API
-// @Description WebAuthn Login Flow 2nd stage
-// @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
-// @Success 200 {object} Response "The Response object"
-// @router /webauthn/signin/finish [post]
-func (c *ApiController) WebAuthnSigninFinish() {
-	responseType := c.Input().Get("responseType")
-	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	sessionObj := c.GetSession("authentication")
-	sessionData, ok := sessionObj.(webauthn.SessionData)
-	if !ok {
-		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
-		return
-	}
-	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-	userId := string(sessionData.UserID)
-	user := object.GetUser(userId)
-	_, err := webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSessionUsername(userId)
-	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-
-	application := object.GetApplicationByUser(user)
-	var form RequestForm
-	form.Type = responseType
-	resp := c.HandleLoggedIn(application, user, &form)
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@@ -1,123 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetWebhooks
-// @Title GetWebhooks
-// @Tag Webhook API
-// @Description get webhooks
-// @Param   owner     query    string  true        "The owner of webhooks"
-// @Success 200 {array} object.Webhook The Response object
-// @router /get-webhooks [get]
-func (c *ApiController) GetWebhooks() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
-		c.Data["json"] = object.GetWebhooks(owner)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, field, value)))
-		webhooks := object.GetPaginationWebhooks(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		c.ResponseOk(webhooks, paginator.Nums())
-	}
-}
-
-// GetWebhook
-// @Title GetWebhook
-// @Tag Webhook API
-// @Description get webhook
-// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
-// @Success 200 {object} object.Webhook The Response object
-// @router /get-webhook [get]
-func (c *ApiController) GetWebhook() {
-	id := c.Input().Get("id")
-
-	c.Data["json"] = object.GetWebhook(id)
-	c.ServeJSON()
-}
-
-// UpdateWebhook
-// @Title UpdateWebhook
-// @Tag Webhook API
-// @Description update webhook
-// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
-// @Param   body    body   object.Webhook  true        "The details of the webhook"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-webhook [post]
-func (c *ApiController) UpdateWebhook() {
-	id := c.Input().Get("id")
-
-	var webhook object.Webhook
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateWebhook(id, &webhook))
-	c.ServeJSON()
-}
-
-// AddWebhook
-// @Title AddWebhook
-// @Tag Webhook API
-// @Description add webhook
-// @Param   body    body   object.Webhook  true        "The details of the webhook"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-webhook [post]
-func (c *ApiController) AddWebhook() {
-	var webhook object.Webhook
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddWebhook(&webhook))
-	c.ServeJSON()
-}
-
-// DeleteWebhook
-// @Title DeleteWebhook
-// @Tag Webhook API
-// @Description delete webhook
-// @Param   body    body   object.Webhook  true        "The details of the webhook"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-webhook [post]
-func (c *ApiController) DeleteWebhook() {
-	var webhook object.Webhook
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteWebhook(&webhook))
-	c.ServeJSON()
-}
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@@ -1,37 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import "github.com/alexedwards/argon2id"
-
-type Argon2idCredManager struct{}
-
-func NewArgon2idCredManager() *Argon2idCredManager {
-	cm := &Argon2idCredManager{}
-	return cm
-}
-
-func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
-	if err != nil {
-		return ""
-	}
-	return hash
-}
-
-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
-	return match
-}
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@@ -1,23 +0,0 @@
-package cred
-
-import "golang.org/x/crypto/bcrypt"
-
-type BcryptCredManager struct{}
-
-func NewBcryptCredManager() *BcryptCredManager {
-	cm := &BcryptCredManager{}
-	return cm
-}
-
-func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
-	if err != nil {
-		return ""
-	}
-	return string(bytes)
-}
-
-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
-	return err == nil
-}
--- a/cred/manager.go
+++ b/cred/manager.go
@@ -1,37 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-type CredManager interface {
-	GetHashedPassword(password string, userSalt string, organizationSalt string) string
-	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
-}
-
-func GetCredManager(passwordType string) CredManager {
-	if passwordType == "plain" {
-		return NewPlainCredManager()
-	} else if passwordType == "salt" {
-		return NewSha256SaltCredManager()
-	} else if passwordType == "md5-salt" {
-		return NewMd5UserSaltCredManager()
-	} else if passwordType == "bcrypt" {
-		return NewBcryptCredManager()
-	} else if passwordType == "pbkdf2-salt" {
-		return NewPbkdf2SaltCredManager()
-	} else if passwordType == "argon2id" {
-		return NewArgon2idCredManager()
-	}
-	return nil
-}
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@@ -1,50 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/md5"
-	"encoding/hex"
-)
-
-type Md5UserSaltCredManager struct{}
-
-func getMd5(data []byte) []byte {
-	hash := md5.Sum(data)
-	return hash[:]
-}
-
-func getMd5HexDigest(s string) string {
-	b := getMd5([]byte(s))
-	res := hex.EncodeToString(b)
-	return res
-}
-
-func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
-	cm := &Md5UserSaltCredManager{}
-	return cm
-}
-
-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getMd5HexDigest(password)
-	if userSalt != "" {
-		res = getMd5HexDigest(res + userSalt)
-	}
-	return res
-}
-
-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
-}
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@@ -1,40 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha256"
-	"encoding/base64"
-
-	"golang.org/x/crypto/pbkdf2"
-)
-
-type Pbkdf2SaltCredManager struct{}
-
-func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
-	cm := &Pbkdf2SaltCredManager{}
-	return cm
-}
-
-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
-	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
-	return base64.StdEncoding.EncodeToString(res)
-}
-
-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
-}
--- a/cred/plain.go
+++ b/cred/plain.go
@@ -1,30 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-type PlainCredManager struct{}
-
-func NewPlainCredManager() *PlainCredManager {
-	cm := &PlainCredManager{}
-	return cm
-}
-
-func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	return password
-}
-
-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == plainPwd
-}
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@@ -1,50 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-)
-
-type Sha256SaltCredManager struct{}
-
-func getSha256(data []byte) []byte {
-	hash := sha256.Sum256(data)
-	return hash[:]
-}
-
-func getSha256HexDigest(s string) string {
-	b := getSha256([]byte(s))
-	res := hex.EncodeToString(b)
-	return res
-}
-
-func NewSha256SaltCredManager() *Sha256SaltCredManager {
-	cm := &Sha256SaltCredManager{}
-	return cm
-}
-
-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getSha256HexDigest(password)
-	if organizationSalt != "" {
-		res = getSha256HexDigest(res + organizationSalt)
-	}
-	return res
-}
-
-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
-}
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@@ -1,34 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"fmt"
-	"testing"
-)
-
-func TestGetSaltedPassword(t *testing.T) {
-	password := "123456"
-	salt := "123"
-	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
-}
-
-func TestGetPassword(t *testing.T) {
-	password := "123456"
-	cm := NewSha256SaltCredManager()
-	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
-}
--- a/crowdin.yml
+++ b/crowdin.yml
@@ -1,10 +0,0 @@
-project_id: '491513'
-api_token_env: 'CROWDIN_PERSONAL_TOKEN'
-preserve_hierarchy: true
-files: [
-  # JSON translation files
-    {
-        source: '/i18n/locales/en/data.json',
-        translation: '/i18n/locales/%two_letters_code%/data.json',
-    },
-]
--- a/deployment/deploy.go
+++ b/deployment/deploy.go
@@ -1,70 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package deployment
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/storage"
-	"github.com/casdoor/casdoor/util"
-	"github.com/casdoor/oss"
-)
-
-func deployStaticFiles(provider *object.Provider) {
-	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
-	if storageProvider == nil {
-		panic(fmt.Sprintf("the provider type: %s is not supported", provider.Type))
-	}
-
-	uploadFolder(storageProvider, "js")
-	uploadFolder(storageProvider, "css")
-	updateHtml(provider.Domain)
-}
-
-func uploadFolder(storageProvider oss.StorageInterface, folder string) {
-	path := fmt.Sprintf("../web/build/static/%s/", folder)
-	filenames := util.ListFiles(path)
-
-	for _, filename := range filenames {
-		if !strings.HasSuffix(filename, folder) {
-			continue
-		}
-
-		file, err := os.Open(path + filename)
-		if err != nil {
-			panic(err)
-		}
-
-		objectKey := fmt.Sprintf("static/%s/%s", folder, filename)
-		_, err = storageProvider.Put(objectKey, file)
-		if err != nil {
-			panic(err)
-		}
-
-		fmt.Printf("Uploaded [%s] to [%s]\n", path, objectKey)
-	}
-}
-
-func updateHtml(domainPath string) {
-	htmlPath := "../web/build/index.html"
-	html := util.ReadStringFromPath(htmlPath)
-	html = strings.Replace(html, "\"/static/", fmt.Sprintf("\"%s", domainPath), -1)
-	util.WriteStringToPath(html, htmlPath)
-
-	fmt.Printf("Updated HTML to [%s]\n", html)
-}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,27 +0,0 @@
-version: '3.1'
-services:
-  casdoor:
-    restart: always
-    build:
-      context: ./
-      dockerfile: Dockerfile
-      target: STANDARD
-    entrypoint: /bin/sh -c './server --createDatabase=true'
-    ports:
-      - "8000:8000"
-    depends_on:
-      - db
-    environment:
-      RUNNING_IN_DOCKER: "true"
-    volumes:
-      - ./conf:/conf/
-  db:
-    restart: always
-    image: mysql:8.0.25
-    platform: linux/amd64
-    ports:
-      - "3306:3306"
-    environment:
-      MYSQL_ROOT_PASSWORD: 123456
-    volumes:
-      - /usr/local/docker/mysql:/var/lib/mysql
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,8 +0,0 @@
-#!/bin/bash
-if [ "${MYSQL_ROOT_PASSWORD}" = "" ] ;then MYSQL_ROOT_PASSWORD=123456 ;fi
-
-service mariadb start
-
-mysqladmin -u root password ${MYSQL_ROOT_PASSWORD}
-
-exec /server --createDatabase=true
--- a/go.mod
+++ b/go.mod
@@ -1,60 +1,23 @@
 module github.com/casdoor/casdoor

-go 1.16
+go 1.15

 require (
-	github.com/Masterminds/squirrel v1.5.3
-	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
-	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.188 // indirect
-	github.com/aws/aws-sdk-go v1.44.4
-	github.com/beego/beego v1.12.11
-	github.com/beevik/etree v1.1.0
-	github.com/casbin/casbin/v2 v2.30.1
-	github.com/casdoor/go-sms-sender v0.6.1
-	github.com/casdoor/gomail/v2 v2.0.1
-	github.com/casdoor/oss v1.2.0
-	github.com/casdoor/xorm-adapter/v3 v3.0.4
-	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
-	github.com/denisenkom/go-mssqldb v0.9.0
-	github.com/duo-labs/webauthn v0.0.0-20211221191814-a22482edaa3b
-	github.com/forestmgy/ldapserver v1.1.0
-	github.com/go-ldap/ldap/v3 v3.3.0
-	github.com/go-mysql-org/go-mysql v1.7.0
-	github.com/go-pay/gopay v1.5.72
-	github.com/go-sql-driver/mysql v1.6.0
-	github.com/golang-jwt/jwt/v4 v4.2.0
-	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
-	github.com/google/uuid v1.3.0
-	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
-	github.com/lestrrat-go/jwx v1.2.21
-	github.com/lib/pq v1.8.0
-	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
-	github.com/markbates/goth v1.75.2
-	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
-	github.com/nyaruka/phonenumbers v1.1.5
-	github.com/qiangmzsx/string-adapter/v2 v2.1.0
-	github.com/robfig/cron/v3 v3.0.1
-	github.com/russellhaering/gosaml2 v0.6.0
-	github.com/russellhaering/goxmldsig v1.1.1
-	github.com/satori/go.uuid v1.2.0
-	github.com/shirou/gopsutil v3.21.11+incompatible
-	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
-	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.8.0
-	github.com/tealeg/xlsx v1.0.5
-	github.com/thanhpk/randstr v1.0.4
-	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/xorm-io/core v0.7.4
-	github.com/xorm-io/xorm v1.1.6
-	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
-	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
-	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0
+	github.com/gin-contrib/cors v1.3.1
+	github.com/gin-gonic/gin v1.6.3
+	github.com/go-playground/validator/v10 v10.4.0 // indirect
+	github.com/go-sql-driver/mysql v1.5.0
+	github.com/golang/protobuf v1.4.3 // indirect
+	github.com/google/uuid v1.1.2
+	github.com/joho/godotenv v1.3.0
+	github.com/json-iterator/go v1.1.10 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/ugorji/go v1.1.12 // indirect
+	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 // indirect
+	golang.org/x/sys v0.0.0-20201029080932-201ba4db2418 // indirect
+	google.golang.org/protobuf v1.25.0 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect
-	modernc.org/sqlite v1.10.1-0.20210314190707-798bbeb9bb84
+	xorm.io/core v0.7.2
+	xorm.io/xorm v0.8.1
 )
--- a/go.sum
+++ b/go.sum
--- a/i18n/generate.go
+++ b/i18n/generate.go
@@ -1,138 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package i18n
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strings"
-
-	"github.com/casdoor/casdoor/util"
-)
-
-type I18nData map[string]map[string]string
-
-var (
-	reI18nFrontend          *regexp.Regexp
-	reI18nBackendObject     *regexp.Regexp
-	reI18nBackendController *regexp.Regexp
-)
-
-func init() {
-	reI18nFrontend, _ = regexp.Compile("i18next.t\\(\"(.*?)\"\\)")
-	reI18nBackendObject, _ = regexp.Compile("i18n.Translate\\((.*?)\"\\)")
-	reI18nBackendController, _ = regexp.Compile("c.T\\((.*?)\"\\)")
-}
-
-func getAllI18nStringsFrontend(fileContent string) []string {
-	res := []string{}
-
-	matches := reI18nFrontend.FindAllStringSubmatch(fileContent, -1)
-	if matches == nil {
-		return res
-	}
-
-	for _, match := range matches {
-		res = append(res, match[1])
-	}
-	return res
-}
-
-func getAllI18nStringsBackend(fileContent string, isObjectPackage bool) []string {
-	res := []string{}
-	if isObjectPackage {
-		matches := reI18nBackendObject.FindAllStringSubmatch(fileContent, -1)
-		if matches == nil {
-			return res
-		}
-		for _, match := range matches {
-			match := strings.SplitN(match[1], ",", 2)
-			res = append(res, match[1][2:])
-		}
-	} else {
-		matches := reI18nBackendController.FindAllStringSubmatch(fileContent, -1)
-		if matches == nil {
-			return res
-		}
-		for _, match := range matches {
-			res = append(res, match[1][1:])
-		}
-	}
-
-	return res
-}
-
-func getAllFilePathsInFolder(folder string, fileSuffix string) []string {
-	res := []string{}
-	err := filepath.Walk(folder,
-		func(path string, info os.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-
-			if !strings.HasSuffix(info.Name(), fileSuffix) {
-				return nil
-			}
-
-			res = append(res, path)
-			fmt.Println(path, info.Name())
-			return nil
-		})
-	if err != nil {
-		panic(err)
-	}
-
-	return res
-}
-
-func parseEnData(category string) *I18nData {
-	var paths []string
-	if category == "backend" {
-		paths = getAllFilePathsInFolder("../", ".go")
-	} else {
-		paths = getAllFilePathsInFolder("../web/src", ".js")
-	}
-
-	allWords := []string{}
-	for _, path := range paths {
-		fileContent := util.ReadStringFromPath(path)
-
-		var words []string
-		if category == "backend" {
-			isObjectPackage := strings.Contains(path, "object")
-			words = getAllI18nStringsBackend(fileContent, isObjectPackage)
-		} else {
-			words = getAllI18nStringsFrontend(fileContent)
-		}
-		allWords = append(allWords, words...)
-	}
-	fmt.Printf("%v\n", allWords)
-
-	data := I18nData{}
-	for _, word := range allWords {
-		tokens := strings.SplitN(word, ":", 2)
-		namespace := tokens[0]
-		key := tokens[1]
-
-		if _, ok := data[namespace]; !ok {
-			data[namespace] = map[string]string{}
-		}
-		data[namespace][key] = key
-	}
-
-	return &data
-}
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@@ -1,55 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package i18n
-
-import (
-	"testing"
-)
-
-func applyToOtherLanguage(category string, language string, i18nData *I18nData) {
-	newData := readI18nFile(category, language)
-	println(newData)
-
-	applyData(i18nData, newData)
-	writeI18nFile(category, language, i18nData)
-}
-
-func TestGenerateI18nFrontend(t *testing.T) {
-	enData := parseEnData("frontend")
-	writeI18nFile("frontend", "en", enData)
-
-	applyToOtherLanguage("frontend", "zh", enData)
-	applyToOtherLanguage("frontend", "es", enData)
-	applyToOtherLanguage("frontend", "fr", enData)
-	applyToOtherLanguage("frontend", "de", enData)
-	applyToOtherLanguage("frontend", "ja", enData)
-	applyToOtherLanguage("frontend", "ko", enData)
-	applyToOtherLanguage("frontend", "ru", enData)
-	applyToOtherLanguage("frontend", "vi", enData)
-}
-
-func TestGenerateI18nBackend(t *testing.T) {
-	enData := parseEnData("backend")
-	writeI18nFile("backend", "en", enData)
-
-	applyToOtherLanguage("backend", "zh", enData)
-	applyToOtherLanguage("backend", "es", enData)
-	applyToOtherLanguage("backend", "fr", enData)
-	applyToOtherLanguage("backend", "de", enData)
-	applyToOtherLanguage("backend", "ja", enData)
-	applyToOtherLanguage("backend", "ko", enData)
-	applyToOtherLanguage("backend", "ru", enData)
-	applyToOtherLanguage("backend", "vi", enData)
-}
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/vi/data.json
+++ b/i18n/locales/vi/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "Email: %s",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Invalid information": "Invalid information",
-    "Phone: %s": "Phone: %s",
-    "Please sign out first before signing in": "Please sign out first before signing in",
-    "Please sign out first before signing up": "Please sign out first before signing up",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider type: %s is not supported": "The provider type: %s is not supported",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "Turing test failed.": "Turing test failed.",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: "
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters"
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Email is invalid": "Email is invalid",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Organization does not exist": "Organization does not exist",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong parameter": "Wrong parameter",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@@ -1,147 +0,0 @@
-{
-  "account": {
-    "Email: %s": "邮件: %s",
-    "Get init score failed, error: %w": "初始化分数失败: %w",
-    "Invalid information": "无效信息",
-    "Phone: %s": "手机号: %s",
-    "Please sign out first before signing in": "请在登录前先退出登录",
-    "Please sign out first before signing up": "请在注册前先退出登录",
-    "The application does not allow to sign up new account": "该应用不允许注册新用户"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge 方法应该为 S256",
-    "Failed to create user, user information is invalid: %s": "创建用户失败，用户信息无效: %s",
-    "Failed to login in: %s": "登录失败: %s",
-    "Invalid token": "无效token",
-    "State expected: %s, but got: %s": "期望状态为: %s, 实际状态为: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许通过 %s 注册新账户, 请使用其他方式注册",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许注册新账户, 请联系IT支持",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定: %s (%s)",
-    "The application: %s does not exist": "应用 %s 不存在",
-    "The login method: login with password is not enabled for the application": "该应用禁止采用密码登录方式",
-    "The provider type: %s is not supported": "不支持该类型的提供商: %s",
-    "The provider: %s is not enabled for the application": "该应用的提供商: %s 未被启用",
-    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
-    "Turing test failed.": "人机验证失败",
-    "Unauthorized operation": "未授权的操作",
-    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "服务 %s 与 %s 不匹配"
-  },
-  "check": {
-    "Affiliation cannot be blank": "工作单位不可为空",
-    "DisplayName cannot be blank": "显示名称不可为空",
-    "DisplayName is not valid real name": "显示名称必须是真实姓名",
-    "Email already exists": "该邮箱已存在",
-    "Email cannot be empty": "邮箱不可为空",
-    "Email is invalid": "无效邮箱",
-    "Empty username.": "用户名不可为空",
-    "FirstName cannot be blank": "名不可以为空",
-    "LastName cannot be blank": "姓不可以为空",
-    "Ldap user name or password incorrect": "LDAP密码错误",
-    "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 LDAP 服务器",
-    "Organization does not exist": "组织不存在",
-    "Password must have at least 6 characters": "新密码至少为6位",
-    "Phone already exists": "该手机号已存在",
-    "Phone cannot be empty": "手机号不可为空",
-    "Phone number is invalid": "无效手机号",
-    "Session outdated, please login again": "会话已过期，请重新登录",
-    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾",
-    "Username already exists": "用户名已存在",
-    "Username cannot be an email address": "用户名不可以是邮箱地址",
-    "Username cannot contain white spaces": "用户名禁止包含空格",
-    "Username cannot start with a digit": "用户名禁止使用数字开头",
-    "Username is too long (maximum is 39 characters).": "用户名过长（最大允许长度为39个字符）",
-    "Username must have at least 2 characters": "用户名至少要有2个字符",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "密码错误次数已达上限，请在 %d 分后重试",
-    "Your region is not allow to signup by phone": "所在地区不支持手机号注册",
-    "password or code is incorrect, you have %d remaining chances": "密码错误，您还有 %d 次尝试的机会",
-    "unsupported password type: %s": "不支持的密码类型: %s"
-  },
-  "general": {
-    "Missing parameter": "缺少参数",
-    "Please login first": "请先登录",
-    "The user: %s doesn't exist": "用户: %s 不存在",
-    "don't support captchaProvider: ": "不支持验证码提供商: "
-  },
-  "ldap": {
-    "Ldap server exist": "LDAP服务器已存在"
-  },
-  "link": {
-    "Please link first": "请先绑定",
-    "This application has no providers": "该应用无可用的提供商",
-    "This application has no providers of type": "应用没有该类型的提供商",
-    "This provider can't be unlinked": "该提供商被禁止解绑",
-    "You are not the global admin, you can't unlink other users": "您不是全局管理员，无法解绑其他用户",
-    "You can't unlink yourself, you are not a member of any application": "您无法自行解绑，您不是任何应用程序的成员"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "仅允许管理员可以修改 %s",
-    "The %s is immutable.": "%s 是不可变的",
-    "Unknown modify rule %s.": "未知的修改规则: %s"
-  },
-  "provider": {
-    "Invalid application id": "无效的应用ID",
-    "the provider: %s does not exist": "提供商: %s 不存在"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "上传头像时用户为空",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "username或fullFilePath为空: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "未找到应用: %s"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "提供商: %s 不是SAML类型"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "邮件参数为空: %v",
-    "Invalid Email receivers: %s": " 无效的邮箱收件人: %s",
-    "Invalid phone receivers: %s": "无效的手机短信收信人: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "objectKey: %s 被禁止",
-    "The provider type: %s is not supported": "不支持的提供商类型: %s"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "clientId或clientSecret为空",
-    "Grant_type: %s is not supported in this application": "该应用不支持Grant_type: %s",
-    "Invalid application or wrong clientSecret": "无效应用或错误的clientSecret",
-    "Invalid client_id": "无效的ClientId",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "重定向 URI：%s 在许可跳转列表中未找到",
-    "Token not found, invalid accessToken": "未查询到对应token, accessToken无效"
-  },
-  "user": {
-    "Display name cannot be empty": "显示名称不可为空",
-    "New password cannot contain blank space.": "新密码不可以包含空格",
-    "New password must have at least 6 characters": "新密码至少需要6位字符"
-  },
-  "user_upload": {
-    "Failed to import users": "导入用户失败"
-  },
-  "util": {
-    "No application is found for userId: %s": "未找到用户: %s 的应用",
-    "No provider for category: %s is found for application: %s": "未找到类别为: %s 的提供商来满足应用: %s",
-    "The provider: %s is not found": "未找到提供商: %s"
-  },
-  "verification": {
-    "Code has not been sent yet!": "验证码还未发送",
-    "Email is invalid": "非法的邮箱",
-    "Invalid captcha provider.": "非法的验证码提供商",
-    "Organization does not exist": "组织不存在",
-    "Phone number is invalid in your region %s": "您所在地区的电话号码无效 %s",
-    "Turing test failed.": "验证码还未发送",
-    "Unable to get the email modify rule.": "无法获取邮箱修改规则",
-    "Unable to get the phone modify rule.": "无法获取手机号修改规则",
-    "Unknown type": "未知类型",
-    "Wrong parameter": "参数错误",
-    "You should verify your code in %d min!": "请在 %d 分钟内输入正确验证码",
-    "the user does not exist, please sign up first": "用户不存在，请先注册"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "该用户没有 WebAuthn 凭据",
-    "Please call WebAuthnSigninBegin first": "请先调用 WebAuthnSigninBegin"
-  }
-}
--- a/i18n/util.go
+++ b/i18n/util.go
@@ -1,93 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package i18n
-
-import (
-	"embed"
-	"fmt"
-	"strings"
-
-	"github.com/casdoor/casdoor/util"
-)
-
-//go:embed locales/*/data.json
-var f embed.FS
-
-var langMap = make(map[string]map[string]map[string]string) // for example : langMap[en][account][Invalid information] = Invalid information
-
-func getI18nFilePath(category string, language string) string {
-	if category == "backend" {
-		return fmt.Sprintf("../i18n/locales/%s/data.json", language)
-	} else {
-		return fmt.Sprintf("../web/src/locales/%s/data.json", language)
-	}
-}
-
-func readI18nFile(category string, language string) *I18nData {
-	s := util.ReadStringFromPath(getI18nFilePath(category, language))
-
-	data := &I18nData{}
-	err := util.JsonToStruct(s, data)
-	if err != nil {
-		panic(err)
-	}
-	return data
-}
-
-func writeI18nFile(category string, language string, data *I18nData) {
-	s := util.StructToJsonFormatted(data)
-	s = strings.ReplaceAll(s, "\\u0026", "&")
-	s += "\n"
-	println(s)
-
-	util.WriteStringToPath(s, getI18nFilePath(category, language))
-}
-
-func applyData(data1 *I18nData, data2 *I18nData) {
-	for namespace, pairs2 := range *data2 {
-		if _, ok := (*data1)[namespace]; !ok {
-			continue
-		}
-
-		pairs1 := (*data1)[namespace]
-
-		for key, value := range pairs2 {
-			if _, ok := pairs1[key]; !ok {
-				continue
-			}
-
-			pairs1[key] = value
-		}
-	}
-}
-
-func Translate(lang string, error string) string {
-	parts := strings.SplitN(error, ":", 2)
-	if !strings.Contains(error, ":") || len(parts) != 2 {
-		return "Translate Error: " + error
-	}
-	if langMap[lang] != nil {
-		return langMap[lang][parts[0]][parts[1]]
-	} else {
-		file, _ := f.ReadFile("locales/" + lang + "/data.json")
-		data := I18nData{}
-		err := util.JsonToStruct(string(file), &data)
-		if err != nil {
-			panic(err)
-		}
-		langMap[lang] = data
-		return langMap[lang][parts[0]][parts[1]]
-	}
-}
--- a/idp/adfs.go
+++ b/idp/adfs.go
@@ -1,139 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"crypto/tls"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/lestrrat-go/jwx/jwa"
-	"github.com/lestrrat-go/jwx/jwk"
-	"github.com/lestrrat-go/jwx/jwt"
-	"golang.org/x/oauth2"
-)
-
-type AdfsIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-	Host   string
-}
-
-func NewAdfsIdProvider(clientId string, clientSecret string, redirectUrl string, hostUrl string) *AdfsIdProvider {
-	idp := &AdfsIdProvider{}
-
-	config := idp.getConfig(hostUrl)
-	config.ClientID = clientId
-	config.ClientSecret = clientSecret
-	config.RedirectURL = redirectUrl
-	idp.Config = config
-	idp.Host = hostUrl
-	return idp
-}
-
-func (idp *AdfsIdProvider) SetHttpClient(client *http.Client) {
-	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: true,
-		},
-	}
-	idp.Client = client
-	idp.Client.Transport = tr
-}
-
-func (idp *AdfsIdProvider) getConfig(hostUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		AuthURL:  fmt.Sprintf("%s/adfs/oauth2/authorize", hostUrl),
-		TokenURL: fmt.Sprintf("%s/adfs/oauth2/token", hostUrl),
-	}
-
-	config := &oauth2.Config{
-		Endpoint: endpoint,
-	}
-
-	return config
-}
-
-type AdfsToken struct {
-	IdToken   string `json:"id_token"`
-	ExpiresIn int    `json:"expires_in"`
-	ErrMsg    string `json:"error_description"`
-}
-
-// GetToken
-// get more detail via: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios#request-an-access-token
-func (idp *AdfsIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	payload := url.Values{}
-	payload.Set("code", code)
-	payload.Set("grant_type", "authorization_code")
-	payload.Set("client_id", idp.Config.ClientID)
-	payload.Set("redirect_uri", idp.Config.RedirectURL)
-	resp, err := idp.Client.PostForm(idp.Config.Endpoint.TokenURL, payload)
-	if err != nil {
-		return nil, err
-	}
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	pToken := &AdfsToken{}
-	err = json.Unmarshal(data, pToken)
-	if err != nil {
-		return nil, fmt.Errorf("fail to unmarshal token response: %s", err.Error())
-	}
-	if pToken.ErrMsg != "" {
-		return nil, fmt.Errorf("pToken.Errmsg = %s", pToken.ErrMsg)
-	}
-
-	token := &oauth2.Token{
-		AccessToken: pToken.IdToken,
-		Expiry:      time.Unix(time.Now().Unix()+int64(pToken.ExpiresIn), 0),
-	}
-	return token, nil
-}
-
-// GetUserInfo
-// Since the userinfo endpoint of ADFS only returns sub,
-// the id_token is used to resolve the userinfo
-func (idp *AdfsIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	resp, err := idp.Client.Get(fmt.Sprintf("%s/adfs/discovery/keys", idp.Host))
-	if err != nil {
-		return nil, err
-	}
-	body, err := ioutil.ReadAll(resp.Body)
-	keyset, err := jwk.ParseKey(body)
-	if err != nil {
-		return nil, err
-	}
-	tokenSrc := []byte(token.AccessToken)
-	publicKey, _ := keyset.PublicKey()
-	idToken, _ := jwt.Parse(tokenSrc, jwt.WithVerify(jwa.RS256, publicKey))
-	sid, _ := idToken.Get("sid")
-	upn, _ := idToken.Get("upn")
-	name, _ := idToken.Get("unique_name")
-	userinfo := &UserInfo{
-		Id:          sid.(string),
-		Username:    name.(string),
-		DisplayName: name.(string),
-		Email:       upn.(string),
-	}
-	return userinfo, nil
-}
--- a/idp/alipay.go
+++ b/idp/alipay.go
@@ -1,290 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/sha256"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
-	"encoding/pem"
-	"io"
-	"net/http"
-	"net/url"
-	"sort"
-	"strings"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type AlipayIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-// NewAlipayIdProvider ...
-func NewAlipayIdProvider(clientId string, clientSecret string, redirectUrl string) *AlipayIdProvider {
-	idp := &AlipayIdProvider{}
-
-	config := idp.getConfig(clientId, clientSecret, redirectUrl)
-	idp.Config = config
-
-	return idp
-}
-
-// SetHttpClient ...
-func (idp *AlipayIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-// getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
-func (idp *AlipayIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		AuthURL:  "https://openauth.alipay.com/oauth2/publicAppAuthorize.htm",
-		TokenURL: "https://openapi.alipay.com/gateway.do",
-	}
-
-	config := &oauth2.Config{
-		Scopes:       []string{"", ""},
-		Endpoint:     endpoint,
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-	}
-
-	return config
-}
-
-type AlipayAccessToken struct {
-	Response AlipaySystemOauthTokenResponse `json:"alipay_system_oauth_token_response"`
-	Sign     string                         `json:"sign"`
-}
-
-type AlipaySystemOauthTokenResponse struct {
-	AccessToken  string `json:"access_token"`
-	AlipayUserId string `json:"alipay_user_id"`
-	ExpiresIn    int    `json:"expires_in"`
-	ReExpiresIn  int    `json:"re_expires_in"`
-	RefreshToken string `json:"refresh_token"`
-	UserId       string `json:"user_id"`
-}
-
-// GetToken use code to get access_token
-func (idp *AlipayIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	pTokenParams := &struct {
-		ClientId  string `json:"app_id"`
-		CharSet   string `json:"charset"`
-		Code      string `json:"code"`
-		GrantType string `json:"grant_type"`
-		Method    string `json:"method"`
-		SignType  string `json:"sign_type"`
-		TimeStamp string `json:"timestamp"`
-		Version   string `json:"version"`
-	}{idp.Config.ClientID, "utf-8", code, "authorization_code", "alipay.system.oauth.token", "RSA2", time.Now().Format("2006-01-02 15:04:05"), "1.0"}
-
-	data, err := idp.postWithBody(pTokenParams, idp.Config.Endpoint.TokenURL)
-	if err != nil {
-		return nil, err
-	}
-
-	pToken := &AlipayAccessToken{}
-	err = json.Unmarshal(data, pToken)
-	if err != nil {
-		return nil, err
-	}
-
-	token := &oauth2.Token{
-		AccessToken: pToken.Response.AccessToken,
-		Expiry:      time.Unix(time.Now().Unix()+int64(pToken.Response.ExpiresIn), 0),
-	}
-	return token, nil
-}
-
-/*
-{
-    "alipay_user_info_share_response":{
-        "code":"10000",
-        "msg":"Success",
-        "avatar":"https:\/\/tfs.alipayobjects.com\/images\/partner\/T1.QxFXk4aXXXXXXXX",
-        "nick_name":"zhangsan",
-        "user_id":"2099222233334444"
-    },
-    "sign":"m8rWJeqfoa5tDQRRVnPhRHcpX7NZEgjIPTPF1QBxos6XXXXXXXXXXXXXXXXXXXXXXXXXX"
-}
-*/
-
-type AlipayUserResponse struct {
-	AlipayUserInfoShareResponse AlipayUserInfoShareResponse `json:"alipay_user_info_share_response"`
-	Sign                        string                      `json:"sign"`
-}
-
-type AlipayUserInfoShareResponse struct {
-	Code     string `json:"code"`
-	Msg      string `json:"msg"`
-	Avatar   string `json:"avatar"`
-	NickName string `json:"nick_name"`
-	UserId   string `json:"user_id"`
-}
-
-// GetUserInfo Use access_token to get UserInfo
-func (idp *AlipayIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	atUserInfo := &AlipayUserResponse{}
-	accessToken := token.AccessToken
-
-	pTokenParams := &struct {
-		ClientId  string `json:"app_id"`
-		CharSet   string `json:"charset"`
-		AuthToken string `json:"auth_token"`
-		Method    string `json:"method"`
-		SignType  string `json:"sign_type"`
-		TimeStamp string `json:"timestamp"`
-		Version   string `json:"version"`
-	}{idp.Config.ClientID, "utf-8", accessToken, "alipay.user.info.share", "RSA2", time.Now().Format("2006-01-02 15:04:05"), "1.0"}
-	data, err := idp.postWithBody(pTokenParams, idp.Config.Endpoint.TokenURL)
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(data, atUserInfo)
-	if err != nil {
-		return nil, err
-	}
-
-	userInfo := UserInfo{
-		Id:          atUserInfo.AlipayUserInfoShareResponse.UserId,
-		Username:    atUserInfo.AlipayUserInfoShareResponse.NickName,
-		DisplayName: atUserInfo.AlipayUserInfoShareResponse.NickName,
-		AvatarUrl:   atUserInfo.AlipayUserInfoShareResponse.Avatar,
-	}
-
-	return &userInfo, nil
-}
-
-func (idp *AlipayIdProvider) postWithBody(body interface{}, targetUrl string) ([]byte, error) {
-	bs, err := json.Marshal(body)
-	if err != nil {
-		return nil, err
-	}
-
-	bodyJson := make(map[string]interface{})
-	err = json.Unmarshal(bs, &bodyJson)
-	if err != nil {
-		return nil, err
-	}
-
-	formData := url.Values{}
-	for k := range bodyJson {
-		formData.Set(k, bodyJson[k].(string))
-	}
-
-	sign, err := rsaSignWithRSA256(getStringToSign(formData), idp.Config.ClientSecret)
-	if err != nil {
-		return nil, err
-	}
-
-	formData.Set("sign", sign)
-
-	resp, err := idp.Client.PostForm(targetUrl, formData)
-	if err != nil {
-		return nil, err
-	}
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-
-	return data, nil
-}
-
-// get the string to sign, see https://opendocs.alipay.com/common/02kf5q
-func getStringToSign(formData url.Values) string {
-	keys := make([]string, 0, len(formData))
-	for k := range formData {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-	str := ""
-	for _, k := range keys {
-		if k == "sign" || formData[k][0] == "" {
-			continue
-		} else {
-			str += "&" + k + "=" + formData[k][0]
-		}
-	}
-	str = strings.Trim(str, "&")
-	return str
-}
-
-// use privateKey to sign the content
-func rsaSignWithRSA256(signContent string, privateKey string) (string, error) {
-	privateKey = formatPrivateKey(privateKey)
-	block, _ := pem.Decode([]byte(privateKey))
-	if block == nil {
-		panic("fail to parse privateKey")
-	}
-
-	h := sha256.New()
-	h.Write([]byte(signContent))
-	hashed := h.Sum(nil)
-
-	privateKeyRSA, err := x509.ParsePKCS8PrivateKey(block.Bytes)
-	if err != nil {
-		return "", err
-	}
-
-	signature, err := rsa.SignPKCS1v15(rand.Reader, privateKeyRSA.(*rsa.PrivateKey), crypto.SHA256, hashed)
-	if err != nil {
-		return "", err
-	}
-
-	return base64.StdEncoding.EncodeToString(signature), nil
-}
-
-// privateKey in database is a string, format it to PEM style
-func formatPrivateKey(privateKey string) string {
-	// each line length is 64
-	preFmtPrivateKey := ""
-	for i := 0; ; {
-		if i+64 <= len(privateKey) {
-			preFmtPrivateKey = preFmtPrivateKey + privateKey[i:i+64] + "\n"
-			i += 64
-		} else {
-			preFmtPrivateKey = preFmtPrivateKey + privateKey[i:]
-			break
-		}
-	}
-	privateKey = strings.Trim(preFmtPrivateKey, "\n")
-
-	// add pkcs#8 BEGIN and END
-	PemBegin := "-----BEGIN PRIVATE KEY-----\n"
-	PemEnd := "\n-----END PRIVATE KEY-----"
-	if !strings.HasPrefix(privateKey, PemBegin) {
-		privateKey = PemBegin + privateKey
-	}
-	if !strings.HasSuffix(privateKey, PemEnd) {
-		privateKey = privateKey + PemEnd
-	}
-	return privateKey
-}
--- a/idp/baidu.go
+++ b/idp/baidu.go
@@ -1,116 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-
-	"golang.org/x/oauth2"
-)
-
-type BaiduIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-func NewBaiduIdProvider(clientId string, clientSecret string, redirectUrl string) *BaiduIdProvider {
-	idp := &BaiduIdProvider{}
-
-	config := idp.getConfig()
-	config.ClientID = clientId
-	config.ClientSecret = clientSecret
-	config.RedirectURL = redirectUrl
-	idp.Config = config
-
-	return idp
-}
-
-func (idp *BaiduIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-func (idp *BaiduIdProvider) getConfig() *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		AuthURL:  "https://openapi.baidu.com/oauth/2.0/authorize",
-		TokenURL: "https://openapi.baidu.com/oauth/2.0/token",
-	}
-
-	config := &oauth2.Config{
-		Scopes:   []string{"email"},
-		Endpoint: endpoint,
-	}
-
-	return config
-}
-
-func (idp *BaiduIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, idp.Client)
-	return idp.Config.Exchange(ctx, code)
-}
-
-/*
-{
-    "userid":"2097322476",
-    "username":"wl19871011",
-    "realname":"阳光",
-    "userdetail":"喜欢自由",
-    "birthday":"1987-01-01",
-    "marriage":"恋爱",
-    "sex":"男",
-    "blood":"O",
-    "constellation":"射手",
-    "figure":"小巧",
-    "education":"大学/专科",
-    "trade":"计算机/电子产品",
-    "job":"未知",
-    "birthday_year":"1987",
-    "birthday_month":"01",
-    "birthday_day":"01",
-}
-*/
-
-type BaiduUserInfo struct {
-	OpenId   string `json:"openid"`
-	Username string `json:"username"`
-	Portrait string `json:"portrait"`
-}
-
-func (idp *BaiduIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	resp, err := idp.Client.Get(fmt.Sprintf("https://openapi.baidu.com/rest/2.0/passport/users/getInfo?access_token=%s", token.AccessToken))
-	if err != nil {
-		return nil, err
-	}
-
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	baiduUser := BaiduUserInfo{}
-	if err = json.Unmarshal(data, &baiduUser); err != nil {
-		return nil, err
-	}
-
-	userInfo := UserInfo{
-		Id:          baiduUser.OpenId,
-		Username:    baiduUser.Username,
-		DisplayName: baiduUser.Username,
-		AvatarUrl:   fmt.Sprintf("https://himg.bdimg.com/sys/portrait/item/%s", baiduUser.Portrait),
-	}
-	return &userInfo, nil
-}
--- a/idp/bilibili.go
+++ b/idp/bilibili.go
@@ -1,219 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type BilibiliIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-func NewBilibiliIdProvider(clientId string, clientSecret string, redirectUrl string) *BilibiliIdProvider {
-	idp := &BilibiliIdProvider{}
-
-	config := idp.getConfig(clientId, clientSecret, redirectUrl)
-	idp.Config = config
-
-	return idp
-}
-
-func (idp *BilibiliIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-// getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
-func (idp *BilibiliIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		TokenURL: "https://api.bilibili.com/x/account-oauth2/v1/token",
-		AuthURL:  "http://member.bilibili.com/arcopen/fn/user/account/info",
-	}
-
-	config := &oauth2.Config{
-		Scopes:       []string{"", ""},
-		Endpoint:     endpoint,
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-	}
-
-	return config
-}
-
-type BilibiliProviderToken struct {
-	AccessToken  string `json:"access_token"`
-	ExpiresIn    int    `json:"expires_in"`
-	RefreshToken string `json:"refresh_token"`
-}
-
-type BilibiliIdProviderTokenResponse struct {
-	Code    int                   `json:"code"`
-	Message string                `json:"message"`
-	TTL     int                   `json:"ttl"`
-	Data    BilibiliProviderToken `json:"data"`
-}
-
-// GetToken
-/*
-{
-    "code": 0,
-    "message": "0",
-    "ttl": 1,
-    "data": {
-         "access_token": "d30bedaa4d8eb3128cf35ddc1030e27d",
-         "expires_in": 1630220614,
-         "refresh_token": "WxFDKwqScZIQDm4iWmKDvetyFugM6HkX"
-    }
-}
-*/
-// GetToken use code get access_token (*operation of getting code ought to be done in front)
-// get more detail via: https://openhome.bilibili.com/doc/4/eaf0e2b5-bde9-b9a0-9be1-019bb455701c
-func (idp *BilibiliIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	pTokenParams := &struct {
-		ClientId     string `json:"client_id"`
-		ClientSecret string `json:"client_secret"`
-		GrantType    string `json:"grant_type"`
-		Code         string `json:"code"`
-	}{
-		idp.Config.ClientID,
-		idp.Config.ClientSecret,
-		"authorization_code",
-		code,
-	}
-
-	data, err := idp.postWithBody(pTokenParams, idp.Config.Endpoint.TokenURL)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &BilibiliIdProviderTokenResponse{}
-	err = json.Unmarshal(data, response)
-	if err != nil {
-		return nil, err
-	}
-
-	if response.Code != 0 {
-		return nil, fmt.Errorf("pToken.Errcode = %d, pToken.Errmsg = %s", response.Code, response.Message)
-	}
-
-	token := &oauth2.Token{
-		AccessToken:  response.Data.AccessToken,
-		Expiry:       time.Unix(time.Now().Unix()+int64(response.Data.ExpiresIn), 0),
-		RefreshToken: response.Data.RefreshToken,
-	}
-
-	return token, nil
-}
-
-/*
-{
-    "code": 0,
-    "message": "0",
-    "ttl": 1,
-    "data": {
-        "name":"bilibili",
-        "face":"http://i0.hdslb.com/bfs/face/e1c99895a9f9df4f260a70dc7e227bcb46cf319c.jpg",
-        "openid":"9205eeaa1879skxys969ed47874f225c3"
-    }
-}
-*/
-
-type BilibiliUserInfo struct {
-	Name   string `json:"name"`
-	Face   string `json:"face"`
-	OpenId string `json:"openid"`
-}
-
-type BilibiliUserInfoResponse struct {
-	Code    int              `json:"code"`
-	Message string           `json:"message"`
-	TTL     int              `json:"ttl"`
-	Data    BilibiliUserInfo `json:"data"`
-}
-
-// GetUserInfo Use  access_token to get UserInfo
-// get more detail via: https://openhome.bilibili.com/doc/4/feb66f99-7d87-c206-00e7-d84164cd701c
-func (idp *BilibiliIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	accessToken := token.AccessToken
-	clientId := idp.Config.ClientID
-
-	params := url.Values{}
-	params.Add("client_id", clientId)
-	params.Add("access_token", accessToken)
-
-	userInfoUrl := fmt.Sprintf("%s?%s", idp.Config.Endpoint.AuthURL, params.Encode())
-
-	resp, err := idp.Client.Get(userInfoUrl)
-	if err != nil {
-		return nil, err
-	}
-
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	bUserInfoResponse := &BilibiliUserInfoResponse{}
-	if err = json.Unmarshal(data, bUserInfoResponse); err != nil {
-		return nil, err
-	}
-
-	if bUserInfoResponse.Code != 0 {
-		return nil, fmt.Errorf("userinfo.Errcode = %d, userinfo.Errmsg = %s", bUserInfoResponse.Code, bUserInfoResponse.Message)
-	}
-
-	userInfo := &UserInfo{
-		Id:          bUserInfoResponse.Data.OpenId,
-		Username:    bUserInfoResponse.Data.Name,
-		DisplayName: bUserInfoResponse.Data.Name,
-		AvatarUrl:   bUserInfoResponse.Data.Face,
-	}
-
-	return userInfo, nil
-}
-
-func (idp *BilibiliIdProvider) postWithBody(body interface{}, url string) ([]byte, error) {
-	bs, err := json.Marshal(body)
-	if err != nil {
-		return nil, err
-	}
-	r := strings.NewReader(string(bs))
-	resp, err := idp.Client.Post(url, "application/json;charset=UTF-8", r)
-	if err != nil {
-		return nil, err
-	}
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-
-	return data, nil
-}
--- a/idp/casdoor.go
+++ b/idp/casdoor.go
@@ -1,156 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type CasdoorIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-	Host   string
-}
-
-func NewCasdoorIdProvider(clientId string, clientSecret string, redirectUrl string, hostUrl string) *CasdoorIdProvider {
-	idp := &CasdoorIdProvider{}
-	config := idp.getConfig(hostUrl)
-	config.ClientID = clientId
-	config.ClientSecret = clientSecret
-	config.RedirectURL = redirectUrl
-	idp.Config = config
-	idp.Host = hostUrl
-	return idp
-}
-
-func (idp *CasdoorIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-func (idp *CasdoorIdProvider) getConfig(hostUrl string) *oauth2.Config {
-	return &oauth2.Config{
-		Endpoint: oauth2.Endpoint{
-			TokenURL: hostUrl + "/api/login/oauth/access_token",
-		},
-		Scopes: []string{"openid email profile"},
-	}
-}
-
-type CasdoorToken struct {
-	AccessToken string `json:"access_token"`
-	ExpiresIn   int    `json:"expires_in"`
-}
-
-func (idp *CasdoorIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	resp, err := http.PostForm(idp.Config.Endpoint.TokenURL, url.Values{
-		"client_id":     {idp.Config.ClientID},
-		"client_secret": {idp.Config.ClientSecret},
-		"code":          {code},
-		"grant_type":    {"authorization_code"},
-	})
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	pToken := &CasdoorToken{}
-	err = json.Unmarshal(body, pToken)
-	if err != nil {
-		return nil, err
-	}
-
-	// check if token is expired
-	if pToken.ExpiresIn <= 0 {
-		return nil, fmt.Errorf("%s", pToken.AccessToken)
-	}
-	token := &oauth2.Token{
-		AccessToken: pToken.AccessToken,
-		Expiry:      time.Unix(time.Now().Unix()+int64(pToken.ExpiresIn), 0),
-	}
-	return token, nil
-}
-
-/*
-{
-    "sub": "2f80c349-4beb-407f-b1f0-528aac0f1acd",
-    "iss": "https://door.casbin.com",
-    "aud": "7a11****0fa2172",
-    "name": "admin",
-    "preferred_username": "Admin",
-    "email": "admin@example.com",
-    "picture": "https://casbin.org/img/casbin.svg",
-    "address": "Guangdong",
-    "phone": "12345678910"
-}
-*/
-
-type CasdoorUserInfo struct {
-	Id          string `json:"sub"`
-	Name        string `json:"name"`
-	DisplayName string `json:"preferred_username"`
-	Email       string `json:"email"`
-	AvatarUrl   string `json:"picture"`
-	Status      string `json:"status"`
-	Msg         string `json:"msg"`
-}
-
-func (idp *CasdoorIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	cdUserinfo := &CasdoorUserInfo{}
-	accessToken := token.AccessToken
-	request, err := http.NewRequest("GET", fmt.Sprintf("%s/api/userinfo", idp.Host), nil)
-	if err != nil {
-		return nil, err
-	}
-	// add accesstoken to bearer token
-	request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken))
-	resp, err := idp.Client.Do(request)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(data, cdUserinfo)
-	if err != nil {
-		return nil, err
-	}
-
-	if cdUserinfo.Status != "" {
-		return nil, fmt.Errorf("err: %s", cdUserinfo.Msg)
-	}
-
-	userInfo := &UserInfo{
-		Id:          cdUserinfo.Id,
-		Username:    cdUserinfo.Name,
-		DisplayName: cdUserinfo.DisplayName,
-		Email:       cdUserinfo.Email,
-		AvatarUrl:   cdUserinfo.AvatarUrl,
-	}
-	return userInfo, nil
-}
--- a/idp/custom.go
+++ b/idp/custom.go
@@ -1,109 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	_ "net/url"
-	_ "time"
-
-	"golang.org/x/oauth2"
-)
-
-type CustomIdProvider struct {
-	Client      *http.Client
-	Config      *oauth2.Config
-	UserInfoUrl string
-}
-
-func NewCustomIdProvider(clientId string, clientSecret string, redirectUrl string, authUrl string, tokenUrl string, userInfoUrl string) *CustomIdProvider {
-	idp := &CustomIdProvider{}
-	idp.UserInfoUrl = userInfoUrl
-
-	config := &oauth2.Config{
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-		Endpoint: oauth2.Endpoint{
-			AuthURL:  authUrl,
-			TokenURL: tokenUrl,
-		},
-	}
-	idp.Config = config
-
-	return idp
-}
-
-func (idp *CustomIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-func (idp *CustomIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, idp.Client)
-	return idp.Config.Exchange(ctx, code)
-}
-
-type CustomUserInfo struct {
-	Id          string `json:"sub"`
-	Name        string `json:"name"`
-	DisplayName string `json:"preferred_username"`
-	Email       string `json:"email"`
-	AvatarUrl   string `json:"picture"`
-	Status      string `json:"status"`
-	Msg         string `json:"msg"`
-}
-
-func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	ctUserinfo := &CustomUserInfo{}
-	accessToken := token.AccessToken
-	request, err := http.NewRequest("GET", idp.UserInfoUrl, nil)
-	if err != nil {
-		return nil, err
-	}
-	// add accessToken to request header
-	request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken))
-	resp, err := idp.Client.Do(request)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(data, ctUserinfo)
-	if err != nil {
-		return nil, err
-	}
-
-	if ctUserinfo.Status != "" {
-		return nil, fmt.Errorf("err: %s", ctUserinfo.Msg)
-	}
-
-	userInfo := &UserInfo{
-		Id:          ctUserinfo.Id,
-		Username:    ctUserinfo.Name,
-		DisplayName: ctUserinfo.DisplayName,
-		Email:       ctUserinfo.Email,
-		AvatarUrl:   ctUserinfo.AvatarUrl,
-	}
-	return userInfo, nil
-}
--- a/idp/dingtalk.go
+++ b/idp/dingtalk.go
@@ -1,263 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"strings"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type DingTalkIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-// NewDingTalkIdProvider ...
-func NewDingTalkIdProvider(clientId string, clientSecret string, redirectUrl string) *DingTalkIdProvider {
-	idp := &DingTalkIdProvider{}
-
-	config := idp.getConfig(clientId, clientSecret, redirectUrl)
-	idp.Config = config
-
-	return idp
-}
-
-// SetHttpClient ...
-func (idp *DingTalkIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-// getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
-func (idp *DingTalkIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		AuthURL:  "https://api.dingtalk.com/v1.0/contact/users/me",
-		TokenURL: "https://api.dingtalk.com/v1.0/oauth2/userAccessToken",
-	}
-
-	config := &oauth2.Config{
-		// DingTalk not allow to set scopes,here it is just a placeholder,
-		// convenient to use later
-		Scopes: []string{"", ""},
-
-		Endpoint:     endpoint,
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-	}
-
-	return config
-}
-
-type DingTalkAccessToken struct {
-	ErrCode     int    `json:"code"`
-	ErrMsg      string `json:"message"`
-	AccessToken string `json:"accessToken"` // Interface call credentials
-	ExpiresIn   int64  `json:"expireIn"`    // access_token interface call credential timeout time, unit (seconds)
-}
-
-// GetToken use code get access_token (*operation of getting authCode ought to be done in front)
-// get more detail via: https://open.dingtalk.com/document/orgapp-server/obtain-user-token
-func (idp *DingTalkIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	pTokenParams := &struct {
-		ClientId     string `json:"clientId"`
-		ClientSecret string `json:"clientSecret"`
-		Code         string `json:"code"`
-		GrantType    string `json:"grantType"`
-	}{idp.Config.ClientID, idp.Config.ClientSecret, code, "authorization_code"}
-
-	data, err := idp.postWithBody(pTokenParams, idp.Config.Endpoint.TokenURL)
-	if err != nil {
-		return nil, err
-	}
-
-	pToken := &DingTalkAccessToken{}
-	err = json.Unmarshal(data, pToken)
-	if err != nil {
-		return nil, err
-	}
-
-	if pToken.ErrCode != 0 {
-		return nil, fmt.Errorf("pToken.Errcode = %d, pToken.Errmsg = %s", pToken.ErrCode, pToken.ErrMsg)
-	}
-
-	token := &oauth2.Token{
-		AccessToken: pToken.AccessToken,
-		Expiry:      time.Unix(time.Now().Unix()+pToken.ExpiresIn, 0),
-	}
-	return token, nil
-}
-
-/*
-{
-{
-  "nick" : "zhangsan",
-  "avatarUrl" : "https://xxx",
-  "mobile" : "150xxxx9144",
-  "openId" : "123",
-  "unionId" : "z21HjQliSzpw0Yxxxx",
-  "email" : "zhangsan@alibaba-inc.com",
-  "stateCode" : "86"
-}
-*/
-
-type DingTalkUserResponse struct {
-	Nick      string `json:"nick"`
-	OpenId    string `json:"openId"`
-	UnionId   string `json:"unionId"`
-	AvatarUrl string `json:"avatarUrl"`
-	Email     string `json:"email"`
-	Errmsg    string `json:"message"`
-	Errcode   string `json:"code"`
-}
-
-// GetUserInfo Use  access_token to get UserInfo
-// get more detail via: https://open.dingtalk.com/document/orgapp-server/dingtalk-retrieve-user-information
-func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	dtUserInfo := &DingTalkUserResponse{}
-	accessToken := token.AccessToken
-
-	reqest, err := http.NewRequest("GET", idp.Config.Endpoint.AuthURL, nil)
-	if err != nil {
-		return nil, err
-	}
-	reqest.Header.Add("x-acs-dingtalk-access-token", accessToken)
-	resp, err := idp.Client.Do(reqest)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(data, dtUserInfo)
-	if err != nil {
-		return nil, err
-	}
-
-	if dtUserInfo.Errmsg != "" {
-		return nil, fmt.Errorf("userIdResp.Errcode = %s, userIdResp.Errmsg = %s", dtUserInfo.Errcode, dtUserInfo.Errmsg)
-	}
-
-	userInfo := UserInfo{
-		Id:          dtUserInfo.OpenId,
-		Username:    dtUserInfo.Nick,
-		DisplayName: dtUserInfo.Nick,
-		UnionId:     dtUserInfo.UnionId,
-		Email:       dtUserInfo.Email,
-		AvatarUrl:   dtUserInfo.AvatarUrl,
-	}
-	isUserInOrg, err := idp.isUserInOrg(userInfo.UnionId)
-	if !isUserInOrg {
-		return nil, err
-	}
-	return &userInfo, nil
-}
-
-func (idp *DingTalkIdProvider) postWithBody(body interface{}, url string) ([]byte, error) {
-	bs, err := json.Marshal(body)
-	if err != nil {
-		return nil, err
-	}
-	r := strings.NewReader(string(bs))
-	resp, err := idp.Client.Post(url, "application/json;charset=UTF-8", r)
-	if err != nil {
-		return nil, err
-	}
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-
-	return data, nil
-}
-
-func (idp *DingTalkIdProvider) getInnerAppAccessToken() string {
-	appKey := idp.Config.ClientID
-	appSecret := idp.Config.ClientSecret
-	body := make(map[string]string)
-	body["appKey"] = appKey
-	body["appSecret"] = appSecret
-	bodyData, err := json.Marshal(body)
-	if err != nil {
-		log.Println(err.Error())
-	}
-	reader := bytes.NewReader(bodyData)
-	request, err := http.NewRequest("POST", "https://api.dingtalk.com/v1.0/oauth2/accessToken", reader)
-	request.Header.Set("Content-Type", "application/json;charset=UTF-8")
-	resp, err := idp.Client.Do(request)
-	respBytes, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		log.Println(err.Error())
-	}
-	var data struct {
-		ExpireIn    int    `json:"expireIn"`
-		AccessToken string `json:"accessToken"`
-	}
-	err = json.Unmarshal(respBytes, &data)
-	if err != nil {
-		log.Println(err.Error())
-	}
-	return data.AccessToken
-}
-
-func (idp *DingTalkIdProvider) isUserInOrg(unionId string) (bool, error) {
-	body := make(map[string]string)
-	body["unionid"] = unionId
-	bodyData, err := json.Marshal(body)
-	if err != nil {
-		log.Println(err.Error())
-	}
-	reader := bytes.NewReader(bodyData)
-	accessToken := idp.getInnerAppAccessToken()
-	request, _ := http.NewRequest("POST", "https://oapi.dingtalk.com/topapi/user/getbyunionid?access_token="+accessToken, reader)
-	request.Header.Set("Content-Type", "application/json;charset=UTF-8")
-	resp, err := idp.Client.Do(request)
-	respBytes, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		log.Println(err.Error())
-	}
-	var data struct {
-		ErrCode    int    `json:"errcode"`
-		ErrMessage string `json:"errmsg"`
-	}
-	err = json.Unmarshal(respBytes, &data)
-	if err != nil {
-		log.Println(err.Error())
-	}
-	if data.ErrCode == 60121 {
-		return false, fmt.Errorf("the user is not found in the organization where clientId and clientSecret belong")
-	} else if data.ErrCode != 0 {
-		return false, fmt.Errorf(data.ErrMessage)
-	}
-	return true, nil
-}
--- a/idp/douyin.go
+++ b/idp/douyin.go
@@ -1,198 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type DouyinIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-func NewDouyinIdProvider(clientId string, clientSecret string, redirectUrl string) *DouyinIdProvider {
-	idp := &DouyinIdProvider{}
-	idp.Config = idp.getConfig(clientId, clientSecret, redirectUrl)
-	return idp
-}
-
-func (idp *DouyinIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-func (idp *DouyinIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		TokenURL: "https://open.douyin.com/oauth/access_token",
-		AuthURL:  "https://open.douyin.com/platform/oauth/connect",
-	}
-
-	config := &oauth2.Config{
-		Scopes:       []string{"user_info"},
-		Endpoint:     endpoint,
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-	}
-
-	return config
-}
-
-// get more details via: https://open.douyin.com/platform/doc?doc=docs/openapi/account-permission/get-access-token
-/*
-{
-  "data": {
-    "access_token": "access_token",
-    "description": "",
-    "error_code": "0",
-    "expires_in": "86400",
-    "open_id": "aaa-bbb-ccc",
-    "refresh_expires_in": "86400",
-    "refresh_token": "refresh_token",
-    "scope": "user_info"
-  },
-  "message": "<nil>"
-}
-*/
-
-type DouyinTokenResp struct {
-	Data struct {
-		AccessToken  string `json:"access_token"`
-		ExpiresIn    int64  `json:"expires_in"`
-		OpenId       string `json:"open_id"`
-		RefreshToken string `json:"refresh_token"`
-		Scope        string `json:"scope"`
-	} `json:"data"`
-	Message string `json:"message"`
-}
-
-// GetToken use code to get access_token
-// get more details via: https://open.douyin.com/platform/doc?doc=docs/openapi/account-permission/get-access-token
-func (idp *DouyinIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	payload := url.Values{}
-	payload.Set("code", code)
-	payload.Set("grant_type", "authorization_code")
-	payload.Set("client_key", idp.Config.ClientID)
-	payload.Set("client_secret", idp.Config.ClientSecret)
-	resp, err := idp.Client.PostForm(idp.Config.Endpoint.TokenURL, payload)
-	if err != nil {
-		return nil, err
-	}
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	tokenResp := &DouyinTokenResp{}
-	err = json.Unmarshal(data, tokenResp)
-	if err != nil {
-		return nil, fmt.Errorf("fail to unmarshal token response: %s", err.Error())
-	}
-
-	token := &oauth2.Token{
-		AccessToken:  tokenResp.Data.AccessToken,
-		RefreshToken: tokenResp.Data.RefreshToken,
-		Expiry:       time.Unix(time.Now().Unix()+tokenResp.Data.ExpiresIn, 0),
-	}
-
-	raw := make(map[string]interface{})
-	raw["open_id"] = tokenResp.Data.OpenId
-	token = token.WithExtra(raw)
-
-	return token, nil
-}
-
-// get more details via: https://open.douyin.com/platform/doc?doc=docs/openapi/account-management/get-account-open-info
-/*
-{
-  "data": {
-    "avatar": "https://example.com/x.jpeg",
-    "city": "上海",
-    "country": "中国",
-    "description": "",
-    "e_account_role": "<nil>",
-    "error_code": "0",
-    "gender": "<nil>",
-    "nickname": "张伟",
-    "open_id": "0da22181-d833-447f-995f-1beefea5bef3",
-    "province": "上海",
-    "union_id": "1ad4e099-4a0c-47d1-a410-bffb4f2f64a4"
-  }
-}
-*/
-
-type DouyinUserInfo struct {
-	Data struct {
-		Avatar  string `json:"avatar"`
-		City    string `json:"city"`
-		Country string `json:"country"`
-		// 0->unknown, 1->male, 2->female
-		Gender   int64  `json:"gender"`
-		Nickname string `json:"nickname"`
-		OpenId   string `json:"open_id"`
-		Province string `json:"province"`
-	} `json:"data"`
-}
-
-// GetUserInfo use token to get user profile
-func (idp *DouyinIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	body := &struct {
-		AccessToken string `json:"access_token"`
-		OpenId      string `json:"open_id"`
-	}{token.AccessToken, token.Extra("open_id").(string)}
-	data, err := json.Marshal(body)
-	if err != nil {
-		return nil, err
-	}
-	req, err := http.NewRequest("GET", "https://open.douyin.com/oauth/userinfo/", bytes.NewReader(data))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("access-token", token.AccessToken)
-	req.Header.Add("Accept", "application/json")
-	req.Header.Add("Content-Type", "application/json")
-	resp, err := idp.Client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-
-	defer resp.Body.Close()
-
-	respBody, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	var douyinUserInfo DouyinUserInfo
-	err = json.Unmarshal(respBody, &douyinUserInfo)
-	if err != nil {
-		return nil, err
-	}
-
-	userInfo := UserInfo{
-		Id:          douyinUserInfo.Data.OpenId,
-		Username:    douyinUserInfo.Data.Nickname,
-		DisplayName: douyinUserInfo.Data.Nickname,
-		AvatarUrl:   douyinUserInfo.Data.Avatar,
-	}
-	return &userInfo, nil
-}
--- a/idp/facebook.go
+++ b/idp/facebook.go
@@ -1,196 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type FacebookIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-func NewFacebookIdProvider(clientId string, clientSecret string, redirectUrl string) *FacebookIdProvider {
-	idp := &FacebookIdProvider{}
-
-	config := idp.getConfig(clientId, clientSecret, redirectUrl)
-	idp.Config = config
-
-	return idp
-}
-
-func (idp *FacebookIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-// getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
-func (idp *FacebookIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		TokenURL: "https://graph.facebook.com/oauth/access_token",
-	}
-
-	config := &oauth2.Config{
-		Scopes:       []string{"email,public_profile"},
-		Endpoint:     endpoint,
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-	}
-
-	return config
-}
-
-type FacebookAccessToken struct {
-	AccessToken string `json:"access_token"` // Interface call credentials
-	TokenType   string `json:"token_type"`   // Access token type
-	ExpiresIn   int64  `json:"expires_in"`   // access_token interface call credential timeout time, unit (seconds)
-}
-
-type FacebookCheckToken struct {
-	Data string `json:"data"`
-}
-
-// FacebookCheckTokenData
-// Get more detail via: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#checktoken
-type FacebookCheckTokenData struct {
-	UserId string `json:"user_id"`
-}
-
-// GetToken use code get access_token (*operation of getting code ought to be done in front)
-// get more detail via: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#confirm
-func (idp *FacebookIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	params := url.Values{}
-	params.Add("client_id", idp.Config.ClientID)
-	params.Add("redirect_uri", idp.Config.RedirectURL)
-	params.Add("client_secret", idp.Config.ClientSecret)
-	params.Add("code", code)
-
-	accessTokenUrl := fmt.Sprintf("https://graph.facebook.com/oauth/access_token?%s", params.Encode())
-
-	accessTokenResp, err := idp.GetUrlResp(accessTokenUrl)
-	if err != nil {
-		return nil, err
-	}
-
-	var facebookAccessToken FacebookAccessToken
-	if err = json.Unmarshal([]byte(accessTokenResp), &facebookAccessToken); err != nil {
-		return nil, err
-	}
-
-	token := oauth2.Token{
-		AccessToken: facebookAccessToken.AccessToken,
-		TokenType:   "FacebookAccessToken",
-		Expiry:      time.Time{},
-	}
-
-	return &token, nil
-}
-
-//{
-//    "id": "123456789",
-//    "name": "Example Name",
-//    "name_format": "{first} {last}",
-//    "picture": {
-//        "data": {
-//            "height": 50,
-//            "is_silhouette": false,
-//            "url": "https://example.com",
-//            "width": 50
-//        }
-//    },
-//    "email": "test@example.com"
-//}
-
-type FacebookUserInfo struct {
-	Id         string   `json:"id"`          // The app user's App-Scoped User ID. This ID is unique to the app and cannot be used by other apps.
-	Name       string   `json:"name"`        // The person's full name.
-	NameFormat string   `json:"name_format"` // The person's name formatted to correctly handle Chinese, Japanese, or Korean ordering.
-	Picture    struct { // The person's profile picture.
-		Data struct { // This struct is different as https://developers.facebook.com/docs/graph-api/reference/user/picture/
-			Height       int    `json:"height"`
-			IsSilhouette bool   `json:"is_silhouette"`
-			Url          string `json:"url"`
-			Width        int    `json:"width"`
-		} `json:"data"`
-	} `json:"picture"`
-	Email string `json:"email"` // The User's primary email address listed on their profile. This field will not be returned if no valid email address is available.
-}
-
-// GetUserInfo use FacebookAccessToken gotten before return FacebookUserInfo
-// get more detail via: https://developers.facebook.com/docs/graph-api/reference/user
-func (idp *FacebookIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	var facebookUserInfo FacebookUserInfo
-	accessToken := token.AccessToken
-
-	userIdUrl := fmt.Sprintf("https://graph.facebook.com/me?access_token=%s", accessToken)
-	userIdResp, err := idp.GetUrlResp(userIdUrl)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = json.Unmarshal([]byte(userIdResp), &facebookUserInfo); err != nil {
-		return nil, err
-	}
-
-	userInfoUrl := fmt.Sprintf("https://graph.facebook.com/%s?fields=id,name,name_format,picture,email&access_token=%s", facebookUserInfo.Id, accessToken)
-	userInfoResp, err := idp.GetUrlResp(userInfoUrl)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = json.Unmarshal([]byte(userInfoResp), &facebookUserInfo); err != nil {
-		return nil, err
-	}
-
-	userInfo := UserInfo{
-		Id:          facebookUserInfo.Id,
-		Username:    facebookUserInfo.Name,
-		DisplayName: facebookUserInfo.Name,
-		Email:       facebookUserInfo.Email,
-		AvatarUrl:   facebookUserInfo.Picture.Data.Url,
-	}
-	return &userInfo, nil
-}
-
-func (idp *FacebookIdProvider) GetUrlResp(url string) (string, error) {
-	resp, err := idp.Client.Get(url)
-	if err != nil {
-		return "", err
-	}
-
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-
-	buf := new(bytes.Buffer)
-	_, err = buf.ReadFrom(resp.Body)
-	if err != nil {
-		return "", err
-	}
-
-	return buf.String(), nil
-}
--- a/idp/gitee.go
+++ b/idp/gitee.go
@@ -1,229 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type GiteeIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-func NewGiteeIdProvider(clientId string, clientSecret string, redirectUrl string) *GiteeIdProvider {
-	idp := &GiteeIdProvider{}
-
-	config := idp.getConfig(clientId, clientSecret, redirectUrl)
-	idp.Config = config
-
-	return idp
-}
-
-func (idp *GiteeIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-// getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
-func (idp *GiteeIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		TokenURL: "https://gitee.com/oauth/token",
-	}
-
-	config := &oauth2.Config{
-		Scopes: []string{"user_info emails"},
-
-		Endpoint:     endpoint,
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-	}
-
-	return config
-}
-
-type GiteeAccessToken struct {
-	AccessToken  string `json:"access_token"`
-	TokenType    string `json:"token_type"`
-	ExpiresIn    int    `json:"expires_in"`
-	RefreshToken string `json:"refresh_token"`
-	Scope        string `json:"scope"`
-	CreatedAt    int    `json:"created_at"`
-}
-
-// GetToken use code get access_token (*operation of getting code ought to be done in front)
-// The POST Url format of submission is: https://gitee.com/oauth/token?grant_type=authorization_code&code={code}&client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret}
-// get more detail via: https://gitee.com/api/v5/oauth_doc#/
-func (idp *GiteeIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	params := url.Values{}
-	params.Add("grant_type", "authorization_code")
-	params.Add("client_id", idp.Config.ClientID)
-	params.Add("client_secret", idp.Config.ClientSecret)
-	params.Add("code", code)
-	params.Add("redirect_uri", idp.Config.RedirectURL)
-
-	accessTokenUrl := fmt.Sprintf("%s?%s", idp.Config.Endpoint.TokenURL, params.Encode())
-	bs, _ := json.Marshal(params.Encode())
-	req, _ := http.NewRequest("POST", accessTokenUrl, strings.NewReader(string(bs)))
-	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36")
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	rbs, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	tokenResp := GiteeAccessToken{}
-	if err = json.Unmarshal(rbs, &tokenResp); err != nil {
-		return nil, err
-	}
-
-	token := &oauth2.Token{
-		AccessToken:  tokenResp.AccessToken,
-		TokenType:    tokenResp.TokenType,
-		RefreshToken: tokenResp.RefreshToken,
-		Expiry:       time.Unix(time.Now().Unix()+int64(tokenResp.ExpiresIn), 0),
-	}
-
-	return token, nil
-}
-
-/*
-{
-    "id": 999999,
-    "login": "xxx",
-    "name": "xxx",
-    "avatar_url": "https://gitee.com/assets/no_portrait.png",
-    "url": "https://gitee.com/api/v5/users/xxx",
-    "html_url": "https://gitee.com/xxx",
-    "followers_url": "https://gitee.com/api/v5/users/xxx/followers",
-    "following_url": "https://gitee.com/api/v5/users/xxx/following_url{/other_user}",
-    "gists_url": "https://gitee.com/api/v5/users/xxx/gists{/gist_id}",
-    "starred_url": "https://gitee.com/api/v5/users/xxx/starred{/owner}{/repo}",
-    "subscriptions_url": "https://gitee.com/api/v5/users/xxx/subscriptions",
-    "organizations_url": "https://gitee.com/api/v5/users/xxx/orgs",
-    "repos_url": "https://gitee.com/api/v5/users/xxx/repos",
-    "events_url": "https://gitee.com/api/v5/users/xxx/events{/privacy}",
-    "received_events_url": "https://gitee.com/api/v5/users/xxx/received_events",
-    "type": "User",
-    "blog": null,
-    "weibo": null,
-    "bio": "个人博客：https://gitee.com/xxx/xxx/pages",
-    "public_repos": 2,
-    "public_gists": 0,
-    "followers": 0,
-    "following": 0,
-    "stared": 0,
-    "watched": 2,
-    "created_at": "2019-08-03T23:21:16+08:00",
-    "updated_at": "2021-06-14T12:47:09+08:00",
-    "email": null
-}
-*/
-
-type GiteeUserResponse struct {
-	AvatarUrl         string `json:"avatar_url"`
-	Bio               string `json:"bio"`
-	Blog              string `json:"blog"`
-	CreatedAt         string `json:"created_at"`
-	Email             string `json:"email"`
-	EventsUrl         string `json:"events_url"`
-	Followers         int    `json:"followers"`
-	FollowersUrl      string `json:"followers_url"`
-	Following         int    `json:"following"`
-	FollowingUrl      string `json:"following_url"`
-	GistsUrl          string `json:"gists_url"`
-	HtmlUrl           string `json:"html_url"`
-	Id                int    `json:"id"`
-	Login             string `json:"login"`
-	MemberRole        string `json:"member_role"`
-	Name              string `json:"name"`
-	OrganizationsUrl  string `json:"organizations_url"`
-	PublicGists       int    `json:"public_gists"`
-	PublicRepos       int    `json:"public_repos"`
-	ReceivedEventsUrl string `json:"received_events_url"`
-	ReposUrl          string `json:"repos_url"`
-	Stared            int    `json:"stared"`
-	StarredUrl        string `json:"starred_url"`
-	SubscriptionsUrl  string `json:"subscriptions_url"`
-	Type              string `json:"type"`
-	UpdatedAt         string `json:"updated_at"`
-	Url               string `json:"url"`
-	Watched           int    `json:"watched"`
-	Weibo             string `json:"weibo"`
-}
-
-// GetUserInfo Use userid and access_token to get UserInfo
-// get more detail via: https://gitee.com/api/v5/swagger#/getV5User
-func (idp *GiteeIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	var gtUserInfo GiteeUserResponse
-	accessToken := token.AccessToken
-
-	u := fmt.Sprintf("https://gitee.com/api/v5/user?access_token=%s",
-		accessToken)
-
-	userinfoResp, err := idp.GetUrlResp(u)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = json.Unmarshal([]byte(userinfoResp), &gtUserInfo); err != nil {
-		return nil, err
-	}
-
-	userInfo := UserInfo{
-		Id:          strconv.Itoa(gtUserInfo.Id),
-		Username:    gtUserInfo.Name,
-		DisplayName: gtUserInfo.Name,
-		Email:       gtUserInfo.Email,
-		AvatarUrl:   gtUserInfo.AvatarUrl,
-	}
-
-	return &userInfo, nil
-}
-
-func (idp *GiteeIdProvider) GetUrlResp(url string) (string, error) {
-	resp, err := idp.Client.Get(url)
-	if err != nil {
-		return "", err
-	}
-
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-
-	buf := new(bytes.Buffer)
-	_, err = buf.ReadFrom(resp.Body)
-	if err != nil {
-		return "", err
-	}
-
-	return buf.String(), nil
-}
--- a/idp/github.go
+++ b/idp/github.go
@@ -1,250 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type GithubIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-func NewGithubIdProvider(clientId string, clientSecret string, redirectUrl string) *GithubIdProvider {
-	idp := &GithubIdProvider{}
-
-	config := idp.getConfig()
-	config.ClientID = clientId
-	config.ClientSecret = clientSecret
-	config.RedirectURL = redirectUrl
-	idp.Config = config
-
-	return idp
-}
-
-func (idp *GithubIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-func (idp *GithubIdProvider) getConfig() *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		AuthURL:  "https://github.com/login/oauth/authorize",
-		TokenURL: "https://github.com/login/oauth/access_token",
-	}
-
-	config := &oauth2.Config{
-		Scopes:   []string{"user:email", "read:user"},
-		Endpoint: endpoint,
-	}
-
-	return config
-}
-
-type GithubToken struct {
-	AccessToken string `json:"access_token"`
-	TokenType   string `json:"token_type"`
-	Scope       string `json:"scope"`
-	Error       string `json:"error"`
-}
-
-func (idp *GithubIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	params := &struct {
-		Code         string `json:"code"`
-		ClientId     string `json:"client_id"`
-		ClientSecret string `json:"client_secret"`
-	}{code, idp.Config.ClientID, idp.Config.ClientSecret}
-	data, err := idp.postWithBody(params, idp.Config.Endpoint.TokenURL)
-	if err != nil {
-		return nil, err
-	}
-	pToken := &GithubToken{}
-	if err = json.Unmarshal(data, pToken); err != nil {
-		return nil, err
-	}
-	if pToken.Error != "" {
-		return nil, fmt.Errorf("err: %s", pToken.Error)
-	}
-
-	token := &oauth2.Token{
-		AccessToken: pToken.AccessToken,
-		TokenType:   "Bearer",
-	}
-
-	return token, nil
-}
-
-//{
-//	"login": "jimgreen",
-//	"id": 3781234,
-//	"node_id": "MDQ6VXNlcjM3O123456=",
-//	"avatar_url": "https://avatars.githubusercontent.com/u/3781234?v=4",
-//	"gravatar_id": "",
-//	"url": "https://api.github.com/users/jimgreen",
-//	"html_url": "https://github.com/jimgreen",
-//	"followers_url": "https://api.github.com/users/jimgreen/followers",
-//	"following_url": "https://api.github.com/users/jimgreen/following{/other_user}",
-//	"gists_url": "https://api.github.com/users/jimgreen/gists{/gist_id}",
-//	"starred_url": "https://api.github.com/users/jimgreen/starred{/owner}{/repo}",
-//	"subscriptions_url": "https://api.github.com/users/jimgreen/subscriptions",
-//	"organizations_url": "https://api.github.com/users/jimgreen/orgs",
-//	"repos_url": "https://api.github.com/users/jimgreen/repos",
-//	"events_url": "https://api.github.com/users/jimgreen/events{/privacy}",
-//	"received_events_url": "https://api.github.com/users/jimgreen/received_events",
-//	"type": "User",
-//	"site_admin": false,
-//	"name": "Jim Green",
-//	"company": "Casbin",
-//	"blog": "https://casbin.org",
-//	"location": "Bay Area",
-//	"email": "jimgreen@gmail.com",
-//	"hireable": true,
-//	"bio": "My bio",
-//	"twitter_username": null,
-//	"public_repos": 45,
-//	"public_gists": 3,
-//	"followers": 123,
-//	"following": 31,
-//	"created_at": "2016-03-06T13:16:13Z",
-//	"updated_at": "2020-05-30T12:15:29Z",
-//	"private_gists": 0,
-//	"total_private_repos": 12,
-//	"owned_private_repos": 12,
-//	"disk_usage": 46331,
-//	"collaborators": 5,
-//	"two_factor_authentication": true,
-//	"plan": {
-//		"name": "free",
-//		"space": 976562499,
-//		"collaborators": 0,
-//		"private_repos": 10000
-//	}
-//}
-
-type GitHubUserInfo struct {
-	Login                   string      `json:"login"`
-	Id                      int         `json:"id"`
-	NodeId                  string      `json:"node_id"`
-	AvatarUrl               string      `json:"avatar_url"`
-	GravatarId              string      `json:"gravatar_id"`
-	Url                     string      `json:"url"`
-	HtmlUrl                 string      `json:"html_url"`
-	FollowersUrl            string      `json:"followers_url"`
-	FollowingUrl            string      `json:"following_url"`
-	GistsUrl                string      `json:"gists_url"`
-	StarredUrl              string      `json:"starred_url"`
-	SubscriptionsUrl        string      `json:"subscriptions_url"`
-	OrganizationsUrl        string      `json:"organizations_url"`
-	ReposUrl                string      `json:"repos_url"`
-	EventsUrl               string      `json:"events_url"`
-	ReceivedEventsUrl       string      `json:"received_events_url"`
-	Type                    string      `json:"type"`
-	SiteAdmin               bool        `json:"site_admin"`
-	Name                    string      `json:"name"`
-	Company                 string      `json:"company"`
-	Blog                    string      `json:"blog"`
-	Location                string      `json:"location"`
-	Email                   string      `json:"email"`
-	Hireable                bool        `json:"hireable"`
-	Bio                     string      `json:"bio"`
-	TwitterUsername         interface{} `json:"twitter_username"`
-	PublicRepos             int         `json:"public_repos"`
-	PublicGists             int         `json:"public_gists"`
-	Followers               int         `json:"followers"`
-	Following               int         `json:"following"`
-	CreatedAt               time.Time   `json:"created_at"`
-	UpdatedAt               time.Time   `json:"updated_at"`
-	PrivateGists            int         `json:"private_gists"`
-	TotalPrivateRepos       int         `json:"total_private_repos"`
-	OwnedPrivateRepos       int         `json:"owned_private_repos"`
-	DiskUsage               int         `json:"disk_usage"`
-	Collaborators           int         `json:"collaborators"`
-	TwoFactorAuthentication bool        `json:"two_factor_authentication"`
-	Plan                    struct {
-		Name          string `json:"name"`
-		Space         int    `json:"space"`
-		Collaborators int    `json:"collaborators"`
-		PrivateRepos  int    `json:"private_repos"`
-	} `json:"plan"`
-}
-
-func (idp *GithubIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
-	if err != nil {
-		panic(err)
-	}
-	req.Header.Add("Authorization", "token "+token.AccessToken)
-	resp, err := idp.Client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-
-	defer resp.Body.Close()
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	var githubUserInfo GitHubUserInfo
-	err = json.Unmarshal(body, &githubUserInfo)
-	if err != nil {
-		return nil, err
-	}
-
-	userInfo := UserInfo{
-		Id:          strconv.Itoa(githubUserInfo.Id),
-		Username:    githubUserInfo.Login,
-		DisplayName: githubUserInfo.Name,
-		Email:       githubUserInfo.Email,
-		AvatarUrl:   githubUserInfo.AvatarUrl,
-	}
-	return &userInfo, nil
-}
-
-func (idp *GithubIdProvider) postWithBody(body interface{}, url string) ([]byte, error) {
-	bs, err := json.Marshal(body)
-	if err != nil {
-		return nil, err
-	}
-	r := strings.NewReader(string(bs))
-	req, _ := http.NewRequest("POST", url, r)
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("Content-Type", "application/json")
-	resp, err := idp.Client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-
-	return data, nil
-}
--- a/idp/gitlab.go
+++ b/idp/gitlab.go
@@ -1,230 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type GitlabIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-}
-
-func NewGitlabIdProvider(clientId string, clientSecret string, redirectUrl string) *GitlabIdProvider {
-	idp := &GitlabIdProvider{}
-
-	config := idp.getConfig(clientId, clientSecret, redirectUrl)
-	idp.Config = config
-
-	return idp
-}
-
-func (idp *GitlabIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-// getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
-func (idp *GitlabIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
-	endpoint := oauth2.Endpoint{
-		TokenURL: "https://gitlab.com/oauth/token",
-	}
-
-	config := &oauth2.Config{
-		Scopes:       []string{"read_user+profile"},
-		Endpoint:     endpoint,
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
-		RedirectURL:  redirectUrl,
-	}
-
-	return config
-}
-
-type GitlabProviderToken struct {
-	AccessToken  string `json:"access_token"`
-	TokenType    string `json:"token_type"`
-	ExpiresIn    int    `json:"expires_in"`
-	RefreshToken string `json:"refresh_token"`
-	CreatedAt    int    `json:"created_at"`
-}
-
-// GetToken use code get access_token (*operation of getting code ought to be done in front)
-// get more detail via: https://docs.gitlab.com/ee/api/oauth2.html
-func (idp *GitlabIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	params := url.Values{}
-	params.Add("grant_type", "authorization_code")
-	params.Add("client_id", idp.Config.ClientID)
-	params.Add("client_secret", idp.Config.ClientSecret)
-	params.Add("code", code)
-	params.Add("redirect_uri", idp.Config.RedirectURL)
-
-	accessTokenUrl := fmt.Sprintf("%s?%s", idp.Config.Endpoint.TokenURL, params.Encode())
-	resp, err := idp.Client.Post(accessTokenUrl, "application/json;charset=UTF-8", nil)
-	if err != nil {
-		return nil, err
-	}
-
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	gtoken := &GitlabProviderToken{}
-	if err = json.Unmarshal(data, gtoken); err != nil {
-		return nil, err
-	}
-
-	// gtoken.ExpiresIn always returns 0, so we set Expiry=7200 to avoid verification errors.
-	token := &oauth2.Token{
-		AccessToken:  gtoken.AccessToken,
-		TokenType:    gtoken.TokenType,
-		RefreshToken: gtoken.RefreshToken,
-		Expiry:       time.Unix(time.Now().Unix()+int64(7200), 0),
-	}
-
-	return token, nil
-}
-
-/*
-{
-   "id":5162115,
-   "name":"shiluo",
-   "username":"shiluo",
-   "state":"active",
-   "avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/5162115/avatar.png",
-   "web_url":"https://gitlab.com/shiluo",
-   "created_at":"2019-12-23T02:50:10.348Z",
-   "bio":"",
-   "bio_html":"",
-   "location":"China",
-   "public_email":"silo1999@163.com",
-   "skype":"",
-   "linkedin":"",
-   "twitter":"",
-   "website_url":"",
-   "organization":"",
-   "job_title":"",
-   "pronouns":null,
-   "bot":false,
-   "work_information":null,
-   "followers":0,
-   "following":0,
-   "last_sign_in_at":"2019-12-26T13:24:42.941Z",
-   "confirmed_at":"2019-12-23T02:52:10.778Z",
-   "last_activity_on":"2021-08-19",
-   "email":"silo1999@163.com",
-   "theme_id":1,
-   "color_scheme_id":1,
-   "projects_limit":100000,
-   "current_sign_in_at":"2021-08-19T09:46:46.004Z",
-   "identities":[
-      {
-         "provider":"github",
-         "extern_uid":"51157931",
-         "saml_provider_id":null
-      }
-   ],
-   "can_create_group":true,
-   "can_create_project":true,
-   "two_factor_enabled":false,
-   "external":false,
-   "private_profile":false,
-   "commit_email":"silo1999@163.com",
-   "shared_runners_minutes_limit":null,
-   "extra_shared_runners_minutes_limit":null
-}
-*/
-
-type GitlabUserInfo struct {
-	Id              int         `json:"id"`
-	Name            string      `json:"name"`
-	Username        string      `json:"username"`
-	State           string      `json:"state"`
-	AvatarUrl       string      `json:"avatar_url"`
-	WebUrl          string      `json:"web_url"`
-	CreatedAt       time.Time   `json:"created_at"`
-	Bio             string      `json:"bio"`
-	BioHtml         string      `json:"bio_html"`
-	Location        string      `json:"location"`
-	PublicEmail     string      `json:"public_email"`
-	Skype           string      `json:"skype"`
-	Linkedin        string      `json:"linkedin"`
-	Twitter         string      `json:"twitter"`
-	WebsiteUrl      string      `json:"website_url"`
-	Organization    string      `json:"organization"`
-	JobTitle        string      `json:"job_title"`
-	Pronouns        interface{} `json:"pronouns"`
-	Bot             bool        `json:"bot"`
-	WorkInformation interface{} `json:"work_information"`
-	Followers       int         `json:"followers"`
-	Following       int         `json:"following"`
-	LastSignInAt    time.Time   `json:"last_sign_in_at"`
-	ConfirmedAt     time.Time   `json:"confirmed_at"`
-	LastActivityOn  string      `json:"last_activity_on"`
-	Email           string      `json:"email"`
-	ThemeId         int         `json:"theme_id"`
-	ColorSchemeId   int         `json:"color_scheme_id"`
-	ProjectsLimit   int         `json:"projects_limit"`
-	CurrentSignInAt time.Time   `json:"current_sign_in_at"`
-	Identities      []struct {
-		Provider       string      `json:"provider"`
-		ExternUid      string      `json:"extern_uid"`
-		SamlProviderId interface{} `json:"saml_provider_id"`
-	} `json:"identities"`
-	CanCreateGroup                 bool        `json:"can_create_group"`
-	CanCreateProject               bool        `json:"can_create_project"`
-	TwoFactorEnabled               bool        `json:"two_factor_enabled"`
-	External                       bool        `json:"external"`
-	PrivateProfile                 bool        `json:"private_profile"`
-	CommitEmail                    string      `json:"commit_email"`
-	SharedRunnersMinutesLimit      interface{} `json:"shared_runners_minutes_limit"`
-	ExtraSharedRunnersMinutesLimit interface{} `json:"extra_shared_runners_minutes_limit"`
-}
-
-// GetUserInfo use GitlabProviderToken gotten before return GitlabUserInfo
-func (idp *GitlabIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	resp, err := idp.Client.Get("https://gitlab.com/api/v4/user?access_token=" + token.AccessToken)
-	if err != nil {
-		return nil, err
-	}
-
-	data, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	guser := GitlabUserInfo{}
-	if err = json.Unmarshal(data, &guser); err != nil {
-		return nil, err
-	}
-
-	userInfo := UserInfo{
-		Id:          strconv.Itoa(guser.Id),
-		Username:    guser.Username,
-		DisplayName: guser.Name,
-		AvatarUrl:   guser.AvatarUrl,
-		Email:       guser.Email,
-	}
-	return &userInfo, nil
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yang Luo	8435f7b5a2	Merge pull request #7 from nodece/feat_application feat: add application module	2020-11-24 14:48:25 +00:00
Yang Luo	98734837a8	Merge pull request #6 from nodece/improve_user_style fix: improve user style	2020-11-24 14:04:29 +00:00
Zixuan Liu	218b96ed74	feat: add application Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-23 23:50:59 +08:00
Zixuan Liu	89476a79ad	fix: improve user style Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-23 22:10:11 +08:00
Yang Luo	b003838b00	Merge pull request #5 from nodece/master refactor: adjust the structure for decoupling	2020-11-12 00:09:18 +08:00
Zixuan Liu	5efc866a84	refactor: adjust the structure for decoupling Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-11 21:38:51 +08:00
Yang Luo	d77278fb93	Merge pull request #4 from nodece/master feat: building the main layout	2020-11-07 11:08:54 +08:00
Zixuan Liu	17b974f895	feat: building the main layout Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-07 01:08:03 +08:00
Yang Luo	046ed8fe3b	Merge pull request #3 from nodece/master refactor: migrate from Beego to Gin	2020-11-01 10:41:43 +08:00
Zixuan Liu	2422943a59	refactor: migrate from Beego to Gin Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-01 01:09:49 +08:00
Zixuan Liu	723c68822c	refactor: migrate to TypeScript (#2 ) * refactor: migrate to TypeScript Signed-off-by: Zixuan Liu <nodeces@gmail.com> * fix: cors Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-10-31 23:20:40 +08:00