feat: fix the go.sum error (#1040 )

feat: add system info page (#1033 )
* feat: add system info page * feat: add some code * fix
2025-08-12 00:37:51 +08:00 · 2022-08-20 22:04:37 +08:00 · 2022-08-20 21:22:46 +08:00 · 2022-08-20 21:09:32 +08:00 · 2022-08-20 12:14:08 +08:00 · 2022-08-20 11:30:13 +08:00
174 changed files with 2325 additions and 755 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -35,6 +35,10 @@ jobs:
      - uses: actions/setup-node@v2
        with:
          node-version: '14.17.0'
      # cache
      - uses: c-hive/gha-yarn-cache@v2
        with:
          directory: ./web
      - run: yarn install && CI=false yarn run build
        working-directory: ./web
@@ -53,11 +57,30 @@ jobs:
          go build -race -ldflags "-extldflags '-static'"
        working-directory: ./
  linter:
    name: Go-Linter
    runs-on: ubuntu-latest
    needs: [ go-tests ]
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v3
        with:
          go-version: '^1.16.5'
      # gen a dummy config file
      - run: touch dummy.yml
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          version: latest
          args: --disable-all -c dummy.yml -E=gofumpt --max-same-issues=0 --timeout 5m --modules-download-mode=mod
  release-and-push:
    name: Release And Push
    runs-on: ubuntu-latest
    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
-    needs: [ frontend, backend ]
+    needs: [ frontend, backend, linter ]
    steps:
      - name: Checkout
        uses: actions/checkout@v2
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -31,7 +31,7 @@ run:
    - api
  # skip-files:
  #   - ".*_test\\.go$"
-  modules-download-mode: vendor
+  modules-download-mode: mod
 # all available settings of specific linters
 linters-settings:
  lll:
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -107,6 +107,7 @@ p, *, *, POST, /api/acs, *, *
 p, *, *, GET, /api/saml/metadata, *, *
 p, *, *, *, /cas, *, *
 p, *, *, *, /api/webauthn, *, *
 p, *, *, GET, /api/get-release, *, *
 `
 		sa := stringadapter.NewAdapter(ruleText)
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@@ -18,7 +18,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"sort"
@@ -80,7 +80,7 @@ func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string)
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@@ -18,7 +18,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"time"
@@ -58,7 +58,7 @@ func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientSecret string)
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@@ -17,7 +17,7 @@ package captcha
 import (
 	"encoding/json"
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -43,7 +43,7 @@ func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@@ -17,7 +17,7 @@ package captcha
 import (
 	"encoding/json"
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -43,7 +43,7 @@ func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (boo
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -16,3 +16,4 @@ verificationCodeTimeout = 10
 initScore = 2000
 logPostOnly = true
 origin =
 staticBaseUrl = "https://cdn.casbin.org"
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@@ -11,6 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package conf
 import (
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -105,7 +105,8 @@ func (c *ApiController) Signup() {
 	var form RequestForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
@@ -156,6 +157,12 @@ func (c *ApiController) Signup() {
 		username = id
 	}
 	initScore, err := getInitScore()
 	if err != nil {
 		c.ResponseError(fmt.Errorf("get init score failed, error: %w", err).Error())
 		return
 	}
 	user := &object.User{
 		Owner:             form.Organization,
 		Name:              username,
@@ -171,7 +178,7 @@ func (c *ApiController) Signup() {
 		Affiliation:       form.Affiliation,
 		IdCard:            form.IdCard,
 		Region:            form.Region,
-		Score:             getInitScore(),
+		Score:             initScore,
 		IsAdmin:           false,
 		IsGlobalAdmin:     false,
 		IsForbidden:       false,
@@ -274,6 +281,7 @@ func (c *ApiController) GetAccount() {
 	c.ServeJSON()
 }
 // GetUserinfo
 // UserInfo
 // @Title UserInfo
 // @Tag Account API
--- a/controllers/application.go
+++ b/controllers/application.go
@@ -111,8 +111,7 @@ func (c *ApiController) GetOrganizationApplications() {
 		return
 	}
-	var applications []*object.Application
+	applications := object.GetApplicationsByOrganizationName(owner, organization)
 	applications = object.GetApplicationsByOrganizationName(owner, organization)
 	c.Data["json"] = object.GetMaskedApplications(applications, userId)
 	c.ServeJSON()
 }
@@ -131,7 +130,8 @@ func (c *ApiController) UpdateApplication() {
 	var application object.Application
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
@@ -149,7 +149,8 @@ func (c *ApiController) AddApplication() {
 	var application object.Application
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddApplication(&application))
@@ -167,7 +168,8 @@ func (c *ApiController) DeleteApplication() {
 	var application object.Application
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteApplication(&application))
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -118,7 +118,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		}
 	} else {
-		resp = wrapErrorResponse(fmt.Errorf("Unknown response type: %s", form.Type))
+		resp = wrapErrorResponse(fmt.Errorf("unknown response type: %s", form.Type))
 	}
 	// if user did not check auto signin
@@ -344,7 +344,7 @@ func (c *ApiController) Login() {
 				user = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			}
-			if user != nil && user.IsDeleted == false {
+			if user != nil && !user.IsDeleted {
 				// Sign in via OAuth (want to sign up but already have account)
 				if user.IsForbidden {
@@ -384,6 +384,12 @@ func (c *ApiController) Login() {
 				properties := map[string]string{}
 				properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
 				initScore, err := getInitScore()
 				if err != nil {
 					c.ResponseError(fmt.Errorf("get init score failed, error: %w", err).Error())
 					return
 				}
 				user = &object.User{
 					Owner:             application.Organization,
 					Name:              userInfo.Username,
@@ -394,7 +400,7 @@ func (c *ApiController) Login() {
 					Avatar:            userInfo.AvatarUrl,
 					Address:           []string{},
 					Email:             userInfo.Email,
-					Score:             getInitScore(),
+					Score:             initScore,
 					IsAdmin:           false,
 					IsGlobalAdmin:     false,
 					IsForbidden:       false,
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -19,15 +19,18 @@ import (
 	"time"
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/logs"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // ApiController
 // controller for handlers under /api uri
 type ApiController struct {
 	beego.Controller
 }
 // RootController
 // controller for handlers directly under / (root)
 type RootController struct {
 	ApiController
@@ -56,6 +59,7 @@ func (c *ApiController) IsGlobalAdmin() bool {
 func (c *ApiController) GetSessionUsername() string {
 	// check if user session expired
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
 		sessionData.ExpireTime != 0 &&
 		sessionData.ExpireTime < time.Now().Unix() {
@@ -118,7 +122,8 @@ func (c *ApiController) GetSessionData() *SessionData {
 	sessionData := &SessionData{}
 	err := util.JsonToStruct(session.(string), sessionData)
 	if err != nil {
-		panic(err)
+		logs.Error("GetSessionData failed, error: %s", err)
 		return nil
 	}
 	return sessionData
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -31,7 +31,7 @@ const (
 	InvalidProxyCallback     string = "INVALID_PROXY_CALLBACK"
 	InvalidTicket            string = "INVALID_TICKET"
 	InvalidService           string = "INVALID_SERVICE"
-	InteralError             string = "INTERNAL_ERROR"
+	InternalError            string = "INTERNAL_ERROR"
 	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
 )
@@ -116,7 +116,7 @@ func (c *RootController) CasP3ServiceAndProxyValidate() {
 		}
 		// make a request to pgturl passing pgt and pgtiou
 		if err != nil {
-			c.sendCasAuthenticationResponseErr(InteralError, err.Error(), format)
+			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
 			return
 		}
 		param := pgtUrlObj.Query()
@@ -126,7 +126,7 @@ func (c *RootController) CasP3ServiceAndProxyValidate() {
 		request, err := http.NewRequest("GET", pgtUrlObj.String(), nil)
 		if err != nil {
-			c.sendCasAuthenticationResponseErr(InteralError, err.Error(), format)
+			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
 			return
 		}
@@ -214,7 +214,7 @@ func (c *RootController) SamlValidate() {
 		return
 	}
-	envelopReponse := struct {
+	envelopResponse := struct {
 		XMLName xml.Name `xml:"SOAP-ENV:Envelope"`
 		Xmlns   string   `xml:"xmlns:SOAP-ENV"`
 		Body    struct {
@@ -222,15 +222,15 @@ func (c *RootController) SamlValidate() {
 			Content string   `xml:",innerxml"`
 		}
 	}{}
-	envelopReponse.Xmlns = "http://schemas.xmlsoap.org/soap/envelope/"
+	envelopResponse.Xmlns = "http://schemas.xmlsoap.org/soap/envelope/"
-	envelopReponse.Body.Content = response
+	envelopResponse.Body.Content = response
-	data, err := xml.Marshal(envelopReponse)
+	data, err := xml.Marshal(envelopResponse)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	c.Ctx.Output.Body([]byte(data))
+	c.Ctx.Output.Body(data)
 }
 func (c *RootController) sendCasProxyResponseErr(code, msg, format string) {
--- a/controllers/cert.go
+++ b/controllers/cert.go
@@ -48,6 +48,7 @@ func (c *ApiController) GetCerts() {
 	}
 }
 // GetCert
 // @Title GetCert
 // @Tag Cert API
 // @Description get cert
@@ -61,6 +62,7 @@ func (c *ApiController) GetCert() {
 	c.ServeJSON()
 }
 // UpdateCert
 // @Title UpdateCert
 // @Tag Cert API
 // @Description update cert
@@ -74,13 +76,15 @@ func (c *ApiController) UpdateCert() {
 	var cert object.Cert
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateCert(id, &cert))
 	c.ServeJSON()
 }
 // AddCert
 // @Title AddCert
 // @Tag Cert API
 // @Description add cert
@@ -91,13 +95,15 @@ func (c *ApiController) AddCert() {
 	var cert object.Cert
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddCert(&cert))
 	c.ServeJSON()
 }
 // DeleteCert
 // @Title DeleteCert
 // @Tag Cert API
 // @Description delete cert
@@ -108,7 +114,8 @@ func (c *ApiController) DeleteCert() {
 	var cert object.Cert
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteCert(&cert))
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -30,7 +30,8 @@ func (c *ApiController) Enforce() {
 	var permissionRule object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = object.Enforce(userId, &permissionRule)
@@ -47,7 +48,8 @@ func (c *ApiController) BatchEnforce() {
 	var permissionRules []object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = object.BatchEnforce(userId, permissionRules)
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -44,6 +44,7 @@ type LdapSyncResp struct {
 	Failed []object.LdapRespUser `json:"failed"`
 }
 // GetLdapUser
 // @Tag Account API
 // @Title GetLdapser
 // @router /get-ldap-user [post]
@@ -100,6 +101,7 @@ func (c *ApiController) GetLdapUser() {
 	c.ServeJSON()
 }
 // GetLdaps
 // @Tag Account API
 // @Title GetLdaps
 // @router /get-ldaps [post]
@@ -110,6 +112,7 @@ func (c *ApiController) GetLdaps() {
 	c.ServeJSON()
 }
 // GetLdap
 // @Tag Account API
 // @Title GetLdap
 // @router /get-ldap [post]
@@ -125,6 +128,7 @@ func (c *ApiController) GetLdap() {
 	c.ServeJSON()
 }
 // AddLdap
 // @Tag Account API
 // @Title AddLdap
 // @router /add-ldap [post]
@@ -159,6 +163,7 @@ func (c *ApiController) AddLdap() {
 	c.ServeJSON()
 }
 // UpdateLdap
 // @Tag Account API
 // @Title UpdateLdap
 // @router /update-ldap [post]
@@ -186,6 +191,7 @@ func (c *ApiController) UpdateLdap() {
 	c.ServeJSON()
 }
 // DeleteLdap
 // @Tag Account API
 // @Title DeleteLdap
 // @router /delete-ldap [post]
@@ -193,7 +199,8 @@ func (c *ApiController) DeleteLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
@@ -201,6 +208,7 @@ func (c *ApiController) DeleteLdap() {
 	c.ServeJSON()
 }
 // SyncLdapUsers
 // @Tag Account API
 // @Title SyncLdapUsers
 // @router /sync-ldap-users [post]
@@ -210,7 +218,8 @@ func (c *ApiController) SyncLdapUsers() {
 	var users []object.LdapRespUser
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	object.UpdateLdapSyncTime(ldapId)
@@ -223,6 +232,7 @@ func (c *ApiController) SyncLdapUsers() {
 	c.ServeJSON()
 }
 // CheckLdapUsersExist
 // @Tag Account API
 // @Title CheckLdapUserExist
 // @router /check-ldap-users-exist [post]
@@ -231,7 +241,8 @@ func (c *ApiController) CheckLdapUsersExist() {
 	var uuids []string
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &uuids)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	exist := object.CheckLdapUuidExist(owner, uuids)
--- a/controllers/link.go
+++ b/controllers/link.go
@@ -37,7 +37,8 @@ func (c *ApiController) Unlink() {
 	var form LinkForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	providerType := form.ProviderType
--- a/controllers/model.go
+++ b/controllers/model.go
@@ -76,7 +76,8 @@ func (c *ApiController) UpdateModel() {
 	var model object.Model
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateModel(id, &model))
@@ -94,7 +95,8 @@ func (c *ApiController) AddModel() {
 	var model object.Model
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddModel(&model))
@@ -112,7 +114,8 @@ func (c *ApiController) DeleteModel() {
 	var model object.Model
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteModel(&model))
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -16,6 +16,7 @@ package controllers
 import "github.com/casdoor/casdoor/object"
 // GetOidcDiscovery
 // @Title GetOidcDiscovery
 // @Tag OIDC API
 // @Description Get Oidc Discovery
@@ -27,6 +28,7 @@ func (c *RootController) GetOidcDiscovery() {
 	c.ServeJSON()
 }
 // GetJwks
 // @Title GetJwks
 // @Tag OIDC API
 // @Success 200 {object} jose.JSONWebKey
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -76,7 +76,8 @@ func (c *ApiController) UpdateOrganization() {
 	var organization object.Organization
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization))
@@ -94,7 +95,8 @@ func (c *ApiController) AddOrganization() {
 	var organization object.Organization
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
@@ -112,7 +114,8 @@ func (c *ApiController) DeleteOrganization() {
 	var organization object.Organization
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteOrganization(&organization))
--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -67,6 +67,7 @@ func (c *ApiController) GetUserPayments() {
 	c.ResponseOk(payments)
 }
 // GetPayment
 // @Title GetPayment
 // @Tag Payment API
 // @Description get payment
@@ -80,6 +81,7 @@ func (c *ApiController) GetPayment() {
 	c.ServeJSON()
 }
 // UpdatePayment
 // @Title UpdatePayment
 // @Tag Payment API
 // @Description update payment
@@ -93,13 +95,15 @@ func (c *ApiController) UpdatePayment() {
 	var payment object.Payment
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePayment(id, &payment))
 	c.ServeJSON()
 }
 // AddPayment
 // @Title AddPayment
 // @Tag Payment API
 // @Description add payment
@@ -110,13 +114,15 @@ func (c *ApiController) AddPayment() {
 	var payment object.Payment
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddPayment(&payment))
 	c.ServeJSON()
 }
 // DeletePayment
 // @Title DeletePayment
 // @Tag Payment API
 // @Description delete payment
@@ -127,13 +133,15 @@ func (c *ApiController) DeletePayment() {
 	var payment object.Payment
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeletePayment(&payment))
 	c.ServeJSON()
 }
 // NotifyPayment
 // @Title NotifyPayment
 // @Tag Payment API
 // @Description notify payment
@@ -152,13 +160,15 @@ func (c *ApiController) NotifyPayment() {
 	if ok {
 		_, err := c.Ctx.ResponseWriter.Write([]byte("success"))
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
 			return
 		}
 	} else {
 		panic(fmt.Errorf("NotifyPayment() failed: %v", ok))
 	}
 }
 // InvoicePayment
 // @Title InvoicePayment
 // @Tag Payment API
 // @Description invoice payment
--- a/controllers/permission.go
+++ b/controllers/permission.go
@@ -48,6 +48,25 @@ func (c *ApiController) GetPermissions() {
 	}
 }
 // GetPermissionsBySubmitter
 // @Title GetPermissionsBySubmitter
 // @Tag Permission API
 // @Description get permissions by submitter
 // @Success 200 {array} object.Permission The Response object
 // @router /get-permissions-by-submitter [get]
 func (c *ApiController) GetPermissionsBySubmitter() {
 	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return
 	}
 	owner, username := util.GetOwnerAndNameFromId(userId)
 	permissions := object.GetPermissionsBySubmitter(owner, username)
 	c.ResponseOk(permissions, len(permissions))
 	return
 }
 // GetPermission
 // @Title GetPermission
 // @Tag Permission API
 // @Description get permission
@@ -61,6 +80,7 @@ func (c *ApiController) GetPermission() {
 	c.ServeJSON()
 }
 // UpdatePermission
 // @Title UpdatePermission
 // @Tag Permission API
 // @Description update permission
@@ -74,13 +94,15 @@ func (c *ApiController) UpdatePermission() {
 	var permission object.Permission
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePermission(id, &permission))
 	c.ServeJSON()
 }
 // AddPermission
 // @Title AddPermission
 // @Tag Permission API
 // @Description add permission
@@ -91,13 +113,15 @@ func (c *ApiController) AddPermission() {
 	var permission object.Permission
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddPermission(&permission))
 	c.ServeJSON()
 }
 // DeletePermission
 // @Title DeletePermission
 // @Tag Permission API
 // @Description delete permission
@@ -108,7 +132,8 @@ func (c *ApiController) DeletePermission() {
 	var permission object.Permission
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeletePermission(&permission))
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -49,6 +49,7 @@ func (c *ApiController) GetProducts() {
 	}
 }
 // GetProduct
 // @Title GetProduct
 // @Tag Product API
 // @Description get product
@@ -65,6 +66,7 @@ func (c *ApiController) GetProduct() {
 	c.ServeJSON()
 }
 // UpdateProduct
 // @Title UpdateProduct
 // @Tag Product API
 // @Description update product
@@ -78,13 +80,15 @@ func (c *ApiController) UpdateProduct() {
 	var product object.Product
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateProduct(id, &product))
 	c.ServeJSON()
 }
 // AddProduct
 // @Title AddProduct
 // @Tag Product API
 // @Description add product
@@ -95,13 +99,15 @@ func (c *ApiController) AddProduct() {
 	var product object.Product
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddProduct(&product))
 	c.ServeJSON()
 }
 // DeleteProduct
 // @Title DeleteProduct
 // @Tag Product API
 // @Description delete product
@@ -112,13 +118,15 @@ func (c *ApiController) DeleteProduct() {
 	var product object.Product
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteProduct(&product))
 	c.ServeJSON()
 }
 // BuyProduct
 // @Title BuyProduct
 // @Tag Product API
 // @Description buy product
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -48,6 +48,7 @@ func (c *ApiController) GetProviders() {
 	}
 }
 // GetProvider
 // @Title GetProvider
 // @Tag Provider API
 // @Description get provider
@@ -61,6 +62,7 @@ func (c *ApiController) GetProvider() {
 	c.ServeJSON()
 }
 // UpdateProvider
 // @Title UpdateProvider
 // @Tag Provider API
 // @Description update provider
@@ -74,13 +76,15 @@ func (c *ApiController) UpdateProvider() {
 	var provider object.Provider
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateProvider(id, &provider))
 	c.ServeJSON()
 }
 // AddProvider
 // @Title AddProvider
 // @Tag Provider API
 // @Description add provider
@@ -91,13 +95,15 @@ func (c *ApiController) AddProvider() {
 	var provider object.Provider
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
 	c.ServeJSON()
 }
 // DeleteProvider
 // @Title DeleteProvider
 // @Tag Provider API
 // @Description delete provider
@@ -108,7 +114,8 @@ func (c *ApiController) DeleteProvider() {
 	var provider object.Provider
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteProvider(&provider))
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -59,7 +59,8 @@ func (c *ApiController) GetRecordsByFilter() {
 	record := &object.Record{}
 	err := util.JsonToStruct(body, record)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = object.GetRecordsByField(record)
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -27,6 +27,7 @@ import (
 	"github.com/casdoor/casdoor/util"
 )
 // GetResources
 // @router /get-resources [get]
 // @Tag Resource API
 // @Title GetResources
@@ -50,6 +51,7 @@ func (c *ApiController) GetResources() {
 	}
 }
 // GetResource
 // @Tag Resource API
 // @Title GetResource
 // @router /get-resource [get]
@@ -60,6 +62,7 @@ func (c *ApiController) GetResource() {
 	c.ServeJSON()
 }
 // UpdateResource
 // @Tag Resource API
 // @Title UpdateResource
 // @router /update-resource [post]
@@ -69,13 +72,15 @@ func (c *ApiController) UpdateResource() {
 	var resource object.Resource
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateResource(id, &resource))
 	c.ServeJSON()
 }
 // AddResource
 // @Tag Resource API
 // @Title AddResource
 // @router /add-resource [post]
@@ -83,13 +88,15 @@ func (c *ApiController) AddResource() {
 	var resource object.Resource
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddResource(&resource))
 	c.ServeJSON()
 }
 // DeleteResource
 // @Tag Resource API
 // @Title DeleteResource
 // @router /delete-resource [post]
@@ -97,7 +104,8 @@ func (c *ApiController) DeleteResource() {
 	var resource object.Resource
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	provider, _, ok := c.GetProviderFromContext("Storage")
@@ -115,6 +123,7 @@ func (c *ApiController) DeleteResource() {
 	c.ServeJSON()
 }
 // UploadResource
 // @Tag Resource API
 // @Title UploadResource
 // @router /upload-resource [post]
--- a/controllers/role.go
+++ b/controllers/role.go
@@ -48,6 +48,7 @@ func (c *ApiController) GetRoles() {
 	}
 }
 // GetRole
 // @Title GetRole
 // @Tag Role API
 // @Description get role
@@ -61,6 +62,7 @@ func (c *ApiController) GetRole() {
 	c.ServeJSON()
 }
 // UpdateRole
 // @Title UpdateRole
 // @Tag Role API
 // @Description update role
@@ -74,13 +76,15 @@ func (c *ApiController) UpdateRole() {
 	var role object.Role
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateRole(id, &role))
 	c.ServeJSON()
 }
 // AddRole
 // @Title AddRole
 // @Tag Role API
 // @Description add role
@@ -91,13 +95,15 @@ func (c *ApiController) AddRole() {
 	var role object.Role
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddRole(&role))
 	c.ServeJSON()
 }
 // DeleteRole
 // @Title DeleteRole
 // @Tag Role API
 // @Description delete role
@@ -108,7 +114,8 @@ func (c *ApiController) DeleteRole() {
 	var role object.Role
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteRole(&role))
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@@ -48,6 +48,7 @@ func (c *ApiController) GetSyncers() {
 	}
 }
 // GetSyncer
 // @Title GetSyncer
 // @Tag Syncer API
 // @Description get syncer
@@ -61,6 +62,7 @@ func (c *ApiController) GetSyncer() {
 	c.ServeJSON()
 }
 // UpdateSyncer
 // @Title UpdateSyncer
 // @Tag Syncer API
 // @Description update syncer
@@ -74,13 +76,15 @@ func (c *ApiController) UpdateSyncer() {
 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateSyncer(id, &syncer))
 	c.ServeJSON()
 }
 // AddSyncer
 // @Title AddSyncer
 // @Tag Syncer API
 // @Description add syncer
@@ -91,13 +95,15 @@ func (c *ApiController) AddSyncer() {
 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddSyncer(&syncer))
 	c.ServeJSON()
 }
 // DeleteSyncer
 // @Title DeleteSyncer
 // @Tag Syncer API
 // @Description delete syncer
@@ -108,13 +114,15 @@ func (c *ApiController) DeleteSyncer() {
 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteSyncer(&syncer))
 	c.ServeJSON()
 }
 // RunSyncer
 // @Title RunSyncer
 // @Tag Syncer API
 // @Description run syncer
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -0,0 +1,78 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 type SystemInfo struct {
 	MemoryUsed  uint64    `json:"memory_used"`
 	MemoryTotal uint64    `json:"memory_total"`
 	CpuUsage    []float64 `json:"cpu_usage"`
 }
 // GetSystemInfo
 // @Title GetSystemInfo
 // @Tag System API
 // @Description get user's system info
 // @Param   id    query    string  true        "The id of the user"
 // @Success 200 {object} object.SystemInfo The Response object
 // @router /get-system-info [get]
 func (c *ApiController) GetSystemInfo() {
 	id := c.GetString("id")
 	if id == "" {
 		id = c.GetSessionUsername()
 	}
 	user := object.GetUser(id)
 	if user == nil || !user.IsGlobalAdmin {
 		c.ResponseError("You are not authorized to access this resource")
 	}
 	cpuUsage, err := util.GetCpuUsage()
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
 	memoryUsed, memoryTotal, err := util.GetMemoryUsage()
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
 	c.Data["json"] = SystemInfo{
 		CpuUsage:    cpuUsage,
 		MemoryUsed:  memoryUsed,
 		MemoryTotal: memoryTotal,
 	}
 	c.ServeJSON()
 }
 // GitRepoVersion
 // @Title GitRepoVersion
 // @Tag System API
 // @Description get local github repo's latest release version info
 // @Success 200 {string} local latest version hash of casdoor
 // @router /get-release [get]
 func (c *ApiController) GitRepoVersion() {
 	version, err := util.GetGitRepoVersion()
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
 	c.Data["json"] = version
 	c.ServeJSON()
 }
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -79,7 +79,8 @@ func (c *ApiController) UpdateToken() {
 	var token object.Token
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateToken(id, &token))
@@ -97,7 +98,8 @@ func (c *ApiController) AddToken() {
 	var token object.Token
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddToken(&token))
@@ -115,7 +117,8 @@ func (c *ApiController) DeleteToken() {
 	var token object.Token
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteToken(&token))
@@ -255,7 +258,7 @@ func (c *ApiController) RefreshToken() {
 // @router /login/oauth/logout [get]
 func (c *ApiController) TokenLogout() {
 	token := c.Input().Get("id_token_hint")
-	flag, application := object.DeleteTokenByAceessToken(token)
+	flag, application := object.DeleteTokenByAccessToken(token)
 	redirectUri := c.Input().Get("post_logout_redirect_uri")
 	state := c.Input().Get("state")
 	if application != nil && object.CheckRedirectUriValid(application, redirectUri) {
@@ -269,10 +272,11 @@ func (c *ApiController) TokenLogout() {
 // IntrospectToken
 // @Title IntrospectToken
 // @Description The introspection endpoint is an OAuth 2.0 endpoint that takes a
-//  parameter representing an OAuth 2.0 token and returns a JSON document
+// parameter representing an OAuth 2.0 token and returns a JSON document
-//  representing the meta information surrounding the
+// representing the meta information surrounding the
-//  token, including whether this token is currently active.
+// token, including whether this token is currently active.
-//  This endpoint only support Basic Authorization.
+// This endpoint only support Basic Authorization.
 //
 // @Param token formData string true "access_token's value or refresh_token's value"
 // @Param token_type_hint formData string true "the token type access_token or refresh_token"
 // @Success 200 {object} object.IntrospectionResponse The Response object
@@ -288,7 +292,7 @@ func (c *ApiController) IntrospectToken() {
 		if clientId == "" || clientSecret == "" {
 			c.ResponseError("empty clientId or clientSecret")
 			c.Data["json"] = &object.TokenError{
-				Error: object.INVALID_REQUEST,
+				Error: object.InvalidRequest,
 			}
 			c.SetTokenErrorHttpStatus()
 			c.ServeJSON()
@@ -299,7 +303,7 @@ func (c *ApiController) IntrospectToken() {
 	if application == nil || application.ClientSecret != clientSecret {
 		c.ResponseError("invalid application or wrong clientSecret")
 		c.Data["json"] = &object.TokenError{
-			Error: object.INVALID_CLIENT,
+			Error: object.InvalidClient,
 		}
 		c.SetTokenErrorHttpStatus()
 		return
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -149,7 +149,8 @@ func (c *ApiController) UpdateUser() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	if user.DisplayName == "" {
@@ -183,7 +184,8 @@ func (c *ApiController) AddUser() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
@@ -201,7 +203,8 @@ func (c *ApiController) DeleteUser() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteUser(&user))
@@ -220,7 +223,8 @@ func (c *ApiController) GetEmailAndPhone() {
 	var form RequestForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	user := object.GetUserByFields(form.Organization, form.Username)
@@ -298,6 +302,7 @@ func (c *ApiController) SetPassword() {
 	c.ServeJSON()
 }
 // CheckUserPassword
 // @Title CheckUserPassword
 // @router /check-user-password [post]
 // @Tag User API
@@ -305,7 +310,8 @@ func (c *ApiController) CheckUserPassword() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password)
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@@ -24,17 +24,18 @@ import (
 	"github.com/casdoor/casdoor/util"
 )
-func saveFile(path string, file *multipart.File) {
+func saveFile(path string, file *multipart.File) (err error) {
 	f, err := os.Create(path)
 	if err != nil {
-		panic(err)
+		return err
 	}
 	defer f.Close()
 	_, err = io.Copy(f, *file)
 	if err != nil {
-		panic(err)
+		return err
 	}
 	return nil
 }
 func (c *ApiController) UploadUsers() {
@@ -43,13 +44,18 @@ func (c *ApiController) UploadUsers() {
 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
 	path := util.GetUploadXlsxPath(fileId)
 	util.EnsureFileFolderExists(path)
-	saveFile(path, &file)
+	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected := object.UploadUsers(owner, fileId)
 	if affected {
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -23,9 +23,8 @@ import (
 	"github.com/casdoor/casdoor/util"
 )
-// ResponseOk ...
+// ResponseJsonData ...
-func (c *ApiController) ResponseOk(data ...interface{}) {
+func (c *ApiController) ResponseJsonData(resp *Response, data ...interface{}) {
 	resp := Response{Status: "ok"}
 	switch len(data) {
 	case 2:
 		resp.Data2 = data[1]
@@ -37,25 +36,23 @@ func (c *ApiController) ResponseOk(data ...interface{}) {
 	c.ServeJSON()
 }
 // ResponseOk ...
 func (c *ApiController) ResponseOk(data ...interface{}) {
 	resp := &Response{Status: "ok"}
 	c.ResponseJsonData(resp, data...)
 }
 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
-	resp := Response{Status: "error", Msg: error}
+	resp := &Response{Status: "error", Msg: error}
-	switch len(data) {
+	c.ResponseJsonData(resp, data...)
 	case 2:
 		resp.Data2 = data[1]
 		fallthrough
 	case 1:
 		resp.Data = data[0]
 	}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
 // SetTokenErrorHttpStatus ...
 func (c *ApiController) SetTokenErrorHttpStatus() {
 	_, ok := c.Data["json"].(*object.TokenError)
 	if ok {
-		if c.Data["json"].(*object.TokenError).Error == object.INVALID_CLIENT {
+		if c.Data["json"].(*object.TokenError).Error == object.InvalidClient {
 			c.Ctx.Output.SetStatus(401)
 			c.Ctx.Output.Header("WWW-Authenticate", "Basic realm=\"OAuth2\"")
 		} else {
@@ -78,13 +75,8 @@ func (c *ApiController) RequireSignedIn() (string, bool) {
 	return userId, true
 }
-func getInitScore() int {
+func getInitScore() (int, error) {
-	score, err := strconv.Atoi(conf.GetConfigString("initScore"))
+	return strconv.Atoi(conf.GetConfigString("initScore"))
 	if err != nil {
 		panic(err)
 	}
 	return score
 }
 func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -98,7 +98,7 @@ func (c *ApiController) SendVerificationCode() {
 		return
 	}
-	sendResp := errors.New("Invalid dest type")
+	sendResp := errors.New("invalid dest type")
 	if user == nil && checkUser != "" && checkUser != "true" {
 		name := application.Organization
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -16,7 +16,7 @@ package controllers
 import (
 	"bytes"
-	"io/ioutil"
+	"io"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -24,6 +24,7 @@ import (
 	"github.com/duo-labs/webauthn/webauthn"
 )
 // WebAuthnSignupBegin
 // @Title WebAuthnSignupBegin
 // @Tag User API
 // @Description WebAuthn Registration Flow 1st stage
@@ -53,6 +54,7 @@ func (c *ApiController) WebAuthnSignupBegin() {
 	c.ServeJSON()
 }
 // WebAuthnSignupFinish
 // @Title WebAuthnSignupFinish
 // @Tag User API
 // @Description WebAuthn Registration Flow 2nd stage
@@ -72,7 +74,7 @@ func (c *ApiController) WebAuthnSignupFinish() {
 		c.ResponseError("Please call WebAuthnSignupBegin first")
 		return
 	}
-	c.Ctx.Request.Body = ioutil.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
+	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
 	credential, err := webauthnObj.FinishRegistration(user, sessionData, c.Ctx.Request)
 	if err != nil {
@@ -84,6 +86,7 @@ func (c *ApiController) WebAuthnSignupFinish() {
 	c.ResponseOk()
 }
 // WebAuthnSigninBegin
 // @Title WebAuthnSigninBegin
 // @Tag Login API
 // @Description WebAuthn Login Flow 1st stage
@@ -110,6 +113,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 	c.ServeJSON()
 }
 // WebAuthnSigninFinish
 // @Title WebAuthnSigninBegin
 // @Tag Login API
 // @Description WebAuthn Login Flow 2nd stage
@@ -124,7 +128,7 @@ func (c *ApiController) WebAuthnSigninFinish() {
 		c.ResponseError("Please call WebAuthnSigninBegin first")
 		return
 	}
-	c.Ctx.Request.Body = ioutil.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
+	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
 	userId := string(sessionData.UserID)
 	user := object.GetUser(userId)
 	_, err := webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@@ -48,6 +48,7 @@ func (c *ApiController) GetWebhooks() {
 	}
 }
 // GetWebhook
 // @Title GetWebhook
 // @Tag Webhook API
 // @Description get webhook
@@ -61,6 +62,7 @@ func (c *ApiController) GetWebhook() {
 	c.ServeJSON()
 }
 // UpdateWebhook
 // @Title UpdateWebhook
 // @Tag Webhook API
 // @Description update webhook
@@ -74,13 +76,15 @@ func (c *ApiController) UpdateWebhook() {
 	var webhook object.Webhook
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateWebhook(id, &webhook))
 	c.ServeJSON()
 }
 // AddWebhook
 // @Title AddWebhook
 // @Tag Webhook API
 // @Description add webhook
@@ -91,13 +95,15 @@ func (c *ApiController) AddWebhook() {
 	var webhook object.Webhook
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddWebhook(&webhook))
 	c.ServeJSON()
 }
 // DeleteWebhook
 // @Title DeleteWebhook
 // @Tag Webhook API
 // @Description delete webhook
@@ -108,7 +114,8 @@ func (c *ApiController) DeleteWebhook() {
 	var webhook object.Webhook
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteWebhook(&webhook))
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/beevik/etree v1.1.0
 	github.com/casbin/casbin/v2 v2.30.1
 	github.com/casbin/xorm-adapter/v2 v2.5.1
-	github.com/casdoor/go-sms-sender v0.2.0
+	github.com/casdoor/go-sms-sender v0.3.0
 	github.com/casdoor/goth v1.69.0-FIX2
 	github.com/casdoor/oss v1.2.0
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
@@ -21,6 +21,7 @@ require (
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/golang-jwt/jwt/v4 v4.2.0
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/uuid v1.2.0
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/lestrrat-go/jwx v0.9.0
@@ -31,13 +32,17 @@ require (
 	github.com/russellhaering/gosaml2 v0.6.0
 	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/smartystreets/goconvey v1.6.4 // indirect
-	github.com/stretchr/testify v1.7.0
+	github.com/stretchr/testify v1.8.0
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	golang.org/x/crypto v0.0.0-20220208233918-bba287dce954
 	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -98,8 +98,8 @@ github.com/casbin/casbin/v2 v2.30.1 h1:P5HWadDL7olwUXNdcuKUBk+x75Y2eitFxYTcLNKeK
 github.com/casbin/casbin/v2 v2.30.1/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/casbin/xorm-adapter/v2 v2.5.1 h1:BkpIxRHKa0s3bSMx173PpuU7oTs+Zw7XmD0BIta0HGM=
 github.com/casbin/xorm-adapter/v2 v2.5.1/go.mod h1:AeH4dBKHC9/zYxzdPVHhPDzF8LYLqjDdb767CWJoV54=
-github.com/casdoor/go-sms-sender v0.2.0 h1:52bin4EBOPzOee64s9UK7jxd22FODvT9/+Y/Z+PSHpg=
+github.com/casdoor/go-sms-sender v0.3.0 h1:c4bWVcKZhO2L3Xu1oy7aeVkCK6HRJkW/b5K1xU9mV60=
-github.com/casdoor/go-sms-sender v0.2.0/go.mod h1:fsZsNnALvFIo+HFcE1U/oCQv4ZT42FdglXKMsEm3WSk=
+github.com/casdoor/go-sms-sender v0.3.0/go.mod h1:fsZsNnALvFIo+HFcE1U/oCQv4ZT42FdglXKMsEm3WSk=
 github.com/casdoor/goth v1.69.0-FIX2 h1:RgfIMkL9kekylgxHHK2ZY8ASAwOGns2HVlaBwLu7Bcs=
 github.com/casdoor/goth v1.69.0-FIX2/go.mod h1:Om55nRo8CkeDkPSNBbzXW4G5uI28ZUkSk5S69dPek3s=
 github.com/casdoor/oss v1.2.0 h1:ozLAE+nnNdFQBWbzH8U9spzaO8h8NrB57lBcdyMUUQ8=
@@ -156,6 +156,8 @@ github.com/go-ldap/ldap/v3 v3.3.0 h1:lwx+SJpgOHd8tG6SumBQZXCmNX51zM8B1cfxJ5gv4tQ
 github.com/go-ldap/ldap/v3 v3.3.0/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-pay/gopay v1.5.72 h1:3zm64xMBhJBa8rXbm//q5UiGgOa4WO5XYEnU394N2Zw=
 github.com/go-pay/gopay v1.5.72/go.mod h1:0qOGIJuFW7PKDOjmecwKyW0mgsVImgwB9yPJj0ilpn8=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
@@ -219,8 +221,9 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -376,6 +379,8 @@ github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 h1:X+yvsM2yrEktyI+b2qND5gpH8YhURn0k8OCaeRnkINo=
 github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644/go.mod h1:nkxAfR/5quYxwPZhyDxgasBMnRtBZd0FCEpawpjMUFg=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/siddontang/go v0.0.0-20170517070808-cb568a3e5cc0/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw=
 github.com/siddontang/goredis v0.0.0-20150324035039-760763f78400/go.mod h1:DDcKzU3qCuvj/tPnimWSsZZzvk9qvkvrIL5naVBPh5s=
 github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
@@ -389,13 +394,15 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/ssdb/gossdb v0.0.0-20180723034631-88f6b59b84ec/go.mod h1:QBvMkMya+gXctz3kmljlUCu/yB3GZ6oee+dUozsezQE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/syndtr/goleveldb v0.0.0-20160425020131-cfa635847112/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
 github.com/syndtr/goleveldb v0.0.0-20181127023241-353a9fca669c/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
@@ -406,6 +413,10 @@ github.com/tencentcloud/tencentcloud-sdk-go v1.0.154 h1:THBgwGwUQtsw6L53cSSA2wwL
 github.com/tencentcloud/tencentcloud-sdk-go v1.0.154/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI=
 github.com/thanhpk/randstr v1.0.4 h1:IN78qu/bR+My+gHCvMEXhR/i5oriVHcTB/BJJIRTsNo=
 github.com/thanhpk/randstr v1.0.4/go.mod h1:M/H2P1eNLZzlDwAzpkkkUvoyNNMbzRGhESZuEQk3r0U=
 github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw=
 github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
 github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o=
 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
 github.com/ugorji/go v0.0.0-20171122102828-84cb69a8af83/go.mod h1:hnLbHMwcvSihnDhEfx2/BzKp2xb0Y+ErdfYcrs9tkJQ=
 github.com/volcengine/volc-sdk-golang v1.0.19 h1:jJp+aJgK0e//rZ9I0K2Y7ufJwvuZRo/AQsYDynXMNgA=
 github.com/volcengine/volc-sdk-golang v1.0.19/go.mod h1:+GGi447k4p1I5PNdbpG2GLaF0Ui9vIInTojMM0IfSS4=
@@ -417,6 +428,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/gopher-lua v0.0.0-20171031051903-609c9cd26973/go.mod h1:aEV29XrmTYFr3CiRxZeGHpkvbwq+prZduBqMaascyCU=
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@@ -537,6 +550,7 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -563,8 +577,10 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211020174200-9d6173849985/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -626,7 +642,6 @@ golang.org/x/tools v0.0.0-20200929161345-d7fc70abf50f/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
@@ -739,8 +754,9 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/idp/adfs.go
+++ b/idp/adfs.go
@@ -19,7 +19,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"time"
@@ -77,6 +77,7 @@ type AdfsToken struct {
 	ErrMsg    string `json:"error_description"`
 }
 // GetToken
 // get more detail via: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios#request-an-access-token
 func (idp *AdfsIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	payload := url.Values{}
@@ -88,7 +89,7 @@ func (idp *AdfsIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -109,6 +110,7 @@ func (idp *AdfsIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	return token, nil
 }
 // GetUserInfo
 // Since the userinfo endpoint of ADFS only returns sub,
 // the id_token is used to resolve the userinfo
 func (idp *AdfsIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
@@ -122,10 +124,10 @@ func (idp *AdfsIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	}
 	tokenSrc := []byte(token.AccessToken)
 	publicKey, _ := keyset.Keys[0].Materialize()
-	id_token, _ := jwt.Parse(bytes.NewReader(tokenSrc), jwt.WithVerify(jwa.RS256, publicKey))
+	idToken, _ := jwt.Parse(bytes.NewReader(tokenSrc), jwt.WithVerify(jwa.RS256, publicKey))
-	sid, _ := id_token.Get("sid")
+	sid, _ := idToken.Get("sid")
-	upn, _ := id_token.Get("upn")
+	upn, _ := idToken.Get("upn")
-	name, _ := id_token.Get("unique_name")
+	name, _ := idToken.Get("unique_name")
 	userinfo := &UserInfo{
 		Id:          sid.(string),
 		Username:    name.(string),
--- a/idp/alipay.go
+++ b/idp/alipay.go
@@ -24,7 +24,6 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"sort"
@@ -205,7 +204,7 @@ func (idp *AlipayIdProvider) postWithBody(body interface{}, targetUrl string) ([
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/baidu.go
+++ b/idp/baidu.go
@@ -18,7 +18,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"golang.org/x/oauth2"
@@ -97,7 +97,7 @@ func (idp *BaiduIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/bilibili.go
+++ b/idp/bilibili.go
@@ -18,7 +18,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
@@ -76,6 +75,7 @@ type BilibiliIdProviderTokenResponse struct {
 	Data    BilibiliProviderToken `json:"data"`
 }
 // GetToken
 /*
 {
    "code": 0,
@@ -170,7 +170,7 @@ func (idp *BilibiliIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -204,7 +204,7 @@ func (idp *BilibiliIdProvider) postWithBody(body interface{}, url string) ([]byt
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/casdoor.go
+++ b/idp/casdoor.go
@@ -17,7 +17,7 @@ package idp
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"time"
@@ -71,7 +71,7 @@ func (idp *CasdoorIdProvider) GetToken(code string) (*oauth2.Token, error) {
 		return nil, err
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -131,7 +131,7 @@ func (idp *CasdoorIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error
 	}
 	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/custom.go
+++ b/idp/custom.go
@@ -18,7 +18,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	_ "net/url"
 	_ "time"
@@ -84,7 +84,7 @@ func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	}
 	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/dingtalk.go
+++ b/idp/dingtalk.go
@@ -18,7 +18,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"
@@ -101,7 +100,7 @@ func (idp *DingTalkIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	token := &oauth2.Token{
 		AccessToken: pToken.AccessToken,
-		Expiry:      time.Unix(time.Now().Unix()+int64(pToken.ExpiresIn), 0),
+		Expiry:      time.Unix(time.Now().Unix()+pToken.ExpiresIn, 0),
 	}
 	return token, nil
 }
@@ -145,7 +144,7 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 	}
 	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -180,7 +179,7 @@ func (idp *DingTalkIdProvider) postWithBody(body interface{}, url string) ([]byt
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/douyin.go
+++ b/idp/douyin.go
@@ -18,7 +18,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"time"
@@ -98,7 +98,7 @@ func (idp *DouyinIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -177,7 +177,7 @@ func (idp *DouyinIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	defer resp.Body.Close()
-	respBody, err := ioutil.ReadAll(resp.Body)
+	respBody, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/facebook.go
+++ b/idp/facebook.go
@@ -71,6 +71,7 @@ type FacebookCheckToken struct {
 	Data string `json:"data"`
 }
 // FacebookCheckTokenData
 // Get more detail via: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#checktoken
 type FacebookCheckTokenData struct {
 	UserId string `json:"user_id"`
--- a/idp/gitee.go
+++ b/idp/gitee.go
@@ -19,7 +19,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -93,7 +92,7 @@ func (idp *GiteeIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	rbs, err := ioutil.ReadAll(resp.Body)
+	rbs, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/github.go
+++ b/idp/github.go
@@ -18,7 +18,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strconv"
 	"strings"
@@ -202,7 +201,7 @@ func (idp *GithubIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -236,7 +235,7 @@ func (idp *GithubIdProvider) postWithBody(body interface{}, url string) ([]byte,
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/gitlab.go
+++ b/idp/gitlab.go
@@ -17,7 +17,7 @@ package idp
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -85,7 +85,7 @@ func (idp *GitlabIdProvider) GetToken(code string) (*oauth2.Token, error) {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -209,7 +209,7 @@ func (idp *GitlabIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/google.go
+++ b/idp/google.go
@@ -19,7 +19,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"golang.org/x/oauth2"
@@ -95,7 +95,7 @@ func (idp *GoogleIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/goth.go
+++ b/idp/goth.go
@@ -207,6 +207,7 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 	return &idp
 }
 // SetHttpClient
 // Goth's idp all implement the Client method, but since the goth.Provider interface does not provide to modify idp's client method, reflection is required
 func (idp *GothIdProvider) SetHttpClient(client *http.Client) {
 	idpClient := reflect.ValueOf(idp.Provider).Elem().FieldByName("HTTPClient")
--- a/idp/infoflow_internal.go
+++ b/idp/infoflow_internal.go
@@ -17,7 +17,7 @@ package idp
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"golang.org/x/oauth2"
@@ -58,6 +58,7 @@ type InfoflowInterToken struct {
 	AccessToken string `json:"access_token"`
 }
 // GetToken
 // get more detail via: https://qy.baidu.com/doc/index.html#/inner_quickstart/flow?id=%E8%8E%B7%E5%8F%96accesstoken
 func (idp *InfoflowInternalIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	pTokenParams := &struct {
@@ -69,7 +70,7 @@ func (idp *InfoflowInternalIdProvider) GetToken(code string) (*oauth2.Token, err
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -137,6 +138,7 @@ type InfoflowInternalUserInfo struct {
 	Email   string `json:"email"`
 }
 // GetUserInfo
 // get more detail via: https://qy.baidu.com/doc/index.html#/inner_serverapi/contacts?id=%e8%8e%b7%e5%8f%96%e6%88%90%e5%91%98
 func (idp *InfoflowInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	// Get userid first
@@ -147,7 +149,7 @@ func (idp *InfoflowInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserIn
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -165,7 +167,7 @@ func (idp *InfoflowInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserIn
 		return nil, err
 	}
-	data, err = ioutil.ReadAll(resp.Body)
+	data, err = io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/infoflow_third_party.go
+++ b/idp/infoflow_third_party.go
@@ -18,7 +18,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"
@@ -63,6 +62,7 @@ type InfoflowToken struct {
 	ExpiresIn   int    `json:"expires_in"`
 }
 // GetToken
 // get more detail via: https://qy.baidu.com/doc/index.html#/third_serverapi/authority
 func (idp *InfoflowIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	pTokenParams := &struct {
@@ -134,6 +134,7 @@ type InfoflowUserInfo struct {
 	Email   string `json:"email"`
 }
 // GetUserInfo
 // get more detail via: https://qy.baidu.com/doc/index.html#/third_serverapi/contacts?id=%e8%8e%b7%e5%8f%96%e6%88%90%e5%91%98
 func (idp *InfoflowIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	// Get userid first
@@ -144,7 +145,7 @@ func (idp *InfoflowIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -162,7 +163,7 @@ func (idp *InfoflowIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		return nil, err
 	}
-	data, err = ioutil.ReadAll(resp.Body)
+	data, err = io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -197,7 +198,7 @@ func (idp *InfoflowIdProvider) postWithBody(body interface{}, url string) ([]byt
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/lark.go
+++ b/idp/lark.go
@@ -17,7 +17,6 @@ package idp
 import (
 	"encoding/json"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"
@@ -173,7 +172,7 @@ func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 		return nil, err
 	}
 	defer resp.Body.Close()
-	data, err = ioutil.ReadAll(resp.Body)
+	data, err = io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -204,7 +203,7 @@ func (idp *LarkIdProvider) postWithBody(body interface{}, url string) ([]byte, e
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/linkedin.go
+++ b/idp/linkedin.go
@@ -18,7 +18,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
@@ -85,7 +84,7 @@ func (idp *LinkedInIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	rbs, err := ioutil.ReadAll(resp.Body)
+	rbs, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -323,7 +322,7 @@ func (idp *LinkedInIdProvider) GetUrlRespWithAuthorization(url, token string) ([
 		}
 	}(resp.Body)
-	bs, err := ioutil.ReadAll(resp.Body)
+	bs, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/okta.go
+++ b/idp/okta.go
@@ -17,7 +17,7 @@ package idp
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"time"
@@ -114,7 +114,7 @@ func (idp *OktaIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -178,7 +178,7 @@ func (idp *OktaIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/qq.go
+++ b/idp/qq.go
@@ -18,7 +18,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"regexp"
@@ -75,7 +75,7 @@ func (idp *QqIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	}
 	defer resp.Body.Close()
-	tokenContent, err := ioutil.ReadAll(resp.Body)
+	tokenContent, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -148,7 +148,7 @@ func (idp *QqIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	}
 	defer resp.Body.Close()
-	openIdBody, err := ioutil.ReadAll(resp.Body)
+	openIdBody, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -167,7 +167,7 @@ func (idp *QqIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	}
 	defer resp.Body.Close()
-	userInfoBody, err := ioutil.ReadAll(resp.Body)
+	userInfoBody, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/wechat.go
+++ b/idp/wechat.go
@@ -144,7 +144,7 @@ type WechatUserInfo struct {
 	City       string   `json:"city"`       // City filled in by general user's personal data
 	Province   string   `json:"province"`   // Province filled in by ordinary user's personal information
 	Country    string   `json:"country"`    // Country, such as China is CN
-	Headimgurl string   `json:"headimgurl"` // User avatar, the last value represents the size of the square avatar (there are optional values of 0, 46, 64, 96, 132, 0 represents a 640*640 square avatar), this item is empty when the user does not have a avatar
+	Headimgurl string   `json:"headimgurl"` // User avatar, the last value represents the size of the square avatar (there are optional values of 0, 46, 64, 96, 132, 0 represents a 640*640 square avatar), this item is empty when the user does not have an avatar
 	Privilege  []string `json:"privilege"`  // User Privilege information, json array, such as Wechat Woka user (chinaunicom)
 	Unionid    string   `json:"unionid"`    // Unified user identification. For an application under a WeChat open platform account, the unionid of the same user is unique.
 }
--- a/idp/wechat_miniprogram.go
+++ b/idp/wechat_miniprogram.go
@@ -17,7 +17,7 @@ package idp
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"golang.org/x/oauth2"
@@ -65,7 +65,7 @@ func (idp *WeChatMiniProgramIdProvider) GetSessionByCode(code string) (*WeChatMi
 		return nil, err
 	}
 	defer sessionResponse.Body.Close()
-	data, err := ioutil.ReadAll(sessionResponse.Body)
+	data, err := io.ReadAll(sessionResponse.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/wecom_internal.go
+++ b/idp/wecom_internal.go
@@ -17,13 +17,14 @@ package idp
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"time"
 	"golang.org/x/oauth2"
 )
 // WeComInternalIdProvider
 // This idp is using wecom internal application api as idp
 type WeComInternalIdProvider struct {
 	Client *http.Client
@@ -72,7 +73,7 @@ func (idp *WeComInternalIdProvider) GetToken(code string) (*oauth2.Token, error)
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -123,7 +124,7 @@ func (idp *WeComInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo,
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
@@ -144,7 +145,7 @@ func (idp *WeComInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo,
 		return nil, err
 	}
-	data, err = ioutil.ReadAll(resp.Body)
+	data, err = io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/wecom_third_party.go
+++ b/idp/wecom_third_party.go
@@ -18,7 +18,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"
@@ -195,7 +194,7 @@ func (idp *WeComIdProvider) postWithBody(body interface{}, url string) ([]byte,
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/weibo.go
+++ b/idp/weibo.go
@@ -19,7 +19,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -92,7 +91,7 @@ func (idp *WeiBoIdProvider) GetToken(code string) (*oauth2.Token, error) {
 			return
 		}
 	}(resp.Body)
-	bs, err := ioutil.ReadAll(resp.Body)
+	bs, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/object/check.go
+++ b/object/check.go
@@ -18,6 +18,8 @@ import (
 	"fmt"
 	"regexp"
 	"strings"
 	"time"
 	"unicode"
 	"github.com/casdoor/casdoor/cred"
 	"github.com/casdoor/casdoor/util"
@@ -29,6 +31,11 @@ var (
 	reFieldWhiteList *regexp.Regexp
 )
 const (
 	SigninWrongTimesLimit     = 5
 	LastSignWrongTimeDuration = time.Minute * 15
 )
 func init() {
 	reWhiteSpace, _ = regexp.Compile(`\s`)
 	reFieldWhiteList, _ = regexp.Compile(`^[A-Za-z0-9]+$`)
@@ -42,11 +49,25 @@ func CheckUserSignup(application *Application, organization *Organization, usern
 	if application.IsSignupItemVisible("Username") {
 		if len(username) <= 1 {
 			return "username must have at least 2 characters"
-		} else if reWhiteSpace.MatchString(username) {
+		}
 		if unicode.IsDigit(rune(username[0])) {
 			return "username cannot start with a digit"
 		}
 		if util.IsEmailValid(username) {
 			return "username cannot be an email address"
 		}
 		if reWhiteSpace.MatchString(username) {
 			return "username cannot contain white spaces"
-		} else if HasUserByField(organization.Name, "name", username) {
+		}
 		if HasUserByField(organization.Name, "name", username) {
 			return "username already exists"
 		}
 		if HasUserByField(organization.Name, "email", email) {
 			return "email already exists"
 		}
 		if HasUserByField(organization.Name, "phone", phone) {
 			return "phone already exists"
 		}
 	}
 	if len(password) <= 5 {
@@ -112,7 +133,32 @@ func CheckUserSignup(application *Application, organization *Organization, usern
 	return ""
 }
 func checkSigninErrorTimes(user *User) string {
 	if user.SigninWrongTimes >= SigninWrongTimesLimit {
 		lastSignWrongTime, _ := time.Parse(time.RFC3339, user.LastSigninWrongTime)
 		passedTime := time.Now().UTC().Sub(lastSignWrongTime)
 		seconds := int(LastSignWrongTimeDuration.Seconds() - passedTime.Seconds())
 		// deny the login if the error times is greater than the limit and the last login time is less than the duration
 		if seconds > 0 {
 			return fmt.Sprintf("You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again", seconds/60, seconds%60)
 		}
 		// reset the error times
 		user.SigninWrongTimes = 0
 		UpdateUser(user.GetId(), user, []string{"signin_wrong_times"}, user.IsGlobalAdmin)
 	}
 	return ""
 }
 func CheckPassword(user *User, password string) string {
 	// check the login error times
 	if msg := checkSigninErrorTimes(user); msg != "" {
 		return msg
 	}
 	organization := GetOrganizationByUser(user)
 	if organization == nil {
 		return "organization does not exist"
@@ -122,14 +168,17 @@ func CheckPassword(user *User, password string) string {
 	if credManager != nil {
 		if organization.MasterPassword != "" {
 			if credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
 				resetUserSigninErrorTimes(user)
 				return ""
 			}
 		}
 		if credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt, organization.PasswordSalt) {
 			resetUserSigninErrorTimes(user)
 			return ""
 		}
-		return "password incorrect"
+
 		return recordSigninErrorInfo(user)
 	} else {
 		return fmt.Sprintf("unsupported password type: %s", organization.PasswordType)
 	}
--- a/object/check_util.go
+++ b/object/check_util.go
@@ -14,7 +14,11 @@
 package object
-import "regexp"
+import (
 	"fmt"
 	"regexp"
 	"time"
 )
 var reRealName *regexp.Regexp
@@ -29,3 +33,32 @@ func init() {
 func isValidRealName(s string) bool {
 	return reRealName.MatchString(s)
 }
 func resetUserSigninErrorTimes(user *User) {
 	// if the password is correct and wrong times is not zero, reset the error times
 	if user.SigninWrongTimes == 0 {
 		return
 	}
 	user.SigninWrongTimes = 0
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 }
 func recordSigninErrorInfo(user *User) string {
 	// increase failed login count
 	user.SigninWrongTimes++
 	if user.SigninWrongTimes >= SigninWrongTimesLimit {
 		// record the latest failed login time
 		user.LastSigninWrongTime = time.Now().UTC().Format(time.RFC3339)
 	}
 	// update user
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
 	if leftChances > 0 {
 		return fmt.Sprintf("password is incorrect, you have %d remaining chances", leftChances)
 	}
 	// don't show the chance error message if the user has no chance left
 	return fmt.Sprintf("You have entered the wrong password too many times, please wait for %d minutes and try again", int(LastSignWrongTimeDuration.Minutes()))
 }
--- a/object/email.go
+++ b/object/email.go
@@ -33,6 +33,7 @@ func SendEmail(provider *Provider, title string, content string, dest string, se
 // DailSmtpServer Dail Smtp server
 func DailSmtpServer(provider *Provider) error {
 	dialer := gomail.NewDialer(provider.Host, provider.Port, provider.ClientId, provider.ClientSecret)
 	dialer.SSL = !provider.DisableSsl
 	sender, err := dialer.Dial()
 	if err != nil {
--- a/object/init.go
+++ b/object/init.go
@@ -16,8 +16,10 @@ package object
 import (
 	"encoding/gob"
-	"io/ioutil"
+	"fmt"
 	"os"
 	"github.com/astaxie/beego"
 	"github.com/casdoor/casdoor/util"
 	"github.com/duo-labs/webauthn/webauthn"
 )
@@ -36,6 +38,8 @@ func InitDb() {
 	initWebAuthn()
 }
 var staticBaseUrl = beego.AppConfig.String("staticBaseUrl")
 func initBuiltInOrganization() bool {
 	organization := getOrganization("admin", "built-in")
 	if organization != nil {
@@ -48,10 +52,10 @@ func initBuiltInOrganization() bool {
 		CreatedTime:   util.GetCurrentTime(),
 		DisplayName:   "Built-in Organization",
 		WebsiteUrl:    "https://example.com",
-		Favicon:       "https://cdn.casbin.com/static/favicon.ico",
+		Favicon:       fmt.Sprintf("%s/img/casbin/favicon.ico", staticBaseUrl),
 		PasswordType:  "plain",
 		PhonePrefix:   "86",
-		DefaultAvatar: "https://casbin.org/img/casbin.svg",
+		DefaultAvatar: fmt.Sprintf("%s/img/casbin.svg", staticBaseUrl),
 		Tags:          []string{},
 		AccountItems: []*AccountItem{
 			{Name: "Organization", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
@@ -100,7 +104,7 @@ func initBuiltInUser() {
 		Type:              "normal-user",
 		Password:          "123",
 		DisplayName:       "Admin",
-		Avatar:            "https://casbin.org/img/casbin.svg",
+		Avatar:            fmt.Sprintf("%s/img/casbin.svg", staticBaseUrl),
 		Email:             "admin@example.com",
 		Phone:             "12345678910",
 		Address:           []string{},
@@ -130,7 +134,7 @@ func initBuiltInApplication() {
 		Name:           "app-built-in",
 		CreatedTime:    util.GetCurrentTime(),
 		DisplayName:    "Casdoor",
-		Logo:           "https://cdn.casbin.com/logo/logo_1024x256.png",
+		Logo:           fmt.Sprintf("%s/img/casdoor-logo_1185x256.png", staticBaseUrl),
 		HomepageUrl:    "https://casdoor.org",
 		Organization:   "built-in",
 		Cert:           "cert-built-in",
@@ -158,11 +162,11 @@ func initBuiltInApplication() {
 func readTokenFromFile() (string, string) {
 	pemPath := "./object/token_jwt_key.pem"
 	keyPath := "./object/token_jwt_key.key"
-	pem, err := ioutil.ReadFile(pemPath)
+	pem, err := os.ReadFile(pemPath)
 	if err != nil {
 		return "", ""
 	}
-	key, err := ioutil.ReadFile(keyPath)
+	key, err := os.ReadFile(keyPath)
 	if err != nil {
 		return "", ""
 	}
@@ -247,6 +251,7 @@ func initBuiltInPermission() {
 		DisplayName:  "Built-in Permission",
 		Users:        []string{"built-in/admin"},
 		Roles:        []string{},
 		Domains:      []string{},
 		ResourceType: "Application",
 		Resources:    []string{"app-built-in"},
 		Actions:      []string{"Read", "Write", "Admin"},
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@@ -31,6 +31,7 @@ func GetLdapAutoSynchronizer() *LdapAutoSynchronizer {
 	return globalLdapAutoSynchronizer
 }
 // StartAutoSync
 // start autosync for specified ldap, old existing autosync goroutine will be ceased
 func (l *LdapAutoSynchronizer) StartAutoSync(ldapId string) error {
 	l.Lock()
@@ -95,6 +96,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {
 	}
 }
 // LdapAutoSynchronizerStartUpAll
 // start all autosync goroutine for existing ldap servers in each organizations
 func (l *LdapAutoSynchronizer) LdapAutoSynchronizerStartUpAll() {
 	organizations := []*Organization{}
--- a/object/permission.go
+++ b/object/permission.go
@@ -16,12 +16,7 @@ package object
 import (
 	"fmt"
 	"strings"
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v2"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@@ -32,16 +27,22 @@ type Permission struct {
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
-	Users []string `xorm:"mediumtext" json:"users"`
+	Users   []string `xorm:"mediumtext" json:"users"`
-	Roles []string `xorm:"mediumtext" json:"roles"`
+	Roles   []string `xorm:"mediumtext" json:"roles"`
 	Domains []string `xorm:"mediumtext" json:"domains"`
 	Model        string   `xorm:"varchar(100)" json:"model"`
 	Adapter      string   `xorm:"varchar(100)" json:"adapter"`
 	ResourceType string   `xorm:"varchar(100)" json:"resourceType"`
 	Resources    []string `xorm:"mediumtext" json:"resources"`
 	Actions      []string `xorm:"mediumtext" json:"actions"`
 	Effect       string   `xorm:"varchar(100)" json:"effect"`
 	IsEnabled    bool     `json:"isEnabled"`
-	IsEnabled bool `json:"isEnabled"`
+	Submitter   string `xorm:"varchar(100)" json:"submitter"`
 	Approver    string `xorm:"varchar(100)" json:"approver"`
 	ApproveTime string `xorm:"varchar(100)" json:"approveTime"`
 	State       string `xorm:"varchar(100)" json:"state"`
 }
 type PermissionRule struct {
@@ -52,6 +53,7 @@ type PermissionRule struct {
 	V3    string `xorm:"varchar(100) index not null default ''" json:"v3"`
 	V4    string `xorm:"varchar(100) index not null default ''" json:"v4"`
 	V5    string `xorm:"varchar(100) index not null default ''" json:"v5"`
 	Id    string `xorm:"varchar(100) index not null default ''" json:"id"`
 }
 func GetPermissionCount(owner, field, value string) int {
@@ -122,6 +124,15 @@ func UpdatePermission(id string, permission *Permission) bool {
 	if affected != 0 {
 		removePolicies(oldPermission)
 		if oldPermission.Adapter != "" && oldPermission.Adapter != permission.Adapter {
 			isEmpty, _ := adapter.Engine.IsTableEmpty(oldPermission.Adapter)
 			if isEmpty {
 				err = adapter.Engine.DropTables(oldPermission.Adapter)
 				if err != nil {
 					panic(err)
 				}
 			}
 		}
 		addPolicies(permission)
 	}
@@ -149,6 +160,15 @@ func DeletePermission(permission *Permission) bool {
 	if affected != 0 {
 		removePolicies(permission)
 		if permission.Adapter != "" && permission.Adapter != "permission_rule" {
 			isEmpty, _ := adapter.Engine.IsTableEmpty(permission.Adapter)
 			if isEmpty {
 				err = adapter.Engine.DropTables(permission.Adapter)
 				if err != nil {
 					panic(err)
 				}
 			}
 		}
 	}
 	return affected != 0
@@ -158,85 +178,6 @@ func (permission *Permission) GetId() string {
 	return fmt.Sprintf("%s/%s", permission.Owner, permission.Name)
 }
 func getEnforcer(permission *Permission) *casbin.Enforcer {
 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
 	adapter, err := xormadapter.NewAdapterWithTableName(conf.GetConfigString("driverName"), conf.GetBeegoConfDataSourceName()+conf.GetConfigString("dbName"), "permission_rule", tableNamePrefix, true)
 	if err != nil {
 		panic(err)
 	}
 	modelText := `
 [request_definition]
 r = sub, obj, act
 [policy_definition]
 p = permission, sub, obj, act
 [policy_effect]
 e = some(where (p.eft == allow))
 [matchers]
 m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`
 	permissionModel := getModel(permission.Owner, permission.Model)
 	if permissionModel != nil {
 		modelText = permissionModel.ModelText
 	}
 	m, err := model.NewModelFromString(modelText)
 	if err != nil {
 		panic(err)
 	}
 	enforcer, err := casbin.NewEnforcer(m, adapter)
 	if err != nil {
 		panic(err)
 	}
 	err = enforcer.LoadFilteredPolicy(xormadapter.Filter{V0: []string{permission.GetId()}})
 	if err != nil {
 		panic(err)
 	}
 	return enforcer
 }
 func getPolicies(permission *Permission) [][]string {
 	var policies [][]string
 	for _, user := range permission.Users {
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				policies = append(policies, []string{permission.GetId(), user, resource, strings.ToLower(action)})
 			}
 		}
 	}
 	for _, role := range permission.Roles {
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				policies = append(policies, []string{permission.GetId(), role, resource, strings.ToLower(action)})
 			}
 		}
 	}
 	return policies
 }
 func addPolicies(permission *Permission) {
 	enforcer := getEnforcer(permission)
 	policies := getPolicies(permission)
 	_, err := enforcer.AddPolicies(policies)
 	if err != nil {
 		panic(err)
 	}
 }
 func removePolicies(permission *Permission) {
 	enforcer := getEnforcer(permission)
 	_, err := enforcer.RemoveFilteredPolicy(0, permission.GetId())
 	if err != nil {
 		panic(err)
 	}
 }
 func GetPermissionsByUser(userId string) []*Permission {
 	permissions := []*Permission{}
 	err := adapter.Engine.Where("users like ?", "%"+userId+"%").Find(&permissions)
@@ -247,61 +188,22 @@ func GetPermissionsByUser(userId string) []*Permission {
 	return permissions
 }
-func Enforce(userId string, permissionRule *PermissionRule) bool {
+func GetPermissionsByRole(roleId string) []*Permission {
-	permission := GetPermission(permissionRule.V0)
+	permissions := []*Permission{}
-	enforcer := getEnforcer(permission)
+	err := adapter.Engine.Where("roles like ?", "%"+roleId+"%").Find(&permissions)
 	allow, err := enforcer.Enforce(userId, permissionRule.V2, permissionRule.V3)
 	if err != nil {
 		panic(err)
 	}
-	return allow
+
 	return permissions
 }
-func BatchEnforce(userId string, permissionRules []PermissionRule) []bool {
+func GetPermissionsBySubmitter(owner string, submitter string) []*Permission {
-	var requests [][]interface{}
+	permissions := []*Permission{}
-	for _, permissionRule := range permissionRules {
+	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Submitter: submitter})
 		requests = append(requests, []interface{}{userId, permissionRule.V2, permissionRule.V3})
 	}
 	permission := GetPermission(permissionRules[0].V0)
 	enforcer := getEnforcer(permission)
 	allow, err := enforcer.BatchEnforce(requests)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }
-func getAllValues(userId string, sec string, fieldIndex int) []string {
+	return permissions
 	permissions := GetPermissionsByUser(userId)
 	var values []string
 	for _, permission := range permissions {
 		enforcer := getEnforcer(permission)
 		enforcer.ClearPolicy()
 		err := enforcer.LoadFilteredPolicy(xormadapter.Filter{V0: []string{permission.GetId()}, V1: []string{userId}})
 		if err != nil {
 			return nil
 		}
 		for _, value := range enforcer.GetModel().GetValuesForFieldInPolicyAllTypes(sec, fieldIndex) {
 			values = append(values, value)
 		}
 	}
 	return values
 }
 func GetAllObjects(userId string) []string {
 	return getAllValues(userId, "p", 2)
 }
 func GetAllActions(userId string) []string {
 	return getAllValues(userId, "p", 3)
 }
 func GetAllRoles(userId string) []string {
 	roles := GetRolesByUser(userId)
 	var res []string
 	for _, role := range roles {
 		res = append(res, role.Name)
 	}
 	return res
 }
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -0,0 +1,212 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package object
 import (
 	"strings"
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v2"
 	"github.com/casdoor/casdoor/conf"
 )
 func getEnforcer(permission *Permission) *casbin.Enforcer {
 	tableName := "permission_rule"
 	if len(permission.Adapter) != 0 {
 		tableName = permission.Adapter
 	}
 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
 	adapter, err := xormadapter.NewAdapterWithTableName(conf.GetConfigString("driverName"), conf.GetBeegoConfDataSourceName()+conf.GetConfigString("dbName"), tableName, tableNamePrefix, true)
 	if err != nil {
 		panic(err)
 	}
 	modelText := `
 [request_definition]
 r = sub, obj, act
 [policy_definition]
 p = sub, obj, act
 [role_definition]
 g = _, _
 [policy_effect]
 e = some(where (p.eft == allow))
 [matchers]
 m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act`
 	permissionModel := getModel(permission.Owner, permission.Model)
 	if permissionModel != nil {
 		modelText = permissionModel.ModelText
 	}
 	m, err := model.NewModelFromString(modelText)
 	if err != nil {
 		panic(err)
 	}
 	enforcer, err := casbin.NewEnforcer(m, adapter)
 	if err != nil {
 		panic(err)
 	}
 	return enforcer
 }
 func getPolicies(permission *Permission) ([][]string, [][]string) {
 	var policies [][]string
 	var groupingPolicies [][]string
 	domainExist := len(permission.Domains) > 0
 	for _, user := range permission.Users {
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				if domainExist {
 					for _, domain := range permission.Domains {
 						policies = append(policies, []string{user, domain, resource, strings.ToLower(action)})
 					}
 				} else {
 					policies = append(policies, []string{user, resource, strings.ToLower(action)})
 				}
 			}
 		}
 	}
 	for _, role := range permission.Roles {
 		roleObj := GetRole(role)
 		for _, subUser := range roleObj.Users {
 			if domainExist {
 				for _, domain := range permission.Domains {
 					groupingPolicies = append(groupingPolicies, []string{subUser, domain, role})
 				}
 			} else {
 				groupingPolicies = append(groupingPolicies, []string{subUser, role})
 			}
 		}
 		for _, subRole := range roleObj.Roles {
 			if domainExist {
 				for _, domain := range permission.Domains {
 					groupingPolicies = append(groupingPolicies, []string{subRole, domain, role})
 				}
 			} else {
 				groupingPolicies = append(groupingPolicies, []string{subRole, role})
 			}
 		}
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				if domainExist {
 					for _, domain := range permission.Domains {
 						policies = append(policies, []string{role, domain, resource, strings.ToLower(action)})
 					}
 				} else {
 					policies = append(policies, []string{role, resource, strings.ToLower(action)})
 				}
 			}
 		}
 	}
 	return policies, groupingPolicies
 }
 func addPolicies(permission *Permission) {
 	enforcer := getEnforcer(permission)
 	policies, groupingPolicies := getPolicies(permission)
 	if len(groupingPolicies) > 0 {
 		_, err := enforcer.AddGroupingPolicies(groupingPolicies)
 		if err != nil {
 			panic(err)
 		}
 	}
 	_, err := enforcer.AddPolicies(policies)
 	if err != nil {
 		panic(err)
 	}
 }
 func removePolicies(permission *Permission) {
 	enforcer := getEnforcer(permission)
 	policies, groupingPolicies := getPolicies(permission)
 	if len(groupingPolicies) > 0 {
 		_, err := enforcer.RemoveGroupingPolicies(groupingPolicies)
 		if err != nil {
 			panic(err)
 		}
 	}
 	_, err := enforcer.RemovePolicies(policies)
 	if err != nil {
 		panic(err)
 	}
 }
 func Enforce(userId string, permissionRule *PermissionRule) bool {
 	permission := GetPermission(permissionRule.Id)
 	enforcer := getEnforcer(permission)
 	allow, err := enforcer.Enforce(userId, permissionRule.V1, permissionRule.V2)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }
 func BatchEnforce(userId string, permissionRules []PermissionRule) []bool {
 	var requests [][]interface{}
 	for _, permissionRule := range permissionRules {
 		requests = append(requests, []interface{}{userId, permissionRule.V1, permissionRule.V2})
 	}
 	permission := GetPermission(permissionRules[0].Id)
 	enforcer := getEnforcer(permission)
 	allow, err := enforcer.BatchEnforce(requests)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }
 func getAllValues(userId string, fn func(enforcer *casbin.Enforcer) []string) []string {
 	permissions := GetPermissionsByUser(userId)
 	for _, role := range GetAllRoles(userId) {
 		permissions = append(permissions, GetPermissionsByRole(role)...)
 	}
 	var values []string
 	for _, permission := range permissions {
 		enforcer := getEnforcer(permission)
 		values = append(values, fn(enforcer)...)
 	}
 	return values
 }
 func GetAllObjects(userId string) []string {
 	return getAllValues(userId, func(enforcer *casbin.Enforcer) []string {
 		return enforcer.GetAllObjects()
 	})
 }
 func GetAllActions(userId string) []string {
 	return getAllValues(userId, func(enforcer *casbin.Enforcer) []string {
 		return enforcer.GetAllActions()
 	})
 }
 func GetAllRoles(userId string) []string {
 	roles := GetRolesByUser(userId)
 	var res []string
 	for _, role := range roles {
 		res = append(res, role.Name)
 	}
 	return res
 }
--- a/object/provider.go
+++ b/object/provider.go
@@ -43,10 +43,11 @@ type Provider struct {
 	CustomUserInfoUrl string `xorm:"varchar(200)" json:"customUserInfoUrl"`
 	CustomLogo        string `xorm:"varchar(200)" json:"customLogo"`
-	Host    string `xorm:"varchar(100)" json:"host"`
+	Host       string `xorm:"varchar(100)" json:"host"`
-	Port    int    `json:"port"`
+	Port       int    `json:"port"`
-	Title   string `xorm:"varchar(100)" json:"title"`
+	DisableSsl bool   `json:"disableSsl"`
-	Content string `xorm:"varchar(1000)" json:"content"`
+	Title      string `xorm:"varchar(100)" json:"title"`
 	Content    string `xorm:"varchar(1000)" json:"content"`
 	RegionId     string `xorm:"varchar(100)" json:"regionId"`
 	SignName     string `xorm:"varchar(100)" json:"signName"`
--- a/object/role.go
+++ b/object/role.go
@@ -29,6 +29,7 @@ type Role struct {
 	Users     []string `xorm:"mediumtext" json:"users"`
 	Roles     []string `xorm:"mediumtext" json:"roles"`
 	Domains   []string `xorm:"mediumtext" json:"domains"`
 	IsEnabled bool     `json:"isEnabled"`
 }
@@ -88,7 +89,8 @@ func GetRole(id string) *Role {
 func UpdateRole(id string, role *Role) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
-	if getRole(owner, name) == nil {
+	oldRole := getRole(owner, name)
 	if oldRole == nil {
 		return false
 	}
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -35,6 +35,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 // NewSamlResponse
 // returns a saml2 response
 func NewSamlResponse(user *User, host string, certificate string, destination string, iss string, requestId string, redirectUri []string) (*etree.Element, error) {
 	samlResponse := &etree.Element{
@@ -113,6 +114,7 @@ func (x X509Key) GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err erro
 	return privateKey, cert, err
 }
 // IdpEntityDescriptor
 // SAML METADATA
 type IdpEntityDescriptor struct {
 	XMLName  xml.Name `xml:"EntityDescriptor"`
--- a/object/saml_sp.go
+++ b/object/saml_sp.go
@@ -44,7 +44,7 @@ func ParseSamlResponse(samlResponse string, providerType string) (string, error)
 func GenerateSamlLoginUrl(id, relayState string) (string, string, error) {
 	provider := GetProvider(id)
 	if provider.Category != "SAML" {
-		return "", "", fmt.Errorf("Provider %s's category is not SAML", provider.Name)
+		return "", "", fmt.Errorf("provider %s's category is not SAML", provider.Name)
 	}
 	sp, err := buildSp(provider, "")
 	if err != nil {
--- a/object/token.go
+++ b/object/token.go
@@ -27,14 +27,14 @@ import (
 )
 const (
-	hourSeconds            = 3600
+	hourSeconds          = 3600
-	INVALID_REQUEST        = "invalid_request"
+	InvalidRequest       = "invalid_request"
-	INVALID_CLIENT         = "invalid_client"
+	InvalidClient        = "invalid_client"
-	INVALID_GRANT          = "invalid_grant"
+	InvalidGrant         = "invalid_grant"
-	UNAUTHORIZED_CLIENT    = "unauthorized_client"
+	UnauthorizedClient   = "unauthorized_client"
-	UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type"
+	UnsupportedGrantType = "unsupported_grant_type"
-	INVALID_SCOPE          = "invalid_scope"
+	InvalidScope         = "invalid_scope"
-	ENDPOINT_ERROR         = "endpoint_error"
+	EndpointError        = "endpoint_error"
 )
 type Code struct {
@@ -200,7 +200,7 @@ func DeleteToken(token *Token) bool {
 	return affected != 0
 }
-func DeleteTokenByAceessToken(accessToken string) (bool, *Application) {
+func DeleteTokenByAccessToken(accessToken string) (bool, *Application) {
 	token := Token{AccessToken: accessToken}
 	existed, err := adapter.Engine.Get(&token)
 	if err != nil {
@@ -287,7 +287,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 		}
 	}
-	accessToken, refreshToken, err := generateJwtToken(application, user, nonce, scope, host)
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host)
 	if err != nil {
 		panic(err)
 	}
@@ -298,7 +298,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 	token := &Token{
 		Owner:         application.Owner,
-		Name:          util.GenerateId(),
+		Name:          tokenName,
 		CreatedTime:   util.GetCurrentTime(),
 		Application:   application.Name,
 		Organization:  user.Owner,
@@ -325,7 +325,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 	application := GetApplicationByClientId(clientId)
 	if application == nil {
 		return &TokenError{
-			Error:            INVALID_CLIENT,
+			Error:            InvalidClient,
 			ErrorDescription: "client_id is invalid",
 		}
 	}
@@ -334,7 +334,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 	if !IsGrantTypeValid(grantType, application.GrantTypes) && tag == "" {
 		return &TokenError{
-			Error:            UNSUPPORTED_GRANT_TYPE,
+			Error:            UnsupportedGrantType,
 			ErrorDescription: fmt.Sprintf("grant_type: %s is not supported in this application", grantType),
 		}
 	}
@@ -377,20 +377,20 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 	// check parameters
 	if grantType != "refresh_token" {
 		return &TokenError{
-			Error:            UNSUPPORTED_GRANT_TYPE,
+			Error:            UnsupportedGrantType,
 			ErrorDescription: "grant_type should be refresh_token",
 		}
 	}
 	application := GetApplicationByClientId(clientId)
 	if application == nil {
 		return &TokenError{
-			Error:            INVALID_CLIENT,
+			Error:            InvalidClient,
 			ErrorDescription: "client_id is invalid",
 		}
 	}
 	if clientSecret != "" && application.ClientSecret != clientSecret {
 		return &TokenError{
-			Error:            INVALID_CLIENT,
+			Error:            InvalidClient,
 			ErrorDescription: "client_secret is invalid",
 		}
 	}
@@ -399,7 +399,7 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 	existed, err := adapter.Engine.Get(&token)
 	if err != nil || !existed {
 		return &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "refresh token is invalid, expired or revoked",
 		}
 	}
@@ -408,7 +408,7 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 	_, err = ParseJwtToken(refreshToken, cert)
 	if err != nil {
 		return &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
 		}
 	}
@@ -416,21 +416,22 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 	user := getUser(application.Organization, token.User)
 	if user.IsForbidden {
 		return &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
 		}
 	}
-	newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope, host)
+
 	newAccessToken, newRefreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
 	if err != nil {
 		return &TokenError{
-			Error:            ENDPOINT_ERROR,
+			Error:            EndpointError,
 			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
 		}
 	}
 	newToken := &Token{
 		Owner:        application.Owner,
-		Name:         util.GenerateId(),
+		Name:         tokenName,
 		CreatedTime:  util.GetCurrentTime(),
 		Application:  application.Name,
 		Organization: user.Owner,
@@ -464,6 +465,7 @@ func pkceChallenge(verifier string) string {
 	return challenge
 }
 // IsGrantTypeValid
 // Check if grantType is allowed in the current application
 // authorization_code is allowed by default
 func IsGrantTypeValid(method string, grantTypes []string) bool {
@@ -478,11 +480,12 @@ func IsGrantTypeValid(method string, grantTypes []string) bool {
 	return false
 }
 // GetAuthorizationCodeToken
 // Authorization code flow
 func GetAuthorizationCodeToken(application *Application, clientSecret string, code string, verifier string) (*Token, *TokenError) {
 	if code == "" {
 		return nil, &TokenError{
-			Error:            INVALID_REQUEST,
+			Error:            InvalidRequest,
 			ErrorDescription: "authorization code should not be empty",
 		}
 	}
@@ -490,21 +493,21 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	token := getTokenByCode(code)
 	if token == nil {
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "authorization code is invalid",
 		}
 	}
 	if token.CodeIsUsed {
 		// anti replay attacks
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "authorization code has been used",
 		}
 	}
 	if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "verifier is invalid",
 		}
 	}
@@ -514,13 +517,13 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 		// but if it is provided, it must be accurate.
 		if token.CodeChallenge == "" {
 			return nil, &TokenError{
-				Error:            INVALID_CLIENT,
+				Error:            InvalidClient,
 				ErrorDescription: "client_secret is invalid",
 			}
 		} else {
 			if clientSecret != "" {
 				return nil, &TokenError{
-					Error:            INVALID_CLIENT,
+					Error:            InvalidClient,
 					ErrorDescription: "client_secret is invalid",
 				}
 			}
@@ -529,7 +532,7 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if application.Name != token.Application {
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "the token is for wrong application (client_id)",
 		}
 	}
@@ -537,45 +540,47 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if time.Now().Unix() > token.CodeExpireIn {
 		// code must be used within 5 minutes
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "authorization code has expired",
 		}
 	}
 	return token, nil
 }
 // GetPasswordToken
 // Resource Owner Password Credentials flow
 func GetPasswordToken(application *Application, username string, password string, scope string, host string) (*Token, *TokenError) {
 	user := getUser(application.Organization, username)
 	if user == nil {
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "the user does not exist",
 		}
 	}
 	msg := CheckPassword(user, password)
 	if msg != "" {
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "invalid username or password",
 		}
 	}
 	if user.IsForbidden {
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
 		}
 	}
-	accessToken, refreshToken, err := generateJwtToken(application, user, "", scope, host)
+
 	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
 	if err != nil {
 		return nil, &TokenError{
-			Error:            ENDPOINT_ERROR,
+			Error:            EndpointError,
 			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
 		}
 	}
 	token := &Token{
 		Owner:        application.Owner,
-		Name:         util.GenerateId(),
+		Name:         tokenName,
 		CreatedTime:  util.GetCurrentTime(),
 		Application:  application.Name,
 		Organization: user.Owner,
@@ -592,11 +597,12 @@ func GetPasswordToken(application *Application, username string, password string
 	return token, nil
 }
 // GetClientCredentialsToken
 // Client Credentials flow
 func GetClientCredentialsToken(application *Application, clientSecret string, scope string, host string) (*Token, *TokenError) {
 	if application.ClientSecret != clientSecret {
 		return nil, &TokenError{
-			Error:            INVALID_CLIENT,
+			Error:            InvalidClient,
 			ErrorDescription: "client_secret is invalid",
 		}
 	}
@@ -605,16 +611,17 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
 		Id:    application.GetId(),
 		Name:  fmt.Sprintf("app/%s", application.Name),
 	}
-	accessToken, _, err := generateJwtToken(application, nullUser, "", scope, host)
+
 	accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", scope, host)
 	if err != nil {
 		return nil, &TokenError{
-			Error:            ENDPOINT_ERROR,
+			Error:            EndpointError,
 			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
 		}
 	}
 	token := &Token{
 		Owner:        application.Owner,
-		Name:         util.GenerateId(),
+		Name:         tokenName,
 		CreatedTime:  util.GetCurrentTime(),
 		Application:  application.Name,
 		Organization: application.Organization,
@@ -630,15 +637,16 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
 	return token, nil
 }
 // GetTokenByUser
 // Implicit flow
 func GetTokenByUser(application *Application, user *User, scope string, host string) (*Token, error) {
-	accessToken, refreshToken, err := generateJwtToken(application, user, "", scope, host)
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
 	if err != nil {
 		return nil, err
 	}
 	token := &Token{
 		Owner:        application.Owner,
-		Name:         util.GenerateId(),
+		Name:         tokenName,
 		CreatedTime:  util.GetCurrentTime(),
 		Application:  application.Name,
 		Organization: user.Owner,
@@ -655,12 +663,13 @@ func GetTokenByUser(application *Application, user *User, scope string, host str
 	return token, nil
 }
 // GetWechatMiniProgramToken
 // Wechat Mini Program flow
 func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string) (*Token, *TokenError) {
 	mpProvider := GetWechatMiniProgramProvider(application)
 	if mpProvider == nil {
 		return nil, &TokenError{
-			Error:            INVALID_CLIENT,
+			Error:            InvalidClient,
 			ErrorDescription: "the application does not support wechat mini program",
 		}
 	}
@@ -669,14 +678,14 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 	session, err := mpIdp.GetSessionByCode(code)
 	if err != nil {
 		return nil, &TokenError{
-			Error:            INVALID_GRANT,
+			Error:            InvalidGrant,
 			ErrorDescription: fmt.Sprintf("get wechat mini program session error: %s", err.Error()),
 		}
 	}
 	openId, unionId := session.Openid, session.Unionid
 	if openId == "" && unionId == "" {
 		return nil, &TokenError{
-			Error:            INVALID_REQUEST,
+			Error:            InvalidRequest,
 			ErrorDescription: "the wechat mini program session is invalid",
 		}
 	}
@@ -684,7 +693,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 	if user == nil {
 		if !application.EnableSignUp {
 			return nil, &TokenError{
-				Error:            INVALID_GRANT,
+				Error:            InvalidGrant,
 				ErrorDescription: "the application does not allow to sign up new account",
 			}
 		}
@@ -703,28 +712,31 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 			Avatar:            avatar,
 			SignupApplication: application.Name,
 			WeChat:            openId,
 			WeChatUnionId:     unionId,
 			Type:              "normal-user",
 			CreatedTime:       util.GetCurrentTime(),
 			IsAdmin:           false,
 			IsGlobalAdmin:     false,
 			IsForbidden:       false,
 			IsDeleted:         false,
 			Properties: map[string]string{
 				UserPropertiesWechatOpenId:  openId,
 				UserPropertiesWechatUnionId: unionId,
 			},
 		}
 		AddUser(user)
 	}
-	accessToken, refreshToken, err := generateJwtToken(application, user, "", "", host)
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", host)
 	if err != nil {
 		return nil, &TokenError{
-			Error:            ENDPOINT_ERROR,
+			Error:            EndpointError,
 			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
 		}
 	}
 	token := &Token{
 		Owner:        application.Owner,
-		Name:         util.GenerateId(),
+		Name:         tokenName,
 		CreatedTime:  util.GetCurrentTime(),
 		Application:  application.Name,
 		Organization: user.Owner,
--- a/object/token_cas.go
+++ b/object/token_cas.go
@@ -136,6 +136,7 @@ func GenerateId() {
 	panic("unimplemented")
 }
 // GetCasTokenByPgt
 /**
@ret1: whether a token is found
@ret2: token, nil if not found
@@ -150,6 +151,7 @@ func GetCasTokenByPgt(pgt string) (bool, *CasAuthenticationSuccess, string, stri
 	return false, nil, "", ""
 }
 // GetCasTokenByTicket
 /**
@ret1: whether a token is found
@ret2: token, nil if not found
@@ -207,6 +209,7 @@ func GenerateCasToken(userId string, service string) (string, error) {
 	}
 }
 // GetValidationBySaml
 /**
@ret1: saml response
@ret2: the service URL who requested to issue this token
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -19,6 +19,7 @@ import (
 	"time"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	"github.com/golang-jwt/jwt/v4"
 )
@@ -60,7 +61,7 @@ func getShortClaims(claims Claims) ClaimsShort {
 	return res
 }
-func generateJwtToken(application *Application, user *User, nonce string, scope string, host string) (string, string, error) {
+func generateJwtToken(application *Application, user *User, nonce string, scope string, host string) (string, string, string, error) {
 	nowTime := time.Now()
 	expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)
 	refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour)
@@ -72,6 +73,9 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		originBackend = origin
 	}
 	name := util.GenerateId()
 	jti := fmt.Sprintf("%s/%s", application.Owner, name)
 	claims := Claims{
 		User:  user,
 		Nonce: nonce,
@@ -85,7 +89,7 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 			ExpiresAt: jwt.NewNumericDate(expireTime),
 			NotBefore: jwt.NewNumericDate(nowTime),
 			IssuedAt:  jwt.NewNumericDate(nowTime),
-			ID:        "",
+			ID:        jti,
 		},
 	}
@@ -110,17 +114,17 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 	// RSA private key
 	key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
 	if err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
 	token.Header["kid"] = cert.Name
 	tokenString, err := token.SignedString(key)
 	if err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
 	refreshTokenString, err := refreshToken.SignedString(key)
-	return tokenString, refreshTokenString, err
+	return tokenString, refreshTokenString, name, err
 }
 func ParseJwtToken(token string, cert *Cert) (*Claims, error) {
--- a/object/user.go
+++ b/object/user.go
@@ -24,6 +24,11 @@ import (
 	"xorm.io/core"
 )
 const (
 	UserPropertiesWechatUnionId = "wechatUnionId"
 	UserPropertiesWechatOpenId  = "wechatOpenId"
 )
 type User struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@@ -73,32 +78,31 @@ type User struct {
 	LastSigninTime string `xorm:"varchar(100)" json:"lastSigninTime"`
 	LastSigninIp   string `xorm:"varchar(100)" json:"lastSigninIp"`
-	GitHub        string `xorm:"github varchar(100)" json:"github"`
+	GitHub   string `xorm:"github varchar(100)" json:"github"`
-	Google        string `xorm:"varchar(100)" json:"google"`
+	Google   string `xorm:"varchar(100)" json:"google"`
-	QQ            string `xorm:"qq varchar(100)" json:"qq"`
+	QQ       string `xorm:"qq varchar(100)" json:"qq"`
-	WeChat        string `xorm:"wechat varchar(100)" json:"wechat"`
+	WeChat   string `xorm:"wechat varchar(100)" json:"wechat"`
-	WeChatUnionId string `xorm:"varchar(100)" json:"unionId"`
+	Facebook string `xorm:"facebook varchar(100)" json:"facebook"`
-	Facebook      string `xorm:"facebook varchar(100)" json:"facebook"`
+	DingTalk string `xorm:"dingtalk varchar(100)" json:"dingtalk"`
-	DingTalk      string `xorm:"dingtalk varchar(100)" json:"dingtalk"`
+	Weibo    string `xorm:"weibo varchar(100)" json:"weibo"`
-	Weibo         string `xorm:"weibo varchar(100)" json:"weibo"`
+	Gitee    string `xorm:"gitee varchar(100)" json:"gitee"`
-	Gitee         string `xorm:"gitee varchar(100)" json:"gitee"`
+	LinkedIn string `xorm:"linkedin varchar(100)" json:"linkedin"`
-	LinkedIn      string `xorm:"linkedin varchar(100)" json:"linkedin"`
+	Wecom    string `xorm:"wecom varchar(100)" json:"wecom"`
-	Wecom         string `xorm:"wecom varchar(100)" json:"wecom"`
+	Lark     string `xorm:"lark varchar(100)" json:"lark"`
-	Lark          string `xorm:"lark varchar(100)" json:"lark"`
+	Gitlab   string `xorm:"gitlab varchar(100)" json:"gitlab"`
-	Gitlab        string `xorm:"gitlab varchar(100)" json:"gitlab"`
+	Adfs     string `xorm:"adfs varchar(100)" json:"adfs"`
-	Adfs          string `xorm:"adfs varchar(100)" json:"adfs"`
+	Baidu    string `xorm:"baidu varchar(100)" json:"baidu"`
-	Baidu         string `xorm:"baidu varchar(100)" json:"baidu"`
+	Alipay   string `xorm:"alipay varchar(100)" json:"alipay"`
-	Alipay        string `xorm:"alipay varchar(100)" json:"alipay"`
+	Casdoor  string `xorm:"casdoor varchar(100)" json:"casdoor"`
-	Casdoor       string `xorm:"casdoor varchar(100)" json:"casdoor"`
+	Infoflow string `xorm:"infoflow varchar(100)" json:"infoflow"`
-	Infoflow      string `xorm:"infoflow varchar(100)" json:"infoflow"`
+	Apple    string `xorm:"apple varchar(100)" json:"apple"`
-	Apple         string `xorm:"apple varchar(100)" json:"apple"`
+	AzureAD  string `xorm:"azuread varchar(100)" json:"azuread"`
-	AzureAD       string `xorm:"azuread varchar(100)" json:"azuread"`
+	Slack    string `xorm:"slack varchar(100)" json:"slack"`
-	Slack         string `xorm:"slack varchar(100)" json:"slack"`
+	Steam    string `xorm:"steam varchar(100)" json:"steam"`
-	Steam         string `xorm:"steam varchar(100)" json:"steam"`
+	Bilibili string `xorm:"bilibili varchar(100)" json:"bilibili"`
-	Bilibili      string `xorm:"bilibili varchar(100)" json:"bilibili"`
+	Okta     string `xorm:"okta varchar(100)" json:"okta"`
-	Okta          string `xorm:"okta varchar(100)" json:"okta"`
+	Douyin   string `xorm:"douyin varchar(100)" json:"douyin"`
-	Douyin        string `xorm:"douyin varchar(100)" json:"douyin"`
+	Custom   string `xorm:"custom varchar(100)" json:"custom"`
 	Custom        string `xorm:"custom varchar(100)" json:"custom"`
 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
@@ -107,6 +111,9 @@ type User struct {
 	Roles       []*Role       `json:"roles"`
 	Permissions []*Permission `json:"permissions"`
 	LastSigninWrongTime string `xorm:"varchar(100)" json:"lastSigninWrongTime"`
 	SigninWrongTimes    int    `json:"signinWrongTimes"`
 }
 type Userinfo struct {
@@ -243,7 +250,7 @@ func getUserByWechatId(wechatOpenId string, wechatUnionId string) *User {
 		wechatUnionId = wechatOpenId
 	}
 	user := &User{}
-	existed, err := adapter.Engine.Where("wechat = ? OR wechat = ? OR unionid = ?", wechatOpenId, wechatUnionId, wechatUnionId).Get(user)
+	existed, err := adapter.Engine.Where("wechat = ? OR wechat = ?", wechatOpenId, wechatUnionId).Get(user)
 	if err != nil {
 		panic(err)
 	}
@@ -372,6 +379,7 @@ func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) boo
 			"owner", "display_name", "avatar",
 			"location", "address", "region", "language", "affiliation", "title", "homepage", "bio", "score", "tag", "signup_application",
 			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials",
 			"signin_wrong_times", "last_signin_wrong_time",
 		}
 	}
 	if isGlobalAdmin {
--- a/object/user_webauthn.go
+++ b/object/user_webauthn.go
@@ -50,30 +50,31 @@ func GetWebAuthnObject(host string) *webauthn.WebAuthn {
 	return webAuthn
 }
 // WebAuthnID
 // implementation of webauthn.User interface
-func (u *User) WebAuthnID() []byte {
+func (user *User) WebAuthnID() []byte {
-	return []byte(u.GetId())
+	return []byte(user.GetId())
 }
-func (u *User) WebAuthnName() string {
+func (user *User) WebAuthnName() string {
-	return u.Name
+	return user.Name
 }
-func (u *User) WebAuthnDisplayName() string {
+func (user *User) WebAuthnDisplayName() string {
-	return u.DisplayName
+	return user.DisplayName
 }
-func (u *User) WebAuthnCredentials() []webauthn.Credential {
+func (user *User) WebAuthnCredentials() []webauthn.Credential {
-	return u.WebauthnCredentials
+	return user.WebauthnCredentials
 }
-func (u *User) WebAuthnIcon() string {
+func (user *User) WebAuthnIcon() string {
-	return u.Avatar
+	return user.Avatar
 }
 // CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials
-func (u *User) CredentialExcludeList() []protocol.CredentialDescriptor {
+func (user *User) CredentialExcludeList() []protocol.CredentialDescriptor {
-	credentials := u.WebAuthnCredentials()
+	credentials := user.WebAuthnCredentials()
 	credentialExcludeList := []protocol.CredentialDescriptor{}
 	for _, cred := range credentials {
 		descriptor := protocol.CredentialDescriptor{
@@ -86,16 +87,16 @@ func (u *User) CredentialExcludeList() []protocol.CredentialDescriptor {
 	return credentialExcludeList
 }
-func (u *User) AddCredentials(credential webauthn.Credential, isGlobalAdmin bool) bool {
+func (user *User) AddCredentials(credential webauthn.Credential, isGlobalAdmin bool) bool {
-	u.WebauthnCredentials = append(u.WebauthnCredentials, credential)
+	user.WebauthnCredentials = append(user.WebauthnCredentials, credential)
-	return UpdateUser(u.GetId(), u, []string{"webauthnCredentials"}, isGlobalAdmin)
+	return UpdateUser(user.GetId(), user, []string{"webauthnCredentials"}, isGlobalAdmin)
 }
-func (u *User) DeleteCredentials(credentialIdBase64 string) bool {
+func (user *User) DeleteCredentials(credentialIdBase64 string) bool {
-	for i, credential := range u.WebauthnCredentials {
+	for i, credential := range user.WebauthnCredentials {
 		if base64.StdEncoding.EncodeToString(credential.ID) == credentialIdBase64 {
-			u.WebauthnCredentials = append(u.WebauthnCredentials[0:i], u.WebauthnCredentials[i+1:]...)
+			user.WebauthnCredentials = append(user.WebauthnCredentials[0:i], user.WebauthnCredentials[i+1:]...)
-			return UpdateUserForAllFields(u.GetId(), u)
+			return UpdateUserForAllFields(user.GetId(), user)
 		}
 	}
 	return false
--- a/object/verification.go
+++ b/object/verification.go
@@ -42,7 +42,7 @@ type VerificationRecord struct {
 func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
 	if provider == nil {
-		return fmt.Errorf("Please set an Email provider first")
+		return fmt.Errorf("please set an Email provider first")
 	}
 	sender := organization.DisplayName
@@ -60,7 +60,7 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
 	if provider == nil {
-		return errors.New("Please set a SMS provider first")
+		return errors.New("please set a SMS provider first")
 	}
 	code := getRandomCode(5)
@@ -85,7 +85,7 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 	now := time.Now().Unix()
 	if has && now-record.Time < 60 {
-		return errors.New("You can only send one code in 60s.")
+		return errors.New("you can only send one code in 60s")
 	}
 	record.Owner = provider.Owner
--- a/pp/gc.go
+++ b/pp/gc.go
@@ -20,7 +20,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
@@ -147,7 +146,7 @@ func (pp *GcPaymentProvider) doPost(postBytes []byte) ([]byte, error) {
 		}
 	}(resp.Body)
-	respBytes, err := ioutil.ReadAll(resp.Body)
+	respBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/routers/router.go
+++ b/routers/router.go
@@ -78,6 +78,7 @@ func initAPI() {
 	beego.Router("/api/delete-role", &controllers.ApiController{}, "POST:DeleteRole")
 	beego.Router("/api/get-permissions", &controllers.ApiController{}, "GET:GetPermissions")
 	beego.Router("/api/get-permissions-by-submitter", &controllers.ApiController{}, "GET:GetPermissionsBySubmitter")
 	beego.Router("/api/get-permission", &controllers.ApiController{}, "GET:GetPermission")
 	beego.Router("/api/update-permission", &controllers.ApiController{}, "POST:UpdatePermission")
 	beego.Router("/api/add-permission", &controllers.ApiController{}, "POST:AddPermission")
@@ -201,4 +202,7 @@ func initAPI() {
 	beego.Router("/api/webauthn/signup/finish", &controllers.ApiController{}, "Post:WebAuthnSignupFinish")
 	beego.Router("/api/webauthn/signin/begin", &controllers.ApiController{}, "Get:WebAuthnSigninBegin")
 	beego.Router("/api/webauthn/signin/finish", &controllers.ApiController{}, "Post:WebAuthnSigninFinish")
 	beego.Router("/api/get-system-info", &controllers.ApiController{}, "GET:GetSystemInfo")
 	beego.Router("/api/get-release", &controllers.ApiController{}, "GET:GitRepoVersion")
 }
--- a/storage/minio_s3.go
+++ b/storage/minio_s3.go
@@ -0,0 +1,36 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package storage
 import (
 	awss3 "github.com/aws/aws-sdk-go/service/s3"
 	"github.com/casdoor/oss"
 	"github.com/casdoor/oss/s3"
 )
 func NewMinIOS3StorageProvider(clientId string, clientSecret string, region string, bucket string, endpoint string) oss.StorageInterface {
 	sp := s3.New(&s3.Config{
 		AccessID:         clientId,
 		AccessKey:        clientSecret,
 		Region:           region,
 		Bucket:           bucket,
 		Endpoint:         endpoint,
 		S3Endpoint:       endpoint,
 		ACL:              awss3.BucketCannedACLPublicRead,
 		S3ForcePathStyle: true,
 	})
 	return sp
 }
--- a/storage/storage.go
+++ b/storage/storage.go
@@ -22,6 +22,8 @@ func GetStorageProvider(providerType string, clientId string, clientSecret strin
 		return NewLocalFileSystemStorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "AWS S3":
 		return NewAwsS3StorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "MinIO":
 		return NewMinIOS3StorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "Aliyun OSS":
 		return NewAliyunOssStorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "Tencent Cloud COS":
--- a/util/string.go
+++ b/util/string.go
@@ -20,7 +20,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -168,7 +168,7 @@ func GetMinLenStr(strs ...string) string {
 }
 func ReadStringFromPath(path string) string {
-	data, err := ioutil.ReadFile(path)
+	data, err := os.ReadFile(path)
 	if err != nil {
 		panic(err)
 	}
@@ -177,7 +177,7 @@ func ReadStringFromPath(path string) string {
 }
 func WriteStringToPath(s string, path string) {
-	err := ioutil.WriteFile(path, []byte(s), 0o644)
+	err := os.WriteFile(path, []byte(s), 0o644)
 	if err != nil {
 		panic(err)
 	}
--- a/util/system.go
+++ b/util/system.go
@@ -0,0 +1,78 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package util
 import (
 	"io/ioutil"
 	"os"
 	"runtime"
 	"strings"
 	"time"
 	"github.com/shirou/gopsutil/cpu"
 	"github.com/shirou/gopsutil/mem"
 )
 // get cpu usage
 func GetCpuUsage() ([]float64, error) {
 	usage, err := cpu.Percent(time.Second, true)
 	return usage, err
 }
 var fileDate, version string
 // get memory usage
 func GetMemoryUsage() (uint64, uint64, error) {
 	virtualMem, err := mem.VirtualMemory()
 	if err != nil {
 		return 0, 0, err
 	}
 	var m runtime.MemStats
 	runtime.ReadMemStats(&m)
 	return m.TotalAlloc, virtualMem.Total, nil
 }
 // get github repo release version
 func GetGitRepoVersion() (string, error) {
 	pwd, err := os.Getwd()
 	if err != nil {
 		return "", err
 	}
 	fileInfos, err := ioutil.ReadDir(pwd + "/.git/refs/heads")
 	for _, v := range fileInfos {
 		if v.Name() == "master" {
 			if v.ModTime().String() == fileDate {
 				return version, nil
 			} else {
 				fileDate = v.ModTime().String()
 				break
 			}
 		}
 	}
 	content, err := ioutil.ReadFile(pwd + "/.git/refs/heads/master")
 	if err != nil {
 		return "", err
 	}
 	// Convert to full length
 	temp := string(content)
 	version = strings.ReplaceAll(temp, "\n", "")
 	return version, nil
 }
--- a/util/sysytem_test.go
+++ b/util/sysytem_test.go
@@ -0,0 +1,33 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package util
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestGetCpuUsage(t *testing.T) {
 	usage, err := GetCpuUsage()
 	assert.Nil(t, err)
 	t.Log(usage)
 }
 func TestGetMemoryUsage(t *testing.T) {
 	used, total, err := GetMemoryUsage()
 	assert.Nil(t, err)
 	t.Log(used, total)
 }
--- a/web/.env
+++ b/web/.env
@@ -1 +0,0 @@
 PUBLIC_URL=.
--- a/web/.eslintrc
+++ b/web/.eslintrc
@@ -20,7 +20,6 @@
  "plugins": ["unused-imports"],
  "extends": ["eslint:recommended", "plugin:react/recommended"],
  "rules": {
    // "eqeqeq": "error",
    "semi": ["error", "always"],
    "indent": ["error", 2],
    // follow antd's style guide
@@ -42,7 +41,13 @@
    "space-before-function-paren": ["error", "never"],
    "no-trailing-spaces": ["error", { "ignoreComments": true }],
    "eol-last": ["error", "always"],
-    // "no-var": ["error"],
+    "no-var": ["error"],
    "prefer-const": [
      "error",
      {
        "destructuring": "all"
      }
    ],
    "curly": ["error", "all"],
    "brace-style": ["error", "1tbs", { "allowSingleLine": true }],
    "no-mixed-spaces-and-tabs": "error",
@@ -81,15 +86,15 @@
        "argsIgnorePattern": "^_"
      }
    ],
    "no-unused-vars": "off",
    "react/no-deprecated": "error",
    "react/jsx-key": "error",
    "no-console": "error",
    "eqeqeq": "error",
    "react/prop-types": "off",
    "react/display-name": "off",
    "react/react-in-jsx-scope": "off",
-
+    "no-case-declarations": "off"
    // don't use strict mod now, otherwise there are a lot of errors in the codebase
    "no-unused-vars": "off",
    "react/no-deprecated": "warn",
    "no-case-declarations": "warn",
    "react/jsx-key": "warn"
  }
 }
--- a/web/package.json
+++ b/web/package.json
@@ -63,6 +63,18 @@
  "devDependencies": {
    "cross-env": "^7.0.3",
    "eslint": "^7.11.0",
-    "eslint-plugin-react": "^7.30.1"
+    "eslint-plugin-react": "^7.30.1",
    "husky": "^4.3.8",
    "lint-staged": "^13.0.3"
  },
  "lint-staged": {
    "src/**/*.{js,jsx,css,sass,ts,tsx}": [
      "yarn fix"
    ]
  },
  "husky": {
    "hooks": {
      "pre-commit": "lint-staged"
    }
  }
 }
--- a/web/src/AccountTable.js
+++ b/web/src/AccountTable.js
@@ -38,7 +38,7 @@ class AccountTable extends React.Component {
  }
  addRow(table) {
-    let row = {name: Setting.getNewRowNameForTable(table, "Please select an account item"), visible: true, viewRule: "Public", modifyRule: "Self"};
+    const row = {name: Setting.getNewRowNameForTable(table, "Please select an account item"), visible: true, viewRule: "Public", modifyRule: "Self"};
    if (table === undefined) {
      table = [];
    }
@@ -141,7 +141,7 @@ class AccountTable extends React.Component {
            return null;
          }
-          let options = [
+          const options = [
            {id: "Public", name: "Public"},
            {id: "Self", name: "Self"},
            {id: "Admin", name: "Admin"},
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -71,6 +71,7 @@ import SamlCallback from "./auth/SamlCallback";
 import CasLogout from "./auth/CasLogout";
 import ModelListPage from "./ModelListPage";
 import ModelEditPage from "./ModelEditPage";
 import SystemInfo from "./SystemInfo";
 const {Header, Footer} = Layout;
@@ -148,6 +149,8 @@ class App extends Component {
      this.setState({selectedMenuKey: "/login"});
    } else if (uri.includes("/result")) {
      this.setState({selectedMenuKey: "/result"});
    } else if (uri.includes("/sysinfo")) {
      this.setState({selectedMenuKey: "/sysinfo"});
    } else {
      this.setState({selectedMenuKey: -1});
    }
@@ -182,7 +185,7 @@ class App extends Component {
  }
  setLanguage(account) {
-    let language = account?.language;
+    const language = account?.language;
    if (language !== "" && language !== i18next.language) {
      Setting.setLanguage(language);
    }
@@ -242,7 +245,7 @@ class App extends Component {
          });
          Setting.showMessage("success", "Logged out successfully");
-          let redirectUri = res.data2;
+          const redirectUri = res.data2;
          if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
            Setting.goToLink(redirectUri);
          } else if (owner !== "built-in") {
@@ -322,7 +325,7 @@ class App extends Component {
  }
  renderAccount() {
-    let res = [];
+    const res = [];
    if (this.state.account === undefined) {
      return null;
@@ -349,7 +352,7 @@ class App extends Component {
  }
  renderMenu() {
-    let res = [];
+    const res = [];
    if (this.state.account === null || this.state.account === undefined) {
      return [];
@@ -385,13 +388,17 @@ class App extends Component {
          </Link>
        </Menu.Item>
      );
-      res.push(
+    }
-        <Menu.Item key="/permissions">
+
-          <Link to="/permissions">
+    res.push(
-            {i18next.t("general:Permissions")}
+      <Menu.Item key="/permissions">
-          </Link>
+        <Link to="/permissions">
-        </Menu.Item>
+          {i18next.t("general:Permissions")}
-      );
+        </Link>
      </Menu.Item>
    );
    if (Setting.isAdminUser(this.state.account)) {
      res.push(
        <Menu.Item key="/models">
          <Link to="/models">
@@ -474,8 +481,14 @@ class App extends Component {
            </Link>
          </Menu.Item>
        );
        res.push(
          <Menu.Item key="/sysinfo">
            <Link to="/sysinfo">
              {i18next.t("general:SysInfo")}
            </Link>
          </Menu.Item>
        );
      }
      res.push(
        <Menu.Item key="/swagger">
          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
@@ -556,6 +569,7 @@ class App extends Component {
          <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
          <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
          <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
          <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
            extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
        </Switch>
@@ -669,26 +683,29 @@ class App extends Component {
    if (this.isDoorPages()) {
      return (
        <div style={{position: "relative", minHeight: "100vh"}}>
-          <Switch>
+          <div id="content-wrap" style={{flexDirection: "column"}}>
-            <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} />)} />
+            <Switch>
-            <Route exact path="/signup/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />)} />
+              <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} />)} />
-            <Route exact path="/login" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
+              <Route exact path="/signup/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />)} />
-            <Route exact path="/login/:owner" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
+              <Route exact path="/login" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
-            <Route exact path="/auto-signup/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signup"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+              <Route exact path="/login/:owner" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
-            <Route exact path="/signup/oauth/authorize" render={(props) => <SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+              <Route exact path="/auto-signup/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signup"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-            <Route exact path="/login/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+              <Route exact path="/signup/oauth/authorize" render={(props) => <SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-            <Route exact path="/login/saml/authorize/:owner/:applicationName" render={(props) => <LoginPage account={this.state.account} type={"saml"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+              <Route exact path="/login/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-            <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout clearAccount={() => this.setState({account: null})} {...props} />)} />
+              <Route exact path="/login/saml/authorize/:owner/:applicationName" render={(props) => <LoginPage account={this.state.account} type={"saml"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-            <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage type={"cas"} mode={"signup"} account={this.state.account} {...props} />);}} />
+              <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout clearAccount={() => this.setState({account: null})} {...props} />)} />
-            <Route exact path="/callback" component={AuthCallback} />
+              <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage type={"cas"} mode={"signup"} account={this.state.account} {...props} />);}} />
-            <Route exact path="/callback/saml" component={SamlCallback} />
+              <Route exact path="/callback" component={AuthCallback} />
-            <Route exact path="/forget" render={(props) => this.renderHomeIfLoggedIn(<SelfForgetPage {...props} />)} />
+              <Route exact path="/callback/saml" component={SamlCallback} />
-            <Route exact path="/forget/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ForgetPage {...props} />)} />
+              <Route exact path="/forget" render={(props) => this.renderHomeIfLoggedIn(<SelfForgetPage {...props} />)} />
-            <Route exact path="/prompt" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} {...props} />)} />
+              <Route exact path="/forget/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ForgetPage {...props} />)} />
-            <Route exact path="/prompt/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} {...props} />)} />
+              <Route exact path="/prompt" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} {...props} />)} />
-            <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
+              <Route exact path="/prompt/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} {...props} />)} />
-              extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
+              <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo {...props} />)} />
-          </Switch>
+              <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
                extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
            </Switch>
          </div>
          {
            this.renderFooter()
          }
--- a/web/src/App.less
+++ b/web/src/App.less
@@ -1,5 +1,7 @@
@import '~antd/dist/antd.less';
@StaticBaseUrl:"https://cdn.casbin.org";
 .App {
  text-align: center;
 }
@@ -46,7 +48,7 @@
 }
 .language_box {
-  background: url("https://cdn.casbin.org/img/muti_language.svg");
+  background: url("@{StaticBaseUrl}/img/muti_language.svg");
  background-size: 25px, 25px;
  background-position: center;
  background-repeat: no-repeat;
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -120,7 +120,7 @@ class ApplicationEditPage extends React.Component {
  updateApplicationField(key, value) {
    value = this.parseApplicationField(key, value);
-    let application = this.state.application;
+    const application = this.state.application;
    application[key] = value;
    this.setState({
      application: application,
@@ -566,8 +566,8 @@ class ApplicationEditPage extends React.Component {
  renderSignupSigninPreview() {
    let signUpUrl = `/signup/${this.state.application.name}`;
-    let signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${this.state.application.redirectUris[0]}&scope=read&state=casdoor`;
+    const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${this.state.application.redirectUris[0]}&scope=read&state=casdoor`;
-    let maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
+    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
    if (!this.state.application.enablePassword) {
      signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");
    }
@@ -613,8 +613,8 @@ class ApplicationEditPage extends React.Component {
  }
  renderPromptPreview() {
-    let promptUrl = `/prompt/${this.state.application.name}`;
+    const promptUrl = `/prompt/${this.state.application.name}`;
-    let maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
+    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
    return (
      <Col span={11}>
        <Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
@@ -634,7 +634,7 @@ class ApplicationEditPage extends React.Component {
  }
  submitApplicationEdit(willExist) {
-    let application = Setting.deepCopy(this.state.application);
+    const application = Setting.deepCopy(this.state.application);
    ApplicationBackend.updateApplication(this.state.application.owner, this.state.applicationName, application)
      .then((res) => {
        if (res.msg === "") {
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@@ -30,7 +30,7 @@ class ApplicationListPage extends BaseListPage {
      name: `application_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Application - ${randomName}`,
-      logo: "https://cdn.casdoor.com/logo/casdoor-logo_1185x256.png",
+      logo: `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`,
      enablePassword: true,
      enableSignUp: true,
      enableSigninSession: false,
@@ -250,8 +250,8 @@ class ApplicationListPage extends BaseListPage {
  }
  fetch = (params = {}) => {
-    let field = params.searchedColumn, value = params.searchText;
+    const field = params.searchedColumn, value = params.searchText;
-    let sortField = params.sortField, sortOrder = params.sortOrder;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
    ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@@ -57,7 +57,7 @@ class CertEditPage extends React.Component {
  updateCertField(key, value) {
    value = this.parseCertField(key, value);
-    let cert = this.state.cert;
+    const cert = this.state.cert;
    cert[key] = value;
    this.setState({
      cert: cert,
@@ -214,7 +214,7 @@ class CertEditPage extends React.Component {
  }
  submitCertEdit(willExist) {
-    let cert = Setting.deepCopy(this.state.cert);
+    const cert = Setting.deepCopy(this.state.cert);
    CertBackend.updateCert(this.state.cert.owner, this.state.certName, cert)
      .then((res) => {
        if (res.msg === "") {
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@@ -198,7 +198,7 @@ class CertListPage extends BaseListPage {
  fetch = (params = {}) => {
    let field = params.searchedColumn, value = params.searchText;
-    let sortField = params.sortField, sortOrder = params.sortOrder;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
    if (params.category !== undefined && params.category !== null) {
      field = "category";
      value = params.category;
--- a/web/src/CropperDiv.js
+++ b/web/src/CropperDiv.js
@@ -81,7 +81,6 @@ export const CropperDiv = (props) => {
  };
  const handleCancel = () => {
    console.log("Clicked cancel button");
    setVisible(false);
  };
@@ -103,7 +102,7 @@ export const CropperDiv = (props) => {
        onCancel={handleCancel}
        width={600}
        footer={
-          [<Button block type="primary" onClick={handleOk}>{i18next.t("user:Set new profile picture")}</Button>]
+          [<Button block key="submit" type="primary" onClick={handleOk}>{i18next.t("user:Set new profile picture")}</Button>]
        }
      >
        <Col style={{margin: "0px auto 40px auto", width: 1000, height: 300}}>
--- a/web/src/LdapSyncPage.js
+++ b/web/src/LdapSyncPage.js
@@ -35,7 +35,7 @@ class LdapSyncPage extends React.Component {
  }
  syncUsers() {
-    let selectedUsers = this.state.selectedUsers;
+    const selectedUsers = this.state.selectedUsers;
    if (selectedUsers === null || selectedUsers.length === 0) {
      Setting.showMessage("error", "Please select al least 1 user first");
      return;
@@ -44,10 +44,10 @@ class LdapSyncPage extends React.Component {
    LdapBackend.syncUsers(this.state.ldap.owner, this.state.ldap.id, selectedUsers)
      .then((res => {
        if (res.status === "ok") {
-          let exist = res.data.exist;
+          const exist = res.data.exist;
-          let failed = res.data.failed;
+          const failed = res.data.failed;
-          let existUser = [];
+          const existUser = [];
-          let failedUser = [];
+          const failedUser = [];
          if ((!exist || exist.length === 0) && (!failed || failed.length === 0)) {
            Setting.goToLink(`/organizations/${this.state.ldap.owner}/users`);
@@ -103,7 +103,7 @@ class LdapSyncPage extends React.Component {
  }
  getExistUsers(owner, users) {
-    let uuidArray = [];
+    const uuidArray = [];
    users.forEach(elem => {
      uuidArray.push(elem.uuid);
    });
@@ -119,11 +119,11 @@ class LdapSyncPage extends React.Component {
  }
  buildValArray(data, key) {
-    let valTypesArray = [];
+    const valTypesArray = [];
    if (data !== null && data.length > 0) {
      data.forEach(elem => {
-        let val = elem[key];
+        const val = elem[key];
        if (!valTypesArray.includes(val)) {
          valTypesArray.push(val);
        }
@@ -133,10 +133,10 @@ class LdapSyncPage extends React.Component {
  }
  buildFilter(data, key) {
-    let filterArray = [];
+    const filterArray = [];
    if (data !== null && data.length > 0) {
-      let valArray = this.buildValArray(data, key);
+      const valArray = this.buildValArray(data, key);
      valArray.forEach(elem => {
        filterArray.push({
          text: elem,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
q1anx1	c50042c85a	feat: fix the go.sum error (#1040 )	2022-08-20 22:04:37 +08:00
q1anx1	ef4c3833a4	feat: add system info page (#1033 ) * feat: add system info page * feat: add some code * fix	2022-08-20 21:22:46 +08:00
疯魔慕薇	67a5adf585	feat: replace panic with details json error payload. (#1039 ) Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>	2022-08-20 21:09:32 +08:00
疯魔慕薇	08a1e7ae32	fix: keep phone/email unique. (#1038 ) Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>	2022-08-20 12:14:08 +08:00
Fernando López Guevara	7d979cbaf0	feat(storage): add support for min.io storage (#1037 ) * feat(storage): add support for min.io storage * fix(minio): use doublequote * fix(storage): change storage name to MinIO	2022-08-20 11:30:13 +08:00
Yixiang Zhao	80c0940e30	feat: initialize the default permission (#1029 ) Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>	2022-08-19 11:59:35 +08:00
Gucheng Wang	a4fe2a6485	Add check for submitPermissionEdit()	2022-08-19 01:52:29 +08:00
Yixiang Zhao	8e9ed1205b	feat: support RBAC with domains model and add adapter to specify the table name for policy storage (#1020 ) * feat: support RBAC with domains model and add adapter to specify the table name for policy storage Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * fix some bugs Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * add i18n Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>	2022-08-18 11:49:32 +08:00
Yixiang Zhao	a341c65bb1	fix: third-party user may login to the built-in organization (#1024 ) Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>	2022-08-17 23:18:38 +08:00
疯魔慕薇	91fa024f0b	feat: Mock SMS (#1009 ) 1. Update go-sms-sender to v0.3.0. 2. Fix: avoid page crash if not found provider info. Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>	2022-08-17 22:02:45 +08:00
q1anx1	aedef1eea1	feat(login): add login limit (#1023 ) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position	2022-08-17 01:39:53 +08:00
Mikey	70f2988f09	feat: revert to the original behavior for wrapActionResponse() (#1021 ) Revert: `340fbe135d` see: https://github.com/casdoor/casdoor-go-sdk/pull/36.	2022-08-16 00:20:37 +08:00
疯魔慕薇	2dcdfbe6d3	fix: error login logic of mobile phone login (#1017 ) * fix: #1016 1. Limit username cannot be digital. 2. Check avoid repeat register with same phone or email. Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> * Update check.go Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> Co-authored-by: Yang Luo <hsluoyz@qq.com>	2022-08-16 00:14:26 +08:00
Gucheng Wang	c92d34e27c	Add GetPermissionsBySubmitter()	2022-08-15 14:09:12 +08:00
Yixiang Zhao	dfbf7753c3	feat: support RBAC model in permission (#1006 ) Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>	2022-08-15 10:24:26 +08:00
leoshine	ba732b3075	feat: use staticBaseUrl for all static resources (#1015 ) * feat: modify system image link * Update App.less Co-authored-by: Yang Luo <hsluoyz@qq.com>	2022-08-15 09:18:21 +08:00
q1anx1	ca13247572	chore(style): use `eqeqeq` (#1013 )	2022-08-13 11:23:16 +08:00
q1anx1	108fdc174f	chore(ci): add linter the check go code style (#991 ) * feat(ci): auto format go code * fix: fix #997 * chore(ci): add go code style linter * fix: fix cmd error * chore: add `linter` of needs * chore: modiy commnet style	2022-08-13 10:57:13 +08:00
q1anx1	a741c5179a	chore(style): modify eslint rules (#1011 ) * chore(style): use strict rules * chore: modify position * chore(style): warn about `console.log` and `==` * fix: fix `console.log` error * Update CropperDiv.js * Update HomePage.js Co-authored-by: Yang Luo <hsluoyz@qq.com>	2022-08-13 00:04:18 +08:00
Ryao	6676cc8ff3	fix: add JTI name to JWT token (#989 ) * feat: add jti to jwt * fix * fix	2022-08-11 14:32:47 +08:00
q1anx1	13de019d08	chore(ci): use cache to accelerate ci (#1004 ) * chore(ci): use cache to accelerate ci * chore: comment	2022-08-11 10:20:53 +08:00
Bingchang Chen	53ad454962	feat: responsive footer (#1003 )	2022-08-10 20:31:42 +08:00
leoshine	fb203a6f30	feat: delete .env to fix static file path bug (#999 )	2022-08-10 12:22:27 +08:00
Gucheng Wang	f716a0985f	Add disableSsl to provider.	2022-08-09 23:38:35 +08:00
Gucheng Wang	340fbe135d	Fix error in wrapActionResponse()	2022-08-09 23:34:07 +08:00
Mikey	79119760f2	style: golint (#988 )	2022-08-09 16:50:49 +08:00
jakiuncle	4dd67a8dcb	fix: fix all frontend warnings (#983 ) * fix:fix all frontend warnings * fix:fix all frontend warnings * fix:fix all frontend warnings * fix:fix all frontend warnings * fix:fix all frontend warnings * fix:fix all frontend warnings	2022-08-09 12:19:56 +08:00
q1anx1	deed857788	chore(style): allow case declarations and ban `var` (#987 ) * chore(style): allow case declarations * chore(style): ban `var` and prefer `const`	2022-08-08 23:35:24 +08:00
Mikey	802995ed16	refactor: remove WeChat unionId to properties (#985 )	2022-08-08 18:43:12 +08:00
q1anx1	b14554a5ba	feat(web): check style when commit (#980 ) feat(web): check style when commit	2022-08-08 00:10:31 +08:00
Gucheng Wang	4665ffa759	Update i18n data	2022-08-08 00:02:47 +08:00
Gucheng Wang	f914e8e929	Add permission_enforcer.go	2022-08-07 23:57:06 +08:00