feat: add CasvisorUrl

* feat: fix price display

* feat: support subscription

* feat: fix select-plan-> signup -> buy-plan -> login flow

* feat: support paid-user to login and jump to the pricing page

* feat: support more subscription state

* feat: add payment providers for plan

* feat: format code

* feat: gofumpt

* feat: redirect to buy-plan-result page when user have pending subscription

* feat: response err when pricing don't exit

* Update PricingListPage.js

* Update ProductBuyPage.js

* Update LoginPage.js

---------

Co-authored-by: hsluoyz <hsluoyz@qq.com>

.github/workflows/build.yml

@@ -110,7 +110,7 @@ jobs:
         with:
           start: yarn start
           wait-on: 'http://localhost:7001'
-          wait-on-timeout: 180
+          wait-on-timeout: 210
           working-directory: ./web
 
       - uses: actions/upload-artifact@v3

README.md

@@ -11,7 +11,7 @@
     <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
   </a>
   <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casbin/casdoor.svg">
+    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
   </a>
   <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
     <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
@@ -23,16 +23,16 @@
     <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
   </a>
   <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casbin/casdoor?style=flat-square" alt="license">
+    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
   </a>
   <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casbin/casdoor?style=flat-square">
+    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
   </a>
   <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casbin/casdoor?style=flat-square">
+    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
   </a>
   <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casbin/casdoor?style=flat-square">
+    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
   </a>
   <a href="https://crowdin.com/project/casdoor-site">
     <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">

authz/authz.go

@@ -27,13 +27,7 @@ import (
 var Enforcer *casbin.Enforcer
 
 func InitApi() {
-	var err error
-
-	e, err := object.GetEnforcer(util.GetId("built-in", "api-enforcer-built-in"))
-	if err != nil {
-		panic(err)
-	}
-	err = e.InitEnforcer()
+	e, err := object.GetInitializedEnforcer(util.GetId("built-in", "api-enforcer-built-in"))
 	if err != nil {
 		panic(err)
 	}
@@ -93,6 +87,7 @@ p, *, *, GET, /api/get-prometheus-info, *, *
 p, *, *, *, /api/metrics, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
+p, *, *, GET, /api/get-subscription, *, *
 p, *, *, GET, /api/get-organization-names, *, *
 `
 

conf/conf.go

@@ -15,7 +15,7 @@
 package conf
 
 import (
-	"encoding/json"
+	"fmt"
 	"os"
 	"runtime"
 	"strconv"
@@ -24,15 +24,6 @@ import (
 	"github.com/beego/beego"
 )
 
-type Quota struct {
-	Organization int `json:"organization"`
-	User         int `json:"user"`
-	Application  int `json:"application"`
-	Provider     int `json:"provider"`
-}
-
-var quota = &Quota{-1, -1, -1, -1}
-
 func init() {
 	// this array contains the beego configuration items that may be modified via env
 	presetConfigItems := []string{"httpport", "appname"}
@@ -44,17 +35,6 @@ func init() {
 			}
 		}
 	}
-	initQuota()
-}
-
-func initQuota() {
-	res := beego.AppConfig.String("quota")
-	if res != "" {
-		err := json.Unmarshal([]byte(res), quota)
-		if err != nil {
-			panic(err)
-		}
-	}
 }
 
 func GetConfigString(key string) string {
@@ -67,7 +47,7 @@ func GetConfigString(key string) string {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
 		} else if key == "logConfig" {
-			res = "{\"filename\": \"logs/casdoor.log\", \"maxdays\":99999, \"perm\":\"0770\"}"
+			res = fmt.Sprintf("{\"filename\": \"logs/%s.log\", \"maxdays\":99999, \"perm\":\"0770\"}", beego.AppConfig.String("appname"))
 		}
 	}
 
@@ -129,10 +109,6 @@ func GetConfigBatchSize() int {
 	return res
 }
 
-func GetConfigQuota() *Quota {
-	return quota
-}
-
 func GetConfigRealDataSourceName(driverName string) string {
 	var dataSourceName string
 	if driverName != "mysql" {

conf/conf_quota.go

@@ -0,0 +1,48 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package conf
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego"
+)
+
+type Quota struct {
+	Organization int `json:"organization"`
+	User         int `json:"user"`
+	Application  int `json:"application"`
+	Provider     int `json:"provider"`
+}
+
+var quota = &Quota{-1, -1, -1, -1}
+
+func init() {
+	initQuota()
+}
+
+func initQuota() {
+	res := beego.AppConfig.String("quota")
+	if res != "" {
+		err := json.Unmarshal([]byte(res), quota)
+		if err != nil {
+			panic(err)
+		}
+	}
+}
+
+func GetConfigQuota() *Quota {
+	return quota
+}

controllers/account.go

@@ -153,12 +153,22 @@ func (c *ApiController) Signup() {
 		return
 	}
 
+	userType := "normal-user"
+	if authForm.Plan != "" && authForm.Pricing != "" {
+		err = object.CheckPricingAndPlan(authForm.Organization, authForm.Pricing, authForm.Plan)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		userType = "paid-user"
+	}
+
 	user := &object.User{
 		Owner:             authForm.Organization,
 		Name:              username,
 		CreatedTime:       util.GetCurrentTime(),
 		Id:                id,
-		Type:              "normal-user",
+		Type:              userType,
 		Password:          authForm.Password,
 		DisplayName:       authForm.Name,
 		Avatar:            organization.DefaultAvatar,
@@ -171,7 +181,6 @@ func (c *ApiController) Signup() {
 		Region:            authForm.Region,
 		Score:             initScore,
 		IsAdmin:           false,
-		IsGlobalAdmin:     false,
 		IsForbidden:       false,
 		IsDeleted:         false,
 		SignupApplication: application.Name,
@@ -211,7 +220,7 @@ func (c *ApiController) Signup() {
 		return
 	}
 
-	if application.HasPromptPage() {
+	if application.HasPromptPage() && user.Type == "normal-user" {
 		// The prompt page needs the user to be signed in
 		c.SetSessionUsername(user.GetId())
 	}
@@ -228,15 +237,6 @@ func (c *ApiController) Signup() {
 		return
 	}
 
-	isSignupFromPricing := authForm.Plan != "" && authForm.Pricing != ""
-	if isSignupFromPricing {
-		_, err = object.Subscribe(organization.Name, user.Name, authForm.Plan, authForm.Pricing)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
 	record := object.NewRecord(c.Ctx)
 	record.Organization = application.Organization
 	record.User = user.Name

controllers/adapter.go

@@ -20,7 +20,6 @@ import (
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )
 
 // GetAdapters
@@ -144,92 +143,3 @@ func (c *ApiController) DeleteAdapter() {
 	c.Data["json"] = wrapActionResponse(object.DeleteAdapter(&adapter))
 	c.ServeJSON()
 }
-
-func (c *ApiController) GetPolicies() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	policies, err := object.GetPolicies(adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(policies)
-}
-
-func (c *ApiController) UpdatePolicy() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var policies []xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdatePolicy(util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) AddPolicy() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var policy xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.AddPolicy(util.CasbinToSlice(policy), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) RemovePolicy() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var policy xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.RemovePolicy(util.CasbinToSlice(policy), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}

controllers/auth.go

@@ -70,7 +70,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	}
 
 	// check user's tag
-	if !user.IsGlobalAdmin && !user.IsAdmin && len(application.Tags) > 0 {
+	if !user.IsGlobalAdmin() && !user.IsAdmin && len(application.Tags) > 0 {
 		// only users with the tag that is listed in the application tags can login
 		if !util.InSlice(application.Tags, user.Tag) {
 			c.ResponseError(fmt.Sprintf(c.T("auth:User's tag: %s is not listed in the application's tags"), user.Tag))
@@ -78,6 +78,46 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		}
 	}
 
+	// check whether paid-user have active subscription
+	if user.Type == "paid-user" {
+		subscriptions, err := object.GetSubscriptionsByUser(user.Owner, user.Name)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		existActiveSubscription := false
+		for _, subscription := range subscriptions {
+			if subscription.State == object.SubStateActive {
+				existActiveSubscription = true
+				break
+			}
+		}
+		if !existActiveSubscription {
+			// check pending subscription
+			for _, sub := range subscriptions {
+				if sub.State == object.SubStatePending {
+					c.ResponseOk("BuyPlanResult", sub)
+					return
+				}
+			}
+			// paid-user does not have active or pending subscription, find the default pricing of application
+			pricing, err := object.GetApplicationDefaultPricing(application.Organization, application.Name)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
+			if pricing == nil {
+				c.ResponseError(fmt.Sprintf(c.T("auth:paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"), user.Name, application.Name))
+				return
+			} else {
+				// let the paid-user select plan
+				c.ResponseOk("SelectPlan", pricing)
+				return
+			}
+
+		}
+	}
+
 	if form.Type == ResponseTypeLogin {
 		c.SetSessionUsername(userId)
 		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
@@ -187,11 +227,34 @@ func (c *ApiController) GetApplicationLogin() {
 	redirectUri := c.Input().Get("redirectUri")
 	scope := c.Input().Get("scope")
 	state := c.Input().Get("state")
+	id := c.Input().Get("id")
+	loginType := c.Input().Get("type")
 
-	msg, application, err := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	var application *object.Application
+	var msg string
+	var err error
+	if loginType == "code" {
+		msg, application, err = object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	} else if loginType == "cas" {
+		application, err = object.GetApplication(id)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		if application == nil {
+			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), id))
+			return
+		}
+
+		err = object.CheckCasLogin(application, c.GetAcceptLanguage(), redirectUri)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
 	}
 
 	application = object.GetMaskedApplication(application, "")
@@ -566,7 +629,6 @@ func (c *ApiController) Login() {
 						Region:            userInfo.CountryCode,
 						Score:             initScore,
 						IsAdmin:           false,
-						IsGlobalAdmin:     false,
 						IsForbidden:       false,
 						IsDeleted:         false,
 						SignupApplication: application.Name,

controllers/base.go

@@ -79,7 +79,7 @@ func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 		return false, nil
 	}
 
-	return user.Owner == "built-in" || user.IsGlobalAdmin, user
+	return user.IsGlobalAdmin(), user
 }
 
 func (c *ApiController) getCurrentUser() *object.User {

controllers/casbin_api.go

@@ -45,13 +45,7 @@ func (c *ApiController) Enforce() {
 	}
 
 	if enforcerId != "" {
-		enforcer, err := object.GetEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		err = enforcer.InitEnforcer()
+		enforcer, err := object.GetInitializedEnforcer(enforcerId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -155,13 +149,7 @@ func (c *ApiController) BatchEnforce() {
 	}
 
 	if enforcerId != "" {
-		enforcer, err := object.GetEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		err = enforcer.InitEnforcer()
+		enforcer, err := object.GetInitializedEnforcer(enforcerId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return

controllers/enforcer.go

@@ -20,6 +20,7 @@ import (
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
+	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )
 
 // GetEnforcers
@@ -74,6 +75,7 @@ func (c *ApiController) GetEnforcers() {
 // @router /get-enforcer [get]
 func (c *ApiController) GetEnforcer() {
 	id := c.Input().Get("id")
+	loadModelCfg := c.Input().Get("loadModelCfg")
 
 	enforcer, err := object.GetEnforcer(id)
 	if err != nil {
@@ -81,6 +83,13 @@ func (c *ApiController) GetEnforcer() {
 		return
 	}
 
+	if loadModelCfg == "true" {
+		err := enforcer.LoadModelCfg()
+		if err != nil {
+			return
+		}
+	}
+
 	c.ResponseOk(enforcer)
 }
 
@@ -143,3 +152,88 @@ func (c *ApiController) DeleteEnforcer() {
 	c.Data["json"] = wrapActionResponse(object.DeleteEnforcer(&enforcer))
 	c.ServeJSON()
 }
+
+func (c *ApiController) GetPolicies() {
+	id := c.Input().Get("id")
+	adapterId := c.Input().Get("adapterId")
+
+	if adapterId != "" {
+		adapter, err := object.GetAdapter(adapterId)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		err = adapter.InitAdapter()
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		c.ResponseOk()
+		return
+	}
+
+	policies, err := object.GetPolicies(id)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(policies)
+}
+
+func (c *ApiController) UpdatePolicy() {
+	id := c.Input().Get("id")
+
+	var policies []xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.UpdatePolicy(id, util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]))
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) AddPolicy() {
+	id := c.Input().Get("id")
+
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.AddPolicy(id, util.CasbinToSlice(policy))
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) RemovePolicy() {
+	id := c.Input().Get("id")
+
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.RemovePolicy(id, util.CasbinToSlice(policy))
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}

controllers/get-dashboard.go

@@ -0,0 +1,35 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import "github.com/casdoor/casdoor/object"
+
+// GetDashboard
+// @Title GetDashboard
+// @Tag GetDashboard API
+// @Description get information of dashboard
+// @Success 200 {object} controllers.Response The Response object
+// @router /get-dashboard [get]
+func (c *ApiController) GetDashboard() {
+	owner := c.Input().Get("owner")
+
+	data, err := object.GetDashboard(owner)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(data)
+}

controllers/link.go

@@ -45,13 +45,13 @@ func (c *ApiController) Unlink() {
 	// the user will be unlinked from the provider
 	unlinkedUser := form.User
 
-	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
+	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin() {
 		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
 		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
 		return
 	}
 
-	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin {
+	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin() {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
 		application, err := object.GetApplicationByUser(user)
 		if err != nil {

controllers/organization.go

@@ -183,8 +183,6 @@ func (c *ApiController) DeleteOrganization() {
 func (c *ApiController) GetDefaultApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
-	redirectUri := c.Input().Get("redirectUri")
-	typ := c.Input().Get("type")
 
 	application, err := object.GetDefaultApplication(id)
 	if err != nil {
@@ -192,14 +190,6 @@ func (c *ApiController) GetDefaultApplication() {
 		return
 	}
 
-	if typ == "cas" {
-		err = object.CheckCasRestrict(application, c.GetAcceptLanguage(), redirectUri)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
 	maskedApplication := object.GetMaskedApplication(application, userId)
 	c.ResponseOk(maskedApplication)
 }

controllers/permission_upload.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -32,16 +33,15 @@ func (c *ApiController) UploadPermissions() {
 	}
 
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
 	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
+	defer os.Remove(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	affected, err := object.UploadPermissions(owner, fileId)
+	affected, err := object.UploadPermissions(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 	}

controllers/plan.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"fmt"
 
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -82,7 +83,10 @@ func (c *ApiController) GetPlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-
+	if plan == nil {
+		c.ResponseError(fmt.Sprintf(c.T("plan:The plan: %s does not exist"), id))
+		return
+	}
 	if includeOption {
 		options, err := object.GetPermissionsByRole(plan.Role)
 		if err != nil {
@@ -117,7 +121,20 @@ func (c *ApiController) UpdatePlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-
+	if plan.Product != "" {
+		planId := util.GetId(plan.Owner, plan.Product)
+		product, err := object.GetProduct(planId)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		object.UpdateProductForPlan(&plan, product)
+		_, err = object.UpdateProduct(planId, product)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
 	c.ServeJSON()
 }
@@ -136,7 +153,14 @@ func (c *ApiController) AddPlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-
+	// Create a related product for plan
+	product := object.CreateProductForPlan(&plan)
+	_, err = object.AddProduct(product)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	plan.Product = product.Name
 	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
 	c.ServeJSON()
 }
@@ -155,7 +179,13 @@ func (c *ApiController) DeletePlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-
+	if plan.Product != "" {
+		_, err = object.DeleteProduct(&object.Product{Owner: plan.Owner, Name: plan.Product})
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	}
 	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
 	c.ServeJSON()
 }

controllers/pricing.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"fmt"
 
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -80,7 +81,10 @@ func (c *ApiController) GetPricing() {
 		c.ResponseError(err.Error())
 		return
 	}
-
+	if pricing == nil {
+		c.ResponseError(fmt.Sprintf(c.T("pricing:The pricing: %s does not exist"), id))
+		return
+	}
 	c.ResponseOk(pricing)
 }
 

controllers/product.go

@@ -161,10 +161,17 @@ func (c *ApiController) DeleteProduct() {
 // @router /buy-product [post]
 func (c *ApiController) BuyProduct() {
 	id := c.Input().Get("id")
-	providerName := c.Input().Get("providerName")
 	host := c.Ctx.Request.Host
-
-	userId := c.GetSessionUsername()
+	providerName := c.Input().Get("providerName")
+	// buy `pricingName/planName` for `paidUserName`
+	pricingName := c.Input().Get("pricingName")
+	planName := c.Input().Get("planName")
+	paidUserName := c.Input().Get("userName")
+	owner, _ := util.GetOwnerAndNameFromId(id)
+	userId := util.GetId(owner, paidUserName)
+	if paidUserName == "" {
+		userId = c.GetSessionUsername()
+	}
 	if userId == "" {
 		c.ResponseError(c.T("general:Please login first"))
 		return
@@ -175,13 +182,12 @@ func (c *ApiController) BuyProduct() {
 		c.ResponseError(err.Error())
 		return
 	}
-
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}
 
-	payUrl, orderId, err := object.BuyProduct(id, providerName, user, host)
+	payUrl, orderId, err := object.BuyProduct(id, user, providerName, pricingName, planName, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/record.go

@@ -1,121 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetRecords
-// @Title GetRecords
-// @Tag Record API
-// @Description get all records
-// @Param   pageSize     query    string  true        "The size of each page"
-// @Param   p     query    string  true        "The number of the page"
-// @Success 200 {object} object.Record The Response object
-// @router /get-records [get]
-func (c *ApiController) GetRecords() {
-	organization, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organizationName := c.Input().Get("organizationName")
-
-	if limit == "" || page == "" {
-		records, err := object.GetRecords()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(records)
-	} else {
-		limit := util.ParseInt(limit)
-		if c.IsGlobalAdmin() && organizationName != "" {
-			organization = organizationName
-		}
-		filterRecord := &object.Record{Organization: organization}
-		count, err := object.GetRecordCount(field, value, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		records, err := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(records, paginator.Nums())
-	}
-}
-
-// GetRecordsByFilter
-// @Tag Record API
-// @Title GetRecordsByFilter
-// @Description get records by filter
-// @Param   filter  body string     true  "filter Record message"
-// @Success 200 {object} object.Record The Response object
-// @router /get-records-filter [post]
-func (c *ApiController) GetRecordsByFilter() {
-	body := string(c.Ctx.Input.RequestBody)
-
-	record := &object.Record{}
-	err := util.JsonToStruct(body, record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	records, err := object.GetRecordsByField(record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(records)
-}
-
-// AddRecord
-// @Title AddRecord
-// @Tag Record API
-// @Description add a record
-// @Param   body    body   object.Record  true        "The details of the record"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-record [post]
-func (c *ApiController) AddRecord() {
-	var record object.Record
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddRecord(&record))
-	c.ServeJSON()
-}

controllers/resource.go

@@ -361,6 +361,9 @@ func (c *ApiController) UploadResource() {
 			return
 		}
 
+		if user.Properties == nil {
+			user.Properties = map[string]string{}
+		}
 		user.Properties[tag] = fileUrl
 		user.Properties["isIdCardVerified"] = "false"
 		_, err = object.UpdateUser(user.GetId(), user, []string{"properties"}, false)

controllers/role_upload.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -32,16 +33,15 @@ func (c *ApiController) UploadRoles() {
 	}
 
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
 	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
+	defer os.Remove(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	affected, err := object.UploadRoles(owner, fileId)
+	affected, err := object.UploadRoles(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 	}

controllers/service.go

@@ -40,6 +40,10 @@ type SmsForm struct {
 	OrgId     string   `json:"organizationId"` // e.g. "admin/built-in"
 }
 
+type NotificationForm struct {
+	Content string `json:"content"`
+}
+
 // SendEmail
 // @Title SendEmail
 // @Tag Service API
@@ -140,10 +144,12 @@ func (c *ApiController) SendSms() {
 		return
 	}
 
-	invalidReceivers := getInvalidSmsReceivers(smsForm)
-	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
-		return
+	if provider.Type != "Custom HTTP SMS" {
+		invalidReceivers := getInvalidSmsReceivers(smsForm)
+		if len(invalidReceivers) != 0 {
+			c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
+			return
+		}
 	}
 
 	err = object.SendSms(provider, smsForm.Content, smsForm.Receivers...)
@@ -154,3 +160,33 @@ func (c *ApiController) SendSms() {
 
 	c.ResponseOk()
 }
+
+// SendNotification
+// @Title SendNotification
+// @Tag Service API
+// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
+// @Param   from    body   controllers.NotificationForm    true         "Details of the notification request"
+// @Success 200 {object}  Response object
+// @router /api/send-notification [post]
+func (c *ApiController) SendNotification() {
+	provider, err := c.GetProviderFromContext("Notification")
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	var notificationForm NotificationForm
+	err = json.Unmarshal(c.Ctx.Input.RequestBody, &notificationForm)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	err = object.SendNotification(provider, notificationForm.Content)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk()
+}

controllers/system_info.go

@@ -47,16 +47,16 @@ func (c *ApiController) GetSystemInfo() {
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
 	versionInfo, err := util.GetVersionInfo()
-
-	if versionInfo.Version == "" {
-		versionInfo, err = util.GetVersionInfoFromFile()
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	if versionInfo.Version != "" {
+		c.ResponseOk(versionInfo)
+		return
 	}
 
+	versionInfo, err = util.GetVersionInfoFromFile()
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
 	c.ResponseOk(versionInfo)
 }
 

controllers/user.go

@@ -90,7 +90,7 @@ func (c *ApiController) GetUsers() {
 
 	if limit == "" || page == "" {
 		if groupName != "" {
-			maskedUsers, err := object.GetMaskedUsers(object.GetGroupUsers(groupName))
+			maskedUsers, err := object.GetMaskedUsers(object.GetGroupUsers(util.GetId(owner, groupName)))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -567,6 +567,22 @@ func (c *ApiController) RemoveUserFromGroup() {
 	name := c.Ctx.Request.Form.Get("name")
 	groupName := c.Ctx.Request.Form.Get("groupName")
 
-	c.Data["json"] = wrapActionResponse(object.RemoveUserFromGroup(owner, name, util.GetId(owner, groupName)))
-	c.ServeJSON()
+	organization, err := object.GetOrganization(util.GetId("admin", owner))
+	if err != nil {
+		return
+	}
+	item := object.GetAccountItemByName("Groups", organization)
+	res, msg := object.CheckAccountItemModifyRule(item, c.IsAdmin(), c.GetAcceptLanguage())
+	if !res {
+		c.ResponseError(msg)
+		return
+	}
+
+	affected, err := object.DeleteGroupForUser(util.GetId(owner, name), groupName)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(affected)
 }

controllers/user_upload.go

@@ -48,17 +48,17 @@ func (c *ApiController) UploadUsers() {
 		c.ResponseError(err.Error())
 		return
 	}
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
 
+	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
 	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
+	defer os.Remove(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	affected, err := object.UploadUsers(owner, fileId)
+	affected, err := object.UploadUsers(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

form/auth.go

@@ -17,17 +17,18 @@ package form
 type AuthForm struct {
 	Type string `json:"type"`
 
-	Organization string `json:"organization"`
-	Username     string `json:"username"`
-	Password     string `json:"password"`
-	Name         string `json:"name"`
-	FirstName    string `json:"firstName"`
-	LastName     string `json:"lastName"`
-	Email        string `json:"email"`
-	Phone        string `json:"phone"`
-	Affiliation  string `json:"affiliation"`
-	IdCard       string `json:"idCard"`
-	Region       string `json:"region"`
+	Organization   string `json:"organization"`
+	Username       string `json:"username"`
+	Password       string `json:"password"`
+	Name           string `json:"name"`
+	FirstName      string `json:"firstName"`
+	LastName       string `json:"lastName"`
+	Email          string `json:"email"`
+	Phone          string `json:"phone"`
+	Affiliation    string `json:"affiliation"`
+	IdCard         string `json:"idCard"`
+	Region         string `json:"region"`
+	InvitationCode string `json:"invitationCode"`
 
 	Application string `json:"application"`
 	ClientId    string `json:"clientId"`

go.mod

@@ -14,8 +14,9 @@ require (
 	github.com/casbin/casbin/v2 v2.30.1
 	github.com/casdoor/go-sms-sender v0.12.0
 	github.com/casdoor/gomail/v2 v2.0.1
-	github.com/casdoor/oss v1.2.1
+	github.com/casdoor/oss v1.3.0
 	github.com/casdoor/xorm-adapter/v3 v3.0.4
+	github.com/casvisor/casvisor-go-sdk v1.0.3
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
 	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
@@ -26,34 +27,32 @@ require (
 	github.com/go-mysql-org/go-mysql v1.7.0
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
+	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
 	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.3.0
-	github.com/gorilla/mux v1.7.3 // indirect
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/lestrrat-go/jwx v1.2.21
-	github.com/lib/pq v1.10.2
+	github.com/lib/pq v1.10.9
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
 	github.com/markbates/goth v1.75.2
 	github.com/mitchellh/mapstructure v1.5.0
+	github.com/nikoksr/notify v0.41.0
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
 	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.11.1
-	github.com/prometheus/client_model v0.2.0
+	github.com/prometheus/client_model v0.3.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/russellhaering/gosaml2 v0.9.0
 	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/satori/go.uuid v1.2.0
 	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.8.4
+	github.com/stripe/stripe-go/v74 v74.29.0
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
@@ -61,12 +60,10 @@ require (
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/crypto v0.6.0
-	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/net v0.7.0
-	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
+	golang.org/x/crypto v0.11.0
+	golang.org/x/net v0.13.0
+	golang.org/x/oauth2 v0.10.0
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	modernc.org/sqlite v1.10.1-0.20210314190707-798bbeb9bb84
+	modernc.org/sqlite v1.18.2
 )

i18n/generate_test.go

@@ -36,6 +36,9 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "it", data)
 	applyToOtherLanguage("frontend", "ms", data)
 	applyToOtherLanguage("frontend", "tr", data)
+	applyToOtherLanguage("frontend", "ar", data)
+	applyToOtherLanguage("frontend", "he", data)
+	applyToOtherLanguage("frontend", "fi", data)
 }
 
 func TestGenerateI18nBackend(t *testing.T) {
@@ -55,4 +58,7 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "it", data)
 	applyToOtherLanguage("backend", "ms", data)
 	applyToOtherLanguage("backend", "tr", data)
+	applyToOtherLanguage("backend", "ar", data)
+	applyToOtherLanguage("backend", "he", data)
+	applyToOtherLanguage("backend", "fi", data)
 }

i18n/locales/ar/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

i18n/locales/fi/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

i18n/locales/he/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

idp/metamask.go

@@ -24,20 +24,10 @@ import (
 	"golang.org/x/oauth2"
 )
 
-const Web3AuthTokenKey = "web3AuthToken"
-
 type MetaMaskIdProvider struct {
 	Client *http.Client
 }
 
-type Web3AuthToken struct {
-	Address   string `json:"address"`
-	Nonce     string `json:"nonce"`
-	CreateAt  uint64 `json:"createAt"`
-	TypedData string `json:"typedData"`
-	Signature string `json:"signature"` // signature for typed data
-}
-
 func NewMetaMaskIdProvider() *MetaMaskIdProvider {
 	idp := &MetaMaskIdProvider{}
 	return idp

idp/provider.go

@@ -111,6 +111,8 @@ func GetIdProvider(idpInfo *ProviderInfo, redirectUrl string) IdProvider {
 		return NewBilibiliIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
 	case "MetaMask":
 		return NewMetaMaskIdProvider()
+	case "Web3Onboard":
+		return NewWeb3OnboardIdProvider()
 	default:
 		if isGothSupport(idpInfo.Type) {
 			return NewGothIdProvider(idpInfo.Type, idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.HostUrl)

idp/web3onboard.go

@@ -0,0 +1,103 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2"
+)
+
+const Web3AuthTokenKey = "web3AuthToken"
+
+type Web3AuthToken struct {
+	Address    string `json:"address"`
+	Nonce      string `json:"nonce"`
+	CreateAt   uint64 `json:"createAt"`
+	TypedData  string `json:"typedData"`  // typed data use for application
+	Signature  string `json:"signature"`  // signature for typed data
+	WalletType string `json:"walletType"` // e.g."MetaMask", "Coinbase"
+}
+
+type Web3OnboardIdProvider struct {
+	Client *http.Client
+}
+
+func NewWeb3OnboardIdProvider() *Web3OnboardIdProvider {
+	idp := &Web3OnboardIdProvider{}
+	return idp
+}
+
+func (idp *Web3OnboardIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *Web3OnboardIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	web3AuthToken := Web3AuthToken{}
+	if err := json.Unmarshal([]byte(code), &web3AuthToken); err != nil {
+		return nil, err
+	}
+	token := &oauth2.Token{
+		AccessToken: fmt.Sprintf("%v:%v", Web3AuthTokenKey, web3AuthToken.Address),
+		TokenType:   "Bearer",
+		Expiry:      time.Now().AddDate(0, 1, 0),
+	}
+
+	token = token.WithExtra(map[string]interface{}{
+		Web3AuthTokenKey: web3AuthToken,
+	})
+	return token, nil
+}
+
+func (idp *Web3OnboardIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	web3AuthToken, ok := token.Extra(Web3AuthTokenKey).(Web3AuthToken)
+	if !ok {
+		return nil, errors.New("invalid web3AuthToken")
+	}
+
+	fmtAddress := fmt.Sprintf("%v_%v",
+		strings.ReplaceAll(strings.TrimSpace(web3AuthToken.WalletType), " ", "_"),
+		web3AuthToken.Address,
+	)
+	userInfo := &UserInfo{
+		Id:          fmtAddress,
+		Username:    fmtAddress,
+		DisplayName: fmtAddress,
+		AvatarUrl:   fmt.Sprintf("metamask:%v", forceEthereumAddress(web3AuthToken.Address)),
+	}
+	return userInfo, nil
+}
+
+func forceEthereumAddress(address string) string {
+	// The required address to general MetaMask avatar is a string of length 42 that represents an Ethereum address.
+	// This function is used to force any address as an Ethereum address
+	address = strings.TrimSpace(address)
+	var builder strings.Builder
+	for _, ch := range address {
+		builder.WriteRune(ch)
+	}
+	for len(builder.String()) < 42 {
+		builder.WriteString("0")
+	}
+	if len(builder.String()) > 42 {
+		return builder.String()[:42]
+	}
+	return builder.String()
+}

init_data.json.template

@@ -9,11 +9,11 @@
       "passwordType": "plain",
       "passwordSalt": "",
       "passwordOptions": ["AtLeast6"],
-      "countryCodes": ["US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN", "IT", "MY", "TR"],
+      "countryCodes": ["US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN", "IT", "MY", "TR", "DZ", "IL", "PH"],
       "defaultAvatar": "",
       "defaultApplication": "",
       "tags": [],
-      "languages": ["en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "it", "ms", "tr"],
+      "languages": ["en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "it", "ms", "tr","ar", "he", "fi"],
       "masterPassword": "",
       "initScore": 2000,
       "enableSoftDeletion": false,
@@ -123,7 +123,6 @@
       "score": 2000,
       "ranking": 1,
       "isAdmin": true,
-      "isGlobalAdmin": true,
       "isForbidden": false,
       "isDeleted": false,
       "signupApplication": "",

ldap/server.go

@@ -62,7 +62,7 @@ func handleBind(w ldap.ResponseWriter, m *ldap.Message) {
 			return
 		}
 
-		if bindOrg == "built-in" || bindUser.IsGlobalAdmin {
+		if bindOrg == "built-in" || bindUser.IsGlobalAdmin() {
 			m.Client.IsGlobalAdmin, m.Client.IsOrgAdmin = true, true
 		} else if bindUser.IsAdmin {
 			m.Client.IsOrgAdmin = true

main.go

@@ -15,7 +15,6 @@
 package main
 
 import (
-	"flag"
 	"fmt"
 
 	"github.com/beego/beego"
@@ -30,17 +29,10 @@ import (
 	"github.com/casdoor/casdoor/util"
 )
 
-func getCreateDatabaseFlag() bool {
-	res := flag.Bool("createDatabase", false, "true if you need Casdoor to create database")
-	flag.Parse()
-	return *res
-}
-
 func main() {
-	createDatabase := getCreateDatabaseFlag()
-
-	object.InitAdapter(createDatabase)
-	object.CreateTables(createDatabase)
+	object.InitFlag()
+	object.InitAdapter()
+	object.CreateTables()
 	object.DoMigration()
 
 	object.InitDb()
@@ -49,6 +41,8 @@ func main() {
 	object.InitLdapAutoSynchronizer()
 	proxy.InitHttpClient()
 	authz.InitApi()
+	object.InitUserManager()
+	object.InitCasvisorConfig()
 
 	util.SafeGoroutine(func() { object.RunSyncUsersJob() })
 

notification/custom_http.go

@@ -0,0 +1,73 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/casdoor/casdoor/proxy"
+)
+
+type HttpNotificationClient struct {
+	endpoint  string
+	method    string
+	paramName string
+}
+
+func NewCustomHttpProvider(endpoint string, method string, paramName string) (*HttpNotificationClient, error) {
+	client := &HttpNotificationClient{
+		endpoint:  endpoint,
+		method:    method,
+		paramName: paramName,
+	}
+	return client, nil
+}
+
+func (c *HttpNotificationClient) Send(ctx context.Context, subject string, content string) error {
+	var err error
+
+	httpClient := proxy.DefaultHttpClient
+
+	req, err := http.NewRequest(c.method, c.endpoint, bytes.NewBufferString(content))
+	if err != nil {
+		return err
+	}
+
+	if c.method == "POST" {
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.PostForm = map[string][]string{
+			c.paramName: {content},
+		}
+	} else if c.method == "GET" {
+		q := req.URL.Query()
+		q.Add(c.paramName, content)
+		req.URL.RawQuery = q.Encode()
+	}
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("SendMessage() error, custom HTTP Notification request failed with status: %s", resp.Status)
+	}
+
+	return err
+}

notification/provider.go

@@ -1,4 +1,4 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,18 +12,16 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package util
+package notification
 
-import xormadapter "github.com/casdoor/xorm-adapter/v3"
+import "github.com/nikoksr/notify"
 
-func CasbinToSlice(casbinRule xormadapter.CasbinRule) []string {
-	s := []string{
-		casbinRule.V0,
-		casbinRule.V1,
-		casbinRule.V2,
-		casbinRule.V3,
-		casbinRule.V4,
-		casbinRule.V5,
+func GetNotificationProvider(typ string, appId string, receiver string, method string, title string) (notify.Notifier, error) {
+	if typ == "Telegram" {
+		return NewTelegramProvider(appId, receiver)
+	} else if typ == "Custom HTTP" {
+		return NewCustomHttpProvider(receiver, method, title)
 	}
-	return s
+
+	return nil, nil
 }

notification/telegram.go

@@ -0,0 +1,42 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"strconv"
+
+	"github.com/casdoor/casdoor/proxy"
+	api "github.com/go-telegram-bot-api/telegram-bot-api"
+	"github.com/nikoksr/notify"
+	"github.com/nikoksr/notify/service/telegram"
+)
+
+func NewTelegramProvider(apiToken string, chatIdStr string) (notify.Notifier, error) {
+	client, err := api.NewBotAPIWithClient(apiToken, proxy.ProxyHttpClient)
+	if err != nil {
+		return nil, err
+	}
+	t := &telegram.Telegram{}
+	t.SetClient(client)
+
+	chatId, err := strconv.ParseInt(chatIdStr, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+
+	t.AddReceivers(chatId)
+
+	return t, nil
+}

object/adapter.go

@@ -18,11 +18,11 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	"github.com/xorm-io/core"
+	"github.com/xorm-io/xorm"
 )
 
 type Adapter struct {
@@ -40,8 +40,6 @@ type Adapter struct {
 	Table           string `xorm:"varchar(100)" json:"table"`
 	TableNamePrefix string `xorm:"varchar(100)" json:"tableNamePrefix"`
 
-	IsEnabled bool `json:"isEnabled"`
-
 	*xormadapter.Adapter `xorm:"-" json:"-"`
 }
 
@@ -149,20 +147,23 @@ func (adapter *Adapter) getTable() string {
 	}
 }
 
-func (adapter *Adapter) initAdapter() error {
+func (adapter *Adapter) InitAdapter() error {
 	if adapter.Adapter == nil {
 		var dataSourceName string
 
 		if adapter.builtInAdapter() {
 			dataSourceName = conf.GetConfigString("dataSourceName")
+			if adapter.DatabaseType == "mysql" {
+				dataSourceName = dataSourceName + adapter.Database
+			}
 		} else {
 			switch adapter.DatabaseType {
 			case "mssql":
 				dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%d?database=%s", adapter.User,
 					adapter.Password, adapter.Host, adapter.Port, adapter.Database)
 			case "mysql":
-				dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%d)/", adapter.User,
-					adapter.Password, adapter.Host, adapter.Port)
+				dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%d)/%s", adapter.User,
+					adapter.Password, adapter.Host, adapter.Port, adapter.Database)
 			case "postgres":
 				dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%d sslmode=disable dbname=%s", adapter.User,
 					adapter.Password, adapter.Host, adapter.Port, adapter.Database)
@@ -181,7 +182,8 @@ func (adapter *Adapter) initAdapter() error {
 		}
 
 		var err error
-		adapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(adapter.DatabaseType, dataSourceName, adapter.Database).Engine, adapter.getTable(), adapter.TableNamePrefix)
+		engine, err := xorm.NewEngine(adapter.DatabaseType, dataSourceName)
+		adapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(engine, adapter.getTable(), adapter.TableNamePrefix)
 		if err != nil {
 			return err
 		}
@@ -209,116 +211,10 @@ func adapterChangeTrigger(oldName string, newName string) error {
 	return session.Commit()
 }
 
-func safeReturn(policy []string, i int) string {
-	if len(policy) > i {
-		return policy[i]
-	} else {
-		return ""
-	}
-}
-
-func matrixToCasbinRules(Ptype string, policies [][]string) []*xormadapter.CasbinRule {
-	res := []*xormadapter.CasbinRule{}
-
-	for _, policy := range policies {
-		line := xormadapter.CasbinRule{
-			Ptype: Ptype,
-			V0:    safeReturn(policy, 0),
-			V1:    safeReturn(policy, 1),
-			V2:    safeReturn(policy, 2),
-			V3:    safeReturn(policy, 3),
-			V4:    safeReturn(policy, 4),
-			V5:    safeReturn(policy, 5),
-		}
-		res = append(res, &line)
-	}
-
-	return res
-}
-
-func GetPolicies(adapter *Adapter) ([]*xormadapter.CasbinRule, error) {
-	err := adapter.initAdapter()
-	if err != nil {
-		return nil, err
-	}
-
-	casbinModel := getModelDef()
-	err = adapter.LoadPolicy(casbinModel)
-	if err != nil {
-		return nil, err
-	}
-
-	policies := matrixToCasbinRules("p", casbinModel.GetPolicy("p", "p"))
-	policies = append(policies, matrixToCasbinRules("g", casbinModel.GetPolicy("g", "g"))...)
-	return policies, nil
-}
-
-func UpdatePolicy(oldPolicy, newPolicy []string, adapter *Adapter) (bool, error) {
-	err := adapter.initAdapter()
-	if err != nil {
-		return false, err
-	}
-
-	casbinModel := getModelDef()
-	err = adapter.LoadPolicy(casbinModel)
-	if err != nil {
-		return false, err
-	}
-
-	affected := casbinModel.UpdatePolicy("p", "p", oldPolicy, newPolicy)
-	if err != nil {
-		return affected, err
-	}
-	return affected, nil
-}
-
-func AddPolicy(policy []string, adapter *Adapter) (bool, error) {
-	err := adapter.initAdapter()
-	if err != nil {
-		return false, err
-	}
-
-	casbinModel := getModelDef()
-	err = adapter.LoadPolicy(casbinModel)
-	if err != nil {
-		return false, err
-	}
-
-	casbinModel.AddPolicy("p", "p", policy)
-
-	return true, nil
-}
-
-func RemovePolicy(policy []string, adapter *Adapter) (bool, error) {
-	err := adapter.initAdapter()
-	if err != nil {
-		return false, err
-	}
-
-	casbinModel := getModelDef()
-	err = adapter.LoadPolicy(casbinModel)
-	if err != nil {
-		return false, err
-	}
-
-	affected := casbinModel.RemovePolicy("p", "p", policy)
-	if err != nil {
-		return affected, err
-	}
-	return affected, nil
-}
-
 func (adapter *Adapter) builtInAdapter() bool {
 	if adapter.Owner != "built-in" {
 		return false
 	}
 
-	return adapter.Name == "permission-adapter-built-in" || adapter.Name == "api-adapter-built-in"
-}
-
-func getModelDef() model.Model {
-	casbinModel := model.NewModel()
-	casbinModel.AddDef("p", "p", "_, _, _, _, _, _")
-	casbinModel.AddDef("g", "g", "_, _, _, _, _, _")
-	return casbinModel
+	return adapter.Name == "user-adapter-built-in" || adapter.Name == "api-adapter-built-in"
 }

object/application.go

@@ -58,6 +58,7 @@ type Application struct {
 	GrantTypes          []string        `xorm:"varchar(1000)" json:"grantTypes"`
 	OrganizationObj     *Organization   `xorm:"-" json:"organizationObj"`
 	Tags                []string        `xorm:"mediumtext" json:"tags"`
+	InvitationCodes     []string        `xorm:"varchar(200)" json:"invitationCodes"`
 
 	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`
@@ -311,6 +312,11 @@ func GetMaskedApplication(application *Application, userId string) *Application
 			application.OrganizationObj.PasswordSalt = "***"
 		}
 	}
+
+	if application.InvitationCodes != nil {
+		application.InvitationCodes = []string{"***"}
+	}
+
 	return application
 }
 

object/check.go

@@ -124,6 +124,16 @@ func CheckUserSignup(application *Application, organization *Organization, form
 		}
 	}
 
+	if len(application.InvitationCodes) > 0 {
+		if form.InvitationCode == "" {
+			return i18n.Translate(lang, "check:Invitation code cannot be blank")
+		} else {
+			if !util.InSlice(application.InvitationCodes, form.InvitationCode) {
+				return i18n.Translate(lang, "check:Invitation code is invalid")
+			}
+		}
+	}
+
 	return ""
 }
 
@@ -141,7 +151,7 @@ func checkSigninErrorTimes(user *User, lang string) string {
 		// reset the error times
 		user.SigninWrongTimes = 0
 
-		UpdateUser(user.GetId(), user, []string{"signin_wrong_times"}, user.IsGlobalAdmin)
+		UpdateUser(user.GetId(), user, []string{"signin_wrong_times"}, false)
 	}
 
 	return ""
@@ -319,7 +329,7 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 		if requestUser == nil {
 			return false, fmt.Errorf(i18n.Translate(lang, "check:Session outdated, please login again"))
 		}
-		if requestUser.IsGlobalAdmin {
+		if requestUser.IsGlobalAdmin() {
 			hasPermission = true
 		} else if requestUserId == userId {
 			hasPermission = true

object/check_util.go

@@ -42,7 +42,7 @@ func resetUserSigninErrorTimes(user *User) {
 		return
 	}
 	user.SigninWrongTimes = 0
-	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
+	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)
 }
 
 func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
@@ -61,7 +61,7 @@ func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
 	}
 
 	// update user
-	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
+	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)
 	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
 	if leftChances == 0 && enableCaptcha {
 		return fmt.Sprint(i18n.Translate(lang, "check:password or code is incorrect"))

object/enforcer.go

@@ -15,10 +15,12 @@
 package object
 
 import (
-	"errors"
+	"fmt"
 
 	"github.com/casbin/casbin/v2"
+	"github.com/casbin/casbin/v2/config"
 	"github.com/casdoor/casdoor/util"
+	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	"github.com/xorm-io/core"
 )
 
@@ -30,10 +32,10 @@ type Enforcer struct {
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
 	Description string `xorm:"varchar(100)" json:"description"`
 
-	Model     string `xorm:"varchar(100)" json:"model"`
-	Adapter   string `xorm:"varchar(100)" json:"adapter"`
-	IsEnabled bool   `json:"isEnabled"`
+	Model   string `xorm:"varchar(100)" json:"model"`
+	Adapter string `xorm:"varchar(100)" json:"adapter"`
 
+	ModelCfg map[string]string `xorm:"-" json:"modelCfg"`
 	*casbin.Enforcer
 }
 
@@ -120,44 +122,131 @@ func DeleteEnforcer(enforcer *Enforcer) (bool, error) {
 	return affected != 0, nil
 }
 
+func (enforcer *Enforcer) GetId() string {
+	return fmt.Sprintf("%s/%s", enforcer.Owner, enforcer.Name)
+}
+
 func (enforcer *Enforcer) InitEnforcer() error {
-	if enforcer.Enforcer == nil {
-		if enforcer == nil {
-			return errors.New("enforcer is nil")
-		}
-		if enforcer.Model == "" || enforcer.Adapter == "" {
-			return errors.New("missing model or adapter")
-		}
+	if enforcer.Enforcer != nil {
+		return nil
+	}
 
-		var err error
-		var m *Model
-		var a *Adapter
+	if enforcer.Model == "" {
+		return fmt.Errorf("the model for enforcer: %s should not be empty", enforcer.GetId())
+	}
+	if enforcer.Adapter == "" {
+		return fmt.Errorf("the adapter for enforcer: %s should not be empty", enforcer.GetId())
+	}
 
-		if m, err = GetModel(enforcer.Model); err != nil {
-			return err
-		} else if m == nil {
-			return errors.New("model not found")
-		}
-		if a, err = GetAdapter(enforcer.Adapter); err != nil {
-			return err
-		} else if a == nil {
-			return errors.New("adapter not found")
-		}
+	m, err := GetModel(enforcer.Model)
+	if err != nil {
+		return err
+	} else if m == nil {
+		return fmt.Errorf("the model: %s for enforcer: %s is not found", enforcer.Model, enforcer.GetId())
+	}
 
-		err = m.initModel()
-		if err != nil {
-			return err
-		}
-		err = a.initAdapter()
-		if err != nil {
-			return err
-		}
+	a, err := GetAdapter(enforcer.Adapter)
+	if err != nil {
+		return err
+	} else if a == nil {
+		return fmt.Errorf("the adapter: %s for enforcer: %s is not found", enforcer.Adapter, enforcer.GetId())
+	}
 
-		casbinEnforcer, err := casbin.NewEnforcer(m.Model, a.Adapter)
-		if err != nil {
-			return err
-		}
-		enforcer.Enforcer = casbinEnforcer
+	err = m.initModel()
+	if err != nil {
+		return err
+	}
+	err = a.InitAdapter()
+	if err != nil {
+		return err
+	}
+
+	casbinEnforcer, err := casbin.NewEnforcer(m.Model, a.Adapter)
+	if err != nil {
+		return err
+	}
+
+	enforcer.Enforcer = casbinEnforcer
+	return nil
+}
+
+func GetInitializedEnforcer(enforcerId string) (*Enforcer, error) {
+	enforcer, err := GetEnforcer(enforcerId)
+	if err != nil {
+		return nil, err
+	} else if enforcer == nil {
+		return nil, fmt.Errorf("the enforcer: %s is not found", enforcerId)
+	}
+
+	err = enforcer.InitEnforcer()
+	if err != nil {
+		return nil, err
+	}
+	return enforcer, nil
+}
+
+func GetPolicies(id string) ([]*xormadapter.CasbinRule, error) {
+	enforcer, err := GetInitializedEnforcer(id)
+	if err != nil {
+		return nil, err
+	}
+
+	policies := util.MatrixToCasbinRules("p", enforcer.GetPolicy())
+	if enforcer.GetModel()["g"] != nil {
+		policies = append(policies, util.MatrixToCasbinRules("g", enforcer.GetGroupingPolicy())...)
+	}
+
+	return policies, nil
+}
+
+func UpdatePolicy(id string, oldPolicy, newPolicy []string) (bool, error) {
+	enforcer, err := GetInitializedEnforcer(id)
+	if err != nil {
+		return false, err
+	}
+
+	return enforcer.UpdatePolicy(oldPolicy, newPolicy)
+}
+
+func AddPolicy(id string, policy []string) (bool, error) {
+	enforcer, err := GetInitializedEnforcer(id)
+	if err != nil {
+		return false, err
+	}
+
+	return enforcer.AddPolicy(policy)
+}
+
+func RemovePolicy(id string, policy []string) (bool, error) {
+	enforcer, err := GetInitializedEnforcer(id)
+	if err != nil {
+		return false, err
+	}
+
+	return enforcer.RemovePolicy(policy)
+}
+
+func (enforcer *Enforcer) LoadModelCfg() error {
+	if enforcer.ModelCfg != nil {
+		return nil
+	}
+
+	model, err := GetModel(enforcer.Model)
+	if err != nil {
+		return err
+	} else if model == nil {
+		return fmt.Errorf("the model: %s for enforcer: %s is not found", enforcer.Model, enforcer.GetId())
+	}
+
+	cfg, err := config.NewConfigFromText(model.ModelText)
+	if err != nil {
+		return err
+	}
+
+	enforcer.ModelCfg = make(map[string]string)
+	enforcer.ModelCfg["p"] = cfg.String("policy_definition::p")
+	if cfg.String("role_definition::g") != "" {
+		enforcer.ModelCfg["g"] = cfg.String("role_definition::g")
 	}
 
 	return nil

object/get-dashboard.go

@@ -0,0 +1,140 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"sync"
+	"time"
+)
+
+type Dashboard struct {
+	OrganizationCounts []int `json:"organizationCounts"`
+	UserCounts         []int `json:"userCounts"`
+	ProviderCounts     []int `json:"providerCounts"`
+	ApplicationCounts  []int `json:"applicationCounts"`
+	SubscriptionCounts []int `json:"subscriptionCounts"`
+}
+
+func GetDashboard(owner string) (*Dashboard, error) {
+	dashboard := &Dashboard{
+		OrganizationCounts: make([]int, 31),
+		UserCounts:         make([]int, 31),
+		ProviderCounts:     make([]int, 31),
+		ApplicationCounts:  make([]int, 31),
+		SubscriptionCounts: make([]int, 31),
+	}
+
+	var wg sync.WaitGroup
+
+	organizations := []Organization{}
+	users := []User{}
+	providers := []Provider{}
+	applications := []Application{}
+	subscriptions := []Subscription{}
+
+	wg.Add(5)
+	go func() {
+		defer wg.Done()
+		if err := ormer.Engine.Find(&organizations, &Organization{Owner: owner}); err != nil {
+			panic(err)
+		}
+	}()
+
+	go func() {
+		defer wg.Done()
+
+		if err := ormer.Engine.Find(&users, &User{Owner: owner}); err != nil {
+			panic(err)
+		}
+	}()
+
+	go func() {
+		defer wg.Done()
+
+		if err := ormer.Engine.Find(&providers, &Provider{Owner: owner}); err != nil {
+			panic(err)
+		}
+	}()
+
+	go func() {
+		defer wg.Done()
+
+		if err := ormer.Engine.Find(&applications, &Application{Owner: owner}); err != nil {
+			panic(err)
+		}
+	}()
+
+	go func() {
+		defer wg.Done()
+
+		if err := ormer.Engine.Find(&subscriptions, &Subscription{Owner: owner}); err != nil {
+			panic(err)
+		}
+	}()
+	wg.Wait()
+
+	nowTime := time.Now()
+	for i := 30; i >= 0; i-- {
+		cutTime := nowTime.AddDate(0, 0, -i)
+		dashboard.OrganizationCounts[30-i] = countCreatedBefore(organizations, cutTime)
+		dashboard.UserCounts[30-i] = countCreatedBefore(users, cutTime)
+		dashboard.ProviderCounts[30-i] = countCreatedBefore(providers, cutTime)
+		dashboard.ApplicationCounts[30-i] = countCreatedBefore(applications, cutTime)
+		dashboard.SubscriptionCounts[30-i] = countCreatedBefore(subscriptions, cutTime)
+	}
+	return dashboard, nil
+}
+
+func countCreatedBefore(objects interface{}, before time.Time) int {
+	count := 0
+	switch obj := objects.(type) {
+	case []Organization:
+		for _, o := range obj {
+			createdTime, _ := time.Parse("2006-01-02T15:04:05-07:00", o.CreatedTime)
+			if createdTime.Before(before) {
+				count++
+			}
+		}
+	case []User:
+		for _, u := range obj {
+			createdTime, _ := time.Parse("2006-01-02T15:04:05-07:00", u.CreatedTime)
+			if createdTime.Before(before) {
+				count++
+			}
+		}
+	case []Provider:
+		for _, p := range obj {
+			createdTime, _ := time.Parse("2006-01-02T15:04:05-07:00", p.CreatedTime)
+			if createdTime.Before(before) {
+				count++
+			}
+		}
+	case []Application:
+		for _, a := range obj {
+			createdTime, _ := time.Parse("2006-01-02T15:04:05-07:00", a.CreatedTime)
+			if createdTime.Before(before) {
+				count++
+			}
+		}
+	case []Subscription:
+		for _, s := range obj {
+			createdTime, _ := time.Parse("2006-01-02T15:04:05-07:00", s.CreatedTime)
+			if createdTime.Before(before) {
+				count++
+			}
+		}
+	}
+	return count
+}

object/group.go

@@ -214,30 +214,18 @@ func ConvertToTreeData(groups []*Group, parentId string) []*Group {
 	return treeData
 }
 
-func RemoveUserFromGroup(owner, name, groupId string) (bool, error) {
-	user, err := getUser(owner, name)
-	if err != nil {
-		return false, err
-	}
-	if user == nil {
-		return false, errors.New("user not exist")
-	}
-
-	user.Groups = util.DeleteVal(user.Groups, groupId)
-	affected, err := updateUser(user.GetId(), user, []string{"groups"})
-	if err != nil {
-		return false, err
-	}
-	return affected != 0, err
-}
-
 func GetGroupUserCount(groupId string, field, value string) (int64, error) {
+	owner, _ := util.GetOwnerAndNameFromId(groupId)
+	names, err := userEnforcer.GetUserNamesByGroupName(groupId)
+	if err != nil {
+		return 0, err
+	}
+
 	if field == "" && value == "" {
-		return ormer.Engine.Where(builder.Like{"`groups`", groupId}).
-			Count(&User{})
+		return int64(len(names)), nil
 	} else {
 		return ormer.Engine.Table("user").
-			Where(builder.Like{"`groups`", groupId}).
+			Where("owner = ?", owner).In("name", names).
 			And(fmt.Sprintf("user.%s LIKE ?", util.CamelToSnakeCase(field)), "%"+value+"%").
 			Count()
 	}
@@ -245,8 +233,14 @@ func GetGroupUserCount(groupId string, field, value string) (int64, error) {
 
 func GetPaginationGroupUsers(groupId string, offset, limit int, field, value, sortField, sortOrder string) ([]*User, error) {
 	users := []*User{}
+	owner, _ := util.GetOwnerAndNameFromId(groupId)
+	names, err := userEnforcer.GetUserNamesByGroupName(groupId)
+	if err != nil {
+		return nil, err
+	}
+
 	session := ormer.Engine.Table("user").
-		Where(builder.Like{"`groups`", groupId + "\""})
+		Where("owner = ?", owner).In("name", names)
 
 	if offset != -1 && limit != -1 {
 		session.Limit(limit, offset)
@@ -265,7 +259,7 @@ func GetPaginationGroupUsers(groupId string, offset, limit int, field, value, so
 		session = session.Desc(fmt.Sprintf("user.%s", util.SnakeString(sortField)))
 	}
 
-	err := session.Find(&users)
+	err = session.Find(&users)
 	if err != nil {
 		return nil, err
 	}
@@ -275,13 +269,13 @@ func GetPaginationGroupUsers(groupId string, offset, limit int, field, value, so
 
 func GetGroupUsers(groupId string) ([]*User, error) {
 	users := []*User{}
-	err := ormer.Engine.Table("user").
-		Where(builder.Like{"`groups`", groupId + "\""}).
-		Find(&users)
+	owner, _ := util.GetOwnerAndNameFromId(groupId)
+	names, err := userEnforcer.GetUserNamesByGroupName(groupId)
+
+	err = ormer.Engine.Where("owner = ?", owner).In("name", names).Find(&users)
 	if err != nil {
 		return nil, err
 	}
-
 	return users, nil
 }
 

object/init.go

@@ -73,7 +73,6 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
-		{Name: "Is global admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is forbidden", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is deleted", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
@@ -145,7 +144,6 @@ func initBuiltInUser() {
 		Score:             2000,
 		Ranking:           1,
 		IsAdmin:           true,
-		IsGlobalAdmin:     true,
 		IsForbidden:       false,
 		IsDeleted:         false,
 		SignupApplication: "app-built-in",
@@ -318,7 +316,6 @@ func initBuiltInUserModel() {
 		Name:        "user-model-built-in",
 		CreatedTime: util.GetCurrentTime(),
 		DisplayName: "Built-in Model",
-		IsEnabled:   true,
 		ModelText: `[request_definition]
 r = sub, obj, act
 
@@ -376,7 +373,6 @@ m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
 		Name:        "api-model-built-in",
 		CreatedTime: util.GetCurrentTime(),
 		DisplayName: "API Model",
-		IsEnabled:   true,
 		ModelText:   modelText,
 	}
 	_, err = AddModel(model)
@@ -435,7 +431,6 @@ func initBuiltInUserAdapter() {
 		TableNamePrefix: conf.GetConfigString("tableNamePrefix"),
 		Database:        conf.GetConfigString("dbName"),
 		Table:           "casbin_user_rule",
-		IsEnabled:       true,
 	}
 	_, err = AddAdapter(adapter)
 	if err != nil {
@@ -462,7 +457,6 @@ func initBuiltInApiAdapter() {
 		TableNamePrefix: conf.GetConfigString("tableNamePrefix"),
 		Database:        conf.GetConfigString("dbName"),
 		Table:           "casbin_api_rule",
-		IsEnabled:       true,
 	}
 	_, err = AddAdapter(adapter)
 	if err != nil {
@@ -484,10 +478,9 @@ func initBuiltInUserEnforcer() {
 		Owner:       "built-in",
 		Name:        "user-enforcer-built-in",
 		CreatedTime: util.GetCurrentTime(),
-		DisplayName: "Permission Enforcer",
+		DisplayName: "User Enforcer",
 		Model:       "built-in/user-model-built-in",
 		Adapter:     "built-in/user-adapter-built-in",
-		IsEnabled:   true,
 	}
 
 	_, err = AddEnforcer(enforcer)
@@ -513,7 +506,6 @@ func initBuiltInApiEnforcer() {
 		DisplayName: "API Enforcer",
 		Model:       "built-in/api-model-built-in",
 		Adapter:     "built-in/api-adapter-built-in",
-		IsEnabled:   true,
 	}
 
 	_, err = AddEnforcer(enforcer)

object/ldap_conn.go

@@ -41,19 +41,20 @@ type LdapUser struct {
 	GidNumber string `json:"gidNumber"`
 	// Gcn                   string
 	Uuid                  string `json:"uuid"`
+	UserPrincipalName     string `json:"userPrincipalName"`
 	DisplayName           string `json:"displayName"`
 	Mail                  string
 	Email                 string `json:"email"`
 	EmailAddress          string
 	TelephoneNumber       string
-	Mobile                string
+	Mobile                string `json:"mobile"`
 	MobileTelephoneNumber string
 	RegisteredAddress     string
 	PostalAddress         string
 
-	GroupId string `json:"groupId"`
-	Phone   string `json:"phone"`
-	Address string `json:"address"`
+	GroupId  string `json:"groupId"`
+	Address  string `json:"address"`
+	MemberOf string `json:"memberOf"`
 }
 
 func (ldap *Ldap) GetLdapConn() (c *LdapConn, err error) {
@@ -168,6 +169,8 @@ func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]LdapUser, error) {
 				user.Uuid = attribute.Values[0]
 			case "objectGUID":
 				user.Uuid = attribute.Values[0]
+			case "userPrincipalName":
+				user.UserPrincipalName = attribute.Values[0]
 			case "displayName":
 				user.DisplayName = attribute.Values[0]
 			case "mail":
@@ -186,6 +189,8 @@ func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]LdapUser, error) {
 				user.RegisteredAddress = attribute.Values[0]
 			case "postalAddress":
 				user.PostalAddress = attribute.Values[0]
+			case "memberOf":
+				user.MemberOf = attribute.Values[0]
 			}
 		}
 		ldapUsers = append(ldapUsers, user)
@@ -306,18 +311,20 @@ func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUser
 			}
 
 			newUser := &User{
-				Owner:       owner,
-				Name:        name,
-				CreatedTime: util.GetCurrentTime(),
-				DisplayName: syncUser.buildLdapDisplayName(),
-				Avatar:      organization.DefaultAvatar,
-				Email:       syncUser.Email,
-				Phone:       syncUser.Phone,
-				Address:     []string{syncUser.Address},
-				Affiliation: affiliation,
-				Tag:         tag,
-				Score:       score,
-				Ldap:        syncUser.Uuid,
+				Owner:             owner,
+				Name:              name,
+				CreatedTime:       util.GetCurrentTime(),
+				DisplayName:       syncUser.buildLdapDisplayName(),
+				SignupApplication: organization.DefaultApplication,
+				Type:              "normal-user",
+				Avatar:            organization.DefaultAvatar,
+				Email:             syncUser.Email,
+				Phone:             syncUser.Mobile,
+				Address:           []string{syncUser.Address},
+				Affiliation:       affiliation,
+				Tag:               tag,
+				Score:             score,
+				Ldap:              syncUser.Uuid,
 			}
 
 			affected, err := AddUser(newUser)

object/mfa.go

@@ -84,7 +84,7 @@ func MfaRecover(user *User, recoveryCode string) error {
 		return fmt.Errorf("recovery code not found")
 	}
 
-	_, err := UpdateUser(user.GetId(), user, []string{"recovery_codes"}, user.IsAdminUser())
+	_, err := UpdateUser(user.GetId(), user, []string{"recovery_codes"}, false)
 	if err != nil {
 		return err
 	}
@@ -181,7 +181,7 @@ func DisabledMultiFactorAuth(user *User) error {
 func SetPreferredMultiFactorAuth(user *User, mfaType string) error {
 	user.PreferredMfaType = mfaType
 
-	_, err := UpdateUser(user.GetId(), user, []string{"preferred_mfa_type"}, user.IsAdminUser())
+	_, err := UpdateUser(user.GetId(), user, []string{"preferred_mfa_type"}, false)
 	if err != nil {
 		return err
 	}

object/mfa_totp.go

@@ -17,6 +17,7 @@ package object
 import (
 	"errors"
 	"fmt"
+	"time"
 
 	"github.com/beego/beego"
 	"github.com/beego/beego/context"
@@ -25,7 +26,10 @@ import (
 	"github.com/pquerna/otp/totp"
 )
 
-const MfaTotpSecretSession = "mfa_totp_secret"
+const (
+	MfaTotpSecretSession   = "mfa_totp_secret"
+	MfaTotpPeriodInSeconds = 30
+)
 
 type TotpMfa struct {
 	Config     *MfaProps
@@ -76,7 +80,13 @@ func (mfa *TotpMfa) SetupVerify(ctx *context.Context, passcode string) error {
 	if secret == nil {
 		return errors.New("totp secret is missing")
 	}
-	result := totp.Validate(passcode, secret.(string))
+
+	result, _ := totp.ValidateCustom(passcode, secret.(string), time.Now().UTC(), totp.ValidateOpts{
+		Period:    MfaTotpPeriodInSeconds,
+		Skew:      1,
+		Digits:    otp.DigitsSix,
+		Algorithm: otp.AlgorithmSHA1,
+	})
 
 	if result {
 		return nil
@@ -133,7 +143,7 @@ func NewTotpMfaUtil(config *MfaProps) *TotpMfa {
 
 	return &TotpMfa{
 		Config:     config,
-		period:     30,
+		period:     MfaTotpPeriodInSeconds,
 		secretSize: 20,
 		digits:     otp.DigitsSix,
 	}

object/model.go

@@ -30,7 +30,6 @@ type Model struct {
 	Description string `xorm:"varchar(100)" json:"description"`
 
 	ModelText string `xorm:"mediumtext" json:"modelText"`
-	IsEnabled bool   `json:"isEnabled"`
 
 	model.Model `xorm:"-" json:"-"`
 }

object/notification.go

@@ -0,0 +1,42 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"context"
+
+	"github.com/casdoor/casdoor/notification"
+	"github.com/nikoksr/notify"
+)
+
+func getNotificationClient(provider *Provider) (notify.Notifier, error) {
+	var client notify.Notifier
+	client, err := notification.GetNotificationProvider(provider.Type, provider.AppId, provider.Receiver, provider.Method, provider.Title)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func SendNotification(provider *Provider, content string) error {
+	client, err := getNotificationClient(provider)
+	if err != nil {
+		return err
+	}
+
+	err = client.Send(context.Background(), "", content)
+	return err
+}

object/oidc_discovery.go

@@ -103,7 +103,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		SubjectTypesSupported:                  []string{"public"},
 		IdTokenSigningAlgValuesSupported:       []string{"RS256"},
 		ScopesSupported:                        []string{"openid", "email", "profile", "address", "phone", "offline_access"},
-		ClaimsSupported:                        []string{"iss", "ver", "sub", "aud", "iat", "exp", "id", "type", "displayName", "avatar", "permanentAvatar", "email", "phone", "location", "affiliation", "title", "homepage", "bio", "tag", "region", "language", "score", "ranking", "isOnline", "isAdmin", "isGlobalAdmin", "isForbidden", "signupApplication", "ldap"},
+		ClaimsSupported:                        []string{"iss", "ver", "sub", "aud", "iat", "exp", "id", "type", "displayName", "avatar", "permanentAvatar", "email", "phone", "location", "affiliation", "title", "homepage", "bio", "tag", "region", "language", "score", "ranking", "isOnline", "isAdmin", "isForbidden", "signupApplication", "ldap"},
 		RequestParameterSupported:              true,
 		RequestObjectSigningAlgValuesSupported: []string{"HS256", "HS384", "HS512"},
 		EndSessionEndpoint:                     fmt.Sprintf("%s/api/logout", originBackend),

object/organization.go

@@ -437,14 +437,6 @@ func organizationChangeTrigger(oldName string, newName string) error {
 		return err
 	}
 
-	record := new(Record)
-	record.Owner = newName
-	record.Organization = newName
-	_, err = session.Where("organization=?", oldName).Update(record)
-	if err != nil {
-		return err
-	}
-
 	resource := new(Resource)
 	resource.Owner = newName
 	_, err = session.Where("owner=?", oldName).Update(resource)

object/ormer.go

@@ -16,13 +16,13 @@ package object
 
 import (
 	"database/sql"
+	"flag"
 	"fmt"
 	"runtime"
 	"strings"
 
 	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	_ "github.com/denisenkom/go-mssqldb" // db = mssql
 	_ "github.com/go-sql-driver/mysql"   // db = mysql
@@ -32,7 +32,24 @@ import (
 	_ "modernc.org/sqlite" // db = sqlite
 )
 
-var ormer *Ormer
+var (
+	ormer                   *Ormer = nil
+	isCreateDatabaseDefined        = false
+	createDatabase                 = true
+)
+
+func InitFlag() {
+	if !isCreateDatabaseDefined {
+		isCreateDatabaseDefined = true
+		createDatabase = getCreateDatabaseFlag()
+	}
+}
+
+func getCreateDatabaseFlag() bool {
+	res := flag.Bool("createDatabase", false, "true if you need to create database")
+	flag.Parse()
+	return *res
+}
 
 func InitConfig() {
 	err := beego.LoadAppConfig("ini", "../conf/app.conf")
@@ -42,12 +59,12 @@ func InitConfig() {
 
 	beego.BConfig.WebConfig.Session.SessionOn = true
 
-	InitAdapter(true)
-	CreateTables(true)
+	InitAdapter()
+	CreateTables()
 	DoMigration()
 }
 
-func InitAdapter(createDatabase bool) {
+func InitAdapter() {
 	if createDatabase {
 		err := createDatabaseForPostgres(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
 		if err != nil {
@@ -62,7 +79,7 @@ func InitAdapter(createDatabase bool) {
 	ormer.Engine.SetTableMapper(tbMapper)
 }
 
-func CreateTables(createDatabase bool) {
+func CreateTables() {
 	if createDatabase {
 		err := ormer.CreateDatabase()
 		if err != nil {
@@ -229,11 +246,6 @@ func (a *Ormer) createTable() {
 		panic(err)
 	}
 
-	err = a.Engine.Sync2(new(Record))
-	if err != nil {
-		panic(err)
-	}
-
 	err = a.Engine.Sync2(new(Webhook))
 	if err != nil {
 		panic(err)
@@ -294,76 +306,3 @@ func (a *Ormer) createTable() {
 		panic(err)
 	}
 }
-
-func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
-	session := ormer.Engine.Prepare()
-	if offset != -1 && limit != -1 {
-		session.Limit(limit, offset)
-	}
-	if owner != "" {
-		session = session.And("owner=?", owner)
-	}
-	if field != "" && value != "" {
-		if util.FilterField(field) {
-			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
-		}
-	}
-	if sortField == "" || sortOrder == "" {
-		sortField = "created_time"
-	}
-	if sortOrder == "ascend" {
-		session = session.Asc(util.SnakeString(sortField))
-	} else {
-		session = session.Desc(util.SnakeString(sortField))
-	}
-	return session
-}
-
-func GetSessionForUser(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
-	session := ormer.Engine.Prepare()
-	if offset != -1 && limit != -1 {
-		session.Limit(limit, offset)
-	}
-	if owner != "" {
-		if offset == -1 {
-			session = session.And("owner=?", owner)
-		} else {
-			session = session.And("a.owner=?", owner)
-		}
-	}
-	if field != "" && value != "" {
-		if util.FilterField(field) {
-			if offset != -1 {
-				field = fmt.Sprintf("a.%s", field)
-			}
-			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
-		}
-	}
-	if sortField == "" || sortOrder == "" {
-		sortField = "created_time"
-	}
-
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	tableName := tableNamePrefix + "user"
-	if offset == -1 {
-		if sortOrder == "ascend" {
-			session = session.Asc(util.SnakeString(sortField))
-		} else {
-			session = session.Desc(util.SnakeString(sortField))
-		}
-	} else {
-		if sortOrder == "ascend" {
-			session = session.Alias("a").
-				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
-				Select("b.*").
-				Asc("a." + util.SnakeString(sortField))
-		} else {
-			session = session.Alias("a").
-				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
-				Select("b.*").
-				Desc("a." + util.SnakeString(sortField))
-		}
-	}
-
-	return session
-}

object/ormer_session.go

@@ -0,0 +1,96 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/xorm"
+)
+
+func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
+	session := ormer.Engine.Prepare()
+	if offset != -1 && limit != -1 {
+		session.Limit(limit, offset)
+	}
+	if owner != "" {
+		session = session.And("owner=?", owner)
+	}
+	if field != "" && value != "" {
+		if util.FilterField(field) {
+			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+		}
+	}
+	if sortField == "" || sortOrder == "" {
+		sortField = "created_time"
+	}
+	if sortOrder == "ascend" {
+		session = session.Asc(util.SnakeString(sortField))
+	} else {
+		session = session.Desc(util.SnakeString(sortField))
+	}
+	return session
+}
+
+func GetSessionForUser(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
+	session := ormer.Engine.Prepare()
+	if offset != -1 && limit != -1 {
+		session.Limit(limit, offset)
+	}
+	if owner != "" {
+		if offset == -1 {
+			session = session.And("owner=?", owner)
+		} else {
+			session = session.And("a.owner=?", owner)
+		}
+	}
+	if field != "" && value != "" {
+		if util.FilterField(field) {
+			if offset != -1 {
+				field = fmt.Sprintf("a.%s", field)
+			}
+			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+		}
+	}
+	if sortField == "" || sortOrder == "" {
+		sortField = "created_time"
+	}
+
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	tableName := tableNamePrefix + "user"
+	if offset == -1 {
+		if sortOrder == "ascend" {
+			session = session.Asc(util.SnakeString(sortField))
+		} else {
+			session = session.Desc(util.SnakeString(sortField))
+		}
+	} else {
+		if sortOrder == "ascend" {
+			session = session.Alias("a").
+				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
+				Select("b.*").
+				Asc("a." + util.SnakeString(sortField))
+		} else {
+			session = session.Alias("a").
+				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
+				Select("b.*").
+				Desc("a." + util.SnakeString(sortField))
+		}
+	}
+
+	return session
+}

object/permission.go

@@ -58,7 +58,7 @@ type PermissionRule struct {
 	Id    string `xorm:"varchar(100) index not null default ''" json:"id"`
 }
 
-const builtInAvailableField = 10
+const builtInAvailableField = 5 // Casdoor built-in adapter, use V5 to filter permission, so has 5 available field
 
 func (p *Permission) GetId() string {
 	return util.GetId(p.Owner, p.Name)

object/permission_enforcer.go

@@ -309,8 +309,7 @@ func GetAllRoles(userId string) []string {
 
 func GetBuiltInModel(modelText string) (model.Model, error) {
 	if modelText == "" {
-		modelText = `
-[request_definition]
+		modelText = `[request_definition]
 r = sub, obj, act
 
 [policy_definition]

object/permission_upload.go

@@ -33,8 +33,8 @@ func getPermissionMap(owner string) (map[string]*Permission, error) {
 	return m, err
 }
 
-func UploadPermissions(owner string, fileId string) (bool, error) {
-	table := xlsx.ReadXlsxFile(fileId)
+func UploadPermissions(owner string, path string) (bool, error) {
+	table := xlsx.ReadXlsxFile(path)
 
 	oldUserMap, err := getPermissionMap(owner)
 	if err != nil {

object/plan.go

@@ -28,15 +28,21 @@ type Plan struct {
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
 	Description string `xorm:"varchar(100)" json:"description"`
 
-	PricePerMonth float64 `json:"pricePerMonth"`
-	PricePerYear  float64 `json:"pricePerYear"`
-	Currency      string  `xorm:"varchar(100)" json:"currency"`
-	IsEnabled     bool    `json:"isEnabled"`
+	PricePerMonth    float64  `json:"pricePerMonth"`
+	PricePerYear     float64  `json:"pricePerYear"`
+	Currency         string   `xorm:"varchar(100)" json:"currency"`
+	Product          string   `json:"product"`                              // related product id
+	PaymentProviders []string `xorm:"varchar(100)" json:"paymentProviders"` // payment providers for related product
+	IsEnabled        bool     `json:"isEnabled"`
 
 	Role    string   `xorm:"varchar(100)" json:"role"`
 	Options []string `xorm:"-" json:"options"`
 }
 
+func (plan *Plan) GetId() string {
+	return fmt.Sprintf("%s/%s", plan.Owner, plan.Name)
+}
+
 func GetPlanCount(owner, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
 	return session.Count(&Plan{})
@@ -114,38 +120,3 @@ func DeletePlan(plan *Plan) (bool, error) {
 	}
 	return affected != 0, nil
 }
-
-func (plan *Plan) GetId() string {
-	return fmt.Sprintf("%s/%s", plan.Owner, plan.Name)
-}
-
-func Subscribe(owner string, user string, plan string, pricing string) (*Subscription, error) {
-	selectedPricing, err := GetPricing(fmt.Sprintf("%s/%s", owner, pricing))
-	if err != nil {
-		return nil, err
-	}
-
-	valid := selectedPricing != nil && selectedPricing.IsEnabled
-
-	if !valid {
-		return nil, nil
-	}
-
-	planBelongToPricing, err := selectedPricing.HasPlan(owner, plan)
-	if err != nil {
-		return nil, err
-	}
-
-	if planBelongToPricing {
-		newSubscription := NewSubscription(owner, user, plan, selectedPricing.TrialDuration)
-		affected, err := AddSubscription(newSubscription)
-		if err != nil {
-			return nil, err
-		}
-
-		if affected {
-			return newSubscription, nil
-		}
-	}
-	return nil, nil
-}

object/pricing.go

@@ -16,7 +16,6 @@ package object
 
 import (
 	"fmt"
-	"strings"
 
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
@@ -41,6 +40,26 @@ type Pricing struct {
 	State string `xorm:"varchar(100)" json:"state"`
 }
 
+func (pricing *Pricing) GetId() string {
+	return fmt.Sprintf("%s/%s", pricing.Owner, pricing.Name)
+}
+
+func (pricing *Pricing) HasPlan(planName string) (bool, error) {
+	planId := util.GetId(pricing.Owner, planName)
+	plan, err := GetPlan(planId)
+	if err != nil {
+		return false, err
+	}
+	if plan == nil {
+		return false, fmt.Errorf("plan: %s does not exist", planId)
+	}
+
+	if util.InSlice(pricing.Plans, plan.Name) {
+		return true, nil
+	}
+	return false, nil
+}
+
 func GetPricingCount(owner, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
 	return session.Count(&Pricing{})
@@ -74,7 +93,7 @@ func getPricing(owner, name string) (*Pricing, error) {
 	pricing := Pricing{Owner: owner, Name: name}
 	existed, err := ormer.Engine.Get(&pricing)
 	if err != nil {
-		return &pricing, err
+		return nil, err
 	}
 	if existed {
 		return &pricing, nil
@@ -88,6 +107,20 @@ func GetPricing(id string) (*Pricing, error) {
 	return getPricing(owner, name)
 }
 
+func GetApplicationDefaultPricing(owner, appName string) (*Pricing, error) {
+	pricings := make([]*Pricing, 0, 1)
+	err := ormer.Engine.Asc("created_time").Find(&pricings, &Pricing{Owner: owner, Application: appName})
+	if err != nil {
+		return nil, err
+	}
+	for _, pricing := range pricings {
+		if pricing.IsEnabled {
+			return pricing, nil
+		}
+	}
+	return nil, nil
+}
+
 func UpdatePricing(id string, pricing *Pricing) (bool, error) {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	if p, err := getPricing(owner, name); err != nil {
@@ -120,28 +153,21 @@ func DeletePricing(pricing *Pricing) (bool, error) {
 	return affected != 0, nil
 }
 
-func (pricing *Pricing) GetId() string {
-	return fmt.Sprintf("%s/%s", pricing.Owner, pricing.Name)
-}
-
-func (pricing *Pricing) HasPlan(owner string, plan string) (bool, error) {
-	selectedPlan, err := GetPlan(fmt.Sprintf("%s/%s", owner, plan))
-	if err != nil {
-		return false, err
-	}
-
-	if selectedPlan == nil {
-		return false, nil
-	}
-
-	result := false
-
-	for _, pricingPlan := range pricing.Plans {
-		if strings.Contains(pricingPlan, selectedPlan.Name) {
-			result = true
-			break
+func CheckPricingAndPlan(owner, pricingName, planName string) error {
+	pricingId := util.GetId(owner, pricingName)
+	pricing, err := GetPricing(pricingId)
+	if pricing == nil || err != nil {
+		if pricing == nil && err == nil {
+			err = fmt.Errorf("pricing: %s does not exist", pricingName)
 		}
+		return err
 	}
-
-	return result, nil
+	ok, err := pricing.HasPlan(planName)
+	if err != nil {
+		return err
+	}
+	if !ok {
+		return fmt.Errorf("pricing: %s does not have plan: %s", pricingName, planName)
+	}
+	return nil
 }

object/product.go

@@ -141,24 +141,24 @@ func (product *Product) isValidProvider(provider *Provider) bool {
 	return false
 }
 
-func (product *Product) getProvider(providerId string) (*Provider, error) {
-	provider, err := getProvider(product.Owner, providerId)
+func (product *Product) getProvider(providerName string) (*Provider, error) {
+	provider, err := getProvider(product.Owner, providerName)
 	if err != nil {
 		return nil, err
 	}
 
 	if provider == nil {
-		return nil, fmt.Errorf("the payment provider: %s does not exist", providerId)
+		return nil, fmt.Errorf("the payment provider: %s does not exist", providerName)
 	}
 
 	if !product.isValidProvider(provider) {
-		return nil, fmt.Errorf("the payment provider: %s is not valid for the product: %s", providerId, product.Name)
+		return nil, fmt.Errorf("the payment provider: %s is not valid for the product: %s", providerName, product.Name)
 	}
 
 	return provider, nil
 }
 
-func BuyProduct(id string, providerName string, user *User, host string) (string, string, error) {
+func BuyProduct(id string, user *User, providerName, pricingName, planName, host string) (string, string, error) {
 	product, err := GetProduct(id)
 	if err != nil {
 		return "", "", err
@@ -181,13 +181,24 @@ func BuyProduct(id string, providerName string, user *User, host string) (string
 	owner := product.Owner
 	productName := product.Name
 	payerName := fmt.Sprintf("%s | %s", user.Name, user.DisplayName)
-	paymentName := util.GenerateTimeId()
+	paymentName := fmt.Sprintf("payment_%v", util.GenerateTimeId())
 	productDisplayName := product.DisplayName
 
 	originFrontend, originBackend := getOriginFromHost(host)
 	returnUrl := fmt.Sprintf("%s/payments/%s/%s/result", originFrontend, owner, paymentName)
 	notifyUrl := fmt.Sprintf("%s/api/notify-payment/%s/%s", originBackend, owner, paymentName)
-	// Create an Order and get the payUrl
+	if user.Type == "paid-user" {
+		// Create a subscription for `paid-user`
+		if pricingName != "" && planName != "" {
+			sub := NewSubscription(owner, user.Name, pricingName, planName, paymentName)
+			_, err := AddSubscription(sub)
+			if err != nil {
+				return "", "", err
+			}
+			returnUrl = fmt.Sprintf("%s/buy-plan/%s/%s/result?subscription=%s", originFrontend, owner, pricingName, sub.Name)
+		}
+	}
+	// Create an OrderId and get the payUrl
 	payUrl, orderId, err := pProvider.Pay(providerName, productName, payerName, paymentName, productDisplayName, product.Price, product.Currency, returnUrl, notifyUrl)
 	if err != nil {
 		return "", "", err
@@ -228,7 +239,6 @@ func BuyProduct(id string, providerName string, user *User, host string) (string
 	if !affected {
 		return "", "", fmt.Errorf("failed to add payment: %s", util.StructToJson(payment))
 	}
-
 	return payUrl, orderId, err
 }
 
@@ -252,3 +262,34 @@ func ExtendProductWithProviders(product *Product) error {
 
 	return nil
 }
+
+func CreateProductForPlan(plan *Plan) *Product {
+	product := &Product{
+		Owner:       plan.Owner,
+		Name:        fmt.Sprintf("product_%v", util.GetRandomName()),
+		DisplayName: fmt.Sprintf("Auto Created Product for Plan %v(%v)", plan.GetId(), plan.DisplayName),
+		CreatedTime: plan.CreatedTime,
+
+		Image:       "https://cdn.casbin.org/img/casdoor-logo_1185x256.png", // TODO
+		Detail:      fmt.Sprintf("This Product was auto created for Plan %v(%v)", plan.GetId(), plan.DisplayName),
+		Description: plan.Description,
+		Tag:         "auto_created_product_for_plan",
+		Price:       plan.PricePerMonth, // TODO
+		Currency:    plan.Currency,
+
+		Quantity: 999,
+		Sold:     0,
+
+		Providers: plan.PaymentProviders,
+		State:     "Published",
+	}
+	return product
+}
+
+func UpdateProductForPlan(plan *Plan, product *Product) {
+	product.DisplayName = fmt.Sprintf("Auto Created Product for Plan %v(%v)", plan.GetId(), plan.DisplayName)
+	product.Detail = fmt.Sprintf("This Product was auto created for Plan %v(%v)", plan.GetId(), plan.DisplayName)
+	product.Price = plan.PricePerMonth // TODO
+	product.Providers = plan.PaymentProviders
+	product.Currency = plan.Currency
+}

object/provider.go

@@ -36,7 +36,7 @@ type Provider struct {
 	Type              string            `xorm:"varchar(100)" json:"type"`
 	SubType           string            `xorm:"varchar(100)" json:"subType"`
 	Method            string            `xorm:"varchar(100)" json:"method"`
-	ClientId          string            `xorm:"varchar(100)" json:"clientId"`
+	ClientId          string            `xorm:"varchar(200)" json:"clientId"`
 	ClientSecret      string            `xorm:"varchar(2000)" json:"clientSecret"`
 	ClientId2         string            `xorm:"varchar(100)" json:"clientId2"`
 	ClientSecret2     string            `xorm:"varchar(100)" json:"clientSecret2"`
@@ -254,7 +254,8 @@ func DeleteProvider(provider *Provider) (bool, error) {
 func (p *Provider) getPaymentProvider() (pp.PaymentProvider, *Cert, error) {
 	cert := &Cert{}
 	if p.Cert != "" {
-		cert, err := getCert(p.Owner, p.Cert)
+		var err error
+		cert, err = getCert(p.Owner, p.Cert)
 		if err != nil {
 			return nil, nil, err
 		}

object/record.go

@@ -21,6 +21,7 @@ import (
 	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
+	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
 )
 
 var logPostOnly bool
@@ -30,26 +31,10 @@ func init() {
 }
 
 type Record struct {
-	Id int `xorm:"int notnull pk autoincr" json:"id"`
-
-	Owner       string `xorm:"varchar(100) index" json:"owner"`
-	Name        string `xorm:"varchar(100) index" json:"name"`
-	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
-
-	Organization string `xorm:"varchar(100)" json:"organization"`
-	ClientIp     string `xorm:"varchar(100)" json:"clientIp"`
-	User         string `xorm:"varchar(100)" json:"user"`
-	Method       string `xorm:"varchar(100)" json:"method"`
-	RequestUri   string `xorm:"varchar(1000)" json:"requestUri"`
-	Action       string `xorm:"varchar(1000)" json:"action"`
-
-	Object       string `xorm:"-" json:"object"`
-	ExtendedUser *User  `xorm:"-" json:"extendedUser"`
-
-	IsTriggered bool `json:"isTriggered"`
+	casvisorsdk.Record
 }
 
-func NewRecord(ctx *context.Context) *Record {
+func NewRecord(ctx *context.Context) *casvisorsdk.Record {
 	ip := strings.Replace(util.GetIPFromRequest(ctx.Request), ": ", "", -1)
 	action := strings.Replace(ctx.Request.URL.Path, "/api/", "", -1)
 	requestUri := util.FilterQuery(ctx.Request.RequestURI, []string{"accessToken"})
@@ -62,7 +47,7 @@ func NewRecord(ctx *context.Context) *Record {
 		object = string(ctx.Input.RequestBody)
 	}
 
-	record := Record{
+	record := casvisorsdk.Record{
 		Name:        util.GenerateId(),
 		CreatedTime: util.GetCurrentTime(),
 		ClientIp:    ip,
@@ -76,7 +61,7 @@ func NewRecord(ctx *context.Context) *Record {
 	return &record
 }
 
-func AddRecord(record *Record) bool {
+func AddRecord(record *casvisorsdk.Record) bool {
 	if logPostOnly {
 		if record.Method == "GET" {
 			return false
@@ -96,51 +81,19 @@ func AddRecord(record *Record) bool {
 		fmt.Println(errWebhook)
 	}
 
-	affected, err := ormer.Engine.Insert(record)
+	if casvisorsdk.GetClient() == nil {
+		return false
+	}
+
+	affected, err := casvisorsdk.AddRecord(record)
 	if err != nil {
 		panic(err)
 	}
 
-	return affected != 0
+	return affected
 }
 
-func GetRecordCount(field, value string, filterRecord *Record) (int64, error) {
-	session := GetSession("", -1, -1, field, value, "", "")
-	return session.Count(filterRecord)
-}
-
-func GetRecords() ([]*Record, error) {
-	records := []*Record{}
-	err := ormer.Engine.Desc("id").Find(&records)
-	if err != nil {
-		return records, err
-	}
-
-	return records, nil
-}
-
-func GetPaginationRecords(offset, limit int, field, value, sortField, sortOrder string, filterRecord *Record) ([]*Record, error) {
-	records := []*Record{}
-	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&records, filterRecord)
-	if err != nil {
-		return records, err
-	}
-
-	return records, nil
-}
-
-func GetRecordsByField(record *Record) ([]*Record, error) {
-	records := []*Record{}
-	err := ormer.Engine.Find(&records, record)
-	if err != nil {
-		return records, err
-	}
-
-	return records, nil
-}
-
-func SendWebhooks(record *Record) error {
+func SendWebhooks(record *casvisorsdk.Record) error {
 	webhooks, err := getWebhooksByOrganization(record.Organization)
 	if err != nil {
 		return err
@@ -160,17 +113,16 @@ func SendWebhooks(record *Record) error {
 		}
 
 		if matched {
+			var user *User
 			if webhook.IsUserExtended {
-				user, err := getUser(record.Organization, record.User)
+				user, err = getUser(record.Organization, record.User)
 				user, err = GetMaskedUser(user, false, err)
 				if err != nil {
 					return err
 				}
-
-				record.ExtendedUser = user
 			}
 
-			err := sendWebhook(webhook, record)
+			err = sendWebhook(webhook, record, user)
 			if err != nil {
 				return err
 			}

object/record_casvisor.go

@@ -0,0 +1,50 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"strings"
+
+	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
+)
+
+func getCasvisorApplication() *Application {
+	applications, err := GetApplications("admin")
+	if err != nil {
+		panic(err)
+	}
+
+	for _, application := range applications {
+		if strings.Contains(strings.ToLower(application.Name), "casvisor") {
+			return application
+		}
+	}
+	return nil
+}
+
+func InitCasvisorConfig() {
+	application := getCasvisorApplication()
+	if application == nil {
+		return
+	}
+
+	casvisorEndpoint := application.HomepageUrl
+	clientId := application.ClientId
+	clientSecret := application.ClientSecret
+	casdoorOrganization := application.Organization
+	casdoorApplication := application.Name
+
+	casvisorsdk.InitConfig(casvisorEndpoint, clientId, clientSecret, casdoorOrganization, casdoorApplication)
+}

object/role_upload.go

@@ -33,8 +33,8 @@ func getRoleMap(owner string) (map[string]*Role, error) {
 	return m, nil
 }
 
-func UploadRoles(owner string, fileId string) (bool, error) {
-	table := xlsx.ReadXlsxFile(fileId)
+func UploadRoles(owner string, path string) (bool, error) {
+	table := xlsx.ReadXlsxFile(path)
 
 	oldUserMap, err := getRoleMap(owner)
 	if err != nil {

object/saml_idp.go

@@ -31,8 +31,8 @@ import (
 	"github.com/RobotsAndPencils/go-saml"
 	"github.com/beevik/etree"
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/google/uuid"
 	dsig "github.com/russellhaering/goxmldsig"
-	uuid "github.com/satori/go.uuid"
 )
 
 // NewSamlResponse
@@ -46,7 +46,7 @@ func NewSamlResponse(user *User, host string, certificate string, destination st
 	expireTime := time.Now().UTC().Add(time.Hour * 24).Format(time.RFC3339)
 	samlResponse.CreateAttr("xmlns:samlp", "urn:oasis:names:tc:SAML:2.0:protocol")
 	samlResponse.CreateAttr("xmlns:saml", "urn:oasis:names:tc:SAML:2.0:assertion")
-	arId := uuid.NewV4()
+	arId := uuid.New()
 
 	samlResponse.CreateAttr("ID", fmt.Sprintf("_%s", arId))
 	samlResponse.CreateAttr("Version", "2.0")
@@ -60,7 +60,7 @@ func NewSamlResponse(user *User, host string, certificate string, destination st
 	assertion := samlResponse.CreateElement("saml:Assertion")
 	assertion.CreateAttr("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance")
 	assertion.CreateAttr("xmlns:xs", "http://www.w3.org/2001/XMLSchema")
-	assertion.CreateAttr("ID", fmt.Sprintf("_%s", uuid.NewV4()))
+	assertion.CreateAttr("ID", fmt.Sprintf("_%s", uuid.New()))
 	assertion.CreateAttr("Version", "2.0")
 	assertion.CreateAttr("IssueInstant", now)
 	assertion.CreateElement("saml:Issuer").SetText(host)
@@ -82,7 +82,7 @@ func NewSamlResponse(user *User, host string, certificate string, destination st
 	}
 	authnStatement := assertion.CreateElement("saml:AuthnStatement")
 	authnStatement.CreateAttr("AuthnInstant", now)
-	authnStatement.CreateAttr("SessionIndex", fmt.Sprintf("_%s", uuid.NewV4()))
+	authnStatement.CreateAttr("SessionIndex", fmt.Sprintf("_%s", uuid.New()))
 	authnStatement.CreateAttr("SessionNotOnOrAfter", expireTime)
 	authnStatement.CreateElement("saml:AuthnContext").CreateElement("saml:AuthnContextClassRef").SetText("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")
 
@@ -355,7 +355,7 @@ func NewSamlResponse11(user *User, requestID string, host string) *etree.Element
 	samlResponse.CreateAttr("MajorVersion", "1")
 	samlResponse.CreateAttr("MinorVersion", "1")
 
-	responseID := uuid.NewV4()
+	responseID := uuid.New()
 	samlResponse.CreateAttr("ResponseID", fmt.Sprintf("_%s", responseID))
 	samlResponse.CreateAttr("InResponseTo", requestID)
 
@@ -371,7 +371,7 @@ func NewSamlResponse11(user *User, requestID string, host string) *etree.Element
 	assertion.CreateAttr("xmlns:saml", "urn:oasis:names:tc:SAML:1.0:assertion")
 	assertion.CreateAttr("MajorVersion", "1")
 	assertion.CreateAttr("MinorVersion", "1")
-	assertion.CreateAttr("AssertionID", uuid.NewV4().String())
+	assertion.CreateAttr("AssertionID", uuid.New().String())
 	assertion.CreateAttr("Issuer", host)
 	assertion.CreateAttr("IssueInstant", now)
 

object/subscription.go

@@ -18,47 +18,108 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/casdoor/casdoor/pp"
+
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
 
-const defaultStatus = "Pending"
+type SubscriptionState string
+
+const (
+	SubStatePending   SubscriptionState = "Pending"
+	SubStateError     SubscriptionState = "Error"
+	SubStateSuspended SubscriptionState = "Suspended" // suspended by the admin
+
+	SubStateActive   SubscriptionState = "Active"
+	SubStateUpcoming SubscriptionState = "Upcoming"
+	SubStateExpired  SubscriptionState = "Expired"
+)
 
 type Subscription struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
-	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	Description string `xorm:"varchar(100)" json:"description"`
 
-	StartDate   time.Time `json:"startDate"`
-	EndDate     time.Time `json:"endDate"`
-	Duration    int       `json:"duration"`
-	Description string    `xorm:"varchar(100)" json:"description"`
+	User    string `xorm:"varchar(100)" json:"user"`
+	Pricing string `xorm:"varchar(100)" json:"pricing"`
+	Plan    string `xorm:"varchar(100)" json:"plan"`
+	Payment string `xorm:"varchar(100)" json:"payment"`
 
-	User string `xorm:"mediumtext" json:"user"`
-	Plan string `xorm:"varchar(100)" json:"plan"`
-
-	IsEnabled   bool   `json:"isEnabled"`
-	Submitter   string `xorm:"varchar(100)" json:"submitter"`
-	Approver    string `xorm:"varchar(100)" json:"approver"`
-	ApproveTime string `xorm:"varchar(100)" json:"approveTime"`
-
-	State string `xorm:"varchar(100)" json:"state"`
+	StartTime time.Time         `json:"startTime"`
+	EndTime   time.Time         `json:"endTime"`
+	Duration  int               `json:"duration"`
+	State     SubscriptionState `xorm:"varchar(100)" json:"state"`
 }
 
-func NewSubscription(owner string, user string, plan string, duration int) *Subscription {
+func (sub *Subscription) GetId() string {
+	return fmt.Sprintf("%s/%s", sub.Owner, sub.Name)
+}
+
+func (sub *Subscription) UpdateState() error {
+	preState := sub.State
+	// update subscription state by payment state
+	if sub.State == SubStatePending {
+		if sub.Payment == "" {
+			return nil
+		}
+		payment, err := GetPayment(util.GetId(sub.Owner, sub.Payment))
+		if err != nil {
+			return err
+		}
+		if payment == nil {
+			sub.Description = fmt.Sprintf("payment: %s does not exist", sub.Payment)
+			sub.State = SubStateError
+		} else {
+			if payment.State == pp.PaymentStatePaid {
+				sub.State = SubStateActive
+			} else if payment.State != pp.PaymentStateCreated {
+				// other states: Canceled, Timeout, Error
+				sub.Description = fmt.Sprintf("payment: %s state is %v", sub.Payment, payment.State)
+				sub.State = SubStateError
+			}
+		}
+	}
+
+	if sub.State == SubStateActive || sub.State == SubStateUpcoming || sub.State == SubStateExpired {
+		if sub.EndTime.Before(time.Now()) {
+			sub.State = SubStateExpired
+		} else if sub.StartTime.After(time.Now()) {
+			sub.State = SubStateUpcoming
+		} else {
+			sub.State = SubStateActive
+		}
+	}
+
+	if preState != sub.State {
+		_, err := UpdateSubscription(sub.GetId(), sub)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func NewSubscription(owner, userName, pricingName, planName, paymentName string) *Subscription {
 	id := util.GenerateId()[:6]
 	return &Subscription{
-		Name:        "Subscription_" + id,
-		DisplayName: "New Subscription - " + id,
 		Owner:       owner,
-		User:        owner + "/" + user,
-		Plan:        owner + "/" + plan,
+		Name:        "sub_" + id,
+		DisplayName: "New Subscription - " + id,
 		CreatedTime: util.GetCurrentTime(),
-		State:       defaultStatus,
-		Duration:    duration,
-		StartDate:   time.Now(),
-		EndDate:     time.Now().AddDate(0, 0, duration),
+
+		User:    userName,
+		Pricing: pricingName,
+		Plan:    planName,
+		Payment: paymentName,
+
+		StartTime: time.Now(),
+		EndTime:   time.Now().AddDate(0, 0, 30),
+		Duration:  30,              // TODO
+		State:     SubStatePending, // waiting for payment complete
 	}
 }
 
@@ -73,7 +134,28 @@ func GetSubscriptions(owner string) ([]*Subscription, error) {
 	if err != nil {
 		return subscriptions, err
 	}
+	for _, sub := range subscriptions {
+		err = sub.UpdateState()
+		if err != nil {
+			return nil, err
+		}
+	}
+	return subscriptions, nil
+}
 
+func GetSubscriptionsByUser(owner, userName string) ([]*Subscription, error) {
+	subscriptions := []*Subscription{}
+	err := ormer.Engine.Desc("created_time").Find(&subscriptions, &Subscription{Owner: owner, User: userName})
+	if err != nil {
+		return subscriptions, err
+	}
+	// update subscription state
+	for _, sub := range subscriptions {
+		err = sub.UpdateState()
+		if err != nil {
+			return subscriptions, err
+		}
+	}
 	return subscriptions, nil
 }
 
@@ -84,7 +166,12 @@ func GetPaginationSubscriptions(owner string, offset, limit int, field, value, s
 	if err != nil {
 		return subscriptions, err
 	}
-
+	for _, sub := range subscriptions {
+		err = sub.UpdateState()
+		if err != nil {
+			return nil, err
+		}
+	}
 	return subscriptions, nil
 }
 
@@ -144,7 +231,3 @@ func DeleteSubscription(subscription *Subscription) (bool, error) {
 
 	return affected != 0, nil
 }
-
-func (subscription *Subscription) GetId() string {
-	return fmt.Sprintf("%s/%s", subscription.Owner, subscription.Name)
-}

object/syncer.go

@@ -25,6 +25,7 @@ type TableColumn struct {
 	Name        string   `json:"name"`
 	Type        string   `json:"type"`
 	CasdoorName string   `json:"casdoorName"`
+	IsKey       bool     `json:"isKey"`
 	IsHashed    bool     `json:"isHashed"`
 	Values      []string `json:"values"`
 }
@@ -44,7 +45,6 @@ type Syncer struct {
 	DatabaseType     string         `xorm:"varchar(100)" json:"databaseType"`
 	Database         string         `xorm:"varchar(100)" json:"database"`
 	Table            string         `xorm:"varchar(100)" json:"table"`
-	TablePrimaryKey  string         `xorm:"varchar(100)" json:"tablePrimaryKey"`
 	TableColumns     []*TableColumn `xorm:"mediumtext" json:"tableColumns"`
 	AffiliationTable string         `xorm:"varchar(100)" json:"affiliationTable"`
 	AvatarBaseUrl    string         `xorm:"varchar(100)" json:"avatarBaseUrl"`
@@ -229,6 +229,27 @@ func (syncer *Syncer) getTable() string {
 	}
 }
 
+func (syncer *Syncer) getKey() string {
+	key := "id"
+	hasKey := false
+	hasId := false
+	for _, tableColumn := range syncer.TableColumns {
+		if tableColumn.IsKey {
+			hasKey = true
+			key = tableColumn.Name
+		}
+		if tableColumn.Name == "id" {
+			hasId = true
+		}
+	}
+
+	if !hasKey && !hasId {
+		key = syncer.TableColumns[0].Name
+	}
+
+	return key
+}
+
 func RunSyncer(syncer *Syncer) {
 	syncer.initAdapter()
 	syncer.syncUsers()

object/syncer_sync.go

@@ -20,16 +20,24 @@ import (
 )
 
 func (syncer *Syncer) syncUsers() {
+	if len(syncer.TableColumns) == 0 {
+		return
+	}
+
 	fmt.Printf("Running syncUsers()..\n")
 
-	users, userMap, userNameMap := syncer.getUserMap()
+	users, _, _ := syncer.getUserMap()
 	oUsers, oUserMap, err := syncer.getOriginalUserMap()
 	if err != nil {
 		fmt.Printf(err.Error())
 
 		timestamp := time.Now().Format("2006-01-02 15:04:05")
 		line := fmt.Sprintf("[%s] %s\n", timestamp, err.Error())
-		updateSyncerErrorText(syncer, line)
+		_, err = updateSyncerErrorText(syncer, line)
+		if err != nil {
+			panic(err)
+		}
+
 		return
 	}
 
@@ -40,48 +48,68 @@ func (syncer *Syncer) syncUsers() {
 		_, affiliationMap, err = syncer.getAffiliationMap()
 	}
 
+	key := syncer.getKey()
+
+	myUsers := map[string]*User{}
+	for _, m := range users {
+		myUsers[syncer.getUserValue(m, key)] = m
+	}
+
 	newUsers := []*User{}
 	for _, oUser := range oUsers {
-		id := oUser.Id
-		if _, ok := userMap[id]; !ok {
-			if _, ok := userNameMap[oUser.Name]; !ok {
-				newUser := syncer.createUserFromOriginalUser(oUser, affiliationMap)
-				fmt.Printf("New user: %v\n", newUser)
-				newUsers = append(newUsers, newUser)
-			}
-		} else {
-			user := userMap[id]
-			oHash := syncer.calculateHash(oUser)
+		primary := syncer.getUserValue(oUser, key)
 
+		if _, ok := myUsers[primary]; !ok {
+			newUser := syncer.createUserFromOriginalUser(oUser, affiliationMap)
+			fmt.Printf("New user: %v\n", newUser)
+			newUsers = append(newUsers, newUser)
+		} else {
+			user := myUsers[primary]
+			oHash := syncer.calculateHash(oUser)
 			if user.Hash == user.PreHash {
 				if user.Hash != oHash {
 					updatedUser := syncer.createUserFromOriginalUser(oUser, affiliationMap)
 					updatedUser.Hash = oHash
 					updatedUser.PreHash = oHash
-					syncer.updateUserForOriginalFields(updatedUser)
+					_, err = syncer.updateUserForOriginalByFields(updatedUser, key)
+					if err != nil {
+						panic(err)
+					}
 					fmt.Printf("Update from oUser to user: %v\n", updatedUser)
 				}
 			} else {
 				if user.PreHash == oHash {
 					if !syncer.IsReadOnly {
 						updatedOUser := syncer.createOriginalUserFromUser(user)
-						syncer.updateUser(updatedOUser)
+						_, err = syncer.updateUser(updatedOUser)
+						if err != nil {
+							panic(err)
+						}
 						fmt.Printf("Update from user to oUser: %v\n", updatedOUser)
 					}
 
 					// update preHash
 					user.PreHash = user.Hash
-					SetUserField(user, "pre_hash", user.PreHash)
+					_, err = SetUserField(user, "pre_hash", user.PreHash)
+					if err != nil {
+						panic(err)
+					}
 				} else {
 					if user.Hash == oHash {
 						// update preHash
 						user.PreHash = user.Hash
-						SetUserField(user, "pre_hash", user.PreHash)
+						_, err = SetUserField(user, "pre_hash", user.PreHash)
+						if err != nil {
+							panic(err)
+						}
 					} else {
 						updatedUser := syncer.createUserFromOriginalUser(oUser, affiliationMap)
 						updatedUser.Hash = oHash
 						updatedUser.PreHash = oHash
-						syncer.updateUserForOriginalFields(updatedUser)
+						_, err = syncer.updateUserForOriginalByFields(updatedUser, key)
+						if err != nil {
+							panic(err)
+						}
 						fmt.Printf("Update from oUser to user (2nd condition): %v\n", updatedUser)
 					}
 				}

object/syncer_user.go

@@ -80,16 +80,6 @@ func (syncer *Syncer) addUser(user *OriginalUser) (bool, error) {
 	return affected != 0, nil
 }
 
-/*func (syncer *Syncer) getOriginalColumns() []string {
-	res := []string{}
-	for _, tableColumn := range syncer.TableColumns {
-		if tableColumn.CasdoorName != "Id" {
-			res = append(res, tableColumn.Name)
-		}
-	}
-	return res
-}*/
-
 func (syncer *Syncer) getCasdoorColumns() []string {
 	res := []string{}
 	for _, tableColumn := range syncer.TableColumns {
@@ -102,12 +92,14 @@ func (syncer *Syncer) getCasdoorColumns() []string {
 }
 
 func (syncer *Syncer) updateUser(user *OriginalUser) (bool, error) {
+	key := syncer.getKey()
+
 	m := syncer.getMapFromOriginalUser(user)
-	pkValue := m[syncer.TablePrimaryKey]
-	delete(m, syncer.TablePrimaryKey)
+	pkValue := m[key]
+	delete(m, key)
 	setString := syncer.getSqlSetStringFromMap(m)
 
-	sql := fmt.Sprintf("update %s set %s where %s = %s", syncer.getTable(), setString, syncer.TablePrimaryKey, pkValue)
+	sql := fmt.Sprintf("update %s set %s where %s = %s", syncer.getTable(), setString, key, pkValue)
 	res, err := syncer.Ormer.Engine.Exec(sql)
 	if err != nil {
 		return false, err
@@ -142,6 +134,34 @@ func (syncer *Syncer) updateUserForOriginalFields(user *User) (bool, error) {
 	if err != nil {
 		return false, err
 	}
+	return affected != 0, nil
+}
+
+func (syncer *Syncer) updateUserForOriginalByFields(user *User, key string) (bool, error) {
+	var err error
+	oldUser := User{}
+
+	existed, err := ormer.Engine.Where(key+" = ? and owner = ?", syncer.getUserValue(user, key), user.Owner).Get(&oldUser)
+	if err != nil {
+		return false, err
+	}
+	if !existed {
+		return false, nil
+	}
+
+	if user.Avatar != oldUser.Avatar && user.Avatar != "" {
+		user.PermanentAvatar, err = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
+		if err != nil {
+			return false, err
+		}
+	}
+
+	columns := syncer.getCasdoorColumns()
+	columns = append(columns, "affiliation", "hash", "pre_hash")
+	affected, err := ormer.Engine.Where(key+" = ? and owner = ?", syncer.getUserValue(&oldUser, key), oldUser.Owner).Cols(columns...).Update(user)
+	if err != nil {
+		return false, err
+	}
 
 	return affected != 0, nil
 }

object/syncer_util.go

@@ -17,6 +17,7 @@ package object
 import (
 	"encoding/json"
 	"fmt"
+	"reflect"
 	"strconv"
 	"strings"
 	"time"
@@ -153,14 +154,45 @@ func (syncer *Syncer) setUserByKeyValue(user *User, key string, value string) {
 		user.IsOnline = util.ParseBool(value)
 	case "IsAdmin":
 		user.IsAdmin = util.ParseBool(value)
-	case "IsGlobalAdmin":
-		user.IsGlobalAdmin = util.ParseBool(value)
 	case "IsForbidden":
 		user.IsForbidden = util.ParseBool(value)
 	case "IsDeleted":
 		user.IsDeleted = util.ParseBool(value)
 	case "CreatedIp":
 		user.CreatedIp = value
+	case "PreferredMfaType":
+		user.PreferredMfaType = value
+	case "TotpSecret":
+		user.TotpSecret = value
+	case "SignupApplication":
+		user.SignupApplication = value
+	}
+}
+
+func (syncer *Syncer) getUserValue(user *User, key string) string {
+	jsonData, _ := json.Marshal(user)
+	var mapData map[string]interface{}
+	if err := json.Unmarshal(jsonData, &mapData); err != nil {
+		fmt.Println("conversion failed:", err)
+		return user.Id
+	}
+	value := mapData[util.SnakeToCamel(key)]
+
+	if str, ok := value.(string); ok {
+		return str
+	} else {
+		if value != nil {
+			valType := reflect.TypeOf(value)
+
+			typeName := valType.Name()
+			switch typeName {
+			case "bool":
+				return strconv.FormatBool(value.(bool))
+			case "int":
+				return strconv.Itoa(value.(int))
+			}
+		}
+		return user.Id
 	}
 }
 
@@ -261,10 +293,12 @@ func (syncer *Syncer) getMapFromOriginalUser(user *OriginalUser) map[string]stri
 	m["IsDefaultAvatar"] = util.BoolToString(user.IsDefaultAvatar)
 	m["IsOnline"] = util.BoolToString(user.IsOnline)
 	m["IsAdmin"] = util.BoolToString(user.IsAdmin)
-	m["IsGlobalAdmin"] = util.BoolToString(user.IsGlobalAdmin)
 	m["IsForbidden"] = util.BoolToString(user.IsForbidden)
 	m["IsDeleted"] = util.BoolToString(user.IsDeleted)
 	m["CreatedIp"] = user.CreatedIp
+	m["PreferredMfaType"] = user.PreferredMfaType
+	m["TotpSecret"] = user.TotpSecret
+	m["SignupApplication"] = user.SignupApplication
 
 	m2 := map[string]string{}
 	for _, tableColumn := range syncer.TableColumns {

object/token.go

@@ -824,7 +824,6 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 			Type:              "normal-user",
 			CreatedTime:       util.GetCurrentTime(),
 			IsAdmin:           false,
-			IsGlobalAdmin:     false,
 			IsForbidden:       false,
 			IsDeleted:         false,
 			Properties: map[string]string{

object/token_cas.go

@@ -123,7 +123,7 @@ var stToServiceResponse sync.Map
 // pgt is short for proxy granting ticket
 var pgtToServiceResponse sync.Map
 
-func CheckCasRestrict(application *Application, lang string, service string) error {
+func CheckCasLogin(application *Application, lang string, service string) error {
 	if len(application.RedirectUris) > 0 && !application.IsRedirectUriValid(service) {
 		return fmt.Errorf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), service)
 	}

object/token_jwt.go

@@ -73,7 +73,6 @@ type UserWithoutThirdIdp struct {
 	IsDefaultAvatar     bool              `json:"isDefaultAvatar"`
 	IsOnline            bool              `json:"isOnline"`
 	IsAdmin             bool              `json:"isAdmin"`
-	IsGlobalAdmin       bool              `json:"isGlobalAdmin"`
 	IsForbidden         bool              `json:"isForbidden"`
 	IsDeleted           bool              `json:"isDeleted"`
 	SignupApplication   string            `xorm:"varchar(100)" json:"signupApplication"`
@@ -154,7 +153,6 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {
 		IsDefaultAvatar:   user.IsDefaultAvatar,
 		IsOnline:          user.IsOnline,
 		IsAdmin:           user.IsAdmin,
-		IsGlobalAdmin:     user.IsGlobalAdmin,
 		IsForbidden:       user.IsForbidden,
 		IsDeleted:         user.IsDeleted,
 		SignupApplication: user.SignupApplication,

object/user.go

@@ -29,6 +29,19 @@ const (
 	UserPropertiesWechatOpenId  = "wechatOpenId"
 )
 
+const UserEnforcerId = "built-in/user-enforcer-built-in"
+
+var userEnforcer *UserGroupEnforcer
+
+func InitUserManager() {
+	enforcer, err := GetInitializedEnforcer(UserEnforcerId)
+	if err != nil {
+		panic(err)
+	}
+
+	userEnforcer = NewUserGroupEnforcer(enforcer.Enforcer)
+}
+
 type User struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@@ -70,7 +83,6 @@ type User struct {
 	IsDefaultAvatar   bool     `json:"isDefaultAvatar"`
 	IsOnline          bool     `json:"isOnline"`
 	IsAdmin           bool     `json:"isAdmin"`
-	IsGlobalAdmin     bool     `json:"isGlobalAdmin"`
 	IsForbidden       bool     `json:"isForbidden"`
 	IsDeleted         bool     `json:"isDeleted"`
 	SignupApplication string   `xorm:"varchar(100)" json:"signupApplication"`
@@ -157,6 +169,7 @@ type User struct {
 	Yandex          string `xorm:"yandex varchar(100)" json:"yandex"`
 	Zoom            string `xorm:"zoom varchar(100)" json:"zoom"`
 	MetaMask        string `xorm:"metamask varchar(100)" json:"metamask"`
+	Web3Onboard     string `xorm:"web3onboard varchar(100)" json:"web3onboard"`
 	Custom          string `xorm:"custom varchar(100)" json:"custom"`
 
 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
@@ -516,19 +529,26 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		columns = []string{
 			"owner", "display_name", "avatar",
 			"location", "address", "country_code", "region", "language", "affiliation", "title", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
-			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
+			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
 			"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret",
 			"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
 			"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "slack", "steam", "bilibili", "okta", "douyin", "line", "amazon",
 			"auth0", "battlenet", "bitbucket", "box", "cloudfoundry", "dailymotion", "deezer", "digitalocean", "discord", "dropbox",
 			"eveonline", "fitbit", "gitea", "heroku", "influxcloud", "instagram", "intercom", "kakao", "lastfm", "mailru", "meetup",
 			"microsoftonline", "naver", "nextcloud", "onedrive", "oura", "patreon", "paypal", "salesforce", "shopify", "soundcloud",
-			"spotify", "strava", "stripe", "tiktok", "tumblr", "twitch", "twitter", "typetalk", "uber", "vk", "wepay", "xero", "yahoo",
+			"spotify", "strava", "stripe", "type", "tiktok", "tumblr", "twitch", "twitter", "typetalk", "uber", "vk", "wepay", "xero", "yahoo",
 			"yammer", "yandex", "zoom", "custom",
 		}
 	}
 	if isAdmin {
-		columns = append(columns, "name", "email", "phone", "country_code")
+		columns = append(columns, "name", "email", "phone", "country_code", "type")
+	}
+
+	if util.ContainsString(columns, "groups") {
+		_, err := userEnforcer.UpdateGroupsForUser(user.GetId(), user.Groups)
+		if err != nil {
+			return false, err
+		}
 	}
 
 	affected, err := updateUser(id, user, columns)
@@ -778,6 +798,10 @@ func ExtendUserWithRolesAndPermissions(user *User) (err error) {
 	return
 }
 
+func DeleteGroupForUser(user string, group string) (bool, error) {
+	return userEnforcer.DeleteGroupForUser(user, group)
+}
+
 func userChangeTrigger(oldName string, newName string) error {
 	session := ormer.Engine.NewSession()
 	defer session.Close()
@@ -866,5 +890,13 @@ func (user *User) IsApplicationAdmin(application *Application) bool {
 		return false
 	}
 
-	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin()
+}
+
+func (user *User) IsGlobalAdmin() bool {
+	if user == nil {
+		return false
+	}
+
+	return user.Owner == "built-in"
 }

object/user_avatar.go

@@ -18,6 +18,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"mime"
 	"net/http"
 	"strings"
 
@@ -58,22 +59,15 @@ func downloadImage(client *http.Client, url string) (*bytes.Buffer, string, erro
 	if strings.Contains(contentType, "text/html") {
 		fileExtension = ".html"
 	} else {
-		switch contentType {
-		case "image/jpeg":
-			fileExtension = ".jpg"
-		case "image/png":
-			fileExtension = ".png"
-		case "image/gif":
-			fileExtension = ".gif"
-		case "image/vnd.microsoft.icon":
-			fileExtension = ".ico"
-		case "image/x-icon":
-			fileExtension = ".ico"
-		case "image/svg+xml":
-			fileExtension = ".svg"
-		default:
-			return nil, "", fmt.Errorf("unsupported content type: %s", contentType)
+		fileExtensions, err := mime.ExtensionsByType(contentType)
+		if err != nil {
+			return nil, "", err
 		}
+		if fileExtensions == nil {
+			return nil, "", fmt.Errorf("fileExtensions is nil")
+		}
+
+		fileExtension = fileExtensions[0]
 	}
 
 	// Save the image to a bytes.Buffer

object/user_enforcer.go

@@ -0,0 +1,143 @@
+package object
+
+import (
+	"fmt"
+
+	"github.com/casbin/casbin/v2"
+	"github.com/casbin/casbin/v2/errors"
+	"github.com/casdoor/casdoor/util"
+)
+
+type UserGroupEnforcer struct {
+	// use rbac model implement use group, the enforcer can also implement user role
+	enforcer *casbin.Enforcer
+}
+
+func NewUserGroupEnforcer(enforcer *casbin.Enforcer) *UserGroupEnforcer {
+	return &UserGroupEnforcer{
+		enforcer: enforcer,
+	}
+}
+
+func (e *UserGroupEnforcer) checkModel() error {
+	if _, ok := e.enforcer.GetModel()["g"]; !ok {
+		return fmt.Errorf("The Casbin model used by enforcer doesn't support RBAC (\"[role_definition]\" section not found), please use a RBAC enabled Casbin model for the enforcer")
+	}
+	return nil
+}
+
+func (e *UserGroupEnforcer) AddGroupForUser(user string, group string) (bool, error) {
+	err := e.checkModel()
+	if err != nil {
+		return false, err
+	}
+
+	return e.enforcer.AddRoleForUser(user, GetGroupWithPrefix(group))
+}
+
+func (e *UserGroupEnforcer) AddGroupsForUser(user string, groups []string) (bool, error) {
+	err := e.checkModel()
+	if err != nil {
+		return false, err
+	}
+
+	g := make([]string, len(groups))
+	for i, group := range groups {
+		g[i] = GetGroupWithPrefix(group)
+	}
+	return e.enforcer.AddRolesForUser(user, g)
+}
+
+func (e *UserGroupEnforcer) DeleteGroupForUser(user string, group string) (bool, error) {
+	err := e.checkModel()
+	if err != nil {
+		return false, err
+	}
+
+	return e.enforcer.DeleteRoleForUser(user, GetGroupWithPrefix(group))
+}
+
+func (e *UserGroupEnforcer) DeleteGroupsForUser(user string) (bool, error) {
+	err := e.checkModel()
+	if err != nil {
+		return false, err
+	}
+
+	return e.enforcer.DeleteRolesForUser(user)
+}
+
+func (e *UserGroupEnforcer) GetGroupsForUser(user string) ([]string, error) {
+	err := e.checkModel()
+	if err != nil {
+		return nil, err
+	}
+
+	groups, err := e.enforcer.GetRolesForUser(user)
+	for i, group := range groups {
+		groups[i] = GetGroupWithoutPrefix(group)
+	}
+	return groups, err
+}
+
+func (e *UserGroupEnforcer) GetAllUsersByGroup(group string) ([]string, error) {
+	err := e.checkModel()
+	if err != nil {
+		return nil, err
+	}
+
+	users, err := e.enforcer.GetUsersForRole(GetGroupWithPrefix(group))
+	if err != nil {
+		if err == errors.ERR_NAME_NOT_FOUND {
+			return []string{}, nil
+		}
+		return nil, err
+	}
+	return users, nil
+}
+
+func GetGroupWithPrefix(group string) string {
+	return "group:" + group
+}
+
+func GetGroupWithoutPrefix(group string) string {
+	return group[len("group:"):]
+}
+
+func (e *UserGroupEnforcer) GetUserNamesByGroupName(groupName string) ([]string, error) {
+	err := e.checkModel()
+	if err != nil {
+		return nil, err
+	}
+
+	userIds, err := e.GetAllUsersByGroup(groupName)
+	if err != nil {
+		return nil, err
+	}
+
+	names := []string{}
+	for _, userId := range userIds {
+		_, name := util.GetOwnerAndNameFromIdNoCheck(userId)
+		names = append(names, name)
+	}
+
+	return names, nil
+}
+
+func (e *UserGroupEnforcer) UpdateGroupsForUser(user string, groups []string) (bool, error) {
+	err := e.checkModel()
+	if err != nil {
+		return false, err
+	}
+
+	_, err = e.DeleteGroupsForUser(user)
+	if err != nil {
+		return false, err
+	}
+
+	affected, err := e.AddGroupsForUser(user, groups)
+	if err != nil {
+		return false, err
+	}
+
+	return affected, nil
+}

object/user_upload.go

@@ -73,8 +73,8 @@ func parseListItem(lines *[]string, i int) []string {
 	return trimmedItems
 }
 
-func UploadUsers(owner string, fileId string) (bool, error) {
-	table := xlsx.ReadXlsxFile(fileId)
+func UploadUsers(owner string, path string) (bool, error) {
+	table := xlsx.ReadXlsxFile(path)
 
 	oldUserMap, err := getUserMap(owner)
 	if err != nil {
@@ -124,15 +124,14 @@ func UploadUsers(owner string, fileId string) (bool, error) {
 			IsDefaultAvatar:   false,
 			IsOnline:          parseLineItemBool(&line, 31),
 			IsAdmin:           parseLineItemBool(&line, 32),
-			IsGlobalAdmin:     parseLineItemBool(&line, 33),
-			IsForbidden:       parseLineItemBool(&line, 34),
-			IsDeleted:         parseLineItemBool(&line, 35),
-			SignupApplication: parseLineItem(&line, 36),
+			IsForbidden:       parseLineItemBool(&line, 33),
+			IsDeleted:         parseLineItemBool(&line, 34),
+			SignupApplication: parseLineItem(&line, 35),
 			Hash:              "",
 			PreHash:           "",
-			CreatedIp:         parseLineItem(&line, 37),
-			LastSigninTime:    parseLineItem(&line, 38),
-			LastSigninIp:      parseLineItem(&line, 39),
+			CreatedIp:         parseLineItem(&line, 36),
+			LastSigninTime:    parseLineItem(&line, 37),
+			LastSigninIp:      parseLineItem(&line, 38),
 			Ldap:              "",
 			Properties:        map[string]string{},
 		}

object/user_util.go

@@ -310,10 +310,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		item := GetAccountItemByName("Is admin", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
-	if oldUser.IsGlobalAdmin != newUser.IsGlobalAdmin {
-		item := GetAccountItemByName("Is global admin", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
+
 	if oldUser.IsForbidden != newUser.IsForbidden {
 		item := GetAccountItemByName("Is forbidden", organization)
 		itemsChanged = append(itemsChanged, item)
@@ -351,5 +348,5 @@ func (user *User) IsAdminUser() bool {
 		return false
 	}
 
-	return user.IsAdmin || user.IsGlobalAdmin
+	return user.IsAdmin || user.IsGlobalAdmin()
 }

object/webhook_util.go

@@ -19,12 +19,22 @@ import (
 	"strings"
 
 	"github.com/casdoor/casdoor/util"
+	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
 )
 
-func sendWebhook(webhook *Webhook, record *Record) error {
+func sendWebhook(webhook *Webhook, record *casvisorsdk.Record, extendedUser *User) error {
 	client := &http.Client{}
 
-	body := strings.NewReader(util.StructToJson(record))
+	type RecordEx struct {
+		casvisorsdk.Record
+		ExtendedUser *User `xorm:"-" json:"extendedUser"`
+	}
+	recordEx := &RecordEx{
+		Record:       *record,
+		ExtendedUser: extendedUser,
+	}
+
+	body := strings.NewReader(util.StructToJson(recordEx))
 
 	req, err := http.NewRequest(webhook.Method, webhook.Url, body)
 	if err != nil {

pp/alipay.go

@@ -90,7 +90,7 @@ func (pp *AlipayPaymentProvider) Notify(request *http.Request, body []byte, auth
 		ProductName:        productName,
 		ProductDisplayName: productDisplayName,
 		ProviderName:       providerName,
-		OutOrderId:         orderId,
+		OrderId:            orderId,
 		PaymentStatus:      PaymentStatePaid,
 		Price:              price,
 		PaymentName:        paymentName,

pp/gc.go

@@ -255,7 +255,7 @@ func (pp *GcPaymentProvider) Notify(request *http.Request, body []byte, authorit
 		ProductName:        productName,
 		ProductDisplayName: productDisplayName,
 		ProviderName:       providerName,
-		OutOrderId:         orderId,
+		OrderId:            orderId,
 		Price:              price,
 		PaymentStatus:      PaymentStatePaid,
 		PaymentName:        paymentName,

pp/paypal.go

@@ -52,13 +52,12 @@ func NewPaypalPaymentProvider(clientID string, secret string) (*PaypalPaymentPro
 
 func (pp *PaypalPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
 	// https://github.com/go-pay/gopay/blob/main/doc/paypal.md
-	priceStr := strconv.FormatFloat(price, 'f', 2, 64)
 	units := make([]*paypal.PurchaseUnit, 0, 1)
 	unit := &paypal.PurchaseUnit{
 		ReferenceId: util.GetRandomString(16),
 		Amount: &paypal.Amount{
-			CurrencyCode: currency, // e.g."USD"
-			Value:        priceStr, // e.g."100.00"
+			CurrencyCode: currency,                    // e.g."USD"
+			Value:        priceFloat64ToString(price), // e.g."100.00"
 		},
 		Description: joinAttachString([]string{productDisplayName, productName, providerName}),
 	}
@@ -115,8 +114,8 @@ func (pp *PaypalPaymentProvider) Notify(request *http.Request, body []byte, auth
 	if err != nil {
 		return nil, err
 	}
-	if captureRsp.Code != paypal.Success {
-		errDetail := captureRsp.ErrorResponse.Details[0]
+	if detailRsp.Code != paypal.Success {
+		errDetail := detailRsp.ErrorResponse.Details[0]
 		switch errDetail.Issue {
 		case "ORDER_NOT_APPROVED":
 			notifyResult.PaymentStatus = PaymentStateCanceled
@@ -147,16 +146,15 @@ func (pp *PaypalPaymentProvider) Notify(request *http.Request, body []byte, auth
 		paymentStatus = PaymentStateError
 	}
 	notifyResult = &NotifyResult{
-		PaymentStatus: paymentStatus,
-		PaymentName:   paymentName,
-
+		PaymentStatus:      paymentStatus,
+		PaymentName:        paymentName,
 		ProductName:        productName,
 		ProductDisplayName: productDisplayName,
 		ProviderName:       providerName,
 		Price:              price,
 		Currency:           currency,
 
-		OutOrderId: orderId,
+		OrderId: orderId,
 	}
 	return notifyResult, nil
 }

pp/provider.go

@@ -24,6 +24,7 @@ const (
 	PaymentStatePaid     PaymentState = "Paid"
 	PaymentStateCreated  PaymentState = "Created"
 	PaymentStateCanceled PaymentState = "Canceled"
+	PaymentStateTimeout  PaymentState = "Timeout"
 	PaymentStateError    PaymentState = "Error"
 )
 
@@ -32,13 +33,13 @@ type NotifyResult struct {
 	PaymentStatus PaymentState
 	NotifyMessage string
 
-	ProviderName       string
 	ProductName        string
 	ProductDisplayName string
+	ProviderName       string
 	Price              float64
 	Currency           string
 
-	OutOrderId string
+	OrderId string
 }
 
 type PaymentProvider interface {
@@ -75,6 +76,12 @@ func GetPaymentProvider(typ string, clientId string, clientSecret string, host s
 			return nil, err
 		}
 		return pp, nil
+	} else if typ == "Stripe" {
+		pp, err := NewStripePaymentProvider(clientId, clientSecret)
+		if err != nil {
+			return nil, err
+		}
+		return pp, nil
 	}
 
 	return nil, nil

pp/stripe.go

@@ -0,0 +1,166 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package pp
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/casdoor/casdoor/conf"
+	"github.com/stripe/stripe-go/v74"
+	stripeCheckout "github.com/stripe/stripe-go/v74/checkout/session"
+	stripeIntent "github.com/stripe/stripe-go/v74/paymentintent"
+	stripePrice "github.com/stripe/stripe-go/v74/price"
+	stripeProduct "github.com/stripe/stripe-go/v74/product"
+)
+
+type StripePaymentProvider struct {
+	PublishableKey string
+	SecretKey      string
+	isProd         bool
+}
+
+func NewStripePaymentProvider(PublishableKey, SecretKey string) (*StripePaymentProvider, error) {
+	isProd := false
+	if conf.GetConfigString("runmode") == "prod" {
+		isProd = true
+	}
+	pp := &StripePaymentProvider{
+		PublishableKey: PublishableKey,
+		SecretKey:      SecretKey,
+		isProd:         isProd,
+	}
+	stripe.Key = pp.SecretKey
+	return pp, nil
+}
+
+func (pp *StripePaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (payUrl string, orderId string, err error) {
+	// Create a temp product
+	description := joinAttachString([]string{productName, productDisplayName, providerName})
+	productParams := &stripe.ProductParams{
+		Name:        stripe.String(productDisplayName),
+		Description: stripe.String(description),
+		DefaultPriceData: &stripe.ProductDefaultPriceDataParams{
+			UnitAmount: stripe.Int64(priceFloat64ToInt64(price)),
+			Currency:   stripe.String(currency),
+		},
+	}
+	sProduct, err := stripeProduct.New(productParams)
+	if err != nil {
+		return "", "", err
+	}
+	// Create a price for an existing product
+	priceParams := &stripe.PriceParams{
+		Currency:   stripe.String(currency),
+		UnitAmount: stripe.Int64(priceFloat64ToInt64(price)),
+		Product:    stripe.String(sProduct.ID),
+	}
+	sPrice, err := stripePrice.New(priceParams)
+	if err != nil {
+		return "", "", err
+	}
+	// Create a Checkout Session
+	checkoutParams := &stripe.CheckoutSessionParams{
+		LineItems: []*stripe.CheckoutSessionLineItemParams{
+			{
+				Price:    stripe.String(sPrice.ID),
+				Quantity: stripe.Int64(1),
+			},
+		},
+		Mode:              stripe.String(string(stripe.CheckoutSessionModePayment)),
+		SuccessURL:        stripe.String(returnUrl),
+		CancelURL:         stripe.String(returnUrl),
+		ClientReferenceID: stripe.String(paymentName),
+		ExpiresAt:         stripe.Int64(time.Now().Add(30 * time.Minute).Unix()),
+	}
+	checkoutParams.AddMetadata("product_description", description)
+	sCheckout, err := stripeCheckout.New(checkoutParams)
+	if err != nil {
+		return "", "", err
+	}
+	return sCheckout.URL, sCheckout.ID, nil
+}
+
+func (pp *StripePaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {
+	notifyResult := &NotifyResult{}
+	sCheckout, err := stripeCheckout.Get(orderId, nil)
+	if err != nil {
+		return nil, err
+	}
+	switch sCheckout.Status {
+	case "open":
+		// The checkout session is still in progress. Payment processing has not started
+		notifyResult.PaymentStatus = PaymentStateCreated
+		return notifyResult, nil
+	case "complete":
+		// The checkout session is complete. Payment processing may still be in progress
+	case "expired":
+		// The checkout session has expired. No further processing will occur
+		notifyResult.PaymentStatus = PaymentStateTimeout
+		return notifyResult, nil
+	default:
+		notifyResult.PaymentStatus = PaymentStateError
+		notifyResult.NotifyMessage = fmt.Sprintf("unexpected stripe checkout status: %v", sCheckout.Status)
+		return notifyResult, nil
+	}
+	switch sCheckout.PaymentStatus {
+	case "paid":
+		// Skip
+	case "unpaid":
+		notifyResult.PaymentStatus = PaymentStateCreated
+		return notifyResult, nil
+	default:
+		notifyResult.PaymentStatus = PaymentStateError
+		notifyResult.NotifyMessage = fmt.Sprintf("unexpected stripe checkout payment status: %v", sCheckout.PaymentStatus)
+		return notifyResult, nil
+	}
+	// Once payment is successful, the Checkout Session will contain a reference to the successful `PaymentIntent`
+	sIntent, err := stripeIntent.Get(sCheckout.PaymentIntent.ID, nil)
+	var (
+		productName        string
+		productDisplayName string
+		providerName       string
+	)
+	if description, ok := sCheckout.Metadata["product_description"]; ok {
+		productName, productDisplayName, providerName, _ = parseAttachString(description)
+	}
+	notifyResult = &NotifyResult{
+		PaymentName:   sCheckout.ClientReferenceID,
+		PaymentStatus: PaymentStatePaid,
+
+		ProductName:        productName,
+		ProductDisplayName: productDisplayName,
+		ProviderName:       providerName,
+
+		Price:    priceInt64ToFloat64(sIntent.Amount),
+		Currency: string(sIntent.Currency),
+
+		OrderId: orderId,
+	}
+	return notifyResult, nil
+}
+
+func (pp *StripePaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {
+	return "", nil
+}
+
+func (pp *StripePaymentProvider) GetResponseError(err error) string {
+	if err == nil {
+		return "success"
+	} else {
+		return "fail"
+	}
+}

pp/util.go

@@ -16,6 +16,8 @@ package pp
 
 import (
 	"fmt"
+	"math"
+	"strconv"
 	"strings"
 )
 
@@ -35,3 +37,15 @@ func parseAttachString(s string) (string, string, string, error) {
 	}
 	return tokens[0], tokens[1], tokens[2], nil
 }
+
+func priceInt64ToFloat64(price int64) float64 {
+	return float64(price) / 100
+}
+
+func priceFloat64ToInt64(price float64) int64 {
+	return int64(math.Round(price * 100))
+}
+
+func priceFloat64ToString(price float64) string {
+	return strconv.FormatFloat(price, 'f', 2, 64)
+}

pp/wechatpay.go

@@ -113,7 +113,7 @@ func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, auth
 		ProductName:        productName,
 		ProductDisplayName: productDisplayName,
 		ProviderName:       providerName,
-		OutOrderId:         orderId,
+		OrderId:            orderId,
 		Price:              price,
 		PaymentStatus:      PaymentStatePaid,
 		PaymentName:        paymentName,

routers/router.go

@@ -51,6 +51,7 @@ func initAPI() {
 	beego.Router("/api/signup", &controllers.ApiController{}, "POST:Signup")
 	beego.Router("/api/login", &controllers.ApiController{}, "POST:Login")
 	beego.Router("/api/get-app-login", &controllers.ApiController{}, "GET:GetApplicationLogin")
+	beego.Router("/api/get-dashboard", &controllers.ApiController{}, "GET:GetDashboard")
 	beego.Router("/api/logout", &controllers.ApiController{}, "GET,POST:Logout")
 	beego.Router("/api/get-account", &controllers.ApiController{}, "GET:GetAccount")
 	beego.Router("/api/userinfo", &controllers.ApiController{}, "GET:GetUserinfo")
@@ -180,9 +181,6 @@ func initAPI() {
 	beego.Router("/api/login/oauth/access_token", &controllers.ApiController{}, "POST:GetOAuthToken")
 	beego.Router("/api/login/oauth/refresh_token", &controllers.ApiController{}, "POST:RefreshToken")
 	beego.Router("/api/login/oauth/introspect", &controllers.ApiController{}, "POST:IntrospectToken")
-	beego.Router("/api/get-records", &controllers.ApiController{}, "GET:GetRecords")
-	beego.Router("/api/get-records-filter", &controllers.ApiController{}, "POST:GetRecordsByFilter")
-	beego.Router("/api/add-record", &controllers.ApiController{}, "POST:AddRecord")
 
 	beego.Router("/api/get-sessions", &controllers.ApiController{}, "GET:GetSessions")
 	beego.Router("/api/get-session", &controllers.ApiController{}, "GET:GetSingleSession")
@@ -247,6 +245,7 @@ func initAPI() {
 
 	beego.Router("/api/send-email", &controllers.ApiController{}, "POST:SendEmail")
 	beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")
+	beego.Router("/api/send-notification", &controllers.ApiController{}, "POST:SendNotification")
 
 	beego.Router("/api/webauthn/signup/begin", &controllers.ApiController{}, "Get:WebAuthnSignupBegin")
 	beego.Router("/api/webauthn/signup/finish", &controllers.ApiController{}, "Post:WebAuthnSignupFinish")

routers/static_filter.go

@@ -55,12 +55,6 @@ func StaticFilter(ctx *context.Context) {
 		path += urlPath
 	}
 
-	path2 := strings.TrimPrefix(path, "web/build/images/")
-	if util.FileExist(path2) {
-		makeGzipResponse(ctx.ResponseWriter, ctx.Request, path2)
-		return
-	}
-
 	if !util.FileExist(path) {
 		path = "web/build/index.html"
 	}

storage/google_cloud.go

@@ -0,0 +1,31 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package storage
+
+import (
+	"github.com/casdoor/oss"
+	"github.com/casdoor/oss/googlecloud"
+)
+
+func NewGoogleCloudStorageProvider(clientId string, clientSecret string, bucket string, endpoint string) oss.StorageInterface {
+	sp, _ := googlecloud.New(&googlecloud.Config{
+		AccessID:  clientId,
+		AccessKey: clientSecret,
+		Bucket:    bucket,
+		Endpoint:  endpoint,
+	})
+
+	return sp
+}

storage/qiniu_cloud.go

@@ -0,0 +1,32 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package storage
+
+import (
+	"github.com/casdoor/oss"
+	"github.com/casdoor/oss/qiniu"
+)
+
+func NewQiniuCloudKodoStorageProvider(clientId string, clientSecret string, region string, bucket string, endpoint string) oss.StorageInterface {
+	sp := qiniu.New(&qiniu.Config{
+		AccessID:  clientId,
+		AccessKey: clientSecret,
+		Region:    region,
+		Bucket:    bucket,
+		Endpoint:  endpoint,
+	})
+
+	return sp
+}

storage/storage.go

@@ -30,6 +30,10 @@ func GetStorageProvider(providerType string, clientId string, clientSecret strin
 		return NewTencentCloudCosStorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "Azure Blob":
 		return NewAzureBlobStorageProvider(clientId, clientSecret, region, bucket, endpoint)
+	case "Qiniu Cloud Kodo":
+		return NewQiniuCloudKodoStorageProvider(clientId, clientSecret, region, bucket, endpoint)
+	case "Google Cloud Storage":
+		return NewGoogleCloudStorageProvider(clientId, clientSecret, bucket, endpoint)
 	}
 
 	return nil

swagger/swagger.json

@@ -131,34 +131,6 @@
                 }
             }
         },
-        "/api/add-chat": {
-            "post": {
-                "tags": [
-                    "Chat API"
-                ],
-                "description": "add chat",
-                "operationId": "ApiController.AddChat",
-                "parameters": [
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "The details of the chat",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.Chat"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
         "/api/add-enforcer": {
             "post": {
                 "tags": [
@@ -243,34 +215,6 @@
                 }
             }
         },
-        "/api/add-message": {
-            "post": {
-                "tags": [
-                    "Message API"
-                ],
-                "description": "add message",
-                "operationId": "ApiController.AddMessage",
-                "parameters": [
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "The details of the message",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.Message"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
         "/api/add-model": {
             "post": {
                 "tags": [
@@ -1077,34 +1021,6 @@
                 }
             }
         },
-        "/api/delete-chat": {
-            "post": {
-                "tags": [
-                    "Chat API"
-                ],
-                "description": "delete chat",
-                "operationId": "ApiController.DeleteChat",
-                "parameters": [
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "The details of the chat",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.Chat"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
         "/api/delete-enforcer": {
             "post": {
                 "tags": [
@@ -1189,34 +1105,6 @@
                 }
             }
         },
-        "/api/delete-message": {
-            "post": {
-                "tags": [
-                    "Message API"
-                ],
-                "description": "delete message",
-                "operationId": "ApiController.DeleteMessage",
-                "parameters": [
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "The details of the message",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.Message"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
         "/api/delete-mfa/": {
             "post": {
                 "tags": [
@@ -1964,56 +1852,18 @@
                 }
             }
         },
-        "/api/get-chat": {
+        "/api/get-dashboard": {
             "get": {
                 "tags": [
-                    "Chat API"
-                ],
-                "description": "get chat",
-                "operationId": "ApiController.GetChat",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "id",
-                        "description": "The id ( owner/name ) of the chat",
-                        "required": true,
-                        "type": "string"
-                    }
+                    "GetDashboard API"
                 ],
+                "description": "get information of dashboard",
+                "operationId": "ApiController.GetDashboard",
                 "responses": {
                     "200": {
                         "description": "The Response object",
                         "schema": {
-                            "$ref": "#/definitions/object.Chat"
-                        }
-                    }
-                }
-            }
-        },
-        "/api/get-chats": {
-            "get": {
-                "tags": [
-                    "Chat API"
-                ],
-                "description": "get chats",
-                "operationId": "ApiController.GetChats",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "owner",
-                        "description": "The owner of chats",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/object.Chat"
-                            }
+                            "$ref": "#/definitions/controllers.Response"
                         }
                     }
                 }
@@ -2319,87 +2169,6 @@
                 }
             }
         },
-        "/api/get-message": {
-            "get": {
-                "tags": [
-                    "Message API"
-                ],
-                "description": "get message",
-                "operationId": "ApiController.GetMessage",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "id",
-                        "description": "The id ( owner/name ) of the message",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/object.Message"
-                        }
-                    }
-                }
-            }
-        },
-        "/api/get-message-answer": {
-            "get": {
-                "tags": [
-                    "Message API"
-                ],
-                "description": "get message answer",
-                "operationId": "ApiController.GetMessageAnswer",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "id",
-                        "description": "The id ( owner/name ) of the message",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/object.Message"
-                        }
-                    }
-                }
-            }
-        },
-        "/api/get-messages": {
-            "get": {
-                "tags": [
-                    "Message API"
-                ],
-                "description": "get messages",
-                "operationId": "ApiController.GetMessages",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "owner",
-                        "description": "The owner of messages",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/object.Message"
-                            }
-                        }
-                    }
-                }
-            }
-        },
         "/api/get-model": {
             "get": {
                 "tags": [
@@ -4481,41 +4250,6 @@
                 }
             }
         },
-        "/api/update-chat": {
-            "post": {
-                "tags": [
-                    "Chat API"
-                ],
-                "description": "update chat",
-                "operationId": "ApiController.UpdateChat",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "id",
-                        "description": "The id ( owner/name ) of the chat",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "The details of the chat",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.Chat"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
         "/api/update-enforcer": {
             "post": {
                 "tags": [
@@ -4614,41 +4348,6 @@
                 }
             }
         },
-        "/api/update-message": {
-            "post": {
-                "tags": [
-                    "Message API"
-                ],
-                "description": "update message",
-                "operationId": "ApiController.UpdateMessage",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "id",
-                        "description": "The id ( owner/name ) of the message",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "The details of the message",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.Message"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
         "/api/update-model": {
             "post": {
                 "tags": [
@@ -5431,6 +5130,14 @@
         }
     },
     "definitions": {
+        "1183.0xc000639290.false": {
+            "title": "false",
+            "type": "object"
+        },
+        "1217.0xc0006392c0.false": {
+            "title": "false",
+            "type": "object"
+        },
         "LaravelResponse": {
             "title": "LaravelResponse",
             "type": "object"
@@ -5484,16 +5191,10 @@
             "type": "object",
             "properties": {
                 "data": {
-                    "additionalProperties": {
-                        "description": "support string, struct or []struct",
-                        "type": "string"
-                    }
+                    "$ref": "#/definitions/1183.0xc000639290.false"
                 },
                 "data2": {
-                    "additionalProperties": {
-                        "description": "support string, struct or []struct",
-                        "type": "string"
-                    }
+                    "$ref": "#/definitions/1217.0xc0006392c0.false"
                 },
                 "msg": {
                     "type": "string"
@@ -5531,10 +5232,18 @@
             "title": "JSONWebKey",
             "type": "object"
         },
+        "model.Model": {
+            "title": "Model",
+            "type": "object"
+        },
         "object": {
             "title": "object",
             "type": "object"
         },
+        "object.\u0026{197049 0xc000a2cd50 false}": {
+            "title": "\u0026{197049 0xc000a2cd50 false}",
+            "type": "object"
+        },
         "object.AccountItem": {
             "title": "AccountItem",
             "type": "object",
@@ -5557,16 +5266,41 @@
             "title": "Adapter",
             "type": "object",
             "properties": {
-                "Engine": {
-                    "$ref": "#/definitions/xorm.Engine"
-                },
-                "dataSourceName": {
+                "createdTime": {
                     "type": "string"
                 },
-                "dbName": {
+                "database": {
                     "type": "string"
                 },
-                "driverName": {
+                "databaseType": {
+                    "type": "string"
+                },
+                "host": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "owner": {
+                    "type": "string"
+                },
+                "password": {
+                    "type": "string"
+                },
+                "port": {
+                    "type": "integer",
+                    "format": "int64"
+                },
+                "table": {
+                    "type": "string"
+                },
+                "tableNamePrefix": {
+                    "type": "string"
+                },
+                "type": {
+                    "type": "string"
+                },
+                "user": {
                     "type": "string"
                 }
             }
@@ -5728,7 +5462,7 @@
             "title": "CasbinRequest",
             "type": "array",
             "items": {
-                "$ref": "#/definitions/object.CasbinRequest"
+                "$ref": "#/definitions/object.\u0026{197049 0xc000a2cd50 false}"
             }
         },
         "object.Cert": {
@@ -5778,52 +5512,6 @@
                 }
             }
         },
-        "object.Chat": {
-            "title": "Chat",
-            "type": "object",
-            "properties": {
-                "category": {
-                    "type": "string"
-                },
-                "createdTime": {
-                    "type": "string"
-                },
-                "displayName": {
-                    "type": "string"
-                },
-                "messageCount": {
-                    "type": "integer",
-                    "format": "int64"
-                },
-                "name": {
-                    "type": "string"
-                },
-                "organization": {
-                    "type": "string"
-                },
-                "owner": {
-                    "type": "string"
-                },
-                "type": {
-                    "type": "string"
-                },
-                "updatedTime": {
-                    "type": "string"
-                },
-                "user1": {
-                    "type": "string"
-                },
-                "user2": {
-                    "type": "string"
-                },
-                "users": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                }
-            }
-        },
         "object.Enforce": {
             "title": "Enforce",
             "type": "object"
@@ -5844,12 +5532,14 @@
                 "displayName": {
                     "type": "string"
                 },
-                "isEnabled": {
-                    "type": "boolean"
-                },
                 "model": {
                     "type": "string"
                 },
+                "modelCfg": {
+                    "additionalProperties": {
+                        "type": "string"
+                    }
+                },
                 "name": {
                     "type": "string"
                 },
@@ -6084,36 +5774,6 @@
                 }
             }
         },
-        "object.Message": {
-            "title": "Message",
-            "type": "object",
-            "properties": {
-                "author": {
-                    "type": "string"
-                },
-                "chat": {
-                    "type": "string"
-                },
-                "createdTime": {
-                    "type": "string"
-                },
-                "name": {
-                    "type": "string"
-                },
-                "organization": {
-                    "type": "string"
-                },
-                "owner": {
-                    "type": "string"
-                },
-                "replyTo": {
-                    "type": "string"
-                },
-                "text": {
-                    "type": "string"
-                }
-            }
-        },
         "object.MfaItem": {
             "title": "MfaItem",
             "type": "object",
@@ -6169,9 +5829,6 @@
                 "displayName": {
                     "type": "string"
                 },
-                "isEnabled": {
-                    "type": "boolean"
-                },
                 "modelText": {
                     "type": "string"
                 },
@@ -6349,6 +6006,24 @@
                 }
             }
         },
+        "object.Ormer": {
+            "title": "Ormer",
+            "type": "object",
+            "properties": {
+                "Engine": {
+                    "$ref": "#/definitions/xorm.Engine"
+                },
+                "dataSourceName": {
+                    "type": "string"
+                },
+                "dbName": {
+                    "type": "string"
+                },
+                "driverName": {
+                    "type": "string"
+                }
+            }
+        },
         "object.Payment": {
             "title": "Payment",
             "type": "object",
@@ -6386,7 +6061,7 @@
                 "name": {
                     "type": "string"
                 },
-                "organization": {
+                "outOrderId": {
                     "type": "string"
                 },
                 "owner": {
@@ -6424,7 +6099,7 @@
                     "type": "string"
                 },
                 "state": {
-                    "type": "string"
+                    "$ref": "#/definitions/pp.PaymentState"
                 },
                 "tag": {
                     "type": "string"
@@ -7124,9 +6799,6 @@
                         "$ref": "#/definitions/object.TableColumn"
                     }
                 },
-                "tablePrimaryKey": {
-                    "type": "string"
-                },
                 "type": {
                     "type": "string"
                 },
@@ -7145,6 +6817,9 @@
                 "isHashed": {
                     "type": "boolean"
                 },
+                "isKey": {
+                    "type": "boolean"
+                },
                 "name": {
                     "type": "string"
                 },
@@ -7464,9 +7139,6 @@
                 "isForbidden": {
                     "type": "boolean"
                 },
-                "isGlobalAdmin": {
-                    "type": "boolean"
-                },
                 "isOnline": {
                     "type": "boolean"
                 },
@@ -7692,6 +7364,9 @@
                 "vk": {
                     "type": "string"
                 },
+                "web3onboard": {
+                    "type": "string"
+                },
                 "webauthnCredentials": {
                     "type": "array",
                     "items": {
@@ -7811,6 +7486,18 @@
                 }
             }
         },
+        "pp.PaymentState": {
+            "title": "PaymentState",
+            "type": "string",
+            "enum": [
+                "PaymentStatePaid = \"Paid\"",
+                "PaymentStateCreated = \"Created\"",
+                "PaymentStateCanceled = \"Canceled\"",
+                "PaymentStateTimeout = \"Timeout\"",
+                "PaymentStateError = \"Error\""
+            ],
+            "example": "Paid"
+        },
         "protocol.CredentialAssertion": {
             "title": "CredentialAssertion",
             "type": "object"
@@ -7871,6 +7558,10 @@
         "xorm.Engine": {
             "title": "Engine",
             "type": "object"
+        },
+        "xormadapter.Adapter": {
+            "title": "Adapter",
+            "type": "object"
         }
     },
     "securityDefinitions": {
@@ -7879,9 +7570,5 @@
             "name": "Authorization",
             "in": "header"
         }
-    },
-    "externalDocs": {
-        "description": "Find out more about Casdoor",
-        "url": "https://casdoor.org/"
     }
 }

swagger/swagger.yml

@@ -85,24 +85,6 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
-  /api/add-chat:
-    post:
-      tags:
-      - Chat API
-      description: add chat
-      operationId: ApiController.AddChat
-      parameters:
-      - in: body
-        name: body
-        description: The details of the chat
-        required: true
-        schema:
-          $ref: '#/definitions/object.Chat'
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
   /api/add-enforcer:
     post:
       tags:
@@ -157,24 +139,6 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
-  /api/add-message:
-    post:
-      tags:
-      - Message API
-      description: add message
-      operationId: ApiController.AddMessage
-      parameters:
-      - in: body
-        name: body
-        description: The details of the message
-        required: true
-        schema:
-          $ref: '#/definitions/object.Message'
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
   /api/add-model:
     post:
       tags:
@@ -696,24 +660,6 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
-  /api/delete-chat:
-    post:
-      tags:
-      - Chat API
-      description: delete chat
-      operationId: ApiController.DeleteChat
-      parameters:
-      - in: body
-        name: body
-        description: The details of the chat
-        required: true
-        schema:
-          $ref: '#/definitions/object.Chat'
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
   /api/delete-enforcer:
     post:
       tags:
@@ -768,24 +714,6 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
-  /api/delete-message:
-    post:
-      tags:
-      - Message API
-      description: delete message
-      operationId: ApiController.DeleteMessage
-      parameters:
-      - in: body
-        name: body
-        description: The details of the message
-        required: true
-        schema:
-          $ref: '#/definitions/object.Message'
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
   /api/delete-mfa/:
     post:
       tags:
@@ -1271,42 +1199,17 @@ paths:
             type: array
             items:
               $ref: '#/definitions/object.Cert'
-  /api/get-chat:
+  /api/get-dashboard:
     get:
       tags:
-      - Chat API
-      description: get chat
-      operationId: ApiController.GetChat
-      parameters:
-      - in: query
-        name: id
-        description: The id ( owner/name ) of the chat
-        required: true
-        type: string
+      - GetDashboard API
+      description: get information of dashboard
+      operationId: ApiController.GetDashboard
       responses:
         "200":
           description: The Response object
           schema:
-            $ref: '#/definitions/object.Chat'
-  /api/get-chats:
-    get:
-      tags:
-      - Chat API
-      description: get chats
-      operationId: ApiController.GetChats
-      parameters:
-      - in: query
-        name: owner
-        description: The owner of chats
-        required: true
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            type: array
-            items:
-              $ref: '#/definitions/object.Chat'
+            $ref: '#/definitions/controllers.Response'
   /api/get-default-application:
     get:
       tags:
@@ -1503,59 +1406,6 @@ paths:
             type: array
             items:
               $ref: '#/definitions/object.Ldap'
-  /api/get-message:
-    get:
-      tags:
-      - Message API
-      description: get message
-      operationId: ApiController.GetMessage
-      parameters:
-      - in: query
-        name: id
-        description: The id ( owner/name ) of the message
-        required: true
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/object.Message'
-  /api/get-message-answer:
-    get:
-      tags:
-      - Message API
-      description: get message answer
-      operationId: ApiController.GetMessageAnswer
-      parameters:
-      - in: query
-        name: id
-        description: The id ( owner/name ) of the message
-        required: true
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/object.Message'
-  /api/get-messages:
-    get:
-      tags:
-      - Message API
-      description: get messages
-      operationId: ApiController.GetMessages
-      parameters:
-      - in: query
-        name: owner
-        description: The owner of messages
-        required: true
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            type: array
-            items:
-              $ref: '#/definitions/object.Message'
   /api/get-model:
     get:
       tags:
@@ -2925,29 +2775,6 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
-  /api/update-chat:
-    post:
-      tags:
-      - Chat API
-      description: update chat
-      operationId: ApiController.UpdateChat
-      parameters:
-      - in: query
-        name: id
-        description: The id ( owner/name ) of the chat
-        required: true
-        type: string
-      - in: body
-        name: body
-        description: The details of the chat
-        required: true
-        schema:
-          $ref: '#/definitions/object.Chat'
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
   /api/update-enforcer:
     post:
       tags:
@@ -3012,29 +2839,6 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
-  /api/update-message:
-    post:
-      tags:
-      - Message API
-      description: update message
-      operationId: ApiController.UpdateMessage
-      parameters:
-      - in: query
-        name: id
-        description: The id ( owner/name ) of the message
-        required: true
-        type: string
-      - in: body
-        name: body
-        description: The details of the message
-        required: true
-        schema:
-          $ref: '#/definitions/object.Message'
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
   /api/update-model:
     post:
       tags:
@@ -3549,6 +3353,12 @@ paths:
           schema:
             $ref: '#/definitions/controllers.Response'
 definitions:
+  1183.0xc000639290.false:
+    title: "false"
+    type: object
+  1217.0xc0006392c0.false:
+    title: "false"
+    type: object
   LaravelResponse:
     title: LaravelResponse
     type: object
@@ -3588,13 +3398,9 @@ definitions:
     type: object
     properties:
       data:
-        additionalProperties:
-          description: support string, struct or []struct
-          type: string
+        $ref: '#/definitions/1183.0xc000639290.false'
       data2:
-        additionalProperties:
-          description: support string, struct or []struct
-          type: string
+        $ref: '#/definitions/1217.0xc0006392c0.false'
       msg:
         type: string
       name:
@@ -3618,9 +3424,15 @@ definitions:
   jose.JSONWebKey:
     title: JSONWebKey
     type: object
+  model.Model:
+    title: Model
+    type: object
   object:
     title: object
     type: object
+  object.&{197049 0xc000a2cd50 false}:
+    title: '&{197049 0xc000a2cd50 false}'
+    type: object
   object.AccountItem:
     title: AccountItem
     type: object
@@ -3637,13 +3449,30 @@ definitions:
     title: Adapter
     type: object
     properties:
-      Engine:
-        $ref: '#/definitions/xorm.Engine'
-      dataSourceName:
+      createdTime:
         type: string
-      dbName:
+      database:
         type: string
-      driverName:
+      databaseType:
+        type: string
+      host:
+        type: string
+      name:
+        type: string
+      owner:
+        type: string
+      password:
+        type: string
+      port:
+        type: integer
+        format: int64
+      table:
+        type: string
+      tableNamePrefix:
+        type: string
+      type:
+        type: string
+      user:
         type: string
   object.Application:
     title: Application
@@ -3752,7 +3581,7 @@ definitions:
     title: CasbinRequest
     type: array
     items:
-      $ref: '#/definitions/object.CasbinRequest'
+      $ref: '#/definitions/object.&{197049 0xc000a2cd50 false}'
   object.Cert:
     title: Cert
     type: object
@@ -3785,37 +3614,6 @@ definitions:
         type: string
       type:
         type: string
-  object.Chat:
-    title: Chat
-    type: object
-    properties:
-      category:
-        type: string
-      createdTime:
-        type: string
-      displayName:
-        type: string
-      messageCount:
-        type: integer
-        format: int64
-      name:
-        type: string
-      organization:
-        type: string
-      owner:
-        type: string
-      type:
-        type: string
-      updatedTime:
-        type: string
-      user1:
-        type: string
-      user2:
-        type: string
-      users:
-        type: array
-        items:
-          type: string
   object.Enforce:
     title: Enforce
     type: object
@@ -3831,10 +3629,11 @@ definitions:
         type: string
       displayName:
         type: string
-      isEnabled:
-        type: boolean
       model:
         type: string
+      modelCfg:
+        additionalProperties:
+          type: string
       name:
         type: string
       owner:
@@ -3992,26 +3791,6 @@ definitions:
         type: string
       username:
         type: string
-  object.Message:
-    title: Message
-    type: object
-    properties:
-      author:
-        type: string
-      chat:
-        type: string
-      createdTime:
-        type: string
-      name:
-        type: string
-      organization:
-        type: string
-      owner:
-        type: string
-      replyTo:
-        type: string
-      text:
-        type: string
   object.MfaItem:
     title: MfaItem
     type: object
@@ -4050,8 +3829,6 @@ definitions:
         type: string
       displayName:
         type: string
-      isEnabled:
-        type: boolean
       modelText:
         type: string
       name:
@@ -4169,6 +3946,18 @@ definitions:
         $ref: '#/definitions/object.ThemeData'
       websiteUrl:
         type: string
+  object.Ormer:
+    title: Ormer
+    type: object
+    properties:
+      Engine:
+        $ref: '#/definitions/xorm.Engine'
+      dataSourceName:
+        type: string
+      dbName:
+        type: string
+      driverName:
+        type: string
   object.Payment:
     title: Payment
     type: object
@@ -4195,7 +3984,7 @@ definitions:
         type: string
       name:
         type: string
-      organization:
+      outOrderId:
         type: string
       owner:
         type: string
@@ -4221,7 +4010,7 @@ definitions:
       returnUrl:
         type: string
       state:
-        type: string
+        $ref: '#/definitions/pp.PaymentState'
       tag:
         type: string
       type:
@@ -4692,8 +4481,6 @@ definitions:
         type: array
         items:
           $ref: '#/definitions/object.TableColumn'
-      tablePrimaryKey:
-        type: string
       type:
         type: string
       user:
@@ -4706,6 +4493,8 @@ definitions:
         type: string
       isHashed:
         type: boolean
+      isKey:
+        type: boolean
       name:
         type: string
       type:
@@ -4920,8 +4709,6 @@ definitions:
         type: boolean
       isForbidden:
         type: boolean
-      isGlobalAdmin:
-        type: boolean
       isOnline:
         type: boolean
       kakao:
@@ -5073,6 +4860,8 @@ definitions:
         type: string
       vk:
         type: string
+      web3onboard:
+        type: string
       webauthnCredentials:
         type: array
         items:
@@ -5151,6 +4940,16 @@ definitions:
         type: string
       url:
         type: string
+  pp.PaymentState:
+    title: PaymentState
+    type: string
+    enum:
+    - PaymentStatePaid = "Paid"
+    - PaymentStateCreated = "Created"
+    - PaymentStateCanceled = "Canceled"
+    - PaymentStateTimeout = "Timeout"
+    - PaymentStateError = "Error"
+    example: Paid
   protocol.CredentialAssertion:
     title: CredentialAssertion
     type: object
@@ -5195,11 +4994,11 @@ definitions:
   xorm.Engine:
     title: Engine
     type: object
+  xormadapter.Adapter:
+    title: Adapter
+    type: object
 securityDefinitions:
   AccessToken:
     type: apiKey
     name: Authorization
     in: header
-externalDocs:
-  description: Find out more about Casdoor
-  url: https://casdoor.org/

util/casbin.go

@@ -0,0 +1,63 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import xormadapter "github.com/casdoor/xorm-adapter/v3"
+
+func CasbinToSlice(casbinRule xormadapter.CasbinRule) []string {
+	s := []string{
+		casbinRule.V0,
+		casbinRule.V1,
+		casbinRule.V2,
+		casbinRule.V3,
+		casbinRule.V4,
+		casbinRule.V5,
+	}
+	// remove empty strings from end, for update model policy map
+	for i := len(s) - 1; i >= 0; i-- {
+		if s[i] != "" {
+			s = s[:i+1]
+			break
+		}
+	}
+	return s
+}
+
+func safeReturn(policy []string, i int) string {
+	if len(policy) > i {
+		return policy[i]
+	} else {
+		return ""
+	}
+}
+
+func MatrixToCasbinRules(Ptype string, policies [][]string) []*xormadapter.CasbinRule {
+	res := []*xormadapter.CasbinRule{}
+
+	for _, policy := range policies {
+		line := xormadapter.CasbinRule{
+			Ptype: Ptype,
+			V0:    safeReturn(policy, 0),
+			V1:    safeReturn(policy, 1),
+			V2:    safeReturn(policy, 2),
+			V3:    safeReturn(policy, 3),
+			V4:    safeReturn(policy, 4),
+			V5:    safeReturn(policy, 5),
+		}
+		res = append(res, &line)
+	}
+
+	return res
+}

util/path.go

@@ -34,16 +34,6 @@ func GetPath(path string) string {
 	return filepath.Dir(path)
 }
 
-func EnsureFileFolderExists(path string) {
-	p := GetPath(path)
-	if !FileExist(p) {
-		err := os.MkdirAll(p, os.ModePerm)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
 func ListFiles(path string) []string {
 	res := []string{}
 

util/setting.go

@@ -14,8 +14,13 @@
 
 package util
 
-import "fmt"
+import "io/ioutil"
 
 func GetUploadXlsxPath(fileId string) string {
-	return fmt.Sprintf("tmpFiles/%s.xlsx", fileId)
+	file, err := ioutil.TempFile("", fileId)
+	if err != nil {
+		panic(err)
+	}
+
+	return file.Name()
 }