Merge pull request #7 from nodece/feat_application

feat: add application module
Merge pull request #6 from nodece/improve_user_style
2025-07-17 14:23:49 +08:00 · 2020-11-24 14:48:25 +00:00 · 2020-11-24 14:04:29 +00:00 · 2020-11-23 23:50:59 +08:00 · 2020-11-23 22:10:11 +08:00 · 2020-11-12 00:09:18 +08:00
549 changed files with 14335 additions and 116795 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1 +0,0 @@
-web/node_modules/
--- a/.env.template
+++ b/.env.template
@ -0,0 +1,2 @@
+HTTP_PORT=:7000
+DB_DATABASE_SOURCE=root:123@tcp(localhost:3306)/casdoor
--- a/.gitattributes
+++ b/.gitattributes
@ -1,5 +0,0 @@
-*.go linguist-detectable=true
-*.js linguist-detectable=false
-# Declare files that will always have LF line endings on checkout.
-# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
-*.sh text eol=lf
--- a/.github/semantic.yml
+++ b/.github/semantic.yml
@ -1,12 +0,0 @@
-# Always validate the PR title AND all the commits
-titleAndCommits: true
-# Require at least one commit to be valid
-# this is only relevant when using commitsOnly: true or titleAndCommits: true,
-# which validate all commits by default
-anyCommit: true
-# Allow use of Merge commits (eg on github: "Merge branch 'master' into feature/ride-unicorns")
-# this is only relevant when using commitsOnly: true (or titleAndCommits: true)
-allowMergeCommits: false
-# Allow use of Revert commits (eg on github: "Revert "feat: ride unicorns"")
-# this is only relevant when using commitsOnly: true (or titleAndCommits: true)
-allowRevertCommits: false
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,210 +0,0 @@
-name: Build
-
-on: [push, pull_request]
-
-jobs:
-
-  go-tests:
-    name: Running Go tests
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_DATABASE: casdoor
-          MYSQL_ROOT_PASSWORD: 123456
-        ports:
-          - 3306:3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '^1.16.5'
-          cache-dependency-path: ./go.mod
-      - name: Tests
-        run: |
-          go test -v $(go list ./...) -tags skipCi
-        working-directory: ./
-
-  frontend:
-    name: Front-end
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-          cache: 'yarn'
-          cache-dependency-path: ./web/yarn.lock
-      - run: yarn install && CI=false yarn run build
-        working-directory: ./web
-
-  backend:
-    name: Back-end
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '^1.16.5'
-          cache-dependency-path: ./go.mod
-      - run: go version
-      - name: Build
-        run: |
-          go build -race -ldflags "-extldflags '-static'"
-        working-directory: ./
-
-  linter:
-    name: Go-Linter
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '^1.16.5'
-          cache: false
-
-      # gen a dummy config file
-      - run: touch dummy.yml
-
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: latest
-          args: --disable-all -c dummy.yml -E=gofumpt --max-same-issues=0 --timeout 5m --modules-download-mode=mod
-
-  e2e:
-    name: e2e-test
-    runs-on: ubuntu-latest
-    needs: [ go-tests ]
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_DATABASE: casdoor
-          MYSQL_ROOT_PASSWORD: 123456
-        ports:
-          - 3306:3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '^1.16.5'
-          cache-dependency-path: ./go.mod
-      - name: start backend
-        run: nohup go run ./main.go &
-        working-directory: ./
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-          cache: 'yarn'
-          cache-dependency-path: ./web/yarn.lock
-      - run: yarn install
-        working-directory: ./web
-      - uses: cypress-io/github-action@v5
-        with:
-          start: yarn start
-          wait-on: 'http://localhost:7001'
-          wait-on-timeout: 180
-          working-directory: ./web
-
-      - uses: actions/upload-artifact@v3
-        if: failure()
-        with:
-          name: cypress-screenshots
-          path: ./web/cypress/screenshots
-      - uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: cypress-videos
-          path: ./web/cypress/videos
-
-  release-and-push:
-    name: Release And Push
-    runs-on: ubuntu-latest
-    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
-    needs: [ frontend, backend, linter, e2e ]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: -1
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16
-
-      - name: Fetch Previous version
-        id: get-previous-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1.6.0
-
-      - name: Release
-        run: yarn global add semantic-release@17.4.4 && semantic-release
-        env:
-          GH_TOKEN: ${{ secrets.GH_BOT_TOKEN }}
-
-      - name: Fetch Current version
-        id: get-current-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1.6.0
-
-      - name: Decide Should_Push Or Not
-        id: should_push
-        run: |
-          old_version=${{steps.get-previous-tag.outputs.tag}}
-          new_version=${{steps.get-current-tag.outputs.tag }}
-
-          old_array=(${old_version//\./ })
-          new_array=(${new_version//\./ })
-
-          if [ ${old_array[0]} != ${new_array[0]} ]
-          then 
-              echo ::set-output name=push::'true'
-          elif [ ${old_array[1]} != ${new_array[1]} ]
-          then 
-              echo ::set-output name=push::'true'
-          
-          else
-              echo ::set-output name=push::'false'
-          
-          fi
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          version: latest
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v1
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Push to Docker Hub
-        uses: docker/build-push-action@v3
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
-        with:
-          context: .
-          target: STANDARD
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
-
-      - name: Push All In One Version to Docker Hub
-        uses: docker/build-push-action@v3
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
-        with:
-          context: .
-          target: ALLINONE
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest
--- a/.github/workflows/migrate.yml
+++ b/.github/workflows/migrate.yml
@ -1,61 +0,0 @@
-name: Migration Test
-
-on:
-  push:
-    paths:
-      - 'object/migrator**'
-  pull_request:
-    paths:
-      - 'object/migrator**'
-
-jobs:
-
-  db-migrator-test:
-    name: db-migrator-test
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_DATABASE: casdoor
-          MYSQL_ROOT_PASSWORD: 123456
-        ports:
-          - 3306:3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: '^1.16.5'
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 16
-      - name: pull casdoor-master-latest
-        run: |
-          sudo apt update
-          sudo apt install git
-          sudo apt install net-tools
-          sudo mkdir tmp
-          cd tmp
-          sudo git clone https://github.com/casdoor/casdoor.git
-          cd ..
-        working-directory: ./
-      - name: run casdoor-master-latest
-        run: |
-          sudo nohup go run main.go &
-          sudo sleep 2m
-        working-directory: ./tmp/casdoor
-      - name: stop casdoor-master-latest
-        run: |
-          sudo kill -9 `sudo netstat -anltp | grep 8000 | awk '{print $7}' | cut -d / -f 1`
-        working-directory: ./
-      - name: run casdoor-current-version
-        run: |
-          sudo nohup go run ./main.go &
-          sudo sleep 2m
-        working-directory: ./
-      - name: test port-8000
-        run: |
-          if [[ `sudo netstat -anltp | grep 8000 | awk '{print $7}'` == "" ]];then echo 'db-migrator-test fail' && exit 1;fi;
-          echo 'db-migrator-test pass'
-        working-directory: ./
--- a/.github/workflows/sync.yml
+++ b/.github/workflows/sync.yml
@ -1,56 +0,0 @@
-name: Crowdin Action
-
-on:
-  push:
-    branches: [ master ]
-
-jobs:
-  synchronize-with-crowdin:
-    runs-on: ubuntu-latest
-    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
-    steps:
-
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: crowdin action
-      uses: crowdin/github-action@1.4.8
-      with:
-        upload_translations: true
-
-        download_translations: true
-        push_translations: true
-        commit_message: 'refactor: New Crowdin translations by Github Action'
-
-        localization_branch_name: l10n_crowdin_action
-        create_pull_request: true
-        pull_request_title: 'refactor: New Crowdin translations'
-
-        crowdin_branch_name: l10n_branch
-        config: './web/crowdin.yml'
-
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        CROWDIN_PROJECT_ID: '463556'
-        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
-
-    - name: crowdin backend action
-      uses: crowdin/github-action@1.4.8
-      with:
-        upload_translations: true
-
-        download_translations: true
-        push_translations: true
-        commit_message: 'refactor: New Crowdin Backend translations by Github Action'
-
-        localization_branch_name: l10n_crowdin_action
-        create_pull_request: true
-        pull_request_title: 'refactor: New Crowdin Backend translations'
-
-        crowdin_branch_name: l10n_branch
-        config: './crowdin.yml'
-
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        CROWDIN_PROJECT_ID: '463556'
-        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@ -4,7 +4,6 @@
 *.dll
 *.so
 *.dylib
-*.swp

 # Test binary, built with `go test -c`
 *.test
@ -13,22 +12,16 @@
 *.out

 # Dependency directories (remove the comment below to include it)
-vendor/
-bin/
+# vendor/

 .idea/
 *.iml
-.vscode/

 tmp/
 tmpFiles/
 *.tmp
 logs/
-files/
 lastupdate.tmp
 commentsRouter*.go

-# ignore build result
-casdoor
-server_linux_arm64
-server_linux_amd64
+.env
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,42 +0,0 @@
-linters:
-  disable-all: true
-  enable:
-    - deadcode
-    - dupl
-    - errcheck
-    - goconst
-    - gocyclo
-    - gofmt
-    - goimports
-    - gosec
-    - gosimple
-    - govet
-    - ineffassign
-    - lll
-    - misspell
-    - nakedret
-    - prealloc
-    - staticcheck
-    - structcheck
-    - typecheck
-    - unconvert
-    - unparam
-    - unused
-    - varcheck
-    - revive
-    - exportloopref
-run:
-  deadline: 5m
-  skip-dirs:
-    - api
-  # skip-files:
-  #   - ".*_test\\.go$"
-  modules-download-mode: mod
-# all available settings of specific linters
-linters-settings:
-  lll:
-    # max line length, lines longer will be reported. Default is 120.
-    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
-    line-length: 150
-    # tab width in spaces. Default to 1.
-    tab-width: 1
--- a/.releaserc.json
+++ b/.releaserc.json
@ -1,23 +0,0 @@
-{
-  "debug": true,
-  "branches": [
-    "+([0-9])?(.{+([0-9]),x}).x",
-    "master",
-    {
-      "name": "rc"
-    },
-    {
-      "name": "beta",
-      "prerelease": true
-    },
-    {
-      "name": "alpha",
-      "prerelease": true
-    }
-  ],
-  "plugins": [
-    "@semantic-release/commit-analyzer",
-    "@semantic-release/release-notes-generator",
-    "@semantic-release/github"
-  ]
-}
--- a/70
+++ b/70
@ -1,70 +0,0 @@
-FROM node:16.18.0 AS FRONT
-WORKDIR /web
-COPY ./web .
-RUN yarn config set registry https://registry.npmmirror.com
-RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build
-
-
-FROM golang:1.19.9 AS BACK
-WORKDIR /go/src/casdoor
-COPY . .
-RUN ./build.sh
-RUN go test -v -run TestGetVersionInfo ./util/system_test.go ./util/system.go > version_info.txt
-
-FROM alpine:latest AS STANDARD
-LABEL MAINTAINER="https://casdoor.org/"
-ARG USER=casdoor
-ARG TARGETOS
-ARG TARGETARCH
-ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
-
-RUN sed -i 's/https/http/' /etc/apk/repositories
-RUN apk add --update sudo
-RUN apk add curl
-RUN apk add ca-certificates && update-ca-certificates
-
-RUN adduser -D $USER -u 1000 \
-    && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
-    && chmod 0440 /etc/sudoers.d/$USER \
-    && mkdir logs \
-    && chown -R $USER:$USER logs
-
-USER 1000
-WORKDIR /
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
-COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
-
-ENTRYPOINT ["/server"]
-
-
-FROM debian:latest AS db
-RUN apt update \
-    && apt install -y \
-        mariadb-server \
-        mariadb-client \
-    && rm -rf /var/lib/apt/lists/*
-
-
-FROM db AS ALLINONE
-LABEL MAINTAINER="https://casdoor.org/"
-ARG TARGETOS
-ARG TARGETARCH
-ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
-
-RUN apt update
-RUN apt install -y ca-certificates && update-ca-certificates
-
-WORKDIR /
-COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
-COPY --from=BACK /go/src/casdoor/swagger ./swagger
-COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
-COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
-COPY --from=FRONT /web/build ./web/build
-RUN mkdir tempFiles
-
-ENTRYPOINT ["/bin/bash"]
-CMD ["/docker-entrypoint.sh"]
--- a/113
+++ b/113
@ -1,113 +0,0 @@
-
-# Image URL to use all building/pushing image targets
-REGISTRY ?= casbin
-IMG ?= casdoor
-IMG_TAG ?=$(shell git --no-pager log -1 --format="%ad" --date=format:"%Y%m%d")-$(shell git describe --tags --always --dirty --abbrev=6)
-NAMESPACE ?= casdoor
-APP ?= casdoor
-HOST ?= test.com
-
-
-# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
-ifeq (,$(shell go env GOBIN))
-GOBIN=$(shell go env GOPATH)/bin
-else
-GOBIN=$(shell go env GOBIN)
-endif
-
-# Setting SHELL to bash allows bash commands to be executed by recipes.
-# This is a requirement for 'setup-envtest.sh' in the test target.
-# Options are set to exit when a recipe line exits non-zero or a piped command fails.
-SHELL = /usr/bin/env bash -o pipefail
-.SHELLFLAGS = -ec
-
-.PHONY: all
-all: docker-build docker-push deploy
-
-##@ General
-
-# The help target prints out all targets with their descriptions organized
-# beneath their categories. The categories are represented by '##@' and the
-# target descriptions by '##'. The awk commands is responsible for reading the
-# entire set of makefiles included in this invocation, looking for lines of the
-# file as xyz: ## something, and then pretty-format the target and help. Then,
-# if there's a line with ##@ something, that gets pretty-printed as a category.
-# More info on the usage of ANSI control characters for terminal formatting:
-# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
-# More info on the awk command:
-# http://linuxcommand.org/lc3_adv_awk.php
-
-.PHONY: help
-help: ## Display this help.
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
-
-##@ Development
-
-.PHONY: fmt
-fmt: ## Run go fmt against code.
-	go fmt ./...
-
-.PHONY: vet
-vet: ## Run go vet against code.
-	go vet ./...
-
-.PHONY: ut
-ut: ## UT test
-	go test -v -cover -coverprofile=coverage.out ./...
-	go tool cover -func=coverage.out
-
-##@ Build
-
-.PHONY: backend
-backend: fmt vet ## Build backend binary.
-	go build -o bin/manager main.go
-
-.PHONY: backend-vendor
-backend-vendor: vendor fmt vet ## Build backend binary with vendor.
-	go build -mod=vendor -o bin/manager main.go
-
-.PHONY: frontend
-frontend: ## Build backend binary.
-	cd web/ && yarn && yarn run build && cd -
-
-.PHONY: vendor
-vendor: ## Update vendor.
-	go mod vendor
-
-.PHONY: run
-run: fmt vet ## Run backend in local 
-	go run ./main.go
-
-.PHONY: docker-build
-docker-build: ## Build docker image with the manager.
-	docker build -t ${REGISTRY}/${IMG}:${IMG_TAG} .
-
-.PHONY: docker-push
-docker-push: ## Push docker image with the manager.
-	docker push ${REGISTRY}/${IMG}:${IMG_TAG}
-
-lint-install: ## Install golangci-lint
-	@# The following installs a specific version of golangci-lint, which is appropriate for a CI server to avoid different results from build to build
-	go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1
-
-lint: ## Run golangci-lint
-	@echo "---lint---"
-	golangci-lint run --modules-download-mode=vendor ./...
-
-##@ Deployment
-
-.PHONY: deploy
-deploy:  ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	helm upgrade --install ${APP} manifests/casdoor --create-namespace --set ingress.enabled=true \
-	--set "ingress.hosts[0].host=${HOST},ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=ImplementationSpecific" \
-	--set image.tag=${IMG_TAG} --set image.repository=${REGISTRY} --set image.name=${IMG} --version ${IMG_TAG} -n ${NAMESPACE}
-
-.PHONY: dry-run
-dry-run: ## Dry run for helm install
-	helm upgrade --install ${APP} manifests/casdoor --set ingress.enabled=true \
-	--set "ingress.hosts[0].host=${HOST},ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=ImplementationSpecific" \
-	--set image.tag=${IMG_TAG} --set image.repository=${REGISTRY} --set image.name=${IMG} --version ${IMG_TAG} -n ${NAMESPACE} --dry-run
-
-.PHONY: undeploy
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	helm delete ${APP} -n ${NAMESPACE}
--- a/README.md
+++ b/README.md
@ -1,88 +1,36 @@
-<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.</h3>
-<p align="center">
-  <a href="#badge">
-    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
-    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casbin/casdoor.svg">
-  </a>
-  <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
-    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
-  </a>
-</p>
-
-<p align="center">
-  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
-    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casbin/casdoor?style=flat-square" alt="license">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casbin/casdoor?style=flat-square">
-  </a>
-  <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casbin/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casbin/casdoor?style=flat-square">
-  </a>
-  <a href="https://crowdin.com/project/casdoor-site">
-    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
-  </a>
-  <a href="https://discord.gg/5rPsrAzK7S">
-    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
-  </a>
-</p>
-
-## Online demo
-
- Read-only site: https://door.casdoor.com (any modification operation will fail)
- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
-
-## Documentation
-
-https://casdoor.org
-
-## Install
-
- By source code: https://casdoor.org/docs/basic/server-installation
- By Docker: https://casdoor.org/docs/basic/try-with-docker
-
-## How to connect to Casdoor?
-
-https://casdoor.org/docs/how-to-connect/overview
-
-## Casdoor Public API
-
- Docs: https://casdoor.org/docs/basic/public-api
- Swagger: https://door.casdoor.com/swagger
-
-## Integrations
-
-https://casdoor.org/docs/category/integrations
-
-## How to contact?
-
- Discord: https://discord.gg/5rPsrAzK7S
- Forum: https://forum.casbin.com
- Contact: https://tawk.to/chat/623352fea34c2456412b8c51/1fuc7od6e
-
-## Contribute
-
-For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
-
-### I18n translation
-
-If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
-
-## License
-
-[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
+# Casdoor
+
+## Development
+
+### Prerequisites
+
+Go (1.15 or later)
+MySQL (5.8 or higher)
+Node.js (version 8 or higher)
+Yarn
+
+### Initialize project
+
+Create a database named casdoor.
+
+```sql
+CREATE DATABASE IF NOT EXISTS casdoor default charset utf8 COLLATE utf8_general_ci
+```
+
+Configure database source in the `.env` file. If you have not copied the `.env.template` file to a new file named `.env`, which should now be performed.
+
+### Run project
+
+#### backend
+
+```shell
+go run cmd/main.go
+```
+
+### frontend
+
+```shell
+cd web
+yarn
+yarn start
+```
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,9 +0,0 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-We are grateful for security researchers and users reporting a vulnerability to us first. To ensure that your request is handled in a timely manner and we can keep users safe, please follow the below guidelines.
-
- **Please do not report security vulnerabilities directly on GitHub.**
-
- To report a vulnerability, please email [admin@casdoor.org](admin@casdoor.org).
--- a/authz/authz.go
+++ b/authz/authz.go
@ -1,153 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package authz
-
-import (
-	"strings"
-
-	"github.com/casbin/casbin/v2"
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-	stringadapter "github.com/qiangmzsx/string-adapter/v2"
-)
-
-var Enforcer *casbin.Enforcer
-
-func InitApi() {
-	var err error
-
-	e, err := object.GetInitializedEnforcer(util.GetId("built-in", "api-enforcer-built-in"))
-	if err != nil {
-		panic(err)
-	}
-
-	Enforcer = e.Enforcer
-	Enforcer.ClearPolicy()
-
-	// if len(Enforcer.GetPolicy()) == 0 {
-	if true {
-		ruleText := `
-p, built-in, *, *, *, *, *
-p, app, *, *, *, *, *
-p, *, *, POST, /api/signup, *, *
-p, *, *, GET, /api/get-email-and-phone, *, *
-p, *, *, POST, /api/login, *, *
-p, *, *, GET, /api/get-app-login, *, *
-p, *, *, POST, /api/logout, *, *
-p, *, *, GET, /api/logout, *, *
-p, *, *, GET, /api/get-account, *, *
-p, *, *, GET, /api/userinfo, *, *
-p, *, *, GET, /api/user, *, *
-p, *, *, GET, /api/health, *, *
-p, *, *, POST, /api/webhook, *, *
-p, *, *, GET, /api/get-webhook-event, *, *
-p, *, *, GET, /api/get-captcha-status, *, *
-p, *, *, *, /api/login/oauth, *, *
-p, *, *, GET, /api/get-application, *, *
-p, *, *, GET, /api/get-organization-applications, *, *
-p, *, *, GET, /api/get-user, *, *
-p, *, *, GET, /api/get-user-application, *, *
-p, *, *, GET, /api/get-resources, *, *
-p, *, *, GET, /api/get-records, *, *
-p, *, *, GET, /api/get-product, *, *
-p, *, *, POST, /api/buy-product, *, *
-p, *, *, GET, /api/get-payment, *, *
-p, *, *, POST, /api/update-payment, *, *
-p, *, *, POST, /api/invoice-payment, *, *
-p, *, *, POST, /api/notify-payment, *, *
-p, *, *, POST, /api/unlink, *, *
-p, *, *, POST, /api/set-password, *, *
-p, *, *, POST, /api/send-verification-code, *, *
-p, *, *, GET, /api/get-captcha, *, *
-p, *, *, POST, /api/verify-captcha, *, *
-p, *, *, POST, /api/verify-code, *, *
-p, *, *, POST, /api/reset-email-or-phone, *, *
-p, *, *, POST, /api/upload-resource, *, *
-p, *, *, GET, /.well-known/openid-configuration, *, *
-p, *, *, *, /.well-known/jwks, *, *
-p, *, *, GET, /api/get-saml-login, *, *
-p, *, *, POST, /api/acs, *, *
-p, *, *, GET, /api/saml/metadata, *, *
-p, *, *, *, /cas, *, *
-p, *, *, *, /api/webauthn, *, *
-p, *, *, GET, /api/get-release, *, *
-p, *, *, GET, /api/get-default-application, *, *
-p, *, *, GET, /api/get-prometheus-info, *, *
-p, *, *, *, /api/metrics, *, *
-p, *, *, GET, /api/get-pricing, *, *
-p, *, *, GET, /api/get-plan, *, *
-p, *, *, GET, /api/get-organization-names, *, *
-`
-
-		sa := stringadapter.NewAdapter(ruleText)
-		// load all rules from string adapter to enforcer's memory
-		err := sa.LoadPolicy(Enforcer.GetModel())
-		if err != nil {
-			panic(err)
-		}
-
-		// save all rules from enforcer's memory to Xorm adapter (DB)
-		// same as:
-		// a.SavePolicy(Enforcer.GetModel())
-		err = Enforcer.SavePolicy()
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
-func IsAllowed(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
-	if conf.IsDemoMode() {
-		if !isAllowedInDemoMode(subOwner, subName, method, urlPath, objOwner, objName) {
-			return false
-		}
-	}
-
-	user, err := object.GetUser(util.GetId(subOwner, subName))
-	if err != nil {
-		panic(err)
-	}
-
-	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
-		return true
-	}
-
-	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
-	if err != nil {
-		panic(err)
-	}
-
-	return res
-}
-
-func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
-	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
-			return true
-		} else if urlPath == "/api/update-user" {
-			// Allow ordinary users to update their own information
-			if subOwner == objOwner && subName == objName && !(subOwner == "built-in" && subName == "admin") {
-				return true
-			}
-			return false
-		} else {
-			return false
-		}
-	}
-
-	// If method equals GET
-	return true
-}
--- a/build.sh
+++ b/build.sh
@ -1,12 +0,0 @@
-#!/bin/bash
-#try to connect to google to determine whether user need to use proxy
-curl www.google.com -o /dev/null --connect-timeout 5 2> /dev/null
-if [ $? == 0 ]
-then
-    echo "Successfully connected to Google, no need to use Go proxy"
-else
-    echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
-    export GOPROXY="https://goproxy.cn,direct"
-fi
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
-CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@ -1,115 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/casdoor/casdoor/util"
-)
-
-const AliyunCaptchaVerifyUrl = "http://afs.aliyuncs.com"
-
-type captchaSuccessResponse struct {
-	Code int    `json:"Code"`
-	Msg  string `json:"Msg"`
-}
-
-type captchaFailResponse struct {
-	Code    string `json:"Code"`
-	Message string `json:"Message"`
-}
-
-type AliyunCaptchaProvider struct{}
-
-func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
-	captcha := &AliyunCaptchaProvider{}
-	return captcha
-}
-
-func contentEscape(str string) string {
-	str = strings.Replace(str, " ", "%20", -1)
-	str = url.QueryEscape(str)
-	return str
-}
-
-func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	pathData, err := url.ParseQuery(token)
-	if err != nil {
-		return false, err
-	}
-
-	pathData["Action"] = []string{"AuthenticateSig"}
-	pathData["Format"] = []string{"json"}
-	pathData["SignatureMethod"] = []string{"HMAC-SHA1"}
-	pathData["SignatureNonce"] = []string{strconv.FormatInt(time.Now().UnixNano(), 10)}
-	pathData["SignatureVersion"] = []string{"1.0"}
-	pathData["Timestamp"] = []string{time.Now().UTC().Format("2006-01-02T15:04:05Z")}
-	pathData["Version"] = []string{"2018-01-12"}
-
-	var keys []string
-	for k := range pathData {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-
-	sortQuery := ""
-	for _, k := range keys {
-		sortQuery += k + "=" + contentEscape(pathData[k][0]) + "&"
-	}
-	sortQuery = strings.TrimSuffix(sortQuery, "&")
-
-	stringToSign := fmt.Sprintf("GET&%s&%s", url.QueryEscape("/"), url.QueryEscape(sortQuery))
-
-	signature := util.GetHmacSha1(clientSecret+"&", stringToSign)
-
-	resp, err := http.Get(fmt.Sprintf("%s?%s&Signature=%s", AliyunCaptchaVerifyUrl, sortQuery, url.QueryEscape(signature)))
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	return handleCaptchaResponse(body)
-}
-
-func handleCaptchaResponse(body []byte) (bool, error) {
-	captchaResp := &captchaSuccessResponse{}
-	err := json.Unmarshal(body, captchaResp)
-	if err != nil {
-		captchaFailResp := &captchaFailResponse{}
-		err = json.Unmarshal(body, captchaFailResp)
-		if err != nil {
-			return false, err
-		}
-
-		return false, errors.New(captchaFailResp.Message)
-	}
-
-	return true, nil
-}
--- a/captcha/default.go
+++ b/captcha/default.go
@ -1,28 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import "github.com/casdoor/casdoor/object"
-
-type DefaultCaptchaProvider struct{}
-
-func NewDefaultCaptchaProvider() *DefaultCaptchaProvider {
-	captcha := &DefaultCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	return object.VerifyCaptcha(clientSecret, token), nil
-}
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@ -1,81 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/casdoor/casdoor/util"
-)
-
-const GEETESTCaptchaVerifyUrl = "http://gcaptcha4.geetest.com/validate"
-
-type GEETESTCaptchaProvider struct{}
-
-func NewGEETESTCaptchaProvider() *GEETESTCaptchaProvider {
-	captcha := &GEETESTCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	pathData, err := url.ParseQuery(token)
-	if err != nil {
-		return false, err
-	}
-
-	signToken := util.GetHmacSha256(clientSecret, pathData["lot_number"][0])
-
-	formData := make(url.Values)
-	formData["lot_number"] = []string{pathData["lot_number"][0]}
-	formData["captcha_output"] = []string{pathData["captcha_output"][0]}
-	formData["pass_token"] = []string{pathData["pass_token"][0]}
-	formData["gen_time"] = []string{pathData["gen_time"][0]}
-	formData["sign_token"] = []string{signToken}
-	captchaId := pathData["captcha_id"][0]
-
-	cli := http.Client{Timeout: time.Second * 5}
-	resp, err := cli.PostForm(fmt.Sprintf("%s?captcha_id=%s", GEETESTCaptchaVerifyUrl, captchaId), formData)
-	if err != nil || resp.StatusCode != 200 {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Result string `json:"result"`
-		Reason string `json:"reason"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if captchaResp.Result == "success" {
-		return true, nil
-	}
-
-	return false, errors.New(captchaResp.Reason)
-}
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@ -1,66 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-const HCaptchaVerifyUrl = "https://hcaptcha.com/siteverify"
-
-type HCaptchaProvider struct{}
-
-func NewHCaptchaProvider() *HCaptchaProvider {
-	captcha := &HCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	reqData := url.Values{
-		"secret":   {clientSecret},
-		"response": {token},
-	}
-	resp, err := http.PostForm(HCaptchaVerifyUrl, reqData)
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Success    bool     `json:"success"`
-		ErrorCodes []string `json:"error-codes"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if len(captchaResp.ErrorCodes) > 0 {
-		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
-	}
-
-	return captchaResp.Success, nil
-}
--- a/captcha/provider.go
+++ b/captcha/provider.go
@ -1,49 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import "fmt"
-
-type CaptchaProvider interface {
-	VerifyCaptcha(token, clientSecret string) (bool, error)
-}
-
-func GetCaptchaProvider(captchaType string) CaptchaProvider {
-	switch captchaType {
-	case "Default":
-		return NewDefaultCaptchaProvider()
-	case "reCAPTCHA":
-		return NewReCaptchaProvider()
-	case "Aliyun Captcha":
-		return NewAliyunCaptchaProvider()
-	case "hCaptcha":
-		return NewHCaptchaProvider()
-	case "GEETEST":
-		return NewGEETESTCaptchaProvider()
-	case "Cloudflare Turnstile":
-		return NewCloudflareTurnstileProvider()
-	}
-
-	return nil
-}
-
-func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
-	provider := GetCaptchaProvider(captchaType)
-	if provider == nil {
-		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
-	}
-
-	return provider.VerifyCaptcha(token, clientSecret)
-}
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@ -1,66 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-const ReCaptchaVerifyUrl = "https://recaptcha.net/recaptcha/api/siteverify"
-
-type ReCaptchaProvider struct{}
-
-func NewReCaptchaProvider() *ReCaptchaProvider {
-	captcha := &ReCaptchaProvider{}
-	return captcha
-}
-
-func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	reqData := url.Values{
-		"secret":   {clientSecret},
-		"response": {token},
-	}
-	resp, err := http.PostForm(ReCaptchaVerifyUrl, reqData)
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Success    bool     `json:"success"`
-		ErrorCodes []string `json:"error-codes"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if len(captchaResp.ErrorCodes) > 0 {
-		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
-	}
-
-	return captchaResp.Success, nil
-}
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@ -1,66 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package captcha
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-const CloudflareTurnstileVerifyUrl = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
-
-type CloudflareTurnstileProvider struct{}
-
-func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
-	captcha := &CloudflareTurnstileProvider{}
-	return captcha
-}
-
-func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	reqData := url.Values{
-		"secret":   {clientSecret},
-		"response": {token},
-	}
-	resp, err := http.PostForm(CloudflareTurnstileVerifyUrl, reqData)
-	if err != nil {
-		return false, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-
-	type captchaResponse struct {
-		Success    bool     `json:"success"`
-		ErrorCodes []string `json:"error-codes"`
-	}
-	captchaResp := &captchaResponse{}
-	err = json.Unmarshal(body, captchaResp)
-	if err != nil {
-		return false, err
-	}
-
-	if len(captchaResp.ErrorCodes) > 0 {
-		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
-	}
-
-	return captchaResp.Success, nil
-}
--- a/cmd/main.go
+++ b/cmd/main.go
@ -0,0 +1,68 @@
+// Copyright 2020 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"context"
+	"log"
+	"net/http"
+	"os"
+	"os/signal"
+	"time"
+
+	"github.com/casdoor/casdoor/internal/config"
+	"github.com/casdoor/casdoor/internal/handler"
+	"github.com/casdoor/casdoor/internal/store"
+	"github.com/casdoor/casdoor/internal/store/shared"
+)
+
+func main() {
+	cfg, err := config.NewConfig()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	db, err := shared.NewDB(cfg)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	userStore := store.NewUserStore(db)
+	applicationStore := store.NewApplicationStore(db)
+
+	srv := &http.Server{
+		Addr:    cfg.HTTPPort,
+		Handler: handler.New(userStore, applicationStore),
+	}
+
+	go func() {
+		log.Printf("listen and serve on %s", srv.Addr)
+		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			log.Fatalf("listen: %s\n", err)
+		}
+	}()
+
+	quit := make(chan os.Signal)
+	signal.Notify(quit, os.Interrupt)
+	<-quit
+	log.Println("Shutdown Server ...")
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	if err := srv.Shutdown(ctx); err != nil {
+		log.Fatal("Server Shutdown:", err)
+	}
+	log.Println("Server exiting")
+}
--- a/conf/app.conf
+++ b/conf/app.conf
@ -1,25 +0,0 @@
-appname = casdoor
-httpport = 8000
-runmode = dev
-copyrequestbody = true
-driverName = mysql
-dataSourceName = root:123456@tcp(localhost:3306)/
-dbName = casdoor
-tableNamePrefix =
-showSql = false
-redisEndpoint =
-defaultStorageProvider = 
-isCloudIntranet = false
-authState = "casdoor"
-socks5Proxy = "127.0.0.1:10808"
-verificationCodeTimeout = 10
-initScore = 2000
-logPostOnly = true
-origin =
-staticBaseUrl = "https://cdn.casbin.org"
-isDemoMode = false
-batchSize = 100
-ldapServerPort = 389
-quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
-logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
-initDataFile = "./init_data.json"
--- a/conf/conf.go
+++ b/conf/conf.go
@ -1,144 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package conf
-
-import (
-	"encoding/json"
-	"os"
-	"runtime"
-	"strconv"
-	"strings"
-
-	"github.com/beego/beego"
-)
-
-type Quota struct {
-	Organization int `json:"organization"`
-	User         int `json:"user"`
-	Application  int `json:"application"`
-	Provider     int `json:"provider"`
-}
-
-var quota = &Quota{-1, -1, -1, -1}
-
-func init() {
-	// this array contains the beego configuration items that may be modified via env
-	presetConfigItems := []string{"httpport", "appname"}
-	for _, key := range presetConfigItems {
-		if value, ok := os.LookupEnv(key); ok {
-			err := beego.AppConfig.Set(key, value)
-			if err != nil {
-				panic(err)
-			}
-		}
-	}
-	initQuota()
-}
-
-func initQuota() {
-	res := beego.AppConfig.String("quota")
-	if res != "" {
-		err := json.Unmarshal([]byte(res), quota)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
-func GetConfigString(key string) string {
-	if value, ok := os.LookupEnv(key); ok {
-		return value
-	}
-
-	res := beego.AppConfig.String(key)
-	if res == "" {
-		if key == "staticBaseUrl" {
-			res = "https://cdn.casbin.org"
-		} else if key == "logConfig" {
-			res = "{\"filename\": \"logs/casdoor.log\", \"maxdays\":99999, \"perm\":\"0770\"}"
-		}
-	}
-
-	return res
-}
-
-func GetConfigBool(key string) bool {
-	value := GetConfigString(key)
-	if value == "true" {
-		return true
-	} else {
-		return false
-	}
-}
-
-func GetConfigInt64(key string) (int64, error) {
-	value := GetConfigString(key)
-	num, err := strconv.ParseInt(value, 10, 64)
-	return num, err
-}
-
-func GetConfigDataSourceName() string {
-	dataSourceName := GetConfigString("dataSourceName")
-
-	runningInDocker := os.Getenv("RUNNING_IN_DOCKER")
-	if runningInDocker == "true" {
-		// https://stackoverflow.com/questions/48546124/what-is-linux-equivalent-of-host-docker-internal
-		if runtime.GOOS == "linux" {
-			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "172.17.0.1")
-		} else {
-			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "host.docker.internal")
-		}
-	}
-
-	return dataSourceName
-}
-
-func GetLanguage(language string) string {
-	if language == "" || language == "*" {
-		return "en"
-	}
-
-	if len(language) != 2 || language == "nu" {
-		return "en"
-	} else {
-		return language
-	}
-}
-
-func IsDemoMode() bool {
-	return strings.ToLower(GetConfigString("isDemoMode")) == "true"
-}
-
-func GetConfigBatchSize() int {
-	res, err := strconv.Atoi(GetConfigString("batchSize"))
-	if err != nil {
-		res = 100
-	}
-	return res
-}
-
-func GetConfigQuota() *Quota {
-	return quota
-}
-
-func GetConfigRealDataSourceName(driverName string) string {
-	var dataSourceName string
-	if driverName != "mysql" {
-		dataSourceName = GetConfigDataSourceName()
-	} else {
-		dataSourceName = GetConfigDataSourceName() + GetConfigString("dbName")
-	}
-	return dataSourceName
-}
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@ -1,127 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package conf
-
-import (
-	"os"
-	"testing"
-
-	"github.com/beego/beego"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetConfString(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       string
-		expected    interface{}
-	}{
-		{"Should be return casbin", "appname", "casbin"},
-		{"Should be return 8000", "httpport", "8000"},
-		{"Should be return  value", "key", "value"},
-	}
-
-	// do some set up job
-
-	os.Setenv("appname", "casbin")
-	os.Setenv("key", "value")
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetConfigString(scenery.input)
-			assert.Equal(t, scenery.expected, actual)
-		})
-	}
-}
-
-func TestGetConfInt(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       string
-		expected    interface{}
-	}{
-		{"Should be return 8000", "httpport", 8001},
-		{"Should be return 8000", "verificationCodeTimeout", 10},
-	}
-
-	// do some set up job
-	os.Setenv("httpport", "8001")
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual, err := GetConfigInt64(scenery.input)
-			assert.Nil(t, err)
-			assert.Equal(t, scenery.expected, int(actual))
-		})
-	}
-}
-
-func TestGetConfBool(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       string
-		expected    interface{}
-	}{
-		{"Should be return false", "copyrequestbody", true},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetConfigBool(scenery.input)
-			assert.Nil(t, err)
-			assert.Equal(t, scenery.expected, actual)
-		})
-	}
-}
-
-func TestGetConfigQuota(t *testing.T) {
-	scenarios := []struct {
-		description string
-		expected    *Quota
-	}{
-		{"default", &Quota{-1, -1, -1, -1}},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		quota := GetConfigQuota()
-		assert.Equal(t, scenery.expected, quota)
-	}
-}
-
-func TestGetConfigLogs(t *testing.T) {
-	scenarios := []struct {
-		description string
-		expected    string
-	}{
-		{"Default log config", `{"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		quota := GetConfigString("logConfig")
-		assert.Equal(t, scenery.expected, quota)
-	}
-}
--- a/controllers/account.go
+++ b/controllers/account.go
@ -1,498 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"github.com/casdoor/casdoor/form"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-const (
-	ResponseTypeLogin   = "login"
-	ResponseTypeCode    = "code"
-	ResponseTypeToken   = "token"
-	ResponseTypeIdToken = "id_token"
-	ResponseTypeSaml    = "saml"
-	ResponseTypeCas     = "cas"
-)
-
-type Response struct {
-	Status string      `json:"status"`
-	Msg    string      `json:"msg"`
-	Sub    string      `json:"sub"`
-	Name   string      `json:"name"`
-	Data   interface{} `json:"data"`
-	Data2  interface{} `json:"data2"`
-}
-
-type Captcha struct {
-	Type          string `json:"type"`
-	AppKey        string `json:"appKey"`
-	Scene         string `json:"scene"`
-	CaptchaId     string `json:"captchaId"`
-	CaptchaImage  []byte `json:"captchaImage"`
-	ClientId      string `json:"clientId"`
-	ClientSecret  string `json:"clientSecret"`
-	ClientId2     string `json:"clientId2"`
-	ClientSecret2 string `json:"clientSecret2"`
-	SubType       string `json:"subType"`
-}
-
-// Signup
-// @Tag Login API
-// @Title Signup
-// @Description sign up a new user
-// @Param   username     formData    string  true        "The username to sign up"
-// @Param   password     formData    string  true        "The password"
-// @Success 200 {object} controllers.Response The Response object
-// @router /signup [post]
-func (c *ApiController) Signup() {
-	if c.GetSessionUsername() != "" {
-		c.ResponseError(c.T("account:Please sign out first"), c.GetSessionUsername())
-		return
-	}
-
-	var authForm form.AuthForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !application.EnableSignUp {
-		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
-		return
-	}
-
-	organization, err := object.GetOrganization(util.GetId("admin", authForm.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
-	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && authForm.Email != "" {
-		checkResult := object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
-		if checkResult.Code != object.VerificationSuccess {
-			c.ResponseError(checkResult.Msg)
-			return
-		}
-	}
-
-	var checkPhone string
-	if application.IsSignupItemVisible("Phone") && application.GetSignupItemRule("Phone") != "No verification" && authForm.Phone != "" {
-		checkPhone, _ = util.GetE164Number(authForm.Phone, authForm.CountryCode)
-		checkResult := object.CheckVerificationCode(checkPhone, authForm.PhoneCode, c.GetAcceptLanguage())
-		if checkResult.Code != object.VerificationSuccess {
-			c.ResponseError(checkResult.Msg)
-			return
-		}
-	}
-
-	id := util.GenerateId()
-	if application.GetSignupItemRule("ID") == "Incremental" {
-		lastUser, err := object.GetLastUser(authForm.Organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		lastIdInt := -1
-		if lastUser != nil {
-			lastIdInt = util.ParseInt(lastUser.Id)
-		}
-
-		id = strconv.Itoa(lastIdInt + 1)
-	}
-
-	username := authForm.Username
-	if !application.IsSignupItemVisible("Username") {
-		username = id
-	}
-
-	password := authForm.Password
-	msg = object.CheckPasswordComplexityByOrg(organization, password)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	initScore, err := organization.GetInitScore()
-	if err != nil {
-		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
-		return
-	}
-
-	user := &object.User{
-		Owner:             authForm.Organization,
-		Name:              username,
-		CreatedTime:       util.GetCurrentTime(),
-		Id:                id,
-		Type:              "normal-user",
-		Password:          authForm.Password,
-		DisplayName:       authForm.Name,
-		Avatar:            organization.DefaultAvatar,
-		Email:             authForm.Email,
-		Phone:             authForm.Phone,
-		CountryCode:       authForm.CountryCode,
-		Address:           []string{},
-		Affiliation:       authForm.Affiliation,
-		IdCard:            authForm.IdCard,
-		Region:            authForm.Region,
-		Score:             initScore,
-		IsAdmin:           false,
-		IsGlobalAdmin:     false,
-		IsForbidden:       false,
-		IsDeleted:         false,
-		SignupApplication: application.Name,
-		Properties:        map[string]string{},
-		Karma:             0,
-	}
-
-	if len(organization.Tags) > 0 {
-		tokens := strings.Split(organization.Tags[0], "|")
-		if len(tokens) > 0 {
-			user.Tag = tokens[0]
-		}
-	}
-
-	if application.GetSignupItemRule("Display name") == "First, last" {
-		if authForm.FirstName != "" || authForm.LastName != "" {
-			user.DisplayName = fmt.Sprintf("%s %s", authForm.FirstName, authForm.LastName)
-			user.FirstName = authForm.FirstName
-			user.LastName = authForm.LastName
-		}
-	}
-
-	affected, err := object.AddUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !affected {
-		c.ResponseError(c.T("account:Failed to add user"), util.StructToJson(user))
-		return
-	}
-
-	err = object.AddUserToOriginalDatabase(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if application.HasPromptPage() {
-		// The prompt page needs the user to be signed in
-		c.SetSessionUsername(user.GetId())
-	}
-
-	err = object.DisableVerificationCode(authForm.Email)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.DisableVerificationCode(checkPhone)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isSignupFromPricing := authForm.Plan != "" && authForm.Pricing != ""
-	if isSignupFromPricing {
-		_, err = object.Subscribe(organization.Name, user.Name, authForm.Plan, authForm.Pricing)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	record := object.NewRecord(c.Ctx)
-	record.Organization = application.Organization
-	record.User = user.Name
-	util.SafeGoroutine(func() { object.AddRecord(record) })
-
-	userId := user.GetId()
-	util.LogInfo(c.Ctx, "API: [%s] is signed up as new user", userId)
-
-	c.ResponseOk(userId)
-}
-
-// Logout
-// @Title Logout
-// @Tag Login API
-// @Description logout the current user
-// @Param   id_token_hint   query        string  false        "id_token_hint"
-// @Param   post_logout_redirect_uri    query    string  false     "post_logout_redirect_uri"
-// @Param   state     query    string  false     "state"
-// @Success 200 {object} controllers.Response The Response object
-// @router /logout [get,post]
-func (c *ApiController) Logout() {
-	// https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html
-	accessToken := c.Input().Get("id_token_hint")
-	redirectUri := c.Input().Get("post_logout_redirect_uri")
-	state := c.Input().Get("state")
-
-	user := c.GetSessionUsername()
-
-	if accessToken == "" && redirectUri == "" {
-		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-		if user == "" {
-			c.ResponseOk()
-			return
-		}
-
-		c.ClearUserSession()
-		owner, username := util.GetOwnerAndNameFromId(user)
-		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-		application := c.GetSessionApplication()
-		if application == nil || application.Name == "app-built-in" || application.HomepageUrl == "" {
-			c.ResponseOk(user)
-			return
-		}
-		c.ResponseOk(user, application.HomepageUrl)
-		return
-	} else {
-		// "post_logout_redirect_uri" has been made optional, see: https://github.com/casdoor/casdoor/issues/2151
-		// if redirectUri == "" {
-		// 	c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
-		// 	return
-		// }
-		if accessToken == "" {
-			c.ResponseError(c.T("general:Missing parameter") + ": id_token_hint")
-			return
-		}
-
-		affected, application, token, err := object.ExpireTokenByAccessToken(accessToken)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if !affected {
-			c.ResponseError(c.T("token:Token not found, invalid accessToken"))
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist")), token.Application)
-			return
-		}
-
-		if application.IsRedirectUriValid(redirectUri) {
-			if user == "" {
-				user = util.GetId(token.Organization, token.User)
-			}
-
-			c.ClearUserSession()
-			// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-			owner, username := util.GetOwnerAndNameFromId(user)
-
-			_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-			c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
-		} else {
-			c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
-			return
-		}
-	}
-}
-
-// GetAccount
-// @Title GetAccount
-// @Tag Account API
-// @Description get the details of the current account
-// @Success 200 {object} controllers.Response The Response object
-// @router /get-account [get]
-func (c *ApiController) GetAccount() {
-	var err error
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	managedAccounts := c.Input().Get("managedAccounts")
-	if managedAccounts == "1" {
-		user, err = object.ExtendManagedAccountsWithUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user != nil {
-		user.Permissions = object.GetMaskedPermissions(user.Permissions)
-		user.Roles = object.GetMaskedRoles(user.Roles)
-		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-	}
-
-	organization, err := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdminOrSelf := c.IsAdminOrSelf(user)
-	u, err := object.GetMaskedUser(user, isAdminOrSelf)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	resp := Response{
-		Status: "ok",
-		Sub:    user.Id,
-		Name:   user.Name,
-		Data:   u,
-		Data2:  organization,
-	}
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-// GetUserinfo
-// UserInfo
-// @Title UserInfo
-// @Tag Account API
-// @Description return user information according to OIDC standards
-// @Success 200 {object} object.Userinfo The Response object
-// @router /userinfo [get]
-func (c *ApiController) GetUserinfo() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	scope, aud := c.GetSessionOidc()
-	host := c.Ctx.Request.Host
-	userInfo := object.GetUserInfo(user, scope, aud, host)
-
-	c.Data["json"] = userInfo
-	c.ServeJSON()
-}
-
-// GetUserinfo2
-// LaravelResponse
-// @Title UserInfo2
-// @Tag Account API
-// @Description return Laravel compatible user information according to OAuth 2.0
-// @Success 200 {object} LaravelResponse The Response object
-// @router /user [get]
-func (c *ApiController) GetUserinfo2() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	// this API is used by "Api URL" of Flarum's FoF Passport plugin
-	// https://github.com/FriendsOfFlarum/passport
-	type LaravelResponse struct {
-		Id              string `json:"id"`
-		Name            string `json:"name"`
-		Email           string `json:"email"`
-		EmailVerifiedAt string `json:"email_verified_at"`
-		CreatedAt       string `json:"created_at"`
-		UpdatedAt       string `json:"updated_at"`
-	}
-
-	response := LaravelResponse{
-		Id:              user.Id,
-		Name:            user.Name,
-		Email:           user.Email,
-		EmailVerifiedAt: user.CreatedTime,
-		CreatedAt:       user.CreatedTime,
-		UpdatedAt:       user.UpdatedTime,
-	}
-
-	c.Data["json"] = response
-	c.ServeJSON()
-}
-
-// GetCaptcha ...
-// @Tag Login API
-// @Title GetCaptcha
-// @router /api/get-captcha [get]
-func (c *ApiController) GetCaptcha() {
-	applicationId := c.Input().Get("applicationId")
-	isCurrentProvider := c.Input().Get("isCurrentProvider")
-
-	captchaProvider, err := object.GetCaptchaProviderByApplication(applicationId, isCurrentProvider, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if captchaProvider != nil {
-		if captchaProvider.Type == "Default" {
-			id, img, err := object.GetCaptcha()
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			c.ResponseOk(Captcha{Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
-			return
-		} else if captchaProvider.Type != "" {
-			c.ResponseOk(Captcha{
-				Type:          captchaProvider.Type,
-				SubType:       captchaProvider.SubType,
-				ClientId:      captchaProvider.ClientId,
-				ClientSecret:  captchaProvider.ClientSecret,
-				ClientId2:     captchaProvider.ClientId2,
-				ClientSecret2: captchaProvider.ClientSecret2,
-			})
-			return
-		}
-	}
-
-	c.ResponseOk(Captcha{Type: "none"})
-}
--- a/controllers/adapter.go
+++ b/controllers/adapter.go
@ -1,235 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
-)
-
-// GetAdapters
-// @Title GetAdapters
-// @Tag Adapter API
-// @Description get adapters
-// @Param   owner     query    string  true        "The owner of adapters"
-// @Success 200 {array} object.Adapter The Response object
-// @router /get-adapters [get]
-func (c *ApiController) GetAdapters() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		adapters, err := object.GetAdapters(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(adapters)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetAdapterCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		adapters, err := object.GetPaginationAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(adapters, paginator.Nums())
-	}
-}
-
-// GetAdapter
-// @Title GetAdapter
-// @Tag Adapter API
-// @Description get adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Success 200 {object} object.Adapter The Response object
-// @router /get-adapter [get]
-func (c *ApiController) GetAdapter() {
-	id := c.Input().Get("id")
-
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(adapter)
-}
-
-// UpdateAdapter
-// @Title UpdateAdapter
-// @Tag Adapter API
-// @Description update adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-adapter [post]
-func (c *ApiController) UpdateAdapter() {
-	id := c.Input().Get("id")
-
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateAdapter(id, &adapter))
-	c.ServeJSON()
-}
-
-// AddAdapter
-// @Title AddAdapter
-// @Tag Adapter API
-// @Description add adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-adapter [post]
-func (c *ApiController) AddAdapter() {
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddAdapter(&adapter))
-	c.ServeJSON()
-}
-
-// DeleteAdapter
-// @Title DeleteAdapter
-// @Tag Adapter API
-// @Description delete adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-adapter [post]
-func (c *ApiController) DeleteAdapter() {
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteAdapter(&adapter))
-	c.ServeJSON()
-}
-
-func (c *ApiController) GetPolicies() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	policies, err := object.GetPolicies(adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(policies)
-}
-
-func (c *ApiController) UpdatePolicy() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var policies []xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdatePolicy(util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) AddPolicy() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var policy xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.AddPolicy(util.CasbinToSlice(policy), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) RemovePolicy() {
-	id := c.Input().Get("id")
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var policy xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.RemovePolicy(util.CasbinToSlice(policy), adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
--- a/controllers/application.go
+++ b/controllers/application.go
@ -1,247 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetApplications
-// @Title GetApplications
-// @Tag Application API
-// @Description get all applications
-// @Param   owner     query    string  true        "The owner of applications."
-// @Success 200 {array} object.Application The Response object
-// @router /get-applications [get]
-func (c *ApiController) GetApplications() {
-	userId := c.GetSessionUsername()
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
-	var err error
-	if limit == "" || page == "" {
-		var applications []*object.Application
-		if organization == "" {
-			applications, err = object.GetApplications(owner)
-		} else {
-			applications, err = object.GetOrganizationApplications(owner, organization)
-		}
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk(object.GetMaskedApplications(applications, userId))
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetApplicationCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		app, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications := object.GetMaskedApplications(app, userId)
-		c.ResponseOk(applications, paginator.Nums())
-	}
-}
-
-// GetApplication
-// @Title GetApplication
-// @Tag Application API
-// @Description get the detail of an application
-// @Param   id     query    string  true        "The id ( owner/name ) of the application."
-// @Success 200 {object} object.Application The Response object
-// @router /get-application [get]
-func (c *ApiController) GetApplication() {
-	userId := c.GetSessionUsername()
-	id := c.Input().Get("id")
-
-	app, err := object.GetApplication(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedApplication(app, userId))
-}
-
-// GetUserApplication
-// @Title GetUserApplication
-// @Tag Application API
-// @Description get the detail of the user's application
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
-// @Success 200 {object} object.Application The Response object
-// @router /get-user-application [get]
-func (c *ApiController) GetUserApplication() {
-	userId := c.GetSessionUsername()
-	id := c.Input().Get("id")
-
-	user, err := object.GetUser(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
-		return
-	}
-
-	application, err := object.GetApplicationByUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedApplication(application, userId))
-}
-
-// GetOrganizationApplications
-// @Title GetOrganizationApplications
-// @Tag Application API
-// @Description get the detail of the organization's application
-// @Param   organization     query    string  true        "The organization name"
-// @Success 200 {array} object.Application The Response object
-// @router /get-organization-applications [get]
-func (c *ApiController) GetOrganizationApplications() {
-	userId := c.GetSessionUsername()
-	organization := c.Input().Get("organization")
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if organization == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": organization")
-		return
-	}
-
-	if limit == "" || page == "" {
-		applications, err := object.GetOrganizationApplications(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedApplications(applications, userId))
-	} else {
-		limit := util.ParseInt(limit)
-
-		count, err := object.GetOrganizationApplicationCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		app, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications := object.GetMaskedApplications(app, userId)
-		c.ResponseOk(applications, paginator.Nums())
-	}
-}
-
-// UpdateApplication
-// @Title UpdateApplication
-// @Tag Application API
-// @Description update an application
-// @Param   id     query    string  true        "The id ( owner/name ) of the application"
-// @Param   body    body   object.Application  true        "The details of the application"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-application [post]
-func (c *ApiController) UpdateApplication() {
-	id := c.Input().Get("id")
-
-	var application object.Application
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
-	c.ServeJSON()
-}
-
-// AddApplication
-// @Title AddApplication
-// @Tag Application API
-// @Description add an application
-// @Param   body    body   object.Application  true        "The details of the application"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-application [post]
-func (c *ApiController) AddApplication() {
-	var application object.Application
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count, err := object.GetApplicationCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForApplication(int(count)); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddApplication(&application))
-	c.ServeJSON()
-}
-
-// DeleteApplication
-// @Title DeleteApplication
-// @Tag Application API
-// @Description delete an application
-// @Param   body    body   object.Application  true        "The details of the application"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-application [post]
-func (c *ApiController) DeleteApplication() {
-	var application object.Application
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteApplication(&application))
-	c.ServeJSON()
-}
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -1,836 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"encoding/xml"
-	"fmt"
-	"io/ioutil"
-	"net/url"
-	"strconv"
-	"strings"
-	"sync"
-
-	"github.com/casdoor/casdoor/captcha"
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/form"
-	"github.com/casdoor/casdoor/idp"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/proxy"
-	"github.com/casdoor/casdoor/util"
-	"github.com/google/uuid"
-)
-
-var (
-	wechatScanType string
-	lock           sync.RWMutex
-)
-
-func codeToResponse(code *object.Code) *Response {
-	if code.Code == "" {
-		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
-	}
-
-	return &Response{Status: "ok", Msg: "", Data: code.Code}
-}
-
-func tokenToResponse(token *object.Token) *Response {
-	if token.AccessToken == "" {
-		return &Response{Status: "error", Msg: "fail to get accessToken", Data: token.AccessToken}
-	}
-	return &Response{Status: "ok", Msg: "", Data: token.AccessToken, Data2: token.RefreshToken}
-}
-
-// HandleLoggedIn ...
-func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) {
-	userId := user.GetId()
-
-	allowed, err := object.CheckAccessPermission(userId, application)
-	if err != nil {
-		c.ResponseError(err.Error(), nil)
-		return
-	}
-	if !allowed {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	// check user's tag
-	if !user.IsGlobalAdmin && !user.IsAdmin && len(application.Tags) > 0 {
-		// only users with the tag that is listed in the application tags can login
-		if !util.InSlice(application.Tags, user.Tag) {
-			c.ResponseError(fmt.Sprintf(c.T("auth:User's tag: %s is not listed in the application's tags"), user.Tag))
-			return
-		}
-	}
-
-	if form.Type == ResponseTypeLogin {
-		c.SetSessionUsername(userId)
-		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-		resp = &Response{Status: "ok", Msg: "", Data: userId}
-	} else if form.Type == ResponseTypeCode {
-		clientId := c.Input().Get("clientId")
-		responseType := c.Input().Get("responseType")
-		redirectUri := c.Input().Get("redirectUri")
-		scope := c.Input().Get("scope")
-		state := c.Input().Get("state")
-		nonce := c.Input().Get("nonce")
-		challengeMethod := c.Input().Get("code_challenge_method")
-		codeChallenge := c.Input().Get("code_challenge")
-
-		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-			c.ResponseError(c.T("auth:Challenge method should be S256"))
-			return
-		}
-		code, err := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
-
-		resp = codeToResponse(code)
-
-		if application.EnableSigninSession || application.HasPromptPage() {
-			// The prompt page needs the user to be signed in
-			c.SetSessionUsername(userId)
-		}
-	} else if form.Type == ResponseTypeToken || form.Type == ResponseTypeIdToken { // implicit flow
-		if !object.IsGrantTypeValid(form.Type, application.GrantTypes) {
-			resp = &Response{Status: "error", Msg: fmt.Sprintf("error: grant_type: %s is not supported in this application", form.Type), Data: ""}
-		} else {
-			scope := c.Input().Get("scope")
-			token, _ := object.GetTokenByUser(application, user, scope, c.Ctx.Request.Host)
-			resp = tokenToResponse(token)
-		}
-	} else if form.Type == ResponseTypeSaml { // saml flow
-		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]string{"redirectUrl": redirectUrl, "method": method}}
-
-		if application.EnableSigninSession || application.HasPromptPage() {
-			// The prompt page needs the user to be signed in
-			c.SetSessionUsername(userId)
-		}
-	} else if form.Type == ResponseTypeCas {
-		// not oauth but CAS SSO protocol
-		service := c.Input().Get("service")
-		resp = wrapErrorResponse(nil)
-		if service != "" {
-			st, err := object.GenerateCasToken(userId, service)
-			if err != nil {
-				resp = wrapErrorResponse(err)
-			} else {
-				resp.Data = st
-			}
-		}
-
-		if application.EnableSigninSession || application.HasPromptPage() {
-			// The prompt page needs the user to be signed in
-			c.SetSessionUsername(userId)
-		}
-	} else {
-		resp = wrapErrorResponse(fmt.Errorf("unknown response type: %s", form.Type))
-	}
-
-	// if user did not check auto signin
-	if resp.Status == "ok" && !form.AutoSignin {
-		c.setExpireForSession()
-	}
-
-	if resp.Status == "ok" {
-		_, err = object.AddSession(&object.Session{
-			Owner:       user.Owner,
-			Name:        user.Name,
-			Application: application.Name,
-			SessionId:   []string{c.Ctx.Input.CruSession.SessionID()},
-		})
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
-	}
-
-	return resp
-}
-
-// GetApplicationLogin ...
-// @Title GetApplicationLogin
-// @Tag Login API
-// @Description get application login
-// @Param   clientId    query    string  true        "client id"
-// @Param   responseType    query    string  true        "response type"
-// @Param   redirectUri    query    string  true        "redirect uri"
-// @Param   scope    query    string  true        "scope"
-// @Param   state    query    string  true        "state"
-// @Success 200 {object}  Response The Response object
-// @router /get-app-login [get]
-func (c *ApiController) GetApplicationLogin() {
-	clientId := c.Input().Get("clientId")
-	responseType := c.Input().Get("responseType")
-	redirectUri := c.Input().Get("redirectUri")
-	scope := c.Input().Get("scope")
-	state := c.Input().Get("state")
-
-	msg, application, err := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	application = object.GetMaskedApplication(application, "")
-	if msg != "" {
-		c.ResponseError(msg, application)
-	} else {
-		c.ResponseOk(application)
-	}
-}
-
-func setHttpClient(idProvider idp.IdProvider, providerType string) {
-	if isProxyProviderType(providerType) {
-		idProvider.SetHttpClient(proxy.ProxyHttpClient)
-	} else {
-		idProvider.SetHttpClient(proxy.DefaultHttpClient)
-	}
-}
-
-func isProxyProviderType(providerType string) bool {
-	providerTypes := []string{
-		"GitHub",
-		"Google",
-		"Facebook",
-		"LinkedIn",
-		"Steam",
-		"Line",
-		"Amazon",
-		"Instagram",
-		"TikTok",
-		"Twitter",
-		"Uber",
-		"Yahoo",
-	}
-	for _, v := range providerTypes {
-		if strings.EqualFold(v, providerType) {
-			return true
-		}
-	}
-	return false
-}
-
-// Login ...
-// @Title Login
-// @Tag Login API
-// @Description login
-// @Param clientId        query    string  true clientId
-// @Param responseType    query    string  true responseType
-// @Param redirectUri     query    string  true redirectUri
-// @Param scope     query    string  false  scope
-// @Param state     query    string  false  state
-// @Param nonce     query    string  false nonce
-// @Param code_challenge_method   query    string  false code_challenge_method
-// @Param code_challenge          query    string  false code_challenge
-// @Param   form   body   controllers.AuthForm  true        "Login information"
-// @Success 200 {object} controllers.Response The Response object
-// @router /login [post]
-func (c *ApiController) Login() {
-	resp := &Response{}
-
-	var authForm form.AuthForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if authForm.Username != "" {
-		if authForm.Type == ResponseTypeLogin {
-			if c.GetSessionUsername() != "" {
-				c.ResponseError(c.T("account:Please sign out first"), c.GetSessionUsername())
-				return
-			}
-		}
-
-		var user *object.User
-		var msg string
-
-		if authForm.Password == "" {
-			if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			} else if user == nil {
-				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
-				return
-			}
-
-			verificationCodeType := object.GetVerifyType(authForm.Username)
-			var checkDest string
-			if verificationCodeType == object.VerifyTypePhone {
-				authForm.CountryCode = user.GetCountryCode(authForm.CountryCode)
-				var ok bool
-				if checkDest, ok = util.GetE164Number(authForm.Username, authForm.CountryCode); !ok {
-					c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), authForm.CountryCode))
-					return
-				}
-			}
-
-			// check result through Email or Phone
-			checkResult := object.CheckSigninCode(user, checkDest, authForm.Code, c.GetAcceptLanguage())
-			if len(checkResult) != 0 {
-				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, checkResult))
-				return
-			}
-
-			// disable the verification code
-			err := object.DisableVerificationCode(checkDest)
-			if err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			}
-		} else {
-			application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			}
-
-			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-				return
-			}
-			if !application.EnablePassword {
-				c.ResponseError(c.T("auth:The login method: login with password is not enabled for the application"))
-				return
-			}
-			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if enableCaptcha {
-				isHuman, err := captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, authForm.ClientSecret)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-
-				if !isHuman {
-					c.ResponseError(c.T("verification:Turing test failed."))
-					return
-				}
-			}
-
-			password := authForm.Password
-			user, msg = object.CheckUserPassword(authForm.Organization, authForm.Username, password, c.GetAcceptLanguage(), enableCaptcha)
-		}
-
-		if msg != "" {
-			resp = &Response{Status: "error", Msg: msg}
-		} else {
-			application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-				return
-			}
-
-			organization, err := object.GetOrganizationByUser(user)
-			if err != nil {
-				c.ResponseError(err.Error())
-			}
-
-			if object.IsNeedPromptMfa(organization, user) {
-				// The prompt page needs the user to be signed in
-				c.SetSessionUsername(user.GetId())
-				c.ResponseOk(object.RequiredMfa)
-				return
-			}
-
-			if user.IsMfaEnabled() {
-				c.setMfaUserSession(user.GetId())
-				c.ResponseOk(object.NextMfa, user.GetPreferredMfaProps(true))
-				return
-			}
-
-			resp = c.HandleLoggedIn(application, user, &authForm)
-
-			record := object.NewRecord(c.Ctx)
-			record.Organization = application.Organization
-			record.User = user.Name
-			util.SafeGoroutine(func() { object.AddRecord(record) })
-		}
-	} else if authForm.Provider != "" {
-		var application *object.Application
-		if authForm.ClientId != "" {
-			application, err = object.GetApplicationByClientId(authForm.ClientId)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		} else {
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-			return
-		}
-		organization, err := object.GetOrganization(util.GetId("admin", application.Organization))
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-		}
-
-		provider, err := object.GetProvider(util.GetId("admin", authForm.Provider))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providerItem := application.GetProviderItem(provider.Name)
-		if !providerItem.IsProviderVisible() {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s is not enabled for the application"), provider.Name))
-			return
-		}
-
-		userInfo := &idp.UserInfo{}
-		if provider.Category == "SAML" {
-			// SAML
-			userInfo.Id, err = object.ParseSamlResponse(authForm.SamlResponse, provider, c.Ctx.Request.Host)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		} else if provider.Category == "OAuth" || provider.Category == "Web3" {
-			// OAuth
-			idpInfo := object.FromProviderToIdpInfo(c.Ctx, provider)
-			idProvider := idp.GetIdProvider(idpInfo, authForm.RedirectUri)
-			if idProvider == nil {
-				c.ResponseError(fmt.Sprintf(c.T("storage:The provider type: %s is not supported"), provider.Type))
-				return
-			}
-
-			setHttpClient(idProvider, provider.Type)
-
-			if authForm.State != conf.GetConfigString("authState") && authForm.State != application.Name {
-				c.ResponseError(fmt.Sprintf(c.T("auth:State expected: %s, but got: %s"), conf.GetConfigString("authState"), authForm.State))
-				return
-			}
-
-			// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
-			token, err := idProvider.GetToken(authForm.Code)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			if !token.Valid() {
-				c.ResponseError(c.T("auth:Invalid token"))
-				return
-			}
-
-			userInfo, err = idProvider.GetUserInfo(token)
-			if err != nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:Failed to login in: %s"), err.Error()))
-				return
-			}
-		}
-
-		if authForm.Method == "signup" {
-			user := &object.User{}
-			if provider.Category == "SAML" {
-				user, err = object.GetUser(util.GetId(application.Organization, userInfo.Id))
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-			} else if provider.Category == "OAuth" || provider.Category == "Web3" {
-				user, err = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-			}
-
-			if user != nil && !user.IsDeleted {
-				// Sign in via OAuth (want to sign up but already have account)
-
-				if user.IsForbidden {
-					c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
-				}
-
-				resp = c.HandleLoggedIn(application, user, &authForm)
-
-				record := object.NewRecord(c.Ctx)
-				record.Organization = application.Organization
-				record.User = user.Name
-				util.SafeGoroutine(func() { object.AddRecord(record) })
-			} else if provider.Category == "OAuth" || provider.Category == "Web3" {
-				// Sign up via OAuth
-				if application.EnableLinkWithEmail {
-					if userInfo.Email != "" {
-						// Find existing user with Email
-						user, err = object.GetUserByField(application.Organization, "email", userInfo.Email)
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
-					}
-
-					if user == nil && userInfo.Phone != "" {
-						// Find existing user with phone number
-						user, err = object.GetUserByField(application.Organization, "phone", userInfo.Phone)
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
-					}
-				}
-
-				if user == nil || user.IsDeleted {
-					if !application.EnableSignUp {
-						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
-						return
-					}
-
-					if !providerItem.CanSignUp {
-						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
-						return
-					}
-
-					// Handle username conflicts
-					tmpUser, err := object.GetUser(util.GetId(application.Organization, userInfo.Username))
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
-					if tmpUser != nil {
-						uid, err := uuid.NewRandom()
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
-
-						uidStr := strings.Split(uid.String(), "-")
-						userInfo.Username = fmt.Sprintf("%s_%s", userInfo.Username, uidStr[1])
-					}
-
-					properties := map[string]string{}
-					count, err := object.GetUserCount(application.Organization, "", "", "")
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
-					properties["no"] = strconv.Itoa(int(count + 2))
-					initScore, err := organization.GetInitScore()
-					if err != nil {
-						c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
-						return
-					}
-
-					user = &object.User{
-						Owner:             application.Organization,
-						Name:              userInfo.Username,
-						CreatedTime:       util.GetCurrentTime(),
-						Id:                util.GenerateId(),
-						Type:              "normal-user",
-						DisplayName:       userInfo.DisplayName,
-						Avatar:            userInfo.AvatarUrl,
-						Address:           []string{},
-						Email:             userInfo.Email,
-						Phone:             userInfo.Phone,
-						CountryCode:       userInfo.CountryCode,
-						Region:            userInfo.CountryCode,
-						Score:             initScore,
-						IsAdmin:           false,
-						IsGlobalAdmin:     false,
-						IsForbidden:       false,
-						IsDeleted:         false,
-						SignupApplication: application.Name,
-						Properties:        properties,
-					}
-
-					affected, err := object.AddUser(user)
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
-					if !affected {
-						c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
-						return
-					}
-				}
-
-				// sync info from 3rd-party if possible
-				_, err := object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-
-				_, err = object.LinkUserAccount(user, provider.Type, userInfo.Id)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-
-				resp = c.HandleLoggedIn(application, user, &authForm)
-
-				record := object.NewRecord(c.Ctx)
-				record.Organization = application.Organization
-				record.User = user.Name
-				util.SafeGoroutine(func() { object.AddRecord(record) })
-
-				record2 := object.NewRecord(c.Ctx)
-				record2.Action = "signup"
-				record2.Organization = application.Organization
-				record2.User = user.Name
-				util.SafeGoroutine(func() { object.AddRecord(record2) })
-			} else if provider.Category == "SAML" {
-				resp = &Response{Status: "error", Msg: fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id))}
-			}
-			// resp = &Response{Status: "ok", Msg: "", Data: res}
-		} else { // authForm.Method != "signup"
-			userId := c.GetSessionUsername()
-			if userId == "" {
-				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id)), userInfo)
-				return
-			}
-
-			oldUser, err := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			if oldUser != nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)"), provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
-				return
-			}
-
-			user, err := object.GetUser(userId)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			// sync info from 3rd-party if possible
-			_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			isLinked, err := object.LinkUserAccount(user, provider.Type, userInfo.Id)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			if isLinked {
-				resp = &Response{Status: "ok", Msg: "", Data: isLinked}
-			} else {
-				resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}
-			}
-		}
-	} else if c.getMfaUserSession() != "" {
-		user, err := object.GetUser(c.getMfaUserSession())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if user == nil {
-			c.ResponseError("expired user session")
-			return
-		}
-
-		if authForm.Passcode != "" {
-			mfaUtil := object.GetMfaUtil(authForm.MfaType, user.GetPreferredMfaProps(false))
-			if mfaUtil == nil {
-				c.ResponseError("Invalid multi-factor authentication type")
-				return
-			}
-
-			err = mfaUtil.Verify(authForm.Passcode)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		} else if authForm.RecoveryCode != "" {
-			err = object.MfaRecover(user, authForm.RecoveryCode)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		} else {
-			c.ResponseError("missing passcode or recovery code")
-			return
-		}
-
-		application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-			return
-		}
-
-		resp = c.HandleLoggedIn(application, user, &authForm)
-		c.setMfaUserSession("")
-
-		record := object.NewRecord(c.Ctx)
-		record.Organization = application.Organization
-		record.User = user.Name
-		util.SafeGoroutine(func() { object.AddRecord(record) })
-	} else {
-		if c.GetSessionUsername() != "" {
-			// user already signed in to Casdoor, so let the user click the avatar button to do the quick sign-in
-			application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-				return
-			}
-
-			user := c.getCurrentUser()
-			resp = c.HandleLoggedIn(application, user, &authForm)
-
-			record := object.NewRecord(c.Ctx)
-			record.Organization = application.Organization
-			record.User = user.Name
-			util.SafeGoroutine(func() { object.AddRecord(record) })
-		} else {
-			c.ResponseError(fmt.Sprintf(c.T("auth:Unknown authentication type (not password or provider), form = %s"), util.StructToJson(authForm)))
-			return
-		}
-	}
-
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-func (c *ApiController) GetSamlLogin() {
-	providerId := c.Input().Get("id")
-	relayState := c.Input().Get("relayState")
-	authURL, method, err := object.GenerateSamlRequest(providerId, relayState, c.Ctx.Request.Host, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	c.ResponseOk(authURL, method)
-}
-
-func (c *ApiController) HandleSamlLogin() {
-	relayState := c.Input().Get("RelayState")
-	samlResponse := c.Input().Get("SAMLResponse")
-	decode, err := base64.StdEncoding.DecodeString(relayState)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	slice := strings.Split(string(decode), "&")
-	relayState = url.QueryEscape(relayState)
-	samlResponse = url.QueryEscape(samlResponse)
-	targetUrl := fmt.Sprintf("%s?relayState=%s&samlResponse=%s",
-		slice[4], relayState, samlResponse)
-	c.Redirect(targetUrl, 303)
-}
-
-// HandleOfficialAccountEvent ...
-// @Tag HandleOfficialAccountEvent API
-// @Title HandleOfficialAccountEvent
-// @router /api/webhook [POST]
-func (c *ApiController) HandleOfficialAccountEvent() {
-	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var data struct {
-		MsgType  string `xml:"MsgType"`
-		Event    string `xml:"Event"`
-		EventKey string `xml:"EventKey"`
-	}
-	err = xml.Unmarshal(respBytes, &data)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	lock.Lock()
-	defer lock.Unlock()
-	if data.EventKey != "" {
-		wechatScanType = data.Event
-		c.Ctx.WriteString("")
-	}
-}
-
-// GetWebhookEventType ...
-// @Tag GetWebhookEventType API
-// @Title GetWebhookEventType
-// @router /api/get-webhook-event [GET]
-func (c *ApiController) GetWebhookEventType() {
-	lock.Lock()
-	defer lock.Unlock()
-	resp := &Response{
-		Status: "ok",
-		Msg:    "",
-		Data:   wechatScanType,
-	}
-	c.Data["json"] = resp
-	wechatScanType = ""
-	c.ServeJSON()
-}
-
-// GetCaptchaStatus
-// @Title GetCaptchaStatus
-// @Tag Token API
-// @Description Get Login Error Counts
-// @Param   id     query    string  true        "The id ( owner/name ) of user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /api/get-captcha-status [get]
-func (c *ApiController) GetCaptchaStatus() {
-	organization := c.Input().Get("organization")
-	userId := c.Input().Get("user_id")
-	user, err := object.GetUserByFields(organization, userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var captchaEnabled bool
-	if user != nil && user.SigninWrongTimes >= object.SigninWrongTimesLimit {
-		captchaEnabled = true
-	}
-	c.ResponseOk(captchaEnabled)
-}
--- a/controllers/base.go
+++ b/controllers/base.go
@ -1,240 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"strings"
-	"time"
-
-	"github.com/beego/beego"
-	"github.com/beego/beego/logs"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// ApiController
-// controller for handlers under /api uri
-type ApiController struct {
-	beego.Controller
-}
-
-// RootController
-// controller for handlers directly under / (root)
-type RootController struct {
-	ApiController
-}
-
-type SessionData struct {
-	ExpireTime int64
-}
-
-func (c *ApiController) IsGlobalAdmin() bool {
-	isGlobalAdmin, _ := c.isGlobalAdmin()
-
-	return isGlobalAdmin
-}
-
-func (c *ApiController) IsAdmin() bool {
-	isGlobalAdmin, user := c.isGlobalAdmin()
-	if !isGlobalAdmin && user == nil {
-		return false
-	}
-
-	return isGlobalAdmin || user.IsAdmin
-}
-
-func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
-	isGlobalAdmin, user := c.isGlobalAdmin()
-	if isGlobalAdmin || (user != nil && user.IsAdmin) {
-		return true
-	}
-
-	if user.Owner == user2.Owner && user.Name == user2.Name {
-		return true
-	}
-	return false
-}
-
-func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
-	username := c.GetSessionUsername()
-	if strings.HasPrefix(username, "app/") {
-		// e.g., "app/app-casnode"
-		return true, nil
-	}
-
-	user := c.getCurrentUser()
-	if user == nil {
-		return false, nil
-	}
-
-	return user.Owner == "built-in" || user.IsGlobalAdmin, user
-}
-
-func (c *ApiController) getCurrentUser() *object.User {
-	var user *object.User
-	var err error
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		user = nil
-	} else {
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return nil
-		}
-	}
-	return user
-}
-
-// GetSessionUsername ...
-func (c *ApiController) GetSessionUsername() string {
-	// check if user session expired
-	sessionData := c.GetSessionData()
-
-	if sessionData != nil &&
-		sessionData.ExpireTime != 0 &&
-		sessionData.ExpireTime < time.Now().Unix() {
-		c.ClearUserSession()
-		return ""
-	}
-
-	user := c.GetSession("username")
-	if user == nil {
-		return ""
-	}
-
-	return user.(string)
-}
-
-func (c *ApiController) GetSessionApplication() *object.Application {
-	clientId := c.GetSession("aud")
-	if clientId == nil {
-		return nil
-	}
-	application, err := object.GetApplicationByClientId(clientId.(string))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return nil
-	}
-
-	return application
-}
-
-func (c *ApiController) ClearUserSession() {
-	c.SetSessionUsername("")
-	c.SetSessionData(nil)
-}
-
-func (c *ApiController) GetSessionOidc() (string, string) {
-	sessionData := c.GetSessionData()
-	if sessionData != nil &&
-		sessionData.ExpireTime != 0 &&
-		sessionData.ExpireTime < time.Now().Unix() {
-		c.ClearUserSession()
-		return "", ""
-	}
-	scopeValue := c.GetSession("scope")
-	audValue := c.GetSession("aud")
-	var scope, aud string
-	var ok bool
-	if scope, ok = scopeValue.(string); !ok {
-		scope = ""
-	}
-	if aud, ok = audValue.(string); !ok {
-		aud = ""
-	}
-	return scope, aud
-}
-
-// SetSessionUsername ...
-func (c *ApiController) SetSessionUsername(user string) {
-	c.SetSession("username", user)
-}
-
-// GetSessionData ...
-func (c *ApiController) GetSessionData() *SessionData {
-	session := c.GetSession("SessionData")
-	if session == nil {
-		return nil
-	}
-
-	sessionData := &SessionData{}
-	err := util.JsonToStruct(session.(string), sessionData)
-	if err != nil {
-		logs.Error("GetSessionData failed, error: %s", err)
-		return nil
-	}
-
-	return sessionData
-}
-
-// SetSessionData ...
-func (c *ApiController) SetSessionData(s *SessionData) {
-	if s == nil {
-		c.DelSession("SessionData")
-		return
-	}
-
-	c.SetSession("SessionData", util.StructToJson(s))
-}
-
-func (c *ApiController) setMfaUserSession(userId string) {
-	c.SetSession(object.MfaSessionUserId, userId)
-}
-
-func (c *ApiController) getMfaUserSession() string {
-	userId := c.Ctx.Input.CruSession.Get(object.MfaSessionUserId)
-	if userId == nil {
-		return ""
-	}
-	return userId.(string)
-}
-
-func (c *ApiController) setExpireForSession() {
-	timestamp := time.Now().Unix()
-	timestamp += 3600 * 24
-	c.SetSessionData(&SessionData{
-		ExpireTime: timestamp,
-	})
-}
-
-func wrapActionResponse(affected bool, e ...error) *Response {
-	if len(e) != 0 && e[0] != nil {
-		return &Response{Status: "error", Msg: e[0].Error()}
-	} else if affected {
-		return &Response{Status: "ok", Msg: "", Data: "Affected"}
-	} else {
-		return &Response{Status: "ok", Msg: "", Data: "Unaffected"}
-	}
-}
-
-func wrapErrorResponse(err error) *Response {
-	if err == nil {
-		return &Response{Status: "ok", Msg: ""}
-	} else {
-		return &Response{Status: "error", Msg: err.Error()}
-	}
-}
-
-func (c *ApiController) Finish() {
-	if strings.HasPrefix(c.Ctx.Input.URL(), "/api") {
-		startTime := c.Ctx.Input.GetData("startTime")
-		if startTime != nil {
-			latency := time.Since(startTime.(time.Time)).Milliseconds()
-			object.ApiLatency.WithLabelValues(c.Ctx.Input.URL(), c.Ctx.Input.Method()).Observe(float64(latency))
-		}
-	}
-	c.Controller.Finish()
-}
--- a/controllers/cas.go
+++ b/controllers/cas.go
@ -1,274 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/xml"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-const (
-	InvalidRequest           string = "INVALID_REQUEST"
-	InvalidTicketSpec        string = "INVALID_TICKET_SPEC"
-	UnauthorizedServiceProxy string = "UNAUTHORIZED_SERVICE_PROXY"
-	InvalidProxyCallback     string = "INVALID_PROXY_CALLBACK"
-	InvalidTicket            string = "INVALID_TICKET"
-	InvalidService           string = "INVALID_SERVICE"
-	InternalError            string = "INTERNAL_ERROR"
-	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
-)
-
-func (c *RootController) CasValidate() {
-	ticket := c.Input().Get("ticket")
-	service := c.Input().Get("service")
-	c.Ctx.Output.Header("Content-Type", "text/html; charset=utf-8")
-	if service == "" || ticket == "" {
-		c.Ctx.Output.Body([]byte("no\n"))
-		return
-	}
-	if ok, response, issuedService, _ := object.GetCasTokenByTicket(ticket); ok {
-		// check whether service is the one for which we previously issued token
-		if issuedService == service {
-			c.Ctx.Output.Body([]byte(fmt.Sprintf("yes\n%s\n", response.User)))
-			return
-		}
-	}
-	// token not found
-	c.Ctx.Output.Body([]byte("no\n"))
-}
-
-func (c *RootController) CasServiceValidate() {
-	ticket := c.Input().Get("ticket")
-	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "ST") {
-		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
-	}
-	c.CasP3ServiceAndProxyValidate()
-}
-
-func (c *RootController) CasProxyValidate() {
-	ticket := c.Input().Get("ticket")
-	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "PT") {
-		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
-	}
-	c.CasP3ServiceAndProxyValidate()
-}
-
-func queryUnescape(service string) string {
-	s, _ := url.QueryUnescape(service)
-	return s
-}
-
-func (c *RootController) CasP3ServiceAndProxyValidate() {
-	ticket := c.Input().Get("ticket")
-	format := c.Input().Get("format")
-	service := c.Input().Get("service")
-	pgtUrl := c.Input().Get("pgtUrl")
-
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-	}
-
-	// check whether all required parameters are met
-	if service == "" || ticket == "" {
-		c.sendCasAuthenticationResponseErr(InvalidRequest, "service and ticket must exist", format)
-		return
-	}
-	ok, response, issuedService, userId := object.GetCasTokenByTicket(ticket)
-	// find the token
-	if ok {
-		// check whether service is the one for which we previously issued token
-		if strings.HasPrefix(service, issuedService) || strings.HasPrefix(queryUnescape(service), issuedService) {
-			serviceResponse.Success = response
-		} else {
-			// service not match
-			c.sendCasAuthenticationResponseErr(InvalidService, fmt.Sprintf("service %s and %s does not match", service, issuedService), format)
-			return
-		}
-	} else {
-		// token not found
-		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
-		return
-	}
-
-	if pgtUrl != "" && serviceResponse.Failure == nil {
-		// that means we are in proxy web flow
-		pgt := object.StoreCasTokenForPgt(serviceResponse.Success, service, userId)
-		pgtiou := serviceResponse.Success.ProxyGrantingTicket
-		// todo: check whether it is https
-		pgtUrlObj, err := url.Parse(pgtUrl)
-		if pgtUrlObj.Scheme != "https" {
-			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
-			return
-		}
-		// make a request to pgturl passing pgt and pgtiou
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
-			return
-		}
-		param := pgtUrlObj.Query()
-		param.Add("pgtId", pgt)
-		param.Add("pgtIou", pgtiou)
-		pgtUrlObj.RawQuery = param.Encode()
-
-		request, err := http.NewRequest("GET", pgtUrlObj.String(), nil)
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
-			return
-		}
-
-		resp, err := http.DefaultClient.Do(request)
-		if err != nil || !(resp.StatusCode >= 200 && resp.StatusCode < 400) {
-			// failed to send request
-			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
-			return
-		}
-	}
-	// everything is ok, send the response
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
-
-func (c *RootController) CasProxy() {
-	pgt := c.Input().Get("pgt")
-	targetService := c.Input().Get("targetService")
-	format := c.Input().Get("format")
-	if pgt == "" || targetService == "" {
-		c.sendCasProxyResponseErr(InvalidRequest, "pgt and targetService must exist", format)
-		return
-	}
-
-	ok, authenticationSuccess, issuedService, userId := object.GetCasTokenByPgt(pgt)
-	if !ok {
-		c.sendCasProxyResponseErr(UnauthorizedService, "service not authorized", format)
-		return
-	}
-
-	newAuthenticationSuccess := authenticationSuccess.DeepCopy()
-	if newAuthenticationSuccess.Proxies == nil {
-		newAuthenticationSuccess.Proxies = &object.CasProxies{}
-	}
-	newAuthenticationSuccess.Proxies.Proxies = append(newAuthenticationSuccess.Proxies.Proxies, issuedService)
-	proxyTicket := object.StoreCasTokenForProxyTicket(&newAuthenticationSuccess, targetService, userId)
-
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-		ProxySuccess: &object.CasProxySuccess{
-			ProxyTicket: proxyTicket,
-		},
-	}
-
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
-
-func (c *RootController) SamlValidate() {
-	c.Ctx.Output.Header("Content-Type", "text/xml; charset=utf-8")
-	target := c.Input().Get("TARGET")
-	body := c.Ctx.Input.RequestBody
-	envelopRequest := struct {
-		XMLName xml.Name `xml:"Envelope"`
-		Body    struct {
-			XMLName xml.Name `xml:"Body"`
-			Content string   `xml:",innerxml"`
-		}
-	}{}
-
-	err := xml.Unmarshal(body, &envelopRequest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	response, service, err := object.GetValidationBySaml(envelopRequest.Body.Content, c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !strings.HasPrefix(target, service) {
-		c.ResponseError(fmt.Sprintf(c.T("cas:Service %s and %s do not match"), target, service))
-		return
-	}
-
-	envelopResponse := struct {
-		XMLName xml.Name `xml:"SOAP-ENV:Envelope"`
-		Xmlns   string   `xml:"xmlns:SOAP-ENV"`
-		Body    struct {
-			XMLName xml.Name `xml:"SOAP-ENV:Body"`
-			Content string   `xml:",innerxml"`
-		}
-	}{}
-	envelopResponse.Xmlns = "http://schemas.xmlsoap.org/soap/envelope/"
-	envelopResponse.Body.Content = response
-
-	data, err := xml.Marshal(envelopResponse)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Ctx.Output.Body(data)
-}
-
-func (c *RootController) sendCasProxyResponseErr(code, msg, format string) {
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-		ProxyFailure: &object.CasProxyFailure{
-			Code:    code,
-			Message: msg,
-		},
-	}
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
-
-func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format string) {
-	serviceResponse := object.CasServiceResponse{
-		Xmlns: "http://www.yale.edu/tp/cas",
-		Failure: &object.CasAuthenticationFailure{
-			Code:    code,
-			Message: msg,
-		},
-	}
-
-	if format == "json" {
-		c.Data["json"] = serviceResponse
-		c.ServeJSON()
-	} else {
-		c.Data["xml"] = serviceResponse
-		c.ServeXML()
-	}
-}
--- a/controllers/casbin_api.go
+++ b/controllers/casbin_api.go
@ -1,262 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// Enforce
-// @Title Enforce
-// @Tag Enforce API
-// @Description Call Casbin Enforce API
-// @Param   body    body   object.CasbinRequest  true   "Casbin request"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Param   resourceId    query   string  false   "resource id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /enforce [post]
-func (c *ApiController) Enforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-	resourceId := c.Input().Get("resourceId")
-	enforcerId := c.Input().Get("enforcerId")
-
-	var request object.CasbinRequest
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if enforcerId != "" {
-		enforcer, err := object.GetInitializedEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res, err := enforcer.Enforce(request...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := []bool{}
-
-		if permission == nil {
-			res = append(res, false)
-		} else {
-			enforceResult, err := object.Enforce(permission, &request)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			res = append(res, enforceResult)
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if resourceId != "" {
-		permissions, err = object.GetPermissionsByResource(resourceId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := []bool{}
-
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for _, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.Enforce(firstPermission, &request, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-	}
-
-	c.ResponseOk(res)
-}
-
-// BatchEnforce
-// @Title BatchEnforce
-// @Tag Enforce API
-// @Description Call Casbin BatchEnforce API
-// @Param   body    body   object.CasbinRequest  true   "array of casbin requests"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /batch-enforce [post]
-func (c *ApiController) BatchEnforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-	enforcerId := c.Input().Get("enforcerId")
-
-	var requests []object.CasbinRequest
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if enforcerId != "" {
-		enforcer, err := object.GetInitializedEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res, err := enforcer.BatchEnforce(requests)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := [][]bool{}
-
-		if permission == nil {
-			l := len(requests)
-			resRequest := make([]bool, l)
-			for i := 0; i < l; i++ {
-				resRequest[i] = false
-			}
-
-			res = append(res, resRequest)
-		} else {
-			enforceResult, err := object.BatchEnforce(permission, &requests)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			res = append(res, enforceResult)
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := [][]bool{}
-
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for _, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.BatchEnforce(firstPermission, &requests, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-	}
-
-	c.ResponseOk(res)
-}
-
-func (c *ApiController) GetAllObjects() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	c.ResponseOk(object.GetAllObjects(userId))
-}
-
-func (c *ApiController) GetAllActions() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	c.ResponseOk(object.GetAllActions(userId))
-}
-
-func (c *ApiController) GetAllRoles() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	c.ResponseOk(object.GetAllRoles(userId))
-}
--- a/controllers/cert.go
+++ b/controllers/cert.go
@ -1,185 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetCerts
-// @Title GetCerts
-// @Tag Cert API
-// @Description get certs
-// @Param   owner     query    string  true        "The owner of certs"
-// @Success 200 {array} object.Cert The Response object
-// @router /get-certs [get]
-func (c *ApiController) GetCerts() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		maskedCerts, err := object.GetMaskedCerts(object.GetCerts(owner))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedCerts)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetCertCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(certs, paginator.Nums())
-	}
-}
-
-// GetGlobleCerts
-// @Title GetGlobleCerts
-// @Tag Cert API
-// @Description get globle certs
-// @Success 200 {array} object.Cert The Response object
-// @router /get-globle-certs [get]
-func (c *ApiController) GetGlobleCerts() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		maskedCerts, err := object.GetMaskedCerts(object.GetGlobleCerts())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedCerts)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalCertsCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(certs, paginator.Nums())
-	}
-}
-
-// GetCert
-// @Title GetCert
-// @Tag Cert API
-// @Description get cert
-// @Param   id     query    string  true        "The id ( owner/name ) of the cert"
-// @Success 200 {object} object.Cert The Response object
-// @router /get-cert [get]
-func (c *ApiController) GetCert() {
-	id := c.Input().Get("id")
-	cert, err := object.GetCert(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedCert(cert))
-}
-
-// UpdateCert
-// @Title UpdateCert
-// @Tag Cert API
-// @Description update cert
-// @Param   id     query    string  true        "The id ( owner/name ) of the cert"
-// @Param   body    body   object.Cert  true        "The details of the cert"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-cert [post]
-func (c *ApiController) UpdateCert() {
-	id := c.Input().Get("id")
-
-	var cert object.Cert
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateCert(id, &cert))
-	c.ServeJSON()
-}
-
-// AddCert
-// @Title AddCert
-// @Tag Cert API
-// @Description add cert
-// @Param   body    body   object.Cert  true        "The details of the cert"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-cert [post]
-func (c *ApiController) AddCert() {
-	var cert object.Cert
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddCert(&cert))
-	c.ServeJSON()
-}
-
-// DeleteCert
-// @Title DeleteCert
-// @Tag Cert API
-// @Description delete cert
-// @Param   body    body   object.Cert  true        "The details of the cert"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-cert [post]
-func (c *ApiController) DeleteCert() {
-	var cert object.Cert
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteCert(&cert))
-	c.ServeJSON()
-}
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@ -1,145 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetEnforcers
-// @Title GetEnforcers
-// @Tag Enforcer API
-// @Description get enforcers
-// @Param   owner     query    string  true        "The owner of enforcers"
-// @Success 200 {array} object.Enforcer
-// @router /get-enforcers [get]
-func (c *ApiController) GetEnforcers() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		enforcers, err := object.GetEnforcers(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(enforcers)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetEnforcerCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		enforcers, err := object.GetPaginationEnforcers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(enforcers, paginator.Nums())
-	}
-}
-
-// GetEnforcer
-// @Title GetEnforcer
-// @Tag Enforcer API
-// @Description get enforcer
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Success 200 {object} object
-// @router /get-enforcer [get]
-func (c *ApiController) GetEnforcer() {
-	id := c.Input().Get("id")
-
-	enforcer, err := object.GetEnforcer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(enforcer)
-}
-
-// UpdateEnforcer
-// @Title UpdateEnforcer
-// @Tag Enforcer API
-// @Description update enforcer
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object
-// @router /update-enforcer [post]
-func (c *ApiController) UpdateEnforcer() {
-	id := c.Input().Get("id")
-
-	enforcer := object.Enforcer{}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateEnforcer(id, &enforcer))
-	c.ServeJSON()
-}
-
-// AddEnforcer
-// @Title AddEnforcer
-// @Tag Enforcer API
-// @Description add enforcer
-// @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object
-// @router /add-enforcer [post]
-func (c *ApiController) AddEnforcer() {
-	enforcer := object.Enforcer{}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddEnforcer(&enforcer))
-	c.ServeJSON()
-}
-
-// DeleteEnforcer
-// @Title DeleteEnforcer
-// @Tag Enforcer API
-// @Description delete enforcer
-// @Param   body    body    object.Enforce  true      "The enforcer object"
-// @Success 200 {object} object
-// @router /delete-enforcer [post]
-func (c *ApiController) DeleteEnforcer() {
-	var enforcer object.Enforcer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteEnforcer(&enforcer))
-	c.ServeJSON()
-}
--- a/controllers/group.go
+++ b/controllers/group.go
@ -1,148 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGroups
-// @Title GetGroups
-// @Tag Group API
-// @Description get groups
-// @Param   owner     query    string  true        "The owner of groups"
-// @Success 200 {array} object.Group The Response object
-// @router /get-groups [get]
-func (c *ApiController) GetGroups() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	withTree := c.Input().Get("withTree")
-
-	if limit == "" || page == "" {
-		groups, err := object.GetGroups(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			if withTree == "true" {
-				c.ResponseOk(object.ConvertToTreeData(groups, owner))
-				return
-			}
-			c.ResponseOk(groups)
-		}
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGroupCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		groups, err := object.GetPaginationGroups(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			c.ResponseOk(groups, paginator.Nums())
-		}
-	}
-}
-
-// GetGroup
-// @Title GetGroup
-// @Tag Group API
-// @Description get group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Success 200 {object} object.Group The Response object
-// @router /get-group [get]
-func (c *ApiController) GetGroup() {
-	id := c.Input().Get("id")
-
-	group, err := object.GetGroup(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.ResponseOk(group)
-}
-
-// UpdateGroup
-// @Title UpdateGroup
-// @Tag Group API
-// @Description update group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-group [post]
-func (c *ApiController) UpdateGroup() {
-	id := c.Input().Get("id")
-
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateGroup(id, &group))
-	c.ServeJSON()
-}
-
-// AddGroup
-// @Title AddGroup
-// @Tag Group API
-// @Description add group
-// @Param   body    body   object.Group  true      "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-group [post]
-func (c *ApiController) AddGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddGroup(&group))
-	c.ServeJSON()
-}
-
-// DeleteGroup
-// @Title DeleteGroup
-// @Tag Group API
-// @Description delete group
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-group [post]
-func (c *ApiController) DeleteGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteGroup(&group))
-	c.ServeJSON()
-}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@ -1,277 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-type LdapResp struct {
-	// Groups []LdapRespGroup `json:"groups"`
-	Users      []object.LdapUser `json:"users"`
-	ExistUuids []string          `json:"existUuids"`
-}
-
-//type LdapRespGroup struct {
-//	GroupId   string
-//	GroupName string
-//}
-
-type LdapSyncResp struct {
-	Exist  []object.LdapUser `json:"exist"`
-	Failed []object.LdapUser `json:"failed"`
-}
-
-// GetLdapUsers
-// @Title GetLdapser
-// @Tag Account API
-// @Description get ldap users
-// Param	id	string	true	"id"
-// @Success 200 {object} LdapResp The Response object
-// @router /get-ldap-users [get]
-func (c *ApiController) GetLdapUsers() {
-	id := c.Input().Get("id")
-
-	_, ldapId := util.GetOwnerAndNameFromId(id)
-	ldapServer, err := object.GetLdap(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	conn, err := ldapServer.GetLdapConn()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
-	//if err != nil {
-	//  c.ResponseError(err.Error())
-	//	return
-	//}
-
-	//for _, group := range groupsMap {
-	//	resp.Groups = append(resp.Groups, LdapRespGroup{
-	//		GroupId:   group.GidNumber,
-	//		GroupName: group.Cn,
-	//	})
-	//}
-
-	users, err := conn.GetLdapUsers(ldapServer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	uuids := make([]string, len(users))
-	for i, user := range users {
-		uuids[i] = user.GetLdapUuid()
-	}
-	existUuids, err := object.GetExistUuids(ldapServer.Owner, uuids)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	resp := LdapResp{
-		Users:      object.AutoAdjustLdapUser(users),
-		ExistUuids: existUuids,
-	}
-	c.ResponseOk(resp)
-}
-
-// GetLdaps
-// @Title GetLdaps
-// @Tag Account API
-// @Description get ldaps
-// @Param	owner	query	string	false	"owner"
-// @Success 200 {array} object.Ldap The Response object
-// @router /get-ldaps [get]
-func (c *ApiController) GetLdaps() {
-	owner := c.Input().Get("owner")
-
-	c.ResponseOk(object.GetMaskedLdaps(object.GetLdaps(owner)))
-}
-
-// GetLdap
-// @Title GetLdap
-// @Tag Account API
-// @Description get ldap
-// @Param	id	query	string	true	"id"
-// @Success 200 {object} object.Ldap The Response object
-// @router /get-ldap [get]
-func (c *ApiController) GetLdap() {
-	id := c.Input().Get("id")
-
-	if util.IsStringsEmpty(id) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	_, name := util.GetOwnerAndNameFromId(id)
-	ldap, err := object.GetLdap(name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.ResponseOk(object.GetMaskedLdap(ldap))
-}
-
-// AddLdap
-// @Title AddLdap
-// @Tag Account API
-// @Description add ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-ldap [post]
-func (c *ApiController) AddLdap() {
-	var ldap object.Ldap
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	if ok, err := object.CheckLdapExist(&ldap); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if ok {
-		c.ResponseError(c.T("ldap:Ldap server exist"))
-		return
-	}
-
-	resp := wrapActionResponse(object.AddLdap(&ldap))
-	resp.Data2 = ldap
-
-	if ldap.AutoSync != 0 {
-		err = object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-// UpdateLdap
-// @Title UpdateLdap
-// @Tag Account API
-// @Description update ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-ldap [post]
-func (c *ApiController) UpdateLdap() {
-	var ldap object.Ldap
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	prevLdap, err := object.GetLdap(ldap.Id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdateLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if ldap.AutoSync != 0 {
-		err := object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if ldap.AutoSync == 0 && prevLdap.AutoSync != 0 {
-		object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
-	}
-
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-// DeleteLdap
-// @Title DeleteLdap
-// @Tag Account API
-// @Description delete ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-ldap [post]
-func (c *ApiController) DeleteLdap() {
-	var ldap object.Ldap
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.DeleteLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
-
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-// SyncLdapUsers
-// @Title SyncLdapUsers
-// @Tag Account API
-// @Description sync ldap users
-// @Param	id	query	string		true	"id"
-// @Success 200 {object} LdapSyncResp The Response object
-// @router /sync-ldap-users [post]
-func (c *ApiController) SyncLdapUsers() {
-	id := c.Input().Get("id")
-
-	owner, ldapId := util.GetOwnerAndNameFromId(id)
-	var users []object.LdapUser
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.UpdateLdapSyncTime(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)
-
-	c.ResponseOk(&LdapSyncResp{
-		Exist:  exist,
-		Failed: failed,
-	})
-}
--- a/controllers/link.go
+++ b/controllers/link.go
@ -1,109 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-type LinkForm struct {
-	ProviderType string      `json:"providerType"`
-	User         object.User `json:"user"`
-}
-
-// Unlink ...
-// @router /unlink [post]
-// @Tag Login API
-func (c *ApiController) Unlink() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	var form LinkForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	providerType := form.ProviderType
-
-	// the user will be unlinked from the provider
-	unlinkedUser := form.User
-
-	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
-		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
-		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
-		return
-	}
-
-	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin {
-		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
-		application, err := object.GetApplicationByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
-			return
-		}
-
-		if len(application.Providers) == 0 {
-			c.ResponseError(c.T("link:This application has no providers"))
-			return
-		}
-
-		provider := application.GetProviderItemByType(providerType)
-		if provider == nil {
-			c.ResponseError(c.T("link:This application has no providers of type") + providerType)
-			return
-		}
-
-		if !provider.CanUnlink {
-			c.ResponseError(c.T("link:This provider can't be unlinked"))
-			return
-		}
-
-	}
-
-	// only two situations can happen here
-	// 1. the user is the global admin
-	// 2. the user is unlinking themselves and provider can be unlinked
-
-	value := object.GetUserField(&unlinkedUser, providerType)
-
-	if value == "" {
-		c.ResponseError(c.T("link:Please link first"), value)
-		return
-	}
-
-	_, err = object.ClearUserOAuthProperties(&unlinkedUser, providerType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, err = object.LinkUserAccount(&unlinkedUser, providerType, "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@ -1,203 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"net/http"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// MfaSetupInitiate
-// @Title MfaSetupInitiate
-// @Tag MFA API
-// @Description setup MFA
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @param type	form	string	true	"MFA auth type"
-// @Success 200 {object} controllers.Response The Response object
-// @router /mfa/setup/initiate [post]
-func (c *ApiController) MfaSetupInitiate() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	userId := util.GetId(owner, name)
-
-	if len(userId) == 0 {
-		c.ResponseError(http.StatusText(http.StatusBadRequest))
-		return
-	}
-
-	MfaUtil := object.GetMfaUtil(mfaType, nil)
-	if MfaUtil == nil {
-		c.ResponseError("Invalid auth type")
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	mfaProps, err := MfaUtil.Initiate(c.Ctx, user.GetId())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	resp := mfaProps
-	c.ResponseOk(resp)
-}
-
-// MfaSetupVerify
-// @Title MfaSetupVerify
-// @Tag MFA API
-// @Description setup verify totp
-// @param	secret		form	string	true	"MFA secret"
-// @param	passcode	form 	string 	true	"MFA passcode"
-// @Success 200 {object}  Response object
-// @router /mfa/setup/verify [post]
-func (c *ApiController) MfaSetupVerify() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	passcode := c.Ctx.Request.Form.Get("passcode")
-
-	if mfaType == "" || passcode == "" {
-		c.ResponseError("missing auth type or passcode")
-		return
-	}
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
-
-	err := mfaUtil.SetupVerify(c.Ctx, passcode)
-	if err != nil {
-		c.ResponseError(err.Error())
-	} else {
-		c.ResponseOk(http.StatusText(http.StatusOK))
-	}
-}
-
-// MfaSetupEnable
-// @Title MfaSetupEnable
-// @Tag MFA API
-// @Description enable totp
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @param type	form	string	true	"MFA auth type"
-// @Success 200 {object}  Response object
-// @router /mfa/setup/enable [post]
-func (c *ApiController) MfaSetupEnable() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-
-	user, err := object.GetUser(util.GetId(owner, name))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
-
-	err = mfaUtil.Enable(c.Ctx, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(http.StatusText(http.StatusOK))
-}
-
-// DeleteMfa
-// @Title DeleteMfa
-// @Tag MFA API
-// @Description: Delete MFA
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @Success 200 {object}  Response object
-// @router /delete-mfa/ [post]
-func (c *ApiController) DeleteMfa() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	userId := util.GetId(owner, name)
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	err = object.DisabledMultiFactorAuth(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetAllMfaProps(user, true))
-}
-
-// SetPreferredMfa
-// @Title SetPreferredMfa
-// @Tag MFA API
-// @Description: Set specific Mfa Preferred
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @param id	form	string	true	"id of user's MFA props"
-// @Success 200 {object}  Response object
-// @router /set-preferred-mfa [post]
-func (c *ApiController) SetPreferredMfa() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	userId := util.GetId(owner, name)
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	err = object.SetPreferredMultiFactorAuth(user, mfaType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.ResponseOk(object.GetAllMfaProps(user, true))
-}
--- a/controllers/model.go
+++ b/controllers/model.go
@ -1,145 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetModels
-// @Title GetModels
-// @Tag Model API
-// @Description get models
-// @Param   owner     query    string  true        "The owner of models"
-// @Success 200 {array} object.Model The Response object
-// @router /get-models [get]
-func (c *ApiController) GetModels() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		models, err := object.GetModels(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(models)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetModelCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		models, err := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(models, paginator.Nums())
-	}
-}
-
-// GetModel
-// @Title GetModel
-// @Tag Model API
-// @Description get model
-// @Param   id     query    string  true        "The id ( owner/name ) of the model"
-// @Success 200 {object} object.Model The Response object
-// @router /get-model [get]
-func (c *ApiController) GetModel() {
-	id := c.Input().Get("id")
-
-	model, err := object.GetModel(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(model)
-}
-
-// UpdateModel
-// @Title UpdateModel
-// @Tag Model API
-// @Description update model
-// @Param   id     query    string  true        "The id ( owner/name ) of the model"
-// @Param   body    body   object.Model  true        "The details of the model"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-model [post]
-func (c *ApiController) UpdateModel() {
-	id := c.Input().Get("id")
-
-	var model object.Model
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapErrorResponse(object.UpdateModelWithCheck(id, &model))
-	c.ServeJSON()
-}
-
-// AddModel
-// @Title AddModel
-// @Tag Model API
-// @Description add model
-// @Param   body    body   object.Model  true        "The details of the model"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-model [post]
-func (c *ApiController) AddModel() {
-	var model object.Model
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddModel(&model))
-	c.ServeJSON()
-}
-
-// DeleteModel
-// @Title DeleteModel
-// @Tag Model API
-// @Description delete model
-// @Param   body    body   object.Model  true        "The details of the model"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-model [post]
-func (c *ApiController) DeleteModel() {
-	var model object.Model
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteModel(&model))
-	c.ServeJSON()
-}
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@ -1,44 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import "github.com/casdoor/casdoor/object"
-
-// GetOidcDiscovery
-// @Title GetOidcDiscovery
-// @Tag OIDC API
-// @Description Get Oidc Discovery
-// @Success 200 {object} object.OidcDiscovery
-// @router /.well-known/openid-configuration [get]
-func (c *RootController) GetOidcDiscovery() {
-	host := c.Ctx.Request.Host
-	c.Data["json"] = object.GetOidcDiscovery(host)
-	c.ServeJSON()
-}
-
-// GetJwks
-// @Title GetJwks
-// @Tag OIDC API
-// @Success 200 {object} jose.JSONWebKey
-// @router /.well-known/jwks [get]
-func (c *RootController) GetJwks() {
-	jwks, err := object.GetJsonWebKeySet()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = jwks
-	c.ServeJSON()
-}
--- a/controllers/organization.go
+++ b/controllers/organization.go
@ -1,223 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetOrganizations ...
-// @Title GetOrganizations
-// @Tag Organization API
-// @Description get organizations
-// @Param   owner     query    string  true        "owner"
-// @Success 200 {array} object.Organization The Response object
-// @router /get-organizations [get]
-func (c *ApiController) GetOrganizations() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organizationName := c.Input().Get("organizationName")
-
-	isGlobalAdmin := c.IsGlobalAdmin()
-	if limit == "" || page == "" {
-		var maskedOrganizations []*object.Organization
-		var err error
-
-		if isGlobalAdmin {
-			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner))
-		} else {
-			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-		}
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedOrganizations)
-	} else {
-		if !isGlobalAdmin {
-			maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedOrganizations)
-		} else {
-			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, field, value)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			paginator := pagination.SetPaginator(c.Ctx, limit, count)
-			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, organizationName, paginator.Offset(), limit, field, value, sortField, sortOrder))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			c.ResponseOk(organizations, paginator.Nums())
-		}
-	}
-}
-
-// GetOrganization ...
-// @Title GetOrganization
-// @Tag Organization API
-// @Description get organization
-// @Param   id     query    string  true        "organization id"
-// @Success 200 {object} object.Organization The Response object
-// @router /get-organization [get]
-func (c *ApiController) GetOrganization() {
-	id := c.Input().Get("id")
-	maskedOrganization, err := object.GetMaskedOrganization(object.GetOrganization(id))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(maskedOrganization)
-}
-
-// UpdateOrganization ...
-// @Title UpdateOrganization
-// @Tag Organization API
-// @Description update organization
-// @Param   id     query    string  true        "The id ( owner/name ) of the organization"
-// @Param   body    body   object.Organization  true        "The details of the organization"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-organization [post]
-func (c *ApiController) UpdateOrganization() {
-	id := c.Input().Get("id")
-
-	var organization object.Organization
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization))
-	c.ServeJSON()
-}
-
-// AddOrganization ...
-// @Title AddOrganization
-// @Tag Organization API
-// @Description add organization
-// @Param   body    body   object.Organization  true        "The details of the organization"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-organization [post]
-func (c *ApiController) AddOrganization() {
-	var organization object.Organization
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count, err := object.GetOrganizationCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err = checkQuotaForOrganization(int(count)); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
-	c.ServeJSON()
-}
-
-// DeleteOrganization ...
-// @Title DeleteOrganization
-// @Tag Organization API
-// @Description delete organization
-// @Param   body    body   object.Organization  true        "The details of the organization"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-organization [post]
-func (c *ApiController) DeleteOrganization() {
-	var organization object.Organization
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteOrganization(&organization))
-	c.ServeJSON()
-}
-
-// GetDefaultApplication ...
-// @Title GetDefaultApplication
-// @Tag Organization API
-// @Description get default application
-// @Param   id     query    string  true        "organization id"
-// @Success 200 {object}  Response The Response object
-// @router /get-default-application [get]
-func (c *ApiController) GetDefaultApplication() {
-	userId := c.GetSessionUsername()
-	id := c.Input().Get("id")
-	redirectUri := c.Input().Get("redirectUri")
-	typ := c.Input().Get("type")
-
-	application, err := object.GetDefaultApplication(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if typ == "cas" {
-		err = object.CheckCasRestrict(application, c.GetAcceptLanguage(), redirectUri)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	maskedApplication := object.GetMaskedApplication(application, userId)
-	c.ResponseOk(maskedApplication)
-}
-
-// GetOrganizationNames ...
-// @Title GetOrganizationNames
-// @Tag Organization API
-// @Param   owner     query    string    true   "owner"
-// @Description get all organization name and displayName
-// @Success 200 {array} object.Organization The Response object
-// @router /get-organization-names [get]
-func (c *ApiController) GetOrganizationNames() {
-	owner := c.Input().Get("owner")
-	organizationNames, err := object.GetOrganizationsByFields(owner, []string{"name", "display_name"}...)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(organizationNames)
-}
--- a/controllers/payment.go
+++ b/controllers/payment.go
@ -1,213 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPayments
-// @Title GetPayments
-// @Tag Payment API
-// @Description get payments
-// @Param   owner     query    string  true        "The owner of payments"
-// @Success 200 {array} object.Payment The Response object
-// @router /get-payments [get]
-func (c *ApiController) GetPayments() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		payments, err := object.GetPayments(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetPaymentCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments, paginator.Nums())
-	}
-}
-
-// GetUserPayments
-// @Title GetUserPayments
-// @Tag Payment API
-// @Description get payments for a user
-// @Param   owner     query    string  true        "The owner of payments"
-// @Param   organization    query   string  true   "The organization of the user"
-// @Param   user    query   string  true           "The username of the user"
-// @Success 200 {array} object.Payment The Response object
-// @router /get-user-payments [get]
-func (c *ApiController) GetUserPayments() {
-	owner := c.Input().Get("owner")
-	user := c.Input().Get("user")
-
-	payments, err := object.GetUserPayments(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payments)
-}
-
-// GetPayment
-// @Title GetPayment
-// @Tag Payment API
-// @Description get payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Success 200 {object} object.Payment The Response object
-// @router /get-payment [get]
-func (c *ApiController) GetPayment() {
-	id := c.Input().Get("id")
-
-	payment, err := object.GetPayment(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment)
-}
-
-// UpdatePayment
-// @Title UpdatePayment
-// @Tag Payment API
-// @Description update payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-payment [post]
-func (c *ApiController) UpdatePayment() {
-	id := c.Input().Get("id")
-
-	var payment object.Payment
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePayment(id, &payment))
-	c.ServeJSON()
-}
-
-// AddPayment
-// @Title AddPayment
-// @Tag Payment API
-// @Description add payment
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-payment [post]
-func (c *ApiController) AddPayment() {
-	var payment object.Payment
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPayment(&payment))
-	c.ServeJSON()
-}
-
-// DeletePayment
-// @Title DeletePayment
-// @Tag Payment API
-// @Description delete payment
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-payment [post]
-func (c *ApiController) DeletePayment() {
-	var payment object.Payment
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePayment(&payment))
-	c.ServeJSON()
-}
-
-// NotifyPayment
-// @Title NotifyPayment
-// @Tag Payment API
-// @Description notify payment
-// @Param   body    body   object.Payment  true        "The details of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /notify-payment [post]
-func (c *ApiController) NotifyPayment() {
-	owner := c.Ctx.Input.Param(":owner")
-	paymentName := c.Ctx.Input.Param(":payment")
-	orderId := c.Ctx.Input.Param("order")
-
-	body := c.Ctx.Input.RequestBody
-
-	payment, err := object.NotifyPayment(c.Ctx.Request, body, owner, paymentName, orderId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment)
-}
-
-// InvoicePayment
-// @Title InvoicePayment
-// @Tag Payment API
-// @Description invoice payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Success 200 {object} controllers.Response The Response object
-// @router /invoice-payment [post]
-func (c *ApiController) InvoicePayment() {
-	id := c.Input().Get("id")
-
-	payment, err := object.GetPayment(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	invoiceUrl, err := object.InvoicePayment(payment)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-	c.ResponseOk(invoiceUrl)
-}
--- a/controllers/permission.go
+++ b/controllers/permission.go
@ -1,184 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPermissions
-// @Title GetPermissions
-// @Tag Permission API
-// @Description get permissions
-// @Param   owner     query    string  true        "The owner of permissions"
-// @Success 200 {array} object.Permission The Response object
-// @router /get-permissions [get]
-func (c *ApiController) GetPermissions() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		permissions, err := object.GetPermissions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(permissions)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetPermissionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		permissions, err := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(permissions, paginator.Nums())
-	}
-}
-
-// GetPermissionsBySubmitter
-// @Title GetPermissionsBySubmitter
-// @Tag Permission API
-// @Description get permissions by submitter
-// @Success 200 {array} object.Permission The Response object
-// @router /get-permissions-by-submitter [get]
-func (c *ApiController) GetPermissionsBySubmitter() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	permissions, err := object.GetPermissionsBySubmitter(user.Owner, user.Name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(permissions, len(permissions))
-}
-
-// GetPermissionsByRole
-// @Title GetPermissionsByRole
-// @Tag Permission API
-// @Description get permissions by role
-// @Param   id     query    string  true        "The id ( owner/name ) of the role"
-// @Success 200 {array} object.Permission The Response object
-// @router /get-permissions-by-role [get]
-func (c *ApiController) GetPermissionsByRole() {
-	id := c.Input().Get("id")
-	permissions, err := object.GetPermissionsByRole(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(permissions, len(permissions))
-}
-
-// GetPermission
-// @Title GetPermission
-// @Tag Permission API
-// @Description get permission
-// @Param   id     query    string  true        "The id ( owner/name ) of the permission"
-// @Success 200 {object} object.Permission The Response object
-// @router /get-permission [get]
-func (c *ApiController) GetPermission() {
-	id := c.Input().Get("id")
-
-	permission, err := object.GetPermission(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(permission)
-}
-
-// UpdatePermission
-// @Title UpdatePermission
-// @Tag Permission API
-// @Description update permission
-// @Param   id     query    string  true        "The id ( owner/name ) of the permission"
-// @Param   body    body   object.Permission  true        "The details of the permission"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-permission [post]
-func (c *ApiController) UpdatePermission() {
-	id := c.Input().Get("id")
-
-	var permission object.Permission
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePermission(id, &permission))
-	c.ServeJSON()
-}
-
-// AddPermission
-// @Title AddPermission
-// @Tag Permission API
-// @Description add permission
-// @Param   body    body   object.Permission  true        "The details of the permission"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-permission [post]
-func (c *ApiController) AddPermission() {
-	var permission object.Permission
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPermission(&permission))
-	c.ServeJSON()
-}
-
-// DeletePermission
-// @Title DeletePermission
-// @Tag Permission API
-// @Description delete permission
-// @Param   body    body   object.Permission  true        "The details of the permission"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-permission [post]
-func (c *ApiController) DeletePermission() {
-	var permission object.Permission
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePermission(&permission))
-	c.ServeJSON()
-}
--- a/controllers/permission_upload.go
+++ b/controllers/permission_upload.go
@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadPermissions() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
-	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadPermissions(owner, fileId)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}
--- a/controllers/plan.go
+++ b/controllers/plan.go
@ -1,161 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPlans
-// @Title GetPlans
-// @Tag Plan API
-// @Description get plans
-// @Param   owner     query    string  true        "The owner of plans"
-// @Success 200 {array} object.Plan The Response object
-// @router /get-plans [get]
-func (c *ApiController) GetPlans() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		plans, err := object.GetPlans(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(plans)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetPlanCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		plan, err := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(plan, paginator.Nums())
-	}
-}
-
-// GetPlan
-// @Title GetPlan
-// @Tag Plan API
-// @Description get plan
-// @Param   id     query    string  true        "The id ( owner/name ) of the plan"
-// @Param   includeOption     query    bool  false        "Should include plan's option"
-// @Success 200 {object} object.Plan The Response object
-// @router /get-plan [get]
-func (c *ApiController) GetPlan() {
-	id := c.Input().Get("id")
-	includeOption := c.Input().Get("includeOption") == "true"
-
-	plan, err := object.GetPlan(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if includeOption {
-		options, err := object.GetPermissionsByRole(plan.Role)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		for _, option := range options {
-			plan.Options = append(plan.Options, option.DisplayName)
-		}
-
-		c.ResponseOk(plan)
-	} else {
-		c.ResponseOk(plan)
-	}
-}
-
-// UpdatePlan
-// @Title UpdatePlan
-// @Tag Plan API
-// @Description update plan
-// @Param   id     query    string  true        "The id ( owner/name ) of the plan"
-// @Param   body    body   object.Plan  true        "The details of the plan"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-plan [post]
-func (c *ApiController) UpdatePlan() {
-	id := c.Input().Get("id")
-
-	var plan object.Plan
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
-	c.ServeJSON()
-}
-
-// AddPlan
-// @Title AddPlan
-// @Tag Plan API
-// @Description add plan
-// @Param   body    body   object.Plan  true        "The details of the plan"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-plan [post]
-func (c *ApiController) AddPlan() {
-	var plan object.Plan
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
-	c.ServeJSON()
-}
-
-// DeletePlan
-// @Title DeletePlan
-// @Tag Plan API
-// @Description delete plan
-// @Param   body    body   object.Plan  true        "The details of the plan"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-plan [post]
-func (c *ApiController) DeletePlan() {
-	var plan object.Plan
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
-	c.ServeJSON()
-}
--- a/controllers/pricing.go
+++ b/controllers/pricing.go
@ -1,145 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPricings
-// @Title GetPricings
-// @Tag Pricing API
-// @Description get pricings
-// @Param   owner     query    string  true        "The owner of pricings"
-// @Success 200 {array} object.Pricing The Response object
-// @router /get-pricings [get]
-func (c *ApiController) GetPricings() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		pricings, err := object.GetPricings(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(pricings)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetPricingCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		pricing, err := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(pricing, paginator.Nums())
-	}
-}
-
-// GetPricing
-// @Title GetPricing
-// @Tag Pricing API
-// @Description get pricing
-// @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Success 200 {object} object.Pricing The Response object
-// @router /get-pricing [get]
-func (c *ApiController) GetPricing() {
-	id := c.Input().Get("id")
-
-	pricing, err := object.GetPricing(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(pricing)
-}
-
-// UpdatePricing
-// @Title UpdatePricing
-// @Tag Pricing API
-// @Description update pricing
-// @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Param   body    body   object.Pricing  true        "The details of the pricing"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-pricing [post]
-func (c *ApiController) UpdatePricing() {
-	id := c.Input().Get("id")
-
-	var pricing object.Pricing
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePricing(id, &pricing))
-	c.ServeJSON()
-}
-
-// AddPricing
-// @Title AddPricing
-// @Tag Pricing API
-// @Description add pricing
-// @Param   body    body   object.Pricing  true        "The details of the pricing"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-pricing [post]
-func (c *ApiController) AddPricing() {
-	var pricing object.Pricing
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPricing(&pricing))
-	c.ServeJSON()
-}
-
-// DeletePricing
-// @Title DeletePricing
-// @Tag Pricing API
-// @Description delete pricing
-// @Param   body    body   object.Pricing  true        "The details of the pricing"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-pricing [post]
-func (c *ApiController) DeletePricing() {
-	var pricing object.Pricing
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePricing(&pricing))
-	c.ServeJSON()
-}
--- a/controllers/product.go
+++ b/controllers/product.go
@ -1,191 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetProducts
-// @Title GetProducts
-// @Tag Product API
-// @Description get products
-// @Param   owner     query    string  true        "The owner of products"
-// @Success 200 {array} object.Product The Response object
-// @router /get-products [get]
-func (c *ApiController) GetProducts() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		products, err := object.GetProducts(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(products)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetProductCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		products, err := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(products, paginator.Nums())
-	}
-}
-
-// GetProduct
-// @Title GetProduct
-// @Tag Product API
-// @Description get product
-// @Param   id     query    string  true        "The id ( owner/name ) of the product"
-// @Success 200 {object} object.Product The Response object
-// @router /get-product [get]
-func (c *ApiController) GetProduct() {
-	id := c.Input().Get("id")
-
-	product, err := object.GetProduct(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.ExtendProductWithProviders(product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(product)
-}
-
-// UpdateProduct
-// @Title UpdateProduct
-// @Tag Product API
-// @Description update product
-// @Param   id     query    string  true        "The id ( owner/name ) of the product"
-// @Param   body    body   object.Product  true        "The details of the product"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-product [post]
-func (c *ApiController) UpdateProduct() {
-	id := c.Input().Get("id")
-
-	var product object.Product
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateProduct(id, &product))
-	c.ServeJSON()
-}
-
-// AddProduct
-// @Title AddProduct
-// @Tag Product API
-// @Description add product
-// @Param   body    body   object.Product  true        "The details of the product"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-product [post]
-func (c *ApiController) AddProduct() {
-	var product object.Product
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddProduct(&product))
-	c.ServeJSON()
-}
-
-// DeleteProduct
-// @Title DeleteProduct
-// @Tag Product API
-// @Description delete product
-// @Param   body    body   object.Product  true        "The details of the product"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-product [post]
-func (c *ApiController) DeleteProduct() {
-	var product object.Product
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteProduct(&product))
-	c.ServeJSON()
-}
-
-// BuyProduct
-// @Title BuyProduct
-// @Tag Product API
-// @Description buy product
-// @Param   id     query    string  true        "The id ( owner/name ) of the product"
-// @Param   providerName    query    string  true  "The name of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /buy-product [post]
-func (c *ApiController) BuyProduct() {
-	id := c.Input().Get("id")
-	providerName := c.Input().Get("providerName")
-	host := c.Ctx.Request.Host
-
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
-
-	payUrl, orderId, err := object.BuyProduct(id, providerName, user, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payUrl, orderId)
-}
--- a/controllers/prometheus.go
+++ b/controllers/prometheus.go
@ -1,39 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"github.com/casdoor/casdoor/object"
-)
-
-// GetPrometheusInfo
-// @Title GetPrometheusInfo
-// @Tag Prometheus API
-// @Description get Prometheus Info
-// @Success 200 {object} object.PrometheusInfo The Response object
-// @router /get-prometheus-info [get]
-func (c *ApiController) GetPrometheusInfo() {
-	_, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-	prometheusInfo, err := object.GetPrometheusInfo()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(prometheusInfo)
-}
--- a/controllers/provider.go
+++ b/controllers/provider.go
@ -1,213 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetProviders
-// @Title GetProviders
-// @Tag Provider API
-// @Description get providers
-// @Param   owner     query    string  true        "The owner of providers"
-// @Success 200 {array} object.Provider The Response object
-// @router /get-providers [get]
-func (c *ApiController) GetProviders() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	ok, isMaskEnabled := c.IsMaskedEnabled()
-	if !ok {
-		return
-	}
-
-	if limit == "" || page == "" {
-		providers, err := object.GetProviders(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(providers, isMaskEnabled))
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetProviderCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationProviders, err := object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationProviders, isMaskEnabled)
-		c.ResponseOk(providers, paginator.Nums())
-	}
-}
-
-// GetGlobalProviders
-// @Title GetGlobalProviders
-// @Tag Provider API
-// @Description get Global providers
-// @Success 200 {array} object.Provider The Response object
-// @router /get-global-providers [get]
-func (c *ApiController) GetGlobalProviders() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	ok, isMaskEnabled := c.IsMaskedEnabled()
-	if !ok {
-		return
-	}
-
-	if limit == "" || page == "" {
-		globalProviders, err := object.GetGlobalProviders()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(globalProviders, isMaskEnabled))
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalProviderCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationGlobalProviders, err := object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationGlobalProviders, isMaskEnabled)
-		c.ResponseOk(providers, paginator.Nums())
-	}
-}
-
-// GetProvider
-// @Title GetProvider
-// @Tag Provider API
-// @Description get provider
-// @Param   id     query    string  true        "The id ( owner/name ) of the provider"
-// @Success 200 {object} object.Provider The Response object
-// @router /get-provider [get]
-func (c *ApiController) GetProvider() {
-	id := c.Input().Get("id")
-
-	ok, isMaskEnabled := c.IsMaskedEnabled()
-	if !ok {
-		return
-	}
-	provider, err := object.GetProvider(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedProvider(provider, isMaskEnabled))
-}
-
-// UpdateProvider
-// @Title UpdateProvider
-// @Tag Provider API
-// @Description update provider
-// @Param   id     query    string  true        "The id ( owner/name ) of the provider"
-// @Param   body    body   object.Provider  true        "The details of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-provider [post]
-func (c *ApiController) UpdateProvider() {
-	id := c.Input().Get("id")
-
-	var provider object.Provider
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateProvider(id, &provider))
-	c.ServeJSON()
-}
-
-// AddProvider
-// @Title AddProvider
-// @Tag Provider API
-// @Description add provider
-// @Param   body    body   object.Provider  true        "The details of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-provider [post]
-func (c *ApiController) AddProvider() {
-	var provider object.Provider
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count, err := object.GetProviderCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForProvider(int(count)); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
-	c.ServeJSON()
-}
-
-// DeleteProvider
-// @Title DeleteProvider
-// @Tag Provider API
-// @Description delete provider
-// @Param   body    body   object.Provider  true        "The details of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-provider [post]
-func (c *ApiController) DeleteProvider() {
-	var provider object.Provider
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteProvider(&provider))
-	c.ServeJSON()
-}
--- a/controllers/record.go
+++ b/controllers/record.go
@ -1,121 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetRecords
-// @Title GetRecords
-// @Tag Record API
-// @Description get all records
-// @Param   pageSize     query    string  true        "The size of each page"
-// @Param   p     query    string  true        "The number of the page"
-// @Success 200 {object} object.Record The Response object
-// @router /get-records [get]
-func (c *ApiController) GetRecords() {
-	organization, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organizationName := c.Input().Get("organizationName")
-
-	if limit == "" || page == "" {
-		records, err := object.GetRecords()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(records)
-	} else {
-		limit := util.ParseInt(limit)
-		if c.IsGlobalAdmin() && organizationName != "" {
-			organization = organizationName
-		}
-		filterRecord := &object.Record{Organization: organization}
-		count, err := object.GetRecordCount(field, value, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		records, err := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(records, paginator.Nums())
-	}
-}
-
-// GetRecordsByFilter
-// @Tag Record API
-// @Title GetRecordsByFilter
-// @Description get records by filter
-// @Param   filter  body string     true  "filter Record message"
-// @Success 200 {object} object.Record The Response object
-// @router /get-records-filter [post]
-func (c *ApiController) GetRecordsByFilter() {
-	body := string(c.Ctx.Input.RequestBody)
-
-	record := &object.Record{}
-	err := util.JsonToStruct(body, record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	records, err := object.GetRecordsByField(record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(records)
-}
-
-// AddRecord
-// @Title AddRecord
-// @Tag Record API
-// @Description add a record
-// @Param   body    body   object.Record  true        "The details of the record"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-record [post]
-func (c *ApiController) AddRecord() {
-	var record object.Record
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddRecord(&record))
-	c.ServeJSON()
-}
--- a/controllers/resource.go
+++ b/controllers/resource.go
@ -1,374 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"mime"
-	"path/filepath"
-	"strings"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetResources
-// @Tag Resource API
-// @Title GetResources
-// @Description get resources
-// @Param		owner 		query 		string 				true 				"Owner"
-// @Param		user 		query 		string 				true 				"User"
-// @Param 		pageSize 	query 		integer 			false 				"Page Size"
-// @Param 		p 			query 		integer 				false 				"Page Number"
-// @Param 		field 		query 		string 				false 				"Field"
-// @Param 		value 		query 		string 				false 				"Value"
-// @Param 		sortField 	query 		string 				false 				"Sort Field"
-// @Param 		sortOrder 	query 		string 				false 				"Sort Order"
-// @Success		200 		{array} 	object.Resource 	The Response object
-// @router /get-resources [get]
-func (c *ApiController) GetResources() {
-	owner := c.Input().Get("owner")
-	user := c.Input().Get("user")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if sortField == "Direct" {
-		provider, err := c.GetProviderFromContext("Storage")
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		prefix := sortOrder
-		resources, err := object.GetDirectResources(owner, user, provider, prefix, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(resources)
-	} else if limit == "" || page == "" {
-		resources, err := object.GetResources(owner, user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(resources)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetResourceCount(owner, user, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		resources, err := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(resources, paginator.Nums())
-	}
-}
-
-// GetResource
-// @Tag Resource API
-// @Title GetResource
-// @Description get resource
-// @Param   	id			query   	string     			true        		"The id ( owner/name ) of resource"
-// @Success 	200			{object}	object.Resource		The Response object
-// @router /get-resource [get]
-func (c *ApiController) GetResource() {
-	id := c.Input().Get("id")
-
-	resource, err := object.GetResource(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(resource)
-}
-
-// UpdateResource
-// @Tag Resource API
-// @Title UpdateResource
-// @Description get resource
-// @Param   	id     		query   	string  			true				"The id ( owner/name ) of resource"
-// @Param		resource	body		object.Resource		true				"The resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
-// @router /update-resource [post]
-func (c *ApiController) UpdateResource() {
-	id := c.Input().Get("id")
-
-	var resource object.Resource
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateResource(id, &resource))
-	c.ServeJSON()
-}
-
-// AddResource
-// @Tag Resource API
-// @Title AddResource
-// @Param     	resource    body    	object.Resource  	true      			"Resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
-// @router /add-resource [post]
-func (c *ApiController) AddResource() {
-	var resource object.Resource
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddResource(&resource))
-	c.ServeJSON()
-}
-
-// DeleteResource
-// @Tag Resource API
-// @Title DeleteResource
-// @Param     	resource    body    	object.Resource  	true      			"Resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
-// @router /delete-resource [post]
-func (c *ApiController) DeleteResource() {
-	var resource object.Resource
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if resource.Provider != "" {
-		c.Input().Set("provider", resource.Provider)
-	}
-	c.Input().Set("fullFilePath", resource.Name)
-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	_, resource.Name = refineFullFilePath(resource.Name)
-
-	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteResource(&resource))
-	c.ServeJSON()
-}
-
-// UploadResource
-// @Tag Resource API
-// @Title UploadResource
-// @Param     owner           query   	string    			true      			"Owner"
-// @Param     user            query   	string    			true      			"User"
-// @Param     application     query   	string    			true     			"Application"
-// @Param     tag             query   	string    			false     			"Tag"
-// @Param     parent          query   	string    			false     			"Parent"
-// @Param     fullFilePath    query   	string    			true     			"Full File Path"
-// @Param     createdTime     query   	string    			false     			"Created Time"
-// @Param     description     query   	string    			false     			"Description"
-// @Param     file            formData 	file      			true      			"Resource file"
-// @Success   200             {object}  object.Resource  	FileUrl, objectKey
-// @router /upload-resource [post]
-func (c *ApiController) UploadResource() {
-	owner := c.Input().Get("owner")
-	username := c.Input().Get("user")
-	application := c.Input().Get("application")
-	tag := c.Input().Get("tag")
-	parent := c.Input().Get("parent")
-	fullFilePath := c.Input().Get("fullFilePath")
-	createdTime := c.Input().Get("createdTime")
-	description := c.Input().Get("description")
-
-	file, header, err := c.GetFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	defer file.Close()
-
-	if username == "" || fullFilePath == "" {
-		c.ResponseError(fmt.Sprintf(c.T("resource:Username or fullFilePath is empty: username = %s, fullFilePath = %s"), username, fullFilePath))
-		return
-	}
-
-	filename := filepath.Base(fullFilePath)
-	fileBuffer := bytes.NewBuffer(nil)
-	if _, err = io.Copy(fileBuffer, file); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	_, fullFilePath = refineFullFilePath(fullFilePath)
-
-	fileType := "unknown"
-	contentType := header.Header.Get("Content-Type")
-	fileType, _ = util.GetOwnerAndNameFromIdNoCheck(contentType + "/")
-
-	if fileType != "image" && fileType != "video" {
-		ext := filepath.Ext(filename)
-		mimeType := mime.TypeByExtension(ext)
-		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
-	}
-
-	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
-	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
-		ext := filepath.Ext(filepath.Base(fullFilePath))
-		index := len(fullFilePath) - len(ext)
-		for i := 1; ; i++ {
-			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
-			if count, err := object.GetResourceCount(owner, username, "name", objectKey); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if count == 0 {
-				break
-			}
-
-			// duplicated fullFilePath found, change it
-			fullFilePath = fullFilePath[:index] + fmt.Sprintf("-%d", i) + ext
-		}
-	}
-
-	fileUrl, objectKey, err := object.UploadFileSafe(provider, fullFilePath, fileBuffer, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if createdTime == "" {
-		createdTime = util.GetCurrentTime()
-	}
-	fileFormat := filepath.Ext(fullFilePath)
-	fileSize := int(header.Size)
-	resource := &object.Resource{
-		Owner:       owner,
-		Name:        objectKey,
-		CreatedTime: createdTime,
-		User:        username,
-		Provider:    provider.Name,
-		Application: application,
-		Tag:         tag,
-		Parent:      parent,
-		FileName:    filename,
-		FileType:    fileType,
-		FileFormat:  fileFormat,
-		FileSize:    fileSize,
-		Url:         fileUrl,
-		Description: description,
-	}
-	_, err = object.AddOrUpdateResource(resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	switch tag {
-	case "avatar":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
-			return
-		}
-
-		user.Avatar = fileUrl
-		_, err = object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-	case "termsOfUse":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, username)))
-			return
-		}
-
-		if !user.IsAdminUser() {
-			c.ResponseError(c.T("auth:Unauthorized operation"))
-			return
-		}
-
-		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimSuffix(fullFilePath, ".html"))
-		applicationObj, err := object.GetApplication(applicationId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applicationObj.TermsOfUse = fileUrl
-		_, err = object.UpdateApplication(applicationId, applicationObj)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	case "idCardFront", "idCardBack", "idCardWithPerson":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
-			return
-		}
-
-		user.Properties[tag] = fileUrl
-		user.Properties["isIdCardVerified"] = "false"
-		_, err = object.UpdateUser(user.GetId(), user, []string{"properties"}, false)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.ResponseOk(fileUrl, objectKey)
-}
--- a/controllers/role.go
+++ b/controllers/role.go
@ -1,145 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetRoles
-// @Title GetRoles
-// @Tag Role API
-// @Description get roles
-// @Param   owner     query    string  true        "The owner of roles"
-// @Success 200 {array} object.Role The Response object
-// @router /get-roles [get]
-func (c *ApiController) GetRoles() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		roles, err := object.GetRoles(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(roles)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetRoleCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		roles, err := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(roles, paginator.Nums())
-	}
-}
-
-// GetRole
-// @Title GetRole
-// @Tag Role API
-// @Description get role
-// @Param   id     query    string  true        "The id ( owner/name ) of the role"
-// @Success 200 {object} object.Role The Response object
-// @router /get-role [get]
-func (c *ApiController) GetRole() {
-	id := c.Input().Get("id")
-
-	role, err := object.GetRole(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(role)
-}
-
-// UpdateRole
-// @Title UpdateRole
-// @Tag Role API
-// @Description update role
-// @Param   id     query    string  true        "The id ( owner/name ) of the role"
-// @Param   body    body   object.Role  true        "The details of the role"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-role [post]
-func (c *ApiController) UpdateRole() {
-	id := c.Input().Get("id")
-
-	var role object.Role
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateRole(id, &role))
-	c.ServeJSON()
-}
-
-// AddRole
-// @Title AddRole
-// @Tag Role API
-// @Description add role
-// @Param   body    body   object.Role  true        "The details of the role"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-role [post]
-func (c *ApiController) AddRole() {
-	var role object.Role
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddRole(&role))
-	c.ServeJSON()
-}
-
-// DeleteRole
-// @Title DeleteRole
-// @Tag Role API
-// @Description delete role
-// @Param   body    body   object.Role  true        "The details of the role"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-role [post]
-func (c *ApiController) DeleteRole() {
-	var role object.Role
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteRole(&role))
-	c.ServeJSON()
-}
--- a/controllers/role_upload.go
+++ b/controllers/role_upload.go
@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadRoles() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
-	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadRoles(owner, fileId)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}
--- a/controllers/saml.go
+++ b/controllers/saml.go
@ -1,39 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-func (c *ApiController) GetSamlMeta() {
-	host := c.Ctx.Request.Host
-	paramApp := c.Input().Get("application")
-	application, err := object.GetApplication(paramApp)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
-		return
-	}
-	metadata, _ := object.GetSamlMeta(application, host)
-	c.Data["xml"] = metadata
-	c.ServeXML()
-}
--- a/controllers/service.go
+++ b/controllers/service.go
@ -1,156 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Casdoor will expose its providers as services to SDK
-// We are going to implement those services as APIs here
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-type EmailForm struct {
-	Title     string   `json:"title"`
-	Content   string   `json:"content"`
-	Sender    string   `json:"sender"`
-	Receivers []string `json:"receivers"`
-	Provider  string   `json:"provider"`
-}
-
-type SmsForm struct {
-	Content   string   `json:"content"`
-	Receivers []string `json:"receivers"`
-	OrgId     string   `json:"organizationId"` // e.g. "admin/built-in"
-}
-
-// SendEmail
-// @Title SendEmail
-// @Tag Service API
-// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
-// @Param   clientId    query    string  true        "The clientId of the application"
-// @Param   clientSecret    query    string  true    "The clientSecret of the application"
-// @Param   from    body   controllers.EmailForm    true         "Details of the email request"
-// @Success 200 {object}  Response object
-// @router /api/send-email [post]
-func (c *ApiController) SendEmail() {
-	var emailForm EmailForm
-
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &emailForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var provider *object.Provider
-	if emailForm.Provider != "" {
-		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider, err = object.GetProvider(util.GetId("admin", emailForm.Provider))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-	} else {
-		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
-		provider, err = c.GetProviderFromContext("Email")
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	// when receiver is the reserved keyword: "TestSmtpServer", it means to test the SMTP server instead of sending a real Email
-	if len(emailForm.Receivers) == 1 && emailForm.Receivers[0] == "TestSmtpServer" {
-		err := object.DailSmtpServer(provider)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk()
-	}
-
-	if util.IsStringsEmpty(emailForm.Title, emailForm.Content, emailForm.Sender) {
-		c.ResponseError(fmt.Sprintf(c.T("service:Empty parameters for emailForm: %v"), emailForm))
-		return
-	}
-
-	invalidReceivers := []string{}
-	for _, receiver := range emailForm.Receivers {
-		if !util.IsEmailValid(receiver) {
-			invalidReceivers = append(invalidReceivers, receiver)
-		}
-	}
-
-	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf(c.T("service:Invalid Email receivers: %s"), invalidReceivers))
-		return
-	}
-
-	code := "123456"
-	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content := fmt.Sprintf(emailForm.Content, code)
-	for _, receiver := range emailForm.Receivers {
-		err = object.SendEmail(provider, emailForm.Title, content, receiver, emailForm.Sender)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.ResponseOk()
-}
-
-// SendSms
-// @Title SendSms
-// @Tag Service API
-// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
-// @Param   clientId    query    string  true        "The clientId of the application"
-// @Param   clientSecret    query    string  true    "The clientSecret of the application"
-// @Param   from    body   controllers.SmsForm    true           "Details of the sms request"
-// @Success 200 {object}  Response object
-// @router /api/send-sms [post]
-func (c *ApiController) SendSms() {
-	provider, err := c.GetProviderFromContext("SMS")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var smsForm SmsForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	invalidReceivers := getInvalidSmsReceivers(smsForm)
-	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
-		return
-	}
-
-	err = object.SendSms(provider, smsForm.Content, smsForm.Receivers...)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/session.go
+++ b/controllers/session.go
@ -1,163 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetSessions
-// @Title GetSessions
-// @Tag Session API
-// @Description Get organization user sessions.
-// @Param   owner     query    string  true        "The organization name"
-// @Success 200 {array} string The Response object
-// @router /get-sessions [get]
-func (c *ApiController) GetSessions() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	owner := c.Input().Get("owner")
-
-	if limit == "" || page == "" {
-		sessions, err := object.GetSessions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(sessions)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetSessionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		sessions, err := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(sessions, paginator.Nums())
-	}
-}
-
-// GetSingleSession
-// @Title GetSingleSession
-// @Tag Session API
-// @Description Get session for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Success 200 {array} string The Response object
-// @router /get-session [get]
-func (c *ApiController) GetSingleSession() {
-	id := c.Input().Get("sessionPkId")
-
-	session, err := object.GetSingleSession(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(session)
-}
-
-// UpdateSession
-// @Title UpdateSession
-// @Tag Session API
-// @Description Update session for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Success 200 {array} string The Response object
-// @router /update-session [post]
-func (c *ApiController) UpdateSession() {
-	var session object.Session
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateSession(util.GetSessionId(session.Owner, session.Name, session.Application), &session))
-	c.ServeJSON()
-}
-
-// AddSession
-// @Title AddSession
-// @Tag Session API
-// @Description Add session for one user in one application. If there are other existing sessions, join the session into the list.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Param   sessionId     query    string  true        "sessionId to be added"
-// @Success 200 {array} string The Response object
-// @router /add-session [post]
-func (c *ApiController) AddSession() {
-	var session object.Session
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddSession(&session))
-	c.ServeJSON()
-}
-
-// DeleteSession
-// @Title DeleteSession
-// @Tag Session API
-// @Description Delete session for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Success 200 {array} string The Response object
-// @router /delete-session [post]
-func (c *ApiController) DeleteSession() {
-	var session object.Session
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteSession(util.GetSessionId(session.Owner, session.Name, session.Application)))
-	c.ServeJSON()
-}
-
-// IsSessionDuplicated
-// @Title IsSessionDuplicated
-// @Tag Session API
-// @Description Check if there are other different sessions for one user in one application.
-// @Param   id     query    string  true        "The id(organization/application/user) of session"
-// @Param   sessionId     query    string  true        "sessionId to be checked"
-// @Success 200 {array} string The Response object
-// @router /is-session-duplicated [get]
-func (c *ApiController) IsSessionDuplicated() {
-	id := c.Input().Get("sessionPkId")
-	sessionId := c.Input().Get("sessionId")
-
-	isUserSessionDuplicated, err := object.IsSessionDuplicated(id, sessionId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(isUserSessionDuplicated)
-}
--- a/controllers/subscription.go
+++ b/controllers/subscription.go
@ -1,145 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetSubscriptions
-// @Title GetSubscriptions
-// @Tag Subscription API
-// @Description get subscriptions
-// @Param   owner     query    string  true        "The owner of subscriptions"
-// @Success 200 {array} object.Subscription The Response object
-// @router /get-subscriptions [get]
-func (c *ApiController) GetSubscriptions() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		subscriptions, err := object.GetSubscriptions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(subscriptions)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetSubscriptionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		subscription, err := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(subscription, paginator.Nums())
-	}
-}
-
-// GetSubscription
-// @Title GetSubscription
-// @Tag Subscription API
-// @Description get subscription
-// @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Success 200 {object} object.Subscription The Response object
-// @router /get-subscription [get]
-func (c *ApiController) GetSubscription() {
-	id := c.Input().Get("id")
-
-	subscription, err := object.GetSubscription(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(subscription)
-}
-
-// UpdateSubscription
-// @Title UpdateSubscription
-// @Tag Subscription API
-// @Description update subscription
-// @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Param   body    body   object.Subscription  true        "The details of the subscription"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-subscription [post]
-func (c *ApiController) UpdateSubscription() {
-	id := c.Input().Get("id")
-
-	var subscription object.Subscription
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateSubscription(id, &subscription))
-	c.ServeJSON()
-}
-
-// AddSubscription
-// @Title AddSubscription
-// @Tag Subscription API
-// @Description add subscription
-// @Param   body    body   object.Subscription  true        "The details of the subscription"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-subscription [post]
-func (c *ApiController) AddSubscription() {
-	var subscription object.Subscription
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddSubscription(&subscription))
-	c.ServeJSON()
-}
-
-// DeleteSubscription
-// @Title DeleteSubscription
-// @Tag Subscription API
-// @Description delete subscription
-// @Param   body    body   object.Subscription  true        "The details of the subscription"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-subscription [post]
-func (c *ApiController) DeleteSubscription() {
-	var subscription object.Subscription
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteSubscription(&subscription))
-	c.ServeJSON()
-}
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@ -1,166 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetSyncers
-// @Title GetSyncers
-// @Tag Syncer API
-// @Description get syncers
-// @Param   owner     query    string  true        "The owner of syncers"
-// @Success 200 {array} object.Syncer The Response object
-// @router /get-syncers [get]
-func (c *ApiController) GetSyncers() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
-
-	if limit == "" || page == "" {
-		organizationSyncers, err := object.GetOrganizationSyncers(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(organizationSyncers)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetSyncerCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		syncers, err := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(syncers, paginator.Nums())
-	}
-}
-
-// GetSyncer
-// @Title GetSyncer
-// @Tag Syncer API
-// @Description get syncer
-// @Param   id     query    string  true        "The id ( owner/name ) of the syncer"
-// @Success 200 {object} object.Syncer The Response object
-// @router /get-syncer [get]
-func (c *ApiController) GetSyncer() {
-	id := c.Input().Get("id")
-
-	syncer, err := object.GetSyncer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(syncer)
-}
-
-// UpdateSyncer
-// @Title UpdateSyncer
-// @Tag Syncer API
-// @Description update syncer
-// @Param   id     query    string  true        "The id ( owner/name ) of the syncer"
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-syncer [post]
-func (c *ApiController) UpdateSyncer() {
-	id := c.Input().Get("id")
-
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateSyncer(id, &syncer))
-	c.ServeJSON()
-}
-
-// AddSyncer
-// @Title AddSyncer
-// @Tag Syncer API
-// @Description add syncer
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-syncer [post]
-func (c *ApiController) AddSyncer() {
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddSyncer(&syncer))
-	c.ServeJSON()
-}
-
-// DeleteSyncer
-// @Title DeleteSyncer
-// @Tag Syncer API
-// @Description delete syncer
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-syncer [post]
-func (c *ApiController) DeleteSyncer() {
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteSyncer(&syncer))
-	c.ServeJSON()
-}
-
-// RunSyncer
-// @Title RunSyncer
-// @Tag Syncer API
-// @Description run syncer
-// @Param   body    body   object.Syncer  true        "The details of the syncer"
-// @Success 200 {object} controllers.Response The Response object
-// @router /run-syncer [get]
-func (c *ApiController) RunSyncer() {
-	id := c.Input().Get("id")
-	syncer, err := object.GetSyncer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	object.RunSyncer(syncer)
-
-	c.ResponseOk()
-}
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@ -1,71 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetSystemInfo
-// @Title GetSystemInfo
-// @Tag System API
-// @Description get system info like CPU and memory usage
-// @Success 200 {object} util.SystemInfo The Response object
-// @router /get-system-info [get]
-func (c *ApiController) GetSystemInfo() {
-	_, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
-	systemInfo, err := util.GetSystemInfo()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(systemInfo)
-}
-
-// GetVersionInfo
-// @Title GetVersionInfo
-// @Tag System API
-// @Description get version info like Casdoor release version and commit ID
-// @Success 200 {object} util.VersionInfo The Response object
-// @router /get-version-info [get]
-func (c *ApiController) GetVersionInfo() {
-	versionInfo, err := util.GetVersionInfo()
-
-	if versionInfo.Version == "" {
-		versionInfo, err = util.GetVersionInfoFromFile()
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.ResponseOk(versionInfo)
-}
-
-// Health
-// @Title Health
-// @Tag System API
-// @Description check if the system is live
-// @Success 200 {object} controllers.Response The Response object
-// @router /health [get]
-func (c *ApiController) Health() {
-	c.ResponseOk()
-}
--- a/controllers/token.go
+++ b/controllers/token.go
@ -1,329 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetTokens
-// @Title GetTokens
-// @Tag Token API
-// @Description get tokens
-// @Param   owner     query    string  true        "The owner of tokens"
-// @Param   pageSize     query    string  true        "The size of each page"
-// @Param   p     query    string  true        "The number of the page"
-// @Success 200 {array} object.Token The Response object
-// @router /get-tokens [get]
-func (c *ApiController) GetTokens() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
-	if limit == "" || page == "" {
-		token, err := object.GetTokens(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(token)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetTokenCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		tokens, err := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(tokens, paginator.Nums())
-	}
-}
-
-// GetToken
-// @Title GetToken
-// @Tag Token API
-// @Description get token
-// @Param   id     query    string  true        "The id ( owner/name ) of token"
-// @Success 200 {object} object.Token The Response object
-// @router /get-token [get]
-func (c *ApiController) GetToken() {
-	id := c.Input().Get("id")
-	token, err := object.GetToken(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(token)
-}
-
-// UpdateToken
-// @Title UpdateToken
-// @Tag Token API
-// @Description update token
-// @Param   id     query    string  true        "The id ( owner/name ) of token"
-// @Param   body    body   object.Token  true        "Details of the token"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-token [post]
-func (c *ApiController) UpdateToken() {
-	id := c.Input().Get("id")
-
-	var token object.Token
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateToken(id, &token))
-	c.ServeJSON()
-}
-
-// AddToken
-// @Title AddToken
-// @Tag Token API
-// @Description add token
-// @Param   body    body   object.Token  true        "Details of the token"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-token [post]
-func (c *ApiController) AddToken() {
-	var token object.Token
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddToken(&token))
-	c.ServeJSON()
-}
-
-// DeleteToken
-// @Tag Token API
-// @Title DeleteToken
-// @Description delete token
-// @Param   body    body   object.Token  true        "Details of the token"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-token [post]
-func (c *ApiController) DeleteToken() {
-	var token object.Token
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteToken(&token))
-	c.ServeJSON()
-}
-
-// GetOAuthToken
-// @Title GetOAuthToken
-// @Tag Token API
-// @Description get OAuth access token
-// @Param   grant_type     query    string  true        "OAuth grant type"
-// @Param   client_id     query    string  true        "OAuth client id"
-// @Param   client_secret     query    string  true        "OAuth client secret"
-// @Param   code     query    string  true        "OAuth code"
-// @Success 200 {object} object.TokenWrapper The Response object
-// @Success 400 {object} object.TokenError The Response object
-// @Success 401 {object} object.TokenError The Response object
-// @router /login/oauth/access_token [post]
-func (c *ApiController) GetOAuthToken() {
-	grantType := c.Input().Get("grant_type")
-	refreshToken := c.Input().Get("refresh_token")
-	clientId := c.Input().Get("client_id")
-	clientSecret := c.Input().Get("client_secret")
-	code := c.Input().Get("code")
-	verifier := c.Input().Get("code_verifier")
-	scope := c.Input().Get("scope")
-	username := c.Input().Get("username")
-	password := c.Input().Get("password")
-	tag := c.Input().Get("tag")
-	avatar := c.Input().Get("avatar")
-
-	if clientId == "" && clientSecret == "" {
-		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
-	}
-	if clientId == "" {
-		// If clientID is empty, try to read data from RequestBody
-		var tokenRequest TokenRequest
-		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
-			clientId = tokenRequest.ClientId
-			clientSecret = tokenRequest.ClientSecret
-			grantType = tokenRequest.GrantType
-			refreshToken = tokenRequest.RefreshToken
-			code = tokenRequest.Code
-			verifier = tokenRequest.Verifier
-			scope = tokenRequest.Scope
-			username = tokenRequest.Username
-			password = tokenRequest.Password
-			tag = tokenRequest.Tag
-			avatar = tokenRequest.Avatar
-		}
-	}
-	host := c.Ctx.Request.Host
-	oAuthtoken, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = oAuthtoken
-	c.SetTokenErrorHttpStatus()
-	c.ServeJSON()
-}
-
-// RefreshToken
-// @Title RefreshToken
-// @Tag Token API
-// @Description refresh OAuth access token
-// @Param   grant_type     query    string  true        "OAuth grant type"
-// @Param	refresh_token	query	string	true		"OAuth refresh token"
-// @Param   scope     query    string  true        "OAuth scope"
-// @Param   client_id     query    string  true        "OAuth client id"
-// @Param   client_secret     query    string  false        "OAuth client secret"
-// @Success 200 {object} object.TokenWrapper The Response object
-// @Success 400 {object} object.TokenError The Response object
-// @Success 401 {object} object.TokenError The Response object
-// @router /login/oauth/refresh_token [post]
-func (c *ApiController) RefreshToken() {
-	grantType := c.Input().Get("grant_type")
-	refreshToken := c.Input().Get("refresh_token")
-	scope := c.Input().Get("scope")
-	clientId := c.Input().Get("client_id")
-	clientSecret := c.Input().Get("client_secret")
-	host := c.Ctx.Request.Host
-
-	if clientId == "" {
-		// If clientID is empty, try to read data from RequestBody
-		var tokenRequest TokenRequest
-		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
-			clientId = tokenRequest.ClientId
-			clientSecret = tokenRequest.ClientSecret
-			grantType = tokenRequest.GrantType
-			scope = tokenRequest.Scope
-			refreshToken = tokenRequest.RefreshToken
-		}
-	}
-
-	refreshToken2, err := object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = refreshToken2
-	c.SetTokenErrorHttpStatus()
-	c.ServeJSON()
-}
-
-// IntrospectToken
-// @Title IntrospectToken
-// @Description The introspection endpoint is an OAuth 2.0 endpoint that takes a
-// parameter representing an OAuth 2.0 token and returns a JSON document
-// representing the meta information surrounding the
-// token, including whether this token is currently active.
-// This endpoint only support Basic Authorization.
-//
-// @Param token formData string true "access_token's value or refresh_token's value"
-// @Param token_type_hint formData string true "the token type access_token or refresh_token"
-// @Success 200 {object} object.IntrospectionResponse The Response object
-// @Success 400 {object} object.TokenError The Response object
-// @Success 401 {object} object.TokenError The Response object
-// @router /login/oauth/introspect [post]
-func (c *ApiController) IntrospectToken() {
-	tokenValue := c.Input().Get("token")
-	clientId, clientSecret, ok := c.Ctx.Request.BasicAuth()
-	if !ok {
-		clientId = c.Input().Get("client_id")
-		clientSecret = c.Input().Get("client_secret")
-		if clientId == "" || clientSecret == "" {
-			c.ResponseError(c.T("token:Empty clientId or clientSecret"))
-			c.Data["json"] = &object.TokenError{
-				Error: object.InvalidRequest,
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			return
-		}
-	}
-	application, err := object.GetApplicationByClientId(clientId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if application == nil || application.ClientSecret != clientSecret {
-		c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
-		c.Data["json"] = &object.TokenError{
-			Error: object.InvalidClient,
-		}
-		c.SetTokenErrorHttpStatus()
-		return
-	}
-	token, err := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if token == nil {
-		c.Data["json"] = &object.IntrospectionResponse{Active: false}
-		c.ServeJSON()
-		return
-	}
-	jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
-	if err != nil || jwtToken.Valid() != nil {
-		// and token revoked case. but we not implement
-		// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
-		// refs: https://tools.ietf.org/html/rfc7009
-		c.Data["json"] = &object.IntrospectionResponse{Active: false}
-		c.ServeJSON()
-		return
-	}
-
-	c.Data["json"] = &object.IntrospectionResponse{
-		Active:    true,
-		Scope:     jwtToken.Scope,
-		ClientId:  clientId,
-		Username:  token.User,
-		TokenType: token.TokenType,
-		Exp:       jwtToken.ExpiresAt.Unix(),
-		Iat:       jwtToken.IssuedAt.Unix(),
-		Nbf:       jwtToken.NotBefore.Unix(),
-		Sub:       jwtToken.Subject,
-		Aud:       jwtToken.Audience,
-		Iss:       jwtToken.Issuer,
-		Jti:       jwtToken.ID,
-	}
-	c.ServeJSON()
-}
--- a/controllers/types.go
+++ b/controllers/types.go
@ -1,29 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-type TokenRequest struct {
-	GrantType    string `json:"grant_type"`
-	Code         string `json:"code"`
-	ClientId     string `json:"client_id"`
-	ClientSecret string `json:"client_secret"`
-	Verifier     string `json:"code_verifier"`
-	Scope        string `json:"scope"`
-	Username     string `json:"username"`
-	Password     string `json:"password"`
-	Tag          string `json:"tag"`
-	Avatar       string `json:"avatar"`
-	RefreshToken string `json:"refresh_token"`
-}
--- a/controllers/user.go
+++ b/controllers/user.go
@ -1,588 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGlobalUsers
-// @Title GetGlobalUsers
-// @Tag User API
-// @Description get global users
-// @Success 200 {array} object.User The Response object
-// @router /get-global-users [get]
-func (c *ApiController) GetGlobalUsers() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		maskedUsers, err := object.GetMaskedUsers(object.GetGlobalUsers())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedUsers)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalUserCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(users, paginator.Nums())
-	}
-}
-
-// GetUsers
-// @Title GetUsers
-// @Tag User API
-// @Description
-// @Param   owner     query    string  true        "The owner of users"
-// @Success 200 {array} object.User The Response object
-// @router /get-users [get]
-func (c *ApiController) GetUsers() {
-	owner := c.Input().Get("owner")
-	groupName := c.Input().Get("groupName")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		if groupName != "" {
-			maskedUsers, err := object.GetMaskedUsers(object.GetGroupUsers(util.GetId(owner, groupName)))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedUsers)
-			return
-		}
-
-		maskedUsers, err := object.GetMaskedUsers(object.GetUsers(owner))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedUsers)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetUserCount(owner, field, value, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(users, paginator.Nums())
-	}
-}
-
-// GetUser
-// @Title GetUser
-// @Tag User API
-// @Description get user
-// @Param   id     query    string  false        "The id ( owner/name ) of the user"
-// @Param   owner  query    string  false        "The owner of the user"
-// @Param   email  query    string  false 	     "The email of the user"
-// @Param   phone  query    string  false 	     "The phone of the user"
-// @Param   userId query    string  false 	     "The userId of the user"
-// @Success 200 {object} object.User The Response object
-// @router /get-user [get]
-func (c *ApiController) GetUser() {
-	id := c.Input().Get("id")
-	email := c.Input().Get("email")
-	phone := c.Input().Get("phone")
-	userId := c.Input().Get("userId")
-	owner := c.Input().Get("owner")
-	var err error
-	var userFromUserId *object.User
-	if userId != "" && owner != "" {
-		userFromUserId, err = object.GetUserByUserId(owner, userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
-	}
-
-	if owner == "" {
-		owner = util.GetOwnerFromId(id)
-	}
-
-	organization, err := object.GetOrganization(util.GetId("admin", owner))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !organization.IsProfilePublic {
-		requestUserId := c.GetSessionUsername()
-		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
-		if !hasPermission {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	var user *object.User
-	switch {
-	case email != "":
-		user, err = object.GetUserByEmail(owner, email)
-	case phone != "":
-		user, err = object.GetUserByPhone(owner, phone)
-	case userId != "":
-		user = userFromUserId
-	default:
-		user, err = object.GetUser(id)
-	}
-
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user != nil {
-		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-	}
-
-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdminOrSelf := c.IsAdminOrSelf(user)
-	maskedUser, err := object.GetMaskedUser(user, isAdminOrSelf)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(maskedUser)
-}
-
-// UpdateUser
-// @Title UpdateUser
-// @Tag User API
-// @Description update user
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
-// @Param   body    body   object.User  true        "The details of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-user [post]
-func (c *ApiController) UpdateUser() {
-	id := c.Input().Get("id")
-	columnsStr := c.Input().Get("columns")
-
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if id == "" {
-		id = c.GetSessionUsername()
-		if id == "" {
-			c.ResponseError(c.T("general:Missing parameter"))
-			return
-		}
-	}
-	oldUser, err := object.GetUser(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if oldUser == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
-		return
-	}
-
-	if oldUser.Owner == "built-in" && oldUser.Name == "admin" && (user.Owner != "built-in" || user.Name != "admin") {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	isAdmin := c.IsAdmin()
-	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, c.GetAcceptLanguage()); !pass {
-		c.ResponseError(err)
-		return
-	}
-
-	columns := []string{}
-	if columnsStr != "" {
-		columns = strings.Split(columnsStr, ",")
-	}
-
-	affected, err := object.UpdateUser(id, &user, columns, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if affected {
-		err = object.UpdateUserToOriginalDatabase(&user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-// AddUser
-// @Title AddUser
-// @Tag User API
-// @Description add user
-// @Param   body    body   object.User  true        "The details of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-user [post]
-func (c *ApiController) AddUser() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	count, err := object.GetUserCount("", "", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForUser(int(count)); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	msg := object.CheckUsername(user.Name, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
-	c.ServeJSON()
-}
-
-// DeleteUser
-// @Title DeleteUser
-// @Tag User API
-// @Description delete user
-// @Param   body    body   object.User  true        "The details of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-user [post]
-func (c *ApiController) DeleteUser() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user.Owner == "built-in" && user.Name == "admin" {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteUser(&user))
-	c.ServeJSON()
-}
-
-// GetEmailAndPhone
-// @Title GetEmailAndPhone
-// @Tag User API
-// @Description get email and phone by username
-// @Param   username    formData   string  true        "The username of the user"
-// @Param   organization    formData   string  true        "The organization of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /get-email-and-phone [get]
-func (c *ApiController) GetEmailAndPhone() {
-	organization := c.Ctx.Request.Form.Get("organization")
-	username := c.Ctx.Request.Form.Get("username")
-
-	user, err := object.GetUserByFields(organization, username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(organization, username)))
-		return
-	}
-
-	respUser := object.User{Name: user.Name}
-	var contentType string
-	switch username {
-	case user.Email:
-		contentType = "email"
-		respUser.Email = user.Email
-	case user.Phone:
-		contentType = "phone"
-		respUser.Phone = user.Phone
-	case user.Name:
-		contentType = "username"
-		respUser.Email = util.GetMaskedEmail(user.Email)
-		respUser.Phone = util.GetMaskedPhone(user.Phone)
-	}
-
-	c.ResponseOk(respUser, contentType)
-}
-
-// SetPassword
-// @Title SetPassword
-// @Tag Account API
-// @Description set password
-// @Param   userOwner   formData    string  true        "The owner of the user"
-// @Param   userName   formData    string  true        "The name of the user"
-// @Param   oldPassword   formData    string  true        "The old password of the user"
-// @Param   newPassword   formData    string  true        "The new password of the user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /set-password [post]
-func (c *ApiController) SetPassword() {
-	userOwner := c.Ctx.Request.Form.Get("userOwner")
-	userName := c.Ctx.Request.Form.Get("userName")
-	oldPassword := c.Ctx.Request.Form.Get("oldPassword")
-	newPassword := c.Ctx.Request.Form.Get("newPassword")
-	code := c.Ctx.Request.Form.Get("code")
-
-	//if userOwner == "built-in" && userName == "admin" {
-	//	c.ResponseError(c.T("auth:Unauthorized operation"))
-	//	return
-	//}
-
-	if strings.Contains(newPassword, " ") {
-		c.ResponseError(c.T("user:New password cannot contain blank space."))
-		return
-	}
-
-	userId := util.GetId(userOwner, userName)
-
-	requestUserId := c.GetSessionUsername()
-	if requestUserId == "" && code == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
-		return
-	} else if code == "" {
-		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
-		if !hasPermission {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		if code != c.GetSession("verifiedCode") {
-			c.ResponseError(c.T("general:Missing parameter"))
-			return
-		}
-		c.SetSession("verifiedCode", "")
-	}
-
-	targetUser, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if oldPassword != "" {
-		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-		if msg != "" {
-			c.ResponseError(msg)
-			return
-		}
-	}
-
-	msg := object.CheckPasswordComplexity(targetUser, newPassword)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	targetUser.Password = newPassword
-	_, err = object.SetUserField(targetUser, "password", targetUser.Password)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
-
-// CheckUserPassword
-// @Title CheckUserPassword
-// @router /check-user-password [post]
-// @Tag User API
-func (c *ApiController) CheckUserPassword() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
-	if msg == "" {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(msg)
-	}
-}
-
-// GetSortedUsers
-// @Title GetSortedUsers
-// @Tag User API
-// @Description
-// @Param   owner     query    string  true        "The owner of users"
-// @Param   sorter     query    string  true        "The DB column name to sort by, e.g., created_time"
-// @Param   limit     query    string  true        "The count of users to return, e.g., 25"
-// @Success 200 {array} object.User The Response object
-// @router /get-sorted-users [get]
-func (c *ApiController) GetSortedUsers() {
-	owner := c.Input().Get("owner")
-	sorter := c.Input().Get("sorter")
-	limit := util.ParseInt(c.Input().Get("limit"))
-
-	maskedUsers, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(maskedUsers)
-}
-
-// GetUserCount
-// @Title GetUserCount
-// @Tag User API
-// @Description
-// @Param   owner     query    string  true        "The owner of users"
-// @Param   isOnline     query    string  true        "The filter for query, 1 for online, 0 for offline, empty string for all users"
-// @Success 200 {int} int The count of filtered users for an organization
-// @router /get-user-count [get]
-func (c *ApiController) GetUserCount() {
-	owner := c.Input().Get("owner")
-	isOnline := c.Input().Get("isOnline")
-
-	var count int64
-	var err error
-	if isOnline == "" {
-		count, err = object.GetUserCount(owner, "", "", "")
-	} else {
-		count, err = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(count)
-}
-
-// AddUserkeys
-// @Title AddUserkeys
-// @router /add-user-keys [post]
-// @Tag User API
-func (c *ApiController) AddUserkeys() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdmin := c.IsAdmin()
-	affected, err := object.AddUserkeys(&user, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
-}
-
-func (c *ApiController) RemoveUserFromGroup() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	groupName := c.Ctx.Request.Form.Get("groupName")
-
-	organization, err := object.GetOrganization(util.GetId("admin", owner))
-	if err != nil {
-		return
-	}
-	item := object.GetAccountItemByName("Groups", organization)
-	res, msg := object.CheckAccountItemModifyRule(item, c.IsAdmin(), c.GetAcceptLanguage())
-	if !res {
-		c.ResponseError(msg)
-		return
-	}
-
-	affected, err := object.DeleteGroupForUser(util.GetId(owner, name), groupName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
-}
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@ -1,72 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"io"
-	"mime/multipart"
-	"os"
-	"path/filepath"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func saveFile(path string, file *multipart.File) (err error) {
-	f, err := os.Create(filepath.Clean(path))
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	_, err = io.Copy(f, *file)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *ApiController) UploadUsers() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
-	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadUsers(owner, fileId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}
--- a/controllers/util.go
+++ b/controllers/util.go
@ -1,264 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/i18n"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// ResponseJsonData ...
-func (c *ApiController) ResponseJsonData(resp *Response, data ...interface{}) {
-	switch len(data) {
-	case 2:
-		resp.Data2 = data[1]
-		fallthrough
-	case 1:
-		resp.Data = data[0]
-	}
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
-
-// ResponseOk ...
-func (c *ApiController) ResponseOk(data ...interface{}) {
-	resp := &Response{Status: "ok"}
-	c.ResponseJsonData(resp, data...)
-}
-
-// ResponseError ...
-func (c *ApiController) ResponseError(error string, data ...interface{}) {
-	resp := &Response{Status: "error", Msg: error}
-	c.ResponseJsonData(resp, data...)
-}
-
-func (c *ApiController) T(error string) string {
-	return i18n.Translate(c.GetAcceptLanguage(), error)
-}
-
-// GetAcceptLanguage ...
-func (c *ApiController) GetAcceptLanguage() string {
-	language := c.Ctx.Request.Header.Get("Accept-Language")
-	if len(language) > 2 {
-		language = language[0:2]
-	}
-	return conf.GetLanguage(language)
-}
-
-// SetTokenErrorHttpStatus ...
-func (c *ApiController) SetTokenErrorHttpStatus() {
-	_, ok := c.Data["json"].(*object.TokenError)
-	if ok {
-		if c.Data["json"].(*object.TokenError).Error == object.InvalidClient {
-			c.Ctx.Output.SetStatus(401)
-			c.Ctx.Output.Header("WWW-Authenticate", "Basic realm=\"OAuth2\"")
-		} else {
-			c.Ctx.Output.SetStatus(400)
-		}
-	}
-	_, ok = c.Data["json"].(*object.TokenWrapper)
-	if ok {
-		c.Ctx.Output.SetStatus(200)
-	}
-}
-
-// RequireSignedIn ...
-func (c *ApiController) RequireSignedIn() (string, bool) {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
-		return "", false
-	}
-	return userId, true
-}
-
-// RequireSignedInUser ...
-func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return nil, false
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return nil, false
-	}
-
-	if user == nil {
-		c.ClearUserSession()
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return nil, false
-	}
-	return user, true
-}
-
-// RequireAdmin ...
-func (c *ApiController) RequireAdmin() (string, bool) {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return "", false
-	}
-
-	if user.Owner == "built-in" {
-		return "", true
-	}
-	return user.Owner, true
-}
-
-// IsMaskedEnabled ...
-func (c *ApiController) IsMaskedEnabled() (bool, bool) {
-	isMaskEnabled := true
-	withSecret := c.Input().Get("withSecret")
-	if withSecret == "1" {
-		isMaskEnabled = false
-
-		if conf.IsDemoMode() {
-			c.ResponseError(c.T("general:this operation is not allowed in demo mode"))
-			return false, isMaskEnabled
-		}
-
-		_, ok := c.RequireAdmin()
-		if !ok {
-			return false, isMaskEnabled
-		}
-	}
-
-	return true, isMaskEnabled
-}
-
-func refineFullFilePath(fullFilePath string) (string, string) {
-	tokens := strings.Split(fullFilePath, "/")
-	if len(tokens) >= 2 && tokens[0] == "Direct" && tokens[1] != "" {
-		providerName := tokens[1]
-		res := strings.Join(tokens[2:], "/")
-		return providerName, "/" + res
-	} else {
-		return "", fullFilePath
-	}
-}
-
-func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, error) {
-	providerName := c.Input().Get("provider")
-	if providerName == "" {
-		field := c.Input().Get("field")
-		value := c.Input().Get("value")
-		if field == "provider" && value != "" {
-			providerName = value
-		} else {
-			fullFilePath := c.Input().Get("fullFilePath")
-			providerName, _ = refineFullFilePath(fullFilePath)
-		}
-	}
-
-	if providerName != "" {
-		provider, err := object.GetProvider(util.GetId("admin", providerName))
-		if err != nil {
-			return nil, err
-		}
-
-		if provider == nil {
-			err = fmt.Errorf(c.T("util:The provider: %s is not found"), providerName)
-			return nil, err
-		}
-
-		return provider, nil
-	}
-
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return nil, fmt.Errorf(c.T("general:Please login first"))
-	}
-
-	application, err := object.GetApplicationByUserId(userId)
-	if err != nil {
-		return nil, err
-	}
-
-	if application == nil {
-		return nil, fmt.Errorf(c.T("util:No application is found for userId: %s"), userId)
-	}
-
-	provider, err := application.GetProviderByCategory(category)
-	if err != nil {
-		return nil, err
-	}
-
-	if provider == nil {
-		return nil, fmt.Errorf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name)
-	}
-
-	return provider, nil
-}
-
-func checkQuotaForApplication(count int) error {
-	quota := conf.GetConfigQuota().Application
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("application quota is exceeded")
-	}
-	return nil
-}
-
-func checkQuotaForOrganization(count int) error {
-	quota := conf.GetConfigQuota().Organization
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("organization quota is exceeded")
-	}
-	return nil
-}
-
-func checkQuotaForProvider(count int) error {
-	quota := conf.GetConfigQuota().Provider
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("provider quota is exceeded")
-	}
-	return nil
-}
-
-func checkQuotaForUser(count int) error {
-	quota := conf.GetConfigQuota().User
-	if quota == -1 {
-		return nil
-	}
-	if count >= quota {
-		return fmt.Errorf("user quota is exceeded")
-	}
-	return nil
-}
-
-func getInvalidSmsReceivers(smsForm SmsForm) []string {
-	var invalidReceivers []string
-	for _, receiver := range smsForm.Receivers {
-		// The receiver phone format: E164 like +8613854673829 +441932567890
-		if !util.IsPhoneValid(receiver, "") {
-			invalidReceivers = append(invalidReceivers, receiver)
-		}
-	}
-	return invalidReceivers
-}
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -1,392 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/casdoor/casdoor/captcha"
-	"github.com/casdoor/casdoor/form"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-const (
-	SignupVerification   = "signup"
-	ResetVerification    = "reset"
-	LoginVerification    = "login"
-	ForgetVerification   = "forget"
-	MfaSetupVerification = "mfaSetup"
-	MfaAuthVerification  = "mfaAuth"
-)
-
-// SendVerificationCode ...
-// @Title SendVerificationCode
-// @Tag Verification API
-// @router /send-verification-code [post]
-func (c *ApiController) SendVerificationCode() {
-	var vform form.VerificationForm
-	err := c.ParseForm(&vform)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)
-
-	if msg := vform.CheckParameter(form.SendVerifyCode, c.GetAcceptLanguage()); msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	if vform.CaptchaType != "none" {
-		if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
-			c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
-			return
-		} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret); err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else if !isHuman {
-			c.ResponseError(c.T("verification:Turing test failed."))
-			return
-		}
-	}
-
-	application, err := object.GetApplication(vform.ApplicationId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	organization, err := object.GetOrganization(util.GetId(application.Owner, application.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-	}
-
-	if organization == nil {
-		c.ResponseError(c.T("check:Organization does not exist"))
-		return
-	}
-
-	var user *object.User
-	// checkUser != "", means method is ForgetVerification
-	if vform.CheckUser != "" {
-		owner := application.Organization
-		user, err = object.GetUser(util.GetId(owner, vform.CheckUser))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	// mfaUserSession != "", means method is MfaAuthVerification
-	if mfaUserSession := c.getMfaUserSession(); mfaUserSession != "" {
-		user, err = object.GetUser(mfaUserSession)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	sendResp := errors.New("invalid dest type")
-
-	switch vform.Type {
-	case object.VerifyTypeEmail:
-		if !util.IsEmailValid(vform.Dest) {
-			c.ResponseError(c.T("check:Email is invalid"))
-			return
-		}
-
-		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
-			if user != nil && util.GetMaskedEmail(user.Email) == vform.Dest {
-				vform.Dest = user.Email
-			}
-
-			user, err = object.GetUserByEmail(organization.Name, vform.Dest)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			if user == nil {
-				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-				return
-			}
-		} else if vform.Method == ResetVerification {
-			user = c.getCurrentUser()
-		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
-			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
-				vform.Dest = mfaProps.Secret
-			}
-		} else if vform.Method == MfaSetupVerification {
-			c.SetSession(object.MfaDestSession, vform.Dest)
-		}
-
-		provider, err := application.GetEmailProvider()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, vform.Dest)
-	case object.VerifyTypePhone:
-		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
-			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
-				vform.Dest = user.Phone
-			}
-
-			if user, err = object.GetUserByPhone(organization.Name, vform.Dest); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if user == nil {
-				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-				return
-			}
-
-			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-		} else if vform.Method == ResetVerification || vform.Method == MfaSetupVerification {
-			if vform.CountryCode == "" {
-				if user = c.getCurrentUser(); user != nil {
-					vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-				}
-			}
-
-			if vform.Method == MfaSetupVerification {
-				c.SetSession(object.MfaCountryCodeSession, vform.CountryCode)
-				c.SetSession(object.MfaDestSession, vform.Dest)
-			}
-		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
-			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
-				vform.Dest = mfaProps.Secret
-			}
-
-			vform.CountryCode = mfaProps.CountryCode
-		}
-
-		provider, err := application.GetSmsProvider()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if phone, ok := util.GetE164Number(vform.Dest, vform.CountryCode); !ok {
-			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
-			return
-		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, phone)
-		}
-	}
-
-	if sendResp != nil {
-		c.ResponseError(sendResp.Error())
-	} else {
-		c.ResponseOk()
-	}
-}
-
-// VerifyCaptcha ...
-// @Title VerifyCaptcha
-// @Tag Verification API
-// @router /verify-captcha [post]
-func (c *ApiController) VerifyCaptcha() {
-	var vform form.VerificationForm
-	err := c.ParseForm(&vform)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if msg := vform.CheckParameter(form.VerifyCaptcha, c.GetAcceptLanguage()); msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	provider := captcha.GetCaptchaProvider(vform.CaptchaType)
-	if provider == nil {
-		c.ResponseError(c.T("verification:Invalid captcha provider."))
-		return
-	}
-
-	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(isValid)
-}
-
-// ResetEmailOrPhone ...
-// @Tag Account API
-// @Title ResetEmailOrPhone
-// @router /api/reset-email-or-phone [post]
-func (c *ApiController) ResetEmailOrPhone() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	destType := c.Ctx.Request.Form.Get("type")
-	dest := c.Ctx.Request.Form.Get("dest")
-	code := c.Ctx.Request.Form.Get("code")
-
-	if util.IsStringsEmpty(destType, dest, code) {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	checkDest := dest
-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
-	if destType == object.VerifyTypePhone {
-		if object.HasUserByField(user.Owner, "phone", dest) {
-			c.ResponseError(c.T("check:Phone already exists"))
-			return
-		}
-
-		phoneItem := object.GetAccountItemByName("Phone", organization)
-		if phoneItem == nil {
-			c.ResponseError(c.T("verification:Unable to get the phone modify rule."))
-			return
-		}
-
-		if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user.IsAdminUser(), c.GetAcceptLanguage()); !pass {
-			c.ResponseError(errMsg)
-			return
-		}
-		if checkDest, ok = util.GetE164Number(dest, user.GetCountryCode("")); !ok {
-			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), user.CountryCode))
-			return
-		}
-	} else if destType == object.VerifyTypeEmail {
-		if object.HasUserByField(user.Owner, "email", dest) {
-			c.ResponseError(c.T("check:Email already exists"))
-			return
-		}
-
-		emailItem := object.GetAccountItemByName("Email", organization)
-		if emailItem == nil {
-			c.ResponseError(c.T("verification:Unable to get the email modify rule."))
-			return
-		}
-
-		if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user.IsAdminUser(), c.GetAcceptLanguage()); !pass {
-			c.ResponseError(errMsg)
-			return
-		}
-	}
-
-	if result := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
-		c.ResponseError(result.Msg)
-		return
-	}
-
-	switch destType {
-	case object.VerifyTypeEmail:
-		user.Email = dest
-		_, err = object.SetUserField(user, "email", user.Email)
-	case object.VerifyTypePhone:
-		user.Phone = dest
-		_, err = object.SetUserField(user, "phone", user.Phone)
-	default:
-		c.ResponseError(c.T("verification:Unknown type"))
-		return
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.DisableVerificationCode(checkDest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
-
-// VerifyCode
-// @Tag Verification API
-// @Title VerifyCode
-// @router /api/verify-code [post]
-func (c *ApiController) VerifyCode() {
-	var authForm form.AuthForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var user *object.User
-	if authForm.Name != "" {
-		user, err = object.GetUserByFields(authForm.Organization, authForm.Name)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	var checkDest string
-	if strings.Contains(authForm.Username, "@") {
-		if user != nil && util.GetMaskedEmail(user.Email) == authForm.Username {
-			authForm.Username = user.Email
-		}
-		checkDest = authForm.Username
-	} else {
-		if user != nil && util.GetMaskedPhone(user.Phone) == authForm.Username {
-			authForm.Username = user.Phone
-		}
-	}
-
-	if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
-		return
-	}
-
-	verificationCodeType := object.GetVerifyType(authForm.Username)
-	if verificationCodeType == object.VerifyTypePhone {
-		authForm.CountryCode = user.GetCountryCode(authForm.CountryCode)
-		var ok bool
-		if checkDest, ok = util.GetE164Number(authForm.Username, authForm.CountryCode); !ok {
-			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), authForm.CountryCode))
-			return
-		}
-	}
-
-	if result := object.CheckVerificationCode(checkDest, authForm.Code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
-		c.ResponseError(result.Msg)
-		return
-	}
-	err = object.DisableVerificationCode(checkDest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSession("verifiedCode", authForm.Code)
-
-	c.ResponseOk()
-}
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@ -1,196 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-
-	"github.com/casdoor/casdoor/form"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-	"github.com/go-webauthn/webauthn/protocol"
-	"github.com/go-webauthn/webauthn/webauthn"
-)
-
-// WebAuthnSignupBegin
-// @Title WebAuthnSignupBegin
-// @Tag User API
-// @Description WebAuthn Registration Flow 1st stage
-// @Success 200 {object} protocol.CredentialCreation The CredentialCreationOptions object
-// @router /webauthn/signup/begin [get]
-func (c *ApiController) WebAuthnSignupBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	user := c.getCurrentUser()
-	if user == nil {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	registerOptions := func(credCreationOpts *protocol.PublicKeyCredentialCreationOptions) {
-		credCreationOpts.CredentialExcludeList = user.CredentialExcludeList()
-	}
-	options, sessionData, err := webauthnObj.BeginRegistration(
-		user,
-		registerOptions,
-	)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSession("registration", *sessionData)
-	c.Data["json"] = options
-	c.ServeJSON()
-}
-
-// WebAuthnSignupFinish
-// @Title WebAuthnSignupFinish
-// @Tag User API
-// @Description WebAuthn Registration Flow 2nd stage
-// @Param   body    body   protocol.CredentialCreationResponse  true        "authenticator attestation Response"
-// @Success 200 {object} controllers.Response "The Response object"
-// @router /webauthn/signup/finish [post]
-func (c *ApiController) WebAuthnSignupFinish() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	user := c.getCurrentUser()
-	if user == nil {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-	sessionObj := c.GetSession("registration")
-	sessionData, ok := sessionObj.(webauthn.SessionData)
-	if !ok {
-		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
-		return
-	}
-	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-
-	credential, err := webauthnObj.FinishRegistration(user, sessionData, c.Ctx.Request)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	isGlobalAdmin := c.IsGlobalAdmin()
-	_, err = user.AddCredentials(*credential, isGlobalAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
-
-// WebAuthnSigninBegin
-// @Title WebAuthnSigninBegin
-// @Tag Login API
-// @Description WebAuthn Login Flow 1st stage
-// @Param   owner     query    string  true        "owner"
-// @Param   name     query    string  true        "name"
-// @Success 200 {object} protocol.CredentialAssertion The CredentialAssertion object
-// @router /webauthn/signin/begin [get]
-func (c *ApiController) WebAuthnSigninBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	userOwner := c.Input().Get("owner")
-	userName := c.Input().Get("name")
-	user, err := object.GetUserByFields(userOwner, userName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-		return
-	}
-	if len(user.WebauthnCredentials) == 0 {
-		c.ResponseError(c.T("webauthn:Found no credentials for this user"))
-		return
-	}
-
-	options, sessionData, err := webauthnObj.BeginLogin(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSession("authentication", *sessionData)
-	c.Data["json"] = options
-	c.ServeJSON()
-}
-
-// WebAuthnSigninFinish
-// @Title WebAuthnSigninBegin
-// @Tag Login API
-// @Description WebAuthn Login Flow 2nd stage
-// @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
-// @Success 200 {object} controllers.Response "The Response object"
-// @router /webauthn/signin/finish [post]
-func (c *ApiController) WebAuthnSigninFinish() {
-	responseType := c.Input().Get("responseType")
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	sessionObj := c.GetSession("authentication")
-	sessionData, ok := sessionObj.(webauthn.SessionData)
-	if !ok {
-		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
-		return
-	}
-	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-	userId := string(sessionData.UserID)
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSessionUsername(userId)
-	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-
-	application, err := object.GetApplicationByUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var authForm form.AuthForm
-	authForm.Type = responseType
-	resp := c.HandleLoggedIn(application, user, &authForm)
-	c.Data["json"] = resp
-	c.ServeJSON()
-}
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@ -1,148 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetWebhooks
-// @Title GetWebhooks
-// @Tag Webhook API
-// @Description get webhooks
-// @Param   owner     query    string  built-in/admin	true        "The owner of webhooks"
-// @Success 200 {array} object.Webhook The Response object
-// @router /get-webhooks [get]
-// @Security test_apiKey
-func (c *ApiController) GetWebhooks() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
-
-	if limit == "" || page == "" {
-		webhooks, err := object.GetWebhooks(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(webhooks)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetWebhookCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-
-		webhooks, err := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(webhooks, paginator.Nums())
-	}
-}
-
-// GetWebhook
-// @Title GetWebhook
-// @Tag Webhook API
-// @Description get webhook
-// @Param   id     query    string  built-in/admin	true        "The id ( owner/name ) of the webhook"
-// @Success 200 {object} object.Webhook The Response object
-// @router /get-webhook [get]
-func (c *ApiController) GetWebhook() {
-	id := c.Input().Get("id")
-
-	webhook, err := object.GetWebhook(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(webhook)
-}
-
-// UpdateWebhook
-// @Title UpdateWebhook
-// @Tag Webhook API
-// @Description update webhook
-// @Param   id     query    string  built-in/admin true        "The id ( owner/name ) of the webhook"
-// @Param   body    body   object.Webhook  true        "The details of the webhook"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-webhook [post]
-func (c *ApiController) UpdateWebhook() {
-	id := c.Input().Get("id")
-
-	var webhook object.Webhook
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateWebhook(id, &webhook))
-	c.ServeJSON()
-}
-
-// AddWebhook
-// @Title AddWebhook
-// @Tag Webhook API
-// @Description add webhook
-// @Param   body    body   object.Webhook  true        "The details of the webhook"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-webhook [post]
-func (c *ApiController) AddWebhook() {
-	var webhook object.Webhook
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddWebhook(&webhook))
-	c.ServeJSON()
-}
-
-// DeleteWebhook
-// @Title DeleteWebhook
-// @Tag Webhook API
-// @Description delete webhook
-// @Param   body    body   object.Webhook  true        "The details of the webhook"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-webhook [post]
-func (c *ApiController) DeleteWebhook() {
-	var webhook object.Webhook
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteWebhook(&webhook))
-	c.ServeJSON()
-}
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@ -1,37 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import "github.com/alexedwards/argon2id"
-
-type Argon2idCredManager struct{}
-
-func NewArgon2idCredManager() *Argon2idCredManager {
-	cm := &Argon2idCredManager{}
-	return cm
-}
-
-func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
-	if err != nil {
-		return ""
-	}
-	return hash
-}
-
-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
-	return match
-}
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@ -1,23 +0,0 @@
-package cred
-
-import "golang.org/x/crypto/bcrypt"
-
-type BcryptCredManager struct{}
-
-func NewBcryptCredManager() *BcryptCredManager {
-	cm := &BcryptCredManager{}
-	return cm
-}
-
-func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
-	if err != nil {
-		return ""
-	}
-	return string(bytes)
-}
-
-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
-	return err == nil
-}
--- a/cred/manager.go
+++ b/cred/manager.go
@ -1,37 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-type CredManager interface {
-	GetHashedPassword(password string, userSalt string, organizationSalt string) string
-	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
-}
-
-func GetCredManager(passwordType string) CredManager {
-	if passwordType == "plain" {
-		return NewPlainCredManager()
-	} else if passwordType == "salt" {
-		return NewSha256SaltCredManager()
-	} else if passwordType == "md5-salt" {
-		return NewMd5UserSaltCredManager()
-	} else if passwordType == "bcrypt" {
-		return NewBcryptCredManager()
-	} else if passwordType == "pbkdf2-salt" {
-		return NewPbkdf2SaltCredManager()
-	} else if passwordType == "argon2id" {
-		return NewArgon2idCredManager()
-	}
-	return nil
-}
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@ -1,50 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/md5"
-	"encoding/hex"
-)
-
-type Md5UserSaltCredManager struct{}
-
-func getMd5(data []byte) []byte {
-	hash := md5.Sum(data)
-	return hash[:]
-}
-
-func getMd5HexDigest(s string) string {
-	b := getMd5([]byte(s))
-	res := hex.EncodeToString(b)
-	return res
-}
-
-func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
-	cm := &Md5UserSaltCredManager{}
-	return cm
-}
-
-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getMd5HexDigest(password)
-	if userSalt != "" {
-		res = getMd5HexDigest(res + userSalt)
-	}
-	return res
-}
-
-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
-}
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@ -1,40 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha256"
-	"encoding/base64"
-
-	"golang.org/x/crypto/pbkdf2"
-)
-
-type Pbkdf2SaltCredManager struct{}
-
-func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
-	cm := &Pbkdf2SaltCredManager{}
-	return cm
-}
-
-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
-	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
-	return base64.StdEncoding.EncodeToString(res)
-}
-
-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
-}
--- a/cred/plain.go
+++ b/cred/plain.go
@ -1,30 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-type PlainCredManager struct{}
-
-func NewPlainCredManager() *PlainCredManager {
-	cm := &PlainCredManager{}
-	return cm
-}
-
-func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	return password
-}
-
-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == plainPwd
-}
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@ -1,50 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-)
-
-type Sha256SaltCredManager struct{}
-
-func getSha256(data []byte) []byte {
-	hash := sha256.Sum256(data)
-	return hash[:]
-}
-
-func getSha256HexDigest(s string) string {
-	b := getSha256([]byte(s))
-	res := hex.EncodeToString(b)
-	return res
-}
-
-func NewSha256SaltCredManager() *Sha256SaltCredManager {
-	cm := &Sha256SaltCredManager{}
-	return cm
-}
-
-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getSha256HexDigest(password)
-	if organizationSalt != "" {
-		res = getSha256HexDigest(res + organizationSalt)
-	}
-	return res
-}
-
-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
-}
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@ -1,34 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"fmt"
-	"testing"
-)
-
-func TestGetSaltedPassword(t *testing.T) {
-	password := "123456"
-	salt := "123"
-	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
-}
-
-func TestGetPassword(t *testing.T) {
-	password := "123456"
-	cm := NewSha256SaltCredManager()
-	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
-}
--- a/crowdin.yml
+++ b/crowdin.yml
@ -1,10 +0,0 @@
-project_id: '491513'
-api_token_env: 'CROWDIN_PERSONAL_TOKEN'
-preserve_hierarchy: true
-files: [
-  # JSON translation files
-    {
-        source: '/i18n/locales/en/data.json',
-        translation: '/i18n/locales/%two_letters_code%/data.json',
-    },
-]
--- a/deployment/deploy.go
+++ b/deployment/deploy.go
@ -1,71 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package deployment
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/storage"
-	"github.com/casdoor/casdoor/util"
-	"github.com/casdoor/oss"
-)
-
-func deployStaticFiles(provider *object.Provider) {
-	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
-	if storageProvider == nil {
-		panic(fmt.Sprintf("the provider type: %s is not supported", provider.Type))
-	}
-
-	uploadFolder(storageProvider, "js")
-	uploadFolder(storageProvider, "css")
-	updateHtml(provider.Domain)
-}
-
-func uploadFolder(storageProvider oss.StorageInterface, folder string) {
-	path := fmt.Sprintf("../web/build/static/%s/", folder)
-	filenames := util.ListFiles(path)
-
-	for _, filename := range filenames {
-		if !strings.HasSuffix(filename, folder) {
-			continue
-		}
-
-		file, err := os.Open(filepath.Clean(path + filename))
-		if err != nil {
-			panic(err)
-		}
-
-		objectKey := fmt.Sprintf("static/%s/%s", folder, filename)
-		_, err = storageProvider.Put(objectKey, file)
-		if err != nil {
-			panic(err)
-		}
-
-		fmt.Printf("Uploaded [%s] to [%s]\n", path, objectKey)
-	}
-}
-
-func updateHtml(domainPath string) {
-	htmlPath := "../web/build/index.html"
-	html := util.ReadStringFromPath(htmlPath)
-	html = strings.Replace(html, "\"/static/", fmt.Sprintf("\"%s", domainPath), -1)
-	util.WriteStringToPath(html, htmlPath)
-
-	fmt.Printf("Updated HTML to [%s]\n", html)
-}
--- a/deployment/deploy_test.go
+++ b/deployment/deploy_test.go
@ -1,36 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !skipCi
-// +build !skipCi
-
-package deployment
-
-import (
-	"testing"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func TestDeployStaticFiles(t *testing.T) {
-	object.InitConfig()
-
-	provider, err := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
-	if err != nil {
-		panic(err)
-	}
-
-	deployStaticFiles(provider)
-}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,27 +0,0 @@
-version: '3.1'
-services:
-  casdoor:
-    restart: always
-    build:
-      context: ./
-      dockerfile: Dockerfile
-      target: STANDARD
-    entrypoint: /bin/sh -c './server --createDatabase=true'
-    ports:
-      - "8000:8000"
-    depends_on:
-      - db
-    environment:
-      RUNNING_IN_DOCKER: "true"
-    volumes:
-      - ./conf:/conf/
-  db:
-    restart: always
-    image: mysql:8.0.25
-    platform: linux/amd64
-    ports:
-      - "3306:3306"
-    environment:
-      MYSQL_ROOT_PASSWORD: 123456
-    volumes:
-      - /usr/local/docker/mysql:/var/lib/mysql
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -1,8 +0,0 @@
-#!/bin/bash
-if [ "${MYSQL_ROOT_PASSWORD}" = "" ] ;then MYSQL_ROOT_PASSWORD=123456 ;fi
-
-service mariadb start
-
-mysqladmin -u root password ${MYSQL_ROOT_PASSWORD}
-
-exec /server --createDatabase=true
--- a/form/auth.go
+++ b/form/auth.go
@ -1,60 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package form
-
-type AuthForm struct {
-	Type string `json:"type"`
-
-	Organization string `json:"organization"`
-	Username     string `json:"username"`
-	Password     string `json:"password"`
-	Name         string `json:"name"`
-	FirstName    string `json:"firstName"`
-	LastName     string `json:"lastName"`
-	Email        string `json:"email"`
-	Phone        string `json:"phone"`
-	Affiliation  string `json:"affiliation"`
-	IdCard       string `json:"idCard"`
-	Region       string `json:"region"`
-
-	Application string `json:"application"`
-	ClientId    string `json:"clientId"`
-	Provider    string `json:"provider"`
-	Code        string `json:"code"`
-	State       string `json:"state"`
-	RedirectUri string `json:"redirectUri"`
-	Method      string `json:"method"`
-
-	EmailCode   string `json:"emailCode"`
-	PhoneCode   string `json:"phoneCode"`
-	CountryCode string `json:"countryCode"`
-
-	AutoSignin bool `json:"autoSignin"`
-
-	RelayState   string `json:"relayState"`
-	SamlRequest  string `json:"samlRequest"`
-	SamlResponse string `json:"samlResponse"`
-
-	CaptchaType  string `json:"captchaType"`
-	CaptchaToken string `json:"captchaToken"`
-	ClientSecret string `json:"clientSecret"`
-
-	MfaType      string `json:"mfaType"`
-	Passcode     string `json:"passcode"`
-	RecoveryCode string `json:"recoveryCode"`
-
-	Plan    string `json:"plan"`
-	Pricing string `json:"pricing"`
-}
--- a/form/verification.go
+++ b/form/verification.go
@ -1,67 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package form
-
-import (
-	"strings"
-
-	"github.com/casdoor/casdoor/i18n"
-)
-
-type VerificationForm struct {
-	Dest          string `form:"dest"`
-	Type          string `form:"type"`
-	CountryCode   string `form:"countryCode"`
-	ApplicationId string `form:"applicationId"`
-	Method        string `form:"method"`
-	CheckUser     string `form:"checkUser"`
-
-	CaptchaType  string `form:"captchaType"`
-	ClientSecret string `form:"clientSecret"`
-	CaptchaToken string `form:"captchaToken"`
-}
-
-const (
-	SendVerifyCode = 0
-	VerifyCaptcha  = 1
-)
-
-func (form *VerificationForm) CheckParameter(checkType int, lang string) string {
-	if checkType == SendVerifyCode {
-		if form.Type == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": type."
-		}
-		if form.Dest == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": dest."
-		}
-		if form.CaptchaType == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": checkType."
-		}
-		if !strings.Contains(form.ApplicationId, "/") {
-			return i18n.Translate(lang, "verification:Wrong parameter") + ": applicationId."
-		}
-	}
-
-	if form.CaptchaType != "none" {
-		if form.CaptchaToken == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": captchaToken."
-		}
-		if form.ClientSecret == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": clientSecret."
-		}
-	}
-
-	return ""
-}
--- a/go.mod
+++ b/go.mod
@ -1,68 +1,23 @@
 module github.com/casdoor/casdoor

-go 1.16
+go 1.15

 require (
-	github.com/Masterminds/squirrel v1.5.3
-	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
-	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.188 // indirect
-	github.com/aws/aws-sdk-go v1.44.4
-	github.com/beego/beego v1.12.12
-	github.com/beevik/etree v1.1.0
-	github.com/casbin/casbin v1.9.1 // indirect
-	github.com/casbin/casbin/v2 v2.30.1
-	github.com/casdoor/go-sms-sender v0.12.0
-	github.com/casdoor/gomail/v2 v2.0.1
-	github.com/casdoor/oss v1.3.0
-	github.com/casdoor/xorm-adapter/v3 v3.0.4
-	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
-	github.com/denisenkom/go-mssqldb v0.9.0
-	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
-	github.com/fogleman/gg v1.3.0
-	github.com/forestmgy/ldapserver v1.1.0
-	github.com/go-git/go-git/v5 v5.6.0
-	github.com/go-ldap/ldap/v3 v3.3.0
-	github.com/go-mysql-org/go-mysql v1.7.0
-	github.com/go-pay/gopay v1.5.72
-	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-webauthn/webauthn v0.6.0
-	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/uuid v1.3.0
-	github.com/gorilla/mux v1.7.3 // indirect
-	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
-	github.com/lestrrat-go/jwx v1.2.21
-	github.com/lib/pq v1.10.2
-	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
-	github.com/markbates/goth v1.75.2
-	github.com/mitchellh/mapstructure v1.5.0
-	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
-	github.com/nyaruka/phonenumbers v1.1.5
-	github.com/pquerna/otp v1.4.0
-	github.com/prometheus/client_golang v1.11.1
-	github.com/prometheus/client_model v0.3.0
-	github.com/qiangmzsx/string-adapter/v2 v2.1.0
-	github.com/robfig/cron/v3 v3.0.1
-	github.com/russellhaering/gosaml2 v0.9.0
-	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/satori/go.uuid v1.2.0
-	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
-	github.com/shirou/gopsutil v3.21.11+incompatible
-	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
-	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.8.3
-	github.com/tealeg/xlsx v1.0.5
-	github.com/thanhpk/randstr v1.0.4
-	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/xorm-io/builder v0.3.13
-	github.com/xorm-io/core v0.7.4
-	github.com/xorm-io/xorm v1.1.6
-	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/crypto v0.11.0
-	golang.org/x/net v0.13.0
-	golang.org/x/oauth2 v0.10.0
-	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	modernc.org/sqlite v1.18.2
+	github.com/gin-contrib/cors v1.3.1
+	github.com/gin-gonic/gin v1.6.3
+	github.com/go-playground/validator/v10 v10.4.0 // indirect
+	github.com/go-sql-driver/mysql v1.5.0
+	github.com/golang/protobuf v1.4.3 // indirect
+	github.com/google/uuid v1.1.2
+	github.com/joho/godotenv v1.3.0
+	github.com/json-iterator/go v1.1.10 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/ugorji/go v1.1.12 // indirect
+	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 // indirect
+	golang.org/x/sys v0.0.0-20201029080932-201ba4db2418 // indirect
+	google.golang.org/protobuf v1.25.0 // indirect
+	gopkg.in/yaml.v2 v2.3.0 // indirect
+	xorm.io/core v0.7.2
+	xorm.io/xorm v0.8.1
 )
--- a/go.sum
+++ b/go.sum
--- a/i18n/generate.go
+++ b/i18n/generate.go
@ -1,146 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package i18n
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strings"
-
-	"github.com/casdoor/casdoor/util"
-)
-
-type I18nData map[string]map[string]string
-
-var (
-	reI18nFrontend          *regexp.Regexp
-	reI18nBackendObject     *regexp.Regexp
-	reI18nBackendController *regexp.Regexp
-)
-
-func init() {
-	reI18nFrontend, _ = regexp.Compile("i18next.t\\(\"(.*?)\"\\)")
-	reI18nBackendObject, _ = regexp.Compile("i18n.Translate\\((.*?)\"\\)")
-	reI18nBackendController, _ = regexp.Compile("c.T\\((.*?)\"\\)")
-}
-
-func getAllI18nStringsFrontend(fileContent string) []string {
-	res := []string{}
-
-	matches := reI18nFrontend.FindAllStringSubmatch(fileContent, -1)
-	if matches == nil {
-		return res
-	}
-
-	for _, match := range matches {
-		res = append(res, match[1])
-	}
-	return res
-}
-
-func getAllI18nStringsBackend(fileContent string, isObjectPackage bool) []string {
-	res := []string{}
-	if isObjectPackage {
-		matches := reI18nBackendObject.FindAllStringSubmatch(fileContent, -1)
-		if matches == nil {
-			return res
-		}
-		for _, match := range matches {
-			match := strings.SplitN(match[1], ",", 2)
-			res = append(res, match[1][2:])
-		}
-	} else {
-		matches := reI18nBackendController.FindAllStringSubmatch(fileContent, -1)
-		if matches == nil {
-			return res
-		}
-		for _, match := range matches {
-			res = append(res, match[1][1:])
-		}
-	}
-
-	return res
-}
-
-func getAllFilePathsInFolder(folder string, fileSuffix string) []string {
-	res := []string{}
-	err := filepath.Walk(folder,
-		func(path string, info os.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-
-			if !strings.HasSuffix(info.Name(), fileSuffix) {
-				return nil
-			}
-
-			res = append(res, path)
-			fmt.Println(path, info.Name())
-			return nil
-		})
-	if err != nil {
-		panic(err)
-	}
-
-	return res
-}
-
-func parseAllWords(category string) *I18nData {
-	var paths []string
-	if category == "backend" {
-		paths = getAllFilePathsInFolder("../", ".go")
-	} else {
-		paths = getAllFilePathsInFolder("../web/src", ".js")
-	}
-
-	allWords := []string{}
-	for _, path := range paths {
-		fileContent := util.ReadStringFromPath(path)
-
-		var words []string
-		if category == "backend" {
-			isObjectPackage := strings.Contains(path, "object")
-			words = getAllI18nStringsBackend(fileContent, isObjectPackage)
-		} else {
-			words = getAllI18nStringsFrontend(fileContent)
-		}
-		allWords = append(allWords, words...)
-	}
-	fmt.Printf("%v\n", allWords)
-
-	data := I18nData{}
-	for _, word := range allWords {
-		tokens := strings.SplitN(word, ":", 2)
-		namespace := tokens[0]
-		key := tokens[1]
-
-		if _, ok := data[namespace]; !ok {
-			data[namespace] = map[string]string{}
-		}
-		data[namespace][key] = key
-	}
-
-	return &data
-}
-
-func applyToOtherLanguage(category string, language string, newData *I18nData) {
-	oldData := readI18nFile(category, language)
-	println(oldData)
-
-	applyData(newData, oldData)
-	writeI18nFile(category, language, newData)
-}
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@ -1,58 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !skipCi
-// +build !skipCi
-
-package i18n
-
-import "testing"
-
-func TestGenerateI18nFrontend(t *testing.T) {
-	data := parseAllWords("frontend")
-
-	applyToOtherLanguage("frontend", "en", data)
-	applyToOtherLanguage("frontend", "zh", data)
-	applyToOtherLanguage("frontend", "es", data)
-	applyToOtherLanguage("frontend", "fr", data)
-	applyToOtherLanguage("frontend", "de", data)
-	applyToOtherLanguage("frontend", "id", data)
-	applyToOtherLanguage("frontend", "ja", data)
-	applyToOtherLanguage("frontend", "ko", data)
-	applyToOtherLanguage("frontend", "ru", data)
-	applyToOtherLanguage("frontend", "vi", data)
-	applyToOtherLanguage("frontend", "pt", data)
-	applyToOtherLanguage("frontend", "it", data)
-	applyToOtherLanguage("frontend", "ms", data)
-	applyToOtherLanguage("frontend", "tr", data)
-}
-
-func TestGenerateI18nBackend(t *testing.T) {
-	data := parseAllWords("backend")
-
-	applyToOtherLanguage("backend", "en", data)
-	applyToOtherLanguage("backend", "zh", data)
-	applyToOtherLanguage("backend", "es", data)
-	applyToOtherLanguage("backend", "fr", data)
-	applyToOtherLanguage("backend", "de", data)
-	applyToOtherLanguage("backend", "id", data)
-	applyToOtherLanguage("backend", "ja", data)
-	applyToOtherLanguage("backend", "ko", data)
-	applyToOtherLanguage("backend", "ru", data)
-	applyToOtherLanguage("backend", "vi", data)
-	applyToOtherLanguage("backend", "pt", data)
-	applyToOtherLanguage("backend", "it", data)
-	applyToOtherLanguage("backend", "ms", data)
-	applyToOtherLanguage("backend", "tr", data)
-}
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Konnte den Benutzer nicht hinzufügen",
-    "Get init score failed, error: %w": "Init-Score konnte nicht abgerufen werden, Fehler: %w",
-    "Please sign out first": "Bitte melden Sie sich zuerst ab",
-    "The application does not allow to sign up new account": "Die Anwendung erlaubt es nicht, sich für ein neues Konto anzumelden"
-  },
-  "auth": {
-    "Challenge method should be S256": "Die Challenge-Methode sollte S256 sein",
-    "Failed to create user, user information is invalid: %s": "Es konnte kein Benutzer erstellt werden, da die Benutzerinformationen ungültig sind: %s",
-    "Failed to login in: %s": "Konnte nicht anmelden: %s",
-    "Invalid token": "Ungültiges Token",
-    "State expected: %s, but got: %s": "Erwarteter Zustand: %s, aber erhalten: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Das Konto für den Anbieter: %s und Benutzernamen: %s (%s) existiert nicht und darf nicht über %%s als neues Konto erstellt werden. Bitte nutzen Sie einen anderen Weg, um sich anzumelden",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) existiert nicht und es ist nicht erlaubt, ein neues Konto anzumelden. Bitte wenden Sie sich an Ihren IT-Support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) ist bereits mit einem anderen Konto verknüpft: %s (%s)",
-    "The application: %s does not exist": "Die Anwendung: %s existiert nicht",
-    "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
-    "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
-    "Unauthorized operation": "Nicht autorisierte Operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Zugehörigkeit darf nicht leer sein",
-    "DisplayName cannot be blank": "Anzeigename kann nicht leer sein",
-    "DisplayName is not valid real name": "DisplayName ist kein gültiger Vorname",
-    "Email already exists": "E-Mail existiert bereits",
-    "Email cannot be empty": "E-Mail darf nicht leer sein",
-    "Email is invalid": "E-Mail ist ungültig",
-    "Empty username.": "Leerer Benutzername.",
-    "FirstName cannot be blank": "Vorname darf nicht leer sein",
-    "LDAP user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
-    "LastName cannot be blank": "Nachname darf nicht leer sein",
-    "Multiple accounts with same uid, please check your ldap server": "Mehrere Konten mit derselben uid, bitte überprüfen Sie Ihren LDAP-Server",
-    "Organization does not exist": "Organisation existiert nicht",
-    "Password must have at least 6 characters": "Das Passwort muss mindestens 6 Zeichen enthalten",
-    "Phone already exists": "Telefon existiert bereits",
-    "Phone cannot be empty": "Das Telefon darf nicht leer sein",
-    "Phone number is invalid": "Die Telefonnummer ist ungültig",
-    "Session outdated, please login again": "Sitzung abgelaufen, bitte erneut anmelden",
-    "The user is forbidden to sign in, please contact the administrator": "Dem Benutzer ist der Zugang verboten, bitte kontaktieren Sie den Administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden.",
-    "Username already exists": "Benutzername existiert bereits",
-    "Username cannot be an email address": "Benutzername kann keine E-Mail-Adresse sein",
-    "Username cannot contain white spaces": "Benutzername darf keine Leerzeichen enthalten",
-    "Username cannot start with a digit": "Benutzername darf nicht mit einer Ziffer beginnen",
-    "Username is too long (maximum is 39 characters).": "Benutzername ist zu lang (das Maximum beträgt 39 Zeichen).",
-    "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Sie haben zu oft das falsche Passwort oder den falschen Code eingegeben. Bitte warten Sie %d Minuten und versuchen Sie es erneut",
-    "Your region is not allow to signup by phone": "Ihre Region ist nicht berechtigt, sich telefonisch anzumelden",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %d Versuche übrig",
-    "unsupported password type: %s": "Nicht unterstützter Passworttyp: %s"
-  },
-  "general": {
-    "Missing parameter": "Fehlender Parameter",
-    "Please login first": "Bitte zuerst einloggen",
-    "The user: %s doesn't exist": "Der Benutzer %s existiert nicht",
-    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Es gibt einen LDAP-Server"
-  },
-  "link": {
-    "Please link first": "Bitte verlinken Sie zuerst",
-    "This application has no providers": "Diese Anwendung hat keine Anbieter",
-    "This application has no providers of type": "Diese Anwendung hat keine Anbieter des Typs",
-    "This provider can't be unlinked": "Dieser Anbieter kann nicht entkoppelt werden",
-    "You are not the global admin, you can't unlink other users": "Sie sind nicht der globale Administrator, Sie können keine anderen Benutzer trennen",
-    "You can't unlink yourself, you are not a member of any application": "Du kannst dich nicht abmelden, du bist kein Mitglied einer Anwendung"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Nur der Administrator kann das %s ändern.",
-    "The %s is immutable.": "Das %s ist unveränderlich.",
-    "Unknown modify rule %s.": "Unbekannte Änderungsregel %s."
-  },
-  "provider": {
-    "Invalid application id": "Ungültige Anwendungs-ID",
-    "the provider: %s does not exist": "Der Anbieter %s existiert nicht"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "Benutzer ist null für Tag: Avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Benutzername oder vollständiger Dateipfad sind leer: Benutzername = %s, vollständiger Dateipfad = %s"
-  },
-  "saml": {
-    "Application %s not found": "Anwendung %s wurde nicht gefunden"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "Der Anbieter %s ist keine Kategorie von SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Leere Parameter für Email-Formular: %v",
-    "Invalid Email receivers: %s": "Ungültige E-Mail-Empfänger: %s",
-    "Invalid phone receivers: %s": "Ungültige Telefonempfänger: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "Der Objektschlüssel %s ist nicht erlaubt",
-    "The provider type: %s is not supported": "Der Anbieter-Typ %s wird nicht unterstützt"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Leerer clientId oder clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s wird von dieser Anwendung nicht unterstützt",
-    "Invalid application or wrong clientSecret": "Ungültige Anwendung oder falsches clientSecret",
-    "Invalid client_id": "Ungültige client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Weiterleitungs-URI: %s ist nicht in der Liste erlaubter Weiterleitungs-URIs vorhanden",
-    "Token not found, invalid accessToken": "Token nicht gefunden, ungültiger Zugriffs-Token"
-  },
-  "user": {
-    "Display name cannot be empty": "Anzeigename darf nicht leer sein",
-    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten."
-  },
-  "user_upload": {
-    "Failed to import users": "Fehler beim Importieren von Benutzern"
-  },
-  "util": {
-    "No application is found for userId: %s": "Es wurde keine Anwendung für die Benutzer-ID gefunden: %s",
-    "No provider for category: %s is found for application: %s": "Kein Anbieter für die Kategorie %s gefunden für die Anwendung: %s",
-    "The provider: %s is not found": "Der Anbieter: %s wurde nicht gefunden"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Der Code wurde noch nicht versendet!",
-    "Invalid captcha provider.": "Ungültiger Captcha-Anbieter.",
-    "Phone number is invalid in your region %s": "Die Telefonnummer ist in Ihrer Region %s ungültig",
-    "Turing test failed.": "Turing-Test fehlgeschlagen.",
-    "Unable to get the email modify rule.": "Nicht in der Lage, die E-Mail-Änderungsregel zu erhalten.",
-    "Unable to get the phone modify rule.": "Nicht in der Lage, die Telefon-Änderungsregel zu erhalten.",
-    "Unknown type": "Unbekannter Typ",
-    "Wrong verification code!": "Falscher Bestätigungscode!",
-    "You should verify your code in %d min!": "Du solltest deinen Code in %d Minuten verifizieren!",
-    "the user does not exist, please sign up first": "Der Benutzer existiert nicht, bitte zuerst anmelden"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Es wurden keine Anmeldeinformationen für diesen Benutzer gefunden",
-    "Please call WebAuthnSigninBegin first": "Bitte rufen Sie zuerst WebAuthnSigninBegin auf"
-  }
-}
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "No se pudo agregar el usuario",
-    "Get init score failed, error: %w": "Error al obtener el puntaje de inicio, error: %w",
-    "Please sign out first": "Por favor, cierra sesión primero",
-    "The application does not allow to sign up new account": "La aplicación no permite registrarse con una cuenta nueva"
-  },
-  "auth": {
-    "Challenge method should be S256": "El método de desafío debe ser S256",
-    "Failed to create user, user information is invalid: %s": "No se pudo crear el usuario, la información del usuario es inválida: %s",
-    "Failed to login in: %s": "No se ha podido iniciar sesión en: %s",
-    "Invalid token": "Token inválido",
-    "State expected: %s, but got: %s": "Estado esperado: %s, pero se obtuvo: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "La cuenta para el proveedor: %s y nombre de usuario: %s (%s) no existe y no está permitido registrarse como una cuenta nueva a través de %%s, por favor use otro método para registrarse",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "La cuenta para el proveedor: %s y el nombre de usuario: %s (%s) no existe y no se permite registrarse como una nueva cuenta, por favor contacte a su soporte de TI",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "La cuenta para proveedor: %s y nombre de usuario: %s (%s) ya está vinculada a otra cuenta: %s (%s)",
-    "The application: %s does not exist": "La aplicación: %s no existe",
-    "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
-    "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
-    "Unauthorized operation": "Operación no autorizada",
-    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Los servicios %s y %s no coinciden"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Afiliación no puede estar en blanco",
-    "DisplayName cannot be blank": "El nombre de visualización no puede estar en blanco",
-    "DisplayName is not valid real name": "El nombre de pantalla no es un nombre real válido",
-    "Email already exists": "El correo electrónico ya existe",
-    "Email cannot be empty": "El correo electrónico no puede estar vacío",
-    "Email is invalid": "El correo electrónico no es válido",
-    "Empty username.": "Nombre de usuario vacío.",
-    "FirstName cannot be blank": "El nombre no puede estar en blanco",
-    "LDAP user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
-    "LastName cannot be blank": "El apellido no puede estar en blanco",
-    "Multiple accounts with same uid, please check your ldap server": "Cuentas múltiples con el mismo uid, por favor revise su servidor ldap",
-    "Organization does not exist": "La organización no existe",
-    "Password must have at least 6 characters": "La contraseña debe tener al menos 6 caracteres",
-    "Phone already exists": "El teléfono ya existe",
-    "Phone cannot be empty": "Teléfono no puede estar vacío",
-    "Phone number is invalid": "El número de teléfono no es válido",
-    "Session outdated, please login again": "Sesión expirada, por favor vuelva a iniciar sesión",
-    "The user is forbidden to sign in, please contact the administrator": "El usuario no está autorizado a iniciar sesión, por favor contacte al administrador",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "El nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones o subrayados consecutivos, y no puede comenzar ni terminar con un guión o subrayado.",
-    "Username already exists": "El nombre de usuario ya existe",
-    "Username cannot be an email address": "Nombre de usuario no puede ser una dirección de correo electrónico",
-    "Username cannot contain white spaces": "Nombre de usuario no puede contener espacios en blanco",
-    "Username cannot start with a digit": "El nombre de usuario no puede empezar con un dígito",
-    "Username is too long (maximum is 39 characters).": "El nombre de usuario es demasiado largo (el máximo es de 39 caracteres).",
-    "Username must have at least 2 characters": "Nombre de usuario debe tener al menos 2 caracteres",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Has ingresado la contraseña o código incorrecto demasiadas veces, por favor espera %d minutos e intenta de nuevo",
-    "Your region is not allow to signup by phone": "Tu región no está permitida para registrarse por teléfono",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Contraseña o código incorrecto, tienes %d intentos restantes",
-    "unsupported password type: %s": "Tipo de contraseña no compatible: %s"
-  },
-  "general": {
-    "Missing parameter": "Parámetro faltante",
-    "Please login first": "Por favor, inicia sesión primero",
-    "The user: %s doesn't exist": "El usuario: %s no existe",
-    "don't support captchaProvider: ": "No apoyo a captchaProvider",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "El servidor LDAP existe"
-  },
-  "link": {
-    "Please link first": "Por favor, enlaza primero",
-    "This application has no providers": "Esta aplicación no tiene proveedores",
-    "This application has no providers of type": "Esta aplicación no tiene proveedores del tipo",
-    "This provider can't be unlinked": "Este proveedor no se puede desvincular",
-    "You are not the global admin, you can't unlink other users": "No eres el administrador global, no puedes desvincular a otros usuarios",
-    "You can't unlink yourself, you are not a member of any application": "No puedes desvincularte, no eres miembro de ninguna aplicación"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Solo el administrador puede modificar los %s.",
-    "The %s is immutable.": "El %s es inmutable.",
-    "Unknown modify rule %s.": "Regla de modificación desconocida %s."
-  },
-  "provider": {
-    "Invalid application id": "Identificación de aplicación no válida",
-    "the provider: %s does not exist": "El proveedor: %s no existe"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "El usuario es nulo para la etiqueta: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Nombre de usuario o ruta completa de archivo está vacío: nombre de usuario = %s, ruta completa de archivo = %s"
-  },
-  "saml": {
-    "Application %s not found": "Aplicación %s no encontrada"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "La categoría del proveedor %s no es SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Parámetros vacíos para el formulario de correo electrónico: %v",
-    "Invalid Email receivers: %s": "Receptores de correo electrónico no válidos: %s",
-    "Invalid phone receivers: %s": "Receptores de teléfono no válidos: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "El objectKey: %s no está permitido",
-    "The provider type: %s is not supported": "El tipo de proveedor: %s no es compatible"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "ClienteId o clienteSecret vacío",
-    "Grant_type: %s is not supported in this application": "El tipo de subvención: %s no es compatible con esta aplicación",
-    "Invalid application or wrong clientSecret": "Solicitud inválida o clientSecret incorrecto",
-    "Invalid client_id": "Identificador de cliente no válido",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "El URI de redirección: %s no existe en la lista de URI de redirección permitidos",
-    "Token not found, invalid accessToken": "Token no encontrado, accessToken inválido"
-  },
-  "user": {
-    "Display name cannot be empty": "El nombre de pantalla no puede estar vacío",
-    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco."
-  },
-  "user_upload": {
-    "Failed to import users": "Error al importar usuarios"
-  },
-  "util": {
-    "No application is found for userId: %s": "No se encuentra ninguna aplicación para el Id de usuario: %s",
-    "No provider for category: %s is found for application: %s": "No se encuentra un proveedor para la categoría: %s para la aplicación: %s",
-    "The provider: %s is not found": "El proveedor: %s no se encuentra"
-  },
-  "verification": {
-    "Code has not been sent yet!": "¡El código aún no ha sido enviado!",
-    "Invalid captcha provider.": "Proveedor de captcha no válido.",
-    "Phone number is invalid in your region %s": "El número de teléfono es inválido en tu región %s",
-    "Turing test failed.": "El test de Turing falló.",
-    "Unable to get the email modify rule.": "No se puede obtener la regla de modificación de correo electrónico.",
-    "Unable to get the phone modify rule.": "No se pudo obtener la regla de modificación del teléfono.",
-    "Unknown type": "Tipo desconocido",
-    "Wrong verification code!": "¡Código de verificación incorrecto!",
-    "You should verify your code in %d min!": "¡Deberías verificar tu código en %d minutos!",
-    "the user does not exist, please sign up first": "El usuario no existe, por favor regístrese primero"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "No se encontraron credenciales para este usuario",
-    "Please call WebAuthnSigninBegin first": "Por favor, llama primero a WebAuthnSigninBegin"
-  }
-}
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Échec d'ajout d'utilisateur",
-    "Get init score failed, error: %w": "Obtention du score initiale échouée, erreur : %w",
-    "Please sign out first": "Veuillez vous déconnecter en premier",
-    "The application does not allow to sign up new account": "L'application ne permet pas de créer un nouveau compte"
-  },
-  "auth": {
-    "Challenge method should be S256": "La méthode de défi doit être S256",
-    "Failed to create user, user information is invalid: %s": "Échec de la création de l'utilisateur, les informations utilisateur sont invalides : %s",
-    "Failed to login in: %s": "Échec de la connexion : %s",
-    "Invalid token": "Jeton invalide",
-    "State expected: %s, but got: %s": "État attendu : %s, mais obtenu : %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire en tant que nouveau compte via %%s, veuillez utiliser une autre méthode pour vous inscrire",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire comme nouveau compte, veuillez contacter votre support informatique",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Le compte du fournisseur : %s et le nom d'utilisateur : %s (%s) sont déjà liés à un autre compte : %s (%s)",
-    "The application: %s does not exist": "L'application : %s n'existe pas",
-    "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
-    "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
-    "Unauthorized operation": "Opération non autorisée",
-    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation ne peut pas être vide",
-    "DisplayName cannot be blank": "Le nom d'affichage ne peut pas être vide",
-    "DisplayName is not valid real name": "DisplayName n'est pas un nom réel valide",
-    "Email already exists": "E-mail déjà existant",
-    "Email cannot be empty": "L'e-mail ne peut pas être vide",
-    "Email is invalid": "L'adresse e-mail est invalide",
-    "Empty username.": "Nom d'utilisateur vide.",
-    "FirstName cannot be blank": "Le prénom ne peut pas être laissé vide",
-    "LDAP user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
-    "LastName cannot be blank": "Le nom de famille ne peut pas être vide",
-    "Multiple accounts with same uid, please check your ldap server": "Plusieurs comptes avec le même identifiant d'utilisateur, veuillez vérifier votre serveur LDAP",
-    "Organization does not exist": "L'organisation n'existe pas",
-    "Password must have at least 6 characters": "Le mot de passe doit comporter au moins 6 caractères",
-    "Phone already exists": "Le téléphone existe déjà",
-    "Phone cannot be empty": "Le téléphone ne peut pas être vide",
-    "Phone number is invalid": "Le numéro de téléphone est invalide",
-    "Session outdated, please login again": "Session expirée, veuillez vous connecter à nouveau",
-    "The user is forbidden to sign in, please contact the administrator": "L'utilisateur est interdit de se connecter, veuillez contacter l'administrateur",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Le nom d'utilisateur ne peut contenir que des caractères alphanumériques, des traits soulignés ou des tirets, ne peut pas avoir de tirets ou de traits soulignés consécutifs et ne peut pas commencer ou se terminer par un tiret ou un trait souligné.",
-    "Username already exists": "Nom d'utilisateur existe déjà",
-    "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
-    "Username cannot contain white spaces": "Nom d'utilisateur ne peut pas contenir d'espaces blancs",
-    "Username cannot start with a digit": "Nom d'utilisateur ne peut pas commencer par un chiffre",
-    "Username is too long (maximum is 39 characters).": "Nom d'utilisateur est trop long (maximum de 39 caractères).",
-    "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
-    "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %d chances",
-    "unsupported password type: %s": "Type de mot de passe non pris en charge : %s"
-  },
-  "general": {
-    "Missing parameter": "Paramètre manquant",
-    "Please login first": "Veuillez d'abord vous connecter",
-    "The user: %s doesn't exist": "L'utilisateur : %s n'existe pas",
-    "don't support captchaProvider: ": "Ne pas prendre en charge la captchaProvider",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Le serveur LDAP existe"
-  },
-  "link": {
-    "Please link first": "Veuillez d'abord faire le lien",
-    "This application has no providers": "Cette application n'a aucun fournisseur",
-    "This application has no providers of type": "Cette application ne dispose d'aucun fournisseur de type",
-    "This provider can't be unlinked": "Ce fournisseur ne peut pas être dissocié",
-    "You are not the global admin, you can't unlink other users": "Vous n'êtes pas l'administrateur global, vous ne pouvez pas détacher d'autres utilisateurs",
-    "You can't unlink yourself, you are not a member of any application": "Vous ne pouvez pas vous désolidariser, car vous n'êtes membre d'aucune application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Seul l'administrateur peut modifier le %s.",
-    "The %s is immutable.": "Le %s est immuable.",
-    "Unknown modify rule %s.": "Règle de modification inconnue %s."
-  },
-  "provider": {
-    "Invalid application id": "Identifiant d'application invalide",
-    "the provider: %s does not exist": "Le fournisseur : %s n'existe pas"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "L'utilisateur est nul pour la balise : avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Nom d'utilisateur ou chemin complet du fichier est vide : nom d'utilisateur = %s, chemin complet du fichier = %s"
-  },
-  "saml": {
-    "Application %s not found": "L'application %s n'a pas été trouvée"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "La catégorie du fournisseur %s n'est pas SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Paramètres vides pour emailForm : %v",
-    "Invalid Email receivers: %s": "Destinataires d'e-mail invalides : %s",
-    "Invalid phone receivers: %s": "Destinataires de téléphone invalide : %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "La clé d'objet : %s n'est pas autorisée",
-    "The provider type: %s is not supported": "Le type de fournisseur : %s n'est pas pris en charge"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "clientId ou clientSecret vide",
-    "Grant_type: %s is not supported in this application": "Type_de_subvention : %s n'est pas pris en charge dans cette application",
-    "Invalid application or wrong clientSecret": "Application invalide ou clientSecret incorrect",
-    "Invalid client_id": "Identifiant de client invalide",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI de redirection: %s n'existe pas dans la liste des URI de redirection autorisés",
-    "Token not found, invalid accessToken": "Jeton non trouvé, accessToken invalide"
-  },
-  "user": {
-    "Display name cannot be empty": "Le nom d'affichage ne peut pas être vide",
-    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace."
-  },
-  "user_upload": {
-    "Failed to import users": "Échec de l'importation des utilisateurs"
-  },
-  "util": {
-    "No application is found for userId: %s": "Aucune application n'a été trouvée pour l'identifiant d'utilisateur : %s",
-    "No provider for category: %s is found for application: %s": "Aucun fournisseur pour la catégorie: %s n'est trouvé pour l'application: %s",
-    "The provider: %s is not found": "Le fournisseur : %s n'a pas été trouvé"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Le code n'a pas encore été envoyé !",
-    "Invalid captcha provider.": "Fournisseur de captcha invalide.",
-    "Phone number is invalid in your region %s": "Le numéro de téléphone n'est pas valide dans votre région %s",
-    "Turing test failed.": "Le test de Turing a échoué.",
-    "Unable to get the email modify rule.": "Incapable d'obtenir la règle de modification de courriel.",
-    "Unable to get the phone modify rule.": "Impossible d'obtenir la règle de modification de téléphone.",
-    "Unknown type": "Type inconnu",
-    "Wrong verification code!": "Mauvais code de vérification !",
-    "You should verify your code in %d min!": "Vous devriez vérifier votre code en %d min !",
-    "the user does not exist, please sign up first": "L'utilisateur n'existe pas, veuillez vous inscrire d'abord"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Aucune référence trouvée pour cet utilisateur",
-    "Please call WebAuthnSigninBegin first": "Veuillez d'abord appeler WebAuthnSigninBegin"
-  }
-}
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Gagal menambahkan pengguna",
-    "Get init score failed, error: %w": "Gagal mendapatkan nilai init, kesalahan: %w",
-    "Please sign out first": "Silakan keluar terlebih dahulu",
-    "The application does not allow to sign up new account": "Aplikasi tidak memperbolehkan untuk mendaftar akun baru"
-  },
-  "auth": {
-    "Challenge method should be S256": "Metode tantangan harus S256",
-    "Failed to create user, user information is invalid: %s": "Gagal membuat pengguna, informasi pengguna tidak valid: %s",
-    "Failed to login in: %s": "Gagal masuk: %s",
-    "Invalid token": "Token tidak valid",
-    "State expected: %s, but got: %s": "Diharapkan: %s, tapi diperoleh: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru melalui %%s, silakan gunakan cara lain untuk mendaftar",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru, silakan hubungi dukungan IT Anda",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Akun untuk provider: %s dan username: %s (%s) sudah terhubung dengan akun lain: %s (%s)",
-    "The application: %s does not exist": "Aplikasi: %s tidak ada",
-    "The login method: login with password is not enabled for the application": "Metode login: login dengan kata sandi tidak diaktifkan untuk aplikasi tersebut",
-    "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
-    "Unauthorized operation": "Operasi tidak sah",
-    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Keterkaitan tidak boleh kosong",
-    "DisplayName cannot be blank": "Nama Pengguna tidak boleh kosong",
-    "DisplayName is not valid real name": "DisplayName bukanlah nama asli yang valid",
-    "Email already exists": "Email sudah ada",
-    "Email cannot be empty": "Email tidak boleh kosong",
-    "Email is invalid": "Email tidak valid",
-    "Empty username.": "Nama pengguna kosong.",
-    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
-    "LDAP user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
-    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
-    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server ldap Anda",
-    "Organization does not exist": "Organisasi tidak ada",
-    "Password must have at least 6 characters": "Kata sandi harus memiliki minimal 6 karakter",
-    "Phone already exists": "Telepon sudah ada",
-    "Phone cannot be empty": "Telepon tidak boleh kosong",
-    "Phone number is invalid": "Nomor telepon tidak valid",
-    "Session outdated, please login again": "Sesi kedaluwarsa, silakan masuk lagi",
-    "The user is forbidden to sign in, please contact the administrator": "Pengguna dilarang masuk, silakan hubungi administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Nama pengguna hanya bisa menggunakan karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki dua tanda hubung atau garis bawah berurutan, dan tidak boleh diawali atau diakhiri dengan tanda hubung atau garis bawah.",
-    "Username already exists": "Nama pengguna sudah ada",
-    "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
-    "Username cannot contain white spaces": "Username tidak boleh mengandung spasi",
-    "Username cannot start with a digit": "Username tidak dapat dimulai dengan angka",
-    "Username is too long (maximum is 39 characters).": "Nama pengguna terlalu panjang (maksimum 39 karakter).",
-    "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan kata sandi atau kode yang salah terlalu banyak kali, mohon tunggu selama %d menit dan coba lagi",
-    "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Kata sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
-    "unsupported password type: %s": "jenis sandi tidak didukung: %s"
-  },
-  "general": {
-    "Missing parameter": "Parameter hilang",
-    "Please login first": "Silahkan login terlebih dahulu",
-    "The user: %s doesn't exist": "Pengguna: %s tidak ada",
-    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Server ldap ada"
-  },
-  "link": {
-    "Please link first": "Tolong tautkan terlebih dahulu",
-    "This application has no providers": "Aplikasi ini tidak memiliki penyedia",
-    "This application has no providers of type": " Aplikasi ini tidak memiliki penyedia tipe ",
-    "This provider can't be unlinked": "Pemberi layanan ini tidak dapat dipisahkan",
-    "You are not the global admin, you can't unlink other users": "Anda bukan admin global, Anda tidak dapat memutuskan tautan pengguna lain",
-    "You can't unlink yourself, you are not a member of any application": "Anda tidak dapat memutuskan tautan diri sendiri, karena Anda bukan anggota dari aplikasi apa pun"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Hanya admin yang dapat memodifikasi %s.",
-    "The %s is immutable.": "%s tidak dapat diubah.",
-    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s."
-  },
-  "provider": {
-    "Invalid application id": "ID aplikasi tidak valid",
-    "the provider: %s does not exist": "provider: %s tidak ada"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "Pengguna kosong untuk tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Nama pengguna atau path lengkap file kosong: nama_pengguna = %s, path_lengkap_file = %s"
-  },
-  "saml": {
-    "Application %s not found": "Aplikasi %s tidak ditemukan"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "kategori penyedia %s bukan SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Parameter kosong untuk emailForm: %v",
-    "Invalid Email receivers: %s": "Penerima email tidak valid: %s",
-    "Invalid phone receivers: %s": "Penerima telepon tidak valid: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "Kunci objek: %s tidak diizinkan",
-    "The provider type: %s is not supported": "Jenis penyedia: %s tidak didukung"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Kosong clientId atau clientSecret",
-    "Grant_type: %s is not supported in this application": "Jenis grant (grant_type) %s tidak didukung dalam aplikasi ini",
-    "Invalid application or wrong clientSecret": "Aplikasi tidak valid atau clientSecret salah",
-    "Invalid client_id": "Invalid client_id = ID klien tidak valid",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI pengalihan: %s tidak ada dalam daftar URI Pengalihan yang diizinkan",
-    "Token not found, invalid accessToken": "Token tidak ditemukan, accessToken tidak valid"
-  },
-  "user": {
-    "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
-    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong."
-  },
-  "user_upload": {
-    "Failed to import users": "Gagal mengimpor pengguna"
-  },
-  "util": {
-    "No application is found for userId: %s": "Tidak ditemukan aplikasi untuk userId: %s",
-    "No provider for category: %s is found for application: %s": "Tidak ditemukan penyedia untuk kategori: %s untuk aplikasi: %s",
-    "The provider: %s is not found": "Penyedia: %s tidak ditemukan"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Kode belum dikirimkan!",
-    "Invalid captcha provider.": "Penyedia captcha tidak valid.",
-    "Phone number is invalid in your region %s": "Nomor telepon tidak valid di wilayah anda %s",
-    "Turing test failed.": "Tes Turing gagal.",
-    "Unable to get the email modify rule.": "Tidak dapat memperoleh aturan modifikasi email.",
-    "Unable to get the phone modify rule.": "Tidak dapat memodifikasi aturan telepon.",
-    "Unknown type": "Tipe tidak diketahui",
-    "Wrong verification code!": "Kode verifikasi salah!",
-    "You should verify your code in %d min!": "Anda harus memverifikasi kode Anda dalam %d menit!",
-    "the user does not exist, please sign up first": "Pengguna tidak ada, silakan daftar terlebih dahulu"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Tidak ditemukan kredensial untuk pengguna ini",
-    "Please call WebAuthnSigninBegin first": "Harap panggil WebAuthnSigninBegin terlebih dahulu"
-  }
-}
--- a/i18n/locales/it/data.json
+++ b/i18n/locales/it/data.json
@ -1,150 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "ユーザーの追加に失敗しました",
-    "Get init score failed, error: %w": "イニットスコアの取得に失敗しました。エラー：%w",
-    "Please sign out first": "最初にサインアウトしてください",
-    "The application does not allow to sign up new account": "アプリケーションは新しいアカウントの登録を許可しません"
-  },
-  "auth": {
-    "Challenge method should be S256": "チャレンジメソッドはS256である必要があります",
-    "Failed to create user, user information is invalid: %s": "ユーザーの作成に失敗しました。ユーザー情報が無効です：%s",
-    "Failed to login in: %s": "ログインできませんでした：%s",
-    "Invalid token": "無効なトークン",
-    "State expected: %s, but got: %s": "期待される状態： %s、実際には：%s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "プロバイダーのアカウント：%s とユーザー名：%s（%s）が存在せず、新しいアカウントを %%s 経由でサインアップすることはできません。他の方法でサインアップしてください",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "プロバイダー名：%sとユーザー名：%s（%s）のアカウントは存在しません。新しいアカウントとしてサインアップすることはできません。 ITサポートに連絡してください",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "プロバイダのアカウント：%s とユーザー名：%s (%s) は既に別のアカウント：%s (%s) にリンクされています",
-    "The application: %s does not exist": "アプリケーション: %sは存在しません",
-    "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
-    "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
-    "Unauthorized operation": "不正操作",
-    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "サービス%sと%sは一致しません"
-  },
-  "check": {
-    "Affiliation cannot be blank": "所属は空白にできません",
-    "DisplayName cannot be blank": "表示名は空白にできません",
-    "DisplayName is not valid real name": "表示名は有効な実名ではありません",
-    "Email already exists": "メールは既に存在します",
-    "Email cannot be empty": "メールが空白にできません",
-    "Email is invalid": "電子メールは無効です",
-    "Empty username.": "空のユーザー名。",
-    "FirstName cannot be blank": "ファーストネームは空白にできません",
-    "LDAP user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
-    "LastName cannot be blank": "姓は空白にできません",
-    "Multiple accounts with same uid, please check your ldap server": "同じuidを持つ複数のアカウントがあります。あなたのLDAPサーバーを確認してください",
-    "Organization does not exist": "組織は存在しません",
-    "Password must have at least 6 characters": "パスワードは少なくとも6つの文字が必要です",
-    "Phone already exists": "電話はすでに存在しています",
-    "Phone cannot be empty": "電話は空っぽにできません",
-    "Phone number is invalid": "電話番号が無効です",
-    "Session outdated, please login again": "セッションが期限切れになりました。再度ログインしてください",
-    "The user is forbidden to sign in, please contact the administrator": "ユーザーはサインインできません。管理者に連絡してください",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "ユーザー名には英数字、アンダースコア、ハイフンしか含めることができません。連続したハイフンまたはアンダースコアは不可であり、ハイフンまたはアンダースコアで始まるまたは終わることもできません。",
-    "Username already exists": "ユーザー名はすでに存在しています",
-    "Username cannot be an email address": "ユーザー名には電子メールアドレスを使用できません",
-    "Username cannot contain white spaces": "ユーザ名にはスペースを含めることはできません",
-    "Username cannot start with a digit": "ユーザー名は数字で始めることはできません",
-    "Username is too long (maximum is 39 characters).": "ユーザー名が長すぎます（最大39文字）。",
-    "Username must have at least 2 characters": "ユーザー名は少なくとも2文字必要です",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "あなたは間違ったパスワードまたはコードを何度も入力しました。%d 分間待ってから再度お試しください",
-    "Your region is not allow to signup by phone": "あなたの地域は電話でサインアップすることができません",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "パスワードまたはコードが間違っています。あと%d回の試行機会があります",
-    "unsupported password type: %s": "サポートされていないパスワードタイプ：%s"
-  },
-  "general": {
-    "Missing parameter": "不足しているパラメーター",
-    "Please login first": "最初にログインしてください",
-    "The user: %s doesn't exist": "そのユーザー：%sは存在しません",
-    "don't support captchaProvider: ": "captchaProviderをサポートしないでください",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "LDAPサーバーは存在します"
-  },
-  "link": {
-    "Please link first": "最初にリンクしてください",
-    "This application has no providers": "このアプリケーションにはプロバイダーがありません",
-    "This application has no providers of type": "「このアプリケーションには、タイプのプロバイダーがありません」と翻訳されます",
-    "This provider can't be unlinked": "このプロバイダーはリンク解除できません",
-    "You are not the global admin, you can't unlink other users": "あなたはグローバル管理者ではありません、他のユーザーとのリンクを解除することはできません",
-    "You can't unlink yourself, you are not a member of any application": "あなたは自分自身をアンリンクすることはできません、あなたはどのアプリケーションのメンバーでもありません"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "管理者のみが%sを変更できます。",
-    "The %s is immutable.": "%sは不変です。",
-    "Unknown modify rule %s.": "未知の変更ルール%s。"
-  },
-  "provider": {
-    "Invalid application id": "アプリケーションIDが無効です",
-    "the provider: %s does not exist": "プロバイダー%sは存在しません"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "ユーザーはタグ「アバター」に対してnilです",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "ユーザー名または完全なファイルパスが空です：ユーザー名 = %s、完全なファイルパス = %s"
-  },
-  "saml": {
-    "Application %s not found": "アプリケーション%sは見つかりません"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "プロバイダ %s のカテゴリはSAMLではありません"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "EmailFormの空のパラメーター：％v",
-    "Invalid Email receivers: %s": "無効な電子メール受信者：%s",
-    "Invalid phone receivers: %s": "電話受信者が無効です：%s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "オブジェクトキー %s は許可されていません",
-    "The provider type: %s is not supported": "プロバイダータイプ：%sはサポートされていません"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "クライアントIDまたはクライアントシークレットが空です",
-    "Grant_type: %s is not supported in this application": "grant_type：%sはこのアプリケーションでサポートされていません",
-    "Invalid application or wrong clientSecret": "無効なアプリケーションまたは誤ったクライアントシークレットです",
-    "Invalid client_id": "client_idが無効です",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "リダイレクトURI：%sは許可されたリダイレクトURIリストに存在しません",
-    "Token not found, invalid accessToken": "トークンが見つかりません。無効なアクセストークンです"
-  },
-  "user": {
-    "Display name cannot be empty": "表示名は空にできません",
-    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。"
-  },
-  "user_upload": {
-    "Failed to import users": "ユーザーのインポートに失敗しました"
-  },
-  "util": {
-    "No application is found for userId: %s": "ユーザーIDに対するアプリケーションが見つかりません： %s",
-    "No provider for category: %s is found for application: %s": "アプリケーション：%sのカテゴリ%sのプロバイダが見つかりません",
-    "The provider: %s is not found": "プロバイダー：%sが見つかりません"
-  },
-  "verification": {
-    "Code has not been sent yet!": "まだコードが送信されていません！",
-    "Invalid captcha provider.": "無効なCAPTCHAプロバイダー。",
-    "Phone number is invalid in your region %s": "電話番号はあなたの地域で無効です %s",
-    "Turing test failed.": "チューリングテストは失敗しました。",
-    "Unable to get the email modify rule.": "電子メール変更規則を取得できません。",
-    "Unable to get the phone modify rule.": "電話の変更ルールを取得できません。",
-    "Unknown type": "不明なタイプ",
-    "Wrong verification code!": "誤った検証コードです！",
-    "You should verify your code in %d min!": "あなたは%d分であなたのコードを確認する必要があります！",
-    "the user does not exist, please sign up first": "ユーザーは存在しません。まず登録してください"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "このユーザーの資格情報が見つかりませんでした",
-    "Please call WebAuthnSigninBegin first": "最初にWebAuthnSigninBeginを呼び出してください"
-  }
-}
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "사용자 추가 실패",
-    "Get init score failed, error: %w": "초기 점수 획득 실패, 오류: %w",
-    "Please sign out first": "먼저 로그아웃해주세요",
-    "The application does not allow to sign up new account": "이 응용 프로그램은 새로운 계정 가입을 허용하지 않습니다"
-  },
-  "auth": {
-    "Challenge method should be S256": "도전 방식은 S256이어야 합니다",
-    "Failed to create user, user information is invalid: %s": "사용자를 만들지 못했습니다. 사용자 정보가 잘못되었습니다: %s",
-    "Failed to login in: %s": "로그인에 실패했습니다.: %s",
-    "Invalid token": "유효하지 않은 토큰",
-    "State expected: %s, but got: %s": "예상한 상태: %s, 실제 상태: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "제공자 계정: %s와 사용자 이름: %s (%s)은(는) 존재하지 않으며 %%s를 통해 새 계정으로 가입하는 것이 허용되지 않습니다. 다른 방법으로 가입하십시오",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "공급자 계정 %s과 사용자 이름 %s (%s)는 존재하지 않으며 새 계정으로 등록할 수 없습니다. IT 지원팀에 문의하십시오",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "공급자 계정 %s과 사용자 이름 %s(%s)는 이미 다른 계정 %s(%s)에 연결되어 있습니다",
-    "The application: %s does not exist": "해당 애플리케이션(%s)이 존재하지 않습니다",
-    "The login method: login with password is not enabled for the application": "어플리케이션에서는 암호를 사용한 로그인 방법이 활성화되어 있지 않습니다",
-    "The provider: %s is not enabled for the application": "제공자 %s은(는) 응용 프로그램에서 활성화되어 있지 않습니다",
-    "Unauthorized operation": "무단 조작",
-    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "서비스 %s와 %s는 일치하지 않습니다"
-  },
-  "check": {
-    "Affiliation cannot be blank": "소속은 비워 둘 수 없습니다",
-    "DisplayName cannot be blank": "DisplayName는 비어 있을 수 없습니다",
-    "DisplayName is not valid real name": "DisplayName는 유효한 실제 이름이 아닙니다",
-    "Email already exists": "이메일이 이미 존재합니다",
-    "Email cannot be empty": "이메일은 비어 있을 수 없습니다",
-    "Email is invalid": "이메일이 유효하지 않습니다",
-    "Empty username.": "빈 사용자 이름.",
-    "FirstName cannot be blank": "이름은 공백일 수 없습니다",
-    "LDAP user name or password incorrect": "LDAP 사용자 이름 또는 암호가 잘못되었습니다",
-    "LastName cannot be blank": "성은 비어 있을 수 없습니다",
-    "Multiple accounts with same uid, please check your ldap server": "동일한 UID를 가진 여러 계정이 있습니다. LDAP 서버를 확인해주세요",
-    "Organization does not exist": "조직은 존재하지 않습니다",
-    "Password must have at least 6 characters": "암호는 적어도 6자 이상이어야 합니다",
-    "Phone already exists": "전화기는 이미 존재합니다",
-    "Phone cannot be empty": "전화는 비워 둘 수 없습니다",
-    "Phone number is invalid": "전화번호가 유효하지 않습니다",
-    "Session outdated, please login again": "세션이 만료되었습니다. 다시 로그인해주세요",
-    "The user is forbidden to sign in, please contact the administrator": "사용자는 로그인이 금지되어 있습니다. 관리자에게 문의하십시오",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "사용자 이름은 알파벳, 숫자, 밑줄 또는 하이픈만 포함할 수 있으며, 연속된 하이픈 또는 밑줄을 가질 수 없으며, 하이픈 또는 밑줄로 시작하거나 끝날 수 없습니다.",
-    "Username already exists": "사용자 이름이 이미 존재합니다",
-    "Username cannot be an email address": "사용자 이름은 이메일 주소가 될 수 없습니다",
-    "Username cannot contain white spaces": "사용자 이름에는 공백이 포함될 수 없습니다",
-    "Username cannot start with a digit": "사용자 이름은 숫자로 시작할 수 없습니다",
-    "Username is too long (maximum is 39 characters).": "사용자 이름이 너무 깁니다 (최대 39자).",
-    "Username must have at least 2 characters": "사용자 이름은 적어도 2개의 문자가 있어야 합니다",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "올바르지 않은 비밀번호나 코드를 여러 번 입력했습니다. %d분 동안 기다리신 후 다시 시도해주세요",
-    "Your region is not allow to signup by phone": "당신의 지역은 전화로 가입할 수 없습니다",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "암호 또는 코드가 올바르지 않습니다. %d번의 기회가 남아 있습니다",
-    "unsupported password type: %s": "지원되지 않는 암호 유형: %s"
-  },
-  "general": {
-    "Missing parameter": "누락된 매개변수",
-    "Please login first": "먼저 로그인 하십시오",
-    "The user: %s doesn't exist": "사용자 %s는 존재하지 않습니다",
-    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "LDAP 서버가 존재합니다"
-  },
-  "link": {
-    "Please link first": "먼저 링크해주세요",
-    "This application has no providers": "이 애플리케이션에는 제공자가 없습니다",
-    "This application has no providers of type": "이 응용 프로그램은 타입의 공급자가 없습니다",
-    "This provider can't be unlinked": "이 공급자는 연결이 해제될 수 없습니다",
-    "You are not the global admin, you can't unlink other users": "당신은 전역 관리자가 아니므로 다른 사용자와의 연결을 해제할 수 없습니다",
-    "You can't unlink yourself, you are not a member of any application": "당신은 어떤 애플리케이션의 회원이 아니기 때문에 스스로 링크를 해제할 수 없습니다"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "관리자만 %s을(를) 수정할 수 있습니다.",
-    "The %s is immutable.": "%s 는 변경할 수 없습니다.",
-    "Unknown modify rule %s.": "미확인 수정 규칙 %s."
-  },
-  "provider": {
-    "Invalid application id": "잘못된 애플리케이션 ID입니다",
-    "the provider: %s does not exist": "제공자 %s가 존재하지 않습니다"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "사용자는 아바타 태그에 대해 nil입니다",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "사용자 이름 또는 전체 파일 경로가 비어 있습니다: 사용자 이름 = %s, 전체 파일 경로 = %s"
-  },
-  "saml": {
-    "Application %s not found": "어플리케이션 %s을(를) 찾을 수 없습니다"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "제공 업체 %s의 카테고리는 SAML이 아닙니다"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "이메일 형식의 빈 매개 변수: %v",
-    "Invalid Email receivers: %s": "잘못된 이메일 수신자: %s",
-    "Invalid phone receivers: %s": "잘못된 전화 수신자: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "객체 키 : %s 는 허용되지 않습니다",
-    "The provider type: %s is not supported": "제공자 유형: %s은/는 지원되지 않습니다"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "클라이언트 ID 또는 클라이언트 비밀번호가 비어 있습니다",
-    "Grant_type: %s is not supported in this application": "그랜트 유형: %s은(는) 이 어플리케이션에서 지원되지 않습니다",
-    "Invalid application or wrong clientSecret": "잘못된 어플리케이션 또는 올바르지 않은 클라이언트 시크릿입니다",
-    "Invalid client_id": "잘못된 클라이언트 ID입니다",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "허용된 Redirect URI 목록에서 %s이(가) 존재하지 않습니다",
-    "Token not found, invalid accessToken": "토큰을 찾을 수 없습니다. 잘못된 액세스 토큰입니다"
-  },
-  "user": {
-    "Display name cannot be empty": "디스플레이 이름은 비어 있을 수 없습니다",
-    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다."
-  },
-  "user_upload": {
-    "Failed to import users": "사용자 가져오기를 실패했습니다"
-  },
-  "util": {
-    "No application is found for userId: %s": "어플리케이션을 찾을 수 없습니다. userId: %s",
-    "No provider for category: %s is found for application: %s": "어플리케이션 %s에서 %s 카테고리를 위한 공급자가 찾을 수 없습니다",
-    "The provider: %s is not found": "제공자: %s를 찾을 수 없습니다"
-  },
-  "verification": {
-    "Code has not been sent yet!": "코드는 아직 전송되지 않았습니다!",
-    "Invalid captcha provider.": "잘못된 captcha 제공자입니다.",
-    "Phone number is invalid in your region %s": "전화 번호가 당신의 지역 %s에서 유효하지 않습니다",
-    "Turing test failed.": "튜링 테스트 실패.",
-    "Unable to get the email modify rule.": "이메일 수정 규칙을 가져올 수 없습니다.",
-    "Unable to get the phone modify rule.": "전화 수정 규칙을 가져올 수 없습니다.",
-    "Unknown type": "알 수 없는 유형",
-    "Wrong verification code!": "잘못된 인증 코드입니다!",
-    "You should verify your code in %d min!": "당신은 %d분 안에 코드를 검증해야 합니다!",
-    "the user does not exist, please sign up first": "사용자가 존재하지 않습니다. 먼저 회원 가입 해주세요"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "이 사용자의 자격 증명을 찾을 수 없습니다",
-    "Please call WebAuthnSigninBegin first": "WebAuthnSigninBegin을 먼저 호출해주세요"
-  }
-}
--- a/i18n/locales/ms/data.json
+++ b/i18n/locales/ms/data.json
@ -1,150 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/pt/data.json
+++ b/i18n/locales/pt/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Не удалось добавить пользователя",
-    "Get init score failed, error: %w": "Не удалось получить исходный балл, ошибка: %w",
-    "Please sign out first": "Пожалуйста, сначала выйдите из системы",
-    "The application does not allow to sign up new account": "Приложение не позволяет зарегистрироваться новому аккаунту"
-  },
-  "auth": {
-    "Challenge method should be S256": "Метод испытаний должен быть S256",
-    "Failed to create user, user information is invalid: %s": "Не удалось создать пользователя, информация о пользователе недействительна: %s",
-    "Failed to login in: %s": "Не удалось войти в систему: %s",
-    "Invalid token": "Недействительный токен",
-    "State expected: %s, but got: %s": "Ожидался статус: %s, но получен: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Аккаунт провайдера: %s и имя пользователя: %s (%s) не существует и не может быть зарегистрирован через %%s, пожалуйста, используйте другой способ регистрации",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Аккаунт для провайдера: %s и имя пользователя: %s (%s) не существует и не может быть зарегистрирован как новый аккаунт. Пожалуйста, обратитесь в службу поддержки IT",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Аккаунт поставщика: %s и имя пользователя: %s (%s) уже связаны с другим аккаунтом: %s (%s)",
-    "The application: %s does not exist": "Приложение: %s не существует",
-    "The login method: login with password is not enabled for the application": "Метод входа: вход с паролем не включен для приложения",
-    "The provider: %s is not enabled for the application": "Провайдер: %s не включен для приложения",
-    "Unauthorized operation": "Несанкционированная операция",
-    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Сервисы %s и %s не совпадают"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Принадлежность не может быть пустым значением",
-    "DisplayName cannot be blank": "Имя отображения не может быть пустым",
-    "DisplayName is not valid real name": "DisplayName не является действительным именем",
-    "Email already exists": "Электронная почта уже существует",
-    "Email cannot be empty": "Электронная почта не может быть пустой",
-    "Email is invalid": "Адрес электронной почты недействительный",
-    "Empty username.": "Пустое имя пользователя.",
-    "FirstName cannot be blank": "Имя не может быть пустым",
-    "LDAP user name or password incorrect": "Неправильное имя пользователя или пароль Ldap",
-    "LastName cannot be blank": "Фамилия не может быть пустой",
-    "Multiple accounts with same uid, please check your ldap server": "Множественные учетные записи с тем же UID. Пожалуйста, проверьте свой сервер LDAP",
-    "Organization does not exist": "Организация не существует",
-    "Password must have at least 6 characters": "Пароль должен содержать не менее 6 символов",
-    "Phone already exists": "Телефон уже существует",
-    "Phone cannot be empty": "Телефон не может быть пустым",
-    "Phone number is invalid": "Номер телефона является недействительным",
-    "Session outdated, please login again": "Сессия устарела, пожалуйста, войдите снова",
-    "The user is forbidden to sign in, please contact the administrator": "Пользователю запрещен вход, пожалуйста, обратитесь к администратору",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Имя пользователя может состоять только из буквенно-цифровых символов, нижних подчеркиваний или дефисов, не может содержать последовательные дефисы или подчеркивания, а также не может начинаться или заканчиваться на дефис или подчеркивание.",
-    "Username already exists": "Имя пользователя уже существует",
-    "Username cannot be an email address": "Имя пользователя не может быть адресом электронной почты",
-    "Username cannot contain white spaces": "Имя пользователя не может содержать пробелы",
-    "Username cannot start with a digit": "Имя пользователя не может начинаться с цифры",
-    "Username is too long (maximum is 39 characters).": "Имя пользователя слишком длинное (максимальная длина - 39 символов).",
-    "Username must have at least 2 characters": "Имя пользователя должно содержать не менее 2 символов",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Вы ввели неправильный пароль или код слишком много раз, пожалуйста, подождите %d минут и попробуйте снова",
-    "Your region is not allow to signup by phone": "Ваш регион не разрешает регистрацию по телефону",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Неправильный пароль или код, у вас осталось %d попыток",
-    "unsupported password type: %s": "неподдерживаемый тип пароля: %s"
-  },
-  "general": {
-    "Missing parameter": "Отсутствующий параметр",
-    "Please login first": "Пожалуйста, сначала войдите в систему",
-    "The user: %s doesn't exist": "Пользователь %s не существует",
-    "don't support captchaProvider: ": "не поддерживайте captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "LDAP-сервер существует"
-  },
-  "link": {
-    "Please link first": "Пожалуйста, сначала установите ссылку",
-    "This application has no providers": "Это приложение не имеет провайдеров",
-    "This application has no providers of type": "Это приложение не имеет провайдеров данного типа",
-    "This provider can't be unlinked": "Этот провайдер не может быть отсоединен",
-    "You are not the global admin, you can't unlink other users": "Вы не являетесь глобальным администратором, вы не можете отсоединять других пользователей",
-    "You can't unlink yourself, you are not a member of any application": "Вы не можете отвязаться, так как вы не являетесь участником никакого приложения"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Только администратор может изменять %s.",
-    "The %s is immutable.": "%s неизменяемый.",
-    "Unknown modify rule %s.": "Неизвестное изменение правила %s."
-  },
-  "provider": {
-    "Invalid application id": "Неверный идентификатор приложения",
-    "the provider: %s does not exist": "провайдер: %s не существует"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "Пользователь равен нулю для тега: аватар",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Имя пользователя или полный путь к файлу пусты: имя_пользователя = %s, полный_путь_к_файлу = %s"
-  },
-  "saml": {
-    "Application %s not found": "Приложение %s не найдено"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "категория провайдера %s не является SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Пустые параметры для emailForm: %v",
-    "Invalid Email receivers: %s": "Некорректные получатели электронной почты: %s",
-    "Invalid phone receivers: %s": "Некорректные получатели телефонных звонков: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "Объект «objectKey: %s» не разрешен",
-    "The provider type: %s is not supported": "Тип поставщика: %s не поддерживается"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Пустой идентификатор клиента или секрет клиента",
-    "Grant_type: %s is not supported in this application": "Тип предоставления: %s не поддерживается в данном приложении",
-    "Invalid application or wrong clientSecret": "Недействительное приложение или неправильный clientSecret",
-    "Invalid client_id": "Недействительный идентификатор клиента",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI перенаправления: %s не существует в списке разрешенных URI перенаправления",
-    "Token not found, invalid accessToken": "Токен не найден, недействительный accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Отображаемое имя не может быть пустым",
-    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы."
-  },
-  "user_upload": {
-    "Failed to import users": "Не удалось импортировать пользователей"
-  },
-  "util": {
-    "No application is found for userId: %s": "Не найдено заявки для пользователя с идентификатором: %s",
-    "No provider for category: %s is found for application: %s": "Нет поставщика для категории: %s для приложения: %s",
-    "The provider: %s is not found": "Поставщик: %s не найден"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Код еще не был отправлен!",
-    "Invalid captcha provider.": "Недействительный поставщик CAPTCHA.",
-    "Phone number is invalid in your region %s": "Номер телефона недействителен в вашем регионе %s",
-    "Turing test failed.": "Тест Тьюринга не удался.",
-    "Unable to get the email modify rule.": "Невозможно получить правило изменения электронной почты.",
-    "Unable to get the phone modify rule.": "Невозможно получить правило изменения телефона.",
-    "Unknown type": "Неизвестный тип",
-    "Wrong verification code!": "Неправильный код подтверждения!",
-    "You should verify your code in %d min!": "Вы должны проверить свой код через %d минут!",
-    "the user does not exist, please sign up first": "Пользователь не существует, пожалуйста, сначала зарегистрируйтесь"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Не найдено учетных данных для этого пользователя",
-    "Please call WebAuthnSigninBegin first": "Пожалуйста, сначала вызовите WebAuthnSigninBegin"
-  }
-}
--- a/i18n/locales/tr/data.json
+++ b/i18n/locales/tr/data.json
@ -1,150 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yang Luo	8435f7b5a2	Merge pull request #7 from nodece/feat_application feat: add application module	2020-11-24 14:48:25 +00:00
Yang Luo	98734837a8	Merge pull request #6 from nodece/improve_user_style fix: improve user style	2020-11-24 14:04:29 +00:00
Zixuan Liu	218b96ed74	feat: add application Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-23 23:50:59 +08:00
Zixuan Liu	89476a79ad	fix: improve user style Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-23 22:10:11 +08:00
Yang Luo	b003838b00	Merge pull request #5 from nodece/master refactor: adjust the structure for decoupling	2020-11-12 00:09:18 +08:00
Zixuan Liu	5efc866a84	refactor: adjust the structure for decoupling Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-11 21:38:51 +08:00
Yang Luo	d77278fb93	Merge pull request #4 from nodece/master feat: building the main layout	2020-11-07 11:08:54 +08:00
Zixuan Liu	17b974f895	feat: building the main layout Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-07 01:08:03 +08:00
Yang Luo	046ed8fe3b	Merge pull request #3 from nodece/master refactor: migrate from Beego to Gin	2020-11-01 10:41:43 +08:00
Zixuan Liu	2422943a59	refactor: migrate from Beego to Gin Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-11-01 01:09:49 +08:00
Zixuan Liu	723c68822c	refactor: migrate to TypeScript (#2 ) * refactor: migrate to TypeScript Signed-off-by: Zixuan Liu <nodeces@gmail.com> * fix: cors Signed-off-by: Zixuan Liu <nodeces@gmail.com>	2020-10-31 23:20:40 +08:00