feat: support google one tap signin (#2131)

* feat: add google one tap support

* feat: gofumpt

* feat: add google provider rule conf

* feat: update i18n

controllers/account.go

@@ -380,7 +380,8 @@ func (c *ApiController) GetAccount() {
 		return
 	}
 
-	u, err := object.GetMaskedUser(user)
+	isAdminOrSelf := c.IsAdminOrSelf(user)
+	u, err := object.GetMaskedUser(user, isAdminOrSelf)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/application.go

@@ -48,14 +48,11 @@ func (c *ApiController) GetApplications() {
 		} else {
 			applications, err = object.GetOrganizationApplications(owner, organization)
 		}
-
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-
-		c.Data["json"] = object.GetMaskedApplications(applications, userId)
-		c.ServeJSON()
+		c.ResponseOk(object.GetMaskedApplications(applications, userId))
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetApplicationCount(owner, field, value)
@@ -86,14 +83,14 @@ func (c *ApiController) GetApplications() {
 func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
+
 	app, err := object.GetApplication(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.Data["json"] = object.GetMaskedApplication(app, userId)
-	c.ServeJSON()
+	c.ResponseOk(object.GetMaskedApplication(app, userId))
 }
 
 // GetUserApplication
@@ -106,25 +103,24 @@ func (c *ApiController) GetApplication() {
 func (c *ApiController) GetUserApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
+
 	user, err := object.GetUser(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
 	}
 
-	app, err := object.GetApplicationByUser(user)
+	application, err := object.GetApplicationByUser(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.Data["json"] = object.GetMaskedApplication(app, userId)
-	c.ServeJSON()
+	c.ResponseOk(object.GetMaskedApplication(application, userId))
 }
 
 // GetOrganizationApplications
@@ -157,8 +153,7 @@ func (c *ApiController) GetOrganizationApplications() {
 			return
 		}
 
-		c.Data["json"] = object.GetMaskedApplications(applications, userId)
-		c.ServeJSON()
+		c.ResponseOk(object.GetMaskedApplications(applications, userId))
 	} else {
 		limit := util.ParseInt(limit)
 

controllers/auth.go

@@ -422,7 +422,7 @@ func (c *ApiController) Login() {
 				c.ResponseError(err.Error())
 				return
 			}
-		} else if provider.Category == "OAuth" {
+		} else if provider.Category == "OAuth" || provider.Category == "Web3" {
 			// OAuth
 			idpInfo := object.FromProviderToIdpInfo(c.Ctx, provider)
 			idProvider := idp.GetIdProvider(idpInfo, authForm.RedirectUri)
@@ -465,7 +465,7 @@ func (c *ApiController) Login() {
 					c.ResponseError(err.Error())
 					return
 				}
-			} else if provider.Category == "OAuth" {
+			} else if provider.Category == "OAuth" || provider.Category == "Web3" {
 				user, err = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 				if err != nil {
 					c.ResponseError(err.Error())
@@ -486,7 +486,7 @@ func (c *ApiController) Login() {
 				record.Organization = application.Organization
 				record.User = user.Name
 				util.SafeGoroutine(func() { object.AddRecord(record) })
-			} else if provider.Category == "OAuth" {
+			} else if provider.Category == "OAuth" || provider.Category == "Web3" {
 				// Sign up via OAuth
 				if application.EnableLinkWithEmail {
 					if userInfo.Email != "" {

controllers/base.go

@@ -55,6 +55,18 @@ func (c *ApiController) IsAdmin() bool {
 	return isGlobalAdmin || user.IsAdmin
 }
 
+func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
+	isGlobalAdmin, user := c.isGlobalAdmin()
+	if isGlobalAdmin || (user != nil && user.IsAdmin) {
+		return true
+	}
+
+	if user.Owner == user2.Owner && user.Name == user2.Name {
+		return true
+	}
+	return false
+}
+
 func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 	username := c.GetSessionUsername()
 	if strings.HasPrefix(username, "app/") {

controllers/cert.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetCerts() {
 			return
 		}
 
-		c.Data["json"] = maskedCerts
-		c.ServeJSON()
+		c.ResponseOk(maskedCerts)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetCertCount(owner, field, value)
@@ -87,8 +86,7 @@ func (c *ApiController) GetGlobleCerts() {
 			return
 		}
 
-		c.Data["json"] = maskedCerts
-		c.ServeJSON()
+		c.ResponseOk(maskedCerts)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalCertsCount(field, value)
@@ -123,8 +121,7 @@ func (c *ApiController) GetCert() {
 		return
 	}
 
-	c.Data["json"] = object.GetMaskedCert(cert)
-	c.ServeJSON()
+	c.ResponseOk(object.GetMaskedCert(cert))
 }
 
 // UpdateCert

controllers/chat.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetChats() {
 			return
 		}
 
-		c.Data["json"] = maskedChats
-		c.ServeJSON()
+		c.ResponseOk(maskedChats)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetChatCount(owner, field, value)
@@ -82,8 +81,7 @@ func (c *ApiController) GetChat() {
 		return
 	}
 
-	c.Data["json"] = maskedChat
-	c.ServeJSON()
+	c.ResponseOk(maskedChat)
 }
 
 // UpdateChat

controllers/group.go

@@ -82,9 +82,9 @@ func (c *ApiController) GetGroup() {
 	group, err := object.GetGroup(id)
 	if err != nil {
 		c.ResponseError(err.Error())
-	} else {
-		c.ResponseOk(group)
+		return
 	}
+	c.ResponseOk(group)
 }
 
 // UpdateGroup

controllers/ldap.go

@@ -38,8 +38,11 @@ type LdapSyncResp struct {
 }
 
 // GetLdapUsers
-// @Tag Account API
 // @Title GetLdapser
+// @Tag Account API
+// @Description get ldap users
+// Param	id	string	true	"id"
+// @Success 200 {object} LdapResp The Response object
 // @router /get-ldap-users [get]
 func (c *ApiController) GetLdapUsers() {
 	id := c.Input().Get("id")
@@ -94,8 +97,11 @@ func (c *ApiController) GetLdapUsers() {
 }
 
 // GetLdaps
-// @Tag Account API
 // @Title GetLdaps
+// @Tag Account API
+// @Description get ldaps
+// @Param	owner	query	string	false	"owner"
+// @Success 200 {array} object.Ldap The Response object
 // @router /get-ldaps [get]
 func (c *ApiController) GetLdaps() {
 	owner := c.Input().Get("owner")
@@ -104,8 +110,11 @@ func (c *ApiController) GetLdaps() {
 }
 
 // GetLdap
-// @Tag Account API
 // @Title GetLdap
+// @Tag Account API
+// @Description get ldap
+// @Param	id	query	string	true	"id"
+// @Success 200 {object} object.Ldap The Response object
 // @router /get-ldap [get]
 func (c *ApiController) GetLdap() {
 	id := c.Input().Get("id")
@@ -116,12 +125,20 @@ func (c *ApiController) GetLdap() {
 	}
 
 	_, name := util.GetOwnerAndNameFromId(id)
-	c.ResponseOk(object.GetMaskedLdap(object.GetLdap(name)))
+	ldap, err := object.GetLdap(name)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.ResponseOk(object.GetMaskedLdap(ldap))
 }
 
 // AddLdap
-// @Tag Account API
 // @Title AddLdap
+// @Tag Account API
+// @Description add ldap
+// @Param	body	body	object.Ldap		true	"The details of the ldap"
+// @Success 200 {object} controllers.Response The Response object
 // @router /add-ldap [post]
 func (c *ApiController) AddLdap() {
 	var ldap object.Ldap
@@ -160,8 +177,11 @@ func (c *ApiController) AddLdap() {
 }
 
 // UpdateLdap
-// @Tag Account API
 // @Title UpdateLdap
+// @Tag Account API
+// @Description update ldap
+// @Param	body	body	object.Ldap		true	"The details of the ldap"
+// @Success 200 {object} controllers.Response The Response object
 // @router /update-ldap [post]
 func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
@@ -198,8 +218,11 @@ func (c *ApiController) UpdateLdap() {
 }
 
 // DeleteLdap
-// @Tag Account API
 // @Title DeleteLdap
+// @Tag Account API
+// @Description delete ldap
+// @Param	body	body	object.Ldap		true	"The details of the ldap"
+// @Success 200 {object} controllers.Response The Response object
 // @router /delete-ldap [post]
 func (c *ApiController) DeleteLdap() {
 	var ldap object.Ldap
@@ -222,8 +245,11 @@ func (c *ApiController) DeleteLdap() {
 }
 
 // SyncLdapUsers
-// @Tag Account API
 // @Title SyncLdapUsers
+// @Tag Account API
+// @Description sync ldap users
+// @Param	id	query	string		true	"id"
+// @Success 200 {object} LdapSyncResp The Response object
 // @router /sync-ldap-users [post]
 func (c *ApiController) SyncLdapUsers() {
 	id := c.Input().Get("id")

controllers/message.go

@@ -57,8 +57,7 @@ func (c *ApiController) GetMessages() {
 			return
 		}
 
-		c.Data["json"] = object.GetMaskedMessages(messages)
-		c.ServeJSON()
+		c.ResponseOk(object.GetMaskedMessages(messages))
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetMessageCount(owner, organization, field, value)
@@ -94,8 +93,7 @@ func (c *ApiController) GetMessage() {
 		return
 	}
 
-	c.Data["json"] = object.GetMaskedMessage(message)
-	c.ServeJSON()
+	c.ResponseOk(message)
 }
 
 func (c *ApiController) ResponseErrorStream(errorText string) {

controllers/model.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetModels() {
 			return
 		}
 
-		c.Data["json"] = models
-		c.ServeJSON()
+		c.ResponseOk(models)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetModelCount(owner, field, value)
@@ -82,8 +81,7 @@ func (c *ApiController) GetModel() {
 		return
 	}
 
-	c.Data["json"] = model
-	c.ServeJSON()
+	c.ResponseOk(model)
 }
 
 // UpdateModel

controllers/organization.go

@@ -55,8 +55,7 @@ func (c *ApiController) GetOrganizations() {
 			return
 		}
 
-		c.Data["json"] = maskedOrganizations
-		c.ServeJSON()
+		c.ResponseOk(maskedOrganizations)
 	} else {
 		if !isGlobalAdmin {
 			maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
@@ -184,6 +183,8 @@ func (c *ApiController) DeleteOrganization() {
 func (c *ApiController) GetDefaultApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
+	redirectUri := c.Input().Get("redirectUri")
+	typ := c.Input().Get("type")
 
 	application, err := object.GetDefaultApplication(id)
 	if err != nil {
@@ -191,6 +192,14 @@ func (c *ApiController) GetDefaultApplication() {
 		return
 	}
 
+	if typ == "cas" {
+		err = object.CheckCasRestrict(application, c.GetAcceptLanguage(), redirectUri)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	}
+
 	maskedApplication := object.GetMaskedApplication(application, userId)
 	c.ResponseOk(maskedApplication)
 }

controllers/payment.go

@@ -46,8 +46,7 @@ func (c *ApiController) GetPayments() {
 			return
 		}
 
-		c.Data["json"] = payments
-		c.ServeJSON()
+		c.ResponseOk(payments)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPaymentCount(owner, organization, field, value)
@@ -106,8 +105,7 @@ func (c *ApiController) GetPayment() {
 		return
 	}
 
-	c.Data["json"] = payment
-	c.ServeJSON()
+	c.ResponseOk(payment)
 }
 
 // UpdatePayment

controllers/permission.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetPermissions() {
 			return
 		}
 
-		c.Data["json"] = permissions
-		c.ServeJSON()
+		c.ResponseOk(permissions)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPermissionCount(owner, field, value)
@@ -85,7 +84,6 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 	}
 
 	c.ResponseOk(permissions, len(permissions))
-	return
 }
 
 // GetPermissionsByRole
@@ -104,7 +102,6 @@ func (c *ApiController) GetPermissionsByRole() {
 	}
 
 	c.ResponseOk(permissions, len(permissions))
-	return
 }
 
 // GetPermission
@@ -123,8 +120,7 @@ func (c *ApiController) GetPermission() {
 		return
 	}
 
-	c.Data["json"] = permission
-	c.ServeJSON()
+	c.ResponseOk(permission)
 }
 
 // UpdatePermission

controllers/plan.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetPlans() {
 			return
 		}
 
-		c.Data["json"] = plans
-		c.ServeJSON()
+		c.ResponseOk(plans)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPlanCount(owner, field, value)
@@ -95,11 +94,10 @@ func (c *ApiController) GetPlan() {
 			plan.Options = append(plan.Options, option.DisplayName)
 		}
 
-		c.Data["json"] = plan
+		c.ResponseOk(plan)
 	} else {
-		c.Data["json"] = plan
+		c.ResponseOk(plan)
 	}
-	c.ServeJSON()
 }
 
 // UpdatePlan

controllers/pricing.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetPricings() {
 			return
 		}
 
-		c.Data["json"] = pricings
-		c.ServeJSON()
+		c.ResponseOk(pricings)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPricingCount(owner, field, value)
@@ -82,8 +81,7 @@ func (c *ApiController) GetPricing() {
 		return
 	}
 
-	c.Data["json"] = pricing
-	c.ServeJSON()
+	c.ResponseOk(pricing)
 }
 
 // UpdatePricing

controllers/product.go

@@ -46,8 +46,7 @@ func (c *ApiController) GetProducts() {
 			return
 		}
 
-		c.Data["json"] = products
-		c.ServeJSON()
+		c.ResponseOk(products)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetProductCount(owner, field, value)
@@ -89,8 +88,7 @@ func (c *ApiController) GetProduct() {
 		return
 	}
 
-	c.Data["json"] = product
-	c.ServeJSON()
+	c.ResponseOk(product)
 }
 
 // UpdateProduct

controllers/record.go

@@ -51,8 +51,7 @@ func (c *ApiController) GetRecords() {
 			return
 		}
 
-		c.Data["json"] = records
-		c.ServeJSON()
+		c.ResponseOk(records)
 	} else {
 		limit := util.ParseInt(limit)
 		if c.IsGlobalAdmin() && organizationName != "" {
@@ -99,8 +98,7 @@ func (c *ApiController) GetRecordsByFilter() {
 		return
 	}
 
-	c.Data["json"] = records
-	c.ServeJSON()
+	c.ResponseOk(records)
 }
 
 // AddRecord

controllers/resource.go

@@ -67,8 +67,7 @@ func (c *ApiController) GetResources() {
 			return
 		}
 
-		c.Data["json"] = resources
-		c.ServeJSON()
+		c.ResponseOk(resources)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetResourceCount(owner, user, field, value)
@@ -104,8 +103,7 @@ func (c *ApiController) GetResource() {
 		return
 	}
 
-	c.Data["json"] = resource
-	c.ServeJSON()
+	c.ResponseOk(resource)
 }
 
 // UpdateResource

controllers/role.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetRoles() {
 			return
 		}
 
-		c.Data["json"] = roles
-		c.ServeJSON()
+		c.ResponseOk(roles)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetRoleCount(owner, field, value)
@@ -82,8 +81,7 @@ func (c *ApiController) GetRole() {
 		return
 	}
 
-	c.Data["json"] = role
-	c.ServeJSON()
+	c.ResponseOk(role)
 }
 
 // UpdateRole

controllers/session.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetSessions() {
 			return
 		}
 
-		c.Data["json"] = sessions
-		c.ServeJSON()
+		c.ResponseOk(sessions)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetSessionCount(owner, field, value)
@@ -81,8 +80,7 @@ func (c *ApiController) GetSingleSession() {
 		return
 	}
 
-	c.Data["json"] = session
-	c.ServeJSON()
+	c.ResponseOk(session)
 }
 
 // UpdateSession
@@ -161,7 +159,5 @@ func (c *ApiController) IsSessionDuplicated() {
 		return
 	}
 
-	c.Data["json"] = &Response{Status: "ok", Msg: "", Data: isUserSessionDuplicated}
-
-	c.ServeJSON()
+	c.ResponseOk(isUserSessionDuplicated)
 }

controllers/subscription.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetSubscriptions() {
 			return
 		}
 
-		c.Data["json"] = subscriptions
-		c.ServeJSON()
+		c.ResponseOk(subscriptions)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetSubscriptionCount(owner, field, value)
@@ -82,8 +81,7 @@ func (c *ApiController) GetSubscription() {
 		return
 	}
 
-	c.Data["json"] = subscription
-	c.ServeJSON()
+	c.ResponseOk(subscription)
 }
 
 // UpdateSubscription

controllers/syncer.go

@@ -46,8 +46,7 @@ func (c *ApiController) GetSyncers() {
 			return
 		}
 
-		c.Data["json"] = organizationSyncers
-		c.ServeJSON()
+		c.ResponseOk(organizationSyncers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetSyncerCount(owner, organization, field, value)
@@ -83,8 +82,7 @@ func (c *ApiController) GetSyncer() {
 		return
 	}
 
-	c.Data["json"] = syncer
-	c.ServeJSON()
+	c.ResponseOk(syncer)
 }
 
 // UpdateSyncer

controllers/token.go

@@ -47,8 +47,7 @@ func (c *ApiController) GetTokens() {
 			return
 		}
 
-		c.Data["json"] = token
-		c.ServeJSON()
+		c.ResponseOk(token)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetTokenCount(owner, organization, field, value)
@@ -83,8 +82,7 @@ func (c *ApiController) GetToken() {
 		return
 	}
 
-	c.Data["json"] = token
-	c.ServeJSON()
+	c.ResponseOk(token)
 }
 
 // UpdateToken

controllers/user.go

@@ -45,8 +45,7 @@ func (c *ApiController) GetGlobalUsers() {
 			return
 		}
 
-		c.Data["json"] = maskedUsers
-		c.ServeJSON()
+		c.ResponseOk(maskedUsers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalUserCount(field, value)
@@ -106,8 +105,7 @@ func (c *ApiController) GetUsers() {
 			return
 		}
 
-		c.Data["json"] = maskedUsers
-		c.ServeJSON()
+		c.ResponseOk(maskedUsers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetUserCount(owner, field, value, groupName)
@@ -208,14 +206,14 @@ func (c *ApiController) GetUser() {
 		return
 	}
 
-	maskedUser, err := object.GetMaskedUser(user)
+	isAdminOrSelf := c.IsAdminOrSelf(user)
+	maskedUser, err := object.GetMaskedUser(user, isAdminOrSelf)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.Data["json"] = maskedUser
-	c.ServeJSON()
+	c.ResponseOk(maskedUser)
 }
 
 // UpdateUser
@@ -512,8 +510,7 @@ func (c *ApiController) GetSortedUsers() {
 		return
 	}
 
-	c.Data["json"] = maskedUsers
-	c.ServeJSON()
+	c.ResponseOk(maskedUsers)
 }
 
 // GetUserCount
@@ -540,8 +537,7 @@ func (c *ApiController) GetUserCount() {
 		return
 	}
 
-	c.Data["json"] = count
-	c.ServeJSON()
+	c.ResponseOk(count)
 }
 
 // AddUserkeys

controllers/webhook.go

@@ -46,8 +46,7 @@ func (c *ApiController) GetWebhooks() {
 			return
 		}
 
-		c.Data["json"] = webhooks
-		c.ServeJSON()
+		c.ResponseOk(webhooks)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetWebhookCount(owner, organization, field, value)
@@ -84,8 +83,7 @@ func (c *ApiController) GetWebhook() {
 		return
 	}
 
-	c.Data["json"] = webhook
-	c.ServeJSON()
+	c.ResponseOk(webhook)
 }
 
 // UpdateWebhook

go.sum

@@ -546,8 +546,6 @@ github.com/russellhaering/goxmldsig v1.2.0 h1:Y6GTTc9Un5hCxSzVz4UIWQ/zuVwDvzJk80
 github.com/russellhaering/goxmldsig v1.2.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sashabaranov/go-openai v1.9.1 h1:3N52HkJKo9Zlo/oe1AVv5ZkCOny0ra58/ACvAxkN3MM=
-github.com/sashabaranov/go-openai v1.9.1/go.mod h1:lj5b/K+zjTSFxVLijLSTDZuP7adOgerWeFyZLUhAKRg=
 github.com/sashabaranov/go-openai v1.12.0 h1:aRNHH0gtVfrpIaEolD0sWrLLRnYQNK4cH/bIAHwL8Rk=
 github.com/sashabaranov/go-openai v1.12.0/go.mod h1:lj5b/K+zjTSFxVLijLSTDZuP7adOgerWeFyZLUhAKRg=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=

idp/google.go

@@ -21,15 +21,39 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strings"
+	"time"
 
+	"github.com/casdoor/casdoor/util"
 	"golang.org/x/oauth2"
 )
 
+const GoogleIdTokenKey = "GoogleIdToken"
+
 type GoogleIdProvider struct {
 	Client *http.Client
 	Config *oauth2.Config
 }
 
+// https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint
+type GoogleIdToken struct {
+	// These six fields are included in all Google ID Tokens.
+	Iss string `json:"iss"` // The issuer, or signer, of the token. For Google-signed ID tokens, this value is https://accounts.google.com.
+	Sub string `json:"sub"` // The subject: the ID that represents the principal making the request.
+	Azp string `json:"azp"` // Optional. Who the token was issued to. Here is the ClientID
+	Aud string `json:"aud"` // The audience of the token. Here is the ClientID
+	Iat string `json:"iat"` // 	Unix epoch time when the token was issued.
+	Exp string `json:"exp"` // 	Unix epoch time when the token expires.
+	// These seven fields are only included when the user has granted the "profile" and "email" OAuth scopes to the application.
+	Email         string `json:"email"`
+	EmailVerified string `json:"email_verified"`
+	Name          string `json:"name"`
+	Picture       string `json:"picture"`
+	GivenName     string `json:"given_name"`
+	FamilyName    string `json:"family_name"`
+	Locale        string `json:"locale"`
+}
+
 func NewGoogleIdProvider(clientId string, clientSecret string, redirectUrl string) *GoogleIdProvider {
 	idp := &GoogleIdProvider{}
 
@@ -61,6 +85,25 @@ func (idp *GoogleIdProvider) getConfig() *oauth2.Config {
 }
 
 func (idp *GoogleIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	// Obtained the GoogleIdToken through Google OneTap authorization.
+	if strings.HasPrefix(code, GoogleIdTokenKey) {
+		code = strings.TrimPrefix(code, GoogleIdTokenKey+"-")
+		var googleIdToken GoogleIdToken
+		if err := json.Unmarshal([]byte(code), &googleIdToken); err != nil {
+			return nil, err
+		}
+		expiry := int64(util.ParseInt(googleIdToken.Exp))
+		token := &oauth2.Token{
+			AccessToken: fmt.Sprintf("%v-%v", GoogleIdTokenKey, googleIdToken.Sub),
+			TokenType:   "Bearer",
+			Expiry:      time.Unix(expiry, 0),
+		}
+		token = token.WithExtra(map[string]interface{}{
+			GoogleIdTokenKey: googleIdToken,
+		})
+		return token, nil
+	}
+
 	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, idp.Client)
 	return idp.Config.Exchange(ctx, code)
 }
@@ -88,6 +131,20 @@ type GoogleUserInfo struct {
 }
 
 func (idp *GoogleIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	if strings.HasPrefix(token.AccessToken, GoogleIdTokenKey) {
+		googleIdToken, ok := token.Extra(GoogleIdTokenKey).(GoogleIdToken)
+		if !ok {
+			return nil, errors.New("invalid googleIdToken")
+		}
+		userInfo := UserInfo{
+			Id:          googleIdToken.Sub,
+			Username:    googleIdToken.Email,
+			DisplayName: googleIdToken.Name,
+			Email:       googleIdToken.Email,
+			AvatarUrl:   googleIdToken.Picture,
+		}
+		return &userInfo, nil
+	}
 	url := fmt.Sprintf("https://www.googleapis.com/oauth2/v2/userinfo?alt=json&access_token=%s", token.AccessToken)
 	resp, err := idp.Client.Get(url)
 	if err != nil {

idp/metamask.go

@@ -0,0 +1,80 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"golang.org/x/oauth2"
+)
+
+const Web3AuthTokenKey = "web3AuthToken"
+
+type MetaMaskIdProvider struct {
+	Client *http.Client
+}
+
+type Web3AuthToken struct {
+	Address   string `json:"address"`
+	Nonce     string `json:"nonce"`
+	CreateAt  uint64 `json:"createAt"`
+	TypedData string `json:"typedData"`
+	Signature string `json:"signature"` // signature for typed data
+}
+
+func NewMetaMaskIdProvider() *MetaMaskIdProvider {
+	idp := &MetaMaskIdProvider{}
+	return idp
+}
+
+func (idp *MetaMaskIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *MetaMaskIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	web3AuthToken := Web3AuthToken{}
+	if err := json.Unmarshal([]byte(code), &web3AuthToken); err != nil {
+		return nil, err
+	}
+	token := &oauth2.Token{
+		AccessToken: web3AuthToken.Signature,
+		TokenType:   "Bearer",
+		Expiry:      time.Now().AddDate(0, 1, 0),
+	}
+
+	token = token.WithExtra(map[string]interface{}{
+		Web3AuthTokenKey: web3AuthToken,
+	})
+	return token, nil
+}
+
+func (idp *MetaMaskIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	// TODO use "github.com/ethereum/go-ethereum" to check address's eth balance or transaction
+	web3AuthToken, ok := token.Extra(Web3AuthTokenKey).(Web3AuthToken)
+	if !ok {
+		return nil, errors.New("invalid web3AuthToken")
+	}
+	userInfo := &UserInfo{
+		Id:          web3AuthToken.Address,
+		Username:    web3AuthToken.Address,
+		DisplayName: web3AuthToken.Address,
+		AvatarUrl:   fmt.Sprintf("metamask:%v", web3AuthToken.Address),
+	}
+	return userInfo, nil
+}

idp/provider.go

@@ -109,6 +109,8 @@ func GetIdProvider(idpInfo *ProviderInfo, redirectUrl string) IdProvider {
 		return NewDouyinIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
 	case "Bilibili":
 		return NewBilibiliIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "MetaMask":
+		return NewMetaMaskIdProvider()
 	default:
 		if isGothSupport(idpInfo.Type) {
 			return NewGothIdProvider(idpInfo.Type, idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.HostUrl)

ldap/server.go

@@ -34,7 +34,7 @@ func StartLdapServer() {
 	server.Handle(routes)
 	err := server.ListenAndServe("0.0.0.0:" + conf.GetConfigString("ldapServerPort"))
 	if err != nil {
-		return
+		log.Printf("StartLdapServer() failed, ErrMsg = %s", err.Error())
 	}
 }
 

object/adapter.go

@@ -15,8 +15,10 @@
 package object
 
 import (
+	"database/sql"
 	"fmt"
 	"runtime"
+	"strings"
 
 	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/conf"
@@ -46,6 +48,11 @@ func InitConfig() {
 }
 
 func InitAdapter() {
+	err := createDatabaseForPostgres(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
+	if err != nil {
+		panic(err)
+	}
+
 	adapter = NewAdapter(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
 
 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
@@ -96,7 +103,32 @@ func NewAdapter(driverName string, dataSourceName string, dbName string) *Adapte
 	return a
 }
 
+func createDatabaseForPostgres(driverName string, dataSourceName string, dbName string) error {
+	if driverName == "postgres" {
+		db, err := sql.Open(driverName, dataSourceName)
+		if err != nil {
+			return err
+		}
+		defer db.Close()
+
+		_, err = db.Exec(fmt.Sprintf("CREATE DATABASE %s;", dbName))
+		if err != nil {
+			if !strings.Contains(err.Error(), "already exists") {
+				return err
+			}
+		}
+
+		return nil
+	} else {
+		return nil
+	}
+}
+
 func (a *Adapter) CreateDatabase() error {
+	if a.driverName == "postgres" {
+		return nil
+	}
+
 	engine, err := xorm.NewEngine(a.driverName, a.dataSourceName)
 	if err != nil {
 		return err

object/group.go

@@ -107,6 +107,11 @@ func UpdateGroup(id string, group *Group) (bool, error) {
 		return false, err
 	}
 
+	err = checkGroupName(group.Name)
+	if err != nil {
+		return false, err
+	}
+
 	if name != group.Name {
 		err := GroupChangeTrigger(name, group.Name)
 		if err != nil {
@@ -123,6 +128,11 @@ func UpdateGroup(id string, group *Group) (bool, error) {
 }
 
 func AddGroup(group *Group) (bool, error) {
+	err := checkGroupName(group.Name)
+	if err != nil {
+		return false, err
+	}
+
 	affected, err := adapter.Engine.Insert(group)
 	if err != nil {
 		return false, err
@@ -168,6 +178,17 @@ func DeleteGroup(group *Group) (bool, error) {
 	return affected != 0, nil
 }
 
+func checkGroupName(name string) error {
+	exist, err := adapter.Engine.Exist(&Organization{Owner: "admin", Name: name})
+	if err != nil {
+		return err
+	}
+	if exist {
+		return errors.New("group name can't be same as the organization name")
+	}
+	return nil
+}
+
 func (group *Group) GetId() string {
 	return fmt.Sprintf("%s/%s", group.Owner, group.Name)
 }

object/model.go

@@ -161,5 +161,8 @@ func modelChangeTrigger(oldName string, newName string) error {
 }
 
 func HasRoleDefinition(m model.Model) bool {
+	if m == nil {
+		return false
+	}
 	return m["g"] != nil
 }

object/permission_enforcer.go

@@ -26,42 +26,7 @@ import (
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )
 
-func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforcer {
-	tableName := "permission_rule"
-	if len(permission.Adapter) != 0 {
-		adapterObj, err := getCasbinAdapter(permission.Owner, permission.Adapter)
-		if err != nil {
-			panic(err)
-		}
-
-		if adapterObj != nil && adapterObj.Table != "" {
-			tableName = adapterObj.Table
-		}
-	}
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	driverName := conf.GetConfigString("driverName")
-	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
-	adapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true)
-	if err != nil {
-		panic(err)
-	}
-
-	permissionModel, err := getModel(permission.Owner, permission.Model)
-	if err != nil {
-		panic(err)
-	}
-
-	m := model.Model{}
-	if permissionModel != nil {
-		m, err = GetBuiltInModel(permissionModel.ModelText)
-	} else {
-		m, err = GetBuiltInModel("")
-	}
-
-	if err != nil {
-		panic(err)
-	}
-
+func getEnforcer(p *Permission, permissionIDs ...string) *casbin.Enforcer {
 	// Init an enforcer instance without specifying a model or adapter.
 	// If you specify an adapter, it will load all policies, which is a
 	// heavy process that can slow down the application.
@@ -70,14 +35,17 @@ func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforc
 		panic(err)
 	}
 
-	err = enforcer.InitWithModelAndAdapter(m, nil)
+	err = p.setEnforcerModel(enforcer)
 	if err != nil {
 		panic(err)
 	}
 
-	enforcer.SetAdapter(adapter)
+	err = p.setEnforcerAdapter(enforcer)
+	if err != nil {
+		panic(err)
+	}
 
-	policyFilterV5 := []string{permission.GetId()}
+	policyFilterV5 := []string{p.GetId()}
 	if len(permissionIDs) != 0 {
 		policyFilterV5 = permissionIDs
 	}
@@ -86,7 +54,7 @@ func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforc
 		V5: policyFilterV5,
 	}
 
-	if !HasRoleDefinition(m) {
+	if !HasRoleDefinition(enforcer.GetModel()) {
 		policyFilter.Ptype = []string{"p"}
 	}
 
@@ -98,35 +66,70 @@ func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforc
 	return enforcer
 }
 
+func (p *Permission) setEnforcerAdapter(enforcer *casbin.Enforcer) error {
+	tableName := "permission_rule"
+	if len(p.Adapter) != 0 {
+		adapterObj, err := getCasbinAdapter(p.Owner, p.Adapter)
+		if err != nil {
+			return err
+		}
+
+		if adapterObj != nil && adapterObj.Table != "" {
+			tableName = adapterObj.Table
+		}
+	}
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	driverName := conf.GetConfigString("driverName")
+	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
+	casbinAdapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true)
+	if err != nil {
+		return err
+	}
+
+	enforcer.SetAdapter(casbinAdapter)
+	return nil
+}
+
+func (p *Permission) setEnforcerModel(enforcer *casbin.Enforcer) error {
+	permissionModel, err := getModel(p.Owner, p.Model)
+	if err != nil {
+		return err
+	}
+
+	// TODO: return error if permissionModel is nil.
+	m := model.Model{}
+	if permissionModel != nil {
+		m, err = GetBuiltInModel(permissionModel.ModelText)
+	} else {
+		m, err = GetBuiltInModel("")
+	}
+	if err != nil {
+		return err
+	}
+
+	err = enforcer.InitWithModelAndAdapter(m, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func getPolicies(permission *Permission) [][]string {
 	var policies [][]string
 
 	permissionId := permission.GetId()
 	domainExist := len(permission.Domains) > 0
 
-	for _, user := range permission.Users {
+	usersAndRoles := append(permission.Users, permission.Roles...)
+	for _, userOrRole := range usersAndRoles {
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				if domainExist {
 					for _, domain := range permission.Domains {
-						policies = append(policies, []string{user, domain, resource, strings.ToLower(action), "", permissionId})
+						policies = append(policies, []string{userOrRole, domain, resource, strings.ToLower(action), strings.ToLower(permission.Effect), permissionId})
 					}
 				} else {
-					policies = append(policies, []string{user, resource, strings.ToLower(action), "", "", permissionId})
-				}
-			}
-		}
-	}
-
-	for _, role := range permission.Roles {
-		for _, resource := range permission.Resources {
-			for _, action := range permission.Actions {
-				if domainExist {
-					for _, domain := range permission.Domains {
-						policies = append(policies, []string{role, domain, resource, strings.ToLower(action), "", permissionId})
-					}
-				} else {
-					policies = append(policies, []string{role, resource, strings.ToLower(action), "", "", permissionId})
+					policies = append(policies, []string{userOrRole, resource, strings.ToLower(action), strings.ToLower(permission.Effect), "", permissionId})
 				}
 			}
 		}

object/provider_item.go

@@ -49,7 +49,7 @@ func (pi *ProviderItem) IsProviderVisible() bool {
 	if pi.Provider == nil {
 		return false
 	}
-	return pi.Provider.Category == "OAuth" || pi.Provider.Category == "SAML"
+	return pi.Provider.Category == "OAuth" || pi.Provider.Category == "SAML" || pi.Provider.Category == "Web3"
 }
 
 func (pi *ProviderItem) isProviderPrompted() bool {

object/record.go

@@ -161,7 +161,8 @@ func SendWebhooks(record *Record) error {
 
 		if matched {
 			if webhook.IsUserExtended {
-				user, err := GetMaskedUser(getUser(record.Organization, record.User))
+				user, err := getUser(record.Organization, record.User)
+				user, err = GetMaskedUser(user, false, err)
 				if err != nil {
 					return err
 				}

object/resource.go

@@ -16,6 +16,7 @@ package object
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
@@ -76,6 +77,10 @@ func GetPaginationResources(owner, user string, offset, limit int, field, value,
 }
 
 func getResource(owner string, name string) (*Resource, error) {
+	if !strings.HasPrefix(name, "/") {
+		name = "/" + name
+	}
+
 	resource := Resource{Owner: owner, Name: name}
 	existed, err := adapter.Engine.Get(&resource)
 	if err != nil {

object/sms.go

@@ -42,7 +42,11 @@ func SendSms(provider *Provider, content string, phoneNumbers ...string) error {
 		return err
 	}
 
-	if provider.Type == sender.Aliyun {
+	if provider.Type == sender.Twilio {
+		if provider.AppId != "" {
+			phoneNumbers = append([]string{provider.AppId}, phoneNumbers...)
+		}
+	} else if provider.Type == sender.Aliyun {
 		for i, number := range phoneNumbers {
 			phoneNumbers[i] = strings.TrimPrefix(number, "+86")
 		}

object/storage.go

@@ -25,6 +25,7 @@ import (
 	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/storage"
 	"github.com/casdoor/casdoor/util"
+	"github.com/casdoor/oss"
 )
 
 var isCloudIntranet bool
@@ -102,11 +103,11 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 	return fileUrl, objectKey
 }
 
-func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffer, lang string) (string, string, error) {
+func getStorageProvider(provider *Provider, lang string) (oss.StorageInterface, error) {
 	endpoint := getProviderEndpoint(provider)
 	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
 	if storageProvider == nil {
-		return "", "", fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
+		return nil, fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
 	}
 
 	if provider.Domain == "" {
@@ -114,9 +115,18 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
 		UpdateProvider(provider.GetId(), provider)
 	}
 
+	return storageProvider, nil
+}
+
+func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffer, lang string) (string, string, error) {
+	storageProvider, err := getStorageProvider(provider, lang)
+	if err != nil {
+		return "", "", err
+	}
+
 	fileUrl, objectKey := GetUploadFileUrl(provider, fullFilePath, true)
 
-	_, err := storageProvider.Put(objectKey, fileBuffer)
+	_, err = storageProvider.Put(objectKey, fileBuffer)
 	if err != nil {
 		return "", "", err
 	}
@@ -154,15 +164,9 @@ func DeleteFile(provider *Provider, objectKey string, lang string) error {
 		return fmt.Errorf(i18n.Translate(lang, "storage:The objectKey: %s is not allowed"), objectKey)
 	}
 
-	endpoint := getProviderEndpoint(provider)
-	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
-	if storageProvider == nil {
-		return fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
-	}
-
-	if provider.Domain == "" {
-		provider.Domain = storageProvider.GetEndpoint()
-		UpdateProvider(provider.GetId(), provider)
+	storageProvider, err := getStorageProvider(provider, lang)
+	if err != nil {
+		return err
 	}
 
 	return storageProvider.Delete(objectKey)

object/token_cas.go

@@ -26,6 +26,7 @@ import (
 	"time"
 
 	"github.com/beevik/etree"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
 	dsig "github.com/russellhaering/goxmldsig"
 )
@@ -122,6 +123,13 @@ var stToServiceResponse sync.Map
 // pgt is short for proxy granting ticket
 var pgtToServiceResponse sync.Map
 
+func CheckCasRestrict(application *Application, lang string, service string) error {
+	if len(application.RedirectUris) > 0 && !application.IsRedirectUriValid(service) {
+		return fmt.Errorf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), service)
+	}
+	return nil
+}
+
 func StoreCasTokenForPgt(token *CasAuthenticationSuccess, service, userId string) string {
 	pgt := fmt.Sprintf("PGT-%s", util.GenerateId())
 	pgtToServiceResponse.Store(pgt, &CasAuthenticationSuccessWrapper{

object/token_jwt.go

@@ -281,6 +281,14 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		return "", "", "", err
 	}
 
+	if cert == nil {
+		if application.Cert == "" {
+			return "", "", "", fmt.Errorf("The cert field of the application \"%s\" should not be empty", application.GetId())
+		} else {
+			return "", "", "", fmt.Errorf("The cert \"%s\" does not exist", application.Cert)
+		}
+	}
+
 	// RSA private key
 	key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
 	if err != nil {

object/user.go

@@ -156,6 +156,7 @@ type User struct {
 	Yammer          string `xorm:"yammer varchar(100)" json:"yammer"`
 	Yandex          string `xorm:"yandex varchar(100)" json:"yandex"`
 	Zoom            string `xorm:"zoom varchar(100)" json:"zoom"`
+	MetaMask        string `xorm:"metamask varchar(100)" json:"metamask"`
 	Custom          string `xorm:"custom varchar(100)" json:"custom"`
 
 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
@@ -418,7 +419,7 @@ func GetUserNoCheck(id string) (*User, error) {
 	return getUser(owner, name)
 }
 
-func GetMaskedUser(user *User, errs ...error) (*User, error) {
+func GetMaskedUser(user *User, isAdminOrSelf bool, errs ...error) (*User, error) {
 	if len(errs) > 0 && errs[0] != nil {
 		return nil, errs[0]
 	}
@@ -430,9 +431,13 @@ func GetMaskedUser(user *User, errs ...error) (*User, error) {
 	if user.Password != "" {
 		user.Password = "***"
 	}
-	if user.AccessSecret != "" {
-		user.AccessSecret = "***"
+
+	if !isAdminOrSelf {
+		if user.AccessSecret != "" {
+			user.AccessSecret = "***"
+		}
 	}
+
 	if user.ManagedAccounts != nil {
 		for _, manageAccount := range user.ManagedAccounts {
 			manageAccount.Password = "***"
@@ -456,7 +461,7 @@ func GetMaskedUsers(users []*User, errs ...error) ([]*User, error) {
 
 	var err error
 	for _, user := range users {
-		user, err = GetMaskedUser(user)
+		user, err = GetMaskedUser(user, false)
 		if err != nil {
 			return nil, err
 		}

routers/authz_filter.go

@@ -156,7 +156,7 @@ func AuthzFilter(ctx *context.Context) {
 	urlPath := getUrlPath(ctx.Request.URL.Path)
 
 	objOwner, objName := "", ""
-	if urlPath != "/api/get-app-login" {
+	if urlPath != "/api/get-app-login" && urlPath != "/api/get-resource" {
 		objOwner, objName = getObject(ctx)
 	}
 

storage/storage.go

@@ -23,7 +23,7 @@ func GetStorageProvider(providerType string, clientId string, clientSecret strin
 	case "AWS S3":
 		return NewAwsS3StorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "MinIO":
-		return NewMinIOS3StorageProvider(clientId, clientSecret, region, bucket, endpoint)
+		return NewMinIOS3StorageProvider(clientId, clientSecret, "_", bucket, endpoint)
 	case "Aliyun OSS":
 		return NewAliyunOssStorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "Tencent Cloud COS":

swagger/swagger.json

@@ -188,7 +188,27 @@
                 "tags": [
                     "Account API"
                 ],
-                "operationId": "ApiController.AddLdap"
+                "description": "add ldap",
+                "operationId": "ApiController.AddLdap",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the ldap",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Ldap"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
             }
         },
         "/api/add-message": {
@@ -1086,7 +1106,27 @@
                 "tags": [
                     "Account API"
                 ],
-                "operationId": "ApiController.DeleteLdap"
+                "description": "delete ldap",
+                "operationId": "ApiController.DeleteLdap",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the ldap",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Ldap"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
             }
         },
         "/api/delete-message": {
@@ -2098,7 +2138,25 @@
                 "tags": [
                     "Account API"
                 ],
-                "operationId": "ApiController.GetLdap"
+                "description": "get ldap",
+                "operationId": "ApiController.GetLdap",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "id",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/object.Ldap"
+                        }
+                    }
+                }
             }
         },
         "/api/get-ldap-users": {
@@ -2106,7 +2164,16 @@
                 "tags": [
                     "Account API"
                 ],
-                "operationId": "ApiController.GetLdapser"
+                "description": "get ldap users",
+                "operationId": "ApiController.GetLdapser",
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/LdapResp"
+                        }
+                    }
+                }
             }
         },
         "/api/get-ldaps": {
@@ -2114,7 +2181,27 @@
                 "tags": [
                     "Account API"
                 ],
-                "operationId": "ApiController.GetLdaps"
+                "description": "get ldaps",
+                "operationId": "ApiController.GetLdaps",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "owner",
+                        "description": "owner",
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/object.Ldap"
+                            }
+                        }
+                    }
+                }
             }
         },
         "/api/get-message": {
@@ -4139,7 +4226,25 @@
                 "tags": [
                     "Account API"
                 ],
-                "operationId": "ApiController.SyncLdapUsers"
+                "description": "sync ldap users",
+                "operationId": "ApiController.SyncLdapUsers",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "id",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/LdapSyncResp"
+                        }
+                    }
+                }
             }
         },
         "/api/unlink": {
@@ -4329,7 +4434,27 @@
                 "tags": [
                     "Account API"
                 ],
-                "operationId": "ApiController.UpdateLdap"
+                "description": "update ldap",
+                "operationId": "ApiController.UpdateLdap",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the ldap",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Ldap"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
             }
         },
         "/api/update-message": {
@@ -5152,6 +5277,14 @@
             "title": "LaravelResponse",
             "type": "object"
         },
+        "LdapResp": {
+            "title": "LdapResp",
+            "type": "object"
+        },
+        "LdapSyncResp": {
+            "title": "LdapSyncResp",
+            "type": "object"
+        },
         "Response": {
             "title": "Response",
             "type": "object"
@@ -5681,6 +5814,59 @@
                 }
             }
         },
+        "object.Ldap": {
+            "title": "Ldap",
+            "type": "object",
+            "properties": {
+                "autoSync": {
+                    "type": "integer",
+                    "format": "int64"
+                },
+                "baseDn": {
+                    "type": "string"
+                },
+                "createdTime": {
+                    "type": "string"
+                },
+                "enableSsl": {
+                    "type": "boolean"
+                },
+                "filter": {
+                    "type": "string"
+                },
+                "filterFields": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "host": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "lastSync": {
+                    "type": "string"
+                },
+                "owner": {
+                    "type": "string"
+                },
+                "password": {
+                    "type": "string"
+                },
+                "port": {
+                    "type": "integer",
+                    "format": "int64"
+                },
+                "serverName": {
+                    "type": "string"
+                },
+                "username": {
+                    "type": "string"
+                }
+            }
+        },
         "object.ManagedAccount": {
             "title": "ManagedAccount",
             "type": "object",

swagger/swagger.yml

@@ -122,7 +122,20 @@ paths:
     post:
       tags:
       - Account API
+      description: add ldap
       operationId: ApiController.AddLdap
+      parameters:
+      - in: body
+        name: body
+        description: The details of the ldap
+        required: true
+        schema:
+          $ref: '#/definitions/object.Ldap'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/add-message:
     post:
       tags:
@@ -702,7 +715,20 @@ paths:
     post:
       tags:
       - Account API
+      description: delete ldap
       operationId: ApiController.DeleteLdap
+      parameters:
+      - in: body
+        name: body
+        description: The details of the ldap
+        required: true
+        schema:
+          $ref: '#/definitions/object.Ldap'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/delete-message:
     post:
       tags:
@@ -1360,17 +1386,48 @@ paths:
     get:
       tags:
       - Account API
+      description: get ldap
       operationId: ApiController.GetLdap
+      parameters:
+      - in: query
+        name: id
+        description: id
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Ldap'
   /api/get-ldap-users:
     get:
       tags:
       - Account API
+      description: get ldap users
       operationId: ApiController.GetLdapser
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/LdapResp'
   /api/get-ldaps:
     get:
       tags:
       - Account API
+      description: get ldaps
       operationId: ApiController.GetLdaps
+      parameters:
+      - in: query
+        name: owner
+        description: owner
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Ldap'
   /api/get-message:
     get:
       tags:
@@ -2703,7 +2760,19 @@ paths:
     post:
       tags:
       - Account API
+      description: sync ldap users
       operationId: ApiController.SyncLdapUsers
+      parameters:
+      - in: query
+        name: id
+        description: id
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/LdapSyncResp'
   /api/unlink:
     post:
       tags:
@@ -2827,7 +2896,20 @@ paths:
     post:
       tags:
       - Account API
+      description: update ldap
       operationId: ApiController.UpdateLdap
+      parameters:
+      - in: body
+        name: body
+        description: The details of the ldap
+        required: true
+        schema:
+          $ref: '#/definitions/object.Ldap'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/update-message:
     post:
       tags:
@@ -3367,6 +3449,12 @@ definitions:
   LaravelResponse:
     title: LaravelResponse
     type: object
+  LdapResp:
+    title: LdapResp
+    type: object
+  LdapSyncResp:
+    title: LdapSyncResp
+    type: object
   Response:
     title: Response
     type: object
@@ -3725,6 +3813,42 @@ definitions:
         type: string
       username:
         type: string
+  object.Ldap:
+    title: Ldap
+    type: object
+    properties:
+      autoSync:
+        type: integer
+        format: int64
+      baseDn:
+        type: string
+      createdTime:
+        type: string
+      enableSsl:
+        type: boolean
+      filter:
+        type: string
+      filterFields:
+        type: array
+        items:
+          type: string
+      host:
+        type: string
+      id:
+        type: string
+      lastSync:
+        type: string
+      owner:
+        type: string
+      password:
+        type: string
+      port:
+        type: integer
+        format: int64
+      serverName:
+        type: string
+      username:
+        type: string
   object.ManagedAccount:
     title: ManagedAccount
     type: object

web/craco.config.js

@@ -50,4 +50,32 @@ module.exports = {
       },
     },
   ],
+  webpack: {
+    // use polyfill Buffer with Webpack 5
+    // https://viglucci.io/articles/how-to-polyfill-buffer-with-webpack-5
+    // https://craco.js.org/docs/configuration/webpack/
+    configure: (webpackConfig, { env, paths }) => {
+      webpackConfig.resolve.fallback = {
+        // "process": require.resolve('process/browser'),
+        // "util": require.resolve("util/"),
+        // "url": require.resolve("url/"),
+        // "zlib": require.resolve("browserify-zlib"),
+        // "stream": require.resolve("stream-browserify"),
+        // "http": require.resolve("stream-http"),
+        // "https": require.resolve("https-browserify"),
+        // "assert": require.resolve("assert/"),
+        "buffer": require.resolve('buffer/'),    
+        "process": false,
+        "util": false,
+        "url": false,
+        "zlib": false,
+        "stream": false,
+        "http": false,
+        "https": false,
+        "assert": false,
+        "buffer": false,   
+      };
+      return webpackConfig;
+    },
+  }
 };

web/package.json

@@ -9,11 +9,13 @@
     "@crowdin/cli": "^3.7.10",
     "@ctrl/tinycolor": "^3.5.0",
     "@emotion/react": "^11.10.5",
+    "@metamask/eth-sig-util": "^6.0.0",
     "@testing-library/jest-dom": "^4.2.4",
     "@testing-library/react": "^9.3.2",
     "@testing-library/user-event": "^7.1.2",
     "antd": "5.2.3",
     "antd-token-previewer": "^1.1.0-22",
+    "buffer": "^6.0.3",
     "codemirror": "^5.61.1",
     "copy-to-clipboard": "^3.3.1",
     "core-js": "^3.25.0",
@@ -31,9 +33,11 @@
     "react-device-detect": "^2.2.2",
     "react-dom": "^18.2.0",
     "react-github-corner": "^2.5.0",
+    "react-google-one-tap-login": "^0.1.1",
     "react-helmet": "^6.1.0",
     "react-highlight-words": "^0.18.0",
     "react-i18next": "^11.8.7",
+    "react-metamask-avatar": "^1.2.1",
     "react-router-dom": "^5.3.3",
     "react-scripts": "5.0.1",
     "react-social-login-buttons": "^3.4.0"

web/src/AdapterEditPage.js

@@ -68,7 +68,7 @@ class AdapterEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }
@@ -80,8 +80,9 @@ class AdapterEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          models: res,
+          models: res.data,
         });
       });
   }

web/src/App.js

@@ -89,6 +89,8 @@ import {withTranslation} from "react-i18next";
 import LanguageSelect from "./common/select/LanguageSelect";
 import ThemeSelect from "./common/select/ThemeSelect";
 import OrganizationSelect from "./common/select/OrganizationSelect";
+import {clearWeb3AuthToken} from "./auth/Web3Auth";
+import AccountAvatar from "./account/AccountAvatar";
 
 const {Header, Footer, Content} = Layout;
 
@@ -312,12 +314,11 @@ class App extends Component {
       .then((res) => {
         if (res.status === "ok") {
           const owner = this.state.account.owner;
-
           this.setState({
             account: null,
             themeAlgorithm: ["default"],
           });
-
+          clearWeb3AuthToken();
           Setting.showMessage("success", i18next.t("application:Logged out successfully"));
           const redirectUri = res.data2;
           if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
@@ -348,7 +349,9 @@ class App extends Component {
       );
     } else {
       return (
-        <Avatar src={this.state.account.avatar} style={{verticalAlign: "middle"}} size="large">
+        <Avatar src={this.state.account.avatar} style={{verticalAlign: "middle"}} size="large"
+          icon={<AccountAvatar src={this.state.account.avatar} style={{verticalAlign: "middle"}} size={40} />}
+        >
           {Setting.getShortName(this.state.account.name)}
         </Avatar>
       );

web/src/ApplicationEditPage.js

@@ -119,7 +119,7 @@ class ApplicationEditPage extends React.Component {
   getApplication() {
     ApplicationBackend.getApplication("admin", this.state.applicationName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -129,32 +129,33 @@ class ApplicationEditPage extends React.Component {
           return;
         }
 
-        if (res.grantTypes === null || res.grantTypes === undefined || res.grantTypes.length === 0) {
-          res.grantTypes = ["authorization_code"];
+        const application = res.data;
+        if (application.grantTypes === null || application.grantTypes === undefined || application.grantTypes.length === 0) {
+          application.grantTypes = ["authorization_code"];
         }
 
-        if (res.tags === null || res.tags === undefined) {
-          res.tags = [];
+        if (application.tags === null || application.tags === undefined) {
+          application.tags = [];
         }
 
         this.setState({
-          application: res,
+          application: application,
         });
 
-        this.getCerts(res.organization);
+        this.getCerts(application.organization);
       });
   }
 
   getOrganizations() {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
-        if (res?.status === "error") {
+        if (res.status === "error") {
           this.setState({
             isAuthorized: false,
           });
         } else {
           this.setState({
-            organizations: (res.msg === undefined) ? res : [],
+            organizations: res.data || [],
           });
         }
       });
@@ -164,7 +165,7 @@ class ApplicationEditPage extends React.Component {
     CertBackend.getCerts(owner)
       .then((res) => {
         this.setState({
-          certs: (res.msg === undefined) ? res : [],
+          certs: res.data || [],
         });
       });
   }
@@ -184,9 +185,9 @@ class ApplicationEditPage extends React.Component {
 
   getSamlMetadata() {
     ApplicationBackend.getSamlMetadata("admin", this.state.applicationName)
-      .then((res) => {
+      .then((data) => {
         this.setState({
-          samlMetadata: res,
+          samlMetadata: data,
         });
       });
   }

web/src/CertEditPage.js

@@ -45,7 +45,7 @@ class CertEditPage extends React.Component {
   getCert() {
     CertBackend.getCert(this.state.owner, this.state.certName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -56,7 +56,7 @@ class CertEditPage extends React.Component {
         }
 
         this.setState({
-          cert: res,
+          cert: res.data,
         });
       });
   }
@@ -65,7 +65,7 @@ class CertEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/ChatEditPage.js

@@ -41,7 +41,7 @@ class ChatEditPage extends React.Component {
   getChat() {
     ChatBackend.getChat("admin", this.state.chatName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -51,10 +51,10 @@ class ChatEditPage extends React.Component {
           return;
         }
         this.setState({
-          chat: res,
+          chat: res.data,
         });
 
-        this.getUsers(res.organization);
+        this.getUsers(res.data.organization);
       });
   }
 
@@ -62,7 +62,7 @@ class ChatEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }
@@ -76,7 +76,7 @@ class ChatEditPage extends React.Component {
         }
 
         this.setState({
-          users: res,
+          users: res.data,
         });
       });
   }

web/src/ChatPage.js

@@ -79,7 +79,8 @@ class ChatPage extends BaseListPage {
 
   getMessages(chatName) {
     MessageBackend.getChatMessages(chatName)
-      .then((messages) => {
+      .then((res) => {
+        const messages = res.data;
         this.setState({
           messages: messages,
         });
@@ -229,7 +230,7 @@ class ChatPage extends BaseListPage {
               </div>
             )
           }
-          <ChatBox messages={this.state.messages} sendMessage={(text) => {this.sendMessage(text);}} account={this.props.account} />
+          <ChatBox messages={this.state.messages || []} sendMessage={(text) => {this.sendMessage(text);}} account={this.props.account} />
         </div>
       </div>
     );

web/src/EntryPage.js

@@ -79,7 +79,9 @@ class EntryPage extends React.Component {
             Setting.showMessage("error", res.msg);
             return;
           }
-          const themeData = res !== null ? Setting.getThemeData(res.organizationObj, res) : Conf.ThemeDefault;
+
+          const application = res.data;
+          const themeData = application !== null ? Setting.getThemeData(application.organizationObj, application) : Conf.ThemeDefault;
           this.props.updataThemeData(themeData);
         });
     };

web/src/GroupEdit.js

@@ -67,7 +67,7 @@ class GroupEditPage extends React.Component {
       .then((res) => {
         if (res.status === "ok") {
           this.setState({
-            organizations: res.data,
+            organizations: res.data || [],
           });
         }
       });

web/src/LdapEditPage.js

@@ -55,7 +55,7 @@ class LdapEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/MessageEditPage.js

@@ -46,7 +46,7 @@ class MessageEditPage extends React.Component {
   getMessage() {
     MessageBackend.getMessage("admin", this.state.messageName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -54,11 +54,11 @@ class MessageEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
-        this.setState({
-          message: res,
-        });
 
-        this.getUsers(res.organization);
+        this.setState({
+          message: res.data,
+        });
+        this.getUsers(res.data.organization);
       });
   }
 
@@ -66,7 +66,7 @@ class MessageEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }
@@ -75,7 +75,7 @@ class MessageEditPage extends React.Component {
     ChatBackend.getChats("admin")
       .then((res) => {
         this.setState({
-          chats: (res.msg === undefined) ? res : [],
+          chats: res.data || [],
         });
       });
   }
@@ -87,8 +87,9 @@ class MessageEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          users: res,
+          users: res.data,
         });
       });
   }

web/src/ModelEditPage.js

@@ -48,7 +48,7 @@ class ModelEditPage extends React.Component {
   getModel() {
     ModelBackend.getModel(this.state.organizationName, this.state.modelName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -59,7 +59,7 @@ class ModelEditPage extends React.Component {
         }
 
         this.setState({
-          model: res,
+          model: res.data,
         });
       });
   }
@@ -68,7 +68,7 @@ class ModelEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/OrganizationEditPage.js

@@ -75,7 +75,7 @@ class OrganizationEditPage extends React.Component {
         }
 
         this.setState({
-          applications: res,
+          applications: res.data || [],
         });
       });
   }

web/src/PaymentEditPage.js

@@ -41,14 +41,14 @@ class PaymentEditPage extends React.Component {
 
   getPayment() {
     PaymentBackend.getPayment("admin", this.state.paymentName)
-      .then((payment) => {
-        if (payment === null) {
+      .then((res) => {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
 
         this.setState({
-          payment: payment,
+          payment: res.data,
         });
 
         Setting.scrollToDiv("invoice-area");

web/src/PaymentResultPage.js

@@ -41,12 +41,12 @@ class PaymentResultPage extends React.Component {
 
   getPayment() {
     PaymentBackend.getPayment("admin", this.state.paymentName)
-      .then((payment) => {
+      .then((res) => {
         this.setState({
-          payment: payment,
+          payment: res.data,
         });
 
-        if (payment.state === "Created") {
+        if (res.data.state === "Created") {
           this.setState({timeout: setTimeout(() => this.getPayment(), 1000)});
         }
       });

web/src/PermissionEditPage.js

@@ -50,7 +50,9 @@ class PermissionEditPage extends React.Component {
   getPermission() {
     PermissionBackend.getPermission(this.state.organizationName, this.state.permissionName)
       .then((res) => {
-        if (res === null) {
+        const permission = res.data;
+
+        if (permission === null) {
           this.props.history.push("/404");
           return;
         }
@@ -61,14 +63,14 @@ class PermissionEditPage extends React.Component {
         }
 
         this.setState({
-          permission: res,
+          permission: permission,
         });
 
-        this.getUsers(res.owner);
-        this.getRoles(res.owner);
-        this.getModels(res.owner);
-        this.getResources(res.owner);
-        this.getModel(res.owner, res.model);
+        this.getUsers(permission.owner);
+        this.getRoles(permission.owner);
+        this.getModels(permission.owner);
+        this.getResources(permission.owner);
+        this.getModel(permission.owner, permission.model);
       });
   }
 
@@ -76,7 +78,7 @@ class PermissionEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }
@@ -88,8 +90,9 @@ class PermissionEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          users: res,
+          users: res.data,
         });
       });
   }
@@ -101,8 +104,9 @@ class PermissionEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          roles: res,
+          roles: res.data,
         });
       });
   }
@@ -114,21 +118,21 @@ class PermissionEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          models: res,
+          models: res.data,
         });
       });
   }
 
   getModel(organizationName, modelName) {
+    if (modelName === "") {
+      return;
+    }
     ModelBackend.getModel(organizationName, modelName)
       .then((res) => {
-        if (res.status === "error") {
-          Setting.showMessage("error", res.msg);
-          return;
-        }
         this.setState({
-          model: res,
+          model: res.data,
         });
       });
   }
@@ -137,7 +141,7 @@ class PermissionEditPage extends React.Component {
     ApplicationBackend.getApplicationsByOrganization("admin", organizationName)
       .then((res) => {
         this.setState({
-          resources: (res.msg === undefined) ? res : [],
+          resources: res.data || [],
         });
       });
   }

web/src/PlanEditPage.js

@@ -46,18 +46,18 @@ class PlanEditPage extends React.Component {
 
   getPlan() {
     PlanBackend.getPlan(this.state.organizationName, this.state.planName)
-      .then((plan) => {
-        if (plan === null) {
+      .then((res) => {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
 
         this.setState({
-          plan: plan,
+          plan: res.data,
         });
 
-        this.getUsers(plan.owner);
-        this.getRoles(plan.owner);
+        this.getUsers(this.state.organizationName);
+        this.getRoles(this.state.organizationName);
       });
   }
 
@@ -68,8 +68,9 @@ class PlanEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          roles: res,
+          roles: res.data,
         });
       });
   }
@@ -81,8 +82,9 @@ class PlanEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          users: res,
+          users: res.data,
         });
       });
   }
@@ -91,7 +93,7 @@ class PlanEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/PricingEditPage.js

@@ -44,13 +44,12 @@ class PricingEditPage extends React.Component {
     this.getPricing();
     this.getOrganizations();
     this.getApplicationsByOrganization(this.state.organizationName);
-    this.getUserApplication();
   }
 
   getPricing() {
     PricingBackend.getPricing(this.state.organizationName, this.state.pricingName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -61,9 +60,9 @@ class PricingEditPage extends React.Component {
         }
 
         this.setState({
-          pricing: res,
+          pricing: res.data,
         });
-        this.getPlans(res.owner);
+        this.getPlans(this.state.organizationName);
       });
   }
 
@@ -74,8 +73,9 @@ class PricingEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          plans: res,
+          plans: res.data,
         });
       });
   }
@@ -84,7 +84,16 @@ class PricingEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
+        });
+      });
+  }
+
+  getApplicationsByOrganization(organizationName) {
+    ApplicationBackend.getApplicationsByOrganization("admin", organizationName)
+      .then((res) => {
+        this.setState({
+          applications: res.data || [],
         });
       });
   }
@@ -107,28 +116,6 @@ class PricingEditPage extends React.Component {
     });
   }
 
-  getApplicationsByOrganization(organizationName) {
-    ApplicationBackend.getApplicationsByOrganization("admin", organizationName)
-      .then((res) => {
-        this.setState({
-          applications: (res.msg === undefined) ? res : [],
-        });
-      });
-  }
-
-  getUserApplication() {
-    ApplicationBackend.getUserApplication(this.state.organizationName, this.state.userName)
-      .then((res) => {
-        if (res.status === "error") {
-          Setting.showMessage("error", res.msg);
-          return;
-        }
-        this.setState({
-          application: res,
-        });
-      });
-  }
-
   renderPricing() {
     return (
       <Card size="small" title={

web/src/ProductBuyPage.js

@@ -48,7 +48,7 @@ class ProductBuyPage extends React.Component {
         }
 
         this.setState({
-          product: res,
+          product: res.data,
         });
       });
   }

web/src/ProductEditPage.js

@@ -46,14 +46,14 @@ class ProductEditPage extends React.Component {
 
   getProduct() {
     ProductBackend.getProduct(this.state.organizationName, this.state.productName)
-      .then((product) => {
-        if (product === null) {
+      .then((res) => {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
 
         this.setState({
-          product: product,
+          product: res.data,
         });
       });
   }
@@ -62,7 +62,7 @@ class ProductEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/ProviderEditPage.js

@@ -50,7 +50,7 @@ class ProviderEditPage extends React.Component {
   getProvider() {
     ProviderBackend.getProvider(this.state.owner, this.state.providerName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -72,7 +72,7 @@ class ProviderEditPage extends React.Component {
       OrganizationBackend.getOrganizations("admin")
         .then((res) => {
           this.setState({
-            organizations: res.msg === undefined ? res : [],
+            organizations: res.data || [],
           });
         });
     }
@@ -236,7 +236,10 @@ class ProviderEditPage extends React.Component {
         tooltip = i18next.t("provider:Agent ID - Tooltip");
       }
     } else if (provider.category === "SMS") {
-      if (provider.type === "Tencent Cloud SMS") {
+      if (provider.type === "Twilio SMS") {
+        text = i18next.t("provider:Sender number");
+        tooltip = i18next.t("provider:Sender number - Tooltip");
+      } else if (provider.type === "Tencent Cloud SMS") {
         text = i18next.t("provider:App ID");
         tooltip = i18next.t("provider:App ID - Tooltip");
       } else if (provider.type === "Volc Engine SMS") {
@@ -355,6 +358,8 @@ class ProviderEditPage extends React.Component {
                 this.updateProviderField("type", "Default");
               } else if (value === "AI") {
                 this.updateProviderField("type", "OpenAI API - GPT");
+              } else if (value === "Web3") {
+                this.updateProviderField("type", "MetaMask");
               }
             })}>
               {
@@ -367,6 +372,7 @@ class ProviderEditPage extends React.Component {
                   {id: "SAML", name: "SAML"},
                   {id: "SMS", name: "SMS"},
                   {id: "Storage", name: "Storage"},
+                  {id: "Web3", name: "Web3"},
                 ]
                   .sort((a, b) => a.name.localeCompare(b.name))
                   .map((providerCategory, index) => <Option key={index} value={providerCategory.id}>{providerCategory.name}</Option>)
@@ -521,7 +527,7 @@ class ProviderEditPage extends React.Component {
           )
         }
         {
-          this.state.provider.category === "Captcha" && this.state.provider.type === "Default" ? null : (
+          (this.state.provider.category === "Captcha" && this.state.provider.type === "Default") || (this.state.provider.category === "Web3") || (this.state.provider.category === "Storage" && this.state.provider.type === "Local File System") ? null : (
             <React.Fragment>
               {
                 this.state.provider.category === "AI" ? null : (
@@ -610,36 +616,42 @@ class ProviderEditPage extends React.Component {
         }
         {this.state.provider.category === "Storage" ? (
           <div>
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={2}>
-                {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:Region endpoint for Internet"))} :
-              </Col>
-              <Col span={22} >
-                <Input value={this.state.provider.endpoint} onChange={e => {
-                  this.updateProviderField("endpoint", e.target.value);
-                }} />
-              </Col>
-            </Row>
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={2}>
-                {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
-              </Col>
-              <Col span={22} >
-                <Input value={this.state.provider.intranetEndpoint} onChange={e => {
-                  this.updateProviderField("intranetEndpoint", e.target.value);
-                }} />
-              </Col>
-            </Row>
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={2}>
-                {Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
-              </Col>
-              <Col span={22} >
-                <Input value={this.state.provider.bucket} onChange={e => {
-                  this.updateProviderField("bucket", e.target.value);
-                }} />
-              </Col>
-            </Row>
+            {["Local File System"].includes(this.state.provider.type) ? null : (
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:Region endpoint for Internet"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.endpoint} onChange={e => {
+                    this.updateProviderField("endpoint", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            )}
+            {["Local File System", "MinIO", "Tencent Cloud COS"].includes(this.state.provider.type) ? null : (
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.intranetEndpoint} onChange={e => {
+                    this.updateProviderField("intranetEndpoint", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            )}
+            {["Local File System"].includes(this.state.provider.type) ? null : (
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.bucket} onChange={e => {
+                    this.updateProviderField("bucket", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            )}
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={2}>
                 {Setting.getLabel(i18next.t("provider:Path prefix"), i18next.t("provider:Path prefix - Tooltip"))} :
@@ -650,17 +662,19 @@ class ProviderEditPage extends React.Component {
                 }} />
               </Col>
             </Row>
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={2}>
-                {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
-              </Col>
-              <Col span={22} >
-                <Input value={this.state.provider.domain} onChange={e => {
-                  this.updateProviderField("domain", e.target.value);
-                }} />
-              </Col>
-            </Row>
-            {["AWS S3", "MinIO", "Tencent Cloud COS"].includes(this.state.provider.type) ? (
+            {["MinIO"].includes(this.state.provider.type) ? null : (
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.domain} disabled={this.state.provider.type === "Local File System"} onChange={e => {
+                    this.updateProviderField("domain", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            )}
+            {["AWS S3", "Tencent Cloud COS"].includes(this.state.provider.type) ? (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
@@ -674,6 +688,7 @@ class ProviderEditPage extends React.Component {
             ) : null}
           </div>
         ) : null}
+        {this.getAppIdRow(this.state.provider)}
         {
           this.state.provider.category === "Email" ? (
             <React.Fragment>
@@ -919,7 +934,6 @@ class ProviderEditPage extends React.Component {
             </Row>
           ) : null
         }
-        {this.getAppIdRow(this.state.provider)}
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("provider:Provider URL"), i18next.t("provider:Provider URL - Tooltip"))} :

web/src/RoleEditPage.js

@@ -43,7 +43,7 @@ class RoleEditPage extends React.Component {
   getRole() {
     RoleBackend.getRole(this.state.organizationName, this.state.roleName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -53,11 +53,11 @@ class RoleEditPage extends React.Component {
         }
 
         this.setState({
-          role: res,
+          role: res.data,
         });
 
-        this.getUsers(res.owner);
-        this.getRoles(res.owner);
+        this.getUsers(this.state.organizationName);
+        this.getRoles(this.state.organizationName);
       });
   }
 
@@ -65,7 +65,7 @@ class RoleEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }
@@ -77,8 +77,9 @@ class RoleEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          users: res,
+          users: res.data,
         });
       });
   }
@@ -90,8 +91,9 @@ class RoleEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          roles: res,
+          roles: res.data,
         });
       });
   }

web/src/Setting.js

@@ -216,6 +216,12 @@ export const OtherProviderInfo = {
       url: "https://platform.openai.com",
     },
   },
+  Web3: {
+    "MetaMask": {
+      logo: `${StaticBaseUrl}/img/social_metamask.svg`,
+      url: "https://metamask.io/",
+    },
+  },
 };
 
 export function initCountries() {
@@ -288,7 +294,7 @@ export function isProviderVisible(providerItem) {
     return false;
   }
 
-  if (providerItem.provider.category !== "OAuth" && providerItem.provider.category !== "SAML") {
+  if (!["OAuth", "SAML", "Web3"].includes(providerItem.provider.category)) {
     return false;
   }
 
@@ -891,6 +897,10 @@ export function getProviderTypeOptions(category) {
     return ([
       {id: "OpenAI API - GPT", name: "OpenAI API - GPT"},
     ]);
+  } else if (category === "Web3") {
+    return ([
+      {id: "MetaMask", name: "MetaMask"},
+    ]);
   } else {
     return [];
   }

web/src/SubscriptionEditPage.js

@@ -47,7 +47,7 @@ class SubscriptionEditPage extends React.Component {
   getSubscription() {
     SubscriptionBackend.getSubscription(this.state.organizationName, this.state.subscriptionName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -58,11 +58,11 @@ class SubscriptionEditPage extends React.Component {
         }
 
         this.setState({
-          subscription: res,
+          subscription: res.data,
         });
 
-        this.getUsers(res.owner);
-        this.getPlanes(res.owner);
+        this.getUsers(this.state.organizationName);
+        this.getPlanes(this.state.organizationName);
       });
   }
 
@@ -70,7 +70,7 @@ class SubscriptionEditPage extends React.Component {
     PlanBackend.getPlans(organizationName)
       .then((res) => {
         this.setState({
-          planes: res,
+          planes: res.data,
         });
       });
   }
@@ -82,8 +82,9 @@ class SubscriptionEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
+
         this.setState({
-          users: res,
+          users: res.data,
         });
       });
   }
@@ -92,7 +93,7 @@ class SubscriptionEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/SyncerEditPage.js

@@ -48,7 +48,7 @@ class SyncerEditPage extends React.Component {
   getSyncer() {
     SyncerBackend.getSyncer("admin", this.state.syncerName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -59,7 +59,7 @@ class SyncerEditPage extends React.Component {
         }
 
         this.setState({
-          syncer: res,
+          syncer: res.data,
         });
       });
   }
@@ -68,7 +68,7 @@ class SyncerEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/TokenEditPage.js

@@ -36,7 +36,7 @@ class TokenEditPage extends React.Component {
   getToken() {
     TokenBackend.getToken("admin", this.state.tokenName)
       .then((res) => {
-        if (res === null) {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
@@ -47,7 +47,7 @@ class TokenEditPage extends React.Component {
         }
 
         this.setState({
-          token: res,
+          token: res.data,
         });
       });
   }

web/src/UserEditPage.js

@@ -36,6 +36,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 import {DeleteMfa} from "./backend/MfaBackend";
 import {CheckCircleOutlined, HolderOutlined, UsergroupAddOutlined} from "@ant-design/icons";
 import * as MfaBackend from "./backend/MfaBackend";
+import AccountAvatar from "./account/AccountAvatar";
 
 const {Option} = Select;
 
@@ -74,19 +75,20 @@ class UserEditPage extends React.Component {
 
   getUser() {
     UserBackend.getUser(this.state.organizationName, this.state.userName)
-      .then((data) => {
-        if (data === null) {
+      .then((res) => {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
 
-        if (data.status === null || data.status !== "error") {
-          this.setState({
-            user: data,
-            multiFactorAuths: data?.multiFactorAuths ?? [],
-          });
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
         }
+
         this.setState({
+          user: res.data,
+          multiFactorAuths: res.data?.multiFactorAuths ?? [],
           loading: false,
         });
       });
@@ -107,7 +109,7 @@ class UserEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }
@@ -116,7 +118,7 @@ class UserEditPage extends React.Component {
     ApplicationBackend.getApplicationsByOrganization("admin", organizationName)
       .then((res) => {
         this.setState({
-          applications: (res.msg === undefined) ? res : [],
+          applications: res.data || [],
         });
       });
   }
@@ -128,12 +130,10 @@ class UserEditPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
-        this.setState({
-          application: res,
-        });
 
         this.setState({
-          isGroupsVisible: res.organizationObj.accountItems?.some((item) => item.name === "Groups" && item.visible),
+          application: res.data,
+          isGroupsVisible: res.data?.organizationObj.accountItems?.some((item) => item.name === "Groups" && item.visible),
         });
       });
   }
@@ -791,10 +791,23 @@ class UserEditPage extends React.Component {
                 {
                   (this.state.application === null || this.state.user === null) ? null : (
                     this.state.application?.providers.filter(providerItem => Setting.isProviderVisible(providerItem)).map((providerItem) =>
-                      (providerItem.provider.category === "OAuth") ? (
-                        <OAuthWidget key={providerItem.name} labelSpan={(Setting.isMobile()) ? 10 : 3} user={this.state.user} application={this.state.application} providerItem={providerItem} account={this.props.account} onUnlinked={() => {return this.unlinked();}} />
+                      (providerItem.provider.category === "OAuth" || providerItem.provider.category === "Web3") ? (
+                        <OAuthWidget
+                          key={providerItem.name}
+                          labelSpan={(Setting.isMobile()) ? 10 : 3}
+                          user={this.state.user}
+                          application={this.state.application}
+                          providerItem={providerItem}
+                          account={this.props.account}
+                          onUnlinked={() => {return this.unlinked();}} />
                       ) : (
-                        <SamlWidget key={providerItem.name} labelSpan={(Setting.isMobile()) ? 10 : 3} user={this.state.user} application={this.state.application} providerItem={providerItem} onUnlinked={() => {return this.unlinked();}} />
+                        <SamlWidget
+                          key={providerItem.name}
+                          labelSpan={(Setting.isMobile()) ? 10 : 3}
+                          user={this.state.user}
+                          application={this.state.application}
+                          providerItem={providerItem}
+                          onUnlinked={() => {return this.unlinked();}} />
                       )
                     )
                   )
@@ -971,12 +984,12 @@ class UserEditPage extends React.Component {
         {
           imgUrl ?
             <a target="_blank" rel="noreferrer" href={imgUrl} style={{marginBottom: "10px"}}>
-              <img src={imgUrl} alt={imgUrl} height={90} style={{marginBottom: "20px"}} />
+              <AccountAvatar src={imgUrl} alt={imgUrl} size={90} style={{marginBottom: "20px"}} />
             </a>
             :
             <Col style={{height: "78%", border: "1px dotted grey", borderRadius: 3, marginBottom: 5}}>
               <div style={{fontSize: 30, margin: 10}}>+</div>
-              <div style={{verticalAlign: "middle", marginBottom: 10}}>{`请上传${title}...`}</div>
+              <div style={{verticalAlign: "middle", marginBottom: 10}}>{`Upload ${title}...`}</div>
             </Col>
         }
         <CropperDivModal disabled={disabled} tag={tag} setTitle={set} buttonText={`${title}...`} title={title} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />

web/src/UserListPage.js

@@ -23,6 +23,7 @@ import * as UserBackend from "./backend/UserBackend";
 import i18next from "i18next";
 import BaseListPage from "./BaseListPage";
 import PopconfirmModal from "./common/modal/PopconfirmModal";
+import AccountAvatar from "./account/AccountAvatar";
 
 class UserListPage extends BaseListPage {
   constructor(props) {
@@ -270,7 +271,7 @@ class UserListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <a target="_blank" rel="noreferrer" href={text}>
-              <img referrerPolicy="no-referrer" src={text} alt={text} width={50} />
+              <AccountAvatar referrerPolicy="no-referrer" src={text} alt={text} size={50} />
             </a>
           );
         },

web/src/WebhookEditPage.js

@@ -122,14 +122,14 @@ class WebhookEditPage extends React.Component {
 
   getWebhook() {
     WebhookBackend.getWebhook("admin", this.state.webhookName)
-      .then((webhook) => {
-        if (webhook === null) {
+      .then((res) => {
+        if (res.data === null) {
           this.props.history.push("/404");
           return;
         }
 
         this.setState({
-          webhook: webhook,
+          webhook: res.data,
         });
       });
   }
@@ -138,7 +138,7 @@ class WebhookEditPage extends React.Component {
     OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
-          organizations: (res.msg === undefined) ? res : [],
+          organizations: res.data || [],
         });
       });
   }

web/src/account/AccountAvatar.js

@@ -0,0 +1,36 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {MetaMaskAvatar} from "react-metamask-avatar";
+
+class AccountAvatar extends React.Component {
+  render() {
+    const {src, size} = this.props;
+    // The avatar for Metamask account is directly generated by an algorithm based on the address
+    // src = "metamask:0xC304b2cC0Be8E9ce10fF3Afd34820Ed306A23600";
+    const matchMetaMask = src.match(/^metamask:(\w+)$/);
+    if (matchMetaMask) {
+      const address = matchMetaMask[1];
+      return (
+        <MetaMaskAvatar address={address} size={size} />
+      );
+    }
+    return (
+      <img width={size} height={size} src={src} />
+    );
+  }
+}
+
+export default AccountAvatar;

web/src/auth/AuthCallback.js

@@ -95,6 +95,12 @@ class AuthCallback extends React.Component {
     if (code === null) {
       code = params.get("authCode");
     }
+    // The code for Metamask is the JSON-serialized string of Web3AuthToken
+    // Due to the limited length of URLs, we only pass the web3AuthTokenKey
+    if (code === null) {
+      code = params.get("web3AuthTokenKey");
+      code = localStorage.getItem(code);
+    }
     // Steam don't use code, so we should use all params as code.
     if (isSteam !== null && code === null) {
       code = this.props.location.search;

web/src/auth/ForgetPage.js

@@ -68,7 +68,7 @@ class ForgetPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
-        this.onUpdateApplication(res);
+        this.onUpdateApplication(res.data);
       });
   }
   getApplicationObj() {

web/src/auth/GoogleLoginButton.js

@@ -14,6 +14,9 @@
 
 import {createButton} from "react-social-login-buttons";
 import {StaticBaseUrl} from "../Setting";
+import {useGoogleOneTapLogin} from "react-google-one-tap-login";
+import * as Setting from "../Setting";
+import * as Provider from "./Provider";
 
 function Icon({width = 24, height = 24, color}) {
   return <img src={`${StaticBaseUrl}/buttons/google.svg`} alt="Sign in with Google" />;
@@ -29,4 +32,29 @@ const config = {
 
 const GoogleLoginButton = createButton(config);
 
+export function GoogleOneTapLoginVirtualButton(prop) {
+  const application = prop.application;
+  const providerConf = prop.providerConf;
+  // https://stackoverflow.com/questions/62281579/google-one-tap-sign-in-ui-not-displayed-after-clicking-the-close-button
+  // document.cookie = "g_state=;path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT";
+  useGoogleOneTapLogin({
+    googleAccountConfigs: {
+      client_id: providerConf.provider.clientId,
+    },
+    onError: (error) => {
+      Setting.showMessage("error", error);
+    },
+    onSuccess: (response) => {
+      const code = "GoogleIdToken-" + JSON.stringify(response);
+      const authUrlParams = new URLSearchParams(Provider.getAuthUrl(application, providerConf.provider, "signup"));
+      const state = authUrlParams.get("state");
+      let redirectUri = authUrlParams.get("redirect_uri");
+      redirectUri = `${redirectUri}?state=${state}&code=${encodeURIComponent(code)}`;
+      Setting.goToLink(redirectUri);
+    },
+    disableCancelOnUnmount: true,
+  });
+
+}
+
 export default GoogleLoginButton;

web/src/auth/LoginPage.js

@@ -36,7 +36,7 @@ import {CaptchaModal} from "../common/modal/CaptchaModal";
 import {CaptchaRule} from "../common/modal/CaptchaModal";
 import RedirectForm from "../common/RedirectForm";
 import {MfaAuthVerifyForm, NextMfa, RequiredMfa} from "./mfa/MfaAuthVerifyForm";
-
+import {GoogleOneTapLoginVirtualButton} from "./GoogleLoginButton";
 class LoginPage extends React.Component {
   constructor(props) {
     super(props);
@@ -170,10 +170,15 @@ class LoginPage extends React.Component {
             Setting.showMessage("error", res.msg);
             return;
           }
-          this.onUpdateApplication(res);
+          this.onUpdateApplication(res.data);
         });
     } else {
-      OrganizationBackend.getDefaultApplication("admin", this.state.owner)
+      let redirectUri = "";
+      if (this.state.type === "cas") {
+        const casParams = Util.getCasParameters();
+        redirectUri = casParams.service;
+      }
+      OrganizationBackend.getDefaultApplication("admin", this.state.owner, this.state.type, redirectUri)
         .then((res) => {
           if (res.status === "ok") {
             const application = res.data;
@@ -183,9 +188,9 @@ class LoginPage extends React.Component {
             });
           } else {
             this.onUpdateApplication(null);
-            Setting.showMessage("error", res.msg);
-
-            this.props.history.push("/404");
+            this.setState({
+              msg: res.msg,
+            });
           }
         });
     }
@@ -418,6 +423,16 @@ class LoginPage extends React.Component {
     }
   }
 
+  renderOtherFormProvider(application) {
+    for (const providerConf of application.providers) {
+      if (providerConf.provider?.type === "Google" && providerConf.rule === "OneTap" && this.props.preview !== "auto") {
+        return (
+          <GoogleOneTapLoginVirtualButton application={application} providerConf={providerConf} />
+        );
+      }
+    }
+  }
+
   renderForm(application) {
     if (this.state.msg !== null) {
       return Util.renderMessage(this.state.msg);
@@ -575,6 +590,9 @@ class LoginPage extends React.Component {
                 return ProviderButton.renderProviderLogo(providerItem.provider, application, 30, 5, "small", this.props.location);
               })
             }
+            {
+              this.renderOtherFormProvider(application)
+            }
           </Form.Item>
         </Form>
       );
@@ -596,6 +614,9 @@ class LoginPage extends React.Component {
               return ProviderButton.renderProviderLogo(providerItem.provider, application, 40, 10, "big", this.props.location);
             })
           }
+          {
+            this.renderOtherFormProvider(application)
+          }
           <div>
             <br />
             {

web/src/auth/MfaSetupPage.js

@@ -69,7 +69,7 @@ class MfaSetupPage extends React.Component {
             return;
           }
           this.setState({
-            application: res,
+            application: res.data,
           });
         } else {
           Setting.showMessage("error", i18next.t("mfa:Failed to get application"));

web/src/auth/PromptPage.js

@@ -63,7 +63,7 @@ class PromptPage extends React.Component {
         }
 
         this.setState({
-          user: res,
+          user: res.data,
         });
       });
   }
@@ -80,9 +80,9 @@ class PromptPage extends React.Component {
           return;
         }
 
-        this.onUpdateApplication(res);
+        this.onUpdateApplication(res.data);
         this.setState({
-          application: res,
+          application: res.data,
         });
       });
   }

web/src/auth/Provider.js

@@ -317,6 +317,10 @@ const authInfo = {
     scope: "user:read",
     endpoint: "https://zoom.us/oauth/authorize",
   },
+  MetaMask: {
+    scope: "",
+    endpoint: "",
+  },
 };
 
 export function getProviderUrl(provider) {
@@ -459,5 +463,7 @@ export function getAuthUrl(application, provider, method) {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&state=${state}&grant_options[]=per-user`;
   } else if (provider.type === "Twitter" || provider.type === "Fitbit") {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}&code_challenge=${codeChallenge}&code_challenge_method=S256`;
+  } else if (provider.type === "MetaMask") {
+    return `${redirectUri}?state=${state}`;
   }
 }

web/src/auth/ProviderButton.js

@@ -17,6 +17,7 @@ import i18next from "i18next";
 import * as Provider from "./Provider";
 import {getProviderLogoURL} from "../Setting";
 import {GithubLoginButton, GoogleLoginButton} from "react-social-login-buttons";
+import {authViaMetaMask} from "./Web3Auth";
 import QqLoginButton from "./QqLoginButton";
 import FacebookLoginButton from "./FacebookLoginButton";
 import WeiboLoginButton from "./WeiboLoginButton";
@@ -117,6 +118,12 @@ function goToSamlUrl(provider, location) {
   });
 }
 
+export function goToWeb3Url(application, provider, method) {
+  if (provider.type === "MetaMask") {
+    authViaMetaMask(application, provider, method);
+  }
+}
+
 export function renderProviderLogo(provider, application, width, margin, size, location) {
   if (size === "small") {
     if (provider.category === "OAuth") {
@@ -153,6 +160,12 @@ export function renderProviderLogo(provider, application, width, margin, size, l
           <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} />
         </a>
       );
+    } else if (provider.category === "Web3") {
+      return (
+        <a key={provider.displayName} onClick={() => goToWeb3Url(application, provider, "signup")}>
+          <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} />
+        </a>
+      );
     }
   } else if (provider.type === "Custom") {
     // style definition
@@ -192,6 +205,16 @@ export function renderProviderLogo(provider, application, width, margin, size, l
           </a>
         </div>
       );
+    } else if (provider.category === "Web3") {
+      return (
+        <div key={provider.displayName} style={{marginBottom: "10px"}}>
+          <a onClick={() => goToWeb3Url(application, provider, "signup")}>
+            {
+              getSigninButton(provider)
+            }
+          </a>
+        </div>
+      );
     } else {
       return (
         <div key={provider.displayName} style={{marginBottom: "10px"}}>

web/src/auth/ResultPage.js

@@ -48,9 +48,10 @@ class ResultPage extends React.Component {
           Setting.showMessage("error", res.msg);
           return;
         }
-        this.onUpdateApplication(res);
+
+        this.onUpdateApplication(res.data);
         this.setState({
-          application: res,
+          application: res.data,
         });
       });
   }

web/src/auth/SignupPage.js

@@ -114,7 +114,7 @@ class SignupPage extends React.Component {
           return;
         }
 
-        this.onUpdateApplication(res);
+        this.onUpdateApplication(res.data);
       });
   }
 

web/src/auth/Web3Auth.js

@@ -0,0 +1,149 @@
+// // Copyright 2023 The Casdoor Authors. All Rights Reserved.
+// //
+// // Licensed under the Apache License, Version 2.0 (the "License");
+// // you may not use this file except in compliance with the License.
+// // You may obtain a copy of the License at
+// //
+// //      http://www.apache.org/licenses/LICENSE-2.0
+// //
+// // Unless required by applicable law or agreed to in writing, software
+// // distributed under the License is distributed on an "AS IS" BASIS,
+// // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// // See the License for the specific language governing permissions and
+// // limitations under the License.
+
+import {goToLink, showMessage} from "../Setting";
+import i18next from "i18next";
+import {v4 as uuidv4} from "uuid";
+import {SignTypedDataVersion, recoverTypedSignature} from "@metamask/eth-sig-util";
+import {getAuthUrl} from "./Provider";
+import {Buffer} from "buffer";
+// import {toChecksumAddress} from "ethereumjs-util";
+global.Buffer = Buffer;
+
+export function generateNonce() {
+  const nonce = uuidv4();
+  return nonce;
+}
+
+export function getWeb3AuthTokenKey(address) {
+  return `Web3AuthToken_${address}`;
+}
+
+export function setWeb3AuthToken(token) {
+  const key = getWeb3AuthTokenKey(token.address);
+  localStorage.setItem(key, JSON.stringify(token));
+}
+
+export function getWeb3AuthToken(address) {
+  const key = getWeb3AuthTokenKey(address);
+  return JSON.parse(localStorage.getItem(key));
+}
+
+export function delWeb3AuthToken(address) {
+  const key = getWeb3AuthTokenKey(address);
+  localStorage.removeItem(key);
+}
+
+export function clearWeb3AuthToken() {
+  const keys = Object.keys(localStorage);
+  keys.forEach(key => {
+    if (key.startsWith("Web3AuthToken_")) {
+      localStorage.removeItem(key);
+    }
+  });
+}
+
+export function detectMetaMaskPlugin() {
+  // check if ethereum extension MetaMask is installed
+  return window.ethereum && window.ethereum.isMetaMask;
+}
+
+export function requestEthereumAccount() {
+  const method = "eth_requestAccounts";
+  const selectedAccount = window.ethereum.request({method})
+    .then((accounts) => {
+      return accounts[0];
+    });
+  return selectedAccount;
+}
+
+export function signEthereumTypedData(from, nonce) {
+  // https://docs.metamask.io/wallet/how-to/sign-data/
+  const date = new Date();
+  const typedData = JSON.stringify({
+    domain: {
+      chainId: window.ethereum.chainId,
+      name: "Casdoor",
+      version: "1",
+    },
+    message: {
+      prompt: "In order to authenticate to this website, sign this request and your public address will be sent to the server in a verifiable way.",
+      nonce: nonce,
+      createAt: `${date.toLocaleString()}`,
+    },
+    primaryType: "AuthRequest",
+    types: {
+      EIP712Domain: [
+        {name: "name", type: "string"},
+        {name: "version", type: "string"},
+        {name: "chainId", type: "uint256"},
+      ],
+      AuthRequest: [
+        {name: "prompt", type: "string"},
+        {name: "nonce", type: "string"},
+        {name: "createAt", type: "string"},
+      ],
+    },
+  });
+
+  const method = "eth_signTypedData_v4";
+  const params = [from, typedData];
+
+  return window.ethereum.request({method, params})
+    .then((sign) => {
+      return {
+        address: from,
+        createAt: Math.floor(date.getTime() / 1000),
+        typedData: typedData,
+        signature: sign,
+      };
+    });
+}
+
+export function checkEthereumSignedTypedData(token) {
+  if (token === undefined || token === null) {
+    return false;
+  }
+  if (token.address && token.typedData && token.signature) {
+    const recoveredAddr = recoverTypedSignature({
+      data: JSON.parse(token.typedData),
+      signature: token.signature,
+      version: SignTypedDataVersion.V4,
+    });
+    // const recoveredAddr = token.address;
+    return recoveredAddr === token.address;
+    // return toChecksumAddress(recoveredAddr) === toChecksumAddress(token.address);
+  }
+  return false;
+}
+
+export async function authViaMetaMask(application, provider, method) {
+  if (!detectMetaMaskPlugin()) {
+    showMessage("error", `${i18next.t("login:MetaMask plugin not detected")}`);
+    return;
+  }
+  try {
+    const account = await requestEthereumAccount();
+    let token = getWeb3AuthToken(account);
+    if (!checkEthereumSignedTypedData(token)) {
+      const nonce = generateNonce();
+      token = await signEthereumTypedData(account, nonce);
+      setWeb3AuthToken(token);
+    }
+    const redirectUri = `${getAuthUrl(application, provider, method)}&web3AuthTokenKey=${getWeb3AuthTokenKey(account)}`;
+    goToLink(redirectUri);
+  } catch (err) {
+    showMessage("error", `${i18next.t("login:Failed to obtain MetaMask authorization")}: ${err.message}`);
+  }
+}

web/src/backend/OrganizationBackend.js

@@ -70,8 +70,8 @@ export function deleteOrganization(organization) {
   }).then(res => res.json());
 }
 
-export function getDefaultApplication(owner, name) {
-  return fetch(`${Setting.ServerUrl}/api/get-default-application?id=${owner}/${encodeURIComponent(name)}`, {
+export function getDefaultApplication(owner, name, type = "", redirectUri = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-default-application?id=${owner}/${encodeURIComponent(name)}&type=${type}&redirectUri=${redirectUri}`, {
     method: "GET",
     credentials: "include",
     headers: {

web/src/basic/HomePage.js

@@ -36,7 +36,7 @@ class HomePage extends React.Component {
     ApplicationBackend.getApplicationsByOrganization("admin", organizationName)
       .then((res) => {
         this.setState({
-          applications: (res.msg === undefined) ? res : [],
+          applications: res.data || [],
         });
       });
   }

web/src/common/OAuthWidget.js

@@ -19,6 +19,9 @@ import * as UserBackend from "../backend/UserBackend";
 import * as Setting from "../Setting";
 import * as Provider from "../auth/Provider";
 import * as AuthBackend from "../auth/AuthBackend";
+import {goToWeb3Url} from "../auth/ProviderButton";
+import {delWeb3AuthToken} from "../auth/Web3Auth";
+import AccountAvatar from "../account/AccountAvatar";
 
 class OAuthWidget extends React.Component {
   constructor(props) {
@@ -88,12 +91,15 @@ class OAuthWidget extends React.Component {
     return user.properties[key];
   }
 
-  unlinkUser(providerType) {
+  unlinkUser(providerType, linkedValue) {
     const body = {
       providerType: providerType,
       // should add the unlink user's info, cause the user may not be logged in, but a admin want to unlink the user.
       user: this.props.user,
     };
+    if (providerType === "MetaMask") {
+      delWeb3AuthToken(linkedValue);
+    }
     AuthBackend.unlink(body)
       .then((res) => {
         if (res.status === "ok") {
@@ -151,7 +157,7 @@ class OAuthWidget extends React.Component {
           </span>
         </Col>
         <Col span={24 - this.props.labelSpan} >
-          <img style={{marginRight: "10px"}} width={30} height={30} src={avatarUrl} alt={name} referrerPolicy="no-referrer" />
+          <AccountAvatar style={{marginRight: "10px"}} size={30} src={avatarUrl} alt={name} referrerPolicy="no-referrer" />
           <span style={{width: this.props.labelSpan === 3 ? "300px" : "200px", display: (Setting.isMobile()) ? "inline" : "inline-block"}}>
             {
               linkedValue === "" ? (
@@ -169,11 +175,15 @@ class OAuthWidget extends React.Component {
           </span>
           {
             linkedValue === "" ? (
-              <a key={provider.displayName} href={user.id !== account.id ? null : Provider.getAuthUrl(application, provider, "link")}>
-                <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id}>{i18next.t("user:Link")}</Button>
-              </a>
+              provider.category === "Web3" ? (
+                <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id} onClick={() => goToWeb3Url(application, provider, "link")}>{i18next.t("user:Link")}</Button>
+              ) : (
+                <a key={provider.displayName} href={user.id !== account.id ? null : Provider.getAuthUrl(application, provider, "link")}>
+                  <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id}>{i18next.t("user:Link")}</Button>
+                </a>
+              )
             ) : (
-              <Button disabled={!providerItem.canUnlink && !account.isGlobalAdmin} style={{marginLeft: "20px", width: linkButtonWidth}} onClick={() => this.unlinkUser(provider.type)}>{i18next.t("user:Unlink")}</Button>
+              <Button disabled={!providerItem.canUnlink && !account.isGlobalAdmin} style={{marginLeft: "20px", width: linkButtonWidth}} onClick={() => this.unlinkUser(provider.type, linkedValue)}>{i18next.t("user:Unlink")}</Button>
             )
           }
         </Col>

web/src/common/modal/AgreementModal.js

@@ -15,6 +15,7 @@
 import {Checkbox, Form, Modal} from "antd";
 import i18next from "i18next";
 import React, {useEffect, useState} from "react";
+import * as Setting from "../../Setting";
 
 export const AgreementModal = (props) => {
   const {open, onOk, onCancel, application} = props;
@@ -31,14 +32,16 @@ export const AgreementModal = (props) => {
     <Modal
       title={i18next.t("signup:Terms of Use")}
       open={open}
-      width={"55vw"}
+      width={Setting.isMobile() ? "100vw" : "55vw"}
       closable={false}
       okText={i18next.t("signup:Accept")}
       cancelText={i18next.t("signup:Decline")}
       onOk={onOk}
       onCancel={onCancel}
+      style={{top: Setting.isMobile() ? "5px" : ""}}
+      maskStyle={{backgroundColor: Setting.isMobile() ? "white" : ""}}
     >
-      <iframe title={"terms"} style={{border: 0, width: "100%", height: "60vh"}} srcDoc={doc} />
+      <iframe title={"terms"} style={{border: 0, width: "100%", height: Setting.isMobile() ? "80vh" : "60vh"}} srcDoc={doc} />
     </Modal>
   );
 };

web/src/common/theme/ThemeEditor.js

@@ -17,7 +17,7 @@ import ThemePicker from "./ThemePicker";
 import ColorPicker, {GREEN_COLOR, PINK_COLOR} from "./ColorPicker";
 import RadiusPicker from "./RadiusPicker";
 import * as React from "react";
-import {useEffect} from "react";
+import {useEffect, useLayoutEffect} from "react";
 import {Content} from "antd/es/layout/layout";
 import i18next from "i18next";
 import * as Conf from "../../Conf";
@@ -58,6 +58,11 @@ export default function ThemeEditor(props) {
   }, [isLight, isCompact]);
 
   useEffect(() => {
+    onThemeChange(null, themeData);
+    form.setFieldsValue(themeData);
+  }, []);
+
+  useLayoutEffect(() => {
     const mergedData = Object.assign(Object.assign(Object.assign({}, Conf.ThemeDefault), {themeType}), ThemesInfo[themeType]);
     onThemeChange(null, mergedData);
     form.setFieldsValue(mergedData);

web/src/locales/de/data.json

@@ -197,6 +197,7 @@
     "Confirm": "Confirm",
     "Created time": "Erstellte Zeit",
     "Custom": "Custom",
+    "Default": "Default",
     "Default application": "Standard Anwendung",
     "Default application - Tooltip": "Standard-Anwendung für Benutzer, die direkt von der Organisationsseite registriert wurden",
     "Default avatar": "Standard-Avatar",
@@ -392,9 +393,11 @@
     "Auto sign in": "Automatische Anmeldung",
     "Continue with": "Weitermachen mit",
     "Email or phone": "E-Mail oder Telefon",
+    "Failed to obtain MetaMask authorization": "Failed to obtain MetaMask authorization",
     "Forgot password?": "Passwort vergessen?",
     "Loading": "Laden",
     "Logging out...": "Ausloggen...",
+    "MetaMask plugin not detected": "MetaMask plugin not detected",
     "No account?": "Kein Konto?",
     "Or sign in with another account": "Oder mit einem anderen Konto anmelden",
     "Please input your Email or Phone!": "Bitte geben Sie Ihre E-Mail oder Telefonnummer ein!",
@@ -720,6 +723,8 @@
     "Secret key - Tooltip": "Vom Server verwendet, um die API des Verifizierungscodes-Providers für die Verifizierung aufzurufen",
     "Send Testing Email": "Senden Sie eine Test-E-Mail",
     "Send Testing SMS": "Sende Test-SMS",
+    "Sender number": "Sender number",
+    "Sender number - Tooltip": "Sender number - Tooltip",
     "Sign Name": "Signatur Namen",
     "Sign Name - Tooltip": "Name der Signatur, die verwendet werden soll",
     "Sign request": "Signaturanfrage",

web/src/locales/en/data.json

@@ -197,6 +197,7 @@
     "Confirm": "Confirm",
     "Created time": "Created time",
     "Custom": "Custom",
+    "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application for users registered directly from the organization page",
     "Default avatar": "Default avatar",
@@ -392,9 +393,11 @@
     "Auto sign in": "Auto sign in",
     "Continue with": "Continue with",
     "Email or phone": "Email or phone",
+    "Failed to obtain MetaMask authorization": "Failed to obtain MetaMask authorization",
     "Forgot password?": "Forgot password?",
     "Loading": "Loading",
     "Logging out...": "Logging out...",
+    "MetaMask plugin not detected": "MetaMask plugin not detected",
     "No account?": "No account?",
     "Or sign in with another account": "Or sign in with another account",
     "Please input your Email or Phone!": "Please input your Email or Phone!",
@@ -720,6 +723,8 @@
     "Secret key - Tooltip": "Used by the server to call the verification code provider API for verification",
     "Send Testing Email": "Send Testing Email",
     "Send Testing SMS": "Send Testing SMS",
+    "Sender number": "Sender number",
+    "Sender number - Tooltip": "Sender number - Tooltip",
     "Sign Name": "Sign Name",
     "Sign Name - Tooltip": "Name of the signature to be used",
     "Sign request": "Sign request",

web/src/locales/es/data.json

@@ -197,6 +197,7 @@
     "Confirm": "Confirm",
     "Created time": "Tiempo creado",
     "Custom": "Custom",
+    "Default": "Default",
     "Default application": "Aplicación predeterminada",
     "Default application - Tooltip": "Aplicación predeterminada para usuarios registrados directamente desde la página de la organización",
     "Default avatar": "Avatar predeterminado",
@@ -392,9 +393,11 @@
     "Auto sign in": "Inicio de sesión automático",
     "Continue with": "Continúe con",
     "Email or phone": "Correo electrónico o teléfono",
+    "Failed to obtain MetaMask authorization": "Failed to obtain MetaMask authorization",
     "Forgot password?": "¿Olvidaste tu contraseña?",
     "Loading": "Cargando",
     "Logging out...": "Cerrando sesión...",
+    "MetaMask plugin not detected": "MetaMask plugin not detected",
     "No account?": "¿No tienes cuenta?",
     "Or sign in with another account": "O inicia sesión con otra cuenta",
     "Please input your Email or Phone!": "¡Por favor introduzca su correo electrónico o teléfono!",
@@ -720,6 +723,8 @@
     "Secret key - Tooltip": "Utilizado por el servidor para llamar a la API del proveedor de códigos de verificación para verificar",
     "Send Testing Email": "Enviar correo electrónico de prueba",
     "Send Testing SMS": "Enviar SMS de prueba",
+    "Sender number": "Sender number",
+    "Sender number - Tooltip": "Sender number - Tooltip",
     "Sign Name": "Firma de Nombre",
     "Sign Name - Tooltip": "Nombre de la firma a ser utilizada",
     "Sign request": "Solicitud de firma",

web/src/locales/fr/data.json

@@ -197,6 +197,7 @@
     "Confirm": "Confirm",
     "Created time": "Temps créé",
     "Custom": "Custom",
+    "Default": "Default",
     "Default application": "Application par défaut",
     "Default application - Tooltip": "Application par défaut pour les utilisateurs enregistrés directement depuis la page de l'organisation",
     "Default avatar": "Avatar par défaut",
@@ -392,9 +393,11 @@
     "Auto sign in": "Connexion automatique",
     "Continue with": "Continuer avec",
     "Email or phone": "Email ou téléphone",
+    "Failed to obtain MetaMask authorization": "Failed to obtain MetaMask authorization",
     "Forgot password?": "Mot de passe oublié ?",
     "Loading": "Chargement",
     "Logging out...": "Déconnexion...",
+    "MetaMask plugin not detected": "MetaMask plugin not detected",
     "No account?": "Aucun compte ?",
     "Or sign in with another account": "Ou connectez-vous avec un autre compte",
     "Please input your Email or Phone!": "S'il vous plaît, entrez votre adresse e-mail ou votre numéro de téléphone !",
@@ -720,6 +723,8 @@
     "Secret key - Tooltip": "Utilisé par le serveur pour appeler l'API du fournisseur de code de vérification pour vérifier",
     "Send Testing Email": "Envoyer un e-mail de test",
     "Send Testing SMS": "Envoyer des messages SMS de tests",
+    "Sender number": "Sender number",
+    "Sender number - Tooltip": "Sender number - Tooltip",
     "Sign Name": "Nom de signature",
     "Sign Name - Tooltip": "Nom de la signature à utiliser",
     "Sign request": "Demande de signature",

web/src/locales/id/data.json

@@ -197,6 +197,7 @@
     "Confirm": "Confirm",
     "Created time": "Waktu dibuat",
     "Custom": "Custom",
+    "Default": "Default",
     "Default application": "Aplikasi default",
     "Default application - Tooltip": "Aplikasi default untuk pengguna yang terdaftar langsung dari halaman organisasi",
     "Default avatar": "Avatar default",
@@ -392,9 +393,11 @@
     "Auto sign in": "Masuk otomatis",
     "Continue with": "Lanjutkan dengan",
     "Email or phone": "Email atau telepon",
+    "Failed to obtain MetaMask authorization": "Failed to obtain MetaMask authorization",
     "Forgot password?": "Lupa kata sandi?",
     "Loading": "Memuat",
     "Logging out...": "Keluar...",
+    "MetaMask plugin not detected": "MetaMask plugin not detected",
     "No account?": "Tidak memiliki akun?",
     "Or sign in with another account": "Atau masuk dengan akun lain",
     "Please input your Email or Phone!": "Silahkan masukkan email atau nomor telepon Anda!",
@@ -720,6 +723,8 @@
     "Secret key - Tooltip": "Digunakan oleh server untuk memanggil API penyedia kode verifikasi untuk melakukan verifikasi",
     "Send Testing Email": "Kirim Email Uji Coba",
     "Send Testing SMS": "Kirim SMS Uji Coba",
+    "Sender number": "Sender number",
+    "Sender number - Tooltip": "Sender number - Tooltip",
     "Sign Name": "Tanda Tangan",
     "Sign Name - Tooltip": "Nama tanda tangan yang akan digunakan",
     "Sign request": "Permintaan tanda tangan",

web/src/locales/ja/data.json

@@ -197,6 +197,7 @@
     "Confirm": "Confirm",
     "Created time": "作成された時間",
     "Custom": "Custom",
+    "Default": "Default",
     "Default application": "デフォルトアプリケーション",
     "Default application - Tooltip": "組織ページから直接登録されたユーザーのデフォルトアプリケーション",
     "Default avatar": "デフォルトのアバター",
@@ -392,9 +393,11 @@
     "Auto sign in": "自動サインイン",
     "Continue with": "続ける",
     "Email or phone": "メールまたは電話",
+    "Failed to obtain MetaMask authorization": "Failed to obtain MetaMask authorization",
     "Forgot password?": "パスワードを忘れましたか？",
     "Loading": "ローディング",
     "Logging out...": "ログアウト中...",
+    "MetaMask plugin not detected": "MetaMask plugin not detected",
     "No account?": "アカウントがありませんか？",
     "Or sign in with another account": "別のアカウントでサインインする",
     "Please input your Email or Phone!": "あなたのメールアドレスまたは電話番号を入力してください！",
@@ -720,6 +723,8 @@
     "Secret key - Tooltip": "認証のためにサーバーによって使用され、認証コードプロバイダAPIを呼び出すためのもの",
     "Send Testing Email": "テスト用メールを送信する",
     "Send Testing SMS": "テストSMSを送信してください",
+    "Sender number": "Sender number",
+    "Sender number - Tooltip": "Sender number - Tooltip",
     "Sign Name": "署名",
     "Sign Name - Tooltip": "使用する署名の名前",
     "Sign request": "サインリクエスト",