feat: support minio (#418 )

Signed-off-by: abingcbc <abingcbc626@gmail.com>
Fix GetUserByField()'s bug for idCard.
2025-07-22 15:43:50 +08:00 · 2022-01-13 21:48:00 +08:00 · 2022-01-13 12:48:15 +08:00 · 2022-01-13 11:35:13 +08:00 · 2022-01-07 20:34:27 +08:00 · 2022-01-04 19:52:29 +08:00
119 changed files with 6602 additions and 2178 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -32,7 +32,7 @@ jobs:
  release-and-push:
    name: Release And Push
    runs-on: ubuntu-latest
-    if: github.repository == 'casbin/casdoor' && github.event_name == 'push'
+    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
    needs: [ frontend, backend ]
    steps:
      - name: Checkout
@ -80,7 +80,7 @@ jobs:
        
      - name: Log in to Docker Hub
        uses: docker/login-action@v1
-        if: github.repository == 'casbin/casdoor' && github.event_name == 'push' &&steps.should_push.outputs.push=='true'
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' &&steps.should_push.outputs.push=='true'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
@ -88,7 +88,15 @@ jobs:
          
      - name: Push to Docker Hub
        uses: docker/build-push-action@v2
-        if: github.repository == 'casbin/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          push: true
          tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
+          
+      - name: Push All In One Version to Docker Hub
+        uses: docker/build-push-action@v2
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
+        with:
+          target: ALLINONE
+          push: true
+          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest
--- a/.github/workflows/sync.yml
+++ b/.github/workflows/sync.yml
@ -7,7 +7,7 @@ on:
 jobs:
  synchronize-with-crowdin:
    runs-on: ubuntu-latest
-    if: github.repository == 'casbin/casdoor' && github.event_name == 'push'
+    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
    steps:

    - name: Checkout
--- a/14
+++ b/14
@ -10,6 +10,19 @@ COPY ./web .
 RUN yarn config set registry https://registry.npm.taobao.org
 RUN yarn install && yarn run build

+
+FROM debian:latest AS ALLINONE
+RUN apt update && apt install -y mariadb-server mariadb-client&&mkdir -p web/build && chmod 777 /tmp
+LABEL MAINTAINER="https://casdoor.org/"
+COPY --from=BACK /go/src/casdoor/ ./
+COPY --from=BACK /usr/bin/wait-for-it ./
+COPY --from=FRONT /web/build /web/build
+CMD chmod 777 /tmp && service mariadb start&&\
+if [ "${MYSQL_ROOT_PASSWORD}" = "" ] ;then MYSQL_ROOT_PASSWORD=123456 ; fi&&\
+mysqladmin -u root password ${MYSQL_ROOT_PASSWORD} &&\
+./wait-for-it localhost:3306 -- ./server --createDatabase=true
+
+
 FROM alpine:latest
 RUN sed -i 's/https/http/' /etc/apk/repositories
 RUN apk add curl
@ -20,3 +33,4 @@ COPY --from=BACK /usr/bin/wait-for-it ./
 RUN mkdir -p web/build && apk add --no-cache bash coreutils
 COPY --from=FRONT /web/build /web/build
 CMD ./wait-for-it db:3306 -- ./server
+
--- a/README.md
+++ b/README.md
@ -34,6 +34,12 @@
  <a href="https://github.com/casbin/casdoor/network">
    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casbin/casdoor?style=flat-square">
  </a>
+  <a href="https://crowdin.com/project/casdoor-site">
+    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
+  </a>
+  <a href="https://gitter.im/casbin/casdoor">
+    <img alt="Gitter" src="https://badges.gitter.im/casbin/casdoor.svg">
+  </a>
 </p>

 ## Online demo
@ -41,8 +47,7 @@
 Deployed site: https://door.casbin.com/

 ## Quick Start
-
-Run your own casdoor program in a few minutes:smiley:
+Run your own casdoor program in a few minutes.

 ### Download

@ -117,9 +122,26 @@ go build main.go && sudo ./main

 ### Docker

+Casdoor provide 2 kinds of image: 
+- casbin/casdoor-all-in-one, in which casdoor binary, a mysql database and all necessary configurations are packed up. This image is for new user to have a trial on casdoor quickly. **With this image you can start a casdoor immediately with one single command (or two) without any complex configuration**. **Note: we DO NOT recommend you to use this image in productive environment**
+
+- casbin/casdoor: normal & graceful casdoor image with only casdoor and environment installed. 
+
 This method requires [docker](https://docs.docker.com/get-docker/) and [docker-compose](https://docs.docker.com/compose/install/) to be installed first.

-#### Simple configuration
+### Start casdoor with casbin/casdoor-all-in-one
+if the image is not pulled, pull it from dockerhub
+```shell
+docker pull casbin/casdoor-all-in-one
+```
+Start it with
+```shell
+docker run -p 8000:8000 casbin/casdoor-all-in-one
+```
+Now you can visit http://localhost:8000 and have a try. Default account and password is 'admin' and '123'. Go for it!
+
+### Start casdoor with casbin/casdoor
+#### modify the configurations
 For the convenience of your first attempt, docker-compose.yml contains commands to start a database via docker.

 Thus edit `conf/app.conf` to point out the location of database(db:3306), modify `dataSourceName` to the fixed content:
@ -138,14 +160,6 @@ docker-compose up

 That's it! Try to visit http://localhost:8000/. :small_airplane:

-### Docker Hub
-
-This method requires [docker](https://docs.docker.com/get-docker/) and [docker-compose](https://docs.docker.com/compose/install/) to be installed first.
-
-```bash
-docker pull casbin/casdoor
-```
-
 ## Detailed documentation

 We also provide a complete [document](https://casdoor.org/) as a reference.
--- a/authz/authz.go
+++ b/authz/authz.go
@ -80,6 +80,7 @@ p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, POST, /api/login/oauth/access_token, *, *
+p, *, *, POST, /api/login/oauth/refresh_token, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-users, *, *
 p, *, *, GET, /api/get-user, *, *
--- a/controllers/account.go
+++ b/controllers/account.go
@ -38,6 +38,7 @@ type RequestForm struct {
 	Email        string `json:"email"`
 	Phone        string `json:"phone"`
 	Affiliation  string `json:"affiliation"`
+	IdCard       string `json:"idCard"`
 	Region       string `json:"region"`

 	Application string `json:"application"`
@ -61,6 +62,7 @@ type Response struct {
 	Status string      `json:"status"`
 	Msg    string      `json:"msg"`
 	Sub    string      `json:"sub"`
+	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
 }
@ -151,6 +153,7 @@ func (c *ApiController) Signup() {
 		Phone:             form.Phone,
 		Address:           []string{},
 		Affiliation:       form.Affiliation,
+		IdCard:            form.IdCard,
 		Region:            form.Region,
 		Score:             getInitScore(),
 		IsAdmin:           false,
@ -220,6 +223,7 @@ func (c *ApiController) GetAccount() {
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
+		Name:   user.Name,
 		Data:   user,
 		Data2:  organization,
 	}
--- a/controllers/application.go
+++ b/controllers/application.go
@ -30,16 +30,21 @@ import (
 // @Success 200 {array} object.Application The Response object
 // @router /get-applications [get]
 func (c *ApiController) GetApplications() {
+	userId := c.GetSessionUsername()
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetApplications(owner)
+		c.Data["json"] = object.GetMaskedApplications(object.GetApplications(owner), userId)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetApplicationCount(owner)))
-		applications := object.GetPaginationApplications(owner, paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetApplicationCount(owner, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@ -52,9 +57,10 @@ func (c *ApiController) GetApplications() {
 // @Success 200 {object} object.Application The Response object
 // @router /get-application [get]
 func (c *ApiController) GetApplication() {
+	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")

-	c.Data["json"] = object.GetApplication(id)
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplication(id), userId)
 	c.ServeJSON()
 }

@ -66,6 +72,7 @@ func (c *ApiController) GetApplication() {
 // @Success 200 {object} object.Application The Response object
 // @router /get-user-application [get]
 func (c *ApiController) GetUserApplication() {
+	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
 	user := object.GetUser(id)
 	if user == nil {
@ -73,7 +80,7 @@ func (c *ApiController) GetUserApplication() {
 		return
 	}

-	c.Data["json"] = object.GetApplicationByUser(user)
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplicationByUser(user), userId)
 	c.ServeJSON()
 }

--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -55,7 +55,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce)
 		resp = codeToResponse(code)

-		if application.HasPromptPage() {
+		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
 			c.SetSessionUsername(userId)
 		}
@ -206,7 +206,15 @@ func (c *ApiController) Login() {
 			}
 		} else if provider.Category == "OAuth" {
 			// OAuth
-			idProvider := idp.GetIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, form.RedirectUri)
+
+			clientId := provider.ClientId
+			clientSecret := provider.ClientSecret
+			if provider.Type == "WeChat" && strings.Contains(c.Ctx.Request.UserAgent(), "MicroMessenger") {
+				clientId = provider.ClientId2
+				clientSecret = provider.ClientSecret2
+			}
+
+			idProvider := idp.GetIdProvider(provider.Type, clientId, clientSecret, form.RedirectUri)
 			if idProvider == nil {
 				c.ResponseError(fmt.Sprintf("The provider type: %s is not supported", provider.Type))
 				return
--- a/controllers/cert.go
+++ b/controllers/cert.go
@ -0,0 +1,116 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/astaxie/beego/utils/pagination"
+	"github.com/casbin/casdoor/object"
+	"github.com/casbin/casdoor/util"
+)
+
+// GetCerts
+// @Title GetCerts
+// @Tag Cert API
+// @Description get certs
+// @Param   owner     query    string  true        "The owner of certs"
+// @Success 200 {array} object.Cert The Response object
+// @router /get-certs [get]
+func (c *ApiController) GetCerts() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedCerts(object.GetCerts(owner))
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCertCount(owner, field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(certs, paginator.Nums())
+	}
+}
+
+// @Title GetCert
+// @Tag Cert API
+// @Description get cert
+// @Param   id    query    string  true        "The id of the cert"
+// @Success 200 {object} object.Cert The Response object
+// @router /get-cert [get]
+func (c *ApiController) GetCert() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedCert(object.GetCert(id))
+	c.ServeJSON()
+}
+
+// @Title UpdateCert
+// @Tag Cert API
+// @Description update cert
+// @Param   id    query    string  true        "The id of the cert"
+// @Param   body    body   object.Cert  true        "The details of the cert"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-cert [post]
+func (c *ApiController) UpdateCert() {
+	id := c.Input().Get("id")
+
+	var cert object.Cert
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateCert(id, &cert))
+	c.ServeJSON()
+}
+
+// @Title AddCert
+// @Tag Cert API
+// @Description add cert
+// @Param   body    body   object.Cert  true        "The details of the cert"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-cert [post]
+func (c *ApiController) AddCert() {
+	var cert object.Cert
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddCert(&cert))
+	c.ServeJSON()
+}
+
+// @Title DeleteCert
+// @Tag Cert API
+// @Description delete cert
+// @Param   body    body   object.Cert  true        "The details of the cert"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-cert [post]
+func (c *ApiController) DeleteCert() {
+	var cert object.Cert
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteCert(&cert))
+	c.ServeJSON()
+}
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@ -28,7 +28,7 @@ func (c *RootController) GetOidcDiscovery() {
 // @Tag OIDC API
 // @router /api/certs [get]
 func (c *RootController) GetOidcCert() {
-	jwks, err := object.GetJSONWebKeySet()
+	jwks, err := object.GetJsonWebKeySet()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/organization.go
+++ b/controllers/organization.go
@ -33,13 +33,17 @@ func (c *ApiController) GetOrganizations() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetMaskedOrganizations(object.GetOrganizations(owner))
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationCount(owner)))
-		organizations := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit))
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationCount(owner, field, value)))
+		organizations := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(organizations, paginator.Nums())
 	}
 }
--- a/controllers/permission.go
+++ b/controllers/permission.go
@ -0,0 +1,116 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/astaxie/beego/utils/pagination"
+	"github.com/casbin/casdoor/object"
+	"github.com/casbin/casdoor/util"
+)
+
+// GetPermissions
+// @Title GetPermissions
+// @Tag Permission API
+// @Description get permissions
+// @Param   owner     query    string  true        "The owner of permissions"
+// @Success 200 {array} object.Permission The Response object
+// @router /get-permissions [get]
+func (c *ApiController) GetPermissions() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetPermissions(owner)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPermissionCount(owner, field, value)))
+		permissions := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(permissions, paginator.Nums())
+	}
+}
+
+// @Title GetPermission
+// @Tag Permission API
+// @Description get permission
+// @Param   id    query    string  true        "The id of the permission"
+// @Success 200 {object} object.Permission The Response object
+// @router /get-permission [get]
+func (c *ApiController) GetPermission() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetPermission(id)
+	c.ServeJSON()
+}
+
+// @Title UpdatePermission
+// @Tag Permission API
+// @Description update permission
+// @Param   id    query    string  true        "The id of the permission"
+// @Param   body    body   object.Permission  true        "The details of the permission"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-permission [post]
+func (c *ApiController) UpdatePermission() {
+	id := c.Input().Get("id")
+
+	var permission object.Permission
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdatePermission(id, &permission))
+	c.ServeJSON()
+}
+
+// @Title AddPermission
+// @Tag Permission API
+// @Description add permission
+// @Param   body    body   object.Permission  true        "The details of the permission"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-permission [post]
+func (c *ApiController) AddPermission() {
+	var permission object.Permission
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddPermission(&permission))
+	c.ServeJSON()
+}
+
+// @Title DeletePermission
+// @Tag Permission API
+// @Description delete permission
+// @Param   body    body   object.Permission  true        "The details of the permission"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-permission [post]
+func (c *ApiController) DeletePermission() {
+	var permission object.Permission
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeletePermission(&permission))
+	c.ServeJSON()
+}
--- a/controllers/provider.go
+++ b/controllers/provider.go
@ -16,7 +16,6 @@ package controllers

 import (
 	"encoding/json"
-
 	"github.com/astaxie/beego/utils/pagination"
 	"github.com/casbin/casdoor/object"
 	"github.com/casbin/casdoor/util"
@ -33,13 +32,17 @@ func (c *ApiController) GetProviders() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetProviders(owner)
+		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner))
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner)))
-		providers := object.GetPaginationProviders(owner, paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner, field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@ -53,7 +56,7 @@ func (c *ApiController) GetProviders() {
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")

-	c.Data["json"] = object.GetProvider(id)
+	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
 	c.ServeJSON()
 }

--- a/controllers/record.go
+++ b/controllers/record.go
@ -31,13 +31,17 @@ import (
 func (c *ApiController) GetRecords() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetRecords()
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRecordCount()))
-		records := object.GetPaginationRecords(paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRecordCount(field, value)))
+		records := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(records, paginator.Nums())
 	}
 }
--- a/controllers/resource.go
+++ b/controllers/resource.go
@ -35,13 +35,17 @@ func (c *ApiController) GetResources() {
 	user := c.Input().Get("user")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetResources(owner, user)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetResourceCount(owner, user)))
-		resources := object.GetPaginationResources(owner, user, paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetResourceCount(owner, user, field, value)))
+		resources := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(resources, paginator.Nums())
 	}
 }
--- a/controllers/role.go
+++ b/controllers/role.go
@ -0,0 +1,116 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/astaxie/beego/utils/pagination"
+	"github.com/casbin/casdoor/object"
+	"github.com/casbin/casdoor/util"
+)
+
+// GetRoles
+// @Title GetRoles
+// @Tag Role API
+// @Description get roles
+// @Param   owner     query    string  true        "The owner of roles"
+// @Success 200 {array} object.Role The Response object
+// @router /get-roles [get]
+func (c *ApiController) GetRoles() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetRoles(owner)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRoleCount(owner, field, value)))
+		roles := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(roles, paginator.Nums())
+	}
+}
+
+// @Title GetRole
+// @Tag Role API
+// @Description get role
+// @Param   id    query    string  true        "The id of the role"
+// @Success 200 {object} object.Role The Response object
+// @router /get-role [get]
+func (c *ApiController) GetRole() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetRole(id)
+	c.ServeJSON()
+}
+
+// @Title UpdateRole
+// @Tag Role API
+// @Description update role
+// @Param   id    query    string  true        "The id of the role"
+// @Param   body    body   object.Role  true        "The details of the role"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-role [post]
+func (c *ApiController) UpdateRole() {
+	id := c.Input().Get("id")
+
+	var role object.Role
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateRole(id, &role))
+	c.ServeJSON()
+}
+
+// @Title AddRole
+// @Tag Role API
+// @Description add role
+// @Param   body    body   object.Role  true        "The details of the role"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-role [post]
+func (c *ApiController) AddRole() {
+	var role object.Role
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddRole(&role))
+	c.ServeJSON()
+}
+
+// @Title DeleteRole
+// @Tag Role API
+// @Description delete role
+// @Param   body    body   object.Role  true        "The details of the role"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-role [post]
+func (c *ApiController) DeleteRole() {
+	var role object.Role
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteRole(&role))
+	c.ServeJSON()
+}
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@ -33,13 +33,17 @@ func (c *ApiController) GetSyncers() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetSyncers(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner)))
-		syncers := object.GetPaginationSyncers(owner, paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, field, value)))
+		syncers := object.GetPaginationSyncers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(syncers, paginator.Nums())
 	}
 }
--- a/controllers/token.go
+++ b/controllers/token.go
@ -35,13 +35,17 @@ func (c *ApiController) GetTokens() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetTokens(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner)))
-		tokens := object.GetPaginationTokens(owner, paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, field, value)))
+		tokens := object.GetPaginationTokens(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(tokens, paginator.Nums())
 	}
 }
--- a/controllers/user.go
+++ b/controllers/user.go
@ -33,13 +33,17 @@ import (
 func (c *ApiController) GetGlobalUsers() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetMaskedUsers(object.GetGlobalUsers())
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalUserCount()))
-		users := object.GetPaginationGlobalUsers(paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalUserCount(field, value)))
+		users := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@ -55,13 +59,17 @@ func (c *ApiController) GetUsers() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetMaskedUsers(object.GetUsers(owner))
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetUserCount(owner)))
-		users := object.GetPaginationUsers(owner, paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetUserCount(owner, field, value)))
+		users := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@ -218,11 +226,6 @@ func (c *ApiController) SetPassword() {
 		c.ResponseError("Please login first.")
 		return
 	}
-	requestUser := object.GetUser(requestUserId)
-	if requestUser == nil {
-		c.ResponseError("Session outdated. Please login again.")
-		return
-	}

 	userId := fmt.Sprintf("%s/%s", userOwner, userName)
 	targetUser := object.GetUser(userId)
@ -232,15 +235,22 @@ func (c *ApiController) SetPassword() {
 	}

 	hasPermission := false
-
-	if requestUser.IsGlobalAdmin {
-		hasPermission = true
-	} else if requestUserId == userId {
-		hasPermission = true
-	} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
+	if strings.HasPrefix(requestUserId, "app/") {
 		hasPermission = true
+	} else {
+		requestUser := object.GetUser(requestUserId)
+		if requestUser == nil {
+			c.ResponseError("Session outdated. Please login again.")
+			return
+		}
+		if requestUser.IsGlobalAdmin {
+			hasPermission = true
+		} else if requestUserId == userId {
+			hasPermission = true
+		} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
+			hasPermission = true
+		}
 	}
-
 	if !hasPermission {
 		c.ResponseError("You don't have the permission to do this.")
 		return
@ -264,8 +274,6 @@ func (c *ApiController) SetPassword() {
 		return
 	}

-	c.SetSessionUsername("")
-
 	targetUser.Password = newPassword
 	object.SetUserField(targetUser, "password", targetUser.Password)
 	c.Data["json"] = Response{Status: "ok"}
@ -322,7 +330,7 @@ func (c *ApiController) GetUserCount() {

 	count := 0
 	if isOnline == "" {
-		count = object.GetUserCount(owner)
+		count = object.GetUserCount(owner, "", "")
 	} else {
 		count = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
 	}
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@ -0,0 +1,60 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"fmt"
+	"io"
+	"mime/multipart"
+	"os"
+
+	"github.com/casbin/casdoor/object"
+	"github.com/casbin/casdoor/util"
+)
+
+func saveFile(path string, file *multipart.File) {
+	f, err := os.Create(path)
+	if err != nil {
+		panic(err)
+	}
+	defer f.Close()
+
+	_, err = io.Copy(f, *file)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func (c *ApiController) UploadUsers() {
+	userId := c.GetSessionUsername()
+	owner, user := util.GetOwnerAndNameFromId(userId)
+
+	file, header, err := c.Ctx.Request.FormFile("file")
+	if err != nil {
+		panic(err)
+	}
+	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+
+	path := util.GetUploadXlsxPath(fileId)
+	util.EnsureFileFolderExists(path)
+	saveFile(path, &file)
+
+	affected := object.UploadUsers(owner, fileId)
+	if affected {
+		c.ResponseOk()
+	} else {
+		c.ResponseError("Failed to import users")
+	}
+}
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@ -33,13 +33,17 @@ func (c *ApiController) GetWebhooks() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetWebhooks(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner)))
-		webhooks := object.GetPaginationWebhooks(owner, paginator.Offset(), limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, field, value)))
+		webhooks := object.GetPaginationWebhooks(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(webhooks, paginator.Nums())
 	}
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@ -0,0 +1,23 @@
+package cred
+
+import "golang.org/x/crypto/bcrypt"
+
+type BcryptCredManager struct{}
+
+func NewBcryptCredManager() *BcryptCredManager {
+	cm := &BcryptCredManager{}
+	return cm
+}
+
+func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return ""
+	}
+	return string(bytes)
+}
+
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
+	return err == nil
+}
--- a/cred/manager.go
+++ b/cred/manager.go
@ -15,7 +15,8 @@
 package cred

 type CredManager interface {
-	GetSealedPassword(password string, userSalt string, organizationSalt string) string
+	GetHashedPassword(password string, userSalt string, organizationSalt string) string
+	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
 }

 func GetCredManager(passwordType string) CredManager {
@ -25,7 +26,8 @@ func GetCredManager(passwordType string) CredManager {
 		return NewSha256SaltCredManager()
 	} else if passwordType == "md5-salt" {
 		return NewMd5UserSaltCredManager()
+	} else if passwordType == "bcrypt" {
+		return NewBcryptCredManager()
 	}
-
 	return nil
 }
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@ -37,8 +37,12 @@ func NewMd5UserSaltCredManager() *Sha256SaltCredManager {
 	return cm
 }

-func (cm *Md5UserSaltCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	hash := getMd5HexDigest(password)
 	res := getMd5HexDigest(hash + userSalt)
 	return res
 }
+
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+}
--- a/cred/plain.go
+++ b/cred/plain.go
@ -21,6 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
 	return cm
 }

-func (cm *PlainCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	return password
 }
+
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == plainPwd
+}
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@ -37,8 +37,12 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	return cm
 }

-func (cm *Sha256SaltCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	hash := getSha256HexDigest(password)
 	res := getSha256HexDigest(hash + organizationSalt)
 	return res
 }
+
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+}
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@ -23,5 +23,5 @@ func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetSealedPassword(password, "", salt))
+	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
 }
--- a/go.mod
+++ b/go.mod
@ -25,8 +25,10 @@ require (
 	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/smartystreets/goconvey v1.6.4 // indirect
+	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
-	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
+	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
--- a/go.sum
+++ b/go.sum
@ -349,6 +349,8 @@ github.com/syndtr/goleveldb v0.0.0-20160425020131-cfa635847112/go.mod h1:Z4AUp2K
 github.com/syndtr/goleveldb v0.0.0-20181127023241-353a9fca669c/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
+github.com/tealeg/xlsx v1.0.5 h1:+f8oFmvY8Gw1iUXzPk+kz+4GpbDZPK1FhPiQRd+ypgE=
+github.com/tealeg/xlsx v1.0.5/go.mod h1:btRS8dz54TDnvKNosuAqxrM1QgN1udgk9O34bDCnORM=
 github.com/tencentcloud/tencentcloud-sdk-go v1.0.154 h1:THBgwGwUQtsw6L53cSSA2wwL3sLrm+HJ3Dk+ye/lMCI=
 github.com/tencentcloud/tencentcloud-sdk-go v1.0.154/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI=
 github.com/thanhpk/randstr v1.0.4 h1:IN78qu/bR+My+gHCvMEXhR/i5oriVHcTB/BJJIRTsNo=
@ -375,8 +377,9 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -440,8 +443,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200927032502-5d4f70055728/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200930145003-4acb6c075d10/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -493,15 +496,17 @@ golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
--- a/idp/goth.go
+++ b/idp/goth.go
@ -21,6 +21,7 @@ import (
 	"reflect"
 	"time"

+	"github.com/casbin/casdoor/util"
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/providers/amazon"
 	"github.com/markbates/goth/providers/apple"
@ -244,11 +245,27 @@ func getUser(gothUser goth.User) *UserInfo {
 	//Some idp return an empty Name
 	//so construct the Name with firstname and lastname or nickname
 	if user.Username == "" {
-		user.Username = fmt.Sprintf("%v%v", gothUser.FirstName, gothUser.LastName)
+		if gothUser.FirstName != "" && gothUser.LastName != "" {
+			user.Username = getName(gothUser.FirstName, gothUser.LastName)
+		} else {
+			user.Username = gothUser.NickName
+		}
 	}
-	if user.Username == "" {
-		user.Username = gothUser.NickName
+	if user.DisplayName == "" {
+		if gothUser.FirstName != "" && gothUser.LastName != "" {
+			user.DisplayName = getName(gothUser.FirstName, gothUser.LastName)
+		} else {
+			user.DisplayName = user.Username
+		}
 	}

 	return &user
 }
+
+func getName(firstName, lastName string) string {
+	if util.IsChinese(firstName) || util.IsChinese(lastName) {
+		return fmt.Sprintf("%s%s", lastName, firstName)
+	} else {
+		return fmt.Sprintf("%s %s", firstName, lastName)
+	}
+}
--- a/main.go
+++ b/main.go
@ -15,6 +15,8 @@
 package main

 import (
+	"flag"
+
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/logs"
 	"github.com/astaxie/beego/plugins/cors"
@ -23,12 +25,13 @@ import (
 	"github.com/casbin/casdoor/object"
 	"github.com/casbin/casdoor/proxy"
 	"github.com/casbin/casdoor/routers"
-
 	_ "github.com/casbin/casdoor/routers"
 )

 func main() {
-	object.InitAdapter()
+	createDatabase := flag.Bool("createDatabase", false, "true if you need casdoor to create database")
+	flag.Parse()
+	object.InitAdapter(*createDatabase)
 	object.InitDb()
 	object.InitDefaultStorageProvider()
 	object.InitLdapAutoSynchronizer()
--- a/object/adapter.go
+++ b/object/adapter.go
@ -20,8 +20,10 @@ import (

 	"github.com/astaxie/beego"
 	"github.com/casbin/casdoor/conf"
+	"github.com/casbin/casdoor/util"
+	//_ "github.com/denisenkom/go-mssqldb" // db = mssql
 	_ "github.com/go-sql-driver/mysql" // db = mysql
-	//_ "github.com/lib/pq"              // db = postgres
+	//_ "github.com/lib/pq"                // db = postgres
 	"xorm.io/xorm"
 )

@ -33,11 +35,15 @@ func InitConfig() {
 		panic(err)
 	}

-	InitAdapter()
+	InitAdapter(true)
 }

-func InitAdapter() {
+func InitAdapter(createDatabase bool) {
+
 	adapter = NewAdapter(beego.AppConfig.String("driverName"), conf.GetBeegoConfDataSourceName(), beego.AppConfig.String("dbName"))
+	if createDatabase {
+		adapter.CreateDatabase()
+	}
 	adapter.createTable()
 }

@ -73,7 +79,7 @@ func NewAdapter(driverName string, dataSourceName string, dbName string) *Adapte
 	return a
 }

-func (a *Adapter) createDatabase() error {
+func (a *Adapter) CreateDatabase() error {
 	engine, err := xorm.NewEngine(a.driverName, a.dataSourceName)
 	if err != nil {
 		return err
@ -85,13 +91,12 @@ func (a *Adapter) createDatabase() error {
 }

 func (a *Adapter) open() {
-	if a.driverName != "postgres" {
-		if err := a.createDatabase(); err != nil {
-			panic(err)
-		}
+	dataSourceName := a.dataSourceName + a.dbName
+	if a.driverName != "mysql" {
+		dataSourceName = a.dataSourceName
 	}

-	engine, err := xorm.NewEngine(a.driverName, a.dataSourceName+a.dbName)
+	engine, err := xorm.NewEngine(a.driverName, dataSourceName)
 	if err != nil {
 		panic(err)
 	}
@ -115,6 +120,16 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}

+	err = a.Engine.Sync2(new(Role))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Permission))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Provider))
 	if err != nil {
 		panic(err)
@ -155,8 +170,32 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}

+	err = a.Engine.Sync2(new(Cert))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Ldap))
 	if err != nil {
 		panic(err)
 	}
 }
+
+func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
+	session := adapter.Engine.Limit(limit, offset).Where("1=1")
+	if owner != "" {
+		session = session.And("owner=?", owner)
+	}
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	if sortField == "" || sortOrder == "" {
+		sortField = "created_time"
+	}
+	if sortOrder == "ascend" {
+		session = session.Asc(util.SnakeString(sortField))
+	} else {
+		session = session.Desc(util.SnakeString(sortField))
+	}
+	return session
+}
--- a/object/application.go
+++ b/object/application.go
@ -15,6 +15,8 @@
 package object

 import (
+	"fmt"
+
 	"github.com/casbin/casdoor/util"
 	"xorm.io/core"
 )
@ -24,17 +26,19 @@ type Application struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	DisplayName      string          `xorm:"varchar(100)" json:"displayName"`
-	Logo             string          `xorm:"varchar(100)" json:"logo"`
-	HomepageUrl      string          `xorm:"varchar(100)" json:"homepageUrl"`
-	Description      string          `xorm:"varchar(100)" json:"description"`
-	Organization     string          `xorm:"varchar(100)" json:"organization"`
-	EnablePassword   bool            `json:"enablePassword"`
-	EnableSignUp     bool            `json:"enableSignUp"`
-	EnableCodeSignin bool            `json:"enableCodeSignin"`
-	Providers        []*ProviderItem `xorm:"mediumtext" json:"providers"`
-	SignupItems      []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
-	OrganizationObj  *Organization   `xorm:"-" json:"organizationObj"`
+	DisplayName         string          `xorm:"varchar(100)" json:"displayName"`
+	Logo                string          `xorm:"varchar(100)" json:"logo"`
+	HomepageUrl         string          `xorm:"varchar(100)" json:"homepageUrl"`
+	Description         string          `xorm:"varchar(100)" json:"description"`
+	Organization        string          `xorm:"varchar(100)" json:"organization"`
+	Cert                string          `xorm:"varchar(100)" json:"cert"`
+	EnablePassword      bool            `json:"enablePassword"`
+	EnableSignUp        bool            `json:"enableSignUp"`
+	EnableSigninSession bool            `json:"enableSigninSession"`
+	EnableCodeSignin    bool            `json:"enableCodeSignin"`
+	Providers           []*ProviderItem `xorm:"mediumtext" json:"providers"`
+	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
+	OrganizationObj     *Organization   `xorm:"-" json:"organizationObj"`

 	ClientId             string   `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string   `xorm:"varchar(100)" json:"clientSecret"`
@ -51,8 +55,12 @@ type Application struct {
 	SigninHtml           string   `xorm:"mediumtext" json:"signinHtml"`
 }

-func GetApplicationCount(owner string) int {
-	count, err := adapter.Engine.Count(&Application{Owner: owner})
+func GetApplicationCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Application{})
 	if err != nil {
 		panic(err)
 	}
@ -70,9 +78,20 @@ func GetApplications(owner string) []*Application {
 	return applications
 }

-func GetPaginationApplications(owner string, offset, limit int) []*Application {
+func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&applications, &Application{Owner: owner})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&applications)
+	if err != nil {
+		panic(err)
+	}
+
+	return applications
+}
+
+func getApplicationsByOrganizationName(owner string, organization string) []*Application {
+	applications := []*Application{}
+	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -88,7 +107,7 @@ func getProviderMap(owner string) map[string]*Provider {
 		//	continue
 		//}

-		m[provider.Name] = getMaskedProvider(provider)
+		m[provider.Name] = GetMaskedProvider(provider)
 	}
 	return m
 }
@ -182,30 +201,47 @@ func GetApplicationByClientId(clientId string) *Application {
 	}
 }

-func GetApplicationByClientIdAndSecret(clientId, clientSecret string) *Application {
-	if util.IsStrsEmpty(clientId, clientSecret) {
-		return nil
-	}
-
-	app := GetApplicationByClientId(clientId)
-	if app == nil || app.ClientSecret != clientSecret {
-		return nil
-	}
-
-	return app
-}
-
 func GetApplication(id string) *Application {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getApplication(owner, name)
 }

+func GetMaskedApplication(application *Application, userId string) *Application {
+	if isUserIdGlobalAdmin(userId) {
+		return application
+	}
+
+	if application == nil {
+		return nil
+	}
+
+	if application.ClientSecret != "" {
+		application.ClientSecret = "***"
+	}
+	return application
+}
+
+func GetMaskedApplications(applications []*Application, userId string) []*Application {
+	if isUserIdGlobalAdmin(userId) {
+		return applications
+	}
+
+	for _, application := range applications {
+		application = GetMaskedApplication(application, userId)
+	}
+	return applications
+}
+
 func UpdateApplication(id string, application *Application) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	if getApplication(owner, name) == nil {
 		return false
 	}

+	if name == "app-built-in" {
+		application.Name = name
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}
@ -234,6 +270,10 @@ func AddApplication(application *Application) bool {
 }

 func DeleteApplication(application *Application) bool {
+	if application.Name == "app-built-in" {
+		return false
+	}
+
 	affected, err := adapter.Engine.ID(core.PK{application.Owner, application.Name}).Delete(&Application{})
 	if err != nil {
 		panic(err)
@ -241,3 +281,7 @@ func DeleteApplication(application *Application) bool {

 	return affected != 0
 }
+
+func (application *Application) GetId() string {
+	return fmt.Sprintf("%s/%s", application.Owner, application.Name)
+}
--- a/object/cert.go
+++ b/object/cert.go
@ -0,0 +1,164 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casbin/casdoor/util"
+	"xorm.io/core"
+)
+
+type Cert struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+
+	DisplayName     string `xorm:"varchar(100)" json:"displayName"`
+	Scope           string `xorm:"varchar(100)" json:"scope"`
+	Type            string `xorm:"varchar(100)" json:"type"`
+	CryptoAlgorithm string `xorm:"varchar(100)" json:"cryptoAlgorithm"`
+	BitSize         int    `json:"bitSize"`
+	ExpireInYears   int    `json:"expireInYears"`
+
+	PublicKey  string `xorm:"mediumtext" json:"publicKey"`
+	PrivateKey string `xorm:"mediumtext" json:"privateKey"`
+}
+
+func GetMaskedCert(cert *Cert) *Cert {
+	if cert == nil {
+		return nil
+	}
+
+	return cert
+}
+
+func GetMaskedCerts(certs []*Cert) []*Cert {
+	for _, cert := range certs {
+		cert = GetMaskedCert(cert)
+	}
+	return certs
+}
+
+func GetCertCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Cert{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetCerts(owner string) []*Cert {
+	certs := []*Cert{}
+	err := adapter.Engine.Desc("created_time").Find(&certs, &Cert{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return certs
+}
+
+func GetPaginationCerts(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Cert {
+	certs := []*Cert{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&certs)
+	if err != nil {
+		panic(err)
+	}
+
+	return certs
+}
+
+func getCert(owner string, name string) *Cert {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	cert := Cert{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&cert)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &cert
+	} else {
+		return nil
+	}
+}
+
+func GetCert(id string) *Cert {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getCert(owner, name)
+}
+
+func UpdateCert(id string, cert *Cert) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getCert(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(cert)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddCert(cert *Cert) bool {
+	if cert.PublicKey == "" || cert.PrivateKey == "" {
+		publicKey, privateKey := generateRsaKeys(cert.BitSize, cert.ExpireInYears, cert.Name, cert.Owner)
+		cert.PublicKey = publicKey
+		cert.PrivateKey = privateKey
+	}
+
+	affected, err := adapter.Engine.Insert(cert)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteCert(cert *Cert) bool {
+	affected, err := adapter.Engine.ID(core.PK{cert.Owner, cert.Name}).Delete(&Cert{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (p *Cert) GetId() string {
+	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
+}
+
+func getCertByApplication(application *Application) *Cert {
+	if application.Cert != "" {
+		return getCert("admin", application.Cert)
+	} else {
+		return GetDefaultCert()
+	}
+}
+
+func GetDefaultCert() *Cert {
+	return getCert("admin", "cert-built-in")
+}
--- a/object/check.go
+++ b/object/check.go
@ -107,12 +107,13 @@ func CheckPassword(user *User, password string) string {

 	credManager := cred.GetCredManager(organization.PasswordType)
 	if credManager != nil {
-		if organization.MasterPassword != "" && organization.MasterPassword == password {
-			return ""
+		if organization.MasterPassword != "" {
+			if credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
+				return ""
+			}
 		}

-		sealedPassword := credManager.GetSealedPassword(password, user.PasswordSalt, organization.PasswordSalt)
-		if user.Password == sealedPassword {
+		if credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt, organization.PasswordSalt) {
 			return ""
 		}
 		return "password incorrect"
--- a/object/init.go
+++ b/object/init.go
@ -14,12 +14,23 @@

 package object

-import "github.com/casbin/casdoor/util"
+import (
+	_ "embed"
+
+	"github.com/casbin/casdoor/util"
+)
+
+//go:embed token_jwt_key.pem
+var tokenJwtPublicKey string
+
+//go:embed token_jwt_key.key
+var tokenJwtPrivateKey string

 func InitDb() {
 	initBuiltInOrganization()
 	initBuiltInUser()
 	initBuiltInApplication()
+	initBuiltInCert()
 	initBuiltInLdap()
 }

@ -50,26 +61,28 @@ func initBuiltInUser() {
 	}

 	user = &User{
-		Owner:         "built-in",
-		Name:          "admin",
-		CreatedTime:   util.GetCurrentTime(),
-		Id:            util.GenerateId(),
-		Type:          "normal-user",
-		Password:      "123",
-		DisplayName:   "Admin",
-		Avatar:        "https://casbin.org/img/casbin.svg",
-		Email:         "admin@example.com",
-		Phone:         "12345678910",
-		Address:       []string{},
-		Affiliation:   "Example Inc.",
-		Tag:           "staff",
-		Score:         2000,
-		Ranking:       1,
-		IsAdmin:       true,
-		IsGlobalAdmin: true,
-		IsForbidden:   false,
-		IsDeleted:     false,
-		Properties:    make(map[string]string),
+		Owner:             "built-in",
+		Name:              "admin",
+		CreatedTime:       util.GetCurrentTime(),
+		Id:                util.GenerateId(),
+		Type:              "normal-user",
+		Password:          "123",
+		DisplayName:       "Admin",
+		Avatar:            "https://casbin.org/img/casbin.svg",
+		Email:             "admin@example.com",
+		Phone:             "12345678910",
+		Address:           []string{},
+		Affiliation:       "Example Inc.",
+		Tag:               "staff",
+		Score:             2000,
+		Ranking:           1,
+		IsAdmin:           true,
+		IsGlobalAdmin:     true,
+		IsForbidden:       false,
+		IsDeleted:         false,
+		SignupApplication: "built-in-app",
+		CreatedIp:         "127.0.0.1",
+		Properties:        make(map[string]string),
 	}
 	AddUser(user)
 }
@ -88,6 +101,7 @@ func initBuiltInApplication() {
 		Logo:           "https://cdn.casbin.com/logo/logo_1024x256.png",
 		HomepageUrl:    "https://casdoor.org",
 		Organization:   "built-in",
+		Cert:           "cert-built-in",
 		EnablePassword: true,
 		EnableSignUp:   true,
 		Providers:      []*ProviderItem{},
@ -107,6 +121,28 @@ func initBuiltInApplication() {
 	AddApplication(application)
 }

+func initBuiltInCert() {
+	cert := getCert("admin", "cert-built-in")
+	if cert != nil {
+		return
+	}
+
+	cert = &Cert{
+		Owner:           "admin",
+		Name:            "cert-built-in",
+		CreatedTime:     util.GetCurrentTime(),
+		DisplayName:     "Built-in Cert",
+		Scope:           "JWT",
+		Type:            "x509",
+		CryptoAlgorithm: "RSA",
+		BitSize:         4096,
+		ExpireInYears:   20,
+		PublicKey:       tokenJwtPublicKey,
+		PrivateKey:      tokenJwtPrivateKey,
+	}
+	AddCert(cert)
+}
+
 func initBuiltInLdap() {
 	ldap := GetLdap("ldap-built-in")
 	if ldap != nil {
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@ -72,17 +72,20 @@ func GetOidcDiscovery() OidcDiscovery {
 	return oidcDiscovery
 }

-func GetJSONWebKeySet() (jose.JSONWebKeySet, error) {
+func GetJsonWebKeySet() (jose.JSONWebKeySet, error) {
+	cert := GetDefaultCert()
+
 	//follows the protocol rfc 7517(draft)
 	//link here: https://self-issued.info/docs/draft-ietf-jose-json-web-key.html
 	//or https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key
-	certPEMBlock := []byte(tokenJwtPublicKey)
-	certDERBlock, _ := pem.Decode(certPEMBlock)
-	x509Cert, _ := x509.ParseCertificate(certDERBlock.Bytes)
+	certPemBlock := []byte(cert.PublicKey)
+	certDerBlock, _ := pem.Decode(certPemBlock)
+	x509Cert, _ := x509.ParseCertificate(certDerBlock.Bytes)

 	var jwk jose.JSONWebKey
 	jwk.Key = x509Cert.PublicKey
 	jwk.Certificates = []*x509.Certificate{x509Cert}
+	jwk.KeyID = cert.Name

 	var jwks jose.JSONWebKeySet
 	jwks.Keys = []jose.JSONWebKey{jwk}
--- a/object/organization.go
+++ b/object/organization.go
@ -15,6 +15,9 @@
 package object

 import (
+	"fmt"
+
+	"github.com/casbin/casdoor/cred"
 	"github.com/casbin/casdoor/util"
 	"xorm.io/core"
 )
@ -35,8 +38,12 @@ type Organization struct {
 	EnableSoftDeletion bool   `json:"enableSoftDeletion"`
 }

-func GetOrganizationCount(owner string) int {
-	count, err := adapter.Engine.Count(&Organization{Owner: owner})
+func GetOrganizationCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Organization{})
 	if err != nil {
 		panic(err)
 	}
@ -54,9 +61,10 @@ func GetOrganizations(owner string) []*Organization {
 	return organizations
 }

-func GetPaginationOrganizations(owner string, offset, limit int) []*Organization {
+func GetPaginationOrganizations(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Organization {
 	organizations := []*Organization{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&organizations, &Provider{Owner: owner})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&organizations)
 	if err != nil {
 		panic(err)
 	}
@ -111,6 +119,26 @@ func UpdateOrganization(id string, organization *Organization) bool {
 		return false
 	}

+	if name == "built-in" {
+		organization.Name = name
+	}
+
+	if name != organization.Name {
+		applications := getApplicationsByOrganizationName("admin", name)
+		for _, application := range applications {
+			application.Organization = organization.Name
+			UpdateApplication(application.GetId(), application)
+		}
+	}
+
+	if organization.MasterPassword != "" {
+		credManager := cred.GetCredManager(organization.PasswordType)
+		if credManager != nil {
+			hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, "", organization.PasswordSalt)
+			organization.MasterPassword = hashedPassword
+		}
+	}
+
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(organization)
 	if err != nil {
 		panic(err)
@ -129,6 +157,10 @@ func AddOrganization(organization *Organization) bool {
 }

 func DeleteOrganization(organization *Organization) bool {
+	if organization.Name == "built-in" {
+		return false
+	}
+
 	affected, err := adapter.Engine.ID(core.PK{organization.Owner, organization.Name}).Delete(&Organization{})
 	if err != nil {
 		panic(err)
--- a/object/permission.go
+++ b/object/permission.go
@ -0,0 +1,132 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casbin/casdoor/util"
+	"xorm.io/core"
+)
+
+type Permission struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+
+	Users []string `xorm:"mediumtext" json:"users"`
+	Roles []string `xorm:"mediumtext" json:"roles"`
+
+	ResourceType string   `xorm:"varchar(100)" json:"resourceType"`
+	Resources    []string `xorm:"mediumtext" json:"resources"`
+	Actions      []string `xorm:"mediumtext" json:"actions"`
+	Effect       string   `xorm:"varchar(100)" json:"effect"`
+
+	IsEnabled bool `json:"isEnabled"`
+}
+
+func GetPermissionCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Permission{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetPermissions(owner string) []*Permission {
+	permissions := []*Permission{}
+	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return permissions
+}
+
+func GetPaginationPermissions(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Permission {
+	permissions := []*Permission{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&permissions)
+	if err != nil {
+		panic(err)
+	}
+
+	return permissions
+}
+
+func getPermission(owner string, name string) *Permission {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	permission := Permission{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&permission)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &permission
+	} else {
+		return nil
+	}
+}
+
+func GetPermission(id string) *Permission {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getPermission(owner, name)
+}
+
+func UpdatePermission(id string, permission *Permission) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getPermission(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(permission)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddPermission(permission *Permission) bool {
+	affected, err := adapter.Engine.Insert(permission)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeletePermission(permission *Permission) bool {
+	affected, err := adapter.Engine.ID(core.PK{permission.Owner, permission.Name}).Delete(&Permission{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (permission *Permission) GetId() string {
+	return fmt.Sprintf("%s/%s", permission.Owner, permission.Name)
+}
--- a/object/provider.go
+++ b/object/provider.go
@ -26,12 +26,14 @@ type Provider struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	DisplayName  string `xorm:"varchar(100)" json:"displayName"`
-	Category     string `xorm:"varchar(100)" json:"category"`
-	Type         string `xorm:"varchar(100)" json:"type"`
-	Method       string `xorm:"varchar(100)" json:"method"`
-	ClientId     string `xorm:"varchar(100)" json:"clientId"`
-	ClientSecret string `xorm:"varchar(100)" json:"clientSecret"`
+	DisplayName   string `xorm:"varchar(100)" json:"displayName"`
+	Category      string `xorm:"varchar(100)" json:"category"`
+	Type          string `xorm:"varchar(100)" json:"type"`
+	Method        string `xorm:"varchar(100)" json:"method"`
+	ClientId      string `xorm:"varchar(100)" json:"clientId"`
+	ClientSecret  string `xorm:"varchar(100)" json:"clientSecret"`
+	ClientId2     string `xorm:"varchar(100)" json:"clientId2"`
+	ClientSecret2 string `xorm:"varchar(100)" json:"clientSecret2"`

 	Host    string `xorm:"varchar(100)" json:"host"`
 	Port    int    `json:"port"`
@ -56,22 +58,34 @@ type Provider struct {
 	ProviderUrl string `xorm:"varchar(200)" json:"providerUrl"`
 }

-func getMaskedProvider(provider *Provider) *Provider {
-	p := &Provider{
-		Owner:       provider.Owner,
-		Name:        provider.Name,
-		CreatedTime: provider.CreatedTime,
-		DisplayName: provider.DisplayName,
-		Category:    provider.Category,
-		Type:        provider.Type,
-		Method:      provider.Method,
-		ClientId:    provider.ClientId,
+func GetMaskedProvider(provider *Provider) *Provider {
+	if provider == nil {
+		return nil
 	}
-	return p
+
+	if provider.ClientSecret != "" {
+		provider.ClientSecret = "***"
+	}
+	if provider.ClientSecret2 != "" {
+		provider.ClientSecret2 = "***"
+	}
+
+	return provider
 }

-func GetProviderCount(owner string) int {
-	count, err := adapter.Engine.Count(&Provider{Owner: owner})
+func GetMaskedProviders(providers []*Provider) []*Provider {
+	for _, provider := range providers {
+		provider = GetMaskedProvider(provider)
+	}
+	return providers
+}
+
+func GetProviderCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Provider{})
 	if err != nil {
 		panic(err)
 	}
@ -89,9 +103,10 @@ func GetProviders(owner string) []*Provider {
 	return providers
 }

-func GetPaginationProviders(owner string, offset, limit int) []*Provider {
+func GetPaginationProviders(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Provider {
 	providers := []*Provider{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&providers, &Provider{Owner: owner})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&providers)
 	if err != nil {
 		panic(err)
 	}
--- a/object/record.go
+++ b/object/record.go
@ -47,6 +47,8 @@ type Record struct {
 	RequestUri   string `xorm:"varchar(1000)" json:"requestUri"`
 	Action       string `xorm:"varchar(1000)" json:"action"`

+	ExtendedUser *User `xorm:"-" json:"extendedUser"`
+
 	IsTriggered bool `json:"isTriggered"`
 }

@ -99,8 +101,12 @@ func AddRecord(record *Record) bool {
 	return affected != 0
 }

-func GetRecordCount() int {
-	count, err := adapter.Engine.Count(&Record{})
+func GetRecordCount(field, value string) int {
+	session := adapter.Engine.Where("1=1")
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Record{})
 	if err != nil {
 		panic(err)
 	}
@ -118,9 +124,10 @@ func GetRecords() []*Record {
 	return records
 }

-func GetPaginationRecords(offset, limit int) []*Record {
+func GetPaginationRecords(offset, limit int, field, value, sortField, sortOrder string) []*Record {
 	records := []*Record{}
-	err := adapter.Engine.Desc("id").Limit(limit, offset).Find(&records)
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&records)
 	if err != nil {
 		panic(err)
 	}
@ -141,6 +148,10 @@ func GetRecordsByField(record *Record) []*Record {
 func SendWebhooks(record *Record) error {
 	webhooks := getWebhooksByOrganization(record.Organization)
 	for _, webhook := range webhooks {
+		if !webhook.IsEnabled {
+			continue
+		}
+
 		matched := false
 		for _, event := range webhook.Events {
 			if record.Action == event {
@ -150,6 +161,11 @@ func SendWebhooks(record *Record) error {
 		}

 		if matched {
+			if webhook.IsUserExtended {
+				user := getUser(record.Organization, record.User)
+				record.ExtendedUser = user
+			}
+
 			err := sendWebhook(webhook, record)
 			if err != nil {
 				return err
--- a/object/resource.go
+++ b/object/resource.go
@ -39,8 +39,12 @@ type Resource struct {
 	Description string `xorm:"varchar(1000)" json:"description"`
 }

-func GetResourceCount(owner string, user string) int {
-	count, err := adapter.Engine.Count(&Resource{Owner: owner, User: user})
+func GetResourceCount(owner, user, field, value string) int {
+	session := adapter.Engine.Where("owner=? and user=?", owner, user)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Resource{})
 	if err != nil {
 		panic(err)
 	}
@ -63,14 +67,15 @@ func GetResources(owner string, user string) []*Resource {
 	return resources
 }

-func GetPaginationResources(owner, user string, offset, limit int) []*Resource {
+func GetPaginationResources(owner, user string, offset, limit int, field, value, sortField, sortOrder string) []*Resource {
 	if owner == "built-in" {
 		owner = ""
 		user = ""
 	}

 	resources := []*Resource{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&resources, &Resource{Owner: owner, User: user})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&resources, &Resource{User: user})
 	if err != nil {
 		panic(err)
 	}
--- a/object/role.go
+++ b/object/role.go
@ -0,0 +1,126 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casbin/casdoor/util"
+	"xorm.io/core"
+)
+
+type Role struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+
+	Users     []string `xorm:"mediumtext" json:"users"`
+	Roles     []string `xorm:"mediumtext" json:"roles"`
+	IsEnabled bool     `json:"isEnabled"`
+}
+
+func GetRoleCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Role{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetRoles(owner string) []*Role {
+	roles := []*Role{}
+	err := adapter.Engine.Desc("created_time").Find(&roles, &Role{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return roles
+}
+
+func GetPaginationRoles(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Role {
+	roles := []*Role{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&roles)
+	if err != nil {
+		panic(err)
+	}
+
+	return roles
+}
+
+func getRole(owner string, name string) *Role {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	role := Role{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&role)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &role
+	} else {
+		return nil
+	}
+}
+
+func GetRole(id string) *Role {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getRole(owner, name)
+}
+
+func UpdateRole(id string, role *Role) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getRole(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(role)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddRole(role *Role) bool {
+	affected, err := adapter.Engine.Insert(role)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteRole(role *Role) bool {
+	affected, err := adapter.Engine.ID(core.PK{role.Owner, role.Name}).Delete(&Role{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (role *Role) GetId() string {
+	return fmt.Sprintf("%s/%s", role.Owner, role.Name)
+}
--- a/object/syncer.go
+++ b/object/syncer.go
@ -41,6 +41,7 @@ type Syncer struct {
 	Port             int            `json:"port"`
 	User             string         `xorm:"varchar(100)" json:"user"`
 	Password         string         `xorm:"varchar(100)" json:"password"`
+	DatabaseType     string         `xorm:"varchar(100)" json:"databaseType"`
 	Database         string         `xorm:"varchar(100)" json:"database"`
 	Table            string         `xorm:"varchar(100)" json:"table"`
 	TablePrimaryKey  string         `xorm:"varchar(100)" json:"tablePrimaryKey"`
@ -53,8 +54,12 @@ type Syncer struct {
 	Adapter *Adapter `xorm:"-" json:"-"`
 }

-func GetSyncerCount(owner string) int {
-	count, err := adapter.Engine.Count(&Syncer{Owner: owner})
+func GetSyncerCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Syncer{})
 	if err != nil {
 		panic(err)
 	}
@ -72,9 +77,10 @@ func GetSyncers(owner string) []*Syncer {
 	return syncers
 }

-func GetPaginationSyncers(owner string, offset, limit int) []*Syncer {
+func GetPaginationSyncers(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Syncer {
 	syncers := []*Syncer{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&syncers, &Syncer{Owner: owner})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&syncers)
 	if err != nil {
 		panic(err)
 	}
@ -158,3 +164,19 @@ func DeleteSyncer(syncer *Syncer) bool {
 func (syncer *Syncer) GetId() string {
 	return fmt.Sprintf("%s/%s", syncer.Owner, syncer.Name)
 }
+
+func (syncer *Syncer) getTableColumnsTypeMap() map[string]string {
+	m := map[string]string{}
+	for _, tableColumn := range syncer.TableColumns {
+		m[tableColumn.Name] = tableColumn.Type
+	}
+	return m
+}
+
+func (syncer *Syncer) getTable() string {
+	if syncer.DatabaseType == "mssql" {
+		return fmt.Sprintf("[%s]", syncer.Table)
+	} else {
+		return syncer.Table
+	}
+}
--- a/object/syncer_sync.go
+++ b/object/syncer_sync.go
@ -23,7 +23,10 @@ func (syncer *Syncer) syncUsers() {
 	oUsers, oUserMap := syncer.getOriginalUserMap()
 	fmt.Printf("Users: %d, oUsers: %d\n", len(users), len(oUsers))

-	_, affiliationMap := syncer.getAffiliationMap()
+	var affiliationMap map[int]string
+	if syncer.AffiliationTable != "" {
+		_, affiliationMap = syncer.getAffiliationMap()
+	}

 	newUsers := []*User{}
 	for _, oUser := range oUsers {
@ -74,7 +77,9 @@ func (syncer *Syncer) syncUsers() {
 	for _, user := range users {
 		id := user.Id
 		if _, ok := oUserMap[id]; !ok {
-			panic(fmt.Sprintf("New original user: cannot create now, user = %v", user))
+			newOUser := syncer.createOriginalUserFromUser(user)
+			syncer.addUser(newOUser)
+			fmt.Printf("New oUser: %v\n", newOUser)
 		}
 	}
 }
--- a/object/syncer_user.go
+++ b/object/syncer_user.go
@ -19,7 +19,6 @@ import (
 	"strings"
 	"time"

-	"github.com/astaxie/beego"
 	"github.com/casbin/casdoor/util"
 	"xorm.io/core"
 )
@ -27,7 +26,7 @@ import (
 type OriginalUser = User

 func (syncer *Syncer) getOriginalUsers() []*OriginalUser {
-	sql := fmt.Sprintf("select * from %s", syncer.Table)
+	sql := fmt.Sprintf("select * from %s", syncer.getTable())
 	results, err := syncer.Adapter.Engine.QueryString(sql)
 	if err != nil {
 		panic(err)
@ -48,7 +47,15 @@ func (syncer *Syncer) getOriginalUserMap() ([]*OriginalUser, map[string]*Origina

 func (syncer *Syncer) addUser(user *OriginalUser) bool {
 	m := syncer.getMapFromOriginalUser(user)
-	affected, err := syncer.Adapter.Engine.Table(syncer.Table).Insert(m)
+	keyString, valueString := syncer.getSqlKeyValueStringFromMap(m)
+
+	sql := fmt.Sprintf("insert into %s (%s) values (%s)", syncer.getTable(), keyString, valueString)
+	res, err := syncer.Adapter.Engine.Exec(sql)
+	if err != nil {
+		panic(err)
+	}
+
+	affected, err := res.RowsAffected()
 	if err != nil {
 		panic(err)
 	}
@ -56,7 +63,7 @@ func (syncer *Syncer) addUser(user *OriginalUser) bool {
 	return affected != 0
 }

-func (syncer *Syncer) getOriginalColumns() []string {
+/*func (syncer *Syncer) getOriginalColumns() []string {
 	res := []string{}
 	for _, tableColumn := range syncer.TableColumns {
 		if tableColumn.CasdoorName != "Id" {
@ -64,7 +71,7 @@ func (syncer *Syncer) getOriginalColumns() []string {
 		}
 	}
 	return res
-}
+}*/

 func (syncer *Syncer) getCasdoorColumns() []string {
 	res := []string{}
@ -79,8 +86,17 @@ func (syncer *Syncer) getCasdoorColumns() []string {

 func (syncer *Syncer) updateUser(user *OriginalUser) bool {
 	m := syncer.getMapFromOriginalUser(user)
-	columns := syncer.getOriginalColumns()
-	affected, err := syncer.Adapter.Engine.Table(syncer.Table).ID(syncer.TablePrimaryKey).Cols(columns...).Update(m)
+	pkValue := m[syncer.TablePrimaryKey]
+	delete(m, syncer.TablePrimaryKey)
+	setString := syncer.getSqlSetStringFromMap(m)
+
+	sql := fmt.Sprintf("update %s set %s where %s = %s", syncer.getTable(), setString, syncer.TablePrimaryKey, pkValue)
+	res, err := syncer.Adapter.Engine.Exec(sql)
+	if err != nil {
+		panic(err)
+	}
+
+	affected, err := res.RowsAffected()
 	if err != nil {
 		panic(err)
 	}
@ -90,7 +106,7 @@ func (syncer *Syncer) updateUser(user *OriginalUser) bool {

 func (syncer *Syncer) updateUserForOriginalFields(user *User) bool {
 	owner, name := util.GetOwnerAndNameFromId(user.GetId())
-	oldUser := getUser(owner, name)
+	oldUser := getUserById(owner, name)
 	if oldUser == nil {
 		return false
 	}
@ -101,7 +117,7 @@ func (syncer *Syncer) updateUserForOriginalFields(user *User) bool {

 	columns := syncer.getCasdoorColumns()
 	columns = append(columns, "affiliation", "hash", "pre_hash")
-	affected, err := adapter.Engine.ID(core.PK{user.Owner, user.Name}).Cols(columns...).Update(user)
+	affected, err := adapter.Engine.ID(core.PK{oldUser.Owner, oldUser.Name}).Cols(columns...).Update(user)
 	if err != nil {
 		panic(err)
 	}
@ -124,8 +140,18 @@ func (syncer *Syncer) calculateHash(user *OriginalUser) string {

 func (syncer *Syncer) initAdapter() {
 	if syncer.Adapter == nil {
-		dataSourceName := fmt.Sprintf("%s:%s@tcp(%s:%d)/", syncer.User, syncer.Password, syncer.Host, syncer.Port)
-		syncer.Adapter = NewAdapter(beego.AppConfig.String("driverName"), dataSourceName, syncer.Database)
+		var dataSourceName string
+		if syncer.DatabaseType == "mssql" {
+			dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%d?database=%s", syncer.User, syncer.Password, syncer.Host, syncer.Port, syncer.Database)
+		} else {
+			dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%d)/", syncer.User, syncer.Password, syncer.Host, syncer.Port)
+		}
+
+		if !isCloudIntranet {
+			dataSourceName = strings.ReplaceAll(dataSourceName, "dbi.", "db.")
+		}
+
+		syncer.Adapter = NewAdapter(syncer.DatabaseType, dataSourceName, syncer.Database)
 	}
 }

--- a/object/syncer_util.go
+++ b/object/syncer_util.go
@ -27,7 +27,7 @@ func (syncer *Syncer) getFullAvatarUrl(avatar string) string {
 		return avatar
 	}

-	if !strings.HasPrefix(avatar, "https://") {
+	if !strings.HasPrefix(avatar, "http") {
 		return fmt.Sprintf("%s%s", syncer.AvatarBaseUrl, avatar)
 	}
 	return avatar
@ -43,31 +43,42 @@ func (syncer *Syncer) getPartialAvatarUrl(avatar string) string {
 func (syncer *Syncer) createUserFromOriginalUser(originalUser *OriginalUser, affiliationMap map[int]string) *User {
 	user := *originalUser
 	user.Owner = syncer.Organization
+
 	if user.Name == "" {
 		user.Name = originalUser.Id
 	}
+
 	if user.CreatedTime == "" {
 		user.CreatedTime = util.GetCurrentTime()
 	}
+
 	if user.Type == "" {
 		user.Type = "normal-user"
 	}
+
 	user.Avatar = syncer.getFullAvatarUrl(user.Avatar)
-	if originalUser.Score != 0 {
-		affiliation, ok := affiliationMap[originalUser.Score]
-		if !ok {
-			panic(fmt.Sprintf("Affiliation not found: %d", originalUser.Score))
+
+	if affiliationMap != nil {
+		if originalUser.Score != 0 {
+			affiliation, ok := affiliationMap[originalUser.Score]
+			if !ok {
+				panic(fmt.Sprintf("Affiliation not found: %d", originalUser.Score))
+			}
+			user.Affiliation = affiliation
 		}
-		user.Affiliation = affiliation
 	}
+
 	if user.Properties == nil {
 		user.Properties = map[string]string{}
 	}
+
 	return &user
 }

 func (syncer *Syncer) createOriginalUserFromUser(user *User) *OriginalUser {
-	return user
+	originalUser := *user
+	originalUser.Avatar = syncer.getPartialAvatarUrl(user.Avatar)
+	return &originalUser
 }

 func (syncer *Syncer) setUserByKeyValue(user *User, key string, value string) {
@ -148,7 +159,11 @@ func (syncer *Syncer) setUserByKeyValue(user *User, key string, value string) {
 func (syncer *Syncer) getOriginalUsersFromMap(results []map[string]string) []*OriginalUser {
 	users := []*OriginalUser{}
 	for _, result := range results {
-		originalUser := &OriginalUser{}
+		originalUser := &OriginalUser{
+			Address:    []string{},
+			Properties: map[string]string{},
+		}
+
 		for _, tableColumn := range syncer.TableColumns {
 			syncer.setUserByKeyValue(originalUser, tableColumn.CasdoorName, result[tableColumn.Name])
 		}
@ -202,3 +217,34 @@ func (syncer *Syncer) getMapFromOriginalUser(user *OriginalUser) map[string]stri

 	return m2
 }
+
+func (syncer *Syncer) getSqlSetStringFromMap(m map[string]string) string {
+	typeMap := syncer.getTableColumnsTypeMap()
+
+	tokens := []string{}
+	for k, v := range m {
+		token := fmt.Sprintf("%s = %s", k, v)
+		if typeMap[k] == "string" {
+			token = fmt.Sprintf("%s = '%s'", k, v)
+		}
+
+		tokens = append(tokens, token)
+	}
+	return strings.Join(tokens, ", ")
+}
+
+func (syncer *Syncer) getSqlKeyValueStringFromMap(m map[string]string) (string, string) {
+	typeMap := syncer.getTableColumnsTypeMap()
+
+	keys := []string{}
+	values := []string{}
+	for k, v := range m {
+		if typeMap[k] == "string" {
+			v = fmt.Sprintf("'%s'", v)
+		}
+
+		keys = append(keys, k)
+		values = append(values, v)
+	}
+	return strings.Join(keys, ", "), strings.Join(values, ", ")
+}
--- a/object/syner_db_user.go
+++ b/object/syner_db_user.go
@ -24,7 +24,7 @@ func (syncer *Syncer) getUserMap() ([]*User, map[string]*User) {

 	m := map[string]*User{}
 	for _, user := range users {
-		m[user.Name] = user
+		m[user.Id] = user
 	}
 	return users, m
 }
--- a/object/token.go
+++ b/object/token.go
@ -17,7 +17,6 @@ package object
 import (
 	"fmt"
 	"strings"
-	"time"

 	"github.com/casbin/casdoor/util"
 	"xorm.io/core"
@ -46,15 +45,20 @@ type Token struct {
 }

 type TokenWrapper struct {
-	AccessToken string `json:"access_token"`
-	IdToken     string `json:"id_token"`
-	TokenType   string `json:"token_type"`
-	ExpiresIn   int    `json:"expires_in"`
-	Scope       string `json:"scope"`
+	AccessToken  string `json:"access_token"`
+	IdToken      string `json:"id_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+	Scope        string `json:"scope"`
 }

-func GetTokenCount(owner string) int {
-	count, err := adapter.Engine.Count(&Token{Owner: owner})
+func GetTokenCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Token{})
 	if err != nil {
 		panic(err)
 	}
@ -72,9 +76,10 @@ func GetTokens(owner string) []*Token {
 	return tokens
 }

-func GetPaginationTokens(owner string, offset, limit int) []*Token {
+func GetPaginationTokens(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Token {
 	tokens := []*Token{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&tokens, &Token{Owner: owner})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&tokens)
 	if err != nil {
 		panic(err)
 	}
@ -185,6 +190,12 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 			Code:    "",
 		}
 	}
+	if user.IsForbidden {
+		return &Code{
+			Message: "error: the user is forbidden to sign in, please contact the administrator",
+			Code:    "",
+		}
+	}

 	msg, application := CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)
 	if msg != "" {
@ -279,61 +290,76 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 	}

 	tokenWrapper := &TokenWrapper{
-		AccessToken: token.AccessToken,
-		IdToken:     token.AccessToken,
-		TokenType:   token.TokenType,
-		ExpiresIn:   token.ExpiresIn,
-		Scope:       token.Scope,
+		AccessToken:  token.AccessToken,
+		IdToken:      token.AccessToken,
+		RefreshToken: token.RefreshToken,
+		TokenType:    token.TokenType,
+		ExpiresIn:    token.ExpiresIn,
+		Scope:        token.Scope,
 	}

 	return tokenWrapper
 }

-func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string) *Code {
+func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string) *TokenWrapper {
 	// check parameters
 	if grantType != "refresh_token" {
-		return &Code{
-			Message: "error: grant_type should be \"refresh_token\"",
-			Code:    "",
+		return &TokenWrapper{
+			AccessToken: "error: grant_type should be \"refresh_token\"",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
 		}
 	}
 	application := GetApplicationByClientId(clientId)
 	if application == nil {
-		return &Code{
-			Message: "error: invalid client_id",
-			Code:    "",
+		return &TokenWrapper{
+			AccessToken: "error: invalid client_id",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
 		}
 	}
 	if application.ClientSecret != clientSecret {
-		return &Code{
-			Message: "error: invalid client_secret",
-			Code:    "",
+		return &TokenWrapper{
+			AccessToken: "error: invalid client_secret",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
 		}
 	}
 	// check whether the refresh token is valid, and has not expired.
 	token := Token{RefreshToken: refreshToken}
 	existed, err := adapter.Engine.Get(&token)
 	if err != nil || !existed {
-		return &Code{
-			Message: "error: invalid refresh_token",
-			Code:    "",
+		return &TokenWrapper{
+			AccessToken: "error: invalid refresh_token",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
 		}
 	}
-	claims, err := ParseJwtToken(refreshToken)
+
+	cert := getCertByApplication(application)
+	_, err = ParseJwtToken(refreshToken, cert)
 	if err != nil {
-		return &Code{
-			Message: "error: invalid refresh_token",
-			Code:    "",
-		}
-	}
-	if time.Now().Unix() > claims.ExpiresAt.Unix() {
-		return &Code{
-			Message: "error: expired refresh_token",
-			Code:    "",
+		return &TokenWrapper{
+			AccessToken: fmt.Sprintf("error: %s", err.Error()),
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
 		}
 	}
 	// generate a new token
-	user := getUser(application.Owner, token.User)
+	user := getUser(application.Organization, token.User)
+	if user.IsForbidden {
+		return &TokenWrapper{
+			AccessToken: "error: the user is forbidden to sign in, please contact the administrator",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
 	newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "")
 	if err != nil {
 		panic(err)
@ -355,8 +381,14 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 	}
 	AddToken(newToken)

-	return &Code{
-		Message: "",
-		Code:    token.Code,
+	tokenWrapper := &TokenWrapper{
+		AccessToken:  token.AccessToken,
+		IdToken:      token.AccessToken,
+		RefreshToken: token.RefreshToken,
+		TokenType:    token.TokenType,
+		ExpiresIn:    token.ExpiresIn,
+		Scope:        token.Scope,
 	}
+
+	return tokenWrapper
 }
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@ -23,20 +23,41 @@ import (
 	"github.com/golang-jwt/jwt/v4"
 )

-//go:embed token_jwt_key.pem
-var tokenJwtPublicKey string
-
-//go:embed token_jwt_key.key
-var tokenJwtPrivateKey string
-
 type Claims struct {
 	*User
-	Name  string `json:"name,omitempty"`
-	Owner string `json:"owner,omitempty"`
+	Nonce string `json:"nonce,omitempty"`
+	Tag   string `json:"tag,omitempty"`
+	jwt.RegisteredClaims
+}
+
+type UserShort struct {
+	Owner string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name  string `xorm:"varchar(100) notnull pk" json:"name"`
+}
+
+type ClaimsShort struct {
+	*UserShort
 	Nonce string `json:"nonce,omitempty"`
 	jwt.RegisteredClaims
 }

+func getShortUser(user *User) *UserShort {
+	res := &UserShort{
+		Owner: user.Owner,
+		Name:  user.Name,
+	}
+	return res
+}
+
+func getShortClaims(claims Claims) ClaimsShort {
+	res := ClaimsShort{
+		UserShort:        getShortUser(claims.User),
+		Nonce:            claims.Nonce,
+		RegisteredClaims: claims.RegisteredClaims,
+	}
+	return res
+}
+
 func generateJwtToken(application *Application, user *User, nonce string) (string, string, error) {
 	nowTime := time.Now()
 	expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)
@ -47,6 +68,8 @@ func generateJwtToken(application *Application, user *User, nonce string) (strin
 	claims := Claims{
 		User:  user,
 		Nonce: nonce,
+		// FIXME: A workaround for custom claim by reusing `tag` in user info
+		Tag: user.Tag,
 		RegisteredClaims: jwt.RegisteredClaims{
 			Issuer:    beego.AppConfig.String("origin"),
 			Subject:   user.Id,
@ -57,24 +80,32 @@ func generateJwtToken(application *Application, user *User, nonce string) (strin
 			ID:        "",
 		},
 	}
-	//all fields of the User struct are not added in "JWT-Empty" format
+
+	var token *jwt.Token
+	var refreshToken *jwt.Token
+
+	// the JWT token length in "JWT-Empty" mode will be very short, as User object only has two properties: owner and name
 	if application.TokenFormat == "JWT-Empty" {
-		claims.User = nil
+		claimsShort := getShortClaims(claims)
+
+		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
+		claimsShort.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
+	} else {
+		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
+		claims.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 	}
-	claims.Name = user.Name
-	claims.Owner = user.Owner

-	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
-	claims.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
-	refreshToken := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
+	cert := getCertByApplication(application)

-	// Use "token_jwt_key.key" as RSA private key
-	privateKey := tokenJwtPrivateKey
-	key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(privateKey))
+	// RSA private key
+	key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
 	if err != nil {
 		return "", "", err
 	}

+	token.Header["kid"] = cert.Name
 	tokenString, err := token.SignedString(key)
 	if err != nil {
 		return "", "", err
@ -84,14 +115,14 @@ func generateJwtToken(application *Application, user *User, nonce string) (strin
 	return tokenString, refreshTokenString, err
 }

-func ParseJwtToken(token string) (*Claims, error) {
+func ParseJwtToken(token string, cert *Cert) (*Claims, error) {
 	t, err := jwt.ParseWithClaims(token, &Claims{}, func(token *jwt.Token) (interface{}, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}

-		// Use "token_jwt_key.pem" as RSA public key
-		publicKey, err := jwt.ParseRSAPublicKeyFromPEM([]byte(tokenJwtPublicKey))
+		// RSA public key
+		publicKey, err := jwt.ParseRSAPublicKeyFromPEM([]byte(cert.PublicKey))
 		if err != nil {
 			return nil, err
 		}
--- a/object/token_jwt_key.go
+++ b/object/token_jwt_key.go
@ -20,19 +20,14 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
-	"fmt"
 	"math/big"
 	"time"
-
-	"github.com/casbin/casdoor/util"
 )

-func generateRsaKeys(fileId string) {
+func generateRsaKeys(bitSize int, expireInYears int, commonName string, organization string) (string, string) {
 	// https://stackoverflow.com/questions/64104586/use-golang-to-get-rsa-key-the-same-way-openssl-genrsa
 	// https://stackoverflow.com/questions/43822945/golang-can-i-create-x509keypair-using-rsa-key

-	bitSize := 4096
-
 	// Generate RSA key.
 	key, err := rsa.GenerateKey(rand.Reader, bitSize)
 	if err != nil {
@ -50,12 +45,12 @@ func generateRsaKeys(fileId string) {
 	tml := x509.Certificate{
 		// you can add any attr that you need
 		NotBefore: time.Now(),
-		NotAfter:  time.Now().AddDate(20, 0, 0),
+		NotAfter:  time.Now().AddDate(expireInYears, 0, 0),
 		// you have to generate a different serial number each execution
 		SerialNumber: big.NewInt(123456),
 		Subject: pkix.Name{
-			CommonName:   "Casdoor Cert",
-			Organization: []string{"Casdoor Organization"},
+			CommonName:   commonName,
+			Organization: []string{organization},
 		},
 		BasicConstraintsValid: true,
 	}
@ -70,9 +65,5 @@ func generateRsaKeys(fileId string) {
 		Bytes: cert,
 	})

-	// Write private key to file.
-	util.WriteBytesToPath(privateKeyPem, fmt.Sprintf("%s.key", fileId))
-
-	// Write certificate (aka public key) to file.
-	util.WriteBytesToPath(certPem, fmt.Sprintf("%s.pem", fileId))
+	return string(certPem), string(privateKeyPem)
 }
--- a/object/token_jwt_key_test.go
+++ b/object/token_jwt_key_test.go
@ -14,9 +14,20 @@

 package object

-import "testing"
+import (
+	"fmt"
+	"testing"
+
+	"github.com/casbin/casdoor/util"
+)

 func TestGenerateRsaKeys(t *testing.T) {
 	fileId := "token_jwt_key"
-	generateRsaKeys(fileId)
+	publicKey, privateKey := generateRsaKeys(4096, 20, "Casdoor Cert", "Casdoor Organization")
+
+	// Write certificate (aka public key) to file.
+	util.WriteStringToPath(publicKey, fmt.Sprintf("%s.pem", fileId))
+
+	// Write private key to file.
+	util.WriteStringToPath(privateKey, fmt.Sprintf("%s.key", fileId))
 }
--- a/object/user.go
+++ b/object/user.go
@ -16,6 +16,7 @@ package object

 import (
 	"fmt"
+	"strings"

 	"github.com/casbin/casdoor/util"
 	"xorm.io/core"
@ -32,16 +33,16 @@ type User struct {
 	Password          string   `xorm:"varchar(100)" json:"password"`
 	PasswordSalt      string   `xorm:"varchar(100)" json:"passwordSalt"`
 	DisplayName       string   `xorm:"varchar(100)" json:"displayName"`
-	Avatar            string   `xorm:"varchar(255)" json:"avatar"`
-	PermanentAvatar   string   `xorm:"varchar(255)" json:"permanentAvatar"`
-	Email             string   `xorm:"varchar(100)" json:"email"`
-	Phone             string   `xorm:"varchar(100)" json:"phone"`
+	Avatar            string   `xorm:"varchar(500)" json:"avatar"`
+	PermanentAvatar   string   `xorm:"varchar(500)" json:"permanentAvatar"`
+	Email             string   `xorm:"varchar(100) index" json:"email"`
+	Phone             string   `xorm:"varchar(100) index" json:"phone"`
 	Location          string   `xorm:"varchar(100)" json:"location"`
 	Address           []string `json:"address"`
 	Affiliation       string   `xorm:"varchar(100)" json:"affiliation"`
 	Title             string   `xorm:"varchar(100)" json:"title"`
 	IdCardType        string   `xorm:"varchar(100)" json:"idCardType"`
-	IdCard            string   `xorm:"varchar(100)" json:"idCard"`
+	IdCard            string   `xorm:"varchar(100) index" json:"idCard"`
 	Homepage          string   `xorm:"varchar(100)" json:"homepage"`
 	Bio               string   `xorm:"varchar(100)" json:"bio"`
 	Tag               string   `xorm:"varchar(100)" json:"tag"`
@ -86,8 +87,12 @@ type User struct {
 	Properties map[string]string `json:"properties"`
 }

-func GetGlobalUserCount() int {
-	count, err := adapter.Engine.Count(&User{})
+func GetGlobalUserCount(field, value string) int {
+	session := adapter.Engine.Where("1=1")
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&User{})
 	if err != nil {
 		panic(err)
 	}
@ -105,9 +110,10 @@ func GetGlobalUsers() []*User {
 	return users
 }

-func GetPaginationGlobalUsers(offset, limit int) []*User {
+func GetPaginationGlobalUsers(offset, limit int, field, value, sortField, sortOrder string) []*User {
 	users := []*User{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&users)
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&users)
 	if err != nil {
 		panic(err)
 	}
@ -115,8 +121,12 @@ func GetPaginationGlobalUsers(offset, limit int) []*User {
 	return users
 }

-func GetUserCount(owner string) int {
-	count, err := adapter.Engine.Count(&User{Owner: owner})
+func GetUserCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&User{})
 	if err != nil {
 		panic(err)
 	}
@ -153,9 +163,10 @@ func GetSortedUsers(owner string, sorter string, limit int) []*User {
 	return users
 }

-func GetPaginationUsers(owner string, offset, limit int) []*User {
+func GetPaginationUsers(owner string, offset, limit int, field, value, sortField, sortOrder string) []*User {
 	users := []*User{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&users, &User{Owner: owner})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&users)
 	if err != nil {
 		panic(err)
 	}
@ -181,6 +192,24 @@ func getUser(owner string, name string) *User {
 	}
 }

+func getUserById(owner string, id string) *User {
+	if owner == "" || id == "" {
+		return nil
+	}
+
+	user := User{Owner: owner, Id: id}
+	existed, err := adapter.Engine.Get(&user)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &user
+	} else {
+		return nil
+	}
+}
+
 func GetUserByEmail(owner string, email string) *User {
 	if owner == "" || email == "" {
 		return nil
@ -379,3 +408,7 @@ func LinkUserAccount(user *User, field string, value string) bool {
 func (user *User) GetId() string {
 	return fmt.Sprintf("%s/%s", user.Owner, user.Name)
 }
+
+func isUserIdGlobalAdmin(userId string) bool {
+	return strings.HasPrefix(userId, "built-in/")
+}
--- a/object/user_cred.go
+++ b/object/user_cred.go
@ -33,7 +33,7 @@ func (user *User) UpdateUserHash() {
 func (user *User) UpdateUserPassword(organization *Organization) {
 	credManager := cred.GetCredManager(organization.PasswordType)
 	if credManager != nil {
-		sealedPassword := credManager.GetSealedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
-		user.Password = sealedPassword
+		hashedPassword := credManager.GetHashedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
+		user.Password = hashedPassword
 	}
 }
--- a/object/user_upload.go
+++ b/object/user_upload.go
@ -0,0 +1,114 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"github.com/casbin/casdoor/util"
+	"github.com/casbin/casdoor/xlsx"
+)
+
+func getUserMap(owner string) map[string]*User {
+	m := map[string]*User{}
+
+	users := GetUsers(owner)
+	for _, user := range users {
+		m[user.GetId()] = user
+	}
+
+	return m
+}
+
+func parseLineItem(line *[]string, i int) string {
+	if i >= len(*line) {
+		return ""
+	} else {
+		return (*line)[i]
+	}
+}
+
+func parseLineItemInt(line *[]string, i int) int {
+	s := parseLineItem(line, i)
+	return util.ParseInt(s)
+}
+
+func parseLineItemBool(line *[]string, i int) bool {
+	return parseLineItemInt(line, i) != 0
+}
+
+func UploadUsers(owner string, fileId string) bool {
+	table := xlsx.ReadXlsxFile(fileId)
+
+	oldUserMap := getUserMap(owner)
+	newUsers := []*User{}
+	for _, line := range table {
+		if parseLineItem(&line, 0) == "" {
+			continue
+		}
+
+		user := &User{
+			Owner:             parseLineItem(&line, 0),
+			Name:              parseLineItem(&line, 1),
+			CreatedTime:       parseLineItem(&line, 2),
+			UpdatedTime:       parseLineItem(&line, 3),
+			Id:                parseLineItem(&line, 4),
+			Type:              parseLineItem(&line, 5),
+			Password:          parseLineItem(&line, 6),
+			PasswordSalt:      parseLineItem(&line, 7),
+			DisplayName:       parseLineItem(&line, 8),
+			Avatar:            parseLineItem(&line, 9),
+			PermanentAvatar:   "",
+			Email:             parseLineItem(&line, 10),
+			Phone:             parseLineItem(&line, 11),
+			Location:          parseLineItem(&line, 12),
+			Address:           []string{parseLineItem(&line, 13)},
+			Affiliation:       parseLineItem(&line, 14),
+			Title:             parseLineItem(&line, 15),
+			IdCardType:        parseLineItem(&line, 16),
+			IdCard:            parseLineItem(&line, 17),
+			Homepage:          parseLineItem(&line, 18),
+			Bio:               parseLineItem(&line, 19),
+			Tag:               parseLineItem(&line, 20),
+			Region:            parseLineItem(&line, 21),
+			Language:          parseLineItem(&line, 22),
+			Gender:            parseLineItem(&line, 23),
+			Birthday:          parseLineItem(&line, 24),
+			Education:         parseLineItem(&line, 25),
+			Score:             parseLineItemInt(&line, 26),
+			Ranking:           parseLineItemInt(&line, 27),
+			IsDefaultAvatar:   false,
+			IsOnline:          parseLineItemBool(&line, 28),
+			IsAdmin:           parseLineItemBool(&line, 29),
+			IsGlobalAdmin:     parseLineItemBool(&line, 30),
+			IsForbidden:       parseLineItemBool(&line, 31),
+			IsDeleted:         parseLineItemBool(&line, 32),
+			SignupApplication: parseLineItem(&line, 33),
+			Hash:              "",
+			PreHash:           "",
+			CreatedIp:         parseLineItem(&line, 34),
+			LastSigninTime:    parseLineItem(&line, 35),
+			LastSigninIp:      parseLineItem(&line, 36),
+			Properties:        map[string]string{},
+		}
+
+		if _, ok := oldUserMap[user.GetId()]; !ok {
+			newUsers = append(newUsers, user)
+		}
+	}
+
+	if len(newUsers) == 0 {
+		return false
+	}
+	return AddUsersInBatch(newUsers)
+}
--- a/object/user_util.go
+++ b/object/user_util.go
@ -64,6 +64,12 @@ func GetUserByFields(organization string, field string) *User {
 		return user
 	}

+	// check ID card
+	user = GetUserByField(organization, "id_card", field)
+	if user != nil {
+		return user
+	}
+
 	return nil
 }

--- a/object/webhook.go
+++ b/object/webhook.go
@ -21,20 +21,33 @@ import (
 	"xorm.io/core"
 )

+type Header struct {
+	Name  string `json:"name"`
+	Value string `json:"value"`
+}
+
 type Webhook struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	Url         string   `xorm:"varchar(100)" json:"url"`
-	ContentType string   `xorm:"varchar(100)" json:"contentType"`
-	Events      []string `xorm:"varchar(100)" json:"events"`
-
 	Organization string `xorm:"varchar(100) index" json:"organization"`
+
+	Url            string    `xorm:"varchar(100)" json:"url"`
+	Method         string    `xorm:"varchar(100)" json:"method"`
+	ContentType    string    `xorm:"varchar(100)" json:"contentType"`
+	Headers        []*Header `xorm:"mediumtext" json:"headers"`
+	Events         []string  `xorm:"varchar(100)" json:"events"`
+	IsUserExtended bool      `json:"isUserExtended"`
+	IsEnabled      bool      `json:"isEnabled"`
 }

-func GetWebhookCount(owner string) int {
-	count, err := adapter.Engine.Count(&Webhook{Owner: owner})
+func GetWebhookCount(owner, field, value string) int {
+	session := adapter.Engine.Where("owner=?", owner)
+	if field != "" && value != "" {
+		session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+	}
+	count, err := session.Count(&Webhook{})
 	if err != nil {
 		panic(err)
 	}
@ -52,9 +65,10 @@ func GetWebhooks(owner string) []*Webhook {
 	return webhooks
 }

-func GetPaginationWebhooks(owner string, offset, limit int) []*Webhook {
+func GetPaginationWebhooks(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Webhook {
 	webhooks := []*Webhook{}
-	err := adapter.Engine.Desc("created_time").Limit(limit, offset).Find(&webhooks, &Webhook{Owner: owner})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&webhooks)
 	if err != nil {
 		panic(err)
 	}
--- a/object/webhook_util.go
+++ b/object/webhook_util.go
@ -26,13 +26,17 @@ func sendWebhook(webhook *Webhook, record *Record) error {

 	body := strings.NewReader(util.StructToJson(record))

-	req, err := http.NewRequest("POST", webhook.Url, body)
+	req, err := http.NewRequest(webhook.Method, webhook.Url, body)
 	if err != nil {
 		return err
 	}

 	req.Header.Set("Content-Type", webhook.ContentType)

+	for _, header := range webhook.Headers {
+		req.Header.Set(header.Name, header.Value)
+	}
+
 	_, err = client.Do(req)
 	return err
 }
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@ -31,7 +31,8 @@ func AutoSigninFilter(ctx *context.Context) {
 	// "/page?access_token=123"
 	accessToken := ctx.Input.Query("accessToken")
 	if accessToken != "" {
-		claims, err := object.ParseJwtToken(accessToken)
+		cert := object.GetDefaultCert()
+		claims, err := object.ParseJwtToken(accessToken, cert)
 		if err != nil {
 			responseError(ctx, "invalid JWT token")
 			return
@ -71,7 +72,8 @@ func AutoSigninFilter(ctx *context.Context) {
 	// Authorization: Bearer bearerToken
 	bearerToken := parseBearerToken(ctx)
 	if bearerToken != "" {
-		claims, err := object.ParseJwtToken(bearerToken)
+		cert := object.GetDefaultCert()
+		claims, err := object.ParseJwtToken(bearerToken, cert)
 		if err != nil {
 			responseError(ctx, err.Error())
 			return
--- a/routers/router.go
+++ b/routers/router.go
@ -68,6 +68,19 @@ func initAPI() {
 	beego.Router("/api/update-user", &controllers.ApiController{}, "POST:UpdateUser")
 	beego.Router("/api/add-user", &controllers.ApiController{}, "POST:AddUser")
 	beego.Router("/api/delete-user", &controllers.ApiController{}, "POST:DeleteUser")
+	beego.Router("/api/upload-users", &controllers.ApiController{}, "POST:UploadUsers")
+
+	beego.Router("/api/get-roles", &controllers.ApiController{}, "GET:GetRoles")
+	beego.Router("/api/get-role", &controllers.ApiController{}, "GET:GetRole")
+	beego.Router("/api/update-role", &controllers.ApiController{}, "POST:UpdateRole")
+	beego.Router("/api/add-role", &controllers.ApiController{}, "POST:AddRole")
+	beego.Router("/api/delete-role", &controllers.ApiController{}, "POST:DeleteRole")
+
+	beego.Router("/api/get-permissions", &controllers.ApiController{}, "GET:GetPermissions")
+	beego.Router("/api/get-permission", &controllers.ApiController{}, "GET:GetPermission")
+	beego.Router("/api/update-permission", &controllers.ApiController{}, "POST:UpdatePermission")
+	beego.Router("/api/add-permission", &controllers.ApiController{}, "POST:AddPermission")
+	beego.Router("/api/delete-permission", &controllers.ApiController{}, "POST:DeletePermission")

 	beego.Router("/api/set-password", &controllers.ApiController{}, "POST:SetPassword")
 	beego.Router("/api/check-user-password", &controllers.ApiController{}, "POST:CheckUserPassword")
@ -112,6 +125,7 @@ func initAPI() {
 	beego.Router("/api/delete-token", &controllers.ApiController{}, "POST:DeleteToken")
 	beego.Router("/api/login/oauth/code", &controllers.ApiController{}, "POST:GetOAuthCode")
 	beego.Router("/api/login/oauth/access_token", &controllers.ApiController{}, "POST:GetOAuthToken")
+	beego.Router("/api/login/oauth/refresh_token", &controllers.ApiController{}, "POST:RefreshToken")

 	beego.Router("/api/get-records", &controllers.ApiController{}, "GET:GetRecords")
 	beego.Router("/api/get-records-filter", &controllers.ApiController{}, "POST:GetRecordsByFilter")
@ -128,6 +142,12 @@ func initAPI() {
 	beego.Router("/api/add-syncer", &controllers.ApiController{}, "POST:AddSyncer")
 	beego.Router("/api/delete-syncer", &controllers.ApiController{}, "POST:DeleteSyncer")

+	beego.Router("/api/get-certs", &controllers.ApiController{}, "GET:GetCerts")
+	beego.Router("/api/get-cert", &controllers.ApiController{}, "GET:GetCert")
+	beego.Router("/api/update-cert", &controllers.ApiController{}, "POST:UpdateCert")
+	beego.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
+	beego.Router("/api/delete-cert", &controllers.ApiController{}, "POST:DeleteCert")
+
 	beego.Router("/api/send-email", &controllers.ApiController{}, "POST:SendEmail")
 	beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")

--- a/util/path.go
+++ b/util/path.go
@ -18,6 +18,7 @@ import (
 	"fmt"
 	"net/url"
 	"os"
+	"path/filepath"
 	"strings"
 )

@ -28,6 +29,24 @@ func FileExist(path string) bool {
 	return true
 }

+func GetPath(path string) string {
+	return filepath.Dir(path)
+}
+
+func EnsureFileFolderExists(path string) {
+	p := GetPath(path)
+	if !FileExist(p) {
+		err := os.MkdirAll(p, os.ModePerm)
+		if err != nil {
+			panic(err)
+		}
+	}
+}
+
+func RemoveExt(filename string) string {
+	return filename[:len(filename)-len(filepath.Ext(filename))]
+}
+
 func UrlJoin(base string, path string) string {
 	res := fmt.Sprintf("%s/%s", strings.TrimRight(base, "/"), strings.TrimLeft(path, "/"))
 	return res
--- a/util/setting.go
+++ b/util/setting.go
@ -0,0 +1,21 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import "fmt"
+
+func GetUploadXlsxPath(fileId string) string {
+	return fmt.Sprintf("tmpFiles/%s.xlsx", fileId)
+}
--- a/util/string.go
+++ b/util/string.go
@ -23,6 +23,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"unicode"

 	"github.com/google/uuid"
 )
@ -162,3 +163,32 @@ func WriteBytesToPath(b []byte, path string) {
 		panic(err)
 	}
 }
+
+// SnakeString XxYy to xx_yy
+func SnakeString(s string) string {
+	data := make([]byte, 0, len(s)*2)
+	j := false
+	num := len(s)
+	for i := 0; i < num; i++ {
+		d := s[i]
+		if i > 0 && d >= 'A' && d <= 'Z' && j {
+			data = append(data, '_')
+		}
+		if d != '_' {
+			j = true
+		}
+		data = append(data, d)
+	}
+	return strings.ToLower(string(data[:]))
+}
+
+func IsChinese(str string) bool {
+	var flag bool
+	for _, v := range str {
+		if unicode.Is(unicode.Han, v) {
+			flag = true
+			break
+		}
+	}
+	return flag
+}
--- a/web/crowdin.yml
+++ b/web/crowdin.yml
@ -1,4 +1,4 @@
-project_id: '463556'
+project_id: '491513'
 api_token_env: 'CROWDIN_PERSONAL_TOKEN'
 preserve_hierarchy: true
 files: [
--- a/web/package.json
+++ b/web/package.json
@ -13,9 +13,11 @@
    "codemirror": "^5.61.1",
    "copy-to-clipboard": "^3.3.1",
    "craco-less": "^1.17.1",
+    "file-saver": "^2.0.5",
    "i18n-iso-countries": "^7.0.0",
    "i18next": "^19.8.9",
    "moment": "^2.29.1",
+    "qs": "^6.10.2",
    "react": "^17.0.2",
    "react-codemirror2": "^7.2.1",
    "react-cropper": "^2.1.7",
@ -23,6 +25,7 @@
    "react-dom": "^17.0.2",
    "react-github-corner": "^2.5.0",
    "react-helmet": "^6.1.0",
+    "react-highlight-words": "^0.17.0",
    "react-i18next": "^11.8.7",
    "react-router-dom": "^5.2.0",
    "react-scripts": "4.0.3",
--- a/web/src/App.js
+++ b/web/src/App.js
@ -23,12 +23,15 @@ import OrganizationListPage from "./OrganizationListPage";
 import OrganizationEditPage from "./OrganizationEditPage";
 import UserListPage from "./UserListPage";
 import UserEditPage from "./UserEditPage";
+import RoleListPage from "./RoleListPage";
+import RoleEditPage from "./RoleEditPage";
+import PermissionListPage from "./PermissionListPage";
+import PermissionEditPage from "./PermissionEditPage";
 import ProviderListPage from "./ProviderListPage";
 import ProviderEditPage from "./ProviderEditPage";
 import ApplicationListPage from "./ApplicationListPage";
 import ApplicationEditPage from "./ApplicationEditPage";
 import ResourceListPage from "./ResourceListPage";
-// import ResourceEditPage from "./ResourceEditPage";
 import LdapEditPage from "./LdapEditPage";
 import LdapSyncPage from "./LdapSyncPage";
 import TokenListPage from "./TokenListPage";
@ -38,6 +41,8 @@ import WebhookListPage from "./WebhookListPage";
 import WebhookEditPage from "./WebhookEditPage";
 import SyncerListPage from "./SyncerListPage";
 import SyncerEditPage from "./SyncerEditPage";
+import CertListPage from "./CertListPage";
+import CertEditPage from "./CertEditPage";
 import AccountPage from "./account/AccountPage";
 import HomePage from "./basic/HomePage";
 import CustomGithubCorner from "./CustomGithubCorner";
@ -101,6 +106,10 @@ class App extends Component {
      this.setState({ selectedMenuKey: '/organizations' });
    } else if (uri.includes('/users')) {
      this.setState({ selectedMenuKey: '/users' });
+    } else if (uri.includes('/roles')) {
+      this.setState({ selectedMenuKey: '/roles' });
+    } else if (uri.includes('/permissions')) {
+      this.setState({ selectedMenuKey: '/permissions' });
    } else if (uri.includes('/providers')) {
      this.setState({ selectedMenuKey: '/providers' });
    } else if (uri.includes('/applications')) {
@ -115,6 +124,8 @@ class App extends Component {
      this.setState({ selectedMenuKey: '/webhooks' });
    } else if (uri.includes('/syncers')) {
      this.setState({ selectedMenuKey: '/syncers' });
+    } else if (uri.includes('/certs')) {
+      this.setState({ selectedMenuKey: '/certs' });
    } else if (uri.includes('/signup')) {
      this.setState({ selectedMenuKey: '/signup' });
    } else if (uri.includes('/login')) {
@ -324,6 +335,20 @@ class App extends Component {
          </Link>
        </Menu.Item>
      );
+      res.push(
+        <Menu.Item key="/roles">
+          <Link to="/roles">
+            {i18next.t("general:Roles")}
+          </Link>
+        </Menu.Item>
+      );
+      res.push(
+        <Menu.Item key="/permissions">
+          <Link to="/permissions">
+            {i18next.t("general:Permissions")}
+          </Link>
+        </Menu.Item>
+      );
      res.push(
        <Menu.Item key="/providers">
          <Link to="/providers">
@ -376,6 +401,13 @@ class App extends Component {
          </Link>
        </Menu.Item>
      );
+      res.push(
+        <Menu.Item key="/certs">
+          <Link to="/certs">
+            {i18next.t("general:Certs")}
+          </Link>
+        </Menu.Item>
+      );
      res.push(
        <Menu.Item key="/swagger">
          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
@ -426,6 +458,10 @@ class App extends Component {
          <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />}/>
+          <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/roles/:organizationName/:roleName" render={(props) => this.renderLoginIfNotLoggedIn(<RoleEditPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/permissions" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionListPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/permissions/:organizationName/:permissionName" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionEditPage account={this.state.account} {...props} />)}/>
          <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/providers/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)}/>
          <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)}/>
@ -440,6 +476,8 @@ class App extends Component {
          <Route exact path="/webhooks/:webhookName" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookEditPage account={this.state.account} {...props} />)}/>
          <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)}/>
          <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />}/>
          <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -132,7 +132,7 @@ class ApplicationEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Input value={this.state.application.name} onChange={e => {
+            <Input value={this.state.application.name} disabled={this.state.application.name === "app-built-in"} onChange={e => {
              this.updateApplicationField('name', e.target.value);
            }} />
          </Col>
@ -291,6 +291,16 @@ class ApplicationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("application:Signin session"), i18next.t("application:Enable signin session - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.application.enableSigninSession} onChange={checked => {
+              this.updateApplicationField('enableSigninSession', checked);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
            {Setting.getLabel(i18next.t("application:Enable code signin"), i18next.t("application:Enable code signin - Tooltip"))} :
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@ -20,32 +20,9 @@ import moment from "moment";
 import * as Setting from "./Setting";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import i18next from "i18next";
+import BaseListPage from "./BaseListPage";

-class ApplicationListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      applications: null,
-      total: 0,
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getApplications(1, 10);
-  }
-
-  getApplications(page, pageSize) {
-    ApplicationBackend.getApplications("admin", page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            applications: res.data,
-            total: res.data2
-          });
-        }
-      });
-  }
+class ApplicationListPage extends BaseListPage {

  newApplication() {
    const randomName = Setting.getRandomName();
@ -57,7 +34,8 @@ class ApplicationListPage extends React.Component {
      logo: "https://cdn.casbin.com/logo/logo_1024x256.png",
      enablePassword: true,
      enableSignUp: true,
-      EnableCodeSignin: false,
+      enableSigninSession: true,
+      enableCodeSignin: false,
      providers: [],
      signupItems: [
        {name: "ID", visible: false, required: true, rule: "Random"},
@ -80,10 +58,6 @@ class ApplicationListPage extends React.Component {
    ApplicationBackend.addApplication(newApplication)
      .then((res) => {
          Setting.showMessage("success", `Application added successfully`);
-          this.setState({
-            applications: Setting.prependRow(this.state.applications, newApplication),
-            total: this.state.total + 1
-          });
          this.props.history.push(`/applications/${newApplication.name}`);
        }
      )
@ -93,12 +67,12 @@ class ApplicationListPage extends React.Component {
  }

  deleteApplication(i) {
-    ApplicationBackend.deleteApplication(this.state.applications[i])
+    ApplicationBackend.deleteApplication(this.state.data[i])
      .then((res) => {
          Setting.showMessage("success", `Application deleted successfully`);
          this.setState({
-            applications: Setting.deleteRow(this.state.applications, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -115,7 +89,8 @@ class ApplicationListPage extends React.Component {
        key: 'name',
        width: '150px',
        fixed: 'left',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
        render: (text, record, index) => {
          return (
            <Link to={`/applications/${text}`}>
@ -129,7 +104,7 @@ class ApplicationListPage extends React.Component {
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '160px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -139,7 +114,8 @@ class ApplicationListPage extends React.Component {
        dataIndex: 'displayName',
        key: 'displayName',
        // width: '100px',
-        sorter: (a, b) => a.displayName.localeCompare(b.displayName),
+        sorter: true,
+        ...this.getColumnSearchProps('displayName'),
      },
      {
        title: 'Logo',
@ -159,7 +135,8 @@ class ApplicationListPage extends React.Component {
        dataIndex: 'organization',
        key: 'organization',
        width: '150px',
-        sorter: (a, b) => a.organization.localeCompare(b.organization),
+        sorter: true,
+        ...this.getColumnSearchProps('organization'),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@ -172,6 +149,7 @@ class ApplicationListPage extends React.Component {
        title: i18next.t("general:Providers"),
        dataIndex: 'providers',
        key: 'providers',
+        ...this.getColumnSearchProps('providers'),
        // width: '600px',
        render: (text, record, index) => {
          const providers = text;
@ -236,8 +214,9 @@ class ApplicationListPage extends React.Component {
              <Popconfirm
                title={`Sure to delete application: ${record.name} ?`}
                onConfirm={() => this.deleteApplication(index)}
+                disabled={record.name === "app-built-in"}
              >
-                <Button style={{marginBottom: '10px'}} type="danger">{i18next.t("general:Delete")}</Button>
+                <Button style={{marginBottom: '10px'}} disabled={record.name === "app-built-in"} type="danger">{i18next.t("general:Delete")}</Button>
              </Popconfirm>
            </div>
          )
@ -246,12 +225,10 @@ class ApplicationListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getApplications(page, pageSize),
-      onShowSizeChange: (current, size) => this.getApplications(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -263,21 +240,33 @@ class ApplicationListPage extends React.Component {
                  <Button type="primary" size="small" onClick={this.addApplication.bind(this)}>{i18next.t("general:Add")}</Button>
                 </div>
               )}
-               loading={applications === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.applications)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    this.setState({ loading: true });
+    ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default ApplicationListPage;
--- a/web/src/BaseListPage.js
+++ b/web/src/BaseListPage.js
@ -0,0 +1,138 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Input, Space} from "antd";
+import {SearchOutlined} from "@ant-design/icons";
+import Highlighter from "react-highlight-words";
+
+class BaseListPage extends React.Component {
+	constructor(props) {
+		super(props);
+		this.state = {
+			classes: props,
+			data: [],
+			pagination: {
+				current: 1,
+				pageSize: 10,
+			},
+			loading: false,
+			searchText: '',
+			searchedColumn: '',
+		};
+	}
+
+	UNSAFE_componentWillMount() {
+		const { pagination } = this.state;
+		this.fetch({ pagination });
+	}
+
+	getColumnSearchProps = dataIndex => ({
+		filterDropdown: ({ setSelectedKeys, selectedKeys, confirm, clearFilters }) => (
+			<div style={{ padding: 8 }}>
+				<Input
+					ref={node => {
+						this.searchInput = node;
+					}}
+					placeholder={`Search ${dataIndex}`}
+					value={selectedKeys[0]}
+					onChange={e => setSelectedKeys(e.target.value ? [e.target.value] : [])}
+					onPressEnter={() => this.handleSearch(selectedKeys, confirm, dataIndex)}
+					style={{ marginBottom: 8, display: 'block' }}
+				/>
+				<Space>
+					<Button
+						type="primary"
+						onClick={() => this.handleSearch(selectedKeys, confirm, dataIndex)}
+						icon={<SearchOutlined />}
+						size="small"
+						style={{ width: 90 }}
+					>
+						Search
+					</Button>
+					<Button onClick={() => this.handleReset(clearFilters)} size="small" style={{ width: 90 }}>
+						Reset
+					</Button>
+					<Button
+						type="link"
+						size="small"
+						onClick={() => {
+							confirm({ closeDropdown: false });
+							this.setState({
+								searchText: selectedKeys[0],
+								searchedColumn: dataIndex,
+							});
+						}}
+					>
+						Filter
+					</Button>
+				</Space>
+			</div>
+		),
+		filterIcon: filtered => <SearchOutlined style={{ color: filtered ? '#1890ff' : undefined }} />,
+		onFilter: (value, record) =>
+			record[dataIndex]
+				? record[dataIndex].toString().toLowerCase().includes(value.toLowerCase())
+				: '',
+		onFilterDropdownVisibleChange: visible => {
+			if (visible) {
+				setTimeout(() => this.searchInput.select(), 100);
+			}
+		},
+		render: text =>
+			this.state.searchedColumn === dataIndex ? (
+				<Highlighter
+					highlightStyle={{ backgroundColor: '#ffc069', padding: 0 }}
+					searchWords={[this.state.searchText]}
+					autoEscape
+					textToHighlight={text ? text.toString() : ''}
+				/>
+			) : (
+				text
+			),
+	});
+
+	handleSearch = (selectedKeys, confirm, dataIndex) => {
+		this.fetch({searchText: selectedKeys[0], searchedColumn: dataIndex, pagination: this.state.pagination});
+	};
+
+	handleReset = clearFilters => {
+		clearFilters();
+		const { pagination } = this.state;
+		this.fetch({ pagination });
+	};
+
+	handleTableChange = (pagination, filters, sorter) => {
+		this.fetch({
+			sortField: sorter.field,
+			sortOrder: sorter.order,
+			pagination,
+			...filters,
+			searchText: this.state.searchText,
+			searchedColumn: this.state.searchedColumn,
+		});
+	};
+
+	render() {
+		return (
+			<div>
+				{
+					this.renderTable(this.state.data)
+				}
+			</div>
+		);
+	}
+}
+
+export default BaseListPage;
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@ -0,0 +1,254 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, InputNumber, Row, Select} from 'antd';
+import * as CertBackend from "./backend/CertBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+import copy from "copy-to-clipboard";
+import FileSaver from "file-saver";
+
+const { Option } = Select;
+const { TextArea } = Input;
+
+class CertEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      certName: props.match.params.certName,
+      cert: null,
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getCert();
+  }
+
+  getCert() {
+    CertBackend.getCert("admin", this.state.certName)
+      .then((cert) => {
+        this.setState({
+          cert: cert,
+        });
+      });
+  }
+
+  parseCertField(key, value) {
+    if (["port"].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updateCertField(key, value) {
+    value = this.parseCertField(key, value);
+
+    let cert = this.state.cert;
+    cert[key] = value;
+    this.setState({
+      cert: cert,
+    });
+  }
+
+  renderCert() {
+    return (
+      <Card size="small" title={
+        <div>
+          {i18next.t("cert:Edit Cert")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitCertEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" onClick={() => this.submitCertEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      } style={(Setting.isMobile())? {margin: '5px'}:{}} type="inner">
+        <Row style={{marginTop: '10px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.cert.name} onChange={e => {
+              this.updateCertField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.cert.displayName} onChange={e => {
+              this.updateCertField('displayName', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("cert:Scope"), i18next.t("cert:Scope - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.cert.scope} onChange={(value => {
+              this.updateCertField('scope', value);
+            })}>
+              {
+                [
+                  {id: 'JWT', name: 'JWT'},
+                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("cert:Type"), i18next.t("cert:Type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.cert.type} onChange={(value => {
+              this.updateCertField('type', value);
+            })}>
+              {
+                [
+                  {id: 'x509', name: 'x509'},
+                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("cert:Crypto algorithm"), i18next.t("cert:Crypto algorithm - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.cert.cryptoAlgorithm} onChange={(value => {
+              this.updateCertField('cryptoAlgorithm', value);
+            })}>
+              {
+                [
+                  {id: 'RSA', name: 'RSA'},
+                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("cert:Bit size"), i18next.t("cert:Bit size - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber value={this.state.cert.bitSize} onChange={value => {
+              this.updateCertField('bitSize', value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("cert:Expire in years"), i18next.t("cert:Expire in years - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber value={this.state.cert.expireInYears} onChange={value => {
+              this.updateCertField('expireInYears', value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("cert:Public key"), i18next.t("cert:Public key - Tooltip"))} :
+          </Col>
+          <Col span={9} >
+            <Button style={{marginRight: '10px', marginBottom: '10px'}} onClick={() => {
+              copy(this.state.cert.publicKey);
+              Setting.showMessage("success", i18next.t("cert:Public key copied to clipboard successfully"));
+            }}
+            >
+              {i18next.t("cert:Copy public key")}
+            </Button>
+            <Button type="primary" onClick={() => {
+              const blob = new Blob([this.state.cert.publicKey], {type: "text/plain;charset=utf-8"});
+              FileSaver.saveAs(blob, "token_jwt_key.pem");
+            }}
+            >
+              {i18next.t("cert:Download public key")}
+            </Button>
+            <TextArea autoSize={{minRows: 30, maxRows: 30}} value={this.state.cert.publicKey} onChange={e => {
+              this.updateCertField('publicKey', e.target.value);
+            }} />
+          </Col>
+          <Col span={1} />
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("cert:Private key"), i18next.t("cert:Private key - Tooltip"))} :
+          </Col>
+          <Col span={9} >
+            <Button style={{marginRight: '10px', marginBottom: '10px'}} onClick={() => {
+              copy(this.state.cert.privateKey);
+              Setting.showMessage("success", i18next.t("cert:Private key copied to clipboard successfully"));
+            }}
+            >
+              {i18next.t("cert:Copy private key")}
+            </Button>
+            <Button type="primary" onClick={() => {
+              const blob = new Blob([this.state.cert.privateKey], {type: "text/plain;charset=utf-8"});
+              FileSaver.saveAs(blob, "token_jwt_key.key");
+            }}
+            >
+              {i18next.t("cert:Download private key")}
+            </Button>
+            <TextArea autoSize={{minRows: 30, maxRows: 30}} value={this.state.cert.privateKey} onChange={e => {
+              this.updateCertField('privateKey', e.target.value);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    )
+  }
+
+  submitCertEdit(willExist) {
+    let cert = Setting.deepCopy(this.state.cert);
+    CertBackend.updateCert(this.state.cert.owner, this.state.certName, cert)
+      .then((res) => {
+        if (res.msg === "") {
+          Setting.showMessage("success", `Successfully saved`);
+          this.setState({
+            certName: this.state.cert.name,
+          });
+
+          if (willExist) {
+            this.props.history.push(`/certs`);
+          } else {
+            this.props.history.push(`/certs/${this.state.cert.name}`);
+          }
+        } else {
+          Setting.showMessage("error", res.msg);
+          this.updateCertField('name', this.state.certName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.cert !== null ? this.renderCert() : null
+        }
+        <div style={{marginTop: '20px', marginLeft: '40px'}}>
+          <Button size="large" onClick={() => this.submitCertEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" size="large" onClick={() => this.submitCertEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      </div>
+    );
+  }
+}
+
+export default CertEditPage;
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@ -0,0 +1,230 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Popconfirm, Table} from 'antd';
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as CertBackend from "./backend/CertBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+
+class CertListPage extends BaseListPage {
+
+  newCert() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin", // this.props.account.certname,
+      name: `cert_${randomName}`,
+      createdTime: moment().format(),
+      displayName: `New Cert - ${randomName}`,
+      scope: "JWT",
+      type: "x509",
+      cryptoAlgorithm: "RSA",
+      bitSize: 4096,
+      expireInYears: 20,
+      publicKey: "",
+      privateKey: "",
+    }
+  }
+
+  addCert() {
+    const newCert = this.newCert();
+    CertBackend.addCert(newCert)
+      .then((res) => {
+          Setting.showMessage("success", `Cert added successfully`);
+          this.props.history.push(`/certs/${newCert.name}`);
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Cert failed to add: ${error}`);
+      });
+  }
+
+  deleteCert(i) {
+    CertBackend.deleteCert(this.state.data[i])
+      .then((res) => {
+          Setting.showMessage("success", `Cert deleted successfully`);
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Cert failed to delete: ${error}`);
+      });
+  }
+
+  renderTable(certs) {
+    const columns = [
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: 'name',
+        key: 'name',
+        width: '120px',
+        fixed: 'left',
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/certs/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: 'createdTime',
+        key: 'createdTime',
+        width: '180px',
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        }
+      },
+      {
+        title: i18next.t("general:Display name"),
+        dataIndex: 'displayName',
+        key: 'displayName',
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('displayName'),
+      },
+      {
+        title: i18next.t("cert:Scope"),
+        dataIndex: 'scope',
+        key: 'scope',
+        filterMultiple: false,
+        filters: [
+          {text: 'JWT', value: 'JWT'},
+        ],
+        width: '110px',
+        sorter: true,
+      },
+      {
+        title: i18next.t("cert:Type"),
+        dataIndex: 'type',
+        key: 'type',
+        filterMultiple: false,
+        filters: [
+          {text: 'x509', value: 'x509'},
+        ],
+        width: '110px',
+        sorter: true,
+      },
+      {
+        title: i18next.t("cert:Crypto algorithm"),
+        dataIndex: 'cryptoAlgorithm',
+        key: 'cryptoAlgorithm',
+        filterMultiple: false,
+        filters: [
+          {text: 'RSA', value: 'RSA'},
+        ],
+        width: '190px',
+        sorter: true,
+      },
+      {
+        title: i18next.t("cert:Bit size"),
+        dataIndex: 'bitSize',
+        key: 'bitSize',
+        width: '130px',
+        sorter: true,
+        ...this.getColumnSearchProps('bitSize'),
+      },
+      {
+        title: i18next.t("cert:Expire in years"),
+        dataIndex: 'expireInYears',
+        key: 'expireInYears',
+        width: '170px',
+        sorter: true,
+        ...this.getColumnSearchProps('expireInYears'),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: '',
+        key: 'op',
+        width: '170px',
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: '10px', marginBottom: '10px', marginRight: '10px'}} type="primary" onClick={() => this.props.history.push(`/certs/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Popconfirm
+                title={`Sure to delete cert: ${record.name} ?`}
+                onConfirm={() => this.deleteCert(index)}
+              >
+                <Button style={{marginBottom: '10px'}} type="danger">{i18next.t("general:Delete")}</Button>
+              </Popconfirm>
+            </div>
+          )
+        }
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: 'max-content'}} columns={columns} dataSource={certs} rowKey="name" size="middle" bordered pagination={paginationProps}
+               title={() => (
+                 <div>
+                   {i18next.t("general:Certs")}&nbsp;&nbsp;&nbsp;&nbsp;
+                   <Button type="primary" size="small" onClick={this.addCert.bind(this)}>{i18next.t("general:Add")}</Button>
+                 </div>
+               )}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.category !== undefined && params.category !== null) {
+      field = "category";
+      value = params.category;
+    } else if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({ loading: true });
+    CertBackend.getCerts("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        }
+      });
+  };
+}
+
+export default CertListPage;
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@ -94,7 +94,7 @@ class OrganizationEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Input value={this.state.organization.name} onChange={e => {
+            <Input value={this.state.organization.name} disabled={this.state.organization.name === "built-in"} onChange={e => {
              this.updateOrganizationField('name', e.target.value);
            }} />
          </Col>
@ -153,7 +153,7 @@ class OrganizationEditPage extends React.Component {
          <Col span={22} >
            <Select virtual={false} style={{width: '100%'}} value={this.state.organization.passwordType} onChange={(value => {this.updateOrganizationField('passwordType', value);})}>
              {
-                ['plain', 'salt', 'md5-salt']
+                ['plain', 'salt', 'md5-salt', 'bcrypt']
                  .map((item, index) => <Option key={index} value={item}>{item}</Option>)
              }
            </Select>
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@ -19,32 +19,9 @@ import moment from "moment";
 import * as Setting from "./Setting";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import i18next from "i18next";
+import BaseListPage from "./BaseListPage";

-class OrganizationListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      organizations: null,
-      total: 0
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getOrganizations(1, 10);
-  }
-
-  getOrganizations(page, pageSize) {
-    OrganizationBackend.getOrganizations("admin", page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            organizations: res.data,
-            total: res.data2
-          });
-        }
-      });
-  }
+class OrganizationListPage extends BaseListPage {

  newOrganization() {
    const randomName = Setting.getRandomName();
@ -69,10 +46,6 @@ class OrganizationListPage extends React.Component {
    OrganizationBackend.addOrganization(newOrganization)
      .then((res) => {
          Setting.showMessage("success", `Organization added successfully`);
-          this.setState({
-            organizations: Setting.prependRow(this.state.organizations, newOrganization),
-            total: this.state.total + 1
-          });
          this.props.history.push(`/organizations/${newOrganization.name}`);
        }
      )
@ -82,12 +55,12 @@ class OrganizationListPage extends React.Component {
  }

  deleteOrganization(i) {
-    OrganizationBackend.deleteOrganization(this.state.organizations[i])
+    OrganizationBackend.deleteOrganization(this.state.data[i])
      .then((res) => {
          Setting.showMessage("success", `Organization deleted successfully`);
          this.setState({
-            organizations: Setting.deleteRow(this.state.organizations, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -104,7 +77,8 @@ class OrganizationListPage extends React.Component {
        key: 'name',
        width: '120px',
        fixed: 'left',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@ -118,7 +92,7 @@ class OrganizationListPage extends React.Component {
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '160px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -128,7 +102,8 @@ class OrganizationListPage extends React.Component {
        dataIndex: 'displayName',
        key: 'displayName',
        // width: '100px',
-        sorter: (a, b) => a.displayName.localeCompare(b.displayName),
+        sorter: true,
+        ...this.getColumnSearchProps('displayName'),
      },
      {
        title: i18next.t("organization:Favicon"),
@ -148,7 +123,8 @@ class OrganizationListPage extends React.Component {
        dataIndex: 'websiteUrl',
        key: 'websiteUrl',
        width: '300px',
-        sorter: (a, b) => a.websiteUrl.localeCompare(b.websiteUrl),
+        sorter: true,
+        ...this.getColumnSearchProps('websiteUrl'),
        render: (text, record, index) => {
          return (
            <a target="_blank" rel="noreferrer" href={text}>
@ -162,14 +138,21 @@ class OrganizationListPage extends React.Component {
        dataIndex: 'passwordType',
        key: 'passwordType',
        width: '150px',
-        sorter: (a, b) => a.passwordType.localeCompare(b.passwordType),
+        sorter: true,
+        filterMultiple: false,
+        filters: [
+          {text: 'plain', value: 'plain'},
+          {text: 'salt', value: 'salt'},
+          {text: 'md5-salt', value: 'md5-salt'},
+        ],
      },
      {
        title: i18next.t("general:Password salt"),
        dataIndex: 'passwordSalt',
        key: 'passwordSalt',
        width: '150px',
-        sorter: (a, b) => a.passwordSalt.localeCompare(b.passwordSalt),
+        sorter: true,
+        ...this.getColumnSearchProps('passwordSalt'),
      },
      {
        title: i18next.t("organization:Default avatar"),
@ -189,7 +172,7 @@ class OrganizationListPage extends React.Component {
        dataIndex: 'enableSoftDeletion',
        key: 'enableSoftDeletion',
        width: '140px',
-        sorter: (a, b) => a.enableSoftDeletion - b.enableSoftDeletion,
+        sorter: true,
        render: (text, record, index) => {
          return (
            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
@ -210,8 +193,9 @@ class OrganizationListPage extends React.Component {
              <Popconfirm
                title={`Sure to delete organization: ${record.name} ?`}
                onConfirm={() => this.deleteOrganization(index)}
+                disabled={record.name === "built-in"}
              >
-                <Button style={{marginBottom: '10px'}} type="danger">{i18next.t("general:Delete")}</Button>
+                <Button style={{marginBottom: '10px'}} disabled={record.name === "built-in"} type="danger">{i18next.t("general:Delete")}</Button>
              </Popconfirm>
            </div>
          )
@ -220,12 +204,10 @@ class OrganizationListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getOrganizations(page, pageSize),
-      onShowSizeChange: (current, size) => this.getOrganizations(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -237,21 +219,37 @@ class OrganizationListPage extends React.Component {
                  <Button type="primary" size="small" onClick={this.addOrganization.bind(this)}>{i18next.t("general:Add")}</Button>
                 </div>
               )}
-               loading={organizations === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.organizations)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.passwordType !== undefined && params.passwordType !== null) {
+      field = "passwordType";
+      value = params.passwordType;
+    }
+    this.setState({ loading: true });
+    OrganizationBackend.getOrganizations("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default OrganizationListPage;
--- a/web/src/PermissionEditPage.js
+++ b/web/src/PermissionEditPage.js
@ -0,0 +1,271 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select, Switch} from 'antd';
+import * as PermissionBackend from "./backend/PermissionBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+import * as RoleBackend from "./backend/RoleBackend";
+
+const { Option } = Select;
+
+class PermissionEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      permissionName: props.match.params.permissionName,
+      permission: null,
+      organizations: [],
+      users: [],
+      roles: [],
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getPermission();
+    this.getOrganizations();
+  }
+
+  getPermission() {
+    PermissionBackend.getPermission(this.state.organizationName, this.state.permissionName)
+      .then((permission) => {
+        this.setState({
+          permission: permission,
+        });
+
+        this.getUsers(permission.owner);
+        this.getRoles(permission.owner);
+      });
+  }
+
+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getUsers(organizationName) {
+    UserBackend.getUsers(organizationName)
+      .then((res) => {
+        this.setState({
+          users: res,
+        });
+      });
+  }
+
+  getRoles(organizationName) {
+    RoleBackend.getRoles(organizationName)
+      .then((res) => {
+        this.setState({
+          roles: res,
+        });
+      });
+  }
+
+  parsePermissionField(key, value) {
+    if ([""].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updatePermissionField(key, value) {
+    value = this.parsePermissionField(key, value);
+
+    let permission = this.state.permission;
+    permission[key] = value;
+    this.setState({
+      permission: permission,
+    });
+  }
+
+  renderPermission() {
+    return (
+      <Card size="small" title={
+        <div>
+          {i18next.t("permission:Edit Permission")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitPermissionEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" onClick={() => this.submitPermissionEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      } style={(Setting.isMobile())? {margin: '5px'}:{}} type="inner">
+        <Row style={{marginTop: '10px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.permission.owner} onChange={(value => {this.updatePermissionField('owner', value);})}>
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.permission.name} onChange={e => {
+              this.updatePermissionField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.permission.displayName} onChange={e => {
+              this.updatePermissionField('displayName', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("role:Sub users"), i18next.t("role:Sub users - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: '100%'}} value={this.state.permission.users} onChange={(value => {this.updatePermissionField('users', value);})}>
+              {
+                this.state.users.map((user, index) => <Option key={index} value={`${user.owner}/${user.name}`}>{`${user.owner}/${user.name}`}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("role:Sub roles"), i18next.t("role:Sub roles - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: '100%'}} value={this.state.permission.roles} onChange={(value => {this.updatePermissionField('roles', value);})}>
+              {
+                this.state.roles.filter(roles => (roles.owner !== this.state.roles.owner || roles.name !== this.state.roles.name)).map((permission, index) => <Option key={index} value={`${permission.owner}/${permission.name}`}>{`${permission.owner}/${permission.name}`}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("permission:Resource type"), i18next.t("permission:Resource type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.permission.resourceType} onChange={(value => {
+              this.updatePermissionField('resourceType', value);
+            })}>
+              {
+                [
+                  {id: 'Application', name: 'Application'},
+                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("permission:Actions"), i18next.t("permission:Actions - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: '100%'}} value={this.state.permission.actions} onChange={(value => {
+              this.updatePermissionField('actions', value);
+            })}>
+              {
+                [
+                  {id: 'Read', name: 'Read'},
+                  {id: 'Write', name: 'Write'},
+                  {id: 'Admin', name: 'Admin'},
+                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("permission:Effect"), i18next.t("permission:Effect - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.permission.effect} onChange={(value => {
+              this.updatePermissionField('effect', value);
+            })}>
+              {
+                [
+                  {id: 'Allow', name: 'Allow'},
+                  {id: 'Deny', name: 'Deny'},
+                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("general:Is enabled"), i18next.t("general:Is enabled - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.permission.isEnabled} onChange={checked => {
+              this.updatePermissionField('isEnabled', checked);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    )
+  }
+
+  submitPermissionEdit(willExist) {
+    let permission = Setting.deepCopy(this.state.permission);
+    PermissionBackend.updatePermission(this.state.organizationName, this.state.permissionName, permission)
+      .then((res) => {
+        if (res.msg === "") {
+          Setting.showMessage("success", `Successfully saved`);
+          this.setState({
+            permissionName: this.state.permission.name,
+          });
+
+          if (willExist) {
+            this.props.history.push(`/permissions`);
+          } else {
+            this.props.history.push(`/permissions/${this.state.permission.owner}/${this.state.permission.name}`);
+          }
+        } else {
+          Setting.showMessage("error", res.msg);
+          this.updatePermissionField('name', this.state.permissionName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.permission !== null ? this.renderPermission() : null
+        }
+        <div style={{marginTop: '20px', marginLeft: '40px'}}>
+          <Button size="large" onClick={() => this.submitPermissionEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" size="large" onClick={() => this.submitPermissionEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      </div>
+    );
+  }
+}
+
+export default PermissionEditPage;
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@ -0,0 +1,271 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Popconfirm, Switch, Table} from 'antd';
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as PermissionBackend from "./backend/PermissionBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+
+class PermissionListPage extends BaseListPage {
+  newPermission() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "built-in",
+      name: `permission_${randomName}`,
+      createdTime: moment().format(),
+      displayName: `New Permission - ${randomName}`,
+      users: [],
+      roles: [],
+      resourceType: "Application",
+      resources: ["app-built-in"],
+      action: "Read",
+      effect: "Allow",
+      isEnabled: true,
+    }
+  }
+
+  addPermission() {
+    const newPermission = this.newPermission();
+    PermissionBackend.addPermission(newPermission)
+      .then((res) => {
+          Setting.showMessage("success", `Permission added successfully`);
+          this.props.history.push(`/permissions/${newPermission.owner}/${newPermission.name}`);
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Permission failed to add: ${error}`);
+      });
+  }
+
+  deletePermission(i) {
+    PermissionBackend.deletePermission(this.state.data[i])
+      .then((res) => {
+          Setting.showMessage("success", `Permission deleted successfully`);
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Permission failed to delete: ${error}`);
+      });
+  }
+
+  renderTable(permissions) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: 'owner',
+        key: 'owner',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('owner'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: 'name',
+        key: 'name',
+        width: '150px',
+        fixed: 'left',
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/permissions/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: 'createdTime',
+        key: 'createdTime',
+        width: '160px',
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        }
+      },
+      {
+        title: i18next.t("general:Display name"),
+        dataIndex: 'displayName',
+        key: 'displayName',
+        width: '160px',
+        sorter: true,
+        ...this.getColumnSearchProps('displayName'),
+      },
+      {
+        title: i18next.t("role:Sub users"),
+        dataIndex: 'users',
+        key: 'users',
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('users'),
+        render: (text, record, index) => {
+          return Setting.getTags(text);
+        }
+      },
+      {
+        title: i18next.t("role:Sub roles"),
+        dataIndex: 'roles',
+        key: 'roles',
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('roles'),
+        render: (text, record, index) => {
+          return Setting.getTags(text);
+        }
+      },
+      {
+        title: i18next.t("permission:Resource type"),
+        dataIndex: 'resourceType',
+        key: 'resourceType',
+        filterMultiple: false,
+        filters: [
+          {text: 'Application', value: 'Application'},
+        ],
+        width: '170px',
+        sorter: true,
+      },
+      {
+        title: i18next.t("permission:Resources"),
+        dataIndex: 'resources',
+        key: 'resources',
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('resources'),
+        render: (text, record, index) => {
+          return Setting.getTags(text);
+        }
+      },
+      {
+        title: i18next.t("permission:Actions"),
+        dataIndex: 'actions',
+        key: 'actions',
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('actions'),
+        render: (text, record, index) => {
+          return Setting.getTags(text);
+        }
+      },
+      {
+        title: i18next.t("permission:Effect"),
+        dataIndex: 'effect',
+        key: 'effect',
+        filterMultiple: false,
+        filters: [
+          {text: 'Allow', value: 'Allow'},
+          {text: 'Deny', value: 'Deny'},
+        ],
+        width: '120px',
+        sorter: true,
+      },
+      {
+        title: i18next.t("general:Is enabled"),
+        dataIndex: 'isEnabled',
+        key: 'isEnabled',
+        width: '120px',
+        sorter: true,
+        render: (text, record, index) => {
+          return (
+            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: '',
+        key: 'op',
+        width: '170px',
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: '10px', marginBottom: '10px', marginRight: '10px'}} type="primary" onClick={() => this.props.history.push(`/permissions/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Popconfirm
+                title={`Sure to delete permission: ${record.name} ?`}
+                onConfirm={() => this.deletePermission(index)}
+              >
+                <Button style={{marginBottom: '10px'}} type="danger">{i18next.t("general:Delete")}</Button>
+              </Popconfirm>
+            </div>
+          )
+        }
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: 'max-content'}} columns={columns} dataSource={permissions} rowKey="name" size="middle" bordered pagination={paginationProps}
+               title={() => (
+                 <div>
+                   {i18next.t("general:Permissions")}&nbsp;&nbsp;&nbsp;&nbsp;
+                   <Button type="primary" size="small" onClick={this.addPermission.bind(this)}>{i18next.t("general:Add")}</Button>
+                 </div>
+               )}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({ loading: true });
+    PermissionBackend.getPermissions("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        }
+      });
+  };
+}
+
+export default PermissionListPage;
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@ -64,60 +64,6 @@ class ProviderEditPage extends React.Component {
    });
  }

-  getProviderTypeOptions(provider) {
-    if (provider.category === "OAuth") {
-      return (
-        [
-          {id: 'Google', name: 'Google'},
-          {id: 'GitHub', name: 'GitHub'},
-          {id: 'QQ', name: 'QQ'},
-          {id: 'WeChat', name: 'WeChat'},
-          {id: 'Facebook', name: 'Facebook'},
-          {id: 'DingTalk', name: 'DingTalk'},
-          {id: 'Weibo', name: 'Weibo'},
-          {id: 'Gitee', name: 'Gitee'},
-          {id: 'LinkedIn', name: 'LinkedIn'},
-          {id: 'WeCom', name: 'WeCom'},
-          {id: 'Lark', name: 'Lark'},
-          {id: 'GitLab', name: 'GitLab'},
-          {id: 'Apple', name: 'Apple'},
-          {id: 'AzureAD', name: 'AzureAD'},
-          {id: 'Slack', name: 'Slack'},
-        ]
-      );
-    } else if (provider.category === "Email") {
-      return (
-        [
-          {id: 'Default', name: 'Default'},
-        ]
-      );
-    } else if (provider.category === "SMS") {
-      return (
-        [
-          {id: 'Aliyun SMS', name: 'Aliyun SMS'},
-          {id: 'Tencent Cloud SMS', name: 'Tencent Cloud SMS'},
-          {id: 'Volc Engine SMS', name: 'Volc Engine SMS'},
-        ]
-      );
-    } else if (provider.category === "Storage") {
-      return (
-        [
-          {id: 'Local File System', name: 'Local File System'},
-          {id: 'AWS S3', name: 'AWS S3'},
-          {id: 'Aliyun OSS', name: 'Aliyun OSS'},
-          {id: 'Tencent Cloud COS', name: 'Tencent Cloud COS'},
-        ]
-      );
-    } else if (provider.category === "SAML") {
-      return ([
-          {id: 'Aliyun IDaaS', name: 'Aliyun IDaaS'},
-          {id: 'Keycloak', name: 'Keycloak'},
-      ]);
-    } else {
-      return [];
-    }
-  }
-
  getClientIdLabel() {
    switch (this.state.provider.category) {
      case "Email":
@ -252,12 +198,13 @@ class ProviderEditPage extends React.Component {
              }
            })}>
              {
-                this.getProviderTypeOptions(this.state.provider).map((providerType, index) => <Option key={index} value={providerType.id}>{providerType.name}</Option>)
+                Setting.getProviderTypeOptions(this.state.provider.category).map((providerType, index) => <Option key={index} value={providerType.id}>{providerType.name}</Option>)
              }
            </Select>
          </Col>
        </Row>
-        {this.state.provider.type === "WeCom" || this.state.provider.type === "WeChat" ? (
+        {
+          this.state.provider.type !== "WeCom" ? null : (
            <Row style={{marginTop: '20px'}} >
              <Col style={{marginTop: '5px'}} span={2}>
                {Setting.getLabel(i18next.t("provider:Method"), i18next.t("provider:Method - Tooltip"))} :
@ -272,7 +219,8 @@ class ProviderEditPage extends React.Component {
                </Select>
              </Col>
            </Row>
-        ) : null}
+          )
+        }
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
            {this.getClientIdLabel()}
@ -293,6 +241,32 @@ class ProviderEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        {
+          this.state.provider.type !== "WeChat" ? null : (
+            <React.Fragment>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Client ID 2"), i18next.t("provider:Client ID 2 - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.clientId2} onChange={e => {
+                    this.updateProviderField('clientId2', e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Client secret 2"), i18next.t("provider:Client secret 2 - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.clientSecret2} onChange={e => {
+                    this.updateProviderField('clientSecret2', e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            </React.Fragment>
+          )
+        }
        {this.state.provider.category === "Storage" ? (
          <div>
            <Row style={{marginTop: '20px'}} >
--- a/web/src/ProviderListPage.js
+++ b/web/src/ProviderListPage.js
@ -20,32 +20,9 @@ import * as Setting from "./Setting";
 import * as ProviderBackend from "./backend/ProviderBackend";
 import * as Provider from "./auth/Provider";
 import i18next from "i18next";
+import BaseListPage from "./BaseListPage";

-class ProviderListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      providers: null,
-      total: 0,
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getProviders(1, 10);
-  }
-
-  getProviders(page, pageSize) {
-    ProviderBackend.getProviders("admin", page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            providers: res.data,
-            total: res.data2
-          });
-        }
-      });
-  }
+class ProviderListPage extends BaseListPage {

  newProvider() {
    const randomName = Setting.getRandomName();
@ -71,10 +48,6 @@ class ProviderListPage extends React.Component {
    ProviderBackend.addProvider(newProvider)
      .then((res) => {
          Setting.showMessage("success", `Provider added successfully`);
-          this.setState({
-            providers: Setting.prependRow(this.state.providers, newProvider),
-            total: this.state.total + 1
-          });
          this.props.history.push(`/providers/${newProvider.name}`);
        }
      )
@ -84,12 +57,12 @@ class ProviderListPage extends React.Component {
  }

  deleteProvider(i) {
-    ProviderBackend.deleteProvider(this.state.providers[i])
+    ProviderBackend.deleteProvider(this.state.data[i])
      .then((res) => {
          Setting.showMessage("success", `Provider deleted successfully`);
          this.setState({
-            providers: Setting.deleteRow(this.state.providers, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -106,7 +79,8 @@ class ProviderListPage extends React.Component {
        key: 'name',
        width: '120px',
        fixed: 'left',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
        render: (text, record, index) => {
          return (
            <Link to={`/providers/${text}`}>
@ -120,7 +94,7 @@ class ProviderListPage extends React.Component {
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '180px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -130,22 +104,39 @@ class ProviderListPage extends React.Component {
        dataIndex: 'displayName',
        key: 'displayName',
        // width: '100px',
-        sorter: (a, b) => a.displayName.localeCompare(b.displayName),
+        sorter: true,
+        ...this.getColumnSearchProps('displayName'),
      },
      {
        title: i18next.t("provider:Category"),
        dataIndex: 'category',
        key: 'category',
-        width: '100px',
-        sorter: (a, b) => a.category.localeCompare(b.category),
+        filterMultiple: false,
+        filters: [
+          {text: 'OAuth', value: 'OAuth'},
+          {text: 'Email', value: 'Email'},
+          {text: 'SMS', value: 'SMS'},
+          {text: 'Storage', value: 'Storage'},
+          {text: 'SAML', value: 'SAML'},
+        ],
+        width: '110px',
+        sorter: true,
      },
      {
        title: i18next.t("provider:Type"),
        dataIndex: 'type',
        key: 'type',
-        width: '80px',
+        width: '110px',
        align: 'center',
-        sorter: (a, b) => a.type.localeCompare(b.type),
+        filterMultiple: false,
+        filters: [
+          {text: 'OAuth', value: 'OAuth', children: Setting.getProviderTypeOptions('OAuth').map((o) => {return {text:o.id, value:o.name}})},
+          {text: 'Email', value: 'Email', children: Setting.getProviderTypeOptions('Email').map((o) => {return {text:o.id, value:o.name}})},
+          {text: 'SMS', value: 'SMS', children: Setting.getProviderTypeOptions('SMS').map((o) => {return {text:o.id, value:o.name}})},
+          {text: 'Storage', value: 'Storage', children: Setting.getProviderTypeOptions('Storage').map((o) => {return {text:o.id, value:o.name}})},
+          {text: 'SAML', value: 'SAML', children: Setting.getProviderTypeOptions('SAML').map((o) => {return {text:o.id, value:o.name}})},
+        ],
+        sorter: true,
        render: (text, record, index) => {
          return Provider.getProviderLogoWidget(record);
        }
@ -155,24 +146,19 @@ class ProviderListPage extends React.Component {
        dataIndex: 'clientId',
        key: 'clientId',
        width: '100px',
-        sorter: (a, b) => a.clientId.localeCompare(b.clientId),
+        sorter: true,
+        ...this.getColumnSearchProps('clientId'),
        render: (text, record, index) => {
          return Setting.getShortText(text);
        }
      },
-      // {
-      //   title: 'Client secret',
-      //   dataIndex: 'clientSecret',
-      //   key: 'clientSecret',
-      //   width: '150px',
-      //   sorter: (a, b) => a.clientSecret.localeCompare(b.clientSecret),
-      // },
      {
        title: i18next.t("provider:Provider URL"),
        dataIndex: 'providerUrl',
        key: 'providerUrl',
        width: '150px',
-        sorter: (a, b) => a.providerUrl.localeCompare(b.providerUrl),
+        sorter: true,
+        ...this.getColumnSearchProps('providerUrl'),
        render: (text, record, index) => {
          return (
            <a target="_blank" rel="noreferrer" href={text}>
@ -206,12 +192,10 @@ class ProviderListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getProviders(page, pageSize),
-      onShowSizeChange: (current, size) => this.getProviders(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -223,21 +207,40 @@ class ProviderListPage extends React.Component {
                   <Button type="primary" size="small" onClick={this.addProvider.bind(this)}>{i18next.t("general:Add")}</Button>
                 </div>
               )}
-               loading={providers === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.providers)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.category !== undefined && params.category !== null) {
+      field = "category";
+      value = params.category;
+    } else if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({ loading: true });
+    ProviderBackend.getProviders("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default ProviderListPage;
--- a/web/src/RecordListPage.js
+++ b/web/src/RecordListPage.js
@ -19,31 +19,14 @@ import * as Setting from "./Setting";
 import * as RecordBackend from "./backend/RecordBackend";
 import i18next from "i18next";
 import moment from "moment";
+import BaseListPage from "./BaseListPage";

-class RecordListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      records: null,
-      total: 0,
-    };
-  }
+class RecordListPage extends BaseListPage {

  UNSAFE_componentWillMount() {
-    this.getRecords(1, 20);
-  }
-
-  getRecords(page, pageSize) {
-    RecordBackend.getRecords(page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            records: res.data,
-            total: res.data2
-          });
-        }
-      });
+    this.state.pagination.pageSize = 20;
+    const { pagination } = this.state;
+    this.fetch({ pagination });
  }

  newRecord() {
@ -68,21 +51,24 @@ class RecordListPage extends React.Component {
        dataIndex: 'name',
        key: 'name',
        width: '320px',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
      },
      {
        title: i18next.t("general:ID"),
        dataIndex: 'id',
        key: 'id',
        width: '90px',
-        sorter: (a, b) => a.id - b.id,
+        sorter: true,
+        ...this.getColumnSearchProps('id'),
      },
      {
        title: i18next.t("general:Client IP"),
        dataIndex: 'clientIp',
        key: 'clientIp',
        width: '150px',
-        sorter: (a, b) => a.clientIp.localeCompare(b.clientIp),
+        sorter: true,
+        ...this.getColumnSearchProps('clientIp'),
        render: (text, record, index) => {
          return (
            <a target="_blank" rel="noreferrer" href={`https://db-ip.com/${text}`}>
@ -96,7 +82,7 @@ class RecordListPage extends React.Component {
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '180px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -105,8 +91,9 @@ class RecordListPage extends React.Component {
        title: i18next.t("general:Organization"),
        dataIndex: 'organization',
        key: 'organization',
-        width: '80px',
-        sorter: (a, b) => a.organization.localeCompare(b.organization),
+        width: '110px',
+        sorter: true,
+        ...this.getColumnSearchProps('organization'),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@ -120,7 +107,8 @@ class RecordListPage extends React.Component {
        dataIndex: 'user',
        key: 'user',
        width: '120px',
-        sorter: (a, b) => a.user.localeCompare(b.user),
+        sorter: true,
+        ...this.getColumnSearchProps('user'),
        render: (text, record, index) => {
          return (
            <Link to={`/users/${record.organization}/${record.user}`}>
@ -133,22 +121,36 @@ class RecordListPage extends React.Component {
        title: i18next.t("general:Method"),
        dataIndex: 'method',
        key: 'method',
-        width: '100px',
-        sorter: (a, b) => a.method.localeCompare(b.method),
+        width: '110px',
+        sorter: true,
+        filterMultiple: false,
+        filters: [
+          {text: 'GET', value: 'GET'},
+          {text: 'HEAD', value: 'HEAD'},
+          {text: 'POST', value: 'POST'},
+          {text: 'PUT', value: 'PUT'},
+          {text: 'DELETE', value: 'DELETE'},
+          {text: 'CONNECT', value: 'CONNECT'},
+          {text: 'OPTIONS', value: 'OPTIONS'},
+          {text: 'TRACE', value: 'TRACE'},
+          {text: 'PATCH', value: 'PATCH'},
+        ],
      },
      {
        title: i18next.t("general:Request URI"),
        dataIndex: 'requestUri',
        key: 'requestUri',
        // width: '300px',
-        sorter: (a, b) => a.requestUri.localeCompare(b.requestUri),
+        sorter: true,
+        ...this.getColumnSearchProps('requestUri'),
      },
      {
        title: i18next.t("general:Action"),
        dataIndex: 'action',
        key: 'action',
        width: '200px',
-        sorter: (a, b) => a.action.localeCompare(b.action),
+        sorter: true,
+        ...this.getColumnSearchProps('action'),
        fixed: (Setting.isMobile()) ? "false" : "right",
        render: (text, record, index) => {
          return text;
@ -159,7 +161,7 @@ class RecordListPage extends React.Component {
        dataIndex: 'isTriggered',
        key: 'isTriggered',
        width: '140px',
-        sorter: (a, b) => a.isTriggered - b.isTriggered,
+        sorter: true,
        fixed: (Setting.isMobile()) ? "false" : "right",
        render: (text, record, index) => {
          if (!["signup", "login", "logout", "update-user"].includes(record.action)) {
@ -174,13 +176,11 @@ class RecordListPage extends React.Component {
    ];

    const paginationProps = {
-      pageSize: 20,
-      total: this.state.total,
+      total: this.state.pagination.total,
+      pageSize: this.state.pagination.pageSize,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getRecords(page, pageSize),
-      onShowSizeChange: (current, size) => this.getRecords(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -191,21 +191,37 @@ class RecordListPage extends React.Component {
                   {i18next.t("general:Records")}&nbsp;&nbsp;&nbsp;&nbsp;
                 </div>
               )}
-               loading={records === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.records)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.method !== undefined && params.method !== null) {
+      field = "method";
+      value = params.method;
+    }
+    this.setState({ loading: true });
+    RecordBackend.getRecords(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default RecordListPage;
--- a/web/src/ResetModal.js
+++ b/web/src/ResetModal.js
@ -17,7 +17,7 @@ import i18next from "i18next";
 import React from "react";
 import * as Setting from "./Setting"
 import * as UserBackend from "./backend/UserBackend"
-import {CountDownInput} from "./component/CountDownInput";
+import {CountDownInput} from "./common/CountDownInput";
 import {MailOutlined, PhoneOutlined} from "@ant-design/icons";

 export const ResetModal = (props) => {
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@ -20,42 +20,33 @@ import * as Setting from "./Setting";
 import * as ResourceBackend from "./backend/ResourceBackend";
 import i18next from "i18next";
 import {Link} from "react-router-dom";
+import BaseListPage from "./BaseListPage";

-class ResourceListPage extends React.Component {
+class ResourceListPage extends BaseListPage {
  constructor(props) {
    super(props);
    this.state = {
      classes: props,
-      resources: null,
+      data: [],
+      pagination: {
+        current: 1,
+        pageSize: 10,
+      },
+      loading: false,
+      searchText: '',
+      searchedColumn: '',
      fileList: [],
      uploading: false,
-      total: 0,
    };
  }

-  UNSAFE_componentWillMount() {
-    this.getResources(1, 10);
-  }
-
-  getResources(page, pageSize) {
-    ResourceBackend.getResources(this.props.account.owner, this.props.account.name, page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            resources: res.data,
-            total: res.data2
-          });
-        }
-      });
-  }
-
  deleteResource(i) {
-    ResourceBackend.deleteResource(this.state.resources[i])
+    ResourceBackend.deleteResource(this.state.data[i])
      .then((res) => {
        Setting.showMessage("success", `Resource deleted successfully`);
          this.setState({
-            resources: Setting.deleteRow(this.state.resources, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -100,7 +91,8 @@ class ResourceListPage extends React.Component {
        key: 'provider',
        width: '150px',
        fixed: 'left',
-        sorter: (a, b) => a.provider.localeCompare(b.provider),
+        sorter: true,
+        ...this.getColumnSearchProps('provider'),
        render: (text, record, index) => {
          return (
            <Link to={`/providers/${text}`}>
@ -114,7 +106,8 @@ class ResourceListPage extends React.Component {
        dataIndex: 'application',
        key: 'application',
        width: '80px',
-        sorter: (a, b) => a.application.localeCompare(b.application),
+        sorter: true,
+        ...this.getColumnSearchProps('application'),
        render: (text, record, index) => {
          return (
            <Link to={`/applications/${text}`}>
@ -128,7 +121,8 @@ class ResourceListPage extends React.Component {
        dataIndex: 'user',
        key: 'user',
        width: '80px',
-        sorter: (a, b) => a.user.localeCompare(b.user),
+        sorter: true,
+        ...this.getColumnSearchProps('user'),
        render: (text, record, index) => {
          return (
            <Link to={`/users/${record.owner}/${record.user}`}>
@ -142,21 +136,23 @@ class ResourceListPage extends React.Component {
        dataIndex: 'parent',
        key: 'parent',
        width: '80px',
-        sorter: (a, b) => a.parent.localeCompare(b.parent),
+        sorter: true,
+        ...this.getColumnSearchProps('parent'),
      },
      {
        title: i18next.t("general:Name"),
        dataIndex: 'name',
        key: 'name',
        width: '150px',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '150px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -166,7 +162,8 @@ class ResourceListPage extends React.Component {
        dataIndex: 'tag',
        key: 'tag',
        width: '80px',
-        sorter: (a, b) => a.tag.localeCompare(b.tag),
+        sorter: true,
+        ...this.getColumnSearchProps('tag'),
      },
      // {
      //   title: i18next.t("resource:File name"),
@ -180,21 +177,23 @@ class ResourceListPage extends React.Component {
        dataIndex: 'fileType',
        key: 'fileType',
        width: '80px',
-        sorter: (a, b) => a.fileType.localeCompare(b.fileType),
+        sorter: true,
+        ...this.getColumnSearchProps('fileType'),
      },
      {
        title: i18next.t("resource:Format"),
        dataIndex: 'fileFormat',
        key: 'fileFormat',
        width: '80px',
-        sorter: (a, b) => a.fileFormat.localeCompare(b.fileFormat),
+        sorter: true,
+        ...this.getColumnSearchProps('fileFormat'),
      },
      {
        title: i18next.t("resource:File size"),
        dataIndex: 'fileSize',
        key: 'fileSize',
        width: '100px',
-        sorter: (a, b) => a.fileSize - b.fileSize,
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFriendlyFileSize(text);
        }
@ -266,12 +265,10 @@ class ResourceListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getResources(page, pageSize),
-      onShowSizeChange: (current, size) => this.getResources(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -286,21 +283,33 @@ class ResourceListPage extends React.Component {
                   }
                 </div>
               )}
-               loading={resources === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.resources)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    this.setState({ loading: true });
+    ResourceBackend.getResources(this.props.account.owner, this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default ResourceListPage;
--- a/web/src/RoleEditPage.js
+++ b/web/src/RoleEditPage.js
@ -0,0 +1,219 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select, Switch} from 'antd';
+import * as RoleBackend from "./backend/RoleBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+
+const { Option } = Select;
+
+class RoleEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      roleName: props.match.params.roleName,
+      role: null,
+      organizations: [],
+      users: [],
+      roles: [],
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getRole();
+    this.getOrganizations();
+  }
+
+  getRole() {
+    RoleBackend.getRole(this.state.organizationName, this.state.roleName)
+      .then((role) => {
+        this.setState({
+          role: role,
+        });
+
+        this.getUsers(role.owner);
+        this.getRoles(role.owner);
+      });
+  }
+
+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getUsers(organizationName) {
+    UserBackend.getUsers(organizationName)
+      .then((res) => {
+        this.setState({
+          users: res,
+        });
+      });
+  }
+
+  getRoles(organizationName) {
+    RoleBackend.getRoles(organizationName)
+      .then((res) => {
+        this.setState({
+          roles: res,
+        });
+      });
+  }
+
+  parseRoleField(key, value) {
+    if ([""].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updateRoleField(key, value) {
+    value = this.parseRoleField(key, value);
+
+    let role = this.state.role;
+    role[key] = value;
+    this.setState({
+      role: role,
+    });
+  }
+
+  renderRole() {
+    return (
+      <Card size="small" title={
+        <div>
+          {i18next.t("role:Edit Role")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitRoleEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" onClick={() => this.submitRoleEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      } style={(Setting.isMobile())? {margin: '5px'}:{}} type="inner">
+        <Row style={{marginTop: '10px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.role.owner} onChange={(value => {this.updateRoleField('owner', value);})}>
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.role.name} onChange={e => {
+              this.updateRoleField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.role.displayName} onChange={e => {
+              this.updateRoleField('displayName', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("role:Sub users"), i18next.t("role:Sub users - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: '100%'}} value={this.state.role.users} onChange={(value => {this.updateRoleField('users', value);})}>
+              {
+                this.state.users.map((user, index) => <Option key={index} value={`${user.owner}/${user.name}`}>{`${user.owner}/${user.name}`}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("role:Sub roles"), i18next.t("role:Sub roles - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: '100%'}} value={this.state.role.roles} onChange={(value => {this.updateRoleField('roles', value);})}>
+              {
+                this.state.roles.filter(role => (role.owner !== this.state.role.owner || role.name !== this.state.role.name)).map((role, index) => <Option key={index} value={`${role.owner}/${role.name}`}>{`${role.owner}/${role.name}`}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("general:Is enabled"), i18next.t("general:Is enabled - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.role.isEnabled} onChange={checked => {
+              this.updateRoleField('isEnabled', checked);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    )
+  }
+
+  submitRoleEdit(willExist) {
+    let role = Setting.deepCopy(this.state.role);
+    RoleBackend.updateRole(this.state.organizationName, this.state.roleName, role)
+      .then((res) => {
+        if (res.msg === "") {
+          Setting.showMessage("success", `Successfully saved`);
+          this.setState({
+            roleName: this.state.role.name,
+          });
+
+          if (willExist) {
+            this.props.history.push(`/roles`);
+          } else {
+            this.props.history.push(`/roles/${this.state.role.owner}/${this.state.role.name}`);
+          }
+        } else {
+          Setting.showMessage("error", res.msg);
+          this.updateRoleField('name', this.state.roleName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.role !== null ? this.renderRole() : null
+        }
+        <div style={{marginTop: '20px', marginLeft: '40px'}}>
+          <Button size="large" onClick={() => this.submitRoleEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" size="large" onClick={() => this.submitRoleEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      </div>
+    );
+  }
+}
+
+export default RoleEditPage;
--- a/web/src/RoleListPage.js
+++ b/web/src/RoleListPage.js
@ -0,0 +1,222 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Popconfirm, Switch, Table} from 'antd';
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as RoleBackend from "./backend/RoleBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+
+class RoleListPage extends BaseListPage {
+  newRole() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "built-in",
+      name: `role_${randomName}`,
+      createdTime: moment().format(),
+      displayName: `New Role - ${randomName}`,
+      users: [],
+      roles: [],
+      isEnabled: true,
+    }
+  }
+
+  addRole() {
+    const newRole = this.newRole();
+    RoleBackend.addRole(newRole)
+      .then((res) => {
+          Setting.showMessage("success", `Role added successfully`);
+          this.props.history.push(`/roles/${newRole.owner}/${newRole.name}`);
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Role failed to add: ${error}`);
+      });
+  }
+
+  deleteRole(i) {
+    RoleBackend.deleteRole(this.state.data[i])
+      .then((res) => {
+          Setting.showMessage("success", `Role deleted successfully`);
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Role failed to delete: ${error}`);
+      });
+  }
+
+  renderTable(roles) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: 'owner',
+        key: 'owner',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('owner'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: 'name',
+        key: 'name',
+        width: '150px',
+        fixed: 'left',
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/roles/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: 'createdTime',
+        key: 'createdTime',
+        width: '160px',
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        }
+      },
+      {
+        title: i18next.t("general:Display name"),
+        dataIndex: 'displayName',
+        key: 'displayName',
+        width: '200px',
+        sorter: true,
+        ...this.getColumnSearchProps('displayName'),
+      },
+      {
+        title: i18next.t("role:Sub users"),
+        dataIndex: 'users',
+        key: 'users',
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('users'),
+        render: (text, record, index) => {
+          return Setting.getTags(text);
+        }
+      },
+      {
+        title: i18next.t("role:Sub roles"),
+        dataIndex: 'roles',
+        key: 'roles',
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('roles'),
+        render: (text, record, index) => {
+          return Setting.getTags(text);
+        }
+      },
+      {
+        title: i18next.t("general:Is enabled"),
+        dataIndex: 'isEnabled',
+        key: 'isEnabled',
+        width: '120px',
+        sorter: true,
+        render: (text, record, index) => {
+          return (
+            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: '',
+        key: 'op',
+        width: '170px',
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: '10px', marginBottom: '10px', marginRight: '10px'}} type="primary" onClick={() => this.props.history.push(`/roles/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Popconfirm
+                title={`Sure to delete role: ${record.name} ?`}
+                onConfirm={() => this.deleteRole(index)}
+              >
+                <Button style={{marginBottom: '10px'}} type="danger">{i18next.t("general:Delete")}</Button>
+              </Popconfirm>
+            </div>
+          )
+        }
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: 'max-content'}} columns={columns} dataSource={roles} rowKey="name" size="middle" bordered pagination={paginationProps}
+               title={() => (
+                 <div>
+                   {i18next.t("general:Roles")}&nbsp;&nbsp;&nbsp;&nbsp;
+                   <Button type="primary" size="small" onClick={this.addRole.bind(this)}>{i18next.t("general:Add")}</Button>
+                 </div>
+               )}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({ loading: true });
+    RoleBackend.getRoles("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        }
+      });
+  };
+}
+
+export default RoleListPage;
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@ -382,6 +382,60 @@ export function getProviderLogo(provider) {
  )
 }

+export function getProviderTypeOptions(category) {
+  if (category === "OAuth") {
+    return (
+      [
+        {id: 'Google', name: 'Google'},
+        {id: 'GitHub', name: 'GitHub'},
+        {id: 'QQ', name: 'QQ'},
+        {id: 'WeChat', name: 'WeChat'},
+        {id: 'Facebook', name: 'Facebook'},
+        {id: 'DingTalk', name: 'DingTalk'},
+        {id: 'Weibo', name: 'Weibo'},
+        {id: 'Gitee', name: 'Gitee'},
+        {id: 'LinkedIn', name: 'LinkedIn'},
+        {id: 'WeCom', name: 'WeCom'},
+        {id: 'Lark', name: 'Lark'},
+        {id: 'GitLab', name: 'GitLab'},
+        {id: 'Apple', name: 'Apple'},
+        {id: 'AzureAD', name: 'AzureAD'},
+        {id: 'Slack', name: 'Slack'},
+      ]
+    );
+  } else if (category === "Email") {
+    return (
+      [
+        {id: 'Default', name: 'Default'},
+      ]
+    );
+  } else if (category === "SMS") {
+    return (
+      [
+        {id: 'Aliyun SMS', name: 'Aliyun SMS'},
+        {id: 'Tencent Cloud SMS', name: 'Tencent Cloud SMS'},
+        {id: 'Volc Engine SMS', name: 'Volc Engine SMS'},
+      ]
+    );
+  } else if (category === "Storage") {
+    return (
+      [
+        {id: 'Local File System', name: 'Local File System'},
+        {id: 'AWS S3', name: 'AWS S3'},
+        {id: 'Aliyun OSS', name: 'Aliyun OSS'},
+        {id: 'Tencent Cloud COS', name: 'Tencent Cloud COS'},
+      ]
+    );
+  } else if (category === "SAML") {
+    return ([
+      {id: 'Aliyun IDaaS', name: 'Aliyun IDaaS'},
+      {id: 'Keycloak', name: 'Keycloak'},
+    ]);
+  } else {
+    return [];
+  }
+}
+
 export function renderLogo(application) {
  if (application === null) {
    return null;
@ -536,7 +590,7 @@ export function getNewRowNameForTable(table, rowName) {
 }

 export function getTagColor(s) {
-  return "success";
+  return "processing";
 }

 export function getTags(tags) {
@ -558,3 +612,7 @@ export function getApplicationOrgName(application) {
 export function getRandomName() {
  return Math.random().toString(36).slice(-6);
 }
+
+export function getRandomNumber() {
+  return Math.random().toString(10).slice(-11);
+}
--- a/web/src/SignupTable.js
+++ b/web/src/SignupTable.js
@ -74,6 +74,7 @@ class SignupTable extends React.Component {
            {id: 'Display name', name: 'Display name'},
            {id: 'Affiliation', name: 'Affiliation'},
            {id: 'Country/Region', name: 'Country/Region'},
+            {id: 'ID card', name: 'ID card'},
            {id: 'Email', name: 'Email'},
            {id: 'Password', name: 'Password'},
            {id: 'Confirm password', name: 'Confirm password'},
--- a/web/src/SyncerEditPage.js
+++ b/web/src/SyncerEditPage.js
@ -158,6 +158,24 @@ class SyncerEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("syncer:Database type"), i18next.t("syncer:Database type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.syncer.databaseType} onChange={(value => {this.updateSyncerField('databaseType', value);})}>
+              {
+                [
+                  {id: 'mysql', name: 'MySQL'},
+                  {id: 'postgres', name: 'PostgreSQL'},
+                  {id: 'mssql', name: 'SQL Server'},
+                  {id: 'oracle', name: 'Oracle'},
+                  {id: 'sqlite3', name: 'Sqlite 3'},
+                ].map((databaseType, index) => <Option key={index} value={databaseType.id}>{databaseType.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("syncer:Database"), i18next.t("syncer:Database - Tooltip"))} :
@ -232,7 +250,7 @@ class SyncerEditPage extends React.Component {
        </Row>
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
-            {Setting.getLabel(i18next.t("syncer:Is enabled"), i18next.t("syncer:Is enabled - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Is enabled"), i18next.t("general:Is enabled - Tooltip"))} :
          </Col>
          <Col span={1} >
            <Switch checked={this.state.syncer.isEnabled} onChange={checked => {
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@ -19,32 +19,9 @@ import moment from "moment";
 import * as Setting from "./Setting";
 import * as SyncerBackend from "./backend/SyncerBackend";
 import i18next from "i18next";
+import BaseListPage from "./BaseListPage";

-class SyncerListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      syncers: null,
-      total: 0,
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getSyncers(1, 10);
-  }
-
-  getSyncers(page, pageSize) {
-    SyncerBackend.getSyncers("admin", page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            syncers: res.data,
-            total: res.data2
-          });
-        }
-      });
-  }
+class SyncerListPage extends BaseListPage {

  newSyncer() {
    const randomName = Setting.getRandomName();
@ -58,6 +35,7 @@ class SyncerListPage extends React.Component {
      port: 3306,
      user: "root",
      password: "123456",
+      databaseType: "mysql",
      database: "dbName",
      table: "tableName",
      tableColumns: [],
@ -73,10 +51,6 @@ class SyncerListPage extends React.Component {
    SyncerBackend.addSyncer(newSyncer)
      .then((res) => {
          Setting.showMessage("success", `Syncer added successfully`);
-          this.setState({
-            syncers: Setting.prependRow(this.state.syncers, newSyncer),
-            total: this.state.total + 1
-          });
          this.props.history.push(`/syncers/${newSyncer.name}`);
        }
      )
@ -86,12 +60,12 @@ class SyncerListPage extends React.Component {
  }

  deleteSyncer(i) {
-    SyncerBackend.deleteSyncer(this.state.syncers[i])
+    SyncerBackend.deleteSyncer(this.state.data[i])
      .then((res) => {
          Setting.showMessage("success", `Syncer deleted successfully`);
          this.setState({
-            syncers: Setting.deleteRow(this.state.syncers, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -107,7 +81,8 @@ class SyncerListPage extends React.Component {
        dataIndex: 'organization',
        key: 'organization',
        width: '120px',
-        sorter: (a, b) => a.organization.localeCompare(b.organization),
+        sorter: true,
+        ...this.getColumnSearchProps('organization'),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@ -122,7 +97,8 @@ class SyncerListPage extends React.Component {
        key: 'name',
        width: '150px',
        fixed: 'left',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
        render: (text, record, index) => {
          return (
            <Link to={`/syncers/${text}`}>
@ -135,8 +111,8 @@ class SyncerListPage extends React.Component {
        title: i18next.t("general:Created time"),
        dataIndex: 'createdTime',
        key: 'createdTime',
-        width: '180px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        width: '160px',
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -146,63 +122,80 @@ class SyncerListPage extends React.Component {
        dataIndex: 'type',
        key: 'type',
        width: '100px',
-        sorter: (a, b) => a.type.localeCompare(b.type),
+        sorter: true,
+        filterMultiple: false,
+        filters: [
+          {text: 'Database', value: 'Database'},
+          {text: 'LDAP', value: 'LDAP'},
+        ],
      },
      {
        title: i18next.t("provider:Host"),
        dataIndex: 'host',
        key: 'host',
        width: '120px',
-        sorter: (a, b) => a.host.localeCompare(b.host),
+        sorter: true,
+        ...this.getColumnSearchProps('host'),
      },
      {
        title: i18next.t("provider:Port"),
        dataIndex: 'port',
        key: 'port',
        width: '100px',
-        sorter: (a, b) => a.port - b.port,
+        sorter: true,
+        ...this.getColumnSearchProps('port'),
      },
      {
        title: i18next.t("general:User"),
        dataIndex: 'user',
        key: 'user',
        width: '120px',
-        sorter: (a, b) => a.user.localeCompare(b.user),
+        sorter: true,
+        ...this.getColumnSearchProps('user'),
      },
      {
        title: i18next.t("general:Password"),
        dataIndex: 'password',
        key: 'password',
        width: '120px',
-        sorter: (a, b) => a.password.localeCompare(b.password),
+        sorter: true,
+        ...this.getColumnSearchProps('password'),
+      },
+      {
+        title: i18next.t("syncer:Database type"),
+        dataIndex: 'databaseType',
+        key: 'databaseType',
+        width: '120px',
+        sorter: (a, b) => a.databaseType.localeCompare(b.databaseType),
      },
      {
        title: i18next.t("syncer:Database"),
        dataIndex: 'database',
        key: 'database',
        width: '120px',
-        sorter: (a, b) => a.database.localeCompare(b.database),
+        sorter: true,
      },
      {
        title: i18next.t("syncer:Table"),
        dataIndex: 'table',
        key: 'table',
        width: '120px',
-        sorter: (a, b) => a.table.localeCompare(b.table),
+        sorter: true,
      },
      {
        title: i18next.t("syncer:Sync interval"),
        dataIndex: 'syncInterval',
        key: 'syncInterval',
-        width: '120px',
-        sorter: (a, b) => a.syncInterval.localeCompare(b.syncInterval),
+        width: '130px',
+        sorter: true,
+        ...this.getColumnSearchProps('syncInterval'),
      },
      {
-        title: i18next.t("syncer:Is enabled"),
+        title: i18next.t("general:Is enabled"),
        dataIndex: 'isEnabled',
        key: 'isEnabled',
        width: '120px',
-        sorter: (a, b) => a.isEnabled - b.isEnabled,
+        sorter: true,
        render: (text, record, index) => {
          return (
            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
@ -232,12 +225,10 @@ class SyncerListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getSyncers(page, pageSize),
-      onShowSizeChange: (current, size) => this.getSyncers(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -249,21 +240,37 @@ class SyncerListPage extends React.Component {
                   <Button type="primary" size="small" onClick={this.addSyncer.bind(this)}>{i18next.t("general:Add")}</Button>
                 </div>
               )}
-               loading={syncers === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.syncers)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({ loading: true });
+    SyncerBackend.getSyncers("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default SyncerListPage;
--- a/web/src/TokenListPage.js
+++ b/web/src/TokenListPage.js
@ -19,32 +19,10 @@ import moment from "moment";
 import * as Setting from "./Setting";
 import * as TokenBackend from "./backend/TokenBackend";
 import i18next from "i18next";
+import * as ResourceBackend from "./backend/ResourceBackend";
+import BaseListPage from "./BaseListPage";

-class TokenListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      tokens: null,
-      total: 0,
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getTokens(1, 10);
-  }
-
-  getTokens(page, pageSize) {
-    TokenBackend.getTokens("admin", page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            tokens: res.data,
-            total: res.data2
-          });
-        }
-      });
-  }
+class TokenListPage extends BaseListPage {

  newToken() {
    const randomName = Setting.getRandomName();
@ -67,10 +45,6 @@ class TokenListPage extends React.Component {
    TokenBackend.addToken(newToken)
      .then((res) => {
          Setting.showMessage("success", `Token added successfully`);
-          this.setState({
-            tokens: Setting.prependRow(this.state.tokens, newToken),
-            total: this.state.total + 1
-          });
          this.props.history.push(`/tokens/${newToken.name}`);
        }
      )
@ -80,12 +54,12 @@ class TokenListPage extends React.Component {
  }

  deleteToken(i) {
-    TokenBackend.deleteToken(this.state.tokens[i])
+    TokenBackend.deleteToken(this.state.data[i])
      .then((res) => {
          Setting.showMessage("success", `Token deleted successfully`);
          this.setState({
-            tokens: Setting.deleteRow(this.state.tokens, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -102,7 +76,8 @@ class TokenListPage extends React.Component {
        key: 'name',
        width: (Setting.isMobile()) ? "100px" : "300px",
        fixed: 'left',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
        render: (text, record, index) => {
          return (
            <Link to={`/tokens/${text}`}>
@ -116,7 +91,7 @@ class TokenListPage extends React.Component {
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '160px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -126,7 +101,8 @@ class TokenListPage extends React.Component {
        dataIndex: 'application',
        key: 'application',
        width: '120px',
-        sorter: (a, b) => a.application.localeCompare(b.application),
+        sorter: true,
+        ...this.getColumnSearchProps('application'),
        render: (text, record, index) => {
          return (
            <Link to={`/applications/${text}`}>
@ -140,7 +116,8 @@ class TokenListPage extends React.Component {
        dataIndex: 'organization',
        key: 'organization',
        width: '120px',
-        sorter: (a, b) => a.organization.localeCompare(b.organization),
+        sorter: true,
+        ...this.getColumnSearchProps('organization'),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@ -154,7 +131,8 @@ class TokenListPage extends React.Component {
        dataIndex: 'user',
        key: 'user',
        width: '120px',
-        sorter: (a, b) => a.user.localeCompare(b.user),
+        sorter: true,
+        ...this.getColumnSearchProps('user'),
        render: (text, record, index) => {
          return (
            <Link to={`/users/${record.organization}/${text}`}>
@ -168,7 +146,8 @@ class TokenListPage extends React.Component {
        dataIndex: 'code',
        key: 'code',
        // width: '150px',
-        sorter: (a, b) => a.code.localeCompare(b.code),
+        sorter: true,
+        ...this.getColumnSearchProps('code'),
        render: (text, record, index) => {
          return Setting.getClickable(text);
        }
@ -178,8 +157,9 @@ class TokenListPage extends React.Component {
        dataIndex: 'accessToken',
        key: 'accessToken',
        // width: '150px',
-        sorter: (a, b) => a.accessToken.localeCompare(b.accessToken),
+        sorter: true,
        ellipsis: true,
+        ...this.getColumnSearchProps('accessToken'),
        render: (text, record, index) => {
          return Setting.getClickable(text);
        }
@ -189,14 +169,16 @@ class TokenListPage extends React.Component {
        dataIndex: 'expiresIn',
        key: 'expiresIn',
        width: '120px',
-        sorter: (a, b) => a.expiresIn - b.expiresIn,
+        sorter: true,
+        ...this.getColumnSearchProps('expiresIn'),
      },
      {
        title: i18next.t("token:Scope"),
        dataIndex: 'scope',
        key: 'scope',
-        width: '100px',
-        sorter: (a, b) => a.scope.localeCompare(b.scope),
+        width: '110px',
+        sorter: true,
+        ...this.getColumnSearchProps('scope'),
      },
      // {
      //   title: i18next.t("token:Token type"),
@ -228,12 +210,10 @@ class TokenListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getTokens(page, pageSize),
-      onShowSizeChange: (current, size) => this.getTokens(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -245,21 +225,33 @@ class TokenListPage extends React.Component {
                   <Button type="primary" size="small" onClick={this.addToken.bind(this)}>{i18next.t("general:Add")}</Button>
                 </div>
               )}
-               loading={tokens === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.tokens)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    this.setState({ loading: true });
+    TokenBackend.getTokens("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default TokenListPage;
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -25,11 +25,11 @@ import PasswordModal from "./PasswordModal";
 import ResetModal from "./ResetModal";
 import AffiliationSelect from "./common/AffiliationSelect";
 import OAuthWidget from "./common/OAuthWidget";
+import SamlWidget from "./common/SamlWidget";
 import SelectRegionBox from "./SelectRegionBox";

 import {Controlled as CodeMirror} from 'react-codemirror2';
 import "codemirror/lib/codemirror.css";
-import SamlWidget from "./common/SamlWidget";
 require('codemirror/theme/material-darker.css');
 require("codemirror/mode/javascript/javascript");

--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@ -14,51 +14,31 @@

 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Popconfirm, Switch, Table} from 'antd';
+import {Button, Popconfirm, Switch, Table, Upload} from 'antd';
+import {UploadOutlined} from "@ant-design/icons";
 import moment from "moment";
 import * as Setting from "./Setting";
 import * as UserBackend from "./backend/UserBackend";
 import i18next from "i18next";
+import BaseListPage from "./BaseListPage";

-class UserListPage extends React.Component {
+class UserListPage extends BaseListPage {
  constructor(props) {
    super(props);
    this.state = {
      classes: props,
-      users: null,
      organizationName: props.match.params.organizationName,
-      total: 0,
+      data: [],
+      pagination: {
+        current: 1,
+        pageSize: 10,
+      },
+      loading: false,
+      searchText: '',
+      searchedColumn: '',
    };
  }

-  UNSAFE_componentWillMount() {
-    this.getUsers(1, 10);
-  }
-
-  getUsers(page, pageSize) {
-    if (this.state.organizationName === undefined) {
-      UserBackend.getGlobalUsers(page, pageSize)
-          .then((res) => {
-            if (res.status === "ok") {
-              this.setState({
-                users: res.data,
-                total: res.data2
-              });
-            }
-          });
-    } else {
-      UserBackend.getUsers(this.state.organizationName, page, pageSize)
-          .then((res) => {
-            if (res.status === "ok") {
-              this.setState({
-                users: res.data,
-                total: res.data2
-              });
-            }
-          });
-    }
-  }
-
  newUser() {
    const randomName = Setting.getRandomName();
    return {
@ -70,8 +50,8 @@ class UserListPage extends React.Component {
      passwordSalt: "",
      displayName: `New User - ${randomName}`,
      avatar: "https://casbin.org/img/casbin.svg",
-      email: "user@example.com",
-      phone: "12345678",
+      email: `${randomName}@example.com`,
+      phone: Setting.getRandomNumber(),
      address: [],
      affiliation: "Example Inc.",
      tag: "staff",
@ -90,10 +70,6 @@ class UserListPage extends React.Component {
    UserBackend.addUser(newUser)
      .then((res) => {
          Setting.showMessage("success", `User added successfully`);
-          this.setState({
-            users: Setting.prependRow(this.state.users, newUser),
-            total: this.state.total + 1
-          });
          this.props.history.push(`/users/${newUser.owner}/${newUser.name}`);
        }
      )
@ -103,12 +79,12 @@ class UserListPage extends React.Component {
  }

  deleteUser(i) {
-    UserBackend.deleteUser(this.state.users[i])
+    UserBackend.deleteUser(this.state.data[i])
      .then((res) => {
          Setting.showMessage("success", `User deleted successfully`);
          this.setState({
-            users: Setting.deleteRow(this.state.users, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -117,6 +93,43 @@ class UserListPage extends React.Component {
      });
  }

+  uploadFile(info) {
+    const { status, response: res } = info.file;
+    if (status === 'done') {
+      if (res.status === 'ok') {
+        Setting.showMessage("success", `Users uploaded successfully, refreshing the page`);
+
+        const { pagination } = this.state;
+        this.fetch({ pagination });
+      } else {
+        Setting.showMessage("error", `Users failed to upload: ${res.msg}`);
+      }
+    } else if (status === 'error') {
+      Setting.showMessage("error", `File failed to upload`);
+    }
+  }
+
+  renderUpload() {
+    const props = {
+      name: 'file',
+      accept: '.xlsx',
+      method: 'post',
+      action: `${Setting.ServerUrl}/api/upload-users`,
+      withCredentials: true,
+      onChange: (info) => {
+        this.uploadFile(info);
+      },
+    };
+
+    return (
+      <Upload {...props}>
+        <Button type="primary" size="small">
+          <UploadOutlined /> {i18next.t("user:Upload (.xlsx)")}
+        </Button>
+      </Upload>
+    )
+  }
+
  renderTable(users) {
    // transfer country code to name based on selected language
    var countries = require("i18n-iso-countries");
@ -132,7 +145,8 @@ class UserListPage extends React.Component {
        key: 'owner',
        width: (Setting.isMobile()) ? "100px" : "120px",
        fixed: 'left',
-        sorter: (a, b) => a.owner.localeCompare(b.owner),
+        sorter: true,
+        ...this.getColumnSearchProps('owner'),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@ -147,7 +161,8 @@ class UserListPage extends React.Component {
        key: 'signupApplication',
        width: (Setting.isMobile()) ? "100px" : "120px",
        fixed: 'left',
-        sorter: (a, b) => a.owner.localeCompare(b.owner),
+        sorter: true,
+        ...this.getColumnSearchProps('signupApplication'),
        render: (text, record, index) => {
          return (
            <Link to={`/applications/${text}`}>
@ -160,9 +175,10 @@ class UserListPage extends React.Component {
        title: i18next.t("general:Name"),
        dataIndex: 'name',
        key: 'name',
-        width: (Setting.isMobile()) ? "80px" : "100px",
+        width: (Setting.isMobile()) ? "80px" : "110px",
        fixed: 'left',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
        render: (text, record, index) => {
          return (
            <Link to={`/users/${record.owner}/${text}`}>
@ -176,7 +192,7 @@ class UserListPage extends React.Component {
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '160px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -185,8 +201,9 @@ class UserListPage extends React.Component {
        title: i18next.t("general:Display name"),
        dataIndex: 'displayName',
        key: 'displayName',
-        width: '100px',
-        sorter: (a, b) => a.displayName.localeCompare(b.displayName),
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps('displayName'),
      },
      {
        title: i18next.t("general:Avatar"),
@ -206,7 +223,8 @@ class UserListPage extends React.Component {
        dataIndex: 'email',
        key: 'email',
        width: '160px',
-        sorter: (a, b) => a.email.localeCompare(b.email),
+        sorter: true,
+        ...this.getColumnSearchProps('email'),
        render: (text, record, index) => {
          return (
            <a href={`mailto:${text}`}>
@ -220,7 +238,8 @@ class UserListPage extends React.Component {
        dataIndex: 'phone',
        key: 'phone',
        width: '120px',
-        sorter: (a, b) => a.phone.localeCompare(b.phone),
+        sorter: true,
+        ...this.getColumnSearchProps('phone'),
      },
      // {
      //   title: 'Phone',
@ -233,29 +252,32 @@ class UserListPage extends React.Component {
        title: i18next.t("user:Affiliation"),
        dataIndex: 'affiliation',
        key: 'affiliation',
-        width: '120px',
-        sorter: (a, b) => a.affiliation.localeCompare(b.affiliation),
+        width: '140px',
+        sorter: true,
+        ...this.getColumnSearchProps('affiliation'),
      },
      {
        title: i18next.t("user:Country/Region"),
        dataIndex: 'region',
        key: 'region',
-        width: '120px',
-        sorter: (a, b) => a.region.localeCompare(b.region),
+        width: '140px',
+        sorter: true,
+        ...this.getColumnSearchProps('region'),
      },
      {
        title: i18next.t("user:Tag"),
        dataIndex: 'tag',
        key: 'tag',
-        width: '100px',
-        sorter: (a, b) => a.tag.localeCompare(b.tag),
+        width: '110px',
+        sorter: true,
+        ...this.getColumnSearchProps('tag'),
      },
      {
        title: i18next.t("user:Is admin"),
        dataIndex: 'isAdmin',
        key: 'isAdmin',
        width: '110px',
-        sorter: (a, b) => a.isAdmin - b.isAdmin,
+        sorter: true,
        render: (text, record, index) => {
          return (
            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
@ -266,8 +288,8 @@ class UserListPage extends React.Component {
        title: i18next.t("user:Is global admin"),
        dataIndex: 'isGlobalAdmin',
        key: 'isGlobalAdmin',
-        width: '110px',
-        sorter: (a, b) => a.isGlobalAdmin - b.isGlobalAdmin,
+        width: '140px',
+        sorter: true,
        render: (text, record, index) => {
          return (
            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
@ -279,7 +301,7 @@ class UserListPage extends React.Component {
        dataIndex: 'isForbidden',
        key: 'isForbidden',
        width: '110px',
-        sorter: (a, b) => a.isForbidden - b.isForbidden,
+        sorter: true,
        render: (text, record, index) => {
          return (
            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
@ -291,7 +313,7 @@ class UserListPage extends React.Component {
        dataIndex: 'isDeleted',
        key: 'isDeleted',
        width: '110px',
-        sorter: (a, b) => a.isDeleted - b.isDeleted,
+        sorter: true,
        render: (text, record, index) => {
          return (
            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
@ -321,12 +343,10 @@ class UserListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getUsers(page, pageSize),
-      onShowSizeChange: (current, size) => this.getUsers(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -334,25 +354,58 @@ class UserListPage extends React.Component {
        <Table scroll={{x: 'max-content'}} columns={columns} dataSource={users} rowKey="name" size="middle" bordered pagination={paginationProps}
               title={() => (
                 <div>
-                  {i18next.t("general:Users")}&nbsp;&nbsp;&nbsp;&nbsp;
-                  <Button type="primary" size="small" onClick={this.addUser.bind(this)}>{i18next.t("general:Add")}</Button>
+                   {i18next.t("general:Users")}&nbsp;&nbsp;&nbsp;&nbsp;
+                   <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={this.addUser.bind(this)}>{i18next.t("general:Add")}</Button>
+                   {
+                     this.renderUpload()
+                   }
                 </div>
               )}
-               loading={users === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.users)
-        }
-      </div>
-    );
-  }
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    this.setState({ loading: true });
+    if (this.state.organizationName === undefined) {
+      UserBackend.getGlobalUsers(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+        .then((res) => {
+          if (res.status === "ok") {
+            this.setState({
+              loading: false,
+              data: res.data,
+              pagination: {
+                ...params.pagination,
+                total: res.data2,
+              },
+              searchText: params.searchText,
+              searchedColumn: params.searchedColumn,
+            });
+          }
+        });
+    } else {
+      UserBackend.getUsers(this.state.organizationName, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+        .then((res) => {
+          if (res.status === "ok") {
+            this.setState({
+              loading: false,
+              data: res.data,
+              pagination: {
+                ...params.pagination,
+                total: res.data2,
+              },
+              searchText: params.searchText,
+              searchedColumn: params.searchedColumn,
+            });
+          }
+        });
+    }
+  };
 }

 export default UserListPage;
--- a/web/src/WebhookEditPage.js
+++ b/web/src/WebhookEditPage.js
@ -13,15 +13,81 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, Row, Select} from 'antd';
+import {Button, Card, Col, Input, Row, Select, Switch} from 'antd';
 import {LinkOutlined} from "@ant-design/icons";
 import * as WebhookBackend from "./backend/WebhookBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
+import WebhookHeaderTable from "./WebhookHeaderTable";
+
+import {Controlled as CodeMirror} from 'react-codemirror2';
+import "codemirror/lib/codemirror.css";
+require('codemirror/theme/material-darker.css');
+require("codemirror/mode/javascript/javascript");

 const { Option } = Select;

+const previewTemplate = {
+  "id": 9078,
+  "owner": "built-in",
+  "name": "68f55b28-7380-46b1-9bde-64fe1576e3b3",
+  "createdTime": "2022-01-01T01:03:42+08:00",
+  "organization": "built-in",
+  "clientIp": "159.89.126.192",
+  "user": "admin",
+  "method": "POST",
+  "requestUri": "/api/login",
+  "action": "login",
+  "isTriggered": false,
+};
+
+const userTemplate = {
+  "owner": "built-in",
+  "name": "admin",
+  "createdTime": "2020-07-16T21:46:52+08:00",
+  "updatedTime": "",
+  "id": "9eb20f79-3bb5-4e74-99ac-39e3b9a171e8",
+  "type": "normal-user",
+  "password": "123",
+  "passwordSalt": "",
+  "displayName": "Admin",
+  "avatar": "https://cdn.casbin.com/usercontent/admin/avatar/1596241359.png",
+  "permanentAvatar": "https://cdn.casbin.com/casdoor/avatar/casbin/admin.png",
+  "email": "admin@example.com",
+  "phone": "",
+  "location": "",
+  "address": null,
+  "affiliation": "",
+  "title": "",
+  "score": 10000,
+  "ranking": 10,
+  "isOnline": false,
+  "isAdmin": true,
+  "isGlobalAdmin": false,
+  "isForbidden": false,
+  "isDeleted": false,
+  "signupApplication": "app-casnode",
+  "properties": {
+    "bio": "",
+    "checkinDate": "20200801",
+    "editorType": "",
+    "emailVerifiedTime": "2020-07-16T21:46:52+08:00",
+    "fileQuota": "50",
+    "location": "",
+    "no": "22",
+    "oauth_QQ_displayName": "",
+    "oauth_QQ_verifiedTime": "",
+    "oauth_WeChat_displayName": "",
+    "oauth_WeChat_verifiedTime": "",
+    "onlineStatus": "false",
+    "phoneVerifiedTime": "",
+    "renameQuota": "3",
+    "tagline": "",
+    "website": ""
+  }
+};
+
 class WebhookEditPage extends React.Component {
  constructor(props) {
    super(props);
@ -74,6 +140,12 @@ class WebhookEditPage extends React.Component {
  }

  renderWebhook() {
+    let preview = Setting.deepCopy(previewTemplate);
+    if (this.state.webhook.isUserExtended) {
+      preview["extendedUser"] = userTemplate;
+    }
+    const previewText = JSON.stringify(preview, null, 2);
+
    return (
      <Card size="small" title={
        <div>
@ -114,6 +186,23 @@ class WebhookEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("webhook:Method"), i18next.t("webhook:Method - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.webhook.method} onChange={(value => {this.updateWebhookField('method', value);})}>
+              {
+                [
+                  {id: 'POST', name: 'POST'},
+                  {id: 'GET', name: 'GET'},
+                  {id: 'PUT', name: 'PUT'},
+                  {id: 'DELETE', name: 'DELETE'},
+                ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("webhook:Content type"), i18next.t("webhook:Content type - Tooltip"))} :
@ -129,6 +218,18 @@ class WebhookEditPage extends React.Component {
            </Select>
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("webhook:Headers"), i18next.t("webhook:Headers - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <WebhookHeaderTable
+              title={i18next.t("webhook:Headers")}
+              table={this.state.webhook.headers}
+              onUpdateTable={(value) => { this.updateWebhookField('headers', value)}}
+            />
+          </Col>
+        </Row>
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("webhook:Events"), i18next.t("webhook:Events - Tooltip"))} :
@ -151,6 +252,40 @@ class WebhookEditPage extends React.Component {
            </Select>
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("webhook:Is user extended"), i18next.t("webhook:Is user extended - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.webhook.isUserExtended} onChange={checked => {
+              this.updateWebhookField('isUserExtended', checked);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Preview"), i18next.t("general:Preview - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <div style={{width: "900px", height: "300px"}} >
+              <CodeMirror
+                value={previewText}
+                options={{mode: 'javascript', theme: "material-darker"}}
+                onBeforeChange={(editor, data, value) => {}}
+              />
+            </div>
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("general:Is enabled"), i18next.t("general:Is enabled - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.webhook.isEnabled} onChange={checked => {
+              this.updateWebhookField('isEnabled', checked);
+            }} />
+          </Col>
+        </Row>
      </Card>
    )
  }
--- a/web/src/WebhookHeaderTable.js
+++ b/web/src/WebhookHeaderTable.js
@ -0,0 +1,138 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {DownOutlined, DeleteOutlined, UpOutlined} from '@ant-design/icons';
+import {Button, Col, Input, Row, Table, Tooltip} from 'antd';
+import * as Setting from "./Setting";
+import i18next from "i18next";
+
+class WebhookHeaderTable extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+    };
+  }
+
+  updateTable(table) {
+    this.props.onUpdateTable(table);
+  }
+
+  updateField(table, index, key, value) {
+    table[index][key] = value;
+    this.updateTable(table);
+  }
+
+  addRow(table) {
+    let row = {name: `header-${table.length}`, value: `value-${table.length}`};
+    if (table === undefined) {
+      table = [];
+    }
+    table = Setting.addRow(table, row);
+    this.updateTable(table);
+  }
+
+  deleteRow(table, i) {
+    table = Setting.deleteRow(table, i);
+    this.updateTable(table);
+  }
+
+  upRow(table, i) {
+    table = Setting.swapRow(table, i - 1, i);
+    this.updateTable(table);
+  }
+
+  downRow(table, i) {
+    table = Setting.swapRow(table, i, i + 1);
+    this.updateTable(table);
+  }
+
+  renderTable(table) {
+    const columns = [
+      {
+        title: i18next.t("webhook:Name"),
+        dataIndex: 'name',
+        key: 'name',
+        width: '250px',
+        render: (text, record, index) => {
+          return (
+            <Input value={text} onChange={e => {
+              this.updateField(table, index, 'name', e.target.value);
+            }} />
+          )
+        }
+      },
+      {
+        title: i18next.t("webhook:Value"),
+        dataIndex: 'value',
+        key: 'value',
+        render: (text, record, index) => {
+          return (
+            <Input value={text} onChange={e => {
+              this.updateField(table, index, 'value', e.target.value);
+            }} />
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Action"),
+        key: 'action',
+        width: '100px',
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Tooltip placement="bottomLeft" title={i18next.t("general:Up")}>
+                <Button style={{marginRight: "5px"}} disabled={index === 0} icon={<UpOutlined />} size="small" onClick={() => this.upRow(table, index)} />
+              </Tooltip>
+              <Tooltip placement="topLeft" title={i18next.t("general:Down")}>
+                <Button style={{marginRight: "5px"}} disabled={index === table.length - 1} icon={<DownOutlined />} size="small" onClick={() => this.downRow(table, index)} />
+              </Tooltip>
+              <Tooltip placement="topLeft" title={i18next.t("general:Delete")}>
+                <Button icon={<DeleteOutlined />} size="small" onClick={() => this.deleteRow(table, index)} />
+              </Tooltip>
+            </div>
+          );
+        }
+      },
+    ];
+
+    return (
+      <Table rowKey="index" columns={columns} dataSource={table} size="middle" bordered pagination={false}
+             title={() => (
+               <div>
+                 {this.props.title}&nbsp;&nbsp;&nbsp;&nbsp;
+                 <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={() => this.addRow(table)}>{i18next.t("general:Add")}</Button>
+               </div>
+             )}
+      />
+    );
+  }
+
+  render() {
+    return (
+      <div>
+        <Row style={{marginTop: '20px'}} >
+          <Col span={24}>
+            {
+              this.renderTable(this.props.table)
+            }
+          </Col>
+        </Row>
+      </div>
+    )
+  }
+}
+
+export default WebhookHeaderTable;
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@ -14,48 +14,27 @@

 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Popconfirm, Table} from 'antd';
+import {Button, Popconfirm, Switch, Table} from 'antd';
 import moment from "moment";
 import * as Setting from "./Setting";
 import * as WebhookBackend from "./backend/WebhookBackend";
 import i18next from "i18next";
+import BaseListPage from "./BaseListPage";

-class WebhookListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      webhooks: null,
-      total: 0,
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getWebhooks(1, 10);
-  }
-
-  getWebhooks(page, pageSize) {
-    WebhookBackend.getWebhooks("admin", page, pageSize)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            webhooks: res.data,
-            total: res.data2
-          });
-        }
-      });
-  }
-
+class WebhookListPage extends BaseListPage {
  newWebhook() {
    const randomName = Setting.getRandomName();
    return {
      owner: "admin", // this.props.account.webhookname,
      name: `webhook_${randomName}`,
      createdTime: moment().format(),
-      url: "https://example.com/callback",
-      contentType: "application/json",
-      events: ["signup", "login", "logout", "update-user"],
      organization: "built-in",
+      url: "https://example.com/callback",
+      method: "POST",
+      contentType: "application/json",
+      headers: [],
+      events: ["signup", "login", "logout", "update-user"],
+      isEnabled: true,
    }
  }

@ -64,10 +43,6 @@ class WebhookListPage extends React.Component {
    WebhookBackend.addWebhook(newWebhook)
      .then((res) => {
          Setting.showMessage("success", `Webhook added successfully`);
-          this.setState({
-            webhooks: Setting.prependRow(this.state.webhooks, newWebhook),
-            total: this.state.total + 1
-          });
          this.props.history.push(`/webhooks/${newWebhook.name}`);
        }
      )
@ -77,12 +52,12 @@ class WebhookListPage extends React.Component {
  }

  deleteWebhook(i) {
-    WebhookBackend.deleteWebhook(this.state.webhooks[i])
+    WebhookBackend.deleteWebhook(this.state.data[i])
      .then((res) => {
          Setting.showMessage("success", `Webhook deleted successfully`);
          this.setState({
-            webhooks: Setting.deleteRow(this.state.webhooks, i),
-            total: this.state.total - 1
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        }
      )
@ -97,8 +72,9 @@ class WebhookListPage extends React.Component {
        title: i18next.t("general:Organization"),
        dataIndex: 'organization',
        key: 'organization',
-        width: '80px',
-        sorter: (a, b) => a.organization.localeCompare(b.organization),
+        width: '110px',
+        sorter: true,
+        ...this.getColumnSearchProps('organization'),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@ -113,7 +89,8 @@ class WebhookListPage extends React.Component {
        key: 'name',
        width: '150px',
        fixed: 'left',
-        sorter: (a, b) => a.name.localeCompare(b.name),
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
        render: (text, record, index) => {
          return (
            <Link to={`/webhooks/${text}`}>
@ -127,7 +104,7 @@ class WebhookListPage extends React.Component {
        dataIndex: 'createdTime',
        key: 'createdTime',
        width: '180px',
-        sorter: (a, b) => a.createdTime.localeCompare(b.createdTime),
+        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        }
@ -137,7 +114,8 @@ class WebhookListPage extends React.Component {
        dataIndex: 'url',
        key: 'url',
        width: '300px',
-        sorter: (a, b) => a.url.localeCompare(b.url),
+        sorter: true,
+        ...this.getColumnSearchProps('url'),
        render: (text, record, index) => {
          return (
            <a target="_blank" rel="noreferrer" href={text}>
@ -148,23 +126,61 @@ class WebhookListPage extends React.Component {
          )
        }
      },
+      {
+        title: i18next.t("webhook:Method"),
+        dataIndex: 'method',
+        key: 'method',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('method'),
+      },
      {
        title: i18next.t("webhook:Content type"),
        dataIndex: 'contentType',
        key: 'contentType',
-        width: '150px',
-        sorter: (a, b) => a.contentType.localeCompare(b.contentType),
+        width: '200px',
+        sorter: true,
+        filterMultiple: false,
+        filters: [
+          {text: 'application/json', value: 'application/json'},
+          {text: 'application/x-www-form-urlencoded', value: 'application/x-www-form-urlencoded'},
+        ]
      },
      {
        title: i18next.t("webhook:Events"),
        dataIndex: 'events',
        key: 'events',
        // width: '100px',
-        sorter: (a, b) => a.events.localeCompare(b.events),
+        sorter: true,
+        ...this.getColumnSearchProps('events'),
        render: (text, record, index) => {
          return Setting.getTags(text);
        }
      },
+      {
+        title: i18next.t("webhook:Is user extended"),
+        dataIndex: 'isUserExtended',
+        key: 'isUserExtended',
+        width: '160px',
+        sorter: true,
+        render: (text, record, index) => {
+          return (
+            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Is enabled"),
+        dataIndex: 'isEnabled',
+        key: 'isEnabled',
+        width: '120px',
+        sorter: true,
+        render: (text, record, index) => {
+          return (
+            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
+          )
+        }
+      },
      {
        title: i18next.t("general:Action"),
        dataIndex: '',
@ -188,12 +204,10 @@ class WebhookListPage extends React.Component {
    ];

    const paginationProps = {
-      total: this.state.total,
+      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.total),
-      onChange: (page, pageSize) => this.getWebhooks(page, pageSize),
-      onShowSizeChange: (current, size) => this.getWebhooks(current, size),
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };

    return (
@ -205,21 +219,37 @@ class WebhookListPage extends React.Component {
                   <Button type="primary" size="small" onClick={this.addWebhook.bind(this)}>{i18next.t("general:Add")}</Button>
                 </div>
               )}
-               loading={webhooks === null}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
        />
      </div>
    );
  }

-  render() {
-    return (
-      <div>
-        {
-          this.renderTable(this.state.webhooks)
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.contentType !== undefined && params.contentType !== null) {
+      field = "contentType";
+      value = params.contentType;
+    }
+    this.setState({ loading: true });
+    WebhookBackend.getWebhooks("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
        }
-      </div>
-    );
-  }
+      });
+  };
 }

 export default WebhookListPage;
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@ -19,7 +19,7 @@ import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as Util from "./Util";
 import * as Setting from "../Setting";
 import i18next from "i18next";
-import {CountDownInput} from "../component/CountDownInput";
+import {CountDownInput} from "../common/CountDownInput";
 import * as UserBackend from "../backend/UserBackend";
 import {CheckCircleOutlined, KeyOutlined, LockOutlined, SolutionOutlined, UserOutlined} from "@ant-design/icons";
 import CustomGithubCorner from "../CustomGithubCorner";
@ -176,7 +176,9 @@ class ForgetPage extends React.Component {
          &nbsp;&nbsp;{Setting.getMaskedPhone(this.state.phone)}
        </Option>
      );
-    } else if (this.state.email !== "") {
+    }
+
+    if (this.state.email !== "") {
      options.push(
        <Option key={"email"} value={"email"}>
          &nbsp;&nbsp;{Setting.getMaskedEmail(this.state.email)}
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -38,7 +38,7 @@ import AppleLoginButton from "./AppleLoginButton"
 import AzureADLoginButton from "./AzureADLoginButton";
 import SlackLoginButton from "./SlackLoginButton";
 import CustomGithubCorner from "../CustomGithubCorner";
-import {CountDownInput} from "../component/CountDownInput";
+import {CountDownInput} from "../common/CountDownInput";

 class LoginPage extends React.Component {
  constructor(props) {
@ -448,13 +448,17 @@ class LoginPage extends React.Component {
      return (
        <React.Fragment>
          <span style={{float: "left"}}>
-            <a onClick={() => {
-              this.setState({
-                isCodeSignin: !this.state.isCodeSignin,
-              });
-            }}>
-              {this.state.isCodeSignin ? i18next.t("login:Sign in with password") : i18next.t("login:Sign in with code")}
-            </a>
+            {
+              !application.enableCodeSignin ? null : (
+                <a onClick={() => {
+                  this.setState({
+                    isCodeSignin: !this.state.isCodeSignin,
+                  });
+                }}>
+                  {this.state.isCodeSignin ? i18next.t("login:Sign in with password") : i18next.t("login:Sign in with code")}
+                </a>
+              )
+            }
          </span>
          <span style={{float: "right"}}>
            {i18next.t("login:No account?")}&nbsp;
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@ -33,8 +33,8 @@ const authInfo = {
  WeChat: {
    scope: "snsapi_login",
    endpoint: "https://open.weixin.qq.com/connect/qrconnect",
-    slientScope: "snsapi_userinfo",
-    silentEndpoint: "https://open.weixin.qq.com/connect/oauth2/authorize"
+    mpScope: "snsapi_userinfo",
+    mpEndpoint: "https://open.weixin.qq.com/connect/oauth2/authorize"
  },
  Facebook: {
    scope: "email,public_profile",
@ -200,12 +200,10 @@ export function getAuthUrl(application, provider, method) {
  } else if (provider.type === "QQ") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}`;
  } else if (provider.type === "WeChat") {
-    if (provider.method === "Silent") {
-      return `${authInfo[provider.type].silentEndpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${authInfo[provider.type].slientScope}&response_type=code#wechat_redirect`;
-    } else if (provider.method === "Normal") {
-      return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}#wechat_redirect`;
+    if (navigator.userAgent.includes("MicroMessenger")) {
+      return `${authInfo[provider.type].mpEndpoint}?appid=${provider.clientId2}&redirect_uri=${redirectUri}&state=${state}&scope=${authInfo[provider.type].mpScope}&response_type=code#wechat_redirect`;
    } else {
-      return `https://error:not-supported-provider-method:${provider.method}`;
+      return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}#wechat_redirect`;
    }
  } else if (provider.type === "Facebook") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}`;
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@ -21,7 +21,7 @@ import i18next from "i18next";
 import * as Util from "./Util";
 import {authConfig} from "./Auth";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
-import {CountDownInput} from "../component/CountDownInput";
+import {CountDownInput} from "../common/CountDownInput";
 import SelectRegionBox from "../SelectRegionBox";
 import CustomGithubCorner from "../CustomGithubCorner";

@ -225,6 +225,28 @@ class SignupPage extends React.Component {
          <Input />
        </Form.Item>
      )
+    } else if (signupItem.name === "ID card") {
+      return (
+        <Form.Item
+          name="idCard"
+          key="idCard"
+          label={i18next.t("user:ID card")}
+          rules={[
+            {
+              required: required,
+              message: i18next.t("signup:Please input your ID card number!"),
+              whitespace: true,
+            },
+            {
+              required: required,
+              pattern: new RegExp(/^[1-9]\d{5}(18|19|20)\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{3}[0-9X]$/, "g"),
+              message: i18next.t("signup:Please input the correct ID card number!"),
+            },
+          ]}
+        >
+          <Input />
+        </Form.Item>
+      )
    } else if (signupItem.name === "Country/Region") {
      return (
        <Form.Item
--- a/web/src/backend/ApplicationBackend.js
+++ b/web/src/backend/ApplicationBackend.js
@ -14,8 +14,8 @@

 import * as Setting from "../Setting";

-export function getApplications(owner, page = "", pageSize = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-applications?owner=${owner}&p=${page}&pageSize=${pageSize}`, {
+export function getApplications(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-applications?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include"
  }).then(res => res.json());
--- a/web/src/backend/CertBackend.js
+++ b/web/src/backend/CertBackend.js
@ -0,0 +1,56 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getCerts(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-certs?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function getCert(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-cert?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function updateCert(owner, name, cert) {
+  let newCert = Setting.deepCopy(cert);
+  return fetch(`${Setting.ServerUrl}/api/update-cert?id=${owner}/${encodeURIComponent(name)}`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newCert),
+  }).then(res => res.json());
+}
+
+export function addCert(cert) {
+  let newCert = Setting.deepCopy(cert);
+  return fetch(`${Setting.ServerUrl}/api/add-cert`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newCert),
+  }).then(res => res.json());
+}
+
+export function deleteCert(cert) {
+  let newCert = Setting.deepCopy(cert);
+  return fetch(`${Setting.ServerUrl}/api/delete-cert`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newCert),
+  }).then(res => res.json());
+}
--- a/web/src/backend/OrganizationBackend.js
+++ b/web/src/backend/OrganizationBackend.js
@ -14,8 +14,8 @@

 import * as Setting from "../Setting";

-export function getOrganizations(owner, page = "", pageSize = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-organizations?owner=${owner}&p=${page}&pageSize=${pageSize}`, {
+export function getOrganizations(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-organizations?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include"
  }).then(res => res.json());
--- a/web/src/backend/PermissionBackend.js
+++ b/web/src/backend/PermissionBackend.js
@ -0,0 +1,56 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getPermissions(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-permissions?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function getPermission(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-permission?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function updatePermission(owner, name, permission) {
+  let newPermission = Setting.deepCopy(permission);
+  return fetch(`${Setting.ServerUrl}/api/update-permission?id=${owner}/${encodeURIComponent(name)}`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPermission),
+  }).then(res => res.json());
+}
+
+export function addPermission(permission) {
+  let newPermission = Setting.deepCopy(permission);
+  return fetch(`${Setting.ServerUrl}/api/add-permission`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPermission),
+  }).then(res => res.json());
+}
+
+export function deletePermission(permission) {
+  let newPermission = Setting.deepCopy(permission);
+  return fetch(`${Setting.ServerUrl}/api/delete-permission`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPermission),
+  }).then(res => res.json());
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Bingchang Chen	fe48c38bc6	feat: support minio (#418 ) Signed-off-by: abingcbc <abingcbc626@gmail.com>	2022-01-13 21:48:00 +08:00
Gucheng Wang	1be777c08f	Fix GetUserByField()'s bug for idCard.	2022-01-13 12:48:15 +08:00
Товарищ программист	8d54bfad8a	feat: support create database via cmd line (#417 )	2022-01-13 11:35:13 +08:00
Gucheng Wang	728fe11a3c	Refactor CountDownInput.	2022-01-07 20:34:27 +08:00
Gucheng Wang	69e0f4e40d	Add idCard in GetUserByFields().	2022-01-04 19:52:29 +08:00
Yang Luo	ba32a45693	Add ClaimsShort to fix the JWT user's owner and name empty bug.	2022-01-03 22:54:27 +08:00
github-actions[bot]	a4d83af768	refactor: New Crowdin translations by Github Action (#412 ) Co-authored-by: Crowdin Bot <support+bot@crowdin.com>	2022-01-02 23:55:06 +08:00
Yang Luo	5b8f6415d9	Add Gitter badge.	2022-01-02 23:34:24 +08:00
Yang Luo	5389cb435c	Fix Crowdin sync.	2022-01-02 23:16:08 +08:00
Yang Luo	9b6131890c	Add permission page.	2022-01-01 16:28:33 +08:00
Steve0x2a	ffc0a0e0d5	fix: refresh_token endpoint does not work (#410 ) Signed-off-by: 0x2a <stevesough@gmail.com>	2022-01-01 15:20:49 +08:00
Yang Luo	ff22bf507f	Add role page.	2022-01-01 15:11:16 +08:00
Yang Luo	2d4103d751	Add isUserExtended to webhook.	2022-01-01 11:16:37 +08:00
Yang Luo	4611b59b08	Add webhook edit page's preview.	2022-01-01 10:58:39 +08:00
Bingchang Chen	445d3c9d0e	feat: support spring security oauth2 (#408 ) Signed-off-by: abingcbc <abingcbc626@gmail.com>	2021-12-31 19:55:34 +08:00
Yang Luo	dbebd1846f	Fix code sign-in link hiding.	2021-12-31 13:36:10 +08:00
Yang Luo	2fcc8f5bfe	Support app user in SetPassword().	2021-12-31 13:32:18 +08:00
Yang Luo	4b65320a96	Support user uploading via xlsx.	2021-12-31 13:00:35 +08:00
Yang Luo	5e8897e41b	Make cert work.	2021-12-31 10:02:06 +08:00
Yang Luo	ba1646a0c3	Add cert pages.	2021-12-31 00:36:36 +08:00
Yang Luo	c1cd187558	Improve UI.	2021-12-29 20:50:49 +08:00
Yang Luo	519fd655cf	Add GetMaskedApplication() and GetMaskedApplications().	2021-12-29 20:04:39 +08:00
Yang Luo	377ac05928	Don't clear session in SetPassword().	2021-12-28 23:07:09 +08:00
Steve0x2a	4f124ff140	fix: refresh token does not return (#401 ) Signed-off-by: 0x2a <stevesough@gmail.com>	2021-12-28 19:44:17 +08:00
Yang Luo	d5f802ec7d	Support IdCard in signup page.	2021-12-28 17:48:24 +08:00
Yang Luo	64d3b7e87f	Add EnableSigninSession to app.	2021-12-28 17:15:47 +08:00
Yang Luo	dfce1bd74c	Remove adapter.createDatabase().	2021-12-27 22:49:54 +08:00
Steve0x2a	067ae5448f	fix: idp using goth shows wrong display name (#398 ) * fix: adjust the accessToken field Signed-off-by: 0x2a <stevesough@gmail.com> * fix: missing name and owner Signed-off-by: 0x2a <stevesough@gmail.com> * fix: get wrong display name Signed-off-by: 0x2a <stevesough@gmail.com>	2021-12-27 18:55:25 +08:00
Yang Luo	9943e3c316	Add isEnabled to webhook.	2021-12-26 21:03:12 +08:00
Yang Luo	0c665edcbc	Add headers to webhook.	2021-12-26 20:43:32 +08:00
Yang Luo	5015bf1c7d	Add method to webhook.	2021-12-26 19:56:02 +08:00
Yang Luo	2ec947d488	Update project_id.	2021-12-26 09:49:00 +08:00
Yixiang Zhao	10a85f2386	feat: add server-side search, filter and sorter for all pages (#388 ) Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> Co-authored-by: Yang Luo <hsluoyz@qq.com>	2021-12-25 10:55:10 +08:00
Товарищ программист	0d13512eb1	docs: add docs for all-in-one image (#396 )	2021-12-25 00:33:35 +08:00
Yang Luo	b60856be5e	Fix bug in updateUserForOriginalFields().	2021-12-25 00:19:17 +08:00
Yang Luo	4b4c9be71b	Fix other bugs in syncer.	2021-12-25 00:05:54 +08:00
Yang Luo	e79e3c36d0	Support more DBs in syncer.	2021-12-24 23:23:06 +08:00
Yang Luo	cc8c9b32ef	Fix missing options in renderOptions().	2021-12-24 14:09:12 +08:00
Yang Luo	efdcb3279d	Fix null address bug in getOriginalUsersFromMap().	2021-12-24 01:03:50 +08:00
Yang Luo	3818492065	Fix updating old DB code.	2021-12-24 00:36:53 +08:00
Yang Luo	f4890a6a22	Improve syncer.initAdapter().	2021-12-23 21:28:40 +08:00
jianmaikj	fa45d3083a	fix: Add loading and countdown status to the verification code sending button (#384 ) Add loading and countdown status to the verification code sending button Revert "Add bcrypt encrypted password type" This reverts commit `ae995b5805`. fix:indentation	2021-12-23 19:41:26 +08:00
Товарищ программист	caa1ffe3c8	feat: add default password for mysql (#392 )	2021-12-23 12:43:04 +08:00
Yang Luo	c88edc4d3e	Fix app side bug in org renaming.	2021-12-23 01:01:23 +08:00
Yang Luo	f5bc76016d	Add restriction to built-in org and app modification.	2021-12-23 00:52:32 +08:00
Товарищ программист	8345295d0c	feat: fix github-ci (#390 )	2021-12-22 23:20:33 +08:00
Товарищ программист	3bdc0e0d1b	feat: add all-in-one version (#389 ) Signed-off-by: Товарищ программист <2962928213@qq.com>	2021-12-22 21:58:25 +08:00
Yang Luo	8dcb56ea71	Fix affiliationMap null bug.	2021-12-22 21:09:13 +08:00
Yang Luo	b95f107a60	Support cred manager for organization.MasterPassword	2021-12-22 20:56:22 +08:00
jianmaikj	d6c2d0f3e8	feat: Add bcrypt encrypted password type (#386 ) * Add loading and countdown status to the verification code sending button * Add bcrypt encrypted password type * Revert "Add loading and countdown status to the verification code sending button" This reverts commit `782b9e229a`. * Update bcrypt.go * Update go.sum	2021-12-22 20:26:19 +08:00
Yang Luo	7cfece3019	Add GetMaskedProvider() and GetMaskedProviders().	2021-12-21 00:20:12 +08:00
Yang Luo	3efbcc739d	Support WeChat MP at the same time.	2021-12-20 23:36:28 +08:00